Setting useLegacyV2RuntimeActivationPolicy on O2
I just set the useLegacyV2RuntimeActivationPolicy flag on the O2’s O2 Platform.exe.config file (app.config) so that it possible to load up the CefSharp dlls (which are managed C++ assemblies built targeted to 2.0) and be able to Run Chrome inside O2
Not entirely sure what is the long term effects of this, but so far so good.
Here are some references:
- http://stackoverflow.com/questions/2455654/what-additional-configuration-is-necessary-to-reference-a-net-2-0-mixed-mode
- http://stackoverflow.com/questions/1604663/what-does-uselegacyv2runtimeactivationpolicy-do-in-the-net-4-config
- http://social.msdn.microsoft.com/Forums/en/clr/thread/58271e39-beca-49ac-90f9-e116fa3dd3c0
- http://social.msdn.microsoft.com/Forums/en/clr/thread/58271e39-beca-49ac-90f9-e116fa3dd3c0
Rant: Come on WordPress.com sort your site out, it took me 20m to post this ! (see Losing my mojo with WordPress.com (they’re not getting the basics right) (originally I was not able add hyperlinks to this post ext since wordpress’s link button in the editor was not working (another ‘back to basics’ example))
Details of new O2 main GUI (as 2.0 beta version)
There is a new GUI for O2 which was created using the O2′ s WinForms APIs, which make it easy to create simple and user friendly GUIS.
This is what it looks like:
The process is still the same as before (if you need to install O2, go here and use the ClickOnce installer), when the main “OWASP O2 Platform (ClickOnce version)” desktop or start menu is clicked, there is a check for new rules (which means that the new GUI will automatically installed for existing users)
this will compile and excecute the Simple O2 Gui.h2 script (below) which creates the GUI shown above:
var topPanel = O2Gui.open<Panel>("OWASP O2 Platform v2.0 Beta", 800,190);
topPanel.parent().backColor(Color.White);
topPanel.insert_LogViewer();
var menuPanel = topPanel.insert_Right<Panel>(420);</pre>
topPanel.add_PictureBox().open("OWASP_O2_Platform.png".local()).fill(false).width(351).height(41).top(10);
Action<string> executeH2Script = (script)=>{ script.local().compile_H2Script().executeFirstMethod(); };
menuPanel.add_Link("Write an IE Automation Script",15,0, () => executeH2Script("IE Automation (Simple mode).h2"));
menuPanel.add_Link("Find and Execute an O2 Script",35,0,()=> executeH2Script("Util - O2 Available scripts.h2"));
menuPanel.add_Link("Open Custom O2 for Security Consultants",15,185, ()=> executeH2Script("Security Consultants (Custom O2 version).h2"));
menuPanel.add_Label("Are you lost?",35,185)
.append_Link("Open Help",()=> "<a href="http://o2platform.com/wiki/Documentation%22.startProcess">http://o2platform.com/wiki/Documentation".startProcess</a>())
.append_Link("Mailing List",()=> "<a href="https://lists.owasp.org/mailman/listinfo/owasp-o2-platform%22.startProcess">https://lists.owasp.org/mailman/listinfo/owasp-o2-platform".startProcess</a>());
To make it simpler for new users (and existing ones) there are only 3 scripts and 2 links directly exposed
- Write an IE Automation Script – opens the IE Automation (Simple mode).h2 script
- Find and Execute an O2 Script Util – opens the O2 Available scripts.h2 script
- Open Custom O2 for Security Consultants – opens the Security Consultants (Custom O2 version).h2 script
- Are you lost? -> Open Help – opens the webpage http://o2platform.com/wiki/Documentation webpage
- Are you lost? -> Mailing List – opens the webpage https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
O2 Scripting – solving the missing references compilation problem (using FVDL as an example)
A common error when starting to write O2 scripts is the “The name ‘…’ does not exist in the current context” compilation problem. This tends to happen because the C# comments that provide the dll and namespace references were not used (since it can easy to assume that they are not needed 🙂 )
Here is how to replicate the problem and how to fix it.
