public string ReadXccdfFile(Object.File file, string groupName)
{
try
{
if (file.FileName.IsFileInUse())
{
LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again.");
return("Failed; File In Use");
}
ParseXccdfWithXmlReader(file);
if (!incorrectFileType)
{
return("Processed");
}
else
{
return("Report Type (OVAL) Not Supported");
}
}
catch (Exception exception)
{
string error = $"Unable to process XCCDF file '{file.FileName}'.";
LogWriter.LogErrorWithDebug(error, exception);
return("Failed; See Log");
}
}
public string ReadFpr(Object.File file, string groupName)
{
try
{
if (file.FilePath.IsFileInUse())
{
LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again.");
return("Failed; File In Use");
}
ReadFprArchive(file);
return("Processed");
}
catch (Exception exception)
{
string error = $"Unable to process FPR file '{file.FileName}'.";
LogWriter.LogErrorWithDebug(error, exception);
return("Failed; See Log");
}
}
private void ParseWasspWithXmlReader(Object.File file)
{
try
{
XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings();
if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed"))
{
DatabaseBuilder.sqliteConnection.Open();
}
using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction())
{
using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand())
{
databaseInterface.InsertParameterPlaceholders(sqliteCommand);
sqliteCommand.Parameters["FindingType"].Value = "WASSP";
sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName;
sqliteCommand.Parameters["SourceName"].Value =
"Windows Automated Security Scanning Program (WASSP)";
sqliteCommand.Parameters["SourceVersion"].Value = string.Empty;
sqliteCommand.Parameters["SourceRelease"].Value = string.Empty;
databaseInterface.InsertParsedFileSource(sqliteCommand, file);
using (XmlReader xmlReader = XmlReader.Create(file.FilePath, xmlReaderSettings))
{
ParseVulnerabilityInfoFromWassp(sqliteCommand, xmlReader);
}
}
sqliteTransaction.Commit();
}
}
catch (Exception exception)
{
LogWriter.LogError($"Unable to parse WASSP file '{file.FileName}' using XML reader.");
throw exception;
}
finally
{
DatabaseBuilder.sqliteConnection.Close();
}
}
/// <summary>
/// Reads *.nessus files exported from within ACAS and writes the results to the appropriate DataTables.
/// </summary>
/// <param name="file">File Object to be parsed</param>
/// <returns>string Value</returns>
public string ReadAcasNessusFile(Object.File file, string groupName)
{
try
{
if (file.FilePath.IsFileInUse())
{
LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again.");
return("Failed; File In Use");
}
_groupName = groupName;
fileName = file.FileName;
ParseNessusWithXmlReader(file);
return("Processed");
}
catch (Exception exception)
{
string error = $"Unable to process ACAS Nessus file '{file.FileName}'";
LogWriter.LogErrorWithDebug(error, exception);
return("Failed; See Log");
}
}
private void ParseNessusWithXmlReader(Object.File file)
{
try
{
if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed"))
{
DatabaseBuilder.sqliteConnection.Open();
}
using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction())
{
using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand())
{
databaseInterface.InsertParameterPlaceholders(sqliteCommand);
sqliteCommand.Parameters["FindingType"].Value = "ACAS";
sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName;
databaseInterface.InsertParsedFileSource(sqliteCommand, file);
XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings();
using (XmlReader xmlReader = XmlReader.Create(file.FilePath, xmlReaderSettings))
{
while (xmlReader.Read())
{
if (xmlReader.IsStartElement())
{
switch (xmlReader.Name)
{
case "ReportHost":
{
ParseHostData(sqliteCommand, xmlReader);
break;
}
case "ReportItem":
{
ParseVulnerability(sqliteCommand, xmlReader);
break;
}
}
}
else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("ReportHost"))
{
sqliteCommand.Parameters["Found21745"].Value = found21745;
sqliteCommand.Parameters["Found26917"].Value = found26917;
databaseInterface.SetCredentialedScanStatus(sqliteCommand);
if (!found21745 && !found26917)
{
sqliteCommand.Parameters.Add(new SQLiteParameter("UpdatedStatus", "Completed"));
List <string> ids =
databaseInterface.SelectOutdatedUniqueFindings(sqliteCommand, lastObserved);
foreach (string id in ids)
{
sqliteCommand.Parameters.Add(new SQLiteParameter("UniqueFinding_ID", id));
databaseInterface.UpdateUniqueFindingStatusById(sqliteCommand);
}
if (sqliteCommand.Parameters.Contains("UpdatedStatus"))
{
sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UpdatedStatus"]);
}
if (sqliteCommand.Parameters.Contains("UniqueFinding_ID"))
{
sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UniqueFinding_ID"]);
}
}
found21745 = found26917 = false;
}
}
}
}
sqliteTransaction.Commit();
}
}
catch (Exception exception)
{
LogWriter.LogError("Unable to parse ACAS Nessus file with XmlReader.");
throw exception;
}
finally
{ DatabaseBuilder.sqliteConnection.Close(); }
}
/// <summary>
/// Reads *.csv files exported from within ACAS and writes the results to the appropriate DataTables.
