[Owasp-o2-platform] More FVDL scripting and example of (O2 created).NET Taint Flow trace

dinis cruz dinis.cruz at owasp.org
Thu Jul 28 20:49:11 EDT 2011


Here is a reply I just sent to a new O2 user that is trying to get his head
around O2 Scripting (to parse, filter and visualize FVDL Files) , which also
includes a link to a blog post with an example of what the O2 .NET Static
Analysis engine is able to create:

*"...I've pushed another blog post that should give you more ideas on what
you can do with O2 scripting and FVDL files:
http://o2platform.wordpress.com/2011/07/29/creating-the-the-util-view-fvdl-traces-h2-script-lots-of-data-analysis-code-samples
(I
wrote this last week, but run out of time to publish it then)

Question: what do you mean by "connecting some related issues..an
unsupported MVC pattern breaks the data flow from the controller to the
view" ? Are you trying to connect the tain-flow traces? (for example a trace
that starts in a Controller and continues on a View?)

If so, you need to take a look at what I was doing with the traces I used to
get from the Ounce Labs engine. I was doing exactly that.

There is quite a lot of scripts and code in O2 to support the joining of
traces (from simple to complex use cases), so let me know if this is what
you are trying to do (note that to really take advantage of O2, we should
expand the current FVDL parser to create IO2Findings objects, since once we
have that, we can use the existing O2 tools for Finding's viewing and
Trace's joining (including Drag&Drop trace creation support)).

To see an example of the kind of traces you can do in O2, check this out
.NET HacmeBank SQL Injection vulnerability trace example:
http://o2platform.wordpress.com/2011/07/29/o2-net-ast-scanner-hacmebank-sql-injection-poc
 .

Note how that 'O2 created trace':

   - starts on a URL (the real Source of tainted data),
   - then follows the taint flow into a server-side Textbox,
   - and into the WebService's call on the WebSite code
   - and into the WebServices' method on the WebService's code (this was a
   separate trace that was joined with the first one),
   - and continues the taint follow until it reaches the Sql Injection Sink

*..."

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20110729/fc3b8cf0/attachment.html 


More information about the Owasp-o2-platform mailing list