Creating a Pink version of IBM Rational AppScan Standard
Once you have an O2 script inside AppScan Standard what can you do with it?
(see Injecting O2 into IBM Rational AppScan Standard for details on how it was done)
Well, what about creating a pink version of AppScan (for the female users out there)?
How was this done?
It is actually very easy. Since the O2 Script editor is running under the same process as AppScan Standard, and there is a reference passed into the script envionment with the main GUI (the variable is called MainForm), all we need to do a recursive search for all Windows Controls and change its background color:
foreach(var controls in MainForm.controls(true))
controls.backColor(Color.Pink);
MainForm.set_Text("AppScan Standard - in Pink");
return MainForm;
//O2Ref:appscan.exe
Over the next weeks I will post more examples on what can be done with these capabilities (namely the ability to add the artifacts that O2 is able to create/consume from other tools or from the target application’s Source Code)
Meanwhile, to help with your first scripts inside AppScan standard, here are a number of code samples that I captured during the development of these scripts:
Get AppScan.Exe assembly object (before AppScan starts)
return "AppScan.exe".assembly()
… get its types
return "AppScan.exe".assembly().types();
… get the MainForm class:
return "AppScan.exe".assembly()
.type("MainForm");
… get MainForm class methods:
return "AppScan.exe".assembly()
.type("MainForm")
.methods();
… get the Main method
return "AppScan.exe".assembly()
.type("MainForm")
.method("Main");
… invoke the Main method in an STA Thread
O2Thread.staThread(
()=>{
"AppScan.exe".assembly()
.type("MainForm")
.method("Main").invoke(new object[] {new string[] {} }) ;
});
Getting a refrence to the main window and changing its title (after AppScan starts and inside the AppScan process)
var appScan = "".lastFormLoaded();
appScan.set_Text("O2 version of IBM AppScan - in Pink");
…getting the top level controls:
return appScan.controls();
…getting the list of all GUI controls
return appScan.controls(true);
… getting all treeviews
return appScan.controls<TreeView>(true);
Adding a test node to all treeviews
var treeViews = appScan.controls<TreeView>(true);
foreach(var treeview in treeViews)
treeview.add_Node("Hello from O2");
return treeViews;
Grabbing a reference to the top Level menu and creating an O2 Menu
var menuStrip = appScan.controls<MenuStrip>();
var o2Menu = menuStrip.add_MenuItem("O2");
Adding a menu item that opens up an O2 Log Viewer
var appScan = "".applicationWinForms()[2];
var menuStrip = appScan.controls<MenuStrip>();
var o2Menu = menuStrip.add_MenuItem("O2");
o2Menu.add_MenuItem("O2 Log Viewer", ()=> "O2 Log Viewer".popupWindow(450,200).add_LogViewer() );
Add menu item that opens up a script editor
var appScan = "".applicationWinForms()[3];
Action<Panel> showO2ScriptEditor =
(targetPanel)=> {
var scriptEditor = targetPanel.add_Script(false) ;
scriptEditor.InvocationParameters.add("MainForm", appScan);
scriptEditor.Code = "return MainForm;".line() +
"\\O2Ref:appscan.exe";
};
var menuStrip = appScan.controls<MenuStrip>();
var o2Menu = menuStrip.add_MenuItem("O2");
o2Menu.add_MenuItem("O2 Log Viewer", ()=> "O2 Log Viewer".popupWindow(450,200).add_LogViewer() );
o2Menu.add_MenuItem("O2 Script Editor", ()=> showO2ScriptEditor("O2 Script Editor".popupWindow(650,300)) );
Injecting O2 into IBM Rational AppScan Standard
If you use AppScan Standard (the BlackBox tool) and want to use O2 to script its GUI or scans, here is a new O2 script that will start AppScan Standard under the same process as O2.
Once the main AppScan gui is loaded this script will add a new O2 Menu and inject an O2 Script editor.
You can find the script that automates the process in your local folder C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\IBM\AppScan_Standard:
The script you want to execute is the Util – Launch AppScan Standard (O2 version).h2 which will
- Copy all required files (O2 dlls and AppScan_Standard_1st_Script.cs Script) to the AppScan Folder.
- Compile the AppScan_Standard_O2_Launcher.cs script into AppScan_Standard_O2_Launcher.exe and copy it to AppScan folder
- In the AppScan folder: execute and compile AppScan_Standard_O2_Launcher.exe
- The AppScan_Standard_O2_Launcher.exe will compile the AppScan_Standard_1st_Script.cs and execute it
- the AppScan_Standard_1st_Script.cs script will:
- open an O2 Log Viewer (so that you get a feel for what is happening),
- launch AppScan (by using reflection to open the MainForm Form control),
- wait for the main AppScan gui to load, and when it does:
- compile and execute the In AppScan – Create O2 Gui.h2 script
- The In AppScan – Create O2 Gui.h2 script is the one that adds a new menu item and injects a O2 Script editor into the main AppScanGui.
The Util – Launch AppScan Standard (O2 version).h2 has an editor for all these scripts, but by default this is disabled (see NUnit example for details). The default behaviour of Util – Launch AppScan Standard (O2 version).h2 (when double-clicked from windows explorer) is to execute the above steps in sequence. And if all goes according to plan, you will see the following ‘AppScan Standard – O2 Version’ GUI:
… note the extra O2 Menu and the O2 Scripting Environment….
For reference, here is what it looks like while AppScan Standard is loading up (the cmd.exe window was created by AppScan_Standard_O2_Launcher.exe and the LogViewer shows the wait for the main AppScan GUI to load up)
These series of scripts are heavily based on the ones previously used and documented in the Injecting O2 into another .NET Process (in this case NUnit.exe) script (see that blog post for more technical details about how this works).
About
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)
Download
Windows ClickOnce Installer:
Mailing List
The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)
OWASP O2 Platform Blog 