Start with an new instance of an O2 Quick Development GUI
Right-click on the source code editor and chose the ‘show log view option)
Then (for example) paste the code below:
var topPanel = panel.clear().add_Panel();
var xmlFile = @"C:\O2\Fortify\test.fvdl";
var xsdFile = @"C:\O2\Fortify\test.fvdl.xsd";
var csharpFile = xsdFile.xsdCreateCSharpFile();
csharpFile.fileContents().insertBefore("//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll".line()).saveAs(csharpFile);
var fvdl = FVDL.Load(xmlFile);
… this will trigger the code compilation, which will fail with the error:
[8:24:04 AM] ERROR: [CSharp_FastCompiler] Compilation Error: 32::14::CS0103::The name ‘FVDL’ does not exist in the current context::c:\Users\o2\AppData\Local\Temp\meqvg7zx.0.cs
The reference that is missing is the C# file that has the FVDL class.
In fact, in this case, the script (sent to me by an O2 user who was following the code samples in the Fortify FVDL files – Creating and consuming the schema and CSharp file blog post) is actually jumping a step (btw, see here for more posts about O2 support for Fortify’s FVDL files)
Let’s comment the last line, and make the code compile
Before we execute it, let’s change the script a little bit to create the XSD file and then return the value of the csharpFile variable (which is the C# file created that represents the XSD file)
var xmlFile = @"C:\O2\Demos\Fortify-Sate-2008\sate2008-Fvdl\naim.fvdl";
var xsdFile = xmlFile.xmlCreateXSD();
var csharpFile = xsdFile.xsdCreateCSharpFile();
return csharpFile.fileContents().insertBefore("//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll".line()).saveAs(csharpFile);
In this case (due to the format of the Fortify XSD), the XML -> XSD conversion using Linq2Xml will not work (see the post Fortify FVDL files – Creating and consuming the schema and CSharp file for more details and for a solution using Visual Studio 2010):
To show how to fix the “The name ‘…’ does not exist in the current context” problem, let go back to the orignal script, without the bits that are not needed (and using a file from the SATE 2008 project):
var topPanel = panel.clear().add_Panel(); var xmlFile = @"C:\O2\Demos\Fortify-Sate-2008\sate2008-Fvdl\naim.fvdl"; var fvdl = FVDL.Load(xmlFile);
To compile this we need to add two things:
1) a C#file or dll that has the FVDL class
2) an include reference to the namespace that contains the FVDL class:
In this case we are going to use the file that was created in the previous blog post example, which is now included in the local O2 Scripts folder:
To consume this file (and tell the O2 scripting engine to compile it with the current script), use this syntax:
//O2File:C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\Fortify\Fortify.fvdl.1.6.xsd.cs
The compilation process now will show a lot more activity, including an entry with ‘Compilated OK to: C:\O2\_tempDir\7-29-2011\tmp3A4C.tmp.dll‘ , which basically means that the files we provided as references compiled ok.
The reason we sill get the original error is because we are missing the namespace reference (altough you can already gain acccess to the imported code/dll Code Complete :
… and here is the FVDL class:
… which when used as a reference using this syntax:
//using xmlns.www.fortifysoftware.com.schema.fvdl
… will result in this error:
… which is also a very common error, and basically means that we also need to provide the C# compiler a reference to the O2_Misc_Microsoft_MPL_Libs.dll.
This can be done using this syntax:
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
which will make the following code
var xmlFile = @"C:\O2\Demos\Fortify-Sate-2008\sate2008-Fvdl\naim.fvdl"; var fvdl = FVDL.Load(xmlFile);</pre> //using xmlns.www.fortifysoftware.com.schema.fvdl //O2File:C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\Fortify\Fortify.fvdl.1.6.xsd.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
… to compile OK :
Note that since the Fortify.fvdl.1.6.xsd.cs file is included inside the O2 Scripts folder, we can use it just its filename:
var xmlFile = @"C:\O2\Demos\Fortify-Sate-2008\sate2008-Fvdl\naim.fvdl"; var fvdl = FVDL.Load(xmlFile); //using xmlns.www.fortifysoftware.com.schema.fvdl //O2File:Fortify.fvdl.1.6.xsd.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
To see the object created add a return statement:
…. (since we are inside the O2 Quick Development Gui and have access to a panel), add a PropertyGrid to the provided Panel control and show the FVDL object there:
var topPanel = panel.clear().add_Panel(); var xmlFile = @"C:\O2\Demos\Fortify-Sate-2008\sate2008-Fvdl\naim.fvdl"; var fvdl = FVDL.Load(xmlFile); topPanel.add_PropertyGrid().show(fvdl); //using xmlns.www.fortifysoftware.com.schema.fvdl //O2File:Fortify.fvdl.1.6.xsd.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll</pre>
And if want to make this into a stand alone tool (that can be shared with others and invoked directly from the windows explorer), replace with first line with a call to open a popup window
//var topPanel = panel.clear().add_Panel(); var topPanel = "View FVDL file".popupWindow(500,370);
If you save this script as a stand alone tool, go to the script editor, right click on it, and chose the current source code -> save As menu item
Chose a location:
and execute this script by double clicking on it:
You might have noticed that I saved this file on my local development box in one of the O2 Scripts folders.
This means that to add it to the O2 scripts that exist locally to O2 users (and that O2 automatically syncs up when the main GUI starts), I just need to do this:
and it is done:
… by the time you are reading this blog post you should have this script on your local O2 Scripts folder
O2 Script to download O2 Reference DLLs from SVN
An O2 user today had a problem that sometimes happens inside networks with’ proxy based internet access’.
The issue is that if an O2 script needs a particular dll to run and it has not been downloaded before, O2 will fail to find it because the ping that it makes to check for online connectity will fail (this is a bug that needs to be fixed in the main O2 ClickOnce version).
So to address his short term need (and to show how easy it is to add new modules anf capabilities to O2), I ‘live coded’ the scrip below using ietherpad.com 🙂
Here is the link of the Etherpad timeslider (you can go back in time and see how the script evolved): http://ietherpad.com/ep/pad/view/uuSwFWulSf/latest
Here is a screenshot of what it looks like:
Here is the source code of this new O2 Util (which is already added to the main O2 Scripts folder (look for the script called ‘Util – Download O2 Reference File.h2’))
//var topPanel = panel.clear().add_Panel();
var topPanel = "Get O2 Reference dll (double click on file to download it)".popupWindow(400,500);
topPanel.insert_LogViewer();</pre>
var ie = topPanel.add_IE().silent(true);
var treeView = topPanel.insert_Left().add_TreeView().sort();
Action<string> addUrlMappingsToTreeView =
(urlWithLinks)=>{
ie.open(urlWithLinks);
var links = from link in ie.links()
where link.text() != ".."
select new { filename = link.text() , url = link.url() };
foreach(var link in links)
treeView.add_Node(link.filename, link.url);
};
addUrlMappingsToTreeView("<a href="http://o2platform.googlecode.com/svn/trunk/O2%20-%20All%20Active%20Projects/_3rdPartyDlls/FilesWithNoCode/">http://o2platform.googlecode.com/svn/trunk/O2%20-%20All%20Active%20Projects/_3rdPartyDlls/FilesWithNoCode/</a>");
addUrlMappingsToTreeView("<a href="http://o2platform.googlecode.com/svn/trunk/O2%20-%20All%20Active%20Projects/_3rdPartyDlls/">http://o2platform.googlecode.com/svn/trunk/O2%20-%20All%20Active%20Projects/_3rdPartyDlls/</a>");
topPanel.splitContainer().panel2Collapsed(true);
treeView.onDoubleClick<string>(
(url)=> {
treeView.pink();
"you selected the url: {0}".info(url);
var localTempFile = url.uri().download();
var copiedFile = Files.Copy(localTempFile,PublicDI.config.CurrentExecutableDirectory);
"file was copied to: {0}".info(copiedFile);
treeView.white();
});
return "ok";
//O2File:WatiN_IE_ExtensionMethods.cs
//using O2.XRules.Database.Utils.O2
//O2Ref:WatiN.Core.1x.dll
O2 Trick to complile with explict references
In the O2 Scripting environment there are quite a number of behind the scenes extra references that are added. If a clean/explict compilation is needed, then here is a trick to do this (note: this will be easier to do on the next version of O2)
var javascriptProxy = MoqObjects.IJavascriptProxy_Moq();
return javascriptProxy.GetTime();
//O2File:C:\_WorkDir\SI\GitHub\TeamMentor 3.0\Web Applications\WebClient\WebServices\MoqObjects.cs
//using SecurityInnovation.TeamMentor.WebClient.WebServices
/*
//execute this once
CompileEngine.LocalScriptFileMappings["_Extra_methods_To_Add_to_Main_CodeBase.cs"] ="...";
CompileEngine.LocalScriptFileMappings["_extra_methods_to_add_to_main_codebase.cs"] ="...";
CompileEngine.lsGACExtraReferencesToAdd.Clear();
CompileEngine.lsGACExtraReferencesToAdd.add("System.Windows.Forms.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("System.Drawing.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("System.Core.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("System.Xml.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("O2_Kernel.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("O2_Interfaces.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("O2_DotNetWrappers.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("O2_Views_ASCX.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("O2_External_SharpDevelop.dll");
CompileEngine.lsGACExtraReferencesToAdd.add("O2SharpDevelop.dll");
*/
//O2Tag_OnlyAddReferencedAssemblies
//O2Ref:System.Windows.Forms.dll
//O2Ref:System.Xml.dll
//O2Ref:System.Drawing.dll
//O2Ref:System.dll
//O2Ref:O2_Kernel.dll
//O2Ref:O2_DotNetWrappers.dll
//using O2.DotNetWrappers.DotNet;
//using O2.DotNetWrappers.ExtensionMethods;
The reason why the above script needs to be compiled like this is because there is an previously compiled O2-driven dll import added by MoqObjects.cs (whose extension methods would conflict with the ones created here)
Decomposing an Lamba method used in an O2 Script
I just spent some time with Sarah Baso explaining how a particular script works (she is trying to automate the creation of pdfs with OWASP Summit certificates using O2 (similar with to O2 Script – Creating PDFs with OWASP AppSec Brazil Certificates ))
I used an etherpad during this session, which at the moment can be seen here: http://primarypad.com/jnfLB22s53
This is the function that loads up the file from the local computer and returns a list of names
Func<string, List<string>> getNames =
(dataFile) => {
return (from line in dataFile.fileContents().trim().split_onLines().remove(0)
select line.split(",")[1].removeFirstChar().removeLastChar()
).toList();
};
Here is the same function shown above, but this time in a format that is probably be easy to read
Func<string, List<string>> getNames =
(dataFile) => {
return (
from line in dataFile.fileContents()
.trim()
.split_onLines()
.remove(0)
select line.split(",")[1]
.removeFirstChar()
.removeLastChar()
).toList();
};
And here is a ful rewrite of it , with the same functionality but writen in a very explicity way (and not taking advantage of the fact that most O2 Extension methods will return an object that can be used on the next extension method)
Func<string, List<string>> getNames =
(dataFile) => {
var fileContents = dataFile.fileContents(); // get file contents from disk
fileContents = fileContents.trim(); // remote extra spaces or enters
var lines = splitedContents. split_onLines(); // get a list splitted by line
splitedContents = splitedContents.remove(0); // remove the first entry which is the names of the columns
var results = new List<string>();
foreach(var line in lines)
{
var cells = line.split(","); // get a list splitted by , (comma)
var name = cells[0];
name = name. removeFirstChar(); // Need to do this because the original data was padded with ' (single quotes)
results = name. removeLastChar(); // if it were spaces I could had used -> name = name.trim(); results.add(name);
}
return name;
}
O2 Script: Downloading File
Here is a script that simpifies the process of downloading a file which consumes an old Form Control that I created ages ago in O2
Its really amazing how much the new version of O2 and its API dramatically simplity the code created (for reference look at the original code ascx_DownloadFile.cs to see how much more padding I had to add when I was not using Lamda funtions and extension methods)
Func<Uri, string,string> downloadFile =
(uri, targetFile)=> {
"Downloading file {0} to location:{1}".info(uri.str(), targetFile);
if (targetFile.fileExists()) // don't download if file already exists
{
"File already existed, so skipping download".debug();
return targetFile;
}
var sync = new System.Threading.AutoResetEvent(false);
var downloadControl = O2Gui.open<ascx_DownloadFile>("Downloading: {0}".format(uri.str()), 455 ,170 );
downloadControl.setAutoCloseOnDownload(true);
downloadControl.setCallBackWhenCompleted((file)=> downloadControl.parentForm().close());
downloadControl.onClosed(()=>sync.Set());
downloadControl.setDownloadDetails(uri.str(), targetFile);
downloadControl.downloadFile();
sync.WaitOne(); // wait for download complete or form to be closed
if (targetFile.fileExists())
return targetFile;
return null;
};
Func<Uri, string> downloadFileToTempLocation =
(uri) => {
var fileName = uri.Segments.Last();
if (fileName.valid())
{
var targetFile = "".tempDir().pathCombine(fileName);
Files.deleteFile(targetFile);
return downloadFile(uri, targetFile);
}
else
"Could not extract filename from provided uri: {0}".error(uri.str());
return null;
};
var fileToDownload = http://s3.amazonaws.com/O2_Downloads/nikto-2.1.3.zip;
return downloadFileToTempLocation(fileToDownload.uri());
//var localFile = "nikto-2.1.3.zip".tempFile();
//return downloadFile(fileToDownload.uri(), localFile);
//using O2.Views.ASCX.CoreControls
Once I had the code above running (in O2’s Quick Development GUI), it was a simple process to make it into the following extension methods:
public static class DownloadFiles_ExtensionMethods
{
public static string download(this string fileToDownload)
{
return fileToDownload.uri().download();
}
public static string download(this Uri uri)
{
return uri.downloadFile();
}
public static string downloadFile(this Uri uri)
{
if (uri.isNull())
return null;
var fileName = uri.Segments.Last();
if (fileName.valid())
{
var targetFile = "".tempDir().pathCombine(fileName);
Files.deleteFile(targetFile);
return downloadFile(uri, targetFile);
}
else
"Could not extract filename from provided uri: {0}".error(uri.str());
return null;
}
public static string downloadFile(this Uri uri, string targetFile)
{
if (uri.isNull())
return null;
"Downloading file {0} to location:{1}".info(uri.str(), targetFile);
if (targetFile.fileExists()) // don't download if file already exists
{
"File already existed, so skipping download".debug();
return targetFile;
}
var sync = new System.Threading.AutoResetEvent(false);
var downloadControl = O2Gui.open<ascx_DownloadFile>("Downloading: {0}".format(uri.str()), 455 ,170 );
downloadControl.setAutoCloseOnDownload(true);
downloadControl.setCallBackWhenCompleted((file)=> downloadControl.parentForm().close());
downloadControl.onClosed(()=>sync.Set());
downloadControl.setDownloadDetails(uri.str(), targetFile);
downloadControl.downloadFile();
sync.WaitOne(); // wait for download complete or form to be closed
if (targetFile.fileExists())
return targetFile;
return null;
}
}
which can now be easily consumed in O2 using:
var fileToDownload = "http://s3.amazonaws.com/O2_Downloads/nikto-2.1.3.zip"; return fileToDownload.download();
or just
return "http://s3.amazonaws.com/O2_Downloads/nikto-2.1.3.zip".download();
Creating an API to be consumed by an O2 Script
After creating a Lamba method and putting it on a CSharp file the usual next step is to create an API that can wrap the functionality that we want.
