/// <summary>
/// This is the getOutput method.
/// It is used to create a series of string with HTML elements for the HTML
/// output.
/// </summary>
/// <param name="record">the Record for output</param>
/// <returns>a series of string with HTML tags for HTML output</returns>
private String getOutput(ref Record.Record record)
{
#region // get Useful Data
List <DataEntry> highRisk = record.getHighRiskEntriesWithoutHotfix();
List <DataEntry> mediumRisk = record.getMediumRiskEntriesWithoutHotfix();
List <DataEntry> lowRisk = record.getLowRiskEntriesWithoutHotfix();
List <DataEntry> noneRisk = record.getNoneRiskEntriesWithoutHotfix();
Dictionary <int, DataEntry> openPort = new Dictionary <int, DataEntry>();
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
openPort = record.getOpenPort();
}
List <DataEntry> tempEntries = record.getWholeEntriesWithoutOpenPortAndHotfix();
Record.Record tempRecord = new Record.Record();
foreach (DataEntry entry in tempEntries)
{
tempRecord.guiAddEntry(entry);
}
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
foreach (DataEntry entry in openPort.Values)
{
tempRecord.guiAddEntry(entry);
}
}
RiskStats riskStats = tempRecord.getRiskStats();
#endregion
StringBuilder sb = new StringBuilder();
#region // print Risk Statistics
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
sb.Append("<br>High Risk: " + highRisk.Count + "\n");
sb.Append("<br>Medium Risk: " + mediumRisk.Count + "\n");
sb.Append("<br>Low Risk: " + lowRisk.Count + "\n");
sb.Append("<br>None Risk: " + noneRisk.Count + "\n");
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
sb.Append("<br>Open Port: " + openPort.Count + "\n");
}
sb.Append("</DIV>" + "\n");
#endregion
#region // print Host Statistics
// Per host statistics
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
sb.Append("<br/>");
sb.Append(HTMLOutputFormater.forHTML(entry.Key));
sb.Append(":\t");
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
if (hostRisk.Key != RiskFactor.OPEN ||
(hostRisk.Key == RiskFactor.OPEN && Program.state.panelOutputSelect_isOutputOpenPort))
{
sb.Append(HTMLOutputFormater.forHTML(RiskFactorFunction.getEnumString(hostRisk.Key) + " : "));
if (hostRisk.Key != RiskFactor.OPEN)
{
sb.Append(HTMLOutputFormater.forHTML(hostRisk.Value.ToString()) + '\t');
}
else if (Program.state.panelOutputSelect_isOutputOpenPort)
{
bool isOutput = false;
foreach (DataEntry tempEntry in openPort.Values)
{
if (tempEntry.getIp() == entry.Key)
{
sb.Append(tempEntry.getDescription().Split(',').Length.ToString() + '\t');
isOutput = true;
break;
}
}
if (!isOutput)
{
sb.Append("0\t");
}
}
}
}
}
}
sb.Append("</DIV>" + "\n");
#endregion
#region // print HIGH/MEDIUM/LOW/NONE Findings
// High Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>High Risk Findings</H4>" + "\n");
foreach (DataEntry entry in highRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.HIGH));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Medium Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Medium Risk Findings</H4>" + "\n");
foreach (DataEntry entry in mediumRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.MEDIUM));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Low Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Low Risk Findings</H4>" + "\n");
foreach (DataEntry entry in lowRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.LOW));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// None Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>None Risk Findings</H4>" + "\n");
foreach (DataEntry entry in noneRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.NONE));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
#endregion
#region // print Missing Hotfix Findings
if (Program.state.panelOutputSelect_isOutputHotfix)
{
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Missing Hotfix Findings</H4>" + "\n");
sb.Append("<p>" + "\n");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
sb.Append("<TR>\n");
