Beispiel #1
0
 void Start()
 {
     status         = gameObject.GetComponent <PlayerStatus>();
     vulnerability  = Vulnerability.Vulnerable;
     material.color = defaultColor;
     sounds         = gameObject.GetComponent <PlayerSoundManager>();
 }
Beispiel #2
0
 protected void OnVulnerabilityDiscovered(Vulnerability vulnerability)
 {
     lock (vulnerabilityDiscoveredLock)
     {
         VulnerabilityDiscovered?.Invoke(vulnerability);
     }
 }
Beispiel #3
0
 public static void AppendTag(StringBuilder pbn, string tagName,
                              Vulnerability vulnerability)
 {
     AppendTag(pbn, tagName,
               PBNVulnerabilityMapper
               .GetstringFromVulnerability(vulnerability));
 }
        public void TestToString()
        {
            var vulnerability = new Vulnerability
            {
                Code               = "ExampleCode",
                Title              = "Example Vulnerability",
                SeverityLevel      = SeverityLevel.Critical,
                Description        = "Description here.",
                FilePath           = "C:\\Program.cs",
                FullyQualifiedName = "Namespace.Class",
                LineNumber         = 10
            };

            var result = vulnerability.ToString();

            const string expected = @"Code: ExampleCode
Title: Example Vulnerability
SeverityLevel: Critical
Description: Description here.
File path: C:\Program.cs
Fully qualified name: Namespace.Class
Line number: 10
";

            Assert.AreEqual(expected, result);
        }
Beispiel #5
0
        private static (bool, Vulnerability) NotHaveLeakageHeaders(HttpResponseMessage response)
        {
            var leakage       = Fuzz.HttpLeakageHeaders.Where(response.HasHeader);
            var vulnerability = Vulnerability.Info($"Information leakage of response headers: {String.Join(", ", leakage)}", response);

            return(leakage.Any(), vulnerability);
        }
Beispiel #6
0
    // curl -u admin:foobar http://localhost:8228/v1/query/images/by_vulnerability?vulnerability_id="RHSA-2018:2570"
    // curl -u admin:foobar http://localhost:8228/v1/query/images/by_vulnerability?vulnerability_id="CVE-2004-0971"
    public static async Task <Vulnerability> GetVulnerabilityForVuln(string vuln)
    {
        var vulnerability = new Vulnerability();

        vulnerability.vuln = vuln;
        var request = GetRequestMessage();

        request.RequestUri = new Uri($"{BaseUrl}/query/images/by_vulnerability?vulnerability_id={vuln}");

        var response = await s_client.SendAsync(request);

        var resultJson = await response.Content.ReadAsStringAsync();

        var resultObj = JsonConvert.DeserializeObject <JToken>(resultJson);
        var vulnArray = resultObj.Value <JArray>("images");

        if (vulnArray == null || vulnArray.Count == 0)
        {
            return(vulnerability);
        }
        var vulnPackages = vulnArray[0].Value <JArray>("vulnerable_packages");

        if (vulnPackages == null || vulnPackages.Count == 0)
        {
            return(vulnerability);
        }
        var vulnSeverity = vulnPackages[0].Value <string>("severity");

        if (vulnSeverity == null)
        {
            throw new Exception();
        }
        vulnerability.severity = vulnSeverity;
        return(vulnerability);
    }
        public async Task <IHttpActionResult> PutVulnerability(int id, Vulnerability vulnerability)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != vulnerability.Id)
            {
                return(BadRequest());
            }

            db.Entry(vulnerability).State = EntityState.Modified;

            try
            {
                await db.SaveChangesAsync();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!VulnerabilityExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
Beispiel #8
0
        public IVulnerability AddVulnerability(IWeakness weakness)
        {
            IVulnerability result = null;

            if (Instance is IIdentity identity)
            {
                IThreatModel model = (Instance as IThreatModel) ?? (Instance as IThreatModelChild)?.Model;

                if (model != null)
                {
                    if (_vulnerabilities?.All(x => x.WeaknessId != weakness.Id) ?? true)
                    {
                        result = new Vulnerability(model, weakness, identity);
                        if (_vulnerabilities == null)
                        {
                            _vulnerabilities = new List <IVulnerability>();
                        }
                        _vulnerabilities.Add(result);
                        if (Instance is IDirty dirtyObject)
                        {
                            dirtyObject.SetDirty();
                        }
                        if (Instance is IVulnerabilitiesContainer container)
                        {
                            _vulnerabilityAdded?.Invoke(container, result);
                        }
                    }
                }
            }

            return(result);
        }
Beispiel #9
0
        public override void enterTabPage()
        {
            // Если вкладка открывается впервые, и еще нет данных об уязвимостях в IS, выходим из метода
            if (IS.listOfVulnerabilities.Count == 0)
            {
                return;
            }

            int columnVulsNumber = mf.dgvVulnerabilities.Columns["VulnerabilityNumber"].Index;

            // Заполняем чекбоксы уязвимостей сохраненной инфой из IS
            foreach (DataGridViewRow row in mf.dgvVulnerabilities.Rows)
            {
                // checkbox
                DataGridViewCheckBoxCell chk = (DataGridViewCheckBoxCell)row.Cells[0];
                // объект уязвимости соответствующий строке row
                Vulnerability v = listVuls.Where(v1 => v1.VulnerabilityNumber == (int)row.Cells[columnVulsNumber].Value).First();
                // если уязвимость есть в IS, ставим галочку в checkbox
                if (IS.listOfVulnerabilities.Contains(v))
                {
                    chk.Value = chk.TrueValue;
                }
                else
                {
                    chk.Value = chk.FalseValue;
                }
            }
        }
Beispiel #10
0
 public override void ParseRBNstring(string rbn)
 {
     if (!string.IsNullOrEmpty(rbn))
     {
         Auction       = RBNAuctionMapper.GetAuctionFromstring(rbn);
         Vulnerability = RBNAuctionMapper.GetVulnerabilityFromstring(rbn);
     }
 }
Beispiel #11
0
        public void OnVulnerabilityDiscovered(Vulnerability vulnerability)
        {
            if (_ignoreObject != null && _ignoreObject.IsIgnored(vulnerability))
            {
                return;
            }

            Reporter.Report(vulnerability);
        }
    private void StunPlayer(GameObject player)
    {
        Vulnerability vulnerablility = player.GetComponent <Vulnerability>();

        if (vulnerablility.IsVulnerable)
        {
            vulnerablility.MakeInvulnerable();
        }
    }
Beispiel #13
0
    private void OnTriggerEnter2D(Collider2D collider)
    {
        Vulnerability vulnerability = collider.gameObject.GetComponent <Vulnerability>();

        if (vulnerability != null && vulnerability.IsVulnerable)
        {
            vulnerability.MakeInvulnerable();
        }
    }
Beispiel #14
0
 private void AddVulnerable(Vulnerability vulnerable)
 {
     if (vulnerable != null)
     {
         if (!vulnerables.Contains(vulnerable))
         {
             vulnerables.Add(vulnerable);
         }
     }
 }
Beispiel #15
0
 public static Contracts.Vulnerability.Vulnerability ToContract(this Vulnerability dataItem)
 {
     return(new Contracts.Vulnerability.Vulnerability
     {
         VulnerabilityId = dataItem.VulnerabilityId,
         Name = dataItem.Name,
         Description = dataItem.Description,
         //VulnerabilityCatalogId = dataItem.VulnerabilityCatalogId
     });
 }
        public void CheckPackageInfoLevel()
        {
            Vulnerability npm1 = _vulners.CheckPackage("npm", "3.0.0");

            Assert.AreEqual(VulnerabilityLevel.High, npm1.Severity);

            Vulnerability npm2 = _vulners.CheckPackage("npm", "3.8.2");

            Assert.AreEqual(VulnerabilityLevel.None, npm2.Severity);
        }
Beispiel #17
0
 /// <summary>
 /// Verifies a vulnerability object has the basic plumbing correct.
 /// </summary>
 /// <param name="vuln">
 /// The vuln.
 /// </param>
 /// <param name="instance">
 /// The instance.
 /// </param>
 /// <param name="responseHolder">
 /// The response holder.
 /// </param>
 public static void AssertBasicVulnProperties(
     Vulnerability vuln,
     PluginBaseAbstract instance,
     HttpWebResponseHolder responseHolder)
 {
     vuln.TestPlugin.ShouldEqual(instance.GetType().Name);
     vuln.HttpResponse.ShouldEqual(responseHolder);
     vuln.TestedParam.ShouldEqual("testedParam");
     vuln.TestedVal.ShouldEqual("testedValue");
 }
        public void OnVulnerabilityDiscovered(Vulnerability vulnerability)
        {
            if (_ignoreObject != null && _ignoreObject.IsIgnored(vulnerability))
            {
                return;
            }

            Console.WriteLine(vulnerability);
            Interlocked.Increment(ref _vulnerabilityCount);
        }
Beispiel #19
0
 private void RemoveVulnerable(Vulnerability vulnerable)
 {
     if (vulnerable != null)
     {
         if (vulnerables.Contains(vulnerable))
         {
             vulnerables.Remove(vulnerable);
         }
     }
 }
Beispiel #20
0
    private void OnCollisionEnter2D(Collision2D collision)
    {
        Vulnerability vulnerability = collision.gameObject.GetComponent <Vulnerability>();

        if (vulnerability != null && vulnerability.IsVulnerable)
        {
            vulnerability.MakeInvulnerable();
        }
        Object.Destroy(this.gameObject);
    }
Beispiel #21
0
 public override void Process(Vulnerability vulnerability)
 {
     _consoleWrapper.WriteLine($"Code: {vulnerability.Code}");
     _consoleWrapper.WriteLine($"Title: {vulnerability.Title}");
     _consoleWrapper.WriteLine($"SeverityLevel: {vulnerability.SeverityLevel}");
     _consoleWrapper.WriteLine($"Description: {vulnerability.Description}");
     _consoleWrapper.WriteLine($"File path: {vulnerability.FilePath}");
     _consoleWrapper.WriteLine($"Fully qualified name: {vulnerability.FullyQualifiedName}");
     _consoleWrapper.WriteLine($"Line number: {vulnerability.LineNumber}");
     _consoleWrapper.WriteLine("");
 }
Beispiel #22
0
 public override void CheckForExposures()
 {
     for (int i = vulnerables.Count - 1; i >= 0; i--)
     {
         Vulnerability vulnerable = vulnerables[i];
         if (FloodLevel > 0 && vulnerable != null)
         {
             vulnerable.Expose(hazardType);
         }
     }
 }
        public async Task <IHttpActionResult> GetVulnerability(int id)
        {
            Vulnerability vulnerability = await db.Vulnerabilities.FindAsync(id);

            if (vulnerability == null)
            {
                return(NotFound());
            }

            return(Ok(vulnerability));
        }
Beispiel #24
0
        public static Vulnerability ToDataModel(this Contracts.Vulnerability.CreateVulnerability create)
        {
            var Vulnerability = new Vulnerability
            {
                Name        = create.Name,
                Description = create.Description,
                //VulnerabilityCatalogId = create.VulnerabilityCatalogId,
            };

            return(Vulnerability);
        }
        public void CompleteMatch()
        {
            var vulnerability = new Vulnerability
            {
                FullyQualifiedName = "BankingApp.TestFiles",
                Code = "Example"
            };

            bool result = _ignoreObject.IsIgnored(vulnerability);

            Assert.IsTrue(result);
        }
Beispiel #26
0
        private static string GetVulnerability(Vulnerability vulnerability)
        {
            switch (vulnerability)
            {
            case Vulnerability.None:
                return("-");

            default:
                return(PBNVulnerabilityMapper
                       .GetstringFromVulnerability(vulnerability));
            }
        }
        public async Task <IHttpActionResult> PostVulnerability(Vulnerability vulnerability)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            db.Vulnerabilities.Add(vulnerability);
            await db.SaveChangesAsync();

            return(CreatedAtRoute("DefaultApi", new { id = vulnerability.Id }, vulnerability));
        }
        public void MatchingCode()
        {
            var vulnerability = new Vulnerability
            {
                FullyQualifiedName = "AnotherBankingApp.TestFiles",
                Code = "Example"
            };

            bool result = _ignoreObject.IsIgnored(vulnerability);

            Assert.IsFalse(result);
        }
Beispiel #29
0
 public Score(Seat declarer, Contract contract, IEnumerable <Trick> tricks, Vulnerability vulnerability)
 {
     //FIXME add error checking
     Declarer       = declarer;
     Contract       = contract;
     Vulnerability  = vulnerability;
     _tricks        = tricks.ToList();
     _vulnerable    = Declarer.IsVulnerable(vulnerability);
     TricksTaken    = GetTricksTaken();
     TricksDefeated = contract.Bid.Tricks - TricksTaken; //todo limit to positive numbers ??
     ContractScore  = GetContractScore();
 }
Beispiel #30
0
 public Score(Seat declarer, Contract contract, IEnumerable<Trick> tricks, Vulnerability vulnerability)
 {
     //FIXME add error checking
     Declarer = declarer;
     Contract = contract;
     Vulnerability = vulnerability;
     _tricks = tricks.ToList();
     _vulnerable = Declarer.IsVulnerable(vulnerability);
     TricksTaken = GetTricksTaken();
     TricksDefeated = contract.Bid.Tricks - TricksTaken; //todo limit to positive numbers ??
     ContractScore = GetContractScore();
 }
Beispiel #31
0
        public bool Test()
        {
            Util.Log("Testing for vulnerabilities: " + URL, Color.DarkBlue);

            SQL_Vulnerable = false;
            PHP_Vulnerable = false;

            string[] chars = { "'", @"\" };

            foreach (string ch in chars)
            {
                string ret = GetString(URL + ch);

                if (ret.Contains("You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax") ||
                    ret.Contains("supplied argument is not a valid MySQL result resource") ||
                    ret.Contains("Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given"))
                {
                    SQL_Vulnerable = true;
                    Util.Log("Target is vulnerable to SQL injection", Color.Green);
                    return(true);
                }
                else if (ret.Contains("Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE"))
                {
                    if (GetString(URL + "';echo('" + Delimiter + "').'").Contains(Delimiter))
                    {
                        PHP_Vulnerable = true;
                        Util.Log("Target is vulnerable to PHP injection", Color.Green);

                        PHP_GetShell();
                    }
                }
            }

            UserAgent = "'";

            string ss = GetString(URL);

            if (ss.Contains("You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax") ||
                ss.Contains("supplied argument is not a valid MySQL result resource") ||
                ss.Contains("Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given"))
            {
                Util.Log("Target vulnerable to User Agent injection", Color.Green);
                SQL_Vulnerable = true;
                Vulnerability  = Razorblade.Vulnerability.USERAGENT;
                return(true);
            }
            else
            {
                Util.Log("Target is not vulnerable to SQL injection", Color.Red);
                return(false);
            }
        }
Beispiel #32
0
		public void SetVulnerability(TowerType towerType, Vulnerability type)
		{
			VulnerabilityState[(int)towerType] = type;
		}
Beispiel #33
0
		public BossState()
		{
			VulnerabilityState = new Vulnerability[NumberOfTowerTypes];
			SetVulnerabilitiesToNormal();
		}