[Owasp-o2-platform] O2 and ICSharp

dinis cruz dinis.cruz at owasp.org
Fri Dec 10 13:25:16 EST 2010

(O2 Platform list: this is the thread with Jim I mentioned below regarding
ICSharp and he agreed to continue it here)

Jim, I definitely would recommend that you take a look at what O2 does,
since I probably solved most (if not all) of the problems you are going to
have (initially) when trying to use ICSharp for .NET code analysis.

For O2, there are two key capabilities that I get from ICSharpCode and that
are the foundation of the 'O2 Scripting environment' and 'MethodStreams'.
These are: CodeComplete and Refactoring.

*Starting with CodeComplete support.*

If you fire up O2 and open up an 'Simple Script Editor', and type (for
example) *Processes.* you will see a dropdown box with the list of available

[image: tmp455E.tmp.jpeg]

This funcionality is provided by ICSharpCode code complete capabilities.
Unfortunately ICSharpCode (at last the version I used) was not very modular,
and I had to make a number of changes in order to make it work as smoothly
as it does in that O2 GUI.

When I was adding CodeComplete to O2, the first thing that I wanted to do
was to isolate its funcionality into a separate System.Windows.Forms.Control
, but,  ICSharpCode has a number of dependencies on
System.Windows.Forms.Form which made it hard (i.e. if you tried to use the
control that comes with Sharpdevelop outside SharpDevelop GUI/Canvas you
would get a number of exceptions).

So in my efforts to understand the moving parts I first created a
stand-alone Control+Form using the main SharpDevelop classes which you can
see here:

After that was working, I was in a position were I really understood the
SharpDevelop code complete architecutre, and this allowed me to create a
stand alone class that just received a SharpDeveloper Text editor object as
a reference
(see *public O2CodeCompletion(TextEditorControl _textEditor)* ctor in

The reason for the classes in that file to be that long, is because I wanted
to consolidate in one place all pluming that was required to make the code
complete work.

This was crucial when I later added new features to the O2 base code, namely
the ability to handle partial code snippets (which is what you will see in
the 'O2 Simple Script Editor' GUI.

The other key feature that I added was the ability to dynamically consume
the dynamic references added to the O2 scripts.

For example if you add this reference tag to an O2 Script:


you will get (almost immediately) code complete support for it:

[image: tmp3FC0.tmp.jpeg]

As most everything in O2, this capability is already exposed via an API, so
in my next post I will show how to pragmatically access them.

As final example, the 'O2 Simple Script Editor' (show in the screenshots
above) is in it self a script, that gets dynamically compiled and executed:

Dinis Cruz

On 10 December 2010 13:28, Jim DelGrosso <JDelGrosso at cigital.com> wrote:

> I have downloaded the ICSharp code and built the IDE so I can see how
> ICSharp is doing type resolution – I have not seen it used in the O2
> environment (it's on the ToDo pile). I may take you up on your offer for a
> DimDim demo but let me get a better understanding of what is going on first.
> I'm actually using ICSharp in something but wanted similar functionality
> that you had in O2 regarding type resolution. I was just curious if there
> was some "setting" within the ICSharp code to achieve the type resolution
> functionality but a cursory look seems to indicate there is not. I'll take a
> look at the ICSharp IDE starting with the links you provided and possibly
> your implementation as well to figure out what I need.
> Thanks,
> From: dinis cruz <dinis.cruz at owasp.org<mailto:dinis.cruz at owasp.org>>
> Date: Fri, 10 Dec 2010 07:55:11 -0500
> To: Jim DelGrosso <jdelgrosso at cigital.com<mailto:jdelgrosso at cigital.com>>
> Subject: Re: O2 and ICSharp
> Hi Jim, O2 has massive support for ICSharp (from SharpDevelop), in fact I
> build a full-blow static-analysis and taint-analysis built  engine on top of
> it.
> Have you see how it works? The most visible part of this is in O2's
> Scripting environment and on the MethodStreams/CodeStreams that you can
> create.
> If you are around and have some time, I can give you a remove demo (using
> DimDim) so that you can see in action (and try it locally)
> My main question is: what exactly are you trying to do? There are a ton of
> use cases that the O2 APIs allow (from simple 'which methods expose
> Attribute XYZ' to  'build me a file that contains all source code that is
> mapped from this first method X, include the XSD validation mappings at the
> top and the stored procedures used at the bottom'
> If you want to look at what is going on the code take a look at the
> http://code.google.com/p/o2platform/source/browse/#svn/trunk/O2 - All
> Active Projects/O2_APIs/O2_API_AST<
> http://code.google.com/p/o2platform/source/browse/#svn/trunk/O2%20-%20All%20Active%20Projects/O2_APIs/O2_API_AST>
> project and the
> http://code.google.com/p/o2platform/source/browse/#svn/trunk/O2_Scripts/Languages_and_Frameworks/DotNet/DotNet_Ast_Scannerscripts (these are part of the dynamically compiled scripts that are synced
> on O2 Startup with O2's SVN server)
> Finally here is the SharpDevelop APIs that I used (I made a couple
> modifications and bug fixes)
> http://code.google.com/p/o2platform/source/browse/trunk/SourceCode_3rdParty_Dlls/SharpDevelop/
> Dinis Cruz
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
> On 10 December 2010 12:32, Jim DelGrosso <JDelGrosso at cigital.com<mailto:
> JDelGrosso at cigital.com>> wrote:
> Dinis,
> Hey there. I have a quick question (hopefully) about how you are using
> ICSharp inside of O2. I know you came here to Cigital a while ago and
> demoed O2 and showed how O2 was using ICSharp and specifically using
> ICSharp to perform type resolution or type binding. My question is: Can
> you describe briefly how you are using ICSharp to perform this
> functionality? I know it can support this functionality since the IDE can
> provide tooltips with the exact type of a variable for example and I'm
> sure ICSharpCode.SharpDevelop.Dom is involved. What I was wondering was if
> there is some simple way to "turn this feature" on or do I need to
> implement some other key functionality that the ICSharp IDE is performing.
> Any pointers (either in the ICSharp or O2 code) are greatly appreciated.
> Thanks,
> ----
> Jim DelGrosso
> Technical Manager, Cigital, Inc
> 21351 Ridgetop Circle, Suite 400, Dulles, VA 20166
> Work: 703.404.9293 x1233
> Cell: 703.431.7013
> http://www.cigital.com
> Software Confidence. Achieved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20101210/2a456c7b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 43044 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20101210/2a456c7b/attachment-0002.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 34748 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20101210/2a456c7b/attachment-0003.jpe 

More information about the Owasp-o2-platform mailing list