sb.Append("<TD>Host</TD>\n");
sb.Append("<TD>Missing Hotfix(s)</TD>\n");
sb.Append("</TR>\n");
Dictionary <String, String> hotfixList = new Hotfix(record).getHotfixListGroupByHost();
foreach (KeyValuePair <String, String> finding in hotfixList)
{
sb.Append("<TR>\n");
// ip address for the open port findings
sb.Append("<TD>");
//MessageBox.Show(finding.Key);
sb.Append(finding.Key);
sb.Append("</TD>\n");
// open ports
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(finding.Value).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
}
sb.Append(HTML_TABLE_END);
sb.Append("</p>" + "\n");
sb.Append("</DIV>" + "\n");
}
#endregion
#region // print Open Port Findings
// Open Ports
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Open Ports Findings</H4>" + "\n");
sb.Append("<p>" + "\n");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
sb.Append("<TR>\n");
sb.Append("<TD>Host</TD>\n");
sb.Append("<TD>Open Port(s)</TD>\n");
sb.Append("</TR>\n");
foreach (KeyValuePair <int, DataEntry> keyValuePair in openPort)
{
DataEntry entry = keyValuePair.Value;
sb.Append("<TR>\n");
// ip address for the open port findings
sb.Append("<TD>");
sb.Append(entry.getIp());
sb.Append("</TD>\n");
// open ports
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
}
sb.Append(HTML_TABLE_END);
sb.Append("</p>" + "\n");
sb.Append("</DIV>" + "\n");
}
#endregion
return(sb.ToString());
}
private String getOutput(ref Record.Record record)
{
Dictionary <int, DataEntry> highRisk = record.getHighRisk();
Dictionary <int, DataEntry> mediumRisk = record.getMediumRisk();
Dictionary <int, DataEntry> lowRisk = record.getLowRisk();
Dictionary <int, DataEntry> noneRisk = record.getNoneRisk();
Dictionary <int, DataEntry> openPort = record.getOpenPort();
RiskStats riskStats = record.getRiskStats();
StringBuilder sb = new StringBuilder();
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
sb.Append("<br>High Risk: " + highRisk.Count + "\n");
sb.Append("<br>Medium Risk: " + mediumRisk.Count + "\n");
sb.Append("<br>Low Risk: " + lowRisk.Count + "\n");
sb.Append("<br>None Risk: " + noneRisk.Count + "\n");
sb.Append("<br>Open Port: " + openPort.Count + "\n");
sb.Append("</DIV>" + "\n");
// Per host statistics
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
sb.Append("<br/>");
sb.Append(HTMLOutputFormater.forHTML(entry.Key));
sb.Append(":\t");
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
sb.Append(HTMLOutputFormater.forHTML(RiskFactorFunction.getEnumString(hostRisk.Key) + " : "));
sb.Append(HTMLOutputFormater.forHTML(hostRisk.Value.ToString()) + '\t');
}
}
}
sb.Append("</DIV>" + "\n");
// High Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>High Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in highRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.HIGH));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Medium Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Medium Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in mediumRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.MEDIUM));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Low Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Low Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in lowRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.LOW));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// None Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>None Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in noneRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.NONE));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Open Ports
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Open Ports Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in openPort)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.OPEN));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
return(sb.ToString());
}
/// <summary>
/// This is the getDataEntryHTML method.
/// It is used to create a string for HTML output from given entry and
/// RiskFactor.
/// </summary>
/// <param name="entry">the DataEntry being transformed to HTML text string</param>
/// <param name="riskFactor">riskFactor of that entry</param>
/// <returns>a HTML string text for that entry</returns>
private String getDataEntryHTML(DataEntry entry, RiskFactor riskFactor)
{
StringBuilder sb = new StringBuilder();
sb.Append("<H5>" + HTMLOutputFormater.forHTML(entry.getPluginName()) + "</H5>");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
// Hosts Affected
sb.Append("<TR>\n");
sb.Append("<TD>Hosts Affected:</TD>\n");
sb.Append("<TD>");
sb.Append(entry.getIp());
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Description
sb.Append("<TR>\n");
sb.Append("<TD>Description:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Impact
sb.Append("<TR>\n");
sb.Append("<TD>Impact:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getImpact()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Risk Level
sb.Append("<TR>\n");
sb.Append("<TD>Risk Level: </TD>\n");
sb.Append("<TD>");
sb.Append(RiskFactorFunction.getEnumString(riskFactor));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Recommendations
sb.Append("<TR>\n");
sb.Append("<TD>Recommendation:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getRecommendation()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Reference
bool hasRef = false;
sb.Append("<TR>\n");
sb.Append("<TD>Reference:</TD>\n");
sb.Append("<TD>");
// CVE/BID/OSVDB
if (!String.IsNullOrEmpty(entry.getCve()) || !String.IsNullOrEmpty(entry.getBid()) || !String.IsNullOrEmpty(entry.getOsvdb()))
{
// CVE
if (!String.IsNullOrEmpty(entry.getCve()))
{
hasRef = true;
sb.Append("CVE: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getCve()));
sb.Append("<br/>");
}
// BID
if (!String.IsNullOrEmpty(entry.getBid()))
{
hasRef = true;
sb.Append("BID: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getBid()));
sb.Append("<br/>");
}
// OSVDB
if (!String.IsNullOrEmpty(entry.getOsvdb()))
{
hasRef = true;
sb.Append("OSVDB: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getOsvdb()));
sb.Append("<br/>");
}
}
if (hasRef)
{
sb.Remove(sb.Length - 5, 5);
}
else
{
sb.Append("N/A");
}
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Reference Link
if (!String.IsNullOrEmpty(entry.getReferenceLink()))
{
sb.Append("<TR>\n");
sb.Append("<TD>Reference Link:</TD>\n");
sb.Append("<TD><a href=\"");
sb.Append(HTMLOutputFormater.forHTML(entry.getReferenceLink()).Replace("\n", "<br/>"));
sb.Append("\" target=\"_blank\" >" + HTMLOutputFormater.forHTML(entry.getReferenceLink()).Replace("\n", "<br/>") + "</a></TD>\n");
sb.Append("</TR>\n");
}
sb.Append(HTML_TABLE_END);
return(sb.ToString());
}
private String getDataEntryHTML(DataEntry entry, RiskFactor riskFactor)
{
String HTML_TABLE_START = "<table border=\"1\">";
String HTML_TABLE_END = "</table>\n";
StringBuilder sb = new StringBuilder();
sb.Append("<H5>" + HTMLOutputFormater.forHTML(entry.getPluginName()) + "</H5>");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
// Hosts Affected
sb.Append("<TR>\n");
sb.Append("<TD>Hosts Affected:</TD>\n");
sb.Append("<TD>");
foreach (String ip in entry.getIpList())
{
sb.Append(ip + "<br/>");
}
sb.Remove(sb.Length - 5, 5);
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Description
sb.Append("<TR>\n");
sb.Append("<TD>Description:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Impact
sb.Append("<TR>\n");
sb.Append("<TD>Impact:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getImpact()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Risk Level
sb.Append("<TR>\n");
sb.Append("<TD>Risk Level: </TD>\n");
sb.Append("<TD>");
sb.Append(RiskFactorFunction.getEnumString(riskFactor));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Recommendations
sb.Append("<TR>\n");
sb.Append("<TD>Recommendation:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getRecommendation()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Reference
bool hasRef = false;
sb.Append("<TR>\n");
sb.Append("<TD>Reference:</TD>\n");
sb.Append("<TD>");
// CVE
if (entry.getCve() != null)
{
hasRef = true;
sb.Append("CVE: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getCve()));
sb.Append("<br/>");
}
// BID
if (entry.getBid() != null)
{
hasRef = true;
sb.Append("BID: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getBid()));
sb.Append("<br/>");
}
// OSVDB
if (entry.getOsvdb() != null)
{
hasRef = true;
sb.Append("OSVDB: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getOsvdb()));
sb.Append("<br/>");
}
if (hasRef)
{
sb.Remove(sb.Length - 5, 5);
}
else
{
sb.Append("N/A");
}
sb.Append("</TD>\n");
sb.Append("</TR>\n");
sb.Append(HTML_TABLE_END);
return(sb.ToString());
}