/// </summary>
/// <param name="fileName">Name of *.csv file to be parsed.</param>
/// <param name="mitigationsList">List of mitigation items for vulnerabilities to be read against.</param>
/// <param name="systemName">Name of the system that the mitigations check will be run against.</param>
/// <returns>string Value</returns>
public string ReadAcasCsvFile(Object.File file, string groupName)
{
try
{
if (file.FilePath.IsFileInUse())
{
LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again.");
return("Failed; File In Use");
}
if (!DatabaseBuilder.sqliteConnection.State.Equals("Open"))
{
DatabaseBuilder.sqliteConnection.Open();
}
using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction())
{
using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand())
{
databaseInterface.InsertParameterPlaceholders(sqliteCommand);
databaseInterface.InsertParsedFileSource(sqliteCommand, file);
sqliteCommand.Parameters["FindingType"].Value = "ACAS";
sqliteCommand.Parameters["Name"].Value = "All";
using (TextReader textReader = System.IO.File.OpenText(file.FilePath))
{
var csvReader = new CsvReader(textReader);
csvReader.Configuration.HasHeaderRecord = true;
while (csvReader.Read())
{
if (csvReader.Context.Row == 1)
{
string missingHeader = CheckForCsvHeaders(csvReader);
if (!string.IsNullOrWhiteSpace(missingHeader))
{
LogWriter.LogError(
$"CSV File is missing the '{missingHeader}' column; please generate a " +
"new CSV file utilizing the ACAS report template that was packaged with the application.");
return("Failed; See Log");
}
csvReader.Read();
}
sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value =
csvReader.GetField("Plugin");
sqliteCommand.Parameters["VulnerabilityTitle"].Value =
csvReader.GetField("Plugin Name");
sqliteCommand.Parameters["ScanIP"].Value = csvReader.GetField("IP Address");
sqliteCommand.Parameters["DiscoveredHostName"].Value = csvReader.GetField("DNS Name");
sqliteCommand.Parameters["DisplayedHostName"].Value = csvReader.GetField("DNS Name");
sqliteCommand.Parameters["NetBIOS"].Value = csvReader.GetField("NetBIOS Name");
sqliteCommand.Parameters["RiskStatement"].Value = csvReader.GetField("Synopsis");
sqliteCommand.Parameters["VulnerabilityDescription"].Value =
csvReader.GetField("Description");
sqliteCommand.Parameters["FixText"].Value = csvReader.GetField("Solution");
sqliteCommand.Parameters["PrimaryRawRiskIndicator"].Value =
ConvertRiskFactorToRawRisk(csvReader.GetField("Risk Factor"));
sqliteCommand.Parameters["SecondaryRawRiskIndicator"].Value =
csvReader.GetField("STIG Severity");
string crossReferences = csvReader.GetField("Cross References");
if (!string.IsNullOrWhiteSpace(crossReferences))
{
if (crossReferences.Contains(","))
{
foreach (string reference in crossReferences.Split(','))
{
references.Add(SanitizeCrossReferences(reference));
}
}
else
{
references.Add(SanitizeCrossReferences(crossReferences));
}
}
sqliteCommand.Parameters["LastObserved"].Value = DateTime
.Parse(csvReader.GetField("Last Observed")).ToShortDateString();
sqliteCommand.Parameters["ModifiedDate"].Value =
csvReader.GetField("Plugin Modification Date");
sqliteCommand.Parameters["CVSS_TemporalScore"].Value =
csvReader.GetField("CVSS Temporal Score");
sqliteCommand.Parameters["CVSS_BaseScore"].Value =
csvReader.GetField("CVSS Base Score");
if (!string.IsNullOrWhiteSpace(csvReader.GetField("CVSS Temporal Score")))
{
sqliteCommand.Parameters["CVSS_BaseVector"].Value = csvReader
.GetField("CVSS Vector")
.Split(new string[] { "/E:" }, StringSplitOptions.None)[0];
sqliteCommand.Parameters["CVSS_TemporalVector"].Value =
csvReader.GetField("CVSS Vector");
}
else
{
sqliteCommand.Parameters["CVSS_BaseVector"].Value =
csvReader.GetField("CVSS Vector");
}
sqliteCommand.Parameters["ToolGeneratedOutput"].Value = csvReader
.GetField("Plugin Text")
.Replace("Plugin Output: ", string.Empty);
if (sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value.ToString()
.Equals("19506"))
{
SetSourceInformation(sqliteCommand);
}
sqliteCommand.Parameters["Protocol"].Value = csvReader.GetField("Protocol");
sqliteCommand.Parameters["Port"].Value = csvReader.GetField("Port");
sqliteCommand.Parameters["VulnerabilityFamilyOrClass"].Value =
csvReader.GetField("Family");
sqliteCommand.Parameters["FirstDiscovered"].Value = DateTime
.Parse(csvReader.GetField("First Discovered")).ToShortDateString();
sqliteCommand.Parameters["PublishedDate"].Value = DateTime
.Parse(csvReader.GetField("Plugin Publication Date")).ToShortDateString();
sqliteCommand.Parameters["FixPublishedDate"].Value = DateTime
.Parse(csvReader.GetField("Patch Publication Date")).ToShortDateString();
sqliteCommand.Parameters["VulnerabilityVersion"].Value = csvReader.GetField("Version");
ParsePluginRevision(sqliteCommand);
sqliteCommand.Parameters["MAC_Address"].Value = csvReader.GetField("MAC Address");
PrepareVulnerabilitySource(sqliteCommand);
databaseInterface.InsertHardware(sqliteCommand);
sqliteCommand.Parameters["InstanceIdentifier"].Value =
$"{sqliteCommand.Parameters["DiscoveredHostName"].Value}_" +
$"{sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value}_" +
$"{sqliteCommand.Parameters["Port"].Value}_" +
$"{sqliteCommand.Parameters["Protocol"].Value}_" +
$"{sqliteCommand.Parameters["DiscoveredServiceName"].Value}";
List <string> ids = databaseInterface.SelectOutdatedVulnerabilities(sqliteCommand, true);
sqliteCommand.Parameters.Add(new SQLiteParameter("UpdatedStatus", "Completed"));
foreach (string id in ids)
{
sqliteCommand.Parameters.Add(new SQLiteParameter("UniqueFinding_ID", id));
databaseInterface.UpdateUniqueFindingStatusById(sqliteCommand);
}
sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UpdatedStatus"]);
sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UniqueFinding_ID"]);
databaseInterface.InsertVulnerability(sqliteCommand);
databaseInterface.MapVulnerabilityToSource(sqliteCommand);
if (Properties.Settings.Default.CaptureAcasPortInformation)
{
databaseInterface.InsertAndMapPort(sqliteCommand);
}
databaseInterface.InsertAndMapIpAddress(sqliteCommand);
databaseInterface.InsertAndMapMacAddress(sqliteCommand);
if (Properties.Settings.Default.CaptureAcasEnumeratedSoftware)
{
switch (sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value.ToString())
{
case "20811":
{
ParseWindowsSoftware(sqliteCommand);
break;
}
case "22869":
{
ParseUnixSoftware(sqliteCommand, "22869");
break;
}
case "29217":
{
ParseUnixSoftware(sqliteCommand, "29217");
break;
}
}
}
if (Properties.Settings.Default.CaptureAcasReferenceInformation)
{
foreach (VulnerabilityReference reference in references)
{
sqliteCommand.Parameters["Reference"].Value = reference.Reference;
sqliteCommand.Parameters["ReferenceType"].Value = reference.ReferenceType;
databaseInterface.InsertAndMapVulnerabilityReferences(sqliteCommand);
}
}
PrepareUniqueFinding(sqliteCommand);
foreach (SQLiteParameter parameter in sqliteCommand.Parameters)
{
