public static NessusPatchData LoadPatchData(string rawNessusPatchFile)
{
NessusPatchData myPatchData = new NessusPatchData();
rawNessusPatchFile = rawNessusPatchFile.Replace("\t", "");
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(rawNessusPatchFile);
XmlNodeList reportList = xmlDoc.GetElementsByTagName("Report");
XmlNodeList reportHostList = xmlDoc.GetElementsByTagName("ReportHost");
// ensure all three are valid otherwise this XML is junk
if (reportList != null && reportHostList != null)
{
// fill in the Report name
if (reportList.Count >= 1)
{
myPatchData.reportName = getReportName(reportList.Item(0));
}
// now get the ReportHost Listing
if (reportHostList.Count > 0)
{
myPatchData.summary = getReportHostListing(reportHostList);
}
}
return(myPatchData);
}
// add a single Patch Scan Data record
public async Task <NessusPatchData> AddPatchScanData(NessusPatchData data)
{
try
{
await _context.ACASScanReports.InsertOneAsync(data);
return(data);
}
catch (Exception ex)
{
// log or manage the exception
throw ex;
}
}
public void Test_NessusPatchDataWithDataIsValid()
{
NessusPatchData data = new NessusPatchData();
data.created = DateTime.Now;
data.systemGroupId = "875678654gghjghjkgu658";
data.hostname = "myHost";
data.reportName = "My Report Here";
data.updatedOn = DateTime.Now;
data.operatingSystem = "Windows";
data.systemType = "My System Type";
data.ipAddress = "10.10.10.111";
data.credentialed = true;
data.pluginId = "9689658";
data.pluginName = "My Plugin";
data.family = "My Family";
data.severity = 4;
data.hostTotal = 2;
data.total = 3;
data.description = "This is my description";
data.publicationDate = "March 31, 2020";
data.pluginType = "My Plugin Type";
data.riskFactor = "My Risk";
data.synopsis = "My synopsis";
// test things out
Assert.True(data != null);
Assert.True(!string.IsNullOrEmpty(data.created.ToShortDateString()));
Assert.True(!string.IsNullOrEmpty(data.systemGroupId));
Assert.True(!string.IsNullOrEmpty(data.hostname));
Assert.True(!string.IsNullOrEmpty(data.reportName));
Assert.True(!string.IsNullOrEmpty(data.operatingSystem));
Assert.True(!string.IsNullOrEmpty(data.systemType));
Assert.True(!string.IsNullOrEmpty(data.ipAddress));
Assert.True(!string.IsNullOrEmpty(data.pluginId));
Assert.True(!string.IsNullOrEmpty(data.pluginName));
Assert.True(!string.IsNullOrEmpty(data.family));
Assert.True(!string.IsNullOrEmpty(data.description));
Assert.True(!string.IsNullOrEmpty(data.publicationDate));
Assert.True(!string.IsNullOrEmpty(data.pluginType));
Assert.True(!string.IsNullOrEmpty(data.riskFactor));
Assert.True(!string.IsNullOrEmpty(data.synopsis));
Assert.True(data.severityName == "Critical");
Assert.True(data.updatedOn.HasValue);
Assert.True(!string.IsNullOrEmpty(data.updatedOn.Value.ToShortDateString()));
}
public void Test_NewNessusPatchDataIsValid()
{
NessusPatchData data = new NessusPatchData();
Assert.True(data != null);
}
private static List <NessusPatchData> getReportHostListing(string reportName, XmlNodeList nodes)
{
List <NessusPatchData> listPatchData = new List <NessusPatchData>();
NessusPatchData patchData = new NessusPatchData();
XmlAttributeCollection colAttributes;
string hostname = "";
string netbiosname = "";
string operatingSystem = "";
string systemType = "";
bool credentialed = false;
string ipAddress = "";
string scanVersion = "";
foreach (XmlNode node in nodes)
{
// reset the variables for each reporthost listing
hostname = "";
netbiosname = "";
operatingSystem = "";
systemType = "";
credentialed = false;
ipAddress = "";
colAttributes = node.Attributes;
foreach (XmlAttribute attr in colAttributes)
{
if (attr.Name == "name")
{
hostname = SanitizeHostname(attr.Value);
break;
}
}
if (node.ChildNodes.Count > 0)
