OWASP O2 Platform Blog

Scripting “O2 Tool – AST Search” to find Null references (.NET Static Analysis)

This script will show how to use the control that builds up the O2 Tool – Search AST to perform a custom search for all variables that are assigned the value of ‘null’

Here is the execution result

And here is the source code:

var topPanel = O2Gui.open<Panel>("Custom filtering of 'Search AST' tool",700,400);
//var topPanel = panel.clear().add_Panel();
var ascxSearchAst = topPanel.add_Control<ascx_SearchAST>();

var sourceCodeFolder = @"C:\O2\Demos\HacmeBank\HacmeBank_v2.0 (7 Dec 08)\HacmeBank_v2_WS";

//Load ASTs from files (use cache data if available)
var astData = (O2MappedAstData)O2LiveObjects.get(sourceCodeFolder);
if (astData.isNull())
{
"loading AstData from: {0}".info(sourceCodeFolder);
astData = new O2MappedAstData();
astData.loadFiles(sourceCodeFolder.files(true,"*.cs","*.vb"));
O2LiveObjects.set(sourceCodeFolder,astData);
}
ascxSearchAst.buildGui(astData);


//Example #1
/*
ascxSearchAst.setINodeFilter("Attribute");
ascxSearchAst.setSearchOnSelectedINode("WebMethod");
*/
//Example #2

ascxSearchAst.setINodeFilter("Primitive");
ascxSearchAst.setSearchOnSelectedINode("Null");
//Example #3
/*
ascxSearchAst.setSearchOnAlINodes("password");
*/

return "ok";
//O2File:ascx_SearchAST.cs
//using O2.XRules.Database.Languages_and_Frameworks.DotNet
//O2Ref:O2_API_AST.dll
//using O2.API.AST.CSharp;

April 10, 2011 - Posted by | .NET, .NET SAST

1 Comment »

  1. […] Scripting “O2 Tool – AST Search” to find Null references (.NET Static Analysis) […]

    Pingback by Script to fetch and present large number of Wordpress.com blog entries « O2Platform.com for Developers | April 16, 2011 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: