public IActionResult VulnerabilityDetails(int configurationID, int productID, int cveID) { // Get existing userCveConfiguration var userCveConfiguration = new UserCveConfiguration(); try { userCveConfiguration = _context.UserCveConfigurations .Where(ucc => ucc.ConfigurationID == configurationID && ucc.ProductID == productID && ucc.CveID == cveID) .Include(ucc => ucc.Status) .Include(ucc => ucc.Cve) .ThenInclude(c => c.References) .Include(ucc => ucc.Cve) .ThenInclude(ucc => ucc.Cwes) .Include(ucc => ucc.Product) .FirstOrDefault(); } catch (ArgumentNullException e) { TempData["Param"] = "userCveConfiguration"; TempData["Error"] = e.Message; throw e; } // Add all statuses to the viewBag for the status dropdown var statusList = _context.Status.ToList(); ViewBag.StatusObjectList = statusList; return(View(userCveConfiguration)); }
public IActionResult TrackProductExistingConfiguration(int existingID, int productID) { // Get the existing configuration var existingConfiguration = _context.Configurations .Where(c => c.ConfigurationID == existingID) .Include(c => c.UserCveConfigurations) .FirstOrDefault(); // Get existing product var existingProduct = _context.Products .Where(p => p.ProductID == productID) .Include(p => p.CveConfigurations) .FirstOrDefault(); var unresolvedStatus = _context.Status .Where(s => s.StatusName == "Unresolved") .FirstOrDefault(); if (existingConfiguration == null || existingProduct == null || unresolvedStatus == null) { TempData["Param"] = "Existing Data"; TempData["Error"] = "The requested data does not exist"; return(RedirectToAction("Error", "Home")); } // All all associated vulnerabilities to the existingConfiguration foreach (var currExistingConfiguration in existingProduct.CveConfigurations) { var newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, CveID = currExistingConfiguration.CveID, StatusID = unresolvedStatus.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now, New = 'N'.ToString() }; existingConfiguration.UserCveConfigurations.Add(newUserCveConfiguration); } // Save changes to existingConfiguration try { _context.Configurations.Update(existingConfiguration); _context.SaveChanges(); return(Ok()); } catch (Exception e) { TempData["Param"] = "userCveConfigurationToUpdate change save"; TempData["Error"] = e.Message; throw e; } }
public IActionResult UpdateUserVulnerability(UserCveConfiguration model) { if (model == null) { ArgumentNullException e = new ArgumentNullException(); TempData["Param"] = "UpdateUserVulnerability"; TempData["Error"] = e.Message; throw e; } var userCveConfigurationToUpdate = new UserCveConfiguration(); try { // Get the existing userCveConfiguration userCveConfigurationToUpdate = _context.UserCveConfigurations .Where(ucc => ucc.ConfigurationID == model.ConfigurationID && ucc.ProductID == model.ProductID && ucc.CveID == model.CveID).FirstOrDefault(); } catch (ArgumentNullException e) { TempData["Param"] = "userCveConfigurationToUpdate"; TempData["Error"] = e.Message; throw e; } // If the Notes have changed, update them if (userCveConfigurationToUpdate.Notes != model.Notes) { userCveConfigurationToUpdate.Notes = model.Notes; } // If the StatusID has changed, update it. if (userCveConfigurationToUpdate.StatusID != model.StatusID) { userCveConfigurationToUpdate.StatusID = model.StatusID; } // Update userCveConfiguration in database try { _context.UserCveConfigurations.Update(userCveConfigurationToUpdate); _context.SaveChanges(); return(RedirectToAction("Details", new { model.ConfigurationID })); } catch (DbUpdateException e) { TempData["Param"] = "userCveConfigurationToUpdate change save"; TempData["Error"] = e.Message; throw e; } }
public IActionResult TrackProductNewConfiguration(string newConfigurationName, string configurationNotes, int productId) { // Create newConfiguration var newConfiguration = new Configuration() { ConfigurationName = newConfigurationName, Notes = configurationNotes, DateAdded = DateTime.Now, AspNetUserID = _userManager.GetUserId(User), UserCveConfigurations = new List <UserCveConfiguration>() }; // Get existingProduct var existingProduct = _context.Products .Where(p => p.ProductID == productId) .Include(p => p.CveConfigurations) .FirstOrDefault(); // Get the unresolvedStatus var unresolvedStatus = _context.Status .Where(s => s.StatusName == "Unresolved") .FirstOrDefault(); // Check for errors if (existingProduct == null || unresolvedStatus == null) { TempData["Param"] = "Product"; TempData["Error"] = "Product does not exist"; return(RedirectToAction("Error", "Home")); } // For each associated vulnerability, create a newUserCveConfiguration foreach (var currExistingConfiguration in existingProduct.CveConfigurations) { var newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, CveID = currExistingConfiguration.CveID, StatusID = unresolvedStatus.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now, New = "N".ToString() }; newConfiguration.UserCveConfigurations.Add(newUserCveConfiguration); } // Save the newConfiguration try { _context.Configurations.Add(newConfiguration); _context.SaveChanges(); return(Ok()); } catch (Exception e) { TempData["Param"] = "Product"; TempData["Error"] = e.Message; throw e; } }
