public async Task SaveManageCompany(ManageCompany manageCompany)
{
var manageConfig = new ManageConfig();
await Connection.OpenAsync();
using var cmd = Connection.CreateCommand();
cmd.CommandText = @"INSERT INTO managecompanies (Id, Name, Identifier) VALUES (@Id, @Name, @Identifier) ON DUPLICATE KEY UPDATE Id = @Id, Name = @Name, Identifier = @Identifier;";
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@Id",
DbType = DbType.String,
Value = manageCompany.Id
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@Name",
DbType = DbType.String,
Value = manageCompany.Name
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@Identifier",
DbType = DbType.String,
Value = manageCompany.Identifier
});
await cmd.ExecuteNonQueryAsync();
cmd.Connection.Close();
}
public async Task SaveDefaultThreatLockerOrganization(ThreatLockerOrganization threatLockerOrganization)
{
var manageConfig = new ManageConfig();
await Connection.OpenAsync();
using var cmd = Connection.CreateCommand();
cmd.CommandText = @"INSERT IGNORE INTO threatlockerorganizations (OrganizationId, Name, ManageCompanyId) VALUES (@OrganizationId, @Name, @ManageCompanyId) ON DUPLICATE KEY UPDATE Name = @Name, ManageCompanyId = @ManageCompanyId;";
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@OrganizationId",
DbType = DbType.String,
Value = "00000000-0000-0000-0000-000000000000"
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@Name",
DbType = DbType.String,
Value = "Catch-All Company"
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@ManageCompanyId",
DbType = DbType.Int32,
Value = threatLockerOrganization.ManageCompanyId
});
await cmd.ExecuteNonQueryAsync();
cmd.Connection.Close();
}
public async Task <IActionResult> ManageConfig()
{
Config config = await _appDb.GetConfigAsync();
ManageConfig manageConfig = await _appDb.GetManageConfigAsync();
List <ManageCompany> manageCompanies = await _appDb.GetManageCompaniesAsync();
List <ManageBoard> manageBoards = ManageAccess.GetBoards(config);
manageConfig.ManageBoard = ManageAccess.GetBoard(config, manageConfig.BoardId);
manageConfig.ManageBoards = manageBoards;
manageConfig.ManageBoardTypes = ManageAccess.GetBoardTypes(config, manageConfig.BoardId);
manageConfig.ManageBoardType = ManageAccess.GetBoardType(config, manageConfig.BoardId, manageConfig.TypeId);
manageConfig.ManageBoardSubTypes = ManageAccess.GetBoardSubTypes(config, manageConfig.BoardId);
manageConfig.ManageBoardSubType = ManageAccess.GetBoardSubType(config, manageConfig.BoardId, manageConfig.SubTypeId);
manageConfig.ManageBoardItems = ManageAccess.GetBoardItems(config, manageConfig.BoardId);
manageConfig.ManageBoardItem = ManageAccess.GetBoardItem(config, manageConfig.BoardId, manageConfig.ItemId);
manageConfig.ManageBoardPriorities = ManageAccess.GetBoardPriorities(config);
manageConfig.ManageBoardPriority = ManageAccess.GetBoardPriority(config, manageConfig.PriorityId);
manageConfig.ManageBoardStatuses = ManageAccess.GetBoardStatuses(config, manageConfig.BoardId);
manageConfig.ManageBoardStatus = ManageAccess.GetBoardStatus(config, manageConfig.BoardId, manageConfig.StatusId);
return(View(manageConfig));
}
public static ManageConfig GetManageConfigNames(Config config, ManageConfig manageConfig)
{
manageConfig.ManageBoard = GetBoard(config, manageConfig.BoardId);
manageConfig.ManageBoardType = GetBoardType(config, manageConfig.BoardId, manageConfig.TypeId);
manageConfig.ManageBoardSubType = GetBoardSubType(config, manageConfig.BoardId, manageConfig.SubTypeId);
manageConfig.ManageBoardItem = GetBoardItem(config, manageConfig.BoardId, manageConfig.ItemId);
manageConfig.ManageBoardStatus = GetBoardStatus(config, manageConfig.BoardId, manageConfig.StatusId);
manageConfig.ManageBoardPriority = GetBoardPriority(config, manageConfig.PriorityId);
return(manageConfig);
}
public async Task SaveManageConfigAsync(ManageConfig manageConfig)
{
await Connection.OpenAsync();
using var cmd = Connection.CreateCommand();
cmd.CommandText = @"INSERT INTO manageconfig (Id, boardId, typeId, subTypeId, itemId, priorityId, statusId, ticketSummary) VALUES (1, @boardId, @typeId, @subTypeId, @itemId, @priorityId, @statusId, @ticketSummary) ON DUPLICATE KEY UPDATE boardId = @boardId, typeId = @typeId, subTypeId = @subTypeId, itemId = @itemId, priorityId = @priorityId, statusId = @statusId, ticketSummary = @ticketSummary;";
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@boardId",
DbType = DbType.String,
Value = manageConfig.BoardId
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@typeId",
DbType = DbType.String,
Value = manageConfig.TypeId
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@subTypeId",
DbType = DbType.String,
Value = manageConfig.SubTypeId
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@itemId",
DbType = DbType.String,
Value = manageConfig.ItemId
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@priorityId",
DbType = DbType.String,
Value = manageConfig.PriorityId
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@statusId",
DbType = DbType.String,
Value = manageConfig.StatusId
});
cmd.Parameters.Add(new MySqlParameter
{
ParameterName = "@ticketSummary",
DbType = DbType.String,
Value = manageConfig.TicketSummary
});
await cmd.ExecuteNonQueryAsync();
cmd.Connection.Close();
}
public ConfigOfSpider Clone()
{
var spider = new ConfigOfSpider(SpiderName);
spider.RequestConfig = RequestConfig.Clone();
spider.ManageConfig = ManageConfig.Clone();
spider.GrabConfigs = new List <IGrabConfig>();
foreach (var grabConfig in GrabConfigs)
{
spider.GrabConfigs.Add(grabConfig.Clone(spider));
}
return(spider);
}
public async Task <IActionResult> ManageConfig(ManageConfig model)
{
Config config = await _appDb.GetConfigAsync();
ManageConfig manageConfig = await _appDb.GetManageConfigAsync();
List <ManageBoard> manageBoards = ManageAccess.GetBoards(config);
int BoardId = int.Parse(HttpContext.Request.Form["BoardId"]);
int TypeId = int.Parse(HttpContext.Request.Form["BoardTypeId"]);
int SubTypeId = int.Parse(HttpContext.Request.Form["BoardSubTypeId"]);
int ItemId = int.Parse(HttpContext.Request.Form["BoardItemId"]);
int PriorityId = int.Parse(HttpContext.Request.Form["BoardPriorityId"]);
int StatusId = int.Parse(HttpContext.Request.Form["BoardStatusId"]);
string TicketSummary = (HttpContext.Request.Form["TicketSummary"]);
model.BoardId = BoardId;
model.TypeId = TypeId;
model.SubTypeId = SubTypeId;
model.ItemId = ItemId;
model.PriorityId = PriorityId;
model.StatusId = StatusId;
model.TicketSummary = TicketSummary;
model.ManageBoard = ManageAccess.GetBoard(config, manageConfig.BoardId);
model.ManageBoards = manageBoards;
model.ManageBoardTypes = ManageAccess.GetBoardTypes(config, manageConfig.BoardId);
model.ManageBoardType = ManageAccess.GetBoardType(config, manageConfig.BoardId, manageConfig.TypeId);
model.ManageBoardSubTypes = ManageAccess.GetBoardSubTypes(config, manageConfig.BoardId);
model.ManageBoardSubType = ManageAccess.GetBoardSubType(config, manageConfig.BoardId, manageConfig.SubTypeId);
model.ManageBoardItems = ManageAccess.GetBoardItems(config, manageConfig.BoardId);
model.ManageBoardItem = ManageAccess.GetBoardItem(config, manageConfig.BoardId, manageConfig.ItemId);
