Esempio n. 1
0
        protected override set GetSetElement(Definitions.ObjectType objectType)
        {
            var setElementName = fileeffectiverights53_object_ItemsChoices.set;
            var setElement = ((fileeffectiverights53_object)objectType).GetItemValue(setElementName);

            return (set)setElement;
        }
Esempio n. 2
0
        protected override set GetSetElement(Definitions.ObjectType objectType)
        {
            var setElementName = fileauditedpermissions53_objectItemsChoices.set;
            var setElement = ((fileauditedpermissions53_object)objectType).GetItemValue(setElementName);

            return (set)setElement;
        }
Esempio n. 3
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var userSIDEntity = ((user_sid55_object)objectType).GetUserSIDEntity();

            var userSIDs = this.processVariables(objectType, variables);
            if (userSIDs == null)
                return null;

            if (userSIDEntity.operation != OperationEnumeration.equals)
            {
                var collectedItems = ProcessOperationDifferentOfEquals(userSIDEntity.operation, userSIDs);
                if (collectedItems.Count > 0)
                    return collectedItems;

                var newUserSidItem = CreateUserSIDItemType(userSIDEntity.Value ?? "");
                newUserSidItem.status = StatusEnumeration.doesnotexist;
                newUserSidItem.user_sid.status = newUserSidItem.status;
                return new ItemType[] { newUserSidItem };
            }

            var itemsToCollect = new List<ItemType>();
            foreach (var userSID in userSIDs)
                itemsToCollect.Add(CreateUserSIDItemType(userSID));

            return itemsToCollect;
        }
Esempio n. 4
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var securityPrincipleEntity = ((accesstoken_object)objectType).GetSecurityPrincipleEntity();
            var securityPrinciples = this.EvaluateVariable(objectType, variables);
            securityPrinciples = this.ProcessOperation(securityPrinciples, securityPrincipleEntity);

            return this.CreateItemsToCollectFromSecurityPrincipleList(securityPrinciples);
        }
Esempio n. 5
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var userNames = this.processVariables(objectType, variables);
            if (userNames == null)
                return new List<ItemType>();

            return this.ProcessOperation(((user_object)objectType).User, userNames);
        }
Esempio n. 6
0
        private IEnumerable<string> ApplyOperations(Definitions.ObjectType sourceObject, IEnumerable<string> processedGroupSIDs)
        {
            var groupSIDEntity = ((group_sid_object)sourceObject).GetGroupSIDEntity();
            if (groupSIDEntity.operation == OperationEnumeration.equals)
                return processedGroupSIDs;

            return this.ProcessOperationDifferentOfEquals(groupSIDEntity.operation, processedGroupSIDs);
        }
Esempio n. 7
0
        private IEnumerable<String> processVariables(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var userEntityValue = ((user_object)objectType).User.Value;
            if (variables == null || variables.VariableValues.IsEmpty())
                return new string[] { userEntityValue };

            return 
                new UserEntityVariableEvaluator(objectType, variables)
                    .ProcessVariableForAllObjectEntities();
        }
Esempio n. 8
0
        public IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var trusteeSIDs = this.processVariables(objectType, variables);
            if (trusteeSIDs == null)
                return new List<ItemType>();

            var derivedTrusteeSIDs = this.processOperation(objectType, trusteeSIDs.ToArray());

            return this.createSidItemsToCollect(derivedTrusteeSIDs.ToList());
        }
Esempio n. 9
0
        private IList<string> EvaluateVariable(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var securityPrincipleEntity = ((accesstoken_object)objectType).GetSecurityPrincipleEntity();
            if (string.IsNullOrEmpty(securityPrincipleEntity.var_ref))
                return new List<String>(new string[] { securityPrincipleEntity.Value });