private void AddNewCve(JToken currCve) { // Only accept if CVE description does not contain ** REJECT ** and build data if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; JToken cvss; if (currCve["impact"].Children().Count() == 0) { return; } cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; // Create new CveObject Cve newCve = new Cve { PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()), LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()), GivenID = cveMeta["ID"].ToString(), Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(), VectorString = cvss["vectorString"].ToString(), AccessVector = cvss["accessVector"].ToString(), AccessComplexity = cvss["accessComplexity"].ToString(), Authentication = cvss["authentication"].ToString(), ConfidentialityImpact = cvss["confidentialityImpact"].ToString(), IntegrityImpact = cvss["availabilityImpact"].ToString(), AvailabilityImpact = cvss["availabilityImpact"].ToString(), BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()), References = new List <Reference>(), CveConfigurations = new List <CveConfiguration>(), UserCveConfigurations = new List <UserCveConfiguration>() }; // Get references JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; newCve.References.Add(newReference); } // Get products from CVE JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); // Foreach product foreach (JToken currJsonProduct in jsonProductList) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; newCve.CveConfigurations.Add(newConfiguration); // Update tracked userCveConfigurations where this product is already tracked Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault(); foreach (var item in _context.UserCveConfigurations .Where(ucc => ucc.ProductID == existingProduct.ProductID) .GroupBy(g => g.ConfigurationID).ToList()) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, ConfigurationID = item.Key, StatusID = status.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now, Cve = newCve, New = 'Y'.ToString() }; // Add email notification if not already added var existingConfiguration = _context.Configurations .Where(c => c.ConfigurationID == item.Key) .FirstOrDefault(); var userToEmail = _context.Users .Where(u => u.Id == existingConfiguration.AspNetUserID) .FirstOrDefault(); // Check if an email already exists bool emailAlreadyExists = emailRecipientList .Where(erl => erl.EmailAddress == userToEmail.Email).Count() > 0; // If the email does exist if (emailAlreadyExists == true) { // Add configuration Name if (!emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First() .ConfigurationIdList.Contains(existingConfiguration.ConfigurationID)) { emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First() .ConfigurationIdList.Add(existingConfiguration.ConfigurationID); } } else // If the email does not exist { // Create new email and add it to the recipient list Email newEmail = new Email() { EmailAddress = userToEmail.Email, RecipientName = userToEmail.FirstName, }; newEmail.ConfigurationIdList.Add(existingConfiguration.ConfigurationID); emailRecipientList.Add(newEmail); } newCve.UserCveConfigurations.Add(newUserCveConfiguration); } } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8], Added = DateTime.Now }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve newCve.CveConfigurations.Add(newCveConfiguration); } } // Add new CVE to database try { _context.Cves.Add(newCve); _context.SaveChanges(); } catch (Exception e) { System.Diagnostics.Debug.WriteLine("Error: " + e.Message); } } }
private void UpdateExistingCve(Cve existingCve, JToken currCve) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; JToken cvss; // Detect errornous score information and restart try { cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; } catch (Exception) { return; } // Update the CVE itself existingCve.PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()); existingCve.LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()); existingCve.GivenID = cveMeta["ID"].ToString(); existingCve.Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(); existingCve.VectorString = cvss["vectorString"].ToString(); existingCve.AccessVector = cvss["accessVector"].ToString(); existingCve.AccessComplexity = cvss["accessComplexity"].ToString(); existingCve.Authentication = cvss["authentication"].ToString(); existingCve.ConfidentialityImpact = cvss["confidentialityImpact"].ToString(); existingCve.IntegrityImpact = cvss["availabilityImpact"].ToString(); existingCve.AvailabilityImpact = cvss["availabilityImpact"].ToString(); existingCve.BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()); existingCve.References.Clear(); JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; existingCve.References.Add(newReference); } // Add any new products JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); bool alreadyContained = false; foreach (JToken currJsonProduct in jsonProductList) { // Check for existing product foreach (CveConfiguration currCveConfiguration in existingCve.CveConfigurations) { if (currCveConfiguration.Product.Concatenated == currJsonProduct.ToString()) { alreadyContained = true; break; } } // If not already contained add the new product if (alreadyContained == false) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .Include(p => p.CveConfigurations) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; existingCve.CveConfigurations.Add(newConfiguration); // Update tracked userCveConfigurations where this product is already tracked Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault(); foreach (var item in _context.UserCveConfigurations .Where(ucc => ucc.ProductID == existingProduct.ProductID) .GroupBy(ucc => ucc.ProductID) .Select(g => g.First()).ToList()) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, CveID = existingCve.CveID, ConfigurationID = item.CveID, StatusID = status.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now }; try { if (ModelState.IsValid) { _context.UserCveConfigurations.Add(newUserCveConfiguration); _context.SaveChanges(); } } catch (Exception) { return; } } } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8] }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve existingCve.CveConfigurations.Add(newCveConfiguration); } } } // save updated existingCve try { if (ModelState.IsValid) { _context.Entry(existingCve).State = EntityState.Modified; _context.SaveChanges(); } } catch (Exception) { return; } }
public IActionResult CreateWithFile(NewConfigurationFileViewModel model) { // Check file type string fileExtension = Path.GetExtension(model.ProductFile.FileName); if (fileExtension != ".csv") { ViewBag.CsvError = "Only .CSV filetype accepted, please try again."; return(View(model)); } // Determine template being used and get all the products only if the format is correct var productList = new List <string>(); using (var reader = new StreamReader(model.ProductFile.OpenReadStream())) { var headerLine = reader.ReadLine(); string nextProductLine; if (headerLine == "Concatenated CPE Names Below") { while ((nextProductLine = reader.ReadLine()) != null) { productList.Add(nextProductLine); } } else if (headerLine == "Type,Vendor,Product Name,Version,Update,Edition,Language") { while ((nextProductLine = reader.ReadLine()) != null) { List <string> productPartList = nextProductLine.Split(',').ToList(); StringBuilder builder = new StringBuilder(); builder.Append("cpe:2.3:"); foreach (var productPart in productPartList) { if (String.IsNullOrEmpty(productPart) || productPart == "*") { builder.Append("*:"); } else { builder.Append(productPart + ":"); } } builder.Append("*:*:*:*"); productList.Add(builder.ToString()); } } else { ViewBag.CsvError = "Incorrect Template format, please download the correct template and try again."; return(View(model)); } } // Create a new configuration based off user input Configuration newConfiguration = new Configuration { AspNetUserID = _userManager.GetUserId(User), ConfigurationName = model.ConfigurationName, Notes = model.Notes, DateAdded = DateTime.Now, UserCveConfigurations = new List <UserCveConfiguration>() }; if (newConfiguration == null) { Exception e = new ArgumentNullException(); TempData["Param"] = "userCveConfigurationToUpdate save changes"; TempData["Error"] = e.Message; throw e; } List <string> successList = new List <string>(); List <string> failedList = new List <string>(); // Foreach product add it to a new ProductConfiguration and add that to the newConfiguration foreach (var productItem in productList) { Product existingProduct = _context.Products .Where(p => p.Concatenated == productItem) .Include(p => p.CveConfigurations) .FirstOrDefault(); // If the product exists if (existingProduct != null) { // Add CveConfiguration to UserCveConfiguration for customisable notes etc. Status unresolvedStatus = _context.Status .Where(s => s.StatusName == "Unresolved") .FirstOrDefault(); foreach (var CveConfigurationItem in existingProduct.CveConfigurations) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration { ProductID = existingProduct.ProductID, CveID = CveConfigurationItem.CveID, StatusID = unresolvedStatus.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now, New = 'N'.ToString() }; newConfiguration.UserCveConfigurations.Add(newUserCveConfiguration); } successList.Add(productItem); } else { failedList.Add(productItem); } } // Save the new configuration if there any successful products if (successList.Any()) { try { _context.Configurations.Add(newConfiguration); _context.SaveChanges(); } catch (Exception e) { TempData["Param"] = "newConfiguration save changes"; TempData["Error"] = e.Message; throw e; } } // Determine success and add result to ViewBag if (productList == null) { ViewBag.CsvError = "The CSV file does not contain any products or is invalid, please check and upload again."; return(View(model)); } if (!failedList.Any()) { ViewBag.UploadStatus = "success"; } else if (failedList.Any() && successList.Any()) { ViewBag.UploadStatus = "partial"; } else if (!successList.Any()) { ViewBag.UploadStatus = "failed"; } ViewBag.SuccessList = successList; ViewBag.FailedList = failedList; return(View(model)); }