private static List <CveDetail> FindDetails(WebClient client, string page)
{
List <CveDetail> results = new List <CveDetail>();
//Todo, support for multiple pages?
string source = client.DownloadString(page);
HtmlDocument document = new HtmlDocument();
document.LoadHtml(source);
HtmlNode headerNode = document.DocumentNode.SelectSingleNode("//div[@id=\"contentdiv\"]/h1");
string serviceName = headerNode.ChildNodes[1].InnerText;
HtmlNodeCollection nodes = document.DocumentNode.SelectNodes("//tr[@class='srrowns']");
foreach (HtmlNode node in nodes)
{
HtmlNodeCollection children = node.ChildNodes;
string description = node.NextSibling.NextSibling.InnerText;
CveDetail detail = new CveDetail(serviceName, children, description);
results.Add(detail);
}
return(results);
}
public override bool Equals(object obj)
{
if (!(obj is CveDetail))
{
return(false);
}
CveDetail b = (CveDetail)obj;
if (b.CVE == CVE)
{
return(true);
}
return(false);
}
private static List<CveDetail> FindDetails(WebClient client, string page)
{
List<CveDetail> results = new List<CveDetail>();
//Todo, support for multiple pages?
string source = client.DownloadString(page);
HtmlDocument document = new HtmlDocument();
document.LoadHtml(source);
HtmlNode headerNode = document.DocumentNode.SelectSingleNode("//div[@id=\"contentdiv\"]/h1");
string serviceName = headerNode.ChildNodes[1].InnerText;
HtmlNodeCollection nodes = document.DocumentNode.SelectNodes("//tr[@class='srrowns']");
foreach (HtmlNode node in nodes)
{
HtmlNodeCollection children = node.ChildNodes;
string description = node.NextSibling.NextSibling.InnerText;
CveDetail detail = new CveDetail(serviceName, children, description);
results.Add(detail);
}
return results;
}
public void LoadNvdCve(string path)
{
XDocument document = XDocument.Load(path);
foreach (var node in document.Descendants())
{
if (node.Name.LocalName != "entry")
{
continue;
}
CveId id = new CveId(node.Attribute("id").Value);
CveDetail detail = new CveDetail();
List <string> versions = null;
try
{
var vulnerableVersions = node.Descendants().Single(d => d.Name.LocalName == "vulnerable-software-list").Descendants().ToArray();
versions = new List <string>(vulnerableVersions.Length);
foreach (XElement vulnerableVersion in vulnerableVersions)
{
string[] tokens = vulnerableVersion.Value.Split(':');
detail.Company = tokens[2];
detail.ServiceName = tokens[3];
if (tokens.Length > 4)
{
versions.Add(tokens[4]);
}
}
}
catch
{
Console.WriteLine("Skipped " + id.ToString());
continue;
}
detail.CVE = node.Descendants().Single(d => d.Name.LocalName == "cve-id").Value;
CveId cveId = new CveId(detail.CVE);
detail.CWE = TryGetDescendantAttributeValue(node, "cwe", "id");
detail.PublishDate = TryGetDescendantValue(node, "published-datetime");
detail.UpdateDate = TryGetDescendantValue(node, "last-modified-datetime");
var cvssNode = node.Descendants().Single(d => d.Name.LocalName == "cvss").Descendants().First();
detail.Score = double.Parse(cvssNode.Descendants().Single(d => d.Name.LocalName == "score").Value);
detail.GainedAccessLevel = "";
detail.Access = cvssNode.Descendants().Single(d => d.Name.LocalName == "access-vector").Value;
detail.Complexity = cvssNode.Descendants().Single(d => d.Name.LocalName == "access-complexity").Value;
detail.Authentication = cvssNode.Descendants().Single(d => d.Name.LocalName == "authentication").Value;
detail.Confidentiality = cvssNode.Descendants().Single(d => d.Name.LocalName == "confidentiality-impact").Value;
detail.Integrity = cvssNode.Descendants().Single(d => d.Name.LocalName == "integrity-impact").Value;
detail.Availability = cvssNode.Descendants().Single(d => d.Name.LocalName == "availability-impact").Value;
detail.Description = node.Descendants().Single(d => d.Name.LocalName == "summary").Value;
if (versions == null)
{
versions = new List <string>();
}
detail.AffectedVersions = versions.ToArray();
if (!m_cveDetails.ContainsKey(cveId))
{
m_cveDetails.Add(cveId, detail);
}
}
}
public void LoadNvdCve(string path)
{
XDocument document = XDocument.Load(path);
foreach (var node in document.Descendants())
{
if (node.Name.LocalName != "entry")
continue;
CveId id = new CveId(node.Attribute("id").Value);
CveDetail detail = new CveDetail();
List<string> versions = null;
try
{
var vulnerableVersions = node.Descendants().Single(d => d.Name.LocalName == "vulnerable-software-list").Descendants().ToArray();
versions = new List<string>(vulnerableVersions.Length);
foreach (XElement vulnerableVersion in vulnerableVersions)
{
string[] tokens = vulnerableVersion.Value.Split(':');
detail.Company = tokens[2];
detail.ServiceName = tokens[3];
if (tokens.Length > 4)
versions.Add(tokens[4]);
}
}
catch
{
Console.WriteLine("Skipped " + id.ToString());
continue;
}
detail.CVE = node.Descendants().Single(d => d.Name.LocalName == "cve-id").Value;
CveId cveId = new CveId(detail.CVE);
detail.CWE = TryGetDescendantAttributeValue(node, "cwe", "id");
detail.PublishDate = TryGetDescendantValue(node, "published-datetime");
detail.UpdateDate = TryGetDescendantValue(node, "last-modified-datetime");
var cvssNode = node.Descendants().Single(d => d.Name.LocalName == "cvss").Descendants().First();
detail.Score = double.Parse(cvssNode.Descendants().Single(d => d.Name.LocalName == "score").Value);
detail.GainedAccessLevel = "";
detail.Access = cvssNode.Descendants().Single(d => d.Name.LocalName == "access-vector").Value;
detail.Complexity = cvssNode.Descendants().Single(d => d.Name.LocalName == "access-complexity").Value;
detail.Authentication = cvssNode.Descendants().Single(d => d.Name.LocalName == "authentication").Value;
detail.Confidentiality = cvssNode.Descendants().Single(d => d.Name.LocalName == "confidentiality-impact").Value;
detail.Integrity = cvssNode.Descendants().Single(d => d.Name.LocalName == "integrity-impact").Value;
detail.Availability = cvssNode.Descendants().Single(d => d.Name.LocalName == "availability-impact").Value;
detail.Description = node.Descendants().Single(d => d.Name.LocalName == "summary").Value;
if (versions == null)
versions = new List<string>();
detail.AffectedVersions = versions.ToArray();
if (!m_cveDetails.ContainsKey(cveId))
m_cveDetails.Add(cveId, detail);
}
}