model.ManageBoardPriorities = ManageAccess.GetBoardPriorities(config);
model.ManageBoardPriority = ManageAccess.GetBoardPriority(config, manageConfig.PriorityId);
model.ManageBoardStatuses = ManageAccess.GetBoardStatuses(config, manageConfig.BoardId);
model.ManageBoardStatus = ManageAccess.GetBoardStatus(config, manageConfig.BoardId, manageConfig.StatusId);
List <ManageCompany> manageComapies = ManageAccess.GetCompanies(config, null);
ViewBag.ListOfBoards = manageBoards;
await _appDb.SaveManageConfigAsync(model);
return(View(model));
}
public async Task <ManageConfig> GetManageConfigAsync()
{
var manageConfig = new ManageConfig();
await Connection.OpenAsync();
using (var cmd = new MySqlCommand("SELECT boardId, typeId, subTypeId, itemId, priorityId, statusId, ticketSummary FROM manageconfig;", Connection))
using (var reader = await cmd.ExecuteReaderAsync())
while (await reader.ReadAsync())
{
manageConfig.BoardId = reader.GetInt32(0);
manageConfig.TypeId = reader.GetInt32(1);
manageConfig.SubTypeId = reader.GetInt32(2);
manageConfig.ItemId = reader.GetInt32(3);
manageConfig.PriorityId = reader.GetInt32(4);
manageConfig.StatusId = reader.GetInt32(5);
manageConfig.TicketSummary = reader.GetString(6);
}
Connection.Close();
return(manageConfig);
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
Config config = await _appDb.GetConfigAsync();
if (string.IsNullOrEmpty(config.ThreatlockerAuth) || string.IsNullOrEmpty(config.ManagePubKey))
{
return;
}
ManageConfig manageConfig = await _appDb.GetManageConfigAsync();
ManageTicket manageTicket = new ManageTicket();
manageTicket.Company = new ManageCompany()
{
Name = "", Id = 0
};
List <ThreatLockerOrganization> threatLockerOrganizations = await _appDb.GetThreatLockerOrganizationsAsync();
_logger.LogInformation($"Checking for requests.");
List <ThreatLockerRequest> threatLockerRequests = ThreatLockerAccess.GetRequests(config);
if (threatLockerRequests != null)
{
_logger.LogInformation($"{threatLockerRequests.Count} requests found.");
foreach (var request in threatLockerRequests)
{
_logger.LogInformation($"Matching Companies");
foreach (var org in threatLockerOrganizations)
{
if (org.OrganizationId == request.OrganizationId)
{
manageTicket.Company = new ManageCompany {
Id = org.ManageCompanyId
};
_logger.LogInformation($"{manageTicket.Company.Name} matched {org.Name}");
}
}
if (manageTicket.Company.Id <= 0)
{
var defaultThreatLockerOrganization = await _appDb.GetDefaultThreatLockerOrganization();
manageTicket.Company.Id = defaultThreatLockerOrganization.ManageCompanyId;
}
var threatLockerAction = ThreatLockerAccess.ProcessJson(request);
string approvalLink = config.ThreatLockerUrl;
if (threatLockerAction.ActionType == "execute")
{
approvalLink += "/applicationcontrolapproval.aspx?popup=true&approvalrequestid=" + request.ApprovalRequestId;
}
else
{
approvalLink += "/storagecontrolapproval.aspx?popup=true&approvalrequestid=" + request.ApprovalRequestId;
}
threatLockerAction.ApprovalLink = approvalLink;
StringBuilder initialDescription = new StringBuilder($"{threatLockerAction.Username} has requested access to {threatLockerAction.FullPath}\n");
initialDescription.Append($"Organization: {request.OrganizationName}\n");
initialDescription.Append($"Hostname: {threatLockerAction.Username.Split('\\')[0]}\n");
initialDescription.Append($"Hash: {threatLockerAction.Hash}");
foreach (var cert in threatLockerAction.Certs)
{
initialDescription.Append($"Cert: {cert.Subject} SHA: {cert.Sha}\n");
}
StringBuilder initialInternalAnalysis = new StringBuilder($"{approvalLink}");
manageTicket.Summary = manageConfig.TicketSummary;
manageTicket.InitialDescription = initialDescription.ToString();
manageTicket.InitialInternalAnalysis = initialInternalAnalysis.ToString();
manageTicket.Board = new ManageBoard {
Id = manageConfig.BoardId
};
manageTicket.Type = new ManageBoardType {
BoardTypeId = manageConfig.TypeId
};
manageTicket.SubType = new ManageBoardSubType {
BoardSubTypeId = manageConfig.SubTypeId
};
manageTicket.Item = new ManageBoardItem {
BoardItemId = manageConfig.ItemId
};
manageTicket.Priority = new ManageBoardPriority {
BoardPriorityId = manageConfig.PriorityId
};
manageTicket.Status = new ManageBoardStatus {
BoardStatusId = manageConfig.StatusId
};
ManageAccess.PostTicket(config, manageTicket);
config.LastSuccessRequestSent = DateTime.UtcNow;
await _appDb.UpdateLastSuccessSent(config);
_logger.LogInformation($"Ticket Created");
}
}
await Task.Delay(config.RequestCheckDelay * 1000, stoppingToken);
}
}
public BaseRepository()
{
config = JsonConfigurationHelper.GetAppSettings <ManageConfig>("ManageConfig.json", "ManageConfig");
}
public BaseRepository()
{
config = JsonConfigurationHelper.GetAppSettings <ManageConfig>("ManageConfig.json", "ManageConfig");
//config = new ManageConfig() { TibosDB = new DBConfig() { ConnType = "mysql", ConnName="server=47.104.247.70;database=tibos;uid=root;pwd=Root123.;port=3306;Charset=utf8;" } };
}
public IServiceProvider ConfigureServices(IServiceCollection services)
{
services.AddOptions <BearerTokensOptions>()
.Bind(Configuration.GetSection("BearerTokens"))
.Validate(bearerTokens =>
{
return(bearerTokens.AccessTokenExpirationMinutes < bearerTokens.RefreshTokenExpirationMinutes);
}, "RefreshTokenExpirationMinutes is less than AccessTokenExpirationMinutes. Obtaining new tokens using the refresh token should happen only if the access token has expired.");
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = Configuration["BearerTokens:Issuer"], // site that makes the token
ValidateIssuer = false, // TODO: change this to avoid forwarding attacks
ValidAudience = Configuration["BearerTokens:Audience"], // site that consumes the token
ValidateAudience = false, // TODO: change this to avoid forwarding attacks
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["BearerTokens:secretKey"])),
ValidateIssuerSigningKey = true, // verify signature to avoid tampering
ValidateLifetime = true, // validate the expiration
ClockSkew = TimeSpan.Zero, // tolerance for the expiration date
TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["BearerTokens:encryptionkey"]))
};
cfg.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService <ILoggerFactory>().CreateLogger(nameof(JwtBearerEvents));
logger.LogError("Authentication failed.", context.Exception);
return(Task.CompletedTask);
},
OnTokenValidated = context =>
{
var tokenValidatorService = context.HttpContext.RequestServices.GetRequiredService <ITokenValidatorService>();
return(tokenValidatorService.ValidateAsync(context));
},
OnMessageReceived = context =>
{
return(Task.CompletedTask);
},
OnChallenge = context =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService <ILoggerFactory>().CreateLogger(nameof(JwtBearerEvents));
logger.LogError("OnChallenge error", context.Error, context.ErrorDescription);
return(Task.CompletedTask);
}
};
});
services.AddMvc(options => options.EnableEndpointRouting = false)
.AddFluentValidation(s =>
s.RegisterValidatorsFromAssemblyContaining <Startup>());
///services.AddProgressiveWebApp();
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
return(ManageConfig.config(services, Configuration));
}
