OWASP O2 Platform Blog

Creating a Pink version of IBM Rational AppScan Standard

Once you have an O2 script inside AppScan Standard what can you do with it?

(see Injecting O2 into IBM Rational AppScan Standard for details on how it was done)

Well, what about creating a pink version of AppScan (for the female users out there)?

How was this done?

It is actually very easy. Since the O2 Script editor is running under the same process as AppScan Standard, and there is a reference passed into the script envionment with the main GUI (the variable is called MainForm), all we need to do a recursive search for all Windows Controls and change its background color:

foreach(var controls in MainForm.controls(true))
    controls.backColor(Color.Pink);
MainForm.set_Text("AppScan Standard - in Pink");
return MainForm;
//O2Ref:appscan.exe

Over the next weeks I will post more examples on what can be done with these capabilities (namely the ability to add the artifacts that O2 is able to create/consume from other tools or from the target application’s Source Code)

Meanwhile, to help with your first scripts inside AppScan standard, here are a number of code samples that I captured during the development of these scripts:

Get AppScan.Exe assembly object (before AppScan starts)

return "AppScan.exe".assembly()

… get its types

return "AppScan.exe".assembly().types();

… get the MainForm class:

return "AppScan.exe".assembly()
                    .type("MainForm");

… get MainForm class methods:

return "AppScan.exe".assembly()
                    .type("MainForm")
                    .methods();

… get the Main method

return "AppScan.exe".assembly()
                    .type("MainForm")
                    .method("Main");

… invoke the Main method in an STA Thread

O2Thread.staThread(
    ()=>{
            "AppScan.exe".assembly()
                    .type("MainForm")
                    .method("Main").invoke(new object[] {new string[] {} }) ; 
        });

Getting a refrence to the main window and changing its title (after AppScan starts and inside the AppScan process)

var appScan =  "".lastFormLoaded();
appScan.set_Text("O2 version of IBM AppScan - in Pink");

…getting the top level controls:

return appScan.controls();

…getting the list of all GUI controls

return appScan.controls(true);

… getting all treeviews

return appScan.controls<TreeView>(true);

Adding a test node to all treeviews

var treeViews = appScan.controls<TreeView>(true);
foreach(var treeview in treeViews)
    treeview.add_Node("Hello from O2");
return treeViews;

Grabbing a reference to the top Level menu and creating an O2 Menu

var menuStrip =  appScan.controls<MenuStrip>();
var o2Menu = menuStrip.add_MenuItem("O2");

Adding a menu item that opens up an O2 Log Viewer

var appScan =  "".applicationWinForms()[2];
var menuStrip =  appScan.controls<MenuStrip>(); 
var o2Menu = menuStrip.add_MenuItem("O2"); 
o2Menu.add_MenuItem("O2 Log Viewer", ()=>  "O2 Log Viewer".popupWindow(450,200).add_LogViewer() );


Add menu item that opens up a script editor

var appScan =  "".applicationWinForms()[3];
Action<Panel> showO2ScriptEditor =
    (targetPanel)=> {
                        var scriptEditor = targetPanel.add_Script(false) ;
                        scriptEditor.InvocationParameters.add("MainForm", appScan);
                        scriptEditor.Code = "return MainForm;".line() +
                                            "\\O2Ref:appscan.exe";
                    };

var menuStrip =  appScan.controls<MenuStrip>(); 
var o2Menu = menuStrip.add_MenuItem("O2"); 
o2Menu.add_MenuItem("O2 Log Viewer", ()=>  "O2 Log Viewer".popupWindow(450,200).add_LogViewer() );
o2Menu.add_MenuItem("O2 Script Editor", ()=>  showO2ScriptEditor("O2 Script Editor".popupWindow(650,300)) );

August 6, 2011 - Posted by | AppScan, Tools

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: