Created
June 16, 2020 15:33
-
-
Save tuxology/91ab9cd7efb7ccf006eec49417939575 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Basic Commands | |
| ============== | |
| sl ocular -- --import scripts/deps.sc | |
| import $file.scripts.java.ROOTKIT_suspicious_literals | |
| cpg.method.fullName.l | |
| cpg.method.name("executeQuery").caller.fullName.l | |
| cpg.sink.method.name.l | |
| cpg.typeDecl.fullName("io.shiftleft.*").fullName.l | |
| cpg.typeDecl.name("SecuredServlet").baseTypeDeclTransitive.name.l | |
| cpg.sensitiveVariable.map(_.name).l | |
| cpg.sensitiveType.map(_.fullName).l | |
| cpg.sensitiveType.sensitiveMember.map(_.name).l | |
| cpg.literal.code(".*AKIA.*").code.l | |
| From Basics to Data Flow Analysis | |
| ================================= | |
| Use the last literal command to demonstrate you can extend it to do data flow analysis: | |
| var source = cpg.literal.code(".*AKIA.*") | |
| var sink = cpg.sink.method.parameter | |
| ocular> sink.reachableBy(source).flows.p | |
| 2019-12-02 16:39:40.221 [main] INFO mainTasksSize: 115, reachedEndNode: 1, | |
| res39: List[String] = List( | |
| """ ______________________________________________________________________________________________________ | |
| | tracked | lineNumber| method | file | | |
| |=====================================================================================================| | |
| | "AKIA2E0A8F3B244C9986" | 41 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param1 | N/A | <operator>.assignment| N/A | | |
| | param0 | N/A | <operator>.assignment| N/A | | |
| | ACCESS_KEY_ID | 41 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | ACCESS_KEY_ID | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param0 | N/A | append | java/lang/StringBuilder.java | | |
| | ret | N/A | append | java/lang/StringBuilder.java | | |
| | $r4.append(ACCESS_KEY_ID)| 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param1 | N/A | <operator>.assignment| N/A | | |
| | param0 | N/A | <operator>.assignment| N/A | | |
| | $r5 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | $r5 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | this | N/A | append | java/lang/StringBuilder.java | | |
| | ret | N/A | append | java/lang/StringBuilder.java | | |
| | $r5.append(" and ") | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param1 | N/A | <operator>.assignment| N/A | | |
| | param0 | N/A | <operator>.assignment| N/A | | |
| | $r6 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | $r6 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | this | N/A | append | java/lang/StringBuilder.java | | |
| | ret | N/A | append | java/lang/StringBuilder.java | | |
| | $r6.append(SECRET_KEY) | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param1 | N/A | <operator>.assignment| N/A | | |
| | param0 | N/A | <operator>.assignment| N/A | | |
| | $r7 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | $r7 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | this | N/A | toString | java/lang/StringBuilder.java | | |
| | ret | N/A | toString | java/lang/StringBuilder.java | | |
| | $r7.toString() | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param1 | N/A | <operator>.assignment| N/A | | |
| | param0 | N/A | <operator>.assignment| N/A | | |
| | $r8 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | $r8 | 55 | doGet | io/shiftleft/tarpit/ServletTarPit.java| | |
| | param0 | N/A | info | java/util/logging/Logger.java | | |
| """ | |
| ) | |
| Building Sensitive Token Leak Tool | |
| ================================== | |
| import $file.scripts.java.DATA_leak_tokens | |
| DATA_leak_tokens.areTokensLeakingToLogs(cpg,None) | |
| Dependency Parsing | |
| ================== | |
| sl ocular -- --import scripts/deps.sc | |
| ocular> DependencyParser.getDependencies("/home/suchakra/.shiftleft/ocular/scripts/java/utils","/home/suchakra/temp-projects/tarpit-java") | |
| ocular> cpg.dependency.toJsonPretty | |
| res45: String = """[ | |
| { | |
| "NAME":"commons-lang3", | |
| "_id":9185725620381919741, | |
| "VERSION":"3.5", | |
| "DEPENDENCY_GROUP_ID":"org.apache.commons", | |
| "_label":"DEPENDENCY" | |
| }, | |
| { | |
| "NAME":"mail", | |
| "_id":9185725620381919742, | |
| "VERSION":"1.5.0-b01", | |
| "DEPENDENCY_GROUP_ID":"javax.mail", | |
| "_label":"DEPENDENCY" | |
| }, | |
| { | |
| "NAME":"httpcore", | |
| "_id":9185725620381919739, | |
| "VERSION":"4.3.2", | |
| "DEPENDENCY_GROUP_ID":"org.apache.httpcomponents", | |
| "_label":"DEPENDENCY" | |
| }, | |
| { | |
| From Dependency Parsing to SCA | |
| ============================== | |
| Exit Ocular, show how Ocular can be used as a framework to use the above commands and create complete tooling | |
| sl ocular -- --import scripts/deps.sc --script scripts/java/SCA_plus.sc --params payload="/home/suchakra/temp-projects/tarpit-java/target/tarpit-java.war",payloadType=JAR,projectRootDir="/home/suchakra/temp-projects/tarpit-java",scriptsDir="/home/suchakra/.shiftleft/ocular/scripts",outFile=SCA_plus.json | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment