Skip to main content

C# / .NET (ASP.NET Core) ecosystem analyzer plugin for AttackMap (minimal APIs, attribute routing, EF Core, Identity, JwtBearer).

Project description

attackmap-analyzer-dotnet

C# / .NET (ASP.NET Core) ecosystem analyzer for AttackMap.

This analyzer extracts structured signals from .NET solutions and projects:

  • Web frameworks — ASP.NET Core minimal APIs (app.MapGet, app.MapPost, app.MapMethods), attribute routing on controllers ([HttpGet], [HttpPost], with class-level [Route] prefix joining and [controller] token substitution)
  • Databases — Entity Framework Core (UseSqlServer / UseNpgsql / UseMySql / UseSqlite), Dapper, System.Data.SqlClient / Microsoft.Data.SqlClient, Npgsql, MySql.Data / MySqlConnector, MongoDB.Driver, StackExchange.Redis, AWS SDK (S3, DynamoDB)
  • Auth packagesAddJwtBearer (Microsoft.AspNetCore.Authentication.JwtBearer), AddOpenIdConnect, ASP.NET Identity (UserManager, SignInManager, IdentityUser, PasswordHasher), [Authorize] attribute, Duende IdentityServer, BCrypt.Net, Argon2
  • HTTP clients (external calls)HttpClient.GetAsync / PostAsync / SendAsync, HttpRequestMessage, RestClient (RestSharp), new Uri(...)
  • SecretsEnvironment.GetEnvironmentVariable("..."), IConfiguration["..."] / Configuration["..."] / builder.Configuration["..."] with secret-shaped keys, GetConnectionString(...)
  • Service hints<RootNamespace> and <AssemblyName> from .csproj

All emissions populate AttackMap's Signal v2 fields (line numbers, evidence snippets, confidence scores) so downstream insights can cite path/to/file.cs:NN.

Install

pip install git+https://github.com/mlaify/attackmap-analyzer-dotnet.git

The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.

Usage with AttackMap

# Auto-discovered when installed:
attackmap analyze /path/to/dotnet/repo

# Or invoke explicitly:
attackmap analyze /path/to/dotnet/repo --module dotnet

Detection

detect() returns true when any of the following are present, ignoring bin/, obj/, .vs/, .idea/, .git/, node_modules/, packages/, TestResults/, and publish/:

  • A .csproj, .fsproj, or .sln file anywhere in the tree
  • A .cs file anywhere in the tree

Coverage notes

  • Class-level [Route] prefix joining: a controller annotated with [Route("api/[controller]")] or [Route("api/orders")] causes its method-level [HttpGet("{id:int}")] to emit as api/Orders/{id:int} (with [controller] substituted with the class name minus the Controller suffix). Multiple controllers per file are tracked correctly.
  • Minimal API + controller routing in the same project: both extractors run on every .cs file. The minimal-API regex looks for app.Map*("...", handler); the controller regex looks for [HttpX("...")] attributes. They don't overlap.
  • Connection strings as secrets: GetConnectionString("DefaultConnection") is treated as a secret reference because the connection string itself is a credential. The named key (DefaultConnection) is stored as the secret name.
  • F# (.fs) projects are detected via .fsproj but route extraction is not yet implemented (Giraffe / Saturn).
  • Razor Pages (@page directives in .cshtml / .razor) are not yet covered. Most security-critical APIs use minimal APIs or controllers.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

attackmap_analyzer_dotnet-0.1.0.tar.gz (14.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl (11.2 kB view details)

Uploaded Python 3

File details

Details for the file attackmap_analyzer_dotnet-0.1.0.tar.gz.

File metadata

File hashes

Hashes for attackmap_analyzer_dotnet-0.1.0.tar.gz
Algorithm Hash digest
SHA256 9912838c9c36020248b2b7dd4ebfcf7649e8d9f194586094c29e83e3a1fd27c9
MD5 636f9768f4389d7b1b5188a8347d3c31
BLAKE2b-256 b398b7a96fde0a9cecb267ebe5f2451f05c7060be42f9961a467c4f4c9401d41

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_dotnet-0.1.0.tar.gz:

Publisher: release.yml on mlaify/attackmap-analyzer-dotnet

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ff4e3589576b9887b76bc5a8537ec680ec80ffe8ed2eca7b1bd5f7375a48cc72
MD5 e9a4973f0f4259cbf574d628d9081e9e
BLAKE2b-256 77ac572cc607dd7a621bf99530fb5301e3087711acf9c33945cc005c40a94ec3

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_dotnet-0.1.0-py3-none-any.whl:

Publisher: release.yml on mlaify/attackmap-analyzer-dotnet

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page