if (!persistentParameters.Contains(parameter.ParameterName))
{
parameter.Value = string.Empty;
}
}
references.Clear();
}
}
}
sqliteTransaction.Commit();
}
return("Processed");
}
catch (Exception exception)
{
string error = $"Unable to process ACAS CSV file '{file.FileName}'";
LogWriter.LogErrorWithDebug(error, exception);
return("Failed; See Log");
}
finally
{
DatabaseBuilder.sqliteConnection.Close();
}
}
private void ReadFprArchive(Object.File file)
{
try
{
if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed"))
{
DatabaseBuilder.sqliteConnection.Open();
}
using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction())
{
using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand())
{
databaseInterface.InsertParameterPlaceholders(sqliteCommand);
sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName;
databaseInterface.InsertParsedFileSource(sqliteCommand, file);
using (Stream stream = System.IO.File.OpenRead(file.FilePath))
{
using (ZipArchive zipArchive = new ZipArchive(stream, ZipArchiveMode.Read))
{
ZipArchiveEntry auditFvdl =
zipArchive.Entries.FirstOrDefault(x => x.Name.Equals("audit.fvdl"));
ParseAuditFvdlWithXmlReader(auditFvdl, sqliteCommand);
ZipArchiveEntry auditXml =
zipArchive.Entries.FirstOrDefault(x => x.Name.Equals("audit.xml"));
if (auditXml != null)
{
ParseAuditXmlWithXmlReader(auditXml);
}
}
}
sqliteCommand.Parameters["SourceName"].Value = "HPE Fortify SCA";
sqliteCommand.Parameters["SourceRelease"].Value = "HPE Fortify SCA";
sqliteCommand.Parameters["SourceVersion"].Value = version;
sqliteCommand.Parameters["DiscoveredSoftwareName"].Value = softwareName;
sqliteCommand.Parameters["DisplayedSoftwareName"].Value = softwareName;
sqliteCommand.Parameters["FindingSourceFileName"].Value = file.FileName;
sqliteCommand.Parameters["FindingType"].Value = "Fortify";
sqliteCommand.Parameters["FirstDiscovered"].Value = firstDiscovered;
sqliteCommand.Parameters["LastObserved"].Value = lastObserved;
List <string> ids = databaseInterface.SelectOutdatedVulnerabilities(sqliteCommand, true);
sqliteCommand.Parameters.Add(new SQLiteParameter("UpdatedStatus", "Completed"));
foreach (string id in ids)
{
sqliteCommand.Parameters.Add(new SQLiteParameter("UniqueFinding_ID", id));
databaseInterface.UpdateUniqueFindingStatusById(sqliteCommand);
}
if (sqliteCommand.Parameters.Contains("UpdatedStatus"))
{
sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UpdatedStatus"]);
}
if (sqliteCommand.Parameters.Contains("UniqueFinding_ID"))
{
sqliteCommand.Parameters.Remove(sqliteCommand.Parameters["UniqueFinding_ID"]);
}
databaseInterface.InsertVulnerabilitySource(sqliteCommand);
databaseInterface.InsertSoftware(sqliteCommand);
foreach (FprVulnerability fprVulnerability in fprVulnerabilityList)
{
sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value = fprVulnerability.ClassId;
if (sqliteCommand.Parameters["VulnerabilityVersion"].Value == DBNull.Value)
{
sqliteCommand.Parameters["VulnerabilityVersion"].Value = string.Empty;
}
if (sqliteCommand.Parameters["VulnerabilityRelease"].Value == DBNull.Value)
{
sqliteCommand.Parameters["VulnerabilityRelease"].Value = string.Empty;
}
sqliteCommand.Parameters["VulnerabilityGroupTitle"].Value = fprVulnerability.Kingdom;
sqliteCommand.Parameters["VulnerabilityFamilyOrClass"].Value = fprVulnerability.Type;
sqliteCommand.Parameters["VulnerabilityTitle"].Value = fprVulnerability.SubType;
sqliteCommand.Parameters["VulnerabilityDescription"].Value = fprVulnerability.Description;
sqliteCommand.Parameters["RiskStatement"].Value = fprVulnerability.RiskStatement;
sqliteCommand.Parameters["FixText"].Value = fprVulnerability.FixText;
sqliteCommand.Parameters["InstanceIdentifier"].Value = fprVulnerability.InstanceId;
sqliteCommand.Parameters["ToolGeneratedOutput"].Value = fprVulnerability.Output;
sqliteCommand.Parameters["Comments"].Value = fprVulnerability.Comments;
sqliteCommand.Parameters["PrimaryRawRiskIndicator"].Value = fprVulnerability.RawRisk;
sqliteCommand.Parameters["DeltaAnalysisIsRequired"].Value = "False";
foreach (FprVulnerability.AuditComment comment in fprVulnerability.AuditComments.OrderBy(x => x.EditTime))
{
string concatenatedComment =
$"{comment.EditTime.ToShortDateString()}{Environment.NewLine}{comment.UserName}: {comment.Content}";
sqliteCommand.Parameters["Comments"].Value =
string.IsNullOrEmpty(sqliteCommand.Parameters["Comments"].Value.ToString())
? concatenatedComment
: $"{sqliteCommand.Parameters["Comments"].Value}{Environment.NewLine}{Environment.NewLine}{concatenatedComment}";
}
sqliteCommand.Parameters["Status"].Value = fprVulnerability.Status;
databaseInterface.InsertVulnerability(sqliteCommand);
databaseInterface.MapVulnerabilityToSource(sqliteCommand);
databaseInterface.InsertUniqueFinding(sqliteCommand);
foreach (string cci in fprVulnerability.CCIs)
{
sqliteCommand.Parameters["CCI_Number"].Value = cci;
databaseInterface.MapVulnerabilityToCci(sqliteCommand);
sqliteCommand.Parameters["CCI_Number"].Value = DBNull.Value;
}
foreach (SQLiteParameter parameter in sqliteCommand.Parameters)
{
if (!persistentParameters.Contains(parameter.ParameterName))
{
sqliteCommand.Parameters[parameter.ParameterName].Value = DBNull.Value;
}
}
}
}
sqliteTransaction.Commit();
}
}
catch (Exception exception)
{
LogWriter.LogError("Unable to read FPR Archive.");
throw exception;
}
finally
{
DatabaseBuilder.sqliteConnection.Close();
}
}
private void ParseXccdfWithXmlReader(Object.File file)
{
try
{
XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings();
fileNameWithoutPath = Path.GetFileName(file.FileName);
if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed"))
{
DatabaseBuilder.sqliteConnection.Open();
}
using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction())
{
using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand())
{
databaseInterface.InsertParameterPlaceholders(sqliteCommand);
sqliteCommand.Parameters.Add(new SQLiteParameter("FindingType", "XCCDF"));
sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName;
sqliteCommand.Parameters["FindingSourceFileName"].Value = fileNameWithoutPath;
sqliteCommand.Parameters["VulnerabilityRelease"].Value = string.Empty;
databaseInterface.InsertParsedFileSource(sqliteCommand, file);
using (XmlReader xmlReader = XmlReader.Create(file.FilePath, xmlReaderSettings))
{
while (xmlReader.Read())
{
if (xmlReader.IsStartElement())
{
switch (xmlReader.Prefix)
{
case "cdf":
{
ParseXccdfFromScc(xmlReader, sqliteCommand);
break;
}
case "xccdf":
{
//ParseXccdfFromAcas(xmlReader, sqliteCommand);
break;
}
case "oval-res":
{
incorrectFileType = true;
return;
}
case "oval-var":
{
incorrectFileType = true;
return;
}
case "":
{
ParseXccdfFromScc(xmlReader, sqliteCommand);
break;
}
default:
{ break; }
}
}
}
}
}
sqliteTransaction.Commit();
}
}
catch (Exception exception)
{
LogWriter.LogError("Unable to parse XCCDF using XML reader.");
throw exception;
}
finally
{ DatabaseBuilder.sqliteConnection.Close(); }
}
