public ActionResult RunAnalysisWithAnalyses(string SelectedBaseRunId, string SelectedCompareRunId, IFormFile AnalysisFilterFile) { var filePath = Path.GetTempFileName(); CompareCommandOptions opts = new CompareCommandOptions(); opts.FirstRunId = SelectedBaseRunId; opts.SecondRunId = SelectedCompareRunId; opts.Analyze = true; opts.SaveToDatabase = true; if (AnalysisFilterFile != null) { using (var stream = System.IO.File.Create(filePath)) { AnalysisFilterFile.CopyTo(stream); } opts.AnalysesFile = filePath; } if (AttackSurfaceAnalyzerClient.GetComparators().Where(c => c.IsRunning() == RUN_STATUS.RUNNING).Any()) { return(Json("Comparators already running!")); } if (DatabaseManager.GetComparisonCompleted(opts.FirstRunId, opts.SecondRunId)) { return(Json("Using cached comparison calculations.")); } Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.CompareRuns(opts)); return(Json("Started Analysis")); }
public ActionResult StartMonitoring(string RunId, string Directory) { if (RunId != null) { if (DatabaseManager.GetRun(RunId) != null) { return(Json(ASA_ERROR.UNIQUE_ID)); } var run = new AsaRun(RunId: RunId, Timestamp: DateTime.Now, Version: AsaHelpers.GetVersionString(), Platform: AsaHelpers.GetPlatform(), new List <RESULT_TYPE>() { RESULT_TYPE.FILEMONITOR }, RUN_TYPE.MONITOR); DatabaseManager.InsertRun(run); MonitorCommandOptions opts = new MonitorCommandOptions { RunId = RunId, EnableFileSystemMonitor = true, MonitoredDirectories = Directory, Verbose = Logger.Verbose, Debug = Logger.Debug, Quiet = Logger.Quiet }; AttackSurfaceAnalyzerClient.ClearMonitors(); return(Json((int)AttackSurfaceAnalyzerClient.RunGuiMonitorCommand(opts))); } return(Json(-1)); }
public ActionResult StartMonitoring(string RunId, string Directory) { if (RunId != null) { if (DatabaseManager.GetRun(RunId) != null) { return(Json(GUI_ERROR.UNIQUE_ID)); } DatabaseManager.InsertRun(RunId, new Dictionary <RESULT_TYPE, bool>() { { RESULT_TYPE.FILEMONITOR, true } }); MonitorCommandOptions opts = new MonitorCommandOptions { RunId = RunId, EnableFileSystemMonitor = true, MonitoredDirectories = Directory, FilterLocation = "filters.json" }; AttackSurfaceAnalyzerClient.ClearMonitors(); return(Json((int)AttackSurfaceAnalyzerClient.RunGuiMonitorCommand(opts))); } return(Json(-1)); }
public ActionResult RunAnalysis(string firstId, string secondId) { CompareCommandOptions opts = new CompareCommandOptions(); opts.FirstRunId = firstId; opts.SecondRunId = secondId; opts.Analyze = true; if (AttackSurfaceAnalyzerClient.GetComparators().Where(c => c.IsRunning() == RUN_STATUS.RUNNING).Any()) { return(Json("Comparators already running!")); } using (var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection, DatabaseManager.Transaction)) { cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId); cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { return(Json("Using cached comparison calculations.")); } } } Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.CompareRuns(opts)); return(Json("Started Analysis")); }
public ActionResult RunAnalysis(string firstId, string secondId) { CompareCommandOptions opts = new CompareCommandOptions(); opts.FirstRunId = firstId; opts.SecondRunId = secondId; opts.Analyze = true; foreach (BaseCompare c in AttackSurfaceAnalyzerClient.GetComparators()) { // The GUI *should* prevent us from getting here. But this is extra protection. // We won't start new collections while existing ones are ongoing. if (c.IsRunning() == RUN_STATUS.RUNNING) { return(Json("Comparators already running!")); } } using (var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection, DatabaseManager.Transaction)) { cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId); cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { return(Json("Using cached comparison calculations.")); } } } Task.Factory.StartNew <Dictionary <string, object> >(() => AttackSurfaceAnalyzerClient.CompareRuns(opts)); return(Json("Started Analysis")); }
public void VerifyFileMonitorAsFile() { var RuleName = "AndRule"; var andRule = new AsaRule(RuleName) { Expression = "0 AND 1", ResultType = RESULT_TYPE.FILE, Flag = ANALYSIS_RESULT_TYPE.FATAL, Clauses = new List <Clause>() { new Clause(Operation.Equals, "Path") { Label = "0", Data = new List <string>() { "TestPath1" } }, new Clause(Operation.IsTrue, "IsExecutable") { Label = "1" } } }; var analyzer = new AsaAnalyzer(); var opts = new CompareCommandOptions(null, "SecondRun") { ApplySubObjectRulesToMonitor = true }; var results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile() { AsaRules = new AsaRule[] { andRule } }); Assert.IsTrue(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule)))); opts = new CompareCommandOptions(null, "SecondRun") { ApplySubObjectRulesToMonitor = false }; results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile() { AsaRules = new AsaRule[] { andRule } }); Assert.IsFalse(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule)))); }
public ActionResult GetComparators() { Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>(); foreach (BaseCompare c in AttackSurfaceAnalyzerClient.GetComparators()) { var fullString = c.GetType().ToString(); var splits = fullString.Split('.'); dict.Add(splits[splits.Length - 1], c.IsRunning()); } //@TODO: Also return the RunId return(Json(JsonConvert.SerializeObject(dict))); }
public ActionResult GetMonitorStatus() { Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>(); foreach (BaseMonitor c in AttackSurfaceAnalyzerClient.GetMonitors()) { var fullString = c.GetType().ToString(); var splits = fullString.Split('.'); dict.Add(splits[splits.Length - 1], c.RunStatus); } //@TODO: Also return the RunId return(Json(JsonSerializer.Serialize(dict))); }
private IEnumerable <DataRunModel> GetRunModels() { List <string> Runs = AttackSurfaceAnalyzerClient.GetRuns("collect"); List <DataRunModel> runModels = new List <DataRunModel>(); for (int i = 0; i < Runs.Count; i++) { runModels.Add(new DataRunModel { Key = Runs[i], Text = Runs[i] }); } return(runModels); }
public ActionResult GetCollectors() { Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>(); string RunId = DatabaseManager.GetLatestRunIds(1, RUN_TYPE.COLLECT)[0]; foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors()) { var fullString = c.GetType().ToString(); var splits = fullString.Split('.'); dict.Add(splits[splits.Length - 1], c.RunStatus); } Dictionary <string, object> output = new Dictionary <string, object>(); output.Add("RunId", RunId); output.Add("Runs", dict); return(Json(JsonSerializer.Serialize(output))); }
public ActionResult GetCollectors() { Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>(); string RunId = AttackSurfaceAnalyzerClient.GetLatestRunId(); foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors()) { var fullString = c.GetType().ToString(); var splits = fullString.Split('.'); dict.Add(splits[splits.Length - 1], c.IsRunning()); } Dictionary <string, object> output = new Dictionary <string, object>(); output.Add("RunId", RunId); output.Add("Runs", dict); return(Json(JsonConvert.SerializeObject(output))); }
public ActionResult StartCollection(string Id, bool File, bool Port, bool Service, bool User, bool Registry, bool Certificates, bool Com, bool Firewall, bool Log) { CollectCommandOptions opts = new CollectCommandOptions(); opts.RunId = Id.Trim(); opts.EnableFileSystemCollector = File; opts.EnableNetworkPortCollector = Port; opts.EnableServiceCollector = Service; opts.EnableRegistryCollector = Registry; opts.EnableUserCollector = User; opts.EnableCertificateCollector = Certificates; opts.EnableComObjectCollector = Com; opts.EnableFirewallCollector = Firewall; opts.EnableEventLogCollector = Log; opts.DatabaseFilename = DatabaseManager.SqliteFilename; opts.FilterLocation = "Use embedded filters."; foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors()) { // The GUI *should* prevent us from getting here. But this is extra protection. // We won't start new collections while existing ones are ongoing. if (c.IsRunning() == RUN_STATUS.RUNNING) { return(Json(GUI_ERROR.ALREADY_RUNNING)); } } AttackSurfaceAnalyzerClient.ClearCollectors(); string Select_Runs = "select run_id from runs where run_id=@run_id"; using (var cmd = new SqliteCommand(Select_Runs, DatabaseManager.Connection, DatabaseManager.Transaction)) { cmd.Parameters.AddWithValue("@run_id", Id); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { return(Json(GUI_ERROR.UNIQUE_ID)); } } } Task.Factory.StartNew <int>(() => AttackSurfaceAnalyzerClient.RunCollectCommand(opts)); return(Json(GUI_ERROR.NONE)); }
public ActionResult StartMonitoring(string RunId, string Directory, string Extension) { if (RunId != null) { using (var cmd = new SqliteCommand(INSERT_RUN, DatabaseManager.Connection, DatabaseManager.Transaction)) { cmd.Parameters.AddWithValue("@run_id", RunId.Trim()); cmd.Parameters.AddWithValue("@file_system", true); cmd.Parameters.AddWithValue("@ports", false); cmd.Parameters.AddWithValue("@users", false); cmd.Parameters.AddWithValue("@services", false); cmd.Parameters.AddWithValue("@registry", false); cmd.Parameters.AddWithValue("@certificates", false); cmd.Parameters.AddWithValue("@firewall", false); cmd.Parameters.AddWithValue("@comobjects", false); cmd.Parameters.AddWithValue("@type", "monitor"); cmd.Parameters.AddWithValue("@timestamp", DateTime.Now.ToString("o", CultureInfo.InvariantCulture)); cmd.Parameters.AddWithValue("@version", AsaHelpers.GetVersionString()); cmd.Parameters.AddWithValue("@platform", AsaHelpers.GetPlatformString()); try { cmd.ExecuteNonQuery(); DatabaseManager.Commit(); } catch (SqliteException e) { Log.Warning(e.StackTrace); Log.Warning(e.Message); return(Json((int)GUI_ERROR.UNIQUE_ID)); } } MonitorCommandOptions opts = new MonitorCommandOptions { RunId = RunId, EnableFileSystemMonitor = true, MonitoredDirectories = Directory, FilterLocation = "filters.json" }; AttackSurfaceAnalyzerClient.ClearMonitors(); return(Json((int)AttackSurfaceAnalyzerClient.RunGuiMonitorCommand(opts))); } return(Json(-1)); }
public ActionResult StartCollection(string Id, bool File, bool Port, bool Service, bool User, bool Registry, bool Certificates, bool Com, bool Firewall, bool Log) { CollectCommandOptions opts = new CollectCommandOptions(); opts.RunId = Id?.Trim(); opts.EnableFileSystemCollector = File; opts.EnableNetworkPortCollector = Port; opts.EnableServiceCollector = Service; opts.EnableRegistryCollector = Registry; opts.EnableUserCollector = User; opts.EnableCertificateCollector = Certificates; opts.EnableComObjectCollector = Com; opts.EnableFirewallCollector = Firewall; opts.EnableEventLogCollector = Log; opts.Verbose = Logger.Verbose; opts.Debug = Logger.Debug; opts.Quiet = Logger.Quiet; opts.DatabaseFilename = DatabaseManager.SqliteFilename; foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors()) { // The GUI *should* prevent us from getting here. But this is extra protection. // We won't start new collections while existing ones are ongoing. if (c.RunStatus == RUN_STATUS.RUNNING) { return(Json(ASA_ERROR.ALREADY_RUNNING)); } } AttackSurfaceAnalyzerClient.ClearCollectors(); if (Id is null) { return(Json(ASA_ERROR.INVALID_ID)); } if (DatabaseManager.GetRun(Id) != null) { return(Json(ASA_ERROR.UNIQUE_ID)); } _ = Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.RunCollectCommand(opts)); return(Json(ASA_ERROR.NONE)); }
public ActionResult GetCollectors() { Dictionary <string, RUN_STATUS> dict = new Dictionary <string, RUN_STATUS>(); string RunId = AttackSurfaceAnalyzerClient.GetLatestRunId(); //TODO: Improve this to not have to change this variable on every loop, without having to call GetCollectors twice. foreach (BaseCollector c in AttackSurfaceAnalyzerClient.GetCollectors()) { var fullString = c.GetType().ToString(); var splits = fullString.Split('.'); dict.Add(splits[splits.Length - 1], c.IsRunning()); } Dictionary <string, object> output = new Dictionary <string, object>(); output.Add("RunId", RunId); output.Add("Runs", dict); //@TODO: Also return the RunId return(Json(JsonConvert.SerializeObject(output))); }
public ActionResult RunAnalysisWithAnalyses(string SelectedBaseRunId, string SelectedCompareRunId, IFormFile AnalysisFilterFile) { var filePath = Path.GetTempFileName(); CompareCommandOptions opts = new CompareCommandOptions(); opts.FirstRunId = SelectedBaseRunId; opts.SecondRunId = SelectedCompareRunId; opts.Analyze = true; opts.SaveToDatabase = true; if (AnalysisFilterFile != null) { using (var stream = System.IO.File.Create(filePath)) { AnalysisFilterFile.CopyTo(stream); } opts.AnalysesFile = filePath; } if (AttackSurfaceAnalyzerClient.GetComparators().Where(c => c.IsRunning() == RUN_STATUS.RUNNING).Any()) { return(Json("Comparators already running!")); } using (var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection, DatabaseManager.Transaction)) { cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId); cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { return(Json("Using cached comparison calculations.")); } } } Task.Factory.StartNew(() => AttackSurfaceAnalyzerClient.CompareRuns(opts)); return(Json("Started Analysis")); }
public ActionResult GetLatestRunId() { return(Json(HttpUtility.UrlEncode(AttackSurfaceAnalyzerClient.GetLatestRunId()))); }
public ActionResult WriteScanJson(int ResultType, string BaseId, string CompareId, bool ExportAll, string OutputPath) { AttackSurfaceAnalyzerClient.WriteScanJson(ResultType, BaseId, CompareId, ExportAll, OutputPath); return(Json