            var variableEvaluator = new AccessTokenVariableEvaluator(objectType, variables);
            var result = variableEvaluator.ProcessVariableForAllObjectEntities();
            return (result == null) ? new string[] { }.ToList() : result.ToList();
        }
Esempio n. 10
0
        /// <summary>
        /// this method returns the item_types to collect. 
        /// </summary>
        /// <param name="objectType">Type of the object.</param>
        /// <returns></returns>
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var variableEvaluator = new RegistryEntityVariableEvaluator(variables);
            var operationEvaluator = new RegistryEntityOperationEvaluator(this.SystemDataSource, this.WmiDataProvider);
                        
            var registryObjectsVariableProcessed = variableEvaluator.ProcessVariableForRegistryObject((registry_object)objectType);
            var registryObjectsOperationProcessed = operationEvaluator.ProcessOperation(registryObjectsVariableProcessed);

            return registryObjectsOperationProcessed;
        }
Esempio n. 11
0
        public IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var groupNames = this.processVariables(objectType, variables);
            if (groupNames == null)
                return new List<ItemType>();

            var derivedGroupNames = this.processOperation(objectType, groupNames.ToArray());

            return this.createGroupItemsToCollect(derivedGroupNames.ToList());
        }
Esempio n. 12
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var fileEffectiveRights53Object = (fileeffectiverights53_object)objectType;

            if (fileEffectiveRights53Object.HasVariableDefined())
            {
                var objectTypes = new FileEffectiveRights53EntityVariableEvaluator(variables).ProcessVariables(objectType);
                return this.OperationEvaluator.ProcessOperation(objectTypes).ToList();
            }

            return OperationEvaluator.ProcessOperation(fileEffectiveRights53Object).ToList();
        }
Esempio n. 13
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var itemsToCollect = new List<ItemType>();
            var fileObjects = new FileAuditedPermissionsVariableEvaluator(variables).ProcessVariables(objectType);

            foreach (var fileObject in fileObjects)
            {
                var processedItems = this.ProcessOperation((fileauditedpermissions53_object)fileObject);
                itemsToCollect.AddRange(processedItems);
            }

            return itemsToCollect;
        }
Esempio n. 14
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var itemsToCollect = new List<ItemType>();
            var xmlFileObjects = new XmlFileContentVariableEvaluator(variables).ProcessVariables(objectType);

            foreach (var xmlFileContentObject in xmlFileObjects)
            {
                var processedItems = this.ProcessOperation((xmlfilecontent_object)xmlFileContentObject);
                itemsToCollect.AddRange(processedItems);
            }

            return itemsToCollect;
        }
Esempio n. 15
0
        private IEnumerable<String> processVariables(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            string groupNameEntityValue = ((group_object)objectType).Group.Value;

            if ((variables == null) || (variables.VariableValues.Count() == 0))
                return new List<String>(new string[] { groupNameEntityValue });
            else
            {
                var variableEvaluator = new GroupEntityVariableEvaluator(objectType, variables);
                var processedVariables = variableEvaluator.ProcessVariableForAllObjectEntities();
                return (processedVariables == null) ? null : processedVariables;
            }
        }
Esempio n. 16
0
        public IEnumerable<String> ProcessVariablesForTypeFilePathEntities(Definitions.ObjectType objectType)
        {
            textfilecontent54_object fileContentObj = (textfilecontent54_object)objectType;

            var variablesFromFilePath = this.EvaluateVariableForEntity(fileContentObj, textfilecontent54_ItemsChoices.filepath);
            if ((variablesFromFilePath != null) && (variablesFromFilePath.Count() > 0))
                return variablesFromFilePath;

            var variablesFromPath = this.EvaluateVariableForEntity(fileContentObj, textfilecontent54_ItemsChoices.path);
            var variablesFromFilename = this.EvaluateVariableForEntity(fileContentObj, textfilecontent54_ItemsChoices.filename);

            return this.CreateFilePathsListByCombinationOfEntities(variablesFromPath, variablesFromFilename);
        }
Esempio n. 17
0
        private IEnumerable<String> processVariables(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var trusteeSIDEntityValue = ((sid_sid_object)objectType).TrusteeSID.Value;

            if ((variables == null) || (variables.VariableValues.Count() == 0))
                return new string[] { trusteeSIDEntityValue };
            else
            {
                var variableEvaluator = new SID_SID_EntityVariableEvaluator(objectType, variables);
                var processedVariables = variableEvaluator.ProcessVariableForAllObjectEntities();
                return (processedVariables == null) ? null : processedVariables.ToList();
            }
        }
Esempio n. 18
0
        /// <summary>
        /// Creates a items to collect from given object type.
        /// </summary>
        /// <param name="objectType">Type of the object.</param>
        /// <returns>A list of ItemType</returns>
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var variableEvaluator = new FileEffectiveRightsVariableEvaluator(variables);
            var operationEvaluator = new FileEffectiveRightsOperationEvaluator(SystemDataSource, FileProvider);
            var fileEffectiveRights = (fileeffectiverights_object)objectType;

            if (fileEffectiveRights.HasVariableDefined())
            {
                var objects = variableEvaluator.ProcessVariables(objectType);
                return operationEvaluator.ProcessOperation(objects).ToList();
            }

            return operationEvaluator.ProcessOperation(fileEffectiveRights).ToList();
        }
Esempio n. 19
0
        public IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var variableId = ((variable_object)objectType).GetItemValue().ToString();
            var variableValues = variables.GetVariableValueForVariableId(variableId);

            if (HasVariableValues(variables.VariableValues))
            {
                var variable = variableValues.FirstOrDefault(var => var.VariableId.Equals(variableId));
                if (variable != null && variable.values != null && variable.values.Count() > 0)
                    return new ItemType[] { this.CreateVariableItem(variableId) };
            }

            return new ItemType[] { };
        }
Esempio n. 20
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var variableEvaluator = new VariableEntityEvaluator(variables);
            var namespaceEntity = (EntityObjectStringType)((wmi_object)objectType).GetItemValue(wmi_object_ItemsChoices.@namespace);
            var wqlEntity = (EntityObjectStringType)((wmi_object)objectType).GetItemValue(wmi_object_ItemsChoices.wql);

            var namespaces = variableEvaluator.EvaluateVariableForEntity(namespaceEntity);
            var wqls = variableEvaluator.EvaluateVariableForEntity(wqlEntity);

            var itemsToCollect = new List<ItemType>();
            foreach (var ns in namespaces)
                foreach (var wql in wqls)
                    itemsToCollect.Add(this.CreateWmiItem(ns, wql));
            return itemsToCollect;
        }
Esempio n. 21
0
 public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated evaluatedVariables)
 {
     var textFileContentObject = (textfilecontent54_object)objectType;
     
     if (textFileContentObject.HasVariableDefined())
     {
         var variableEvaluator = new TextFileContentEntityVariableEvaluator(evaluatedVariables);
         var objectTypes = variableEvaluator.ProcessVariables(objectType);
         
         return this.OperationEvaluator.ProcessOperation(objectTypes).ToList();
     }
     else
     {
         return this.OperationEvaluator.ProcessOperation(textFileContentObject).ToList();
     }
 }
Esempio n. 22
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated evaluatedVariables)
        {
            var textFileContentObject = (textfilecontent_object)objectType;
            var operationEvaluator =
                new FileContentEntityOperationEvaluator(
                    this.FileContentSystemDataSource, WindowsFileProvider);

