CAST AIP Troubleshooting Guides
Page tree
Skip to end of metadata
Go to start of metadata
Purpose

Run Data Flow Security Analysis enables us to detect improper user input validation in the source code included in our Application that can lead to some security vulnerabilities. It needs to be configured.

Below is the screen shot which shows where this step comes from.

In this page, the different logs lines corresponding to Run Data Flow Security Analysis is  listed with functional and technical explanation of the logs that it generates.



 

Run Data Flow Security Analysis

CAST-MS<ID>.log.txt

The CAST MS log file contains information about all the task and sub task occurring during the Take Snapshot. Regarding Run Data Flow Security Analysis, the only information we have is when the sub task started, when it finished and when if it has failed

Run Data Flow Security Analysis

INF: 2016-09-12 13:30:28: starting Task Run Data Flow Security Analysis on "SilverLight_App"

Run .NET Data Flow Security

INF: 2016-09-12 13:30:28: starting Task Run .NET Data Flow Security for "SilverLight_App"
INF: 2016-09-12 13:30:29: Validating cast#lib
INF: 2016-09-12 13:30:29: Validation completed sucessfully for cast#lib
INF: 2016-09-12 13:30:29: Validating cast#lib
INF: 2016-09-12 13:30:29: Validation completed sucessfully for cast#lib
INF: 2016-09-12 13:30:30: Validating cast#lib
INF: 2016-09-12 13:30:30: Validation completed sucessfully for cast#lib
INF: 2016-09-12 13:30:30: Validating Test.net
INF: 2016-09-12 13:30:30: Validation completed sucessfully for Test.net
INF: 2016-09-12 13:30:32: Task message: No Task message
INF: 2016-09-12 13:30:32: Log file: C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\SecurityAnalyzer.log
INF: 2016-09-12 13:30:32: ending Task Run .NET Data Flow Security for "SilverLight_App"

Save results to database

INF: 2016-09-12 13:30:32: starting Task Save results to database
INF: 2016-09-12 13:30:32: C:\Program Files\CAST\8.0/XMLTODB.exe /f:C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.datatransfer /c:C:\Program Files\CAST\8.0\InstallScripts\Common\APPW\table_appw.xml /scp:dataflow /src:xml /st:sql /cs:LIBPQ:LOCALHOST:2280,postgres /u:operator /p:****** /db:cast_80_sup_local
INF: 2016-09-12 13:30:33: Transferring XML -> DB using bulk copy whenever possible: this may take a while...
INF: 2016-09-12 13:30:33: XMLtoDB: Opening a connection to <connection_string> 'LIBPQ:LOCALHOST:2280,postgres' with login 'operator'...successful connection.
INF: 2016-09-12 13:30:33: XMLtoDB: Successful transfer (XML -> DB).
INF: 2016-09-12 13:30:33: Task message: No Task message
INF: 2016-09-12 13:30:33: No associated log file
INF: 2016-09-12 13:30:33: ending Task Save results to database
INF: 2016-09-12 13:30:33: Task message: No Task message
INF: 2016-09-12 13:30:33: No associated log file

End Run Data Flow Security Analysis

INF: 2016-09-12 13:30:33: ending Task Run Data Flow Security Analysis on "SilverLight_App"

Security Analyzer

SecurityAnalyzer.log

INFO - Logging to C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\SecurityAnalyzer.log
INFO - Flaws save in C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.flaw
INFO - Flaw check by a path tester
INFO - Flaws save in C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.datatransfer for transfer to knowledge base
INFO - Security anlayzer call with : --jobId=6001 --flawSpec=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\TempFlaws_NetAppTechnology.xml --blackBox=C:\Program Files\CAST\8.0\configuration\BlackBoxes\DotNet --bytecodeFolder=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962 --saveDb=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.datatransfer --showProgress=no --scripts=C:\Program Files\CAST\8.0\configuration\scripts --log=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\SecurityAnalyzer.log
INFO - Validating cast#lib
INFO - CastIL documents managed by this plugin system are now : cast#lib
INFO - Load official blackboxes
INFO - Adding or updating factory DotNetRuntime.DotNetRuntime of plugin DotNetRuntime.castil, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null with <plugin file="C:/Program%20Files/CAST/8.0/DotNetRuntime.castil.dll" />
INFO - Validating cast#lib
INFO - CastIL documents managed by this plugin system are now : cast#lib System System.Data System.DirectoryServices System.Web System.Xml System.Core System.Windows.Forms mscorlib cast#unsafe
INFO - Adding or updating factory JeeRuntime.JeeRuntime of plugin JeeRuntime.castil, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null with <plugin file="C:/Program%20Files/CAST/8.0/JeeRuntime.castil.dll" />
INFO - Validating cast#lib
INFO - CastIL documents managed by this plugin system are now : cast#lib System System.Data System.DirectoryServices System.Web System.Xml System.Core System.Windows.Forms mscorlib cast#unsafe rt.jar javax.servlet_3.0.0.jar javax.servlet.jsp_2.2.0.jar ecs-1.4.2.jar commons-logging-1.1.1.jar log4j-1.2.14.jar
INFO - Load blackbox files
INFO - Adding blackbox C:\Program Files\CAST\8.0\configuration\BlackBoxes\DotNet\Test.blackbox.xml
INFO - A plugin system is closing cast#lib
INFO - A plugin system is closing System
INFO - A plugin system is closing System.Data
INFO - A plugin system is closing System.DirectoryServices
INFO - A plugin system is closing System.Web
INFO - A plugin system is closing System.Xml
INFO - A plugin system is closing System.Core
INFO - A plugin system is closing System.Windows.Forms
INFO - A plugin system is closing mscorlib
INFO - A plugin system is closing cast#unsafe
INFO - A plugin system is closing rt.jar
INFO - A plugin system is closing javax.servlet_3.0.0.jar
INFO - A plugin system is closing javax.servlet.jsp_2.2.0.jar
INFO - A plugin system is closing ecs-1.4.2.jar
INFO - A plugin system is closing commons-logging-1.1.1.jar
INFO - A plugin system is closing log4j-1.2.14.jar
INFO - Logging to C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\SecurityAnalyzer.log
INFO - Flaws save in C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.flaw
INFO - Flaw check by a path tester
INFO - Flaws save in C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.datatransfer for transfer to knowledge base
INFO - Security anlayzer call with : --jobId=6001 --flawSpec=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\TempFlaws_NetAppTechnology.xml --blackBox=C:\Program Files\CAST\8.0\configuration\BlackBoxes\DotNet --bytecodeFolder=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962 --saveDb=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\BuildAgent.datatransfer --showProgress=no --scripts=C:\Program Files\CAST\8.0\configuration\scripts --log=C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\SecurityAnalyzer.log
INFO - Validating cast#lib
INFO - CastIL documents managed by this plugin system are now : cast#lib
INFO - Load official blackboxes
INFO - Adding or updating factory DotNetRuntime.DotNetRuntime of plugin DotNetRuntime.castil, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null with <plugin file="C:/Program%20Files/CAST/8.0/DotNetRuntime.castil.dll" />
INFO - Validating cast#lib
INFO - CastIL documents managed by this plugin system are now : cast#lib System System.Data System.DirectoryServices System.Web System.Xml System.Core System.Windows.Forms mscorlib cast#unsafe
INFO - Adding or updating factory JeeRuntime.JeeRuntime of plugin JeeRuntime.castil, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null with <plugin file="C:/Program%20Files/CAST/8.0/JeeRuntime.castil.dll" />
INFO - Validating cast#lib
INFO - CastIL documents managed by this plugin system are now : cast#lib System System.Data System.DirectoryServices System.Web System.Xml System.Core System.Windows.Forms mscorlib cast#unsafe rt.jar javax.servlet_3.0.0.jar javax.servlet.jsp_2.2.0.jar ecs-1.4.2.jar commons-logging-1.1.1.jar log4j-1.2.14.jar
INFO - Load blackbox files
INFO - Adding blackbox C:\Program Files\CAST\8.0\configuration\BlackBoxes\DotNet\Test.blackbox.xml
INFO - Validating Test.net
INFO - Load CastIL code
INFO - Adding CastIL assembly folder C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962
INFO - Load flaws specification file