In this case, I’m creating an API for the OWASP version of TeamMentor (which you can get from Git-Hub) so here are the two steps I took to create the API
Step 1: Create a CSharp file called API_TeamMentor.cs and located in C:\O2\_New_O2_Scripts\TeamMentor\API_TeamMentor.cs
// This file is part of the OWASP O2 Platform (<a href="http://www.owasp.org/index.php/OWASP_O2_Platform">http://www.owasp.org/index.php/OWASP_O2_Platform</a>) and is released under the Apache 2.0 License (<a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a>)
using System;
using System.Text;
using O2.Kernel;
using O2.Kernel.ExtensionMethods;
using O2.DotNetWrappers.ExtensionMethods;using O2.Extra_O2_Scripts;
//O2File:C:\O2\_New_O2_Scripts\TeamMentor\_Extra_O2_Scripts.cs
namespace O2.XRules.Database.APIs
{
public class API_TeamMentor
{
public string WorkFolder {get;set;}
public string DataFolder {get;set;}
public API_TeamMentor()
{
WorkFolder = @"C:\O2\_New_O2_Scripts\TeamMentor";
DataFolder = @"C:\SI\SecurityInnovation-OWASP-TeamMentor-Library-9f0a009";
}
public API_TeamMentor createAssembliesFromXmlFiles()
{
//create the dlls that we need to consume these xml file
DataFolder.pathCombine("OWASP.xml").createAssemblyFromXml(WorkFolder, "tm_Main");
DataFolder.pathCombine(@"OWASP\index.xml").createAssemblyFromXml(WorkFolder, "tm_Index");
DataFolder.pathCombine(@"OWASP\Attack\2b2a09fd-a10d-479f-a3df-8e28870319b6.xml").createAssemblyFromXml(WorkFolder, "tm_Article");
return this;
}
}
}
Step 2: Consume API file from an O2 Script:
var teamMentor = new API_TeamMentor(); teamMentor.createAssembliesFromXmlFiles(); return teamMentor; return "ok"; //using O2.XRules.Database.APIs //O2File:C:\O2\_New_O2_Scripts\TeamMentor\API_TeamMentor.cs
Note: the execution of the above code is going to create 3 *.XSD, 3 *.CS and 3 *.DLL files in the C:\O2\_New_O2_Scripts\TeamMentor folder:
Consuming extension method from external file
Once we have a LAMDA method that we want to consume in a generic way (i.e. from other scripts), the best place to put it is in a external *.cs file (which can be passed as a reference to any O2 Script)
For example, this is how to do this for the script developed here: https://o2platform.wordpress.com/2011/02/20/o2-script-create-xsd-and-assembly-from-xml-file/
step 1: Create a stand alone CSharp file (in this case called _Extra_O2_Scripts.cs and located in C:\O2\_New_O2_Scripts\TeamMentor\_Extra_O2_Scripts.cs)
// This file is part of the OWASP O2 Platform (<a href="http://www.owasp.org/index.php/OWASP_O2_Platform">http://www.owasp.org/index.php/OWASP_O2_Platform</a>) and is released under the Apache 2.0 License (<a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a>)
using System;
using O2.Kernel;
using O2.Kernel.ExtensionMethods;
using O2.DotNetWrappers.ExtensionMethods;
using O2.External.SharpDevelop.ExtensionMethods;
using NUnit.Framework;
//O2Ref:nunit.framework.dll
namespace O2.Extra_O2_Scripts
{
public static class XmlToAssembly_ExtensionMethods
{
public static string createAssemblyFromXml(this string xmlFile, string targetFolder, string xsdAndDll_Name )
{
var xsd = targetFolder.pathCombine(xsdAndDll_Name + ".xsd");
xmlFile.xmlCreateXSD().saveAs(xsd);
Assert.That(xsd.fileExists(), "xsd was not created");