            if (textFileContentObject.HasVariableDefined())
            {
                var fileContentEntityVariableEvaluator = new FileContentEntityVariableEvaluator(evaluatedVariables);
                var objectTypes = fileContentEntityVariableEvaluator.ProcessVariables((textfilecontent_object)objectType);
                return operationEvaluator.ProcessOperation(objectTypes).ToList();
            }
            else
                return operationEvaluator.ProcessOperation(textFileContentObject).ToList();
        }
Esempio n. 23
0
        public IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var sapcodeObjectType = (sapcode_object)objectType;
            var variableEvaluator = new VariableEntityEvaluator(variables);
            var issues = variableEvaluator.EvaluateVariableForEntity(((EntitySimpleBaseType)sapcodeObjectType.Items[sapcodeObjectType.ItemsElementName.ToList().IndexOf(SapCodeObjectItemsChoices.issue)]));
            var systemNames = variableEvaluator.EvaluateVariableForEntity(((EntitySimpleBaseType)sapcodeObjectType.Items[sapcodeObjectType.ItemsElementName.ToList().IndexOf(SapCodeObjectItemsChoices.system_name)]));
            var itemList = new List<ItemType>();
            foreach (var systemName in systemNames)
                foreach (var issueNumber in issues)
                    itemList.Add(new sapcode_item()
                    {
                        issue = OvalHelper.CreateItemEntityWithIntegerValue(issueNumber),
                        system_name = OvalHelper.CreateItemEntityWithIntegerValue(systemName)
                    });

            return itemList.ToArray();
        }
Esempio n. 24
0
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var processedGroupSIDs = this.processVariables(objectType, variables);
            if (processedGroupSIDs == null)
                return null;

            processedGroupSIDs = this.ApplyOperations(objectType, processedGroupSIDs);

            var itemsToCollect = new List<ItemType>();
            foreach (var groupSID in processedGroupSIDs)
            {
                var newItemToCollect = new group_sid_item() { group_sid = OvalHelper.CreateItemEntityWithStringValue(groupSID) };
                itemsToCollect.Add(newItemToCollect);
            }

            return itemsToCollect;
        }
Esempio n. 25
0
        private IEnumerable<string> processOperation(Definitions.ObjectType objectType, IEnumerable<String> evalutedVariables)
        {
            var trusteeEntity = ((sid_sid_object)objectType).TrusteeSID;
            var entityOperation = trusteeEntity.operation;
            var trusteeSIDs = string.IsNullOrEmpty(trusteeEntity.var_ref) ? new string[] { trusteeEntity.Value } : evalutedVariables.ToArray();

            var operationResult = new List<String>();
            foreach (var trusteeSID in trusteeSIDs)
            {
                var valuesToApply = (this.getValuesToApplyOperation(entityOperation, trusteeSID)).ToArray();
                if (entityOperation == OperationEnumeration.patternmatch)
                    operationResult.AddRange(new MultiLevelPatternMatchOperation(FamilyEnumeration.windows).applyPatternMatch(trusteeSID, valuesToApply));
                else
                    operationResult.AddRange(this.EvaluateOperationsDifferentsOfPatternMatch(entityOperation, trusteeSID, valuesToApply));
            }

            return operationResult;
        }
Esempio n. 26
0
        /// <summary>
        /// Creates a items to collect from given object type.
        /// </summary>
        /// <param name="objectType">Type of the object.</param>
        /// <returns>A list of ItemType</returns>
        public virtual IList<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            this.CreateEvaluators(variables);
            
            var objectTypes = new Definitions.ObjectType[] { objectType };
            if (this.HasVariableDefined(objectType))
            {
                if (objectType is OVAL.Definitions.Unix.file_object)
                    objectTypes = this.FileVariableEvaluator.ProcessVariables((OVAL.Definitions.Unix.file_object)objectType).ToArray();
                else
                    objectTypes = this.FileVariableEvaluator.ProcessVariables((OVAL.Definitions.Windows.file_object)objectType).ToArray();
            }

            var itemsToCollect = this.OperationEvaluator.ProcessOperation(objectTypes).ToList();
            this.OperationEvaluator = null;
            this.FileVariableEvaluator = null;
            return itemsToCollect;


        }
Esempio n. 27
0
        private IEnumerable<string> processOperation(Definitions.ObjectType objectType, IEnumerable<String> evalutedVariables)
        {
            var groupEntity = ((group_object)objectType).Group;
            var entityOperation = groupEntity.operation;
            string[] groupNames = string.IsNullOrEmpty(groupEntity.var_ref) ? new string[] { groupEntity.Value } : evalutedVariables.ToArray();

            var operationResult = new List<String>();
            foreach (var groupName in groupNames)
            {
                string[] valuesToApply = (this.getValuesToApplyOperation(entityOperation, groupName)).ToArray();
                if (entityOperation == OperationEnumeration.patternmatch)
                {
                    var multiLevelOperation = new MultiLevelPatternMatchOperation(FamilyEnumeration.windows);
                    operationResult.AddRange(multiLevelOperation.applyPatternMatch(groupName, valuesToApply));
                }
                else
                    operationResult.AddRange(this.EvaluateOperationsDifferentsOfPatternMatch(entityOperation, groupName, valuesToApply));
            }

            return operationResult;
        }
Esempio n. 28
0
        /// <summary>
        /// Generates concrete items type to collect from object type.
        /// </summary>
        public virtual IEnumerable<ItemType> GetItemsToCollect(Definitions.ObjectType objectType, VariablesEvaluated variables)
        {
            var itemsToCollect = new List<ItemType>();
            var variableEvaluator = new RegKeyEffectiveRightsVariableEvaluator(objectType, variables);

            var hiveValue = variableEvaluator.AllObjectEntities[HiveEntityValue].Value;

            var processedKeys = variableEvaluator.TryToProcessObjectEntity(KeyEntityName);
            if (processedKeys != null)
                processedKeys = this.OperationEvaluator.ProcessOperationForKeyEntity(objectType, processedKeys.ToArray());
            if (processedKeys == null)
                return new ItemType[] { };

            var processedTrustees = variableEvaluator.TryToProcessObjectEntity(TrusteeSIDEntityName);
            var trusteeSidEntity = variableEvaluator.AllObjectEntities[TrusteeSIDEntityName];
            if (processedTrustees == null)
                return new ItemType[] { };

            foreach (var regKey in processedKeys)
            {
                foreach (var sid in processedTrustees)
                {
                    if (trusteeSidEntity.operation.Equals(OperationEnumeration.equals))
                    {
                        var newItemToCollect = this.createRegKeyEffectiveRights(hiveValue, regKey, sid);
                        newItemToCollect.status = StatusEnumeration.notcollected;
                        itemsToCollect.Add(newItemToCollect);
                    }
                    else
                    {
                        var alreadyCollectedItems = ObjectCollector.CollectItemsApplyingOperation(hiveValue, regKey, sid, trusteeSidEntity.operation);
                        itemsToCollect.AddRange(alreadyCollectedItems);

                    }
                }
            }

            return itemsToCollect;
        }
Esempio n. 29
0
 protected override set GetSetElement(Definitions.ObjectType objectType)
 {
     var variableObject = (variable_object)objectType;
     return variableObject.HasTheSetElement() ? (set)variableObject.Items.OfType<set>().First() : null;
 }
Esempio n. 30
0
        public static string GetFullFilePathFromObjectType(Defs::ObjectType objectType)
        {
            var allEntities = 
                (objectType is file_object)
                    ? OvalHelper.GetFileEntitiesFromObjectType((file_object)objectType)
                    : OvalHelper.GetFileEffectiveRightsFromObjectType((fileeffectiverights_object)objectType);

            string fullFilePath = string.Empty;
            if (OvalHelper.IsFilePathEntityDefined(allEntities))
                fullFilePath = allEntities[file_object_ItemsChoices.filepath.ToString()].Value;

            if (string.IsNullOrEmpty(fullFilePath))
            {
                string path = allEntities[file_object_ItemsChoices.path.ToString()].Value;
                string filename = allEntities[file_object_ItemsChoices.filename.ToString()].Value;
                fullFilePath = string.Format(@"{0}\{1}", path, filename);
            }

            return fullFilePath;
        }