internal static void ModifyVulnerabilityAnalysis(ModTypes _mod, string currentProject, IVulnerability details)
{
ProjectPOCO p = GetCurrentProject(currentProject);
if (ModTypes.Add == _mod)
{
if (!checkExists(p, details, false))
{
p.Vulnerabilities.Add(details);
}
}
else if (ModTypes.Remove == _mod)
{
if (checkExists(p, details, false))
{
IVulnerability c = p.Vulnerabilities.FirstOrDefault(x => x.Identifier == details.Identifier);
if (null != c)
{
p.Vulnerabilities.Remove(c);
}
}
}
else if (ModTypes.Update == _mod)
{
if (checkExists(p, details, true))
{
IVulnerability c = p.Vulnerabilities.FirstOrDefault(x => x.Identifier == details.Identifier);
if (null != c)
{
p.Vulnerabilities.Remove(c);
}
p.Vulnerabilities.Add(details);
}
}
}
internal static void UpdateDetails(string projectName, string isso, string devLead, bool isScanned, CodeScanType codeScanType, string productionURL, IList <string> languages, string repository)
{
ProjectPOCO p = projectHelper.GetCurrentProject(projectName);
p.ISSO = isso;
p.DevLead = devLead;
p.isCurrentlyScanned = isScanned;
p.ScanConfiguration = codeScanType;
p.ProductionURL = productionURL;
p.CodeLanguages = languages.ToList();
p.Repository = repository;
}
internal static void AddProject(string project)
{
lock (_lockObject)
{
if (null == _data)
{
_data = new List <ProjectPOCO>();
}
ProjectPOCO p = new ProjectPOCO();
p.Name = project;
p.PenetrationTests = new List <PenetrationTestPOCO>();
p.StaticAnalysis = new List <StaticAnalysisPOCO>();
p.isCurrentlyScanned = false;
p.ScanConfiguration = CodeScanType.None;
_data.Add(p);
}
}
private static bool checkExists(ProjectPOCO p, StaticAnalysisPOCO details)
{
if (null == p.StaticAnalysis)
{
p.StaticAnalysis = new List <StaticAnalysisPOCO>();
}
IEnumerable <StaticAnalysisPOCO> d = p.StaticAnalysis.Where(x => x.AnalysisDate == details.AnalysisDate);
if (0 == d.Count())
{
return(false);
}
else
{
return(true);
}
}
private static bool checkExists(ProjectPOCO p, PenetrationTestPOCO details)
{
if (null == p.PenetrationTests)
{
p.PenetrationTests = new List <PenetrationTestPOCO>();
}
IEnumerable <PenetrationTestPOCO> d = p.PenetrationTests.Where(x => x.StartDate == details.StartDate &&
x.EndDate == details.EndDate &&
x.TesterName == details.TesterName);
if (0 == d.Count())
{
return(false);
}
else
{
return(true);
}
}
private static bool checkExists(ProjectPOCO p, Documentation data)
{
if (null == p.DocumentationItems)
{
p.DocumentationItems = new List <Documentation>();
}
IEnumerable <Documentation> d = p.DocumentationItems.Where(x => x.Details == data.Details &&
x.DateOfIssue == data.DateOfIssue &&
x.Category == data.Category);
if (0 == d.Count())
{
return(false);
}
else
{
return(true);
}
}
internal static void ModifyStaticAnalysis(ModTypes _mod, string currentProject, StaticAnalysisPOCO details)
{
ProjectPOCO p = GetCurrentProject(currentProject);
if (ModTypes.Add == _mod)
{
if (!checkExists(p, details))
{
p.StaticAnalysis.Add(details);
}
}
else if (ModTypes.Remove == _mod)
{
if (checkExists(p, details))
{
StaticAnalysisPOCO c = p.StaticAnalysis.FirstOrDefault(x => x.AnalysisDate == details.AnalysisDate);
if (null != c)
{
p.StaticAnalysis.Remove(c);
}
}
}
}
private static bool checkExists(ProjectPOCO p, IVulnerability details, bool isUpdate)
{