INFO - Initialization of a circular buffer of 2000000 elements with 1 rings
INFO - Snapshot of CastIL application setup saved in C:\CASTMS\LargeStorage\LISA\c51f4ae599884aecbcaebd919a89f71f\Scr14962\castil-system.xml
INFO - Start search of flaw sources
INFO - Starting search of inputs for [cast#lib]Network.read()
INFO - Inputs:
[cast#lib]Network.read()
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequestWrapper.getQueryString()
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequestWrapper.getParameterMap()
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequestWrapper.getParameterValues([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequestWrapper.getParameterNames()
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequestWrapper.getParameter([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequest.getParameterMap()
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequest.getParameterValues([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequest.getParameterNames()
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequest.getParameter([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequestWrapper.getParameterMap()
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequestWrapper.getParameterValues([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequestWrapper.getParameterNames()
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequestWrapper.getParameter([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.http.HttpServletRequest.getQueryString()
[javax.servlet_3.0.0.jar]javax.servlet.http.Cookie.getValue()
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequest.getParameterMap()
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequest.getParameterValues([ext]java.lang.String)
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequest.getParameterNames()
[javax.servlet_3.0.0.jar]javax.servlet.ServletRequest.getParameter([ext]java.lang.String)
[rt.jar]java.io.Console.readPassword([rt.jar]java.lang.String,[rt.jar]java.lang.Object[])
[rt.jar]java.io.Console.readLine([rt.jar]java.lang.String,[rt.jar]java.lang.Object[])
[System.Windows.Forms]System.Windows.Forms.PrintPreviewDialog.get_Text()
[System.Windows.Forms]System.Windows.Forms.PrintPreviewControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.Design.ComponentEditorPage.get_Text()
[System.Windows.Forms]System.Windows.Forms.Design.ComponentEditorForm.get_Text()
[System.Windows.Forms]System.Windows.Forms.WebBrowser.get_Text()
[System.Windows.Forms]System.Windows.Forms.WebBrowserBase.get_Text()
[System.Windows.Forms]System.Windows.Forms.VScrollBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.UserControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.TreeView.get_Text()
[System.Windows.Forms]System.Windows.Forms.TrackBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStripPanel.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStripContentPanel.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStripContainer.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStripOverflow.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.ThreadExceptionDialog.get_Text()
[System.Windows.Forms]System.Windows.Forms.TabPage.get_Text()
[System.Windows.Forms]System.Windows.Forms.TableLayoutPanel.get_Text()
[System.Windows.Forms]System.Windows.Forms.TabControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.StatusStrip.get_Text()
[System.Windows.Forms]System.Windows.Forms.StatusBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.SplitterPanel.get_Text()
[System.Windows.Forms]System.Windows.Forms.Splitter.get_Text()
[System.Windows.Forms]System.Windows.Forms.SplitContainer.get_Text()
[System.Windows.Forms]System.Windows.Forms.RichTextBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.RadioButton.get_Text()
[System.Windows.Forms]System.Windows.Forms.PropertyGrid.get_Text()
[System.Windows.Forms]System.Windows.Forms.ProgressBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.PictureBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.NumericUpDown.get_Text()
[System.Windows.Forms]System.Windows.Forms.MonthCalendar.get_Text()
[System.Windows.Forms]System.Windows.Forms.MenuStrip.get_Text()
[System.Windows.Forms]System.Windows.Forms.MdiClient.get_Text()
[System.Windows.Forms]System.Windows.Forms.MaskedTextBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.ListView.get_Text()
[System.Windows.Forms]System.Windows.Forms.LinkLabel.get_Text()
[System.Windows.Forms]System.Windows.Forms.Label.get_Text()
[System.Windows.Forms]System.Windows.Forms.HScrollBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.ScrollBar.get_Text()
[System.Windows.Forms]System.Windows.Forms.GroupBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.Form.get_Text()
[System.Windows.Forms]System.Windows.Forms.FlowLayoutPanel.get_Text()
[System.Windows.Forms]System.Windows.Forms.Panel.get_Text()
[System.Windows.Forms]System.Windows.Forms.DomainUpDown.get_Text()
[System.Windows.Forms]System.Windows.Forms.UpDownBase.get_Text()
[System.Windows.Forms]System.Windows.Forms.DateTimePicker.get_Text()
[System.Windows.Forms]System.Windows.Forms.DataGridViewTextBoxEditingControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.DataGridViewComboBoxEditingControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.DataGridView.get_Text()
[System.Windows.Forms]System.Windows.Forms.DataGridTextBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.TextBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.TextBoxBase.get_Text()
[System.Windows.Forms]System.Windows.Forms.DataGrid.get_Text()
[System.Windows.Forms]System.Windows.Forms.ContextMenuStrip.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStripDropDownMenu.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStripDropDown.get_Text()
[System.Windows.Forms]System.Windows.Forms.ComboBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.CheckedListBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.ListBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.ListControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.CheckBox.get_Text()
[System.Windows.Forms]System.Windows.Forms.Button.get_Text()
[System.Windows.Forms]System.Windows.Forms.ButtonBase.get_Text()
[System.Windows.Forms]System.Windows.Forms.BindingNavigator.get_Text()
[System.Windows.Forms]System.Windows.Forms.ToolStrip.get_Text()
[System.Windows.Forms]System.Windows.Forms.AxHost.get_Text()
[System.Windows.Forms]System.Windows.Forms.ContainerControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.ScrollableControl.get_Text()
[System.Windows.Forms]System.Windows.Forms.Control.get_Text()
[System.Web]System.Web.UI.WebControls.TextBox.get_Text()
[System.Web]System.Web.UI.WebControls.RequiredFieldValidator.get_Text()
[System.Web]System.Web.UI.WebControls.RegularExpressionValidator.get_Text()
[System.Web]System.Web.UI.WebControls.RangeValidator.get_Text()
[System.Web]System.Web.UI.WebControls.RadioButtonList.get_Text()
[System.Web]System.Web.UI.WebControls.Localize.get_Text()
[System.Web]System.Web.UI.WebControls.ListBox.get_Text()
[System.Web]System.Web.UI.WebControls.Literal.get_Text()
[System.Web]System.Web.UI.WebControls.DropDownList.get_Text()
[System.Web]System.Web.UI.WebControls.CustomValidator.get_Text()
[System.Web]System.Web.UI.WebControls.CompareValidator.get_Text()
[System.Web]System.Web.UI.WebControls.CheckBoxList.get_Text()
[System.Web]System.Web.UI.WebControls.BulletedList.get_Text()
[System.Web]System.Web.UI.WebControls.ListControl.get_Text()
[System.Web]System.Web.UI.IEditableTextControl.get_Text()
[System.Web]System.Web.UI.WebControls.BaseCompareValidator.get_Text()
[System.Web]System.Web.UI.WebControls.BaseValidator.get_Text()
[System.Web]System.Web.UI.LiteralControl.get_Text()
[System.Web]System.Web.UI.DataBoundLiteralControl.get_Text()
[System.Web]System.Web.UI.WebControls.ModelErrorMessage.get_Text()
[System.Web]System.Web.UI.WebControls.Label.get_Text()
[System.Web]System.Web.HttpRequest.get_Form()
[System.Web]System.Web.HttpRequest.get_QueryString()
[System.Web]System.Web.HttpCookie.get_Values()
[System.Web]System.Web.HttpCookie.get_Value()
[System.Web]System.Web.UI.ITextControl.get_Text()
INFO - 117 flaw sources found
INFO - Start creation of flaw specifications
INFO - 17 flaw specifications made
INFO - Process flaw 1 of 17 : Cross-site Scripting
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 2 of 17 : Request Parameters In Session
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 3 of 17 : HTTP Response Splitting
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 4 of 17 : Resource Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 5 of 17 : Resource URL Manipulation
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 6 of 17 : SQL Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 7 of 17 : LDAP Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 8 of 17 : LDAP Attribute Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 9 of 17 : OS Command Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 10 of 17 : Process Control
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 11 of 17 : Denial of Service Threat
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 12 of 17 : Code Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 13 of 17 : Reflection Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 14 of 17 : XPath Injection
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 15 of 17 : Path Manipulation
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 16 of 17 : Log Forging
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Process flaw 17 of 17 : Uncontrolled Format String
INFO - Tested= 0 entrypoints, Found= 0 flaws
INFO - Summary: Total Tested= 0 entrypoints, Total Found= 0 flaws
INFO - Total time = 1.645698 seconds
INFO - A plugin system is closing cast#lib
INFO - A plugin system is closing System
INFO - A plugin system is closing System.Data
INFO - A plugin system is closing System.DirectoryServices
INFO - A plugin system is closing System.Web
INFO - A plugin system is closing System.Xml
INFO - A plugin system is closing System.Core
INFO - A plugin system is closing System.Windows.Forms
INFO - A plugin system is closing mscorlib
INFO - A plugin system is closing cast#unsafe
INFO - A plugin system is closing rt.jar
INFO - A plugin system is closing javax.servlet_3.0.0.jar
INFO - A plugin system is closing javax.servlet.jsp_2.2.0.jar
INFO - A plugin system is closing ecs-1.4.2.jar
INFO - A plugin system is closing commons-logging-1.1.1.jar
INFO - A plugin system is closing log4j-1.2.14.jar

  • No labels