{
foreach (XmlElement child in node.ChildNodes)
{
if (child.Name == "HostProperties")
{
// for each child node in here
netbiosname = "";
operatingSystem = "";
systemType = "";
credentialed = false;
ipAddress = "";
foreach (XmlElement hostChild in child.ChildNodes)
{
// get the child
foreach (XmlAttribute childAttr in hostChild.Attributes)
{
// cycle through attributes where attribute.innertext == netbios-name
if (childAttr.InnerText == "netbios-name")
{
netbiosname = hostChild.InnerText; // get the outside child text;
}
else if (childAttr.InnerText == "hostname")
{
hostname = hostChild.InnerText; // get the outside child text;
}
else if (childAttr.InnerText == "operating-system")
{
operatingSystem = hostChild.InnerText; // get the outside child text;
}
else if (childAttr.InnerText == "system-type")
{
systemType = hostChild.InnerText; // get the outside child text;
}
else if (childAttr.InnerText == "Credentialed_Scan")
{
bool.TryParse(hostChild.InnerText, out credentialed); // get the outside child text;
}
else if (childAttr.InnerText == "host-rdns")
{
ipAddress = hostChild.InnerText; // get the outside child text;
}
}// for each childAttr in hostChild
} // for each hostChild
}
else if (child.Name == "ReportItem")
{
// get the report host name
// get all ReportItems and their attributes in the tag
colAttributes = child.Attributes;
patchData = new NessusPatchData();
// set the hostname and other host data for every single record
patchData.reportName = reportName;
patchData.hostname = hostname;
patchData.operatingSystem = operatingSystem;
patchData.ipAddress = SanitizeHostname(ipAddress); // if an IP clean up the information octets
patchData.systemType = systemType;
patchData.credentialed = credentialed;
// get all the attributes
foreach (XmlAttribute attr in colAttributes)
{
if (attr.Name == "severity")
{
// store the integer
patchData.severity = Convert.ToInt32(attr.Value);
}
else if (attr.Name == "pluginID")
{
patchData.pluginId = attr.Value;
}
else if (attr.Name == "pluginName")
{
patchData.pluginName = attr.Value;
}
else if (attr.Name == "pluginFamily")
{
patchData.family = attr.Value;
}
}
// get all the child record data we need
foreach (XmlElement reportData in child.ChildNodes)
{
if (reportData.Name == "description")
{
patchData.description = reportData.InnerText;
}
else if (reportData.Name == "plugin_publication_date")
{
patchData.publicationDate = reportData.InnerText;
}
else if (reportData.Name == "plugin_type")
{
patchData.pluginType = reportData.InnerText;
}
else if (reportData.Name == "risk_factor")
{
patchData.riskFactor = reportData.InnerText;
}
else if (reportData.Name == "synopsis")
{
patchData.synopsis = reportData.InnerText;
}
if (patchData.family == "Settings" && patchData.pluginName == "Nessus Scan Information") // get the version of ACAS
{
if (reportData.Name == "plugin_output") // parse the data in here
{
int strPlacement = 0;
strPlacement = reportData.InnerText.IndexOf("Nessus version : ");
if (strPlacement > 0) // record the version
{
scanVersion = reportData.InnerText.Substring(strPlacement + 17, reportData.InnerText.IndexOf("\n", strPlacement + 19) - (strPlacement + 17)).Trim();
strPlacement = reportData.InnerText.IndexOf("Plugin feed version : ");
if (strPlacement > 0) // add the plugin feed version to the end of the ACAS version
{
scanVersion += "." + reportData.InnerText.Substring(strPlacement + 22, reportData.InnerText.IndexOf("\n", strPlacement + 24) - (strPlacement + 22)).Trim();
}
}
}
}
}
// record the ACAS version for the POA&M export
if (!string.IsNullOrEmpty(scanVersion))
{
patchData.scanVersion = scanVersion;
}
// add the record
listPatchData.Add(patchData);
}
}
}
}
return(listPatchData);
}
