public PluginResult Scan(ChangedValueInfo valueToScan)
{
PluginResult pluginResult = new PluginResult {
RiskRate = ThreatRiskRates.NoRisk
};
try
{
if (string.IsNullOrEmpty(valueToScan?.ChangedObject?.Value))
{
return(pluginResult);
}
BadValueItem badValueItem = badValueItems.FirstOrDefault(s => valueToScan.ChangedObject.Value.ToLower().Contains(s.BadValue.ToLower()));
if (badValueItem == null)
{
return(pluginResult);
}
pluginResult.RiskRate = badValueItem.Risk;
pluginResult.Message = badValueItem.Description;
return(pluginResult);
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
return(null);
}
}
public PluginResult Scan(Dictionary <string, IBeSafeRegistryPlugin> plugins, dynamic scanObject, bool canFight)
{
ChangedValueInfo regitryValueInfo = (ChangedValueInfo)scanObject;
if (regitryValueInfo == null)
{
return(null);
}
PluginResult scanResult = new PluginResult();
foreach (KeyValuePair <string, IBeSafeRegistryPlugin> plugin in plugins)
{
scanResult = plugin.Value.Scan(regitryValueInfo, canFight);
Debug.WriteLine(scanResult.RiskRate);
if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
{
break;
}
}
return(scanResult);
}
public PluginResult Scan(ChangedValueInfo registryKeyInfo, bool canFightWithThreat)
{
try
{
PluginResult result = new PluginResult
{
PluginInfo = _pluginInfo,
ScannedObject = registryKeyInfo,
RiskRate = ThreatRiskRates.NoRisk,
};
foreach (IScanner scanner in _scanners)
{
PluginResult tempResut = scanner.Scan(registryKeyInfo);
// On first threat found return the threat and ignore other scanners
if (tempResut.RiskRate != ThreatRiskRates.NoRisk)
{
result.RiskRate = tempResut.RiskRate;
result.Message = tempResut.Message;
break;
}
}
if (canFightWithThreat)
{
// Fight with the registry value! for example remove it :)
}
return(result);
}
catch (Exception ex)
{
Debug.WriteLine($"EX : {ex.Message}");
return(null);
}
}
private void ValueChangedArrived(ChangedValueInfo valueInfo)
{
_changedValuesStack.Enqueue(valueInfo);
}