"[createAssemblyFromXml] XSD Created: {0}".debug(xsd);
var cs = xsd.xsdCreateCSharpFile()
.fileInsertAt(0,"//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll".line());;
Assert.That(cs.fileExists(), "cs was not created");
"[createAssemblyFromXml] CSharp file Created: {0}".debug(cs);
var dll = targetFolder.pathCombine(xsdAndDll_Name + ".dll");
var tempDll = cs.compile(dll);
Assert.That(dll.fileExists(), "dll_MainFile was not created");
"[createAssemblyFromXml] dll file Created: {0}".debug(dll);
var assembly = dll.assembly();
Assert.That(assembly.notNull(), "assembly was null");
return dll;
}
}
}
step 2: Consume it from an O2 Script:
var workFolder = @"C:\O2\_New_O2_Scripts\TeamMentor";
var rootFolder = @"C:\SI\SecurityInnovation-OWASP-TeamMentor-Library-9f0a009";
var mainFile = rootFolder.pathCombine("OWASP.xml");
return mainFile.createAssemblyFromXml(workFolder, "tm_Main");
return "ok";
//using O2.Extra_O2_Scripts
//O2File:C:\O2\_New_O2_Scripts\TeamMentor\_Extra_O2_Scripts.cs
Example of Custom O2 focused on a security consultant’s need
In sequence to the Creating custom O2 Versions post, here is an example of a Custom O2 that is focused on a particular Security Consultant’s needs (in this case Matt Parsons which was doing some analysis using IBM’s AppScan Source Edition 7.x (previously known as Ounce 6.x))
Screenshots of Gui:
Source code:
var title = "Matt Parsons";
var currentScript = PublicDI.CurrentScript;
var ribbon = CustomO2.create(title, 1024,300); // stand alone version
//var ribbon = CustomO2.create(panel.clear().add_Panel(),title); // use when inside 'Quick Development GUI'
var appScanSource7Tab = ribbon.add_Tab("IBM AppScan Source 7.x");
var appScanSource6Tab = ribbon.add_Tab("IBM AppScan Source 6.x");
appScanSource7Tab.add_Group("Findings Viewer")
.add_Script("7.x Findings Viewer", "Tool - Findings Viewer - IBM AppScan Source 7.0.h2");
appScanSource7Tab.add_Group("Support Files")
.add_RibbonButton_ShowCodeFile("Schema File of *.ozasmt","xsd_Ozasmt_OunceV7_0.xsd".local())
.add_RibbonButton_ShowCodeFile("CSharp file of Schema File","xsd_Ozasmt_OunceV7_0.cs".local());
appScanSource6Tab.add_Group("Findings Viewer(s)")
.add_Script("6.x Findings Viewer (with code viewer)", "Util - Simple Findings Viewer (with code viewer).h2")
.add_Script("6.x Findings Viewer (just viewer/editor)", "Util - Simple Findings Viewer.h2")
.add_Script("6.x Findings Viewer (indexed by Source-Code viewer)", "Util - Findings Viewer (filtered by SourceCode).h2")
.add_Script("6.x and others Findings Viewer (separate GUI)", "Findings Viewer.h2");
var o2Scripting = ribbon.add_Tab("O2 Scripting");
o2Scripting.add_Group_developmentGuis();
ribbon.add_Tab_MiscTools();
o2Scripting.add_RibbonGroup("Custom O2")
.add_RibbonButton("Edit this Custom O2 Script",
() => O2Gui.open<Panel>("Custom O2",800,400)
.add_SourceCodeEditor()
.open(currentScript));
ribbon.add_Tab_BrowserAutomation();
return "done";
//O2File:WPF_Ribbon_ExtensionMethods.cs
//O2File:CustomO2.cs
//O2Ref:WindowsFormsIntegration.dll
//O2Ref:RibbonControlsLibrary.dll
About
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)
Download
Windows ClickOnce Installer:
Mailing List
The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)
OWASP O2 Platform Blog 