private void AddNewCve(JToken currCve)
{
// Only accept if CVE description does not contain ** REJECT ** and build data
if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **"))
{
JToken cveMeta = currCve["cve"]["CVE_data_meta"];
JToken cvss;
if (currCve["impact"].Children().Count() == 0)
{
return;
}
cvss = currCve["impact"]["baseMetricV2"]["cvssV2"];
// Create new CveObject
Cve newCve = new Cve
{
PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()),
LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()),
GivenID = cveMeta["ID"].ToString(),
Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(),
VectorString = cvss["vectorString"].ToString(),
AccessVector = cvss["accessVector"].ToString(),
AccessComplexity = cvss["accessComplexity"].ToString(),
Authentication = cvss["authentication"].ToString(),
ConfidentialityImpact = cvss["confidentialityImpact"].ToString(),
IntegrityImpact = cvss["availabilityImpact"].ToString(),
AvailabilityImpact = cvss["availabilityImpact"].ToString(),
BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()),
References = new List <Reference>(),
CveConfigurations = new List <CveConfiguration>(),
UserCveConfigurations = new List <UserCveConfiguration>()
};
// Get references
JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"];
foreach (JToken currReference in jsonReferenceList)
{
Reference newReference = new Reference
{
Url = currReference["url"].ToString()
};
newCve.References.Add(newReference);
}
// Get products from CVE
JObject currCveObject = JObject.Parse(currCve.ToString());
IList <JToken> jsonProductList = currCveObject.Descendants()
.Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri")
.Select(p => ((JProperty)p).Value).ToList();
jsonProductList = jsonProductList.Distinct().ToList();
// Foreach product
foreach (JToken currJsonProduct in jsonProductList)
{
// Get existing product if it exists
string currJsonProductString = currJsonProduct.ToString();
Product existingProduct = _context.Products
.Where(p => p.Concatenated == currJsonProductString)
.FirstOrDefault();
// If existing product does exist in the database
if (existingProduct != null)
{
CveConfiguration newConfiguration = new CveConfiguration
{
Product = existingProduct
};
newCve.CveConfigurations.Add(newConfiguration);
// Update tracked userCveConfigurations where this product is already tracked
Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault();
foreach (var item in _context.UserCveConfigurations
.Where(ucc => ucc.ProductID == existingProduct.ProductID)
.GroupBy(g => g.ConfigurationID).ToList())
{
UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration()
{
ProductID = existingProduct.ProductID,
ConfigurationID = item.Key,
StatusID = status.StatusID,
Notes = "No user defined notes.",
DateAdded = DateTime.Now,
Cve = newCve,
New = 'Y'.ToString()
};
// Add email notification if not already added
var existingConfiguration = _context.Configurations
.Where(c => c.ConfigurationID == item.Key)
.FirstOrDefault();
var userToEmail = _context.Users
.Where(u => u.Id == existingConfiguration.AspNetUserID)
.FirstOrDefault();
// Check if an email already exists
bool emailAlreadyExists = emailRecipientList
.Where(erl => erl.EmailAddress == userToEmail.Email).Count() > 0;
// If the email does exist
if (emailAlreadyExists == true)
{
// Add configuration Name
if (!emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First()
.ConfigurationIdList.Contains(existingConfiguration.ConfigurationID))
{
emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First()
.ConfigurationIdList.Add(existingConfiguration.ConfigurationID);
}
}
else // If the email does not exist
{
// Create new email and add it to the recipient list
Email newEmail = new Email()
{
EmailAddress = userToEmail.Email,
RecipientName = userToEmail.FirstName,
};
newEmail.ConfigurationIdList.Add(existingConfiguration.ConfigurationID);
emailRecipientList.Add(newEmail);
}
newCve.UserCveConfigurations.Add(newUserCveConfiguration);
}
}
else // If the existing product doesn't exist in the database
{
// Break down the currJsonProductString into its components
IList <string> productPartList = new List <string>();
productPartList = currJsonProductString.Split(":");
// Create new product
Product newProduct = new Product
{
Concatenated = currJsonProductString,
Part = productPartList[2],
Vendor = productPartList[3],
ProductName = productPartList[4],
Version = productPartList[5],
ProductUpdate = productPartList[6],
Edition = productPartList[7],
ProductLanguage = productPartList[8],
Added = DateTime.Now
};
// Add the new product to newCveConfiguration
CveConfiguration newCveConfiguration = new CveConfiguration
{
Product = newProduct
};
// Add the newCveConfiguration to the newCve
newCve.CveConfigurations.Add(newCveConfiguration);
}
}
// Add new CVE to database
try
{
_context.Cves.Add(newCve);
_context.SaveChanges();
}
catch (Exception e)
{
System.Diagnostics.Debug.WriteLine("Error: " + e.Message);
}
}
}
public IActionResult InitialDataImport()
{
// Get all file paths
IList <string> pathList = new List <string>();
// Foreach file
foreach (string currFile in Directory.EnumerateFiles(
"wwwroot\\CVE Data", "*",
SearchOption.AllDirectories))
{
string jsonString = System.IO.File.ReadAllText(currFile);
JObject jsonObject = JObject.Parse(jsonString);
IList <JToken> jsonCveList = jsonObject["CVE_Items"].ToList();
//Collect values from each Cve and create Cve object
IList <Cve> newCveList = new List <Cve>();
foreach (JToken currCve in jsonCveList)
{
// Only accept if CVE description does not contain ** REJECT ** and has a score
if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **"))
{
JToken cveMeta = currCve["cve"]["CVE_data_meta"];
// Detect errornous score information and restart
JToken cvss;
try
{
cvss = currCve["impact"]["baseMetricV2"]["cvssV2"];
}
catch (Exception e)
{
continue;
}
// Create new CveObject
Cve newCve = new Cve
{
PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()),
LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()),
GivenID = cveMeta["ID"].ToString(),
Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(),
VectorString = cvss["vectorString"].ToString(),
AccessVector = cvss["accessVector"].ToString(),
AccessComplexity = cvss["accessComplexity"].ToString(),
Authentication = cvss["authentication"].ToString(),
ConfidentialityImpact = cvss["confidentialityImpact"].ToString(),
IntegrityImpact = cvss["availabilityImpact"].ToString(),
AvailabilityImpact = cvss["availabilityImpact"].ToString(),
BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()),
References = new List <Reference>(),
CveConfigurations = new List <CveConfiguration>()
};
// Get references
JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"];
foreach (JToken currReference in jsonReferenceList)
{
Reference newReference = new Reference
{
Url = currReference["url"].ToString()
};
newCve.References.Add(newReference);
}
// Get products from CVE
JObject currCveObject = JObject.Parse(currCve.ToString());
IList <JToken> jsonProductList = currCveObject.Descendants()
.Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri")
.Select(p => ((JProperty)p).Value).ToList();
jsonProductList = jsonProductList.Distinct().ToList();
// Foreach product
foreach (JToken currJsonProduct in jsonProductList)
{
// Get existing product if it exists
string currJsonProductString = currJsonProduct.ToString();
Product existingProduct = _context.Products
.Where(p => p.Concatenated == currJsonProductString)
.FirstOrDefault();
// If existing product does exist in the database
if (existingProduct != null)
{
CveConfiguration newConfiguration = new CveConfiguration
{
Product = existingProduct
};
newCve.CveConfigurations.Add(newConfiguration);
}
else // If the existing product doesn't exist in the database
{
// Break down the currJsonProductString into its components
IList <string> productPartList = new List <string>();
productPartList = currJsonProductString.Split(":");
// Create new product
Product newProduct = new Product
{
Concatenated = currJsonProductString,
Part = productPartList[2],
Vendor = productPartList[3],
ProductName = productPartList[4],
Version = productPartList[5],
ProductUpdate = productPartList[6],
Edition = productPartList[7],
ProductLanguage = productPartList[8],
Added = DateTime.Now
};
// Add the new product to newCveConfiguration
CveConfiguration newCveConfiguration = new CveConfiguration
{
Product = newProduct
};
// Add the newCveConfiguration to the newCve
newCve.CveConfigurations.Add(newCveConfiguration);
}
}
// Add new CVE to database
try
{
_context.Cves.Add(newCve);
_context.SaveChanges();
}
catch (Exception e)
{
TempData["Param"] = "newCve";
TempData["Error"] = e.Message;
throw e;
}
}
}
}
StatusMessage = "Successfully Seeded Database.";
return(RedirectToAction(nameof(Index)));
}
private void UpdateExistingCve(Cve existingCve, JToken currCve)
{
JToken cveMeta = currCve["cve"]["CVE_data_meta"];
JToken cvss;
// Detect errornous score information and restart
try
{
cvss = currCve["impact"]["baseMetricV2"]["cvssV2"];
}
catch (Exception)
{
return;
}
// Update the CVE itself
existingCve.PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString());
existingCve.LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString());
existingCve.GivenID = cveMeta["ID"].ToString();
existingCve.Description = currCve["cve"]["description"]["description_data"].First["value"].ToString();
existingCve.VectorString = cvss["vectorString"].ToString();
existingCve.AccessVector = cvss["accessVector"].ToString();
existingCve.AccessComplexity = cvss["accessComplexity"].ToString();
existingCve.Authentication = cvss["authentication"].ToString();
existingCve.ConfidentialityImpact = cvss["confidentialityImpact"].ToString();
existingCve.IntegrityImpact = cvss["availabilityImpact"].ToString();
existingCve.AvailabilityImpact = cvss["availabilityImpact"].ToString();
existingCve.BaseScore = Convert.ToDouble(cvss["baseScore"].ToString());
existingCve.References.Clear();
JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"];
foreach (JToken currReference in jsonReferenceList)
{
Reference newReference = new Reference
{
Url = currReference["url"].ToString()
};
existingCve.References.Add(newReference);
}
// Add any new products
JObject currCveObject = JObject.Parse(currCve.ToString());
IList <JToken> jsonProductList = currCveObject.Descendants()
.Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri")
.Select(p => ((JProperty)p).Value).ToList();
jsonProductList = jsonProductList.Distinct().ToList();
bool alreadyContained = false;
foreach (JToken currJsonProduct in jsonProductList)
{
// Check for existing product
foreach (CveConfiguration currCveConfiguration in existingCve.CveConfigurations)
{
if (currCveConfiguration.Product.Concatenated == currJsonProduct.ToString())
{
alreadyContained = true;
break;
}
}
// If not already contained add the new product
if (alreadyContained == false)
{
// Get existing product if it exists
string currJsonProductString = currJsonProduct.ToString();
Product existingProduct = _context.Products
.Where(p => p.Concatenated == currJsonProductString)
.Include(p => p.CveConfigurations)
.FirstOrDefault();
// If existing product does exist in the database
if (existingProduct != null)
{
CveConfiguration newConfiguration = new CveConfiguration
{
Product = existingProduct
};
existingCve.CveConfigurations.Add(newConfiguration);
// Update tracked userCveConfigurations where this product is already tracked
Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault();
foreach (var item in _context.UserCveConfigurations
.Where(ucc => ucc.ProductID == existingProduct.ProductID)
.GroupBy(ucc => ucc.ProductID)
.Select(g => g.First()).ToList())
{
UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration()
{
ProductID = existingProduct.ProductID,
CveID = existingCve.CveID,
ConfigurationID = item.CveID,
StatusID = status.StatusID,
Notes = "No user defined notes.",
DateAdded = DateTime.Now
};
try
{
if (ModelState.IsValid)
{
_context.UserCveConfigurations.Add(newUserCveConfiguration);
_context.SaveChanges();
}
}
catch (Exception)
{
return;
}
}
}
else // If the existing product doesn't exist in the database
{
// Break down the currJsonProductString into its components
IList <string> productPartList = new List <string>();
productPartList = currJsonProductString.Split(":");
// Create new product
Product newProduct = new Product
{
Concatenated = currJsonProductString,
Part = productPartList[2],
Vendor = productPartList[3],
ProductName = productPartList[4],
Version = productPartList[5],
ProductUpdate = productPartList[6],
Edition = productPartList[7],
ProductLanguage = productPartList[8]
};
// Add the new product to newCveConfiguration
CveConfiguration newCveConfiguration = new CveConfiguration
{
Product = newProduct
};
// Add the newCveConfiguration to the newCve
existingCve.CveConfigurations.Add(newCveConfiguration);
}
}
}
// save updated existingCve
try
{
if (ModelState.IsValid)
{
_context.Entry(existingCve).State = EntityState.Modified;
_context.SaveChanges();
}
}
catch (Exception)
{
return;
}
}
