Tuesday, 18 May 2010

Major new version, O2 .NET Ast Scanner and first batch of videos

(As emailed to the O2 Platform mailing list)

Hi, I just pushed a new version of the O2 XRules Database (which you 
can install from here).

As usual there are tons of new features and bug fixes, but probably the most important one is the inclusion of the first working prototype of the O2 .NET Ast Scanner (which is an Open Source taint flow analysis engine which is able to create the code-paths for HacmeBank's Sql Injection)

In my efforts to try to document O2, I've started to create a number of webpages and videos (current hosted at the http://o2platform.com website).
I think finally O2 is a position to really add value to the work you do, so please have a go and let me know how I can help

1 comment:

someProgrammer said...

It does not work at all. I downloaded it and tried on many different PC's. The window "available scripts" is always empty. It only shows the path: C\O2\O2Scripts_Database\_Scripts.
I copied scripts manually there and then the tree of scripts appeared, but none of them works anyway.
Also, which exactly .NET framework shall be installed ?
I tried with 3.5 and 4.0 and it is not working with neither of them.
For the future, I suggest that you test the installation on some blank PC before making a public release.
Example error message when I try to run manually copied scripts:
"The type or namespace name 'ExtensionMethods' does not exist in the namespace 'O2.XRules.Database.Utils'...


I really want to run the AstScanner for .NET. It does not work either when trying to run from the source code. Then I get completely differnt GUI. How to run the rules from it ? I dragged script on the main panel, but what do next ?


But the main question is: does the AST scanner support TYPE RESOLUTION (i.e is it showing actual types for all the identifiers) ?