/// <summary> /// Copyright (C) 2014-2015 Jerome Athias /// Unfinished tool to retrieve OVAL Definitions corresponding to a CPE an XORCISM database /// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. /// /// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. /// /// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA /// </summary> static void Main(string[] args) { //TODO FIX MODELS //Search the CPE fo OVALDEFINITIONs using the CPE list collected from CVE NVD XORCISMEntities model = new XORCISMEntities(); model.Configuration.AutoDetectChangesEnabled = false; model.Configuration.ValidateOnSaveEnabled = false; XOVALEntities oval_model = new XOVALEntities(); oval_model.Configuration.AutoDetectChangesEnabled = false; oval_model.Configuration.ValidateOnSaveEnabled = false; XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); vuln_model.Configuration.AutoDetectChangesEnabled = false; vuln_model.Configuration.ValidateOnSaveEnabled = false; List <OVALDEFINITIONVULNERABILITY> ListOVALDefVulns = oval_model.OVALDEFINITIONVULNERABILITY.ToList(); foreach (OVALDEFINITIONVULNERABILITY oOVALDefVuln in ListOVALDefVulns) { Console.WriteLine("DEBUG ************************************************************"); Console.WriteLine("DEBUG " + oOVALDefVuln.OVALDEFINITION.OVALDefinitionIDPattern); int iVulnerabilityID = (int)oOVALDefVuln.VulnerabilityID; string sVULReferentialID = vuln_model.VULNERABILITY.FirstOrDefault(o => o.VulnerabilityID == oOVALDefVuln.VulnerabilityID).VULReferentialID; //Console.WriteLine("DEBUG " + oOVALDefVuln.VULNERABILITY.VULReferentialID); Console.WriteLine("DEBUG " + sVULReferentialID); //List<VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == oOVALDefVuln.VULNERABILITY.VulnerabilityID).ToList(); List <VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == iVulnerabilityID).ToList(); foreach (VULNERABILITYFORCPE oVulnCPE in ListVulnCPEs) { //Console.WriteLine("DEBUG " + oVulnCPE.CPE.CPEName); string sCPEName = model.CPE.FirstOrDefault(o => o.CPEID == oVulnCPE.CPEID).CPEName; Console.WriteLine("DEBUG " + sCPEName); } } model.Dispose(); }
/// <summary> /// Copyright (C) 2014-2015 Jerome Athias /// TEST/DEBUG ONLY tool to play with an XORCISM database (check the proper import and relationships creation between CVE and OVAL) /// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. /// /// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. /// /// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA /// </summary> static void Main(string[] args) { XORCISMEntities model = new XORCISMEntities(); XOVALEntities oval_model = new XOVALEntities(); XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); string sCVEID = "CVE-2014-3802"; //HARDCODED VULNERABILITY oVulnerability = null; try { oVulnerability = vuln_model.VULNERABILITY.Where(o => o.VULReferentialID == sCVEID).FirstOrDefault(); } catch (Exception ex) { } if (oVulnerability != null) { //Check if we have an OVALDEFINITION for the VULNERABILITY int iOVALDEFINITIONVULNERABILITYID = 0; try { iOVALDEFINITIONVULNERABILITYID = oval_model.OVALDEFINITIONVULNERABILITY.Where(o => o.VulnerabilityID == oVulnerability.VulnerabilityID).Select(o => o.OVALDefinitionVulnerabilityID).FirstOrDefault(); } catch (Exception ex) { } if (iOVALDEFINITIONVULNERABILITYID > 0) { Console.WriteLine("DEBUG: We already have a definition"); } else { //Search a Product in the Vulnerability's Definition foreach (PRODUCT oProduct in model.PRODUCT) { if (oVulnerability.VULDescription.ToLower().Contains(oProduct.ProductName.ToLower())) { Console.WriteLine("DEBUG: Potential Product: " + oProduct.ProductName); //Platform //CPE } } //Search a Filename in the Vulnerability's Definition foreach (FILE oFile in model.FILE) { if (oVulnerability.VULDescription.ToLower().Contains(oFile.FileName.ToLower())) { Console.WriteLine("DEBUG: Potential File: " + oFile.FileName); } } //regex .dll } } else { Console.WriteLine("ERROR: Vulnerability not found"); } }