private void AddNewCve(JToken currCve) { // Only accept if CVE description does not contain ** REJECT ** and build data if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; JToken cvss; if (currCve["impact"].Children().Count() == 0) { return; } cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; // Create new CveObject Cve newCve = new Cve { PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()), LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()), GivenID = cveMeta["ID"].ToString(), Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(), VectorString = cvss["vectorString"].ToString(), AccessVector = cvss["accessVector"].ToString(), AccessComplexity = cvss["accessComplexity"].ToString(), Authentication = cvss["authentication"].ToString(), ConfidentialityImpact = cvss["confidentialityImpact"].ToString(), IntegrityImpact = cvss["availabilityImpact"].ToString(), AvailabilityImpact = cvss["availabilityImpact"].ToString(), BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()), References = new List <Reference>(), CveConfigurations = new List <CveConfiguration>(), UserCveConfigurations = new List <UserCveConfiguration>() }; // Get references JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; newCve.References.Add(newReference); } // Get products from CVE JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); // Foreach product foreach (JToken currJsonProduct in jsonProductList) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; newCve.CveConfigurations.Add(newConfiguration); // Update tracked userCveConfigurations where this product is already tracked Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault(); foreach (var item in _context.UserCveConfigurations .Where(ucc => ucc.ProductID == existingProduct.ProductID) .GroupBy(g => g.ConfigurationID).ToList()) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, ConfigurationID = item.Key, StatusID = status.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now, Cve = newCve, New = 'Y'.ToString() }; // Add email notification if not already added var existingConfiguration = _context.Configurations .Where(c => c.ConfigurationID == item.Key) .FirstOrDefault(); var userToEmail = _context.Users .Where(u => u.Id == existingConfiguration.AspNetUserID) .FirstOrDefault(); // Check if an email already exists bool emailAlreadyExists = emailRecipientList .Where(erl => erl.EmailAddress == userToEmail.Email).Count() > 0; // If the email does exist if (emailAlreadyExists == true) { // Add configuration Name if (!emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First() .ConfigurationIdList.Contains(existingConfiguration.ConfigurationID)) { emailRecipientList.Where(erl => erl.EmailAddress == userToEmail.Email).First() .ConfigurationIdList.Add(existingConfiguration.ConfigurationID); } } else // If the email does not exist { // Create new email and add it to the recipient list Email newEmail = new Email() { EmailAddress = userToEmail.Email, RecipientName = userToEmail.FirstName, }; newEmail.ConfigurationIdList.Add(existingConfiguration.ConfigurationID); emailRecipientList.Add(newEmail); } newCve.UserCveConfigurations.Add(newUserCveConfiguration); } } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8], Added = DateTime.Now }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve newCve.CveConfigurations.Add(newCveConfiguration); } } // Add new CVE to database try { _context.Cves.Add(newCve); _context.SaveChanges(); } catch (Exception e) { System.Diagnostics.Debug.WriteLine("Error: " + e.Message); } } }
public IActionResult InitialDataImport() { // Get all file paths IList <string> pathList = new List <string>(); // Foreach file foreach (string currFile in Directory.EnumerateFiles( "wwwroot\\CVE Data", "*", SearchOption.AllDirectories)) { string jsonString = System.IO.File.ReadAllText(currFile); JObject jsonObject = JObject.Parse(jsonString); IList <JToken> jsonCveList = jsonObject["CVE_Items"].ToList(); //Collect values from each Cve and create Cve object IList <Cve> newCveList = new List <Cve>(); foreach (JToken currCve in jsonCveList) { // Only accept if CVE description does not contain ** REJECT ** and has a score if (!currCve["cve"]["description"]["description_data"].First["value"].ToString().Contains("** REJECT **")) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; // Detect errornous score information and restart JToken cvss; try { cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; } catch (Exception e) { continue; } // Create new CveObject Cve newCve = new Cve { PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()), LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()), GivenID = cveMeta["ID"].ToString(), Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(), VectorString = cvss["vectorString"].ToString(), AccessVector = cvss["accessVector"].ToString(), AccessComplexity = cvss["accessComplexity"].ToString(), Authentication = cvss["authentication"].ToString(), ConfidentialityImpact = cvss["confidentialityImpact"].ToString(), IntegrityImpact = cvss["availabilityImpact"].ToString(), AvailabilityImpact = cvss["availabilityImpact"].ToString(), BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()), References = new List <Reference>(), CveConfigurations = new List <CveConfiguration>() }; // Get references JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; newCve.References.Add(newReference); } // Get products from CVE JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); // Foreach product foreach (JToken currJsonProduct in jsonProductList) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; newCve.CveConfigurations.Add(newConfiguration); } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8], Added = DateTime.Now }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve newCve.CveConfigurations.Add(newCveConfiguration); } } // Add new CVE to database try { _context.Cves.Add(newCve); _context.SaveChanges(); } catch (Exception e) { TempData["Param"] = "newCve"; TempData["Error"] = e.Message; throw e; } } } } StatusMessage = "Successfully Seeded Database."; return(RedirectToAction(nameof(Index))); }
private void UpdateExistingCve(Cve existingCve, JToken currCve) { JToken cveMeta = currCve["cve"]["CVE_data_meta"]; JToken cvss; // Detect errornous score information and restart try { cvss = currCve["impact"]["baseMetricV2"]["cvssV2"]; } catch (Exception) { return; } // Update the CVE itself existingCve.PublishedDate = Convert.ToDateTime(currCve["publishedDate"].ToString()); existingCve.LastModifiedDate = Convert.ToDateTime(currCve["lastModifiedDate"].ToString()); existingCve.GivenID = cveMeta["ID"].ToString(); existingCve.Description = currCve["cve"]["description"]["description_data"].First["value"].ToString(); existingCve.VectorString = cvss["vectorString"].ToString(); existingCve.AccessVector = cvss["accessVector"].ToString(); existingCve.AccessComplexity = cvss["accessComplexity"].ToString(); existingCve.Authentication = cvss["authentication"].ToString(); existingCve.ConfidentialityImpact = cvss["confidentialityImpact"].ToString(); existingCve.IntegrityImpact = cvss["availabilityImpact"].ToString(); existingCve.AvailabilityImpact = cvss["availabilityImpact"].ToString(); existingCve.BaseScore = Convert.ToDouble(cvss["baseScore"].ToString()); existingCve.References.Clear(); JToken jsonReferenceList = currCve["cve"]["references"]["reference_data"]; foreach (JToken currReference in jsonReferenceList) { Reference newReference = new Reference { Url = currReference["url"].ToString() }; existingCve.References.Add(newReference); } // Add any new products JObject currCveObject = JObject.Parse(currCve.ToString()); IList <JToken> jsonProductList = currCveObject.Descendants() .Where(t => t.Type == JTokenType.Property && ((JProperty)t).Name == "cpe23Uri") .Select(p => ((JProperty)p).Value).ToList(); jsonProductList = jsonProductList.Distinct().ToList(); bool alreadyContained = false; foreach (JToken currJsonProduct in jsonProductList) { // Check for existing product foreach (CveConfiguration currCveConfiguration in existingCve.CveConfigurations) { if (currCveConfiguration.Product.Concatenated == currJsonProduct.ToString()) { alreadyContained = true; break; } } // If not already contained add the new product if (alreadyContained == false) { // Get existing product if it exists string currJsonProductString = currJsonProduct.ToString(); Product existingProduct = _context.Products .Where(p => p.Concatenated == currJsonProductString) .Include(p => p.CveConfigurations) .FirstOrDefault(); // If existing product does exist in the database if (existingProduct != null) { CveConfiguration newConfiguration = new CveConfiguration { Product = existingProduct }; existingCve.CveConfigurations.Add(newConfiguration); // Update tracked userCveConfigurations where this product is already tracked Status status = _context.Status.Where(s => s.StatusName == "Unresolved").FirstOrDefault(); foreach (var item in _context.UserCveConfigurations .Where(ucc => ucc.ProductID == existingProduct.ProductID) .GroupBy(ucc => ucc.ProductID) .Select(g => g.First()).ToList()) { UserCveConfiguration newUserCveConfiguration = new UserCveConfiguration() { ProductID = existingProduct.ProductID, CveID = existingCve.CveID, ConfigurationID = item.CveID, StatusID = status.StatusID, Notes = "No user defined notes.", DateAdded = DateTime.Now }; try { if (ModelState.IsValid) { _context.UserCveConfigurations.Add(newUserCveConfiguration); _context.SaveChanges(); } } catch (Exception) { return; } } } else // If the existing product doesn't exist in the database { // Break down the currJsonProductString into its components IList <string> productPartList = new List <string>(); productPartList = currJsonProductString.Split(":"); // Create new product Product newProduct = new Product { Concatenated = currJsonProductString, Part = productPartList[2], Vendor = productPartList[3], ProductName = productPartList[4], Version = productPartList[5], ProductUpdate = productPartList[6], Edition = productPartList[7], ProductLanguage = productPartList[8] }; // Add the new product to newCveConfiguration CveConfiguration newCveConfiguration = new CveConfiguration { Product = newProduct }; // Add the newCveConfiguration to the newCve existingCve.CveConfigurations.Add(newCveConfiguration); } } } // save updated existingCve try { if (ModelState.IsValid) { _context.Entry(existingCve).State = EntityState.Modified; _context.SaveChanges(); } } catch (Exception) { return; } }