In my study of learning styles, I came across the whole to part and part to whole concept. As with all learning style paradigms, this has a strong connection to communication styles, and it particularly intrigued me because I could immediately identify with it.
I am a whole-to-part learner: I need to understand the overarching concept before getting the details. Moving in the opposite direction (receiving the details first), leaves me confused and feeling adrift. Those who are part-to-whole learners need to take in the parts that lead to the whole concept they are learning. Being presented with a whole concept first leaves them overwhelmed because the concept seems arbitrary.
                                                                                              ~ Robert Keteyian

I share a similar trait in learning as Robert does. My reason to write this series is to share my own personal experience and value that I have derived from using Ocular periodically. In the last two posts (here and here) we examined the overarching concept before getting into details. Let us now delve into learning the parts and gradually tread toward the whole guided by use cases.

The first step is to sign up for free trial  and get your hands on the Ocular distribution.

The next step is to install the distribution.

Let us now pick a candidate sample application to analyze that is fraught with vulnerabilities.

Execute the following commands in Ocular shell.

**//let us clone this project to a chosen folder**
git clone https://github.com/conikeec/tarpit

**//build package**
cd tarpit && mvn package

**//generate CPG**
./java2cpg.sh [pathto]/servlettarpit.war -o [pathto]/tarpit.bin.zip

**//generate SP**
./cpg2sp.sh --cpg [pathto]/tarpit.bin.zip --out [pathto]/tarpit.bin

**//clone this projects in the ocular distribution directory**
git clone git@github.com:conikeec/scripts.git

**//create a folder called `graphs` in the ocular distribution path and copy over the CPG and SP into this path**

**// Launch the Ocular shell**
./ocular.sh

Upon doing so, you will be presented with a interactive command console as indicated below

Type each of the command indicated below within the command console (ignoring the commented sections)

**//import utlity scripts (prefixed to relative path in ocular folder)**
{
	import $file.scripts.attacksurface
	import $file.scripts.flows
	import $file.scripts.github
	import $file.scripts.sensitive
	import $file.scripts.globals
	import $file.scripts.sca
	import $file.scripts.report
}

**//load the generated CPG and SP**
{
	loadCpg("graphs/tarpit.bin.zip")
	loadSp("graphs/tarpit.bin")
}

**//List all system and user defined types used in the code**
cpg.typeDecl.fullName.l

**//List all external packages used in the code**
cpg.typeDecl.external.namespace.name.l.distinct.sorted

**//Filter on a certian type of package used in the code**
cpg.typeDecl.name("./*Http./*").name.l

**//List all methods containing a parameter of a certain type**
cpg.parameter.evalType(".*HttpServletRequest.*").method.name.l

**//Now let us check all literals hardcoded in the application**
cpg.method.literal.code.l 

**//Plenty of interesting ones, but let's get specific and check of AWS secret and access key patterns**
cpg.method.literal.code(globals.awsAccess).p
cpg.method.literal.code(globals.awsSecret).p

**//Merely checking for the existence of such pattern is insufficient, so let's dive deeper and ask of the method name encompassing this hard coded pattern**
cpg.method.literal.code(globals.awsSecret).method.fullName.p

**//get all OSS dependencies in application**
globals.getDependencies(cpg)

**//get all CVE/CWEs associated with the dependencies**
globals.getCve(cpg)

**//get all methods listening on sockets (serving HttpRequests)**
globals.getApiFunctions(cpg)

**//get the attack surface of application (can be used by RED TEAM for targeted attacks or by WAF for surgical protection)**
attacksurface.getAttackSurface(sp)

We merely scratched the surface here. This sky is not the limit with Ocular’s interactive API. Given that we have examined the parts, let's find creative ways to bind them together to create the whole (i.e. recipes to investigate for vulnerabilities, business logic flaws and insider threats)