C# / .NET (ASP.NET Core) ecosystem analyzer plugin for AttackMap (minimal APIs, attribute routing, EF Core, Identity, JwtBearer).
Project description
attackmap-analyzer-dotnet
C# / .NET (ASP.NET Core) ecosystem analyzer for AttackMap.
This analyzer extracts structured signals from .NET solutions and projects:
- Web frameworks — ASP.NET Core minimal APIs (
app.MapGet,app.MapPost,app.MapMethods), attribute routing on controllers ([HttpGet],[HttpPost], with class-level[Route]prefix joining and[controller]token substitution) - Databases — Entity Framework Core (
UseSqlServer/UseNpgsql/UseMySql/UseSqlite), Dapper, System.Data.SqlClient / Microsoft.Data.SqlClient, Npgsql, MySql.Data / MySqlConnector, MongoDB.Driver, StackExchange.Redis, AWS SDK (S3, DynamoDB) - Auth packages —
AddJwtBearer(Microsoft.AspNetCore.Authentication.JwtBearer),AddOpenIdConnect, ASP.NET Identity (UserManager,SignInManager,IdentityUser,PasswordHasher),[Authorize]attribute, Duende IdentityServer, BCrypt.Net, Argon2 - HTTP clients (external calls) —
HttpClient.GetAsync/PostAsync/SendAsync,HttpRequestMessage,RestClient(RestSharp),new Uri(...) - Secrets —
Environment.GetEnvironmentVariable("..."),IConfiguration["..."]/Configuration["..."]/builder.Configuration["..."]with secret-shaped keys,GetConnectionString(...) - Service hints —
<RootNamespace>and<AssemblyName>from.csproj
All emissions populate AttackMap's Signal v2 fields (line numbers, evidence snippets, confidence scores) so downstream insights can cite path/to/file.cs:NN.
Install
pip install git+https://github.com/mlaify/attackmap-analyzer-dotnet.git
The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.
Usage with AttackMap
# Auto-discovered when installed:
attackmap analyze /path/to/dotnet/repo
# Or invoke explicitly:
attackmap analyze /path/to/dotnet/repo --module dotnet
Detection
detect() returns true when any of the following are present, ignoring bin/, obj/, .vs/, .idea/, .git/, node_modules/, packages/, TestResults/, and publish/:
- A
.csproj,.fsproj, or.slnfile anywhere in the tree - A
.csfile anywhere in the tree
Coverage notes
- Class-level
[Route]prefix joining: a controller annotated with[Route("api/[controller]")]or[Route("api/orders")]causes its method-level[HttpGet("{id:int}")]to emit asapi/Orders/{id:int}(with[controller]substituted with the class name minus theControllersuffix). Multiple controllers per file are tracked correctly. - Minimal API + controller routing in the same project: both extractors run on every
.csfile. The minimal-API regex looks forapp.Map*("...", handler); the controller regex looks for[HttpX("...")]attributes. They don't overlap. - Connection strings as secrets:
GetConnectionString("DefaultConnection")is treated as a secret reference because the connection string itself is a credential. The named key (DefaultConnection) is stored as the secret name. - F# (.fs) projects are detected via
.fsprojbut route extraction is not yet implemented (Giraffe / Saturn). - Razor Pages (
@pagedirectives in.cshtml/.razor) are not yet covered. Most security-critical APIs use minimal APIs or controllers.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackmap_analyzer_dotnet-0.1.0.tar.gz.
File metadata
- Download URL: attackmap_analyzer_dotnet-0.1.0.tar.gz
- Upload date:
- Size: 14.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9912838c9c36020248b2b7dd4ebfcf7649e8d9f194586094c29e83e3a1fd27c9
|
|
| MD5 |
636f9768f4389d7b1b5188a8347d3c31
|
|
| BLAKE2b-256 |
b398b7a96fde0a9cecb267ebe5f2451f05c7060be42f9961a467c4f4c9401d41
|
Provenance
The following attestation bundles were made for attackmap_analyzer_dotnet-0.1.0.tar.gz:
Publisher:
release.yml on mlaify/attackmap-analyzer-dotnet
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_dotnet-0.1.0.tar.gz -
Subject digest:
9912838c9c36020248b2b7dd4ebfcf7649e8d9f194586094c29e83e3a1fd27c9 - Sigstore transparency entry: 1955348652
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-dotnet@2451c19eabd11665a58fb63d098ae24adf43f3f5 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@2451c19eabd11665a58fb63d098ae24adf43f3f5 -
Trigger Event:
push
-
Statement type:
File details
Details for the file attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl.
File metadata
- Download URL: attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ff4e3589576b9887b76bc5a8537ec680ec80ffe8ed2eca7b1bd5f7375a48cc72
|
|
| MD5 |
e9a4973f0f4259cbf574d628d9081e9e
|
|
| BLAKE2b-256 |
77ac572cc607dd7a621bf99530fb5301e3087711acf9c33945cc005c40a94ec3
|
Provenance
The following attestation bundles were made for attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl:
Publisher:
release.yml on mlaify/attackmap-analyzer-dotnet
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl -
Subject digest:
ff4e3589576b9887b76bc5a8537ec680ec80ffe8ed2eca7b1bd5f7375a48cc72 - Sigstore transparency entry: 1955348729
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-dotnet@2451c19eabd11665a58fb63d098ae24adf43f3f5 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@2451c19eabd11665a58fb63d098ae24adf43f3f5 -
Trigger Event:
push
-
Statement type: