public string ReadXccdfFile(Object.File file, string groupName) { try { if (file.FileName.IsFileInUse()) { LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again."); return("Failed; File In Use"); } ParseXccdfWithXmlReader(file); if (!incorrectFileType) { return("Processed"); } else { return("Report Type (OVAL) Not Supported"); } } catch (Exception exception) { string error = $"Unable to process XCCDF file '{file.FileName}'."; LogWriter.LogErrorWithDebug(error, exception); return("Failed; See Log"); } }
public string ReadFpr(Object.File file, string groupName) { try { if (file.FilePath.IsFileInUse()) { LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again."); return("Failed; File In Use"); } ReadFprArchive(file); return("Processed"); } catch (Exception exception) { string error = $"Unable to process FPR file '{file.FileName}'."; LogWriter.LogErrorWithDebug(error, exception); return("Failed; See Log"); } }
private void ParseWasspWithXmlReader(Object.File file) { try { XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings(); if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed")) { DatabaseBuilder.sqliteConnection.Open(); } using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction()) { using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand()) { databaseInterface.InsertParameterPlaceholders(sqliteCommand); sqliteCommand.Parameters["FindingType"].Value = "WASSP"; sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName; sqliteCommand.Parameters["SourceName"].Value = "Windows Automated Security Scanning Program (WASSP)"; sqliteCommand.Parameters["SourceVersion"].Value = string.Empty; sqliteCommand.Parameters["SourceRelease"].Value = string.Empty; databaseInterface.InsertParsedFileSource(sqliteCommand, file); using (XmlReader xmlReader = XmlReader.Create(file.FilePath, xmlReaderSettings)) { ParseVulnerabilityInfoFromWassp(sqliteCommand, xmlReader); } } sqliteTransaction.Commit(); } } catch (Exception exception) { LogWriter.LogError($"Unable to parse WASSP file '{file.FileName}' using XML reader."); throw exception; } finally { DatabaseBuilder.sqliteConnection.Close(); } }
/// <summary> /// Reads *.nessus files exported from within ACAS and writes the results to the appropriate DataTables. /// </summary> /// <param name="file">File Object to be parsed</param> /// <returns>string Value</returns> public string ReadAcasNessusFile(Object.File file, string groupName) { try { if (file.FilePath.IsFileInUse()) { LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again."); return("Failed; File In Use"); } _groupName = groupName; fileName = file.FileName; ParseNessusWithXmlReader(file); return("Processed"); } catch (Exception exception) { string error = $"Unable to process ACAS Nessus file '{file.FileName}'"; LogWriter.LogErrorWithDebug(error, exception); return("Failed; See Log"); } }
private void ParseNessusWithXmlReader(Object.File file) { try { if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed")) { DatabaseBuilder.sqliteConnection.Open(); } using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction()) { using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand()) { databaseInterface.InsertParameterPlaceholders(sqliteCommand); sqliteCommand.Parameters["FindingType"].Value = "ACAS"; sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName; databaseInterface.InsertParsedFileSource(sqliteCommand, file); XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings(); using (XmlReader xmlReader = XmlReader.Create(file.FilePath, xmlReaderSettings)) { while (xmlReader.Read()) { if (xmlReader.IsStartElement()) { switch (xmlReader.Name) { case "ReportHost": { ParseHostData(sqliteCommand, xmlReader); break; } case "ReportItem": { ParseVulnerability(sqliteCommand, xmlReader); break; } } } else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("ReportHost")) { sqliteCommand.Parameters["Found21745"].Value = found21745; sqliteCommand.Parameters["Found26917"].Value = found26917; databaseInterface.SetCredentialedScanStatus(sqliteCommand); if (!found21745 && !found26917) { sqliteCommand.Parameters.Add(new SQLiteParameter("UpdatedStatus", "Completed")); List <string> ids = databaseInterface.SelectOutdatedUniqueFindings(sqliteCommand, lastObserved); foreach (string id in ids) { sqliteCommand.Parameters.Add(new SQLiteParameter("UniqueFinding_ID", id)); databaseInterface.UpdateUniqueFindingStatusById(sqliteCommand); } if (sqliteCommand.Parameters.Contains("UpdatedStatus")) { sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UpdatedStatus"]); } if (sqliteCommand.Parameters.Contains("UniqueFinding_ID")) { sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UniqueFinding_ID"]); } } found21745 = found26917 = false; } } } } sqliteTransaction.Commit(); } } catch (Exception exception) { LogWriter.LogError("Unable to parse ACAS Nessus file with XmlReader."); throw exception; } finally { DatabaseBuilder.sqliteConnection.Close(); } }
/// <summary> /// Reads *.csv files exported from within ACAS and writes the results to the appropriate DataTables. /// </summary> /// <param name="fileName">Name of *.csv file to be parsed.</param> /// <param name="mitigationsList">List of mitigation items for vulnerabilities to be read against.</param> /// <param name="systemName">Name of the system that the mitigations check will be run against.</param> /// <returns>string Value</returns> public string ReadAcasCsvFile(Object.File file, string groupName) { try { if (file.FilePath.IsFileInUse()) { LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again."); return("Failed; File In Use"); } if (!DatabaseBuilder.sqliteConnection.State.Equals("Open")) { DatabaseBuilder.sqliteConnection.Open(); } using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction()) { using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand()) { databaseInterface.InsertParameterPlaceholders(sqliteCommand); databaseInterface.InsertParsedFileSource(sqliteCommand, file); sqliteCommand.Parameters["FindingType"].Value = "ACAS"; sqliteCommand.Parameters["Name"].Value = "All"; using (TextReader textReader = System.IO.File.OpenText(file.FilePath)) { var csvReader = new CsvReader(textReader); csvReader.Configuration.HasHeaderRecord = true; while (csvReader.Read()) { if (csvReader.Context.Row == 1) { string missingHeader = CheckForCsvHeaders(csvReader); if (!string.IsNullOrWhiteSpace(missingHeader)) { LogWriter.LogError( $"CSV File is missing the '{missingHeader}' column; please generate a " + "new CSV file utilizing the ACAS report template that was packaged with the application."); return("Failed; See Log"); } csvReader.Read(); } sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value = csvReader.GetField("Plugin"); sqliteCommand.Parameters["VulnerabilityTitle"].Value = csvReader.GetField("Plugin Name"); sqliteCommand.Parameters["ScanIP"].Value = csvReader.GetField("IP Address"); sqliteCommand.Parameters["DiscoveredHostName"].Value = csvReader.GetField("DNS Name"); sqliteCommand.Parameters["DisplayedHostName"].Value = csvReader.GetField("DNS Name"); sqliteCommand.Parameters["NetBIOS"].Value = csvReader.GetField("NetBIOS Name"); sqliteCommand.Parameters["RiskStatement"].Value = csvReader.GetField("Synopsis"); sqliteCommand.Parameters["VulnerabilityDescription"].Value = csvReader.GetField("Description"); sqliteCommand.Parameters["FixText"].Value = csvReader.GetField("Solution"); sqliteCommand.Parameters["PrimaryRawRiskIndicator"].Value = ConvertRiskFactorToRawRisk(csvReader.GetField("Risk Factor")); sqliteCommand.Parameters["SecondaryRawRiskIndicator"].Value = csvReader.GetField("STIG Severity"); string crossReferences = csvReader.GetField("Cross References"); if (!string.IsNullOrWhiteSpace(crossReferences)) { if (crossReferences.Contains(",")) { foreach (string reference in crossReferences.Split(',')) { references.Add(SanitizeCrossReferences(reference)); } } else { references.Add(SanitizeCrossReferences(crossReferences)); } } sqliteCommand.Parameters["LastObserved"].Value = DateTime .Parse(csvReader.GetField("Last Observed")).ToShortDateString(); sqliteCommand.Parameters["ModifiedDate"].Value = csvReader.GetField("Plugin Modification Date"); sqliteCommand.Parameters["CVSS_TemporalScore"].Value = csvReader.GetField("CVSS Temporal Score"); sqliteCommand.Parameters["CVSS_BaseScore"].Value = csvReader.GetField("CVSS Base Score"); if (!string.IsNullOrWhiteSpace(csvReader.GetField("CVSS Temporal Score"))) { sqliteCommand.Parameters["CVSS_BaseVector"].Value = csvReader .GetField("CVSS Vector") .Split(new string[] { "/E:" }, StringSplitOptions.None)[0]; sqliteCommand.Parameters["CVSS_TemporalVector"].Value = csvReader.GetField("CVSS Vector"); } else { sqliteCommand.Parameters["CVSS_BaseVector"].Value = csvReader.GetField("CVSS Vector"); } sqliteCommand.Parameters["ToolGeneratedOutput"].Value = csvReader .GetField("Plugin Text") .Replace("Plugin Output: ", string.Empty); if (sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value.ToString() .Equals("19506")) { SetSourceInformation(sqliteCommand); } sqliteCommand.Parameters["Protocol"].Value = csvReader.GetField("Protocol"); sqliteCommand.Parameters["Port"].Value = csvReader.GetField("Port"); sqliteCommand.Parameters["VulnerabilityFamilyOrClass"].Value = csvReader.GetField("Family"); sqliteCommand.Parameters["FirstDiscovered"].Value = DateTime .Parse(csvReader.GetField("First Discovered")).ToShortDateString(); sqliteCommand.Parameters["PublishedDate"].Value = DateTime .Parse(csvReader.GetField("Plugin Publication Date")).ToShortDateString(); sqliteCommand.Parameters["FixPublishedDate"].Value = DateTime .Parse(csvReader.GetField("Patch Publication Date")).ToShortDateString(); sqliteCommand.Parameters["VulnerabilityVersion"].Value = csvReader.GetField("Version"); ParsePluginRevision(sqliteCommand); sqliteCommand.Parameters["MAC_Address"].Value = csvReader.GetField("MAC Address"); PrepareVulnerabilitySource(sqliteCommand); databaseInterface.InsertHardware(sqliteCommand); sqliteCommand.Parameters["InstanceIdentifier"].Value = $"{sqliteCommand.Parameters["DiscoveredHostName"].Value}_" + $"{sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value}_" + $"{sqliteCommand.Parameters["Port"].Value}_" + $"{sqliteCommand.Parameters["Protocol"].Value}_" + $"{sqliteCommand.Parameters["DiscoveredServiceName"].Value}"; List <string> ids = databaseInterface.SelectOutdatedVulnerabilities(sqliteCommand, true); sqliteCommand.Parameters.Add(new SQLiteParameter("UpdatedStatus", "Completed")); foreach (string id in ids) { sqliteCommand.Parameters.Add(new SQLiteParameter("UniqueFinding_ID", id)); databaseInterface.UpdateUniqueFindingStatusById(sqliteCommand); } sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UpdatedStatus"]); sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UniqueFinding_ID"]); databaseInterface.InsertVulnerability(sqliteCommand); databaseInterface.MapVulnerabilityToSource(sqliteCommand); if (Properties.Settings.Default.CaptureAcasPortInformation) { databaseInterface.InsertAndMapPort(sqliteCommand); } databaseInterface.InsertAndMapIpAddress(sqliteCommand); databaseInterface.InsertAndMapMacAddress(sqliteCommand); if (Properties.Settings.Default.CaptureAcasEnumeratedSoftware) { switch (sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value.ToString()) { case "20811": { ParseWindowsSoftware(sqliteCommand); break; } case "22869": { ParseUnixSoftware(sqliteCommand, "22869"); break; } case "29217": { ParseUnixSoftware(sqliteCommand, "29217"); break; } } } if (Properties.Settings.Default.CaptureAcasReferenceInformation) { foreach (VulnerabilityReference reference in references) { sqliteCommand.Parameters["Reference"].Value = reference.Reference; sqliteCommand.Parameters["ReferenceType"].Value = reference.ReferenceType; databaseInterface.InsertAndMapVulnerabilityReferences(sqliteCommand); } } PrepareUniqueFinding(sqliteCommand); foreach (SQLiteParameter parameter in sqliteCommand.Parameters) { if (!persistentParameters.Contains(parameter.ParameterName)) { parameter.Value = string.Empty; } } references.Clear(); } } } sqliteTransaction.Commit(); } return("Processed"); } catch (Exception exception) { string error = $"Unable to process ACAS CSV file '{file.FileName}'"; LogWriter.LogErrorWithDebug(error, exception); return("Failed; See Log"); } finally { DatabaseBuilder.sqliteConnection.Close(); } }
private void ReadFprArchive(Object.File file) { try { if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed")) { DatabaseBuilder.sqliteConnection.Open(); } using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction()) { using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand()) { databaseInterface.InsertParameterPlaceholders(sqliteCommand); sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName; databaseInterface.InsertParsedFileSource(sqliteCommand, file); using (Stream stream = System.IO.File.OpenRead(file.FilePath)) { using (ZipArchive zipArchive = new ZipArchive(stream, ZipArchiveMode.Read)) { ZipArchiveEntry auditFvdl = zipArchive.Entries.FirstOrDefault(x => x.Name.Equals("audit.fvdl")); ParseAuditFvdlWithXmlReader(auditFvdl, sqliteCommand); ZipArchiveEntry auditXml = zipArchive.Entries.FirstOrDefault(x => x.Name.Equals("audit.xml")); if (auditXml != null) { ParseAuditXmlWithXmlReader(auditXml); } } } sqliteCommand.Parameters["SourceName"].Value = "HPE Fortify SCA"; sqliteCommand.Parameters["SourceRelease"].Value = "HPE Fortify SCA"; sqliteCommand.Parameters["SourceVersion"].Value = version; sqliteCommand.Parameters["DiscoveredSoftwareName"].Value = softwareName; sqliteCommand.Parameters["DisplayedSoftwareName"].Value = softwareName; sqliteCommand.Parameters["FindingSourceFileName"].Value = file.FileName; sqliteCommand.Parameters["FindingType"].Value = "Fortify"; sqliteCommand.Parameters["FirstDiscovered"].Value = firstDiscovered; sqliteCommand.Parameters["LastObserved"].Value = lastObserved; List <string> ids = databaseInterface.SelectOutdatedVulnerabilities(sqliteCommand, true); sqliteCommand.Parameters.Add(new SQLiteParameter("UpdatedStatus", "Completed")); foreach (string id in ids) { sqliteCommand.Parameters.Add(new SQLiteParameter("UniqueFinding_ID", id)); databaseInterface.UpdateUniqueFindingStatusById(sqliteCommand); } if (sqliteCommand.Parameters.Contains("UpdatedStatus")) { sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UpdatedStatus"]); } if (sqliteCommand.Parameters.Contains("UniqueFinding_ID")) { sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UniqueFinding_ID"]); } databaseInterface.InsertVulnerabilitySource(sqliteCommand); databaseInterface.InsertSoftware(sqliteCommand); foreach (FprVulnerability fprVulnerability in fprVulnerabilityList) { sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value = fprVulnerability.ClassId; if (sqliteCommand.Parameters["VulnerabilityVersion"].Value == DBNull.Value) { sqliteCommand.Parameters["VulnerabilityVersion"].Value = string.Empty; } if (sqliteCommand.Parameters["VulnerabilityRelease"].Value == DBNull.Value) { sqliteCommand.Parameters["VulnerabilityRelease"].Value = string.Empty; } sqliteCommand.Parameters["VulnerabilityGroupTitle"].Value = fprVulnerability.Kingdom; sqliteCommand.Parameters["VulnerabilityFamilyOrClass"].Value = fprVulnerability.Type; sqliteCommand.Parameters["VulnerabilityTitle"].Value = fprVulnerability.SubType; sqliteCommand.Parameters["VulnerabilityDescription"].Value = fprVulnerability.Description; sqliteCommand.Parameters["RiskStatement"].Value = fprVulnerability.RiskStatement; sqliteCommand.Parameters["FixText"].Value = fprVulnerability.FixText; sqliteCommand.Parameters["InstanceIdentifier"].Value = fprVulnerability.InstanceId; sqliteCommand.Parameters["ToolGeneratedOutput"].Value = fprVulnerability.Output; sqliteCommand.Parameters["Comments"].Value = fprVulnerability.Comments; sqliteCommand.Parameters["PrimaryRawRiskIndicator"].Value = fprVulnerability.RawRisk; sqliteCommand.Parameters["DeltaAnalysisIsRequired"].Value = "False"; foreach (FprVulnerability.AuditComment comment in fprVulnerability.AuditComments.OrderBy(x => x.EditTime)) { string concatenatedComment = $"{comment.EditTime.ToShortDateString()}{Environment.NewLine}{comment.UserName}: {comment.Content}"; sqliteCommand.Parameters["Comments"].Value = string.IsNullOrEmpty(sqliteCommand.Parameters["Comments"].Value.ToString()) ? concatenatedComment : $"{sqliteCommand.Parameters["Comments"].Value}{Environment.NewLine}{Environment.NewLine}{concatenatedComment}"; } sqliteCommand.Parameters["Status"].Value = fprVulnerability.Status; databaseInterface.InsertVulnerability(sqliteCommand); databaseInterface.MapVulnerabilityToSource(sqliteCommand); databaseInterface.InsertUniqueFinding(sqliteCommand); foreach (string cci in fprVulnerability.CCIs) { sqliteCommand.Parameters["CCI_Number"].Value = cci; databaseInterface.MapVulnerabilityToCci(sqliteCommand); sqliteCommand.Parameters["CCI_Number"].Value = DBNull.Value; } foreach (SQLiteParameter parameter in sqliteCommand.Parameters) { if (!persistentParameters.Contains(parameter.ParameterName)) { sqliteCommand.Parameters[parameter.ParameterName].Value = DBNull.Value; } } } } sqliteTransaction.Commit(); } } catch (Exception exception) { LogWriter.LogError("Unable to read FPR Archive."); throw exception; } finally { DatabaseBuilder.sqliteConnection.Close(); } }
private void ParseXccdfWithXmlReader(Object.File file) { try { XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings(); fileNameWithoutPath = Path.GetFileName(file.FileName); if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed")) { DatabaseBuilder.sqliteConnection.Open(); } using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction()) { using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand()) { databaseInterface.InsertParameterPlaceholders(sqliteCommand); sqliteCommand.Parameters.Add(new SQLiteParameter("FindingType", "XCCDF")); sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName; sqliteCommand.Parameters["FindingSourceFileName"].Value = fileNameWithoutPath; sqliteCommand.Parameters["VulnerabilityRelease"].Value = string.Empty; databaseInterface.InsertParsedFileSource(sqliteCommand, file); using (XmlReader xmlReader = XmlReader.Create(file.FilePath, xmlReaderSettings)) { while (xmlReader.Read()) { if (xmlReader.IsStartElement()) { switch (xmlReader.Prefix) { case "cdf": { ParseXccdfFromScc(xmlReader, sqliteCommand); break; } case "xccdf": { //ParseXccdfFromAcas(xmlReader, sqliteCommand); break; } case "oval-res": { incorrectFileType = true; return; } case "oval-var": { incorrectFileType = true; return; } case "": { ParseXccdfFromScc(xmlReader, sqliteCommand); break; } default: { break; } } } } } } sqliteTransaction.Commit(); } } catch (Exception exception) { LogWriter.LogError("Unable to parse XCCDF using XML reader."); throw exception; } finally { DatabaseBuilder.sqliteConnection.Close(); } }