private async Task CompressContents()
{
var sourceInfo = new DirectoryInfo(SourceDir);
ScanHelper.CompressDirectory(sourceInfo.FullName, $"{DestDir}\\{sourceInfo.Name}.zip");
if (DeleteIfSuccessful)
{
var dirFiles = sourceInfo.GetFiles();
var dirSubDirs = sourceInfo.GetDirectories();
foreach (var file in dirFiles.ToList())
{
try
{
file.Delete();
}
catch { }
}
if (IncludeSubDirectories)
{
foreach (var dir in dirSubDirs.ToList())
{
try
{
dir.Delete(true);
}
catch { }
}
}
}
}
private async void Startup()
{
try
{
Instance = this;
var settings = SettingsHelper.LoadSettings();
Instance.Left = settings.MainWindowLeft;
Instance.Top = settings.MainWindowTop;
AppData = new DataHelper();
Scanner = new ScanHelper();
ExistingRules = await DataHelper.GetAllRules();
var trayIconPath = $"{Directory.GetCurrentDirectory()}\\main.ico";
ProgramIcon = new NotifyIcon
{
Icon = new Icon(trayIconPath),
Visible = true
};
ProgramIcon.Click += new EventHandler(trayIcon_Clicked);
CreateRuleGrid();
StartTimer();
}
catch (Exception ex) { LogHelper.LogError(ex); }
}
private async Task StartAsync(GitHubClient client, long repoId, Guid requestId)
{
// download a ZIP
byte[] buffer = null;
try
{
buffer = await ScanHelper.DownloadRepoZip(client, repoId).ConfigureAwait(false);
}
catch (Exception ex)
{
throw ex;
}
// upload buffer to storage
string blobUri = await ScanHelper.UploadBufferToStorage(buffer, requestId.ToString());
// create worker notification message (include the requestId)
MalwareDeterminationRequest scanRequest = new MalwareDeterminationRequest
{
ClientId = "GitHubScanX",
FileName = $"{requestId.ToString()}.zip",
FileSizeInBytes = 1000, //dummy
RequestId = requestId,
Uri = new Uri(blobUri)
};
// notify worker (aka put the notification message to a queue
ScanXMock mock = new ScanXMock();
// Fire and forget (for POC)
mock.SendScanRequest(scanRequest);
}
private void DeleteSelected()
{
ScanHelper.DeleteDirectories(GetSelectedDirectories());
ScanHelper.DeleteFiles(GetSelectedFiles());
contentsLabel.Content = $"Count: {newFilesListBox.Items.Count}";
selectedFilesListBox.Items.Clear();
}
public IActionResult Scan(string url, int depth)
{
ViewBag.Results = ScanHelper.GetResultFromUrlWithDepth(url, depth);
var pages = ScanHelper.GetSavedPages();
foreach (var page in pages)
{
_context.Add(page);
}
_context.SaveChanges();
return(View());
}
private async Task DeleteContents()
{
var files = ScanHelper.GetFiles(SourceDir, keywords: Keywords);
var subDirectories = ScanHelper.GetSubDirectories(SourceDir, excludeEmpty: ExcludeEmptyDirectories);
if (Frequency == FrequencyEnum.AfterDays)
{
files = ScanHelper.FilterFilesByAge(DayLimit, files);
subDirectories = ScanHelper.FilterDirectoriesByAge(DayLimit, subDirectories);
}
ScanHelper.DeleteFiles(files);
ScanHelper.DeleteDirectories(subDirectories);
}
public void VulnerabilityScanBeforeLogin()
{
Client.Pscan.EnableAllScanners(ApiKey);
Driver.Navigate().GoToUrl(Target);
var apiResponse = ScanHelper.StartSpider(Client);
ScanHelper.WaitForTaskToComplete(apiResponse, Client.Spider.GetStatus);
apiResponse = ScanHelper.StartAscan(Client);
ScanHelper.WaitForTaskToComplete(apiResponse, Client.Ascan.GetStatus);
AlertHelper.PrintAlertsToConsole(Client.Core.GetAlerts(Target));
}
public async void ExecuteAction()
{
try
{
FileList = ScanHelper.GetFiles(SourceDir, keywords: Keywords, daysThreshold: DayLimit);
switch (Action)
{
case ActionEnum.Move:
await Task.Run(MoveFiles);
break;
case ActionEnum.Copy:
await Task.Run(CopyFiles);
break;
case ActionEnum.Delete:
await Task.Run(DeleteContents);
break;
case ActionEnum.DropboxCleanup:
await Task.Run(CleanupDropbox);
break;
case ActionEnum.CompressContents:
await Task.Run(CompressContents);
break;
case ActionEnum.PromptAction:
PromptAction();
break;
default:
break;
}
Counter = 0;
MainWindow.Instance.LogActivity(rule: this, success: true, message: "Rule executed successfully");
}
catch (Exception ex) { MainWindow.Instance.HandleError(exception: ex, rule: this); }
}
private async Task CleanupDropbox()
{
if (!Directory.Exists(DestDir))
{
throw new Exception("Destination directory not available");
}
var dropboxDirs = ScanHelper.GetDropboxDirectories(path: SourceDir, keyword: Keyword, excludeEmpty: true);
foreach (var dir in dropboxDirs)
{
ScanHelper.CopyDirectory(dir.FullName, Path.Combine(DestDir, dir.Name), true);
dir.Attributes = FileAttributes.Normal;
dir.Delete(true);
}
}
/// <summary>
/// Handler when the Scan Button got clicked
/// For example checking if scan is allowed and then statrting it
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void scanButton_Click(object sender, RibbonControlEventArgs e)
{
if (!AllowedToScan())
{
return;
}
if (DataModel.Instance.CurrentWorkbook.PolicySettings.hasManualScans() ||
DataModel.Instance.CurrentWorkbook.Scenarios.Count > 0)
{
// SIFCore can't handle if it the documents is not saved. So if an inspection is started it is assured the file is saved somewhere.
ScanHelper.SaveBefore(InspectionType.MANUAL);
}
else
{
ScanHelper.ScanUnsuccessful(Resources.tl_Ribbon_MessageNoPolicies);
}
}
protected bool OnScan(IList <ScanResult> results, string relativeFolderPath, string stateFileName, string[] loginSubfolderPatterns, string loginFileName)
{
string mainFolder = AppArgs.GetArgString("-scan-main-folder", string.Empty);
if (string.IsNullOrEmpty(mainFolder))
{
mainFolder = applicationDataPath.FullName;
}
else
{
mainFolder = Path.Combine(mainFolder, applicationDataPath.Name);
}
string rootFolder = Path.Combine(mainFolder, relativeFolderPath);
return(ScanHelper.Scan(rootFolder, stateFileName, loginSubfolderPatterns, loginFileName, results));
}
/// <summary>
/// This method loads the XML report generated by the SIF into this workbook model.
/// </summary>
public void Load(string xml)
{
try
{
var rootElement = XElement.Parse(xml);
// @TODO
//XDocument d = new XDocument(rootElement);
//d.Validate(XMLPartManager.Instance.getReportSchema(), null);
LoadViolations(rootElement);
ScanHelper.ScanSuccessful();
}
catch (Exception e)
{
ScanHelper.ScanUnsuccessful(Resources.Error_FaultyResponse);
Debug.WriteLine(e);
}
}
private void scanButton_Click(object sender, RibbonControlEventArgs e)
{
if (!AllowedToScan())
{
return;
}
if (DataModel.Instance.CurrentWorkbook.PolicySettings.hasManualScans() ||
DataModel.Instance.CurrentWorkbook.Scenarios.Count > 0 ||
DataModel.Instance.CurrentWorkbook.Rules.Count > 0)
{
DataModel.Instance.CurrentWorkbook.Inspect();
}
else
{
ScanHelper.ScanUnsuccessful(Resources.tl_Ribbon_MessageNoPolicies);
}
}
/// <summary>
/// This async method is called by the workbook model. it will be a silent running request
/// </summary>
internal async void doInspection(WorkbookModel workbook, string policyFile, string spreadsheetFile)
{
// initalize response string
string responseString = null;
// open policy and spreadsheet files save temporarily
var policyStream = File.Open(policyFile, FileMode.Open);
HttpContent policyContent = new StreamContent(policyStream);
var spreadsheetStream = File.Open(spreadsheetFile, FileMode.Open);
HttpContent spreadsheetContent = new StreamContent(spreadsheetStream);
// Submit the form using HttpClient and
// create form data as Multipart (enctype="multipart/form-data")
using (var client = new HttpClient())
using (var formData = new MultipartFormDataContent())
{
// Add the HttpContent objects to the form data
// <input type="text" name="filename" />
formData.Add(policyContent, "policy", policyFile);
formData.Add(spreadsheetContent, "spreadsheet", spreadsheetFile);
// Actually invoke the request to the server
// equivalent to (action="{url}" method="post")
try
{
var response = client.PostAsync(Settings.Default.SifServerUrl + "/ooxml", formData).Result;
if (response.IsSuccessStatusCode)
{
// get the responding xml as string
responseString = await response.Content.ReadAsStringAsync();
var fileName = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) +
Path.DirectorySeparatorChar + "inspectionResponse.xml";
File.WriteAllText(fileName, responseString);
}
}
catch (Exception)
{
ScanHelper.ScanUnsuccessful(Resources.Error_NoConnectionToServer);
return;
}
}
workbook.Load(responseString);
}
/// <summary>
/// Reads a String from the socket
/// </summary>
/// <param name="socket">Socket to recieve data from</param>
/// <returns string> The string read from the socket </returns>
public static string ReadString(this Socket socket)
{
try
{
byte[] buffer = new byte[8];
socket.Receive(buffer, 0, 8, SocketFlags.None);
int stringLength = (int)BitConverter.ToInt64(buffer, 0);
buffer = new byte[stringLength];
socket.Receive(buffer, 0, stringLength, SocketFlags.None);
return(Encoding.UTF8.GetString(buffer).Trim());
}
catch (OutOfMemoryException ex)
{
ScanHelper.ScanUnsuccessful(Resources.tl_OutOfMemory);
return(string.Empty);
}
}
private void actionCB_DropDownClosed(object sender, EventArgs e)
{
switch (actionCB.Text)
{
case "Delete":
destDirLBL.Visibility = Visibility.Collapsed;
destTB.Visibility = Visibility.Collapsed;
destBrowseBTN.Visibility = Visibility.Collapsed;
break;
default:
if (actionCB.Text == "Dropbox Cleanup")
{
sourceTB.Text = ScanHelper.DefaultDropboxPath();
}
destDirLBL.Visibility = Visibility.Visible;
destTB.Visibility = Visibility.Visible;
destBrowseBTN.Visibility = Visibility.Visible;
break;
}
}
public void VulnerabilityScanAfterLogin()
{
Client.Pscan.EnableAllScanners(ApiKey);
Driver.Navigate().GoToUrl(Target + "insecure/public/Login.jsp");
var loginPage = PageObjectFactory.GetInitializedPageObject <LoginPage>(Driver);
loginPage.SendKeysToLoginField("admin");
loginPage.SendKeysToPasswordField("secret");
loginPage.PressLoginButton();
var apiResponse = ScanHelper.StartSpider(Client);
ScanHelper.WaitForTaskToComplete(apiResponse, Client.Spider.GetStatus);
apiResponse = ScanHelper.StartAscan(Client);
ScanHelper.WaitForTaskToComplete(apiResponse, Client.Ascan.GetStatus);
AlertHelper.PrintAlertsToConsole(Client.Core.GetAlerts(Target));
}
private void ShowWindow()
{
try
{
Instance = this;
var settings = SettingsHelper.LoadSettings();
Instance.Left = settings.PromptWindowLeft;
Instance.Top = settings.PromptWindowTop;
SourceDirectory = new DirectoryInfo(ActiveRule.SourceDir);
NewFileList = SourceDirectory.GetFiles().ToList();
if (ActiveRule.IncludeSubDirectories)
{
SubDirectories = ScanHelper.GetSubDirectories(ActiveRule.SourceDir, excludeEmpty: ActiveRule.ExcludeEmptyDirectories);
}
else
{
SubDirectories = new List <DirectoryInfo>();
}
SubDirectories.ForEach(d => newFilesListBox.Items.Add($"{d.Name} (Dir)"));
NewFileList.ForEach(f => newFilesListBox.Items.Add($"{f.Name}"));
sourceLabel.Content = SourceDirectory.FullName.Length > 20 ? $"Source: ...\\{SourceDirectory.FullName.Substring(3, 17)}" : $"Source: {SourceDirectory.FullName}";
contentsLabel.Content = $"Contents: {newFilesListBox.Items.Count}";
addButton.Click += (s, e) => SelectFile();
removeButton.Click += (s, e) => UnselectFile();
Instance.ShowDialog();
}
catch (Exception ex)
{
LogHelper.LogError(ex);
}
}
private static void ScanProcess()
{
Process[] processlist = Process.GetProcesses();
foreach (Process theprocess in processlist)
{
try
{
string processlocation = GetMainModuleFilepath(theprocess.Id);
byte[] fileBytes = File.ReadAllBytes(processlocation);
string read = Encoding.UTF8.GetString(fileBytes);
if (ScanHelper.Scan(read, ScanHelper.ScanTypes.Mutil, signatures))
{
Console.WriteLine($"Malware is {theprocess.ProcessName}");
// theprocess.Kill();
}
}
catch
{
}
}
}
private static void ScanFile()
{
Console.WriteLine("Enter path folder:\n");
string path = @"C:\Users\luong\Desktop\demoScan";
DirectoryInfo directory = new DirectoryInfo(path);
FileInfo[] pathsFile = directory.GetFiles("*.*", SearchOption.AllDirectories);
List <string> lstPath = new List <string>();
lstPath = pathsFile.Select(x => x.FullName).ToList();
foreach (string item in lstPath)
{
if (item.Contains(".txt") || item.Contains(".pdf") || item.Contains(".doc"))
{
continue;
}
else
{
try
{
using (StreamReader stream = new StreamReader(item))
{
string read = stream.ReadToEnd();
if (ScanHelper.Scan(read, ScanHelper.ScanTypes.Mutil, signatures))
{
Console.WriteLine($"Malware is: {item}");
}
}
}
catch
{
}
}
}
}
/// <summary>
/// This method is the server run loop.
/// </summary>
protected void ServerRunLoop()
{
TcpListener currentTcpListener = TcpServer;
try
{
// The server will keep running until its thread is aborted.
while (true)
{
if (!File.Exists(Settings.Default.FrameworkPath + Path.DirectorySeparatorChar + "sif.jar"))
{
// Sif has not been installed correctly.
MessageBox.Show(Resources.tl_Path_missing
+
Settings.Default.FrameworkPath + Path.DirectorySeparatorChar +
"sif.jar\n\n" + Resources.tl_Path_install, Resources.tl_MessageBox_Error);
}
// Launch a new instance of the Spreadsheet Inspection Framework
var startInfo = new ProcessStartInfo("cmd",
"/q /c java -jar \"" + Settings.Default.FrameworkPath + Path.DirectorySeparatorChar +
"sif.jar\" "
+ Settings.Default.SifOptions + " " + Instance.Port);
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(startInfo);
// Wait for the client to connect.
var clientSocket = currentTcpListener.AcceptSocket();
#region Functionality
while (IsSocketConnected(clientSocket))
{
// Get the next inspection job from the inspection queue
var currentJob = InspectionQueue.Take();
try
{
// At first, send the policy as generated Xml
var writer = new StringWriter();
currentJob.PolicyXML.Save(writer);
clientSocket.SendString(writer.GetStringBuilder().ToString());
// Read the report from the socket connection
var report = clientSocket.ReadString();
// Let the inspection job know about the report
currentJob.Finalize(report);
}
catch (OutOfMemoryException)
{
// Try to release as many resources as possible#
ScanHelper.ScanUnsuccessful(Resources.tl_MemoryRestrictions + "\n" + Resources.tl_StartNewScan);
_hadMemoryRestriction = true;
currentJob.DeleteWorkbookFile();
foreach (InspectionJob job in InspectionQueue)
{
job.DeleteWorkbookFile();
}
InspectionQueue.Dispose();
InspectionQueue = new BlockingCollection <InspectionJob>();
// restart the server loop
throw new Exception();
}
catch (Exception e)
{
if (!_hadMemoryRestriction)
{
ScanHelper.ScanUnsuccessful();
}
Start();
}
}
#endregion
}
}
catch (ExternalException) // Java is not on the path
{
if (Globals.Ribbons.Ribbon.scanButton != null && Globals.Ribbons.Ribbon != null &&
Globals.Ribbons != null)
{
ScanHelper.ScanUnsuccessful(Resources.tl_No_Java_Enviroment);
}
else
{
MessageBox.Show(
Resources.tl_No_Java_Enviroment,
Resources.tl_MessageBox_Error);
}
}
catch (Exception e)
{
try
{
ScanHelper.ScanUnsuccessful();
}
//Catch if Ribbon was never instantiated
catch (NullReferenceException ex)
{
// Quietly swallow exception
}
// start will fork into a new thread
Start();
// we will die in a short while, nothing to be done
}
finally
{
currentTcpListener.Stop();
}
}
internal static bool ExecuteCmd(string command)
{
bool isManagedCmd = false;
string[] commands = command.Split(' ');
string cmdName = commands.First();
string[] args = commands.Skip(1).ToArray();
switch (cmdName)
{
case "exit":
Environment.Exit(0);
break;
case "clear":
Console.Clear();
isManagedCmd = true;
break;
case "yadd":
isManagedCmd = true;
CmdAddRules(args);
break;
case "sadd":
isManagedCmd = true;
CmdAddSamples(args);
break;
case "ycompile":
isManagedCmd = true;
using (var compiler = new Compiler())
{
foreach (var yara in yaras.Distinct())
{
var err = ScanHelper.CheckRule(yara);
if (err == YARA_ERROR.SUCCESS)
{
try
{
compiler.AddRuleFile(yara);
Console.WriteLine($":Added {yara}");
} catch (Exception e)
{
Console.WriteLine($"!Exception adding \"{yara}\": {e.Message}");
}
}
else
{
Console.WriteLine($"!Exception adding \"{yara}\": {err}");
}
}
try
{
rules = compiler.Compile();
Console.WriteLine($"* Compiled");
}
catch (Exception e)
{
Console.WriteLine($"!Exception compiling rules: {e.Message}");
}
}
break;
case "run":
isManagedCmd = true;
CmdRun();
break;
}
return(isManagedCmd);
}
private async Task StartExecution()
{
IReadOnlyList <Installation> installations = await this.gitHubAppClient.GitHubApps.GetAllInstallationsForCurrent().ConfigureAwait(false);
try
{
if (!this.IsGitHubInstallationClientValid())
{
throw new InvalidOperationException("Error: gitHubInstallationClient is invalid.");
}
if (IsPullRequest)
{
ICheckSuitesClient checkSuiteClient = gitHubInstallationClient.Check.Suite;
CheckSuitesResponse x = await checkSuiteClient.GetAllForReference(CurrentRepository.Id, CommitSha).ConfigureAwait(false);
if (x.TotalCount > 0)
{
long checkSuiteId = x.CheckSuites.FirstOrDefault().Id;
bool res = await checkSuiteClient.Rerequest(CurrentRepository.Id, checkSuiteId);
}
else
{
var newCheckSuite = new NewCheckSuite(CommitSha);
try
{
CheckSuite suite =
await checkSuiteClient.Create(
CurrentRepository.Owner.Login,
CurrentRepository.Name, newCheckSuite)
.ConfigureAwait(false);
}
catch (Exception ex)
{
}
}
return;
}
ICheckRunsClient checkRunClient = gitHubInstallationClient.Check.Run;
// Create a new heckRun in GitHub
var newCheckRun = new NewCheckRun("ScanX", CommitSha)
{
Status = CheckStatus.Queued,
};
CheckRun checkRun =
await checkRunClient.Create(
CurrentRepository.Owner.Login,
CurrentRepository.Name,
newCheckRun)
.ConfigureAwait(false);
// --- Downoad a ZIP ---
byte[] buffer = await ScanHelper.DownloadRepoZip(gitHubInstallationClient, CurrentRepository.Id, CommitSha).ConfigureAwait(false);
int size = buffer.Length;
// Upload ZIP to a storage blob
string blobName = $"{RequestId.ToString()}";
string blobUri = await ScanHelper.UploadBufferToStorage(buffer, blobName);
// Update check's status to "in progress"
CheckRunUpdate checkRunUpdate = new CheckRunUpdate
{
Status = CheckStatus.InProgress,
Name = checkRun.Name
};
checkRun = await checkRunClient.Update(CurrentRepository.Id, checkRun.Id, checkRunUpdate).ConfigureAwait(false);
// --- Start a scan ---
// Simulate sending of a message to a SB queue
// Create worker notification message
MalwareDeterminationRequest scanRequest = new MalwareDeterminationRequest();
scanRequest.ClientId = "GitHubScanX";
scanRequest.FileName = $"{RequestId.ToString()}.zip";
scanRequest.FileSizeInBytes = 1000; //dummy
scanRequest.RequestId = RequestId;
scanRequest.Uri = new Uri(blobUri);
// Notify worker (aka put the notification message to a queue)
ScanXMock mock = new ScanXMock();
await mock.SendScanRequest(scanRequest).ConfigureAwait(false);
// --- Poll for a scan completion ---
MalwareDeterminationResult scanResult;
do
{
await Task.Delay(500).ConfigureAwait(false);
if (await mock.TryGetResult(RequestId))
{
scanResult = await mock.GetResult(RequestId).ConfigureAwait(false);
break;
}
}while (true); //!!!! for POC only
checkRunUpdate.Status = CheckStatus.Completed;
checkRunUpdate.CompletedAt = DateTime.UtcNow;
checkRunUpdate.Conclusion = scanResult.WorkStatus == WorkStatus.Clean ? CheckConclusion.Success : CheckConclusion.Failure;
if (checkRunUpdate.Conclusion == CheckConclusion.Failure)
{
checkRunUpdate.Output = new NewCheckRunOutput(
"Scan Report",
$"GitScan detected {scanResult.ConfirmedMalwares.Count()} infected files. See details below.");
checkRunUpdate.Output.Text = "| File Path| Malware Type| AV Engines|\n";
checkRunUpdate.Output.Text += "|:---|:---|:---|\n";
foreach (var entry in scanResult.ConfirmedMalwares)
{
checkRunUpdate.Output.Text += $"|{entry.FileName}|{entry.MalwareInfo}|{string.Join(",", entry.AvEngines.ToArray())}";
}
}
checkRun = await checkRunClient.Update(CurrentRepository.Id, checkRun.Id, checkRunUpdate).ConfigureAwait(false);
}
catch (Exception ex)
{
Console.WriteLine($"Exception: {ex.Message}");
}
}
