public ActionResult RunAnalysisWithAnalyses(string SelectedBaseRunId, string SelectedCompareRunId, IFormFile AnalysisFilterFile)
{
var filePath = Path.GetTempFileName();
CompareCommandOptions opts = new CompareCommandOptions();
opts.FirstRunId = SelectedBaseRunId;
opts.SecondRunId = SelectedCompareRunId;
opts.Analyze = true;
opts.SaveToDatabase = true;
if (AnalysisFilterFile != null)
{
using (var stream = System.IO.File.Create(filePath))
{
AnalysisFilterFile.CopyTo(stream);
}
opts.AnalysesFile = filePath;
}
if (AttackSurfaceAnalyzerClient.GetComparators().Where(c => c.IsRunning() == RUN_STATUS.RUNNING).Any())
{
return(Json("Comparators already running!"));
}
if (DatabaseManager.GetComparisonCompleted(opts.FirstRunId, opts.SecondRunId))
{
return(Json("Using cached comparison calculations."));
}
Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.CompareRuns(opts));
return(Json("Started Analysis"));
}
public ActionResult StartMonitoring(string RunId, string Directory)
{
if (RunId != null)
{
if (DatabaseManager.GetRun(RunId) != null)
{
return(Json(ASA_ERROR.UNIQUE_ID));
}
var run = new AsaRun(RunId: RunId, Timestamp: DateTime.Now, Version: AsaHelpers.GetVersionString(), Platform: AsaHelpers.GetPlatform(), new List <RESULT_TYPE>()
{
RESULT_TYPE.FILEMONITOR
}, RUN_TYPE.MONITOR);
DatabaseManager.InsertRun(run);
MonitorCommandOptions opts = new MonitorCommandOptions
{
RunId = RunId,
EnableFileSystemMonitor = true,
MonitoredDirectories = Directory,
Verbose = Logger.Verbose,
Debug = Logger.Debug,
Quiet = Logger.Quiet
};
AttackSurfaceAnalyzerClient.ClearMonitors();
return(Json((int)AttackSurfaceAnalyzerClient.RunGuiMonitorCommand(opts)));
}
return(Json(-1));
}
public ActionResult StartMonitoring(string RunId, string Directory)
{
if (RunId != null)
{
if (DatabaseManager.GetRun(RunId) != null)
{
return(Json(GUI_ERROR.UNIQUE_ID));
}
DatabaseManager.InsertRun(RunId, new Dictionary <RESULT_TYPE, bool>()
{
{ RESULT_TYPE.FILEMONITOR, true }
});
MonitorCommandOptions opts = new MonitorCommandOptions
{
RunId = RunId,
EnableFileSystemMonitor = true,
MonitoredDirectories = Directory,
FilterLocation = "filters.json"
};
AttackSurfaceAnalyzerClient.ClearMonitors();
return(Json((int)AttackSurfaceAnalyzerClient.RunGuiMonitorCommand(opts)));
}
return(Json(-1));
}
public ActionResult RunAnalysis(string firstId, string secondId)
{
CompareCommandOptions opts = new CompareCommandOptions();
opts.FirstRunId = firstId;
opts.SecondRunId = secondId;
opts.Analyze = true;
if (AttackSurfaceAnalyzerClient.GetComparators().Where(c => c.IsRunning() == RUN_STATUS.RUNNING).Any())
{
return(Json("Comparators already running!"));
}
using (var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection, DatabaseManager.Transaction))
{
cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
return(Json("Using cached comparison calculations."));
}
}
}
Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.CompareRuns(opts));
return(Json("Started Analysis"));
}
public ActionResult RunAnalysis(string firstId, string secondId)
{
CompareCommandOptions opts = new CompareCommandOptions();
opts.FirstRunId = firstId;
opts.SecondRunId = secondId;
opts.Analyze = true;
foreach (BaseCompare c in AttackSurfaceAnalyzerClient.GetComparators())
{
// The GUI *should* prevent us from getting here. But this is extra protection.
// We won't start new collections while existing ones are ongoing.
if (c.IsRunning() == RUN_STATUS.RUNNING)
{
return(Json("Comparators already running!"));
}
}
using (var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection, DatabaseManager.Transaction))
{
cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
return(Json("Using cached comparison calculations."));
}
}
}
Task.Factory.StartNew <Dictionary <string, object> >(() => AttackSurfaceAnalyzerClient.CompareRuns(opts));
return(Json("Started Analysis"));
}
public void VerifyFileMonitorAsFile()
{
var RuleName = "AndRule";
var andRule = new AsaRule(RuleName)
{
Expression = "0 AND 1",
ResultType = RESULT_TYPE.FILE,
Flag = ANALYSIS_RESULT_TYPE.FATAL,
Clauses = new List <Clause>()
{
new Clause(Operation.Equals, "Path")
{
Label = "0",
Data = new List <string>()
{
"TestPath1"
}
},
new Clause(Operation.IsTrue, "IsExecutable")
{
Label = "1"
}
}
};
var analyzer = new AsaAnalyzer();
var opts = new CompareCommandOptions(null, "SecondRun")
{
ApplySubObjectRulesToMonitor = true
};
var results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile()
{
AsaRules = new AsaRule[] { andRule }
});
Assert.IsTrue(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule))));
opts = new CompareCommandOptions(null, "SecondRun")
{
ApplySubObjectRulesToMonitor = false
};
results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile()
{
AsaRules = new AsaRule[] { andRule }
});
Assert.IsFalse(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule))));
}
public ActionResult GetComparators()
{
Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>();
foreach (BaseCompare c in AttackSurfaceAnalyzerClient.GetComparators())
{
var fullString = c.GetType().ToString();
var splits = fullString.Split('.');
dict.Add(splits[splits.Length - 1], c.IsRunning());
}
//@TODO: Also return the RunId
return(Json(JsonConvert.SerializeObject(dict)));
}
public ActionResult GetMonitorStatus()
{
Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>();
foreach (BaseMonitor c in AttackSurfaceAnalyzerClient.GetMonitors())
{
var fullString = c.GetType().ToString();
var splits = fullString.Split('.');
dict.Add(splits[splits.Length - 1], c.RunStatus);
}
//@TODO: Also return the RunId
return(Json(JsonSerializer.Serialize(dict)));
}
private IEnumerable <DataRunModel> GetRunModels()
{
List <string> Runs = AttackSurfaceAnalyzerClient.GetRuns("collect");
List <DataRunModel> runModels = new List <DataRunModel>();
for (int i = 0; i < Runs.Count; i++)
{
runModels.Add(new DataRunModel {
Key = Runs[i], Text = Runs[i]
});
}
return(runModels);
}
public ActionResult GetCollectors()
{
Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>();
string RunId = DatabaseManager.GetLatestRunIds(1, RUN_TYPE.COLLECT)[0];
foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors())
{
var fullString = c.GetType().ToString();
var splits = fullString.Split('.');
dict.Add(splits[splits.Length - 1], c.RunStatus);
}
Dictionary <string, object> output = new Dictionary <string, object>();
output.Add("RunId", RunId);
output.Add("Runs", dict);
return(Json(JsonSerializer.Serialize(output)));
}
public ActionResult GetCollectors()
{
Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>();
string RunId = AttackSurfaceAnalyzerClient.GetLatestRunId();
foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors())
{
var fullString = c.GetType().ToString();
var splits = fullString.Split('.');
dict.Add(splits[splits.Length - 1], c.IsRunning());
}
Dictionary <string, object> output = new Dictionary <string, object>();
output.Add("RunId", RunId);
output.Add("Runs", dict);
return(Json(JsonConvert.SerializeObject(output)));
}
public ActionResult StartCollection(string Id, bool File, bool Port, bool Service, bool User, bool Registry, bool Certificates, bool Com, bool Firewall, bool Log)
{
CollectCommandOptions opts = new CollectCommandOptions();
opts.RunId = Id.Trim();
opts.EnableFileSystemCollector = File;
opts.EnableNetworkPortCollector = Port;
opts.EnableServiceCollector = Service;
opts.EnableRegistryCollector = Registry;
opts.EnableUserCollector = User;
opts.EnableCertificateCollector = Certificates;
opts.EnableComObjectCollector = Com;
opts.EnableFirewallCollector = Firewall;
opts.EnableEventLogCollector = Log;
opts.DatabaseFilename = DatabaseManager.SqliteFilename;
opts.FilterLocation = "Use embedded filters.";
foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors())
{
// The GUI *should* prevent us from getting here. But this is extra protection.
// We won't start new collections while existing ones are ongoing.
if (c.IsRunning() == RUN_STATUS.RUNNING)
{
return(Json(GUI_ERROR.ALREADY_RUNNING));
}
}
AttackSurfaceAnalyzerClient.ClearCollectors();
string Select_Runs = "select run_id from runs where run_id=@run_id";
using (var cmd = new SqliteCommand(Select_Runs, DatabaseManager.Connection, DatabaseManager.Transaction))
{
cmd.Parameters.AddWithValue("@run_id", Id);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
return(Json(GUI_ERROR.UNIQUE_ID));
}
}
}
Task.Factory.StartNew <int>(() => AttackSurfaceAnalyzerClient.RunCollectCommand(opts));
return(Json(GUI_ERROR.NONE));
}
public ActionResult StartMonitoring(string RunId, string Directory, string Extension)
{
if (RunId != null)
{
using (var cmd = new SqliteCommand(INSERT_RUN, DatabaseManager.Connection, DatabaseManager.Transaction))
{
cmd.Parameters.AddWithValue("@run_id", RunId.Trim());
cmd.Parameters.AddWithValue("@file_system", true);
cmd.Parameters.AddWithValue("@ports", false);
cmd.Parameters.AddWithValue("@users", false);
cmd.Parameters.AddWithValue("@services", false);
cmd.Parameters.AddWithValue("@registry", false);
cmd.Parameters.AddWithValue("@certificates", false);
cmd.Parameters.AddWithValue("@firewall", false);
cmd.Parameters.AddWithValue("@comobjects", false);
cmd.Parameters.AddWithValue("@type", "monitor");
cmd.Parameters.AddWithValue("@timestamp", DateTime.Now.ToString("o", CultureInfo.InvariantCulture));
cmd.Parameters.AddWithValue("@version", AsaHelpers.GetVersionString());
cmd.Parameters.AddWithValue("@platform", AsaHelpers.GetPlatformString());
try
{
cmd.ExecuteNonQuery();
DatabaseManager.Commit();
}
catch (SqliteException e)
{
Log.Warning(e.StackTrace);
Log.Warning(e.Message);
return(Json((int)GUI_ERROR.UNIQUE_ID));
}
}
MonitorCommandOptions opts = new MonitorCommandOptions
{
RunId = RunId,
EnableFileSystemMonitor = true,
MonitoredDirectories = Directory,
FilterLocation = "filters.json"
};
AttackSurfaceAnalyzerClient.ClearMonitors();
return(Json((int)AttackSurfaceAnalyzerClient.RunGuiMonitorCommand(opts)));
}
return(Json(-1));
}
public ActionResult StartCollection(string Id, bool File, bool Port, bool Service, bool User, bool Registry, bool Certificates, bool Com, bool Firewall, bool Log)
{
CollectCommandOptions opts = new CollectCommandOptions();
opts.RunId = Id?.Trim();
opts.EnableFileSystemCollector = File;
opts.EnableNetworkPortCollector = Port;
opts.EnableServiceCollector = Service;
opts.EnableRegistryCollector = Registry;
opts.EnableUserCollector = User;
opts.EnableCertificateCollector = Certificates;
opts.EnableComObjectCollector = Com;
opts.EnableFirewallCollector = Firewall;
opts.EnableEventLogCollector = Log;
opts.Verbose = Logger.Verbose;
opts.Debug = Logger.Debug;
opts.Quiet = Logger.Quiet;
opts.DatabaseFilename = DatabaseManager.SqliteFilename;
foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors())
{
// The GUI *should* prevent us from getting here. But this is extra protection.
// We won't start new collections while existing ones are ongoing.
if (c.RunStatus == RUN_STATUS.RUNNING)
{
return(Json(ASA_ERROR.ALREADY_RUNNING));
}
}
AttackSurfaceAnalyzerClient.ClearCollectors();
if (Id is null)
{
return(Json(ASA_ERROR.INVALID_ID));
}
if (DatabaseManager.GetRun(Id) != null)
{
return(Json(ASA_ERROR.UNIQUE_ID));
}
_ = Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.RunCollectCommand(opts));
return(Json(ASA_ERROR.NONE));
}
public ActionResult GetCollectors()
{
Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>();
string RunId = AttackSurfaceAnalyzerClient.GetLatestRunId();
//TODO: Improve this to not have to change this variable on every loop, without having to call GetCollectors twice.
foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors())
{
var fullString = c.GetType().ToString();
var splits = fullString.Split('.');
dict.Add(splits[splits.Length - 1], c.IsRunning());
}
Dictionary <string, object> output = new Dictionary <string, object>();
output.Add("RunId", RunId);
output.Add("Runs", dict);
//@TODO: Also return the RunId
return(Json(JsonConvert.SerializeObject(output)));
}
public ActionResult RunAnalysisWithAnalyses(string SelectedBaseRunId, string SelectedCompareRunId, IFormFile AnalysisFilterFile)
{
var filePath = Path.GetTempFileName();
CompareCommandOptions opts = new CompareCommandOptions();
opts.FirstRunId = SelectedBaseRunId;
opts.SecondRunId = SelectedCompareRunId;
opts.Analyze = true;
opts.SaveToDatabase = true;
if (AnalysisFilterFile != null)
{
using (var stream = System.IO.File.Create(filePath))
{
AnalysisFilterFile.CopyTo(stream);
}
opts.AnalysesFile = filePath;
}
if (AttackSurfaceAnalyzerClient.GetComparators().Where(c => c.IsRunning() == RUN_STATUS.RUNNING).Any())
{
return(Json("Comparators already running!"));
}
using (var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection, DatabaseManager.Transaction))
{
cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
return(Json("Using cached comparison calculations."));
}
}
}
Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.CompareRuns(opts));
return(Json("Started Analysis"));
}
public ActionResult GetLatestRunId()
{
return(Json(HttpUtility.UrlEncode(AttackSurfaceAnalyzerClient.GetLatestRunId())));
}
public ActionResult WriteScanJson(int ResultType, string BaseId, string CompareId, bool ExportAll, string OutputPath)
{
AttackSurfaceAnalyzerClient.WriteScanJson(ResultType, BaseId, CompareId, ExportAll, OutputPath);
return(Json(true));
}
public ActionResult WriteMonitorJson(string RunId, int ResultType, string OutputPath)
{
AttackSurfaceAnalyzerClient.WriteMonitorJson(RunId, ResultType, OutputPath);
return(Json(true));
}
public ActionResult StopMonitoring()
{
return(Json(AttackSurfaceAnalyzerClient.StopMonitors()));
}
public ActionResult GetLatestRunId()
{
return(Json(AttackSurfaceAnalyzerClient.GetLatestRunId()));
}