if (null == p.Vulnerabilities)
{
p.Vulnerabilities = new List <IVulnerability>();
}
if (!isUpdate)
{
IEnumerable <IVulnerability> d = p.Vulnerabilities.Where(x => x.Details == details.Details &&
x.CompletedDate == details.CompletedDate &&
x.CVSS == details.CVSS &&
x.DiscoveredDate == details.DiscoveredDate &&
x.Risk == details.Risk &&
x.Status == details.Status &&
x.Title == details.Title);
if (0 == d.Count())
{
return(false);
}
else
{
return(true);
}
}
else
{
IEnumerable <IVulnerability> d = p.Vulnerabilities.Where(x => x.Identifier == details.Identifier);
if (0 == d.Count())
{
return(false);
}
else
{
return(true);
}
}
}
internal static void ModifyPenTestAnalysis(ModTypes _mod, string currentProject, PenetrationTestPOCO details)
{
ProjectPOCO p = GetCurrentProject(currentProject);
if (ModTypes.Add == _mod)
{
if (!checkExists(p, details))
{
p.PenetrationTests.Add(details);
}
}
else if (ModTypes.Remove == _mod)
{
if (checkExists(p, details))
{
PenetrationTestPOCO c = p.PenetrationTests.FirstOrDefault(x => x.EndDate == details.EndDate &&
x.StartDate == details.StartDate && x.TesterName == details.TesterName);
if (null != c)
{
p.PenetrationTests.Remove(c);
}
}
}
}
internal static void ModifyDocumenation(ModTypes mod, string currentProject, Documentation data)
{
ProjectPOCO p = GetCurrentProject(currentProject);
if (ModTypes.Add == mod)
{
if (!checkExists(p, data))
{
p.DocumentationItems.Add(data);
}
}
else if (ModTypes.Remove == mod)
{
if (checkExists(p, data))
{
Documentation c = p.DocumentationItems.FirstOrDefault(x => x.Category == data.Category &&
x.DateOfIssue == data.DateOfIssue && x.Details == data.Details);
if (null != c)
{
p.DocumentationItems.Remove(c);
}
}
}
}
public static IList <ProjectPOCO> GetDataObjects(string file)
{
IList <ProjectPOCO> projects = new List <ProjectPOCO>();
//TODO fix the crash on junk files.
XElement projectData = XElement.Load(file);
foreach (XElement x in projectData.Elements("project"))
{
ProjectPOCO p = new ProjectPOCO();
p.Name = x.Element("name").Value;
XElement contacts = x.Element("contacts");
p.ISSO = contacts.Element("isso").Value;
p.DevLead = contacts.Element("devLead").Value;
p.ProductionURL = null == x.Element("productionURL") ? string.Empty : x.Element("productionURL").Value;
XElement codeDetail = x.Element("codeDetail");
XElement vulnerabilities = x.Element("vulnerabilities");
IEnumerable <XElement> codeLanguages = null == codeDetail.Element("languages") ? new List <XElement>() : codeDetail.Element("languages").Elements("language");
if (codeLanguages.Count() > 0)
{
foreach (XElement item in codeLanguages.ToList())
{
if (null == p.CodeLanguages)
{
p.CodeLanguages = new List <string>();
}
p.CodeLanguages.Add(item.Value);
}
}
else
{
p.CodeLanguages = new List <string>();
}
bool isScanned = false;
if (bool.TryParse(codeDetail.Attribute("isCurrentlyScanned").Value, out isScanned))
{
p.isCurrentlyScanned = isScanned;
}
else
{
p.isCurrentlyScanned = false;
}
//need to implement extension method for parsing enums
p.ScanConfiguration = (CodeScanType)Enum.Parse(typeof(CodeScanType), codeDetail.Attribute("scanConfiguration").Value);
p.Repository = codeDetail.Element("repository").Value;
IEnumerable <XElement> scanData = x.Element("codeAnalysis").Elements("scanDate");
if (scanData.Count() > 0)
{
foreach (XElement ele in scanData.ToList())
{
DateTime outDate = new DateTime();
if (DateTime.TryParse(ele.Value, out outDate))
{
if (null == p.StaticAnalysis)
{
p.StaticAnalysis = new List <StaticAnalysisPOCO>();
}
StaticAnalysisPOCO sa = new StaticAnalysisPOCO();
sa.AnalysisDate = outDate;
p.StaticAnalysis.Add(sa);
}
}
}
XElement penTests = x.Element("penetrationTests");
IEnumerable <XElement> scans = penTests.Elements("scan");
if (scans.Count() > 0)
{
foreach (XElement e1 in scans.ToList())
{
DateTime outBegin = new DateTime();
DateTime outEnd = new DateTime();
PenetrationTestPOCO t = new PenetrationTestPOCO();
if (DateTime.TryParse(e1.Element("startDate").Value, out outBegin))
{
t.StartDate = outBegin;
}
else
{
continue;
}
if (DateTime.TryParse(e1.Element("endDate").Value, out outEnd))
{
t.EndDate = outEnd;
}
else
{
continue;
}
t.TesterName = e1.Element("tester").Value;
if (null == p.PenetrationTests)
{
p.PenetrationTests = new List <PenetrationTestPOCO>();
}
p.PenetrationTests.Add(t);
}
}
XElement dx = x.Element("documentation");
if (null != dx)
{
IEnumerable <XElement> doco = dx.Elements("item");
if (doco.Count() > 0)
{
if (null == p.DocumentationItems)
{
p.DocumentationItems = new List <Documentation>();
}
foreach (XElement d in doco.ToList())
{
Documentation dxi = new Documentation();
dxi.Details = string.IsNullOrEmpty(d.Element("details").Value) ? string.Empty : d.Element("details").Value;
DateTime outDoI = new DateTime();
if (DateTime.TryParse(d.Element("dateOfIssue").Value, out outDoI))
{
dxi.DateOfIssue = outDoI;
}
else
{
continue;
}
dxi.Category = string.IsNullOrEmpty(d.Element("category").Value) ? string.Empty : d.Element("category").Value;
p.DocumentationItems.Add(dxi);
}
}
}
else
{
p.DocumentationItems = new List <Documentation>();
}
try //LEGACY HELPER TRY
{
IEnumerable <XElement> items = vulnerabilities.Elements("item");
IList <IVulnerability> list = new List <IVulnerability>();
foreach (var item in items)
{
IVulnerability v = new Vulnerability();
string date1 = item.Element("discoveredDate").Value;
string date2 = item.Element("completedDate").Value;
Nullable <DateTime> nulled = null;
if (null != item.Element("title"))
{
v.Title = item.Element("title").Value;
}
v.DiscoveredDate = string.IsNullOrEmpty(date1) ? nulled : Convert.ToDateTime(date1);
v.CompletedDate = string.IsNullOrEmpty(date2) ? nulled : Convert.ToDateTime(date2);
v.Risk = item.Element("risk").Value;
v.Status = item.Element("status").Value;
v.Details = HttpUtility.HtmlDecode(item.Element("vulnerability").Value);
v.Tester = item.Element("tester").Value;
v.Identifier = Guid.Parse(item.Element("identifier").Value);
v.VulnTypeReported = item.Element("type").Value;
if (null != item.Element("flagged"))
{
v.isWeeklyReportItem = bool.Parse(item.Element("flagged").Value);
}
else
{
v.isWeeklyReportItem = false;
}
if (null != item.Element("cvss2"))
{
decimal dec = new decimal();
if (decimal.TryParse(item.Element("cvss2").Value, out dec))
{
v.CVSS = dec;
}
else
{
v.CVSS = 0;
}
}
list.Add(v);
}
if (list.Count() > 0)
{
p.Vulnerabilities = list;
}
}
catch { }
projects.Add(p);
}
return(projects);
}
internal static bool checkExists(string p)
{
ProjectPOCO project = Data.FirstOrDefault(x => x.Name == p);
return(project == null ? false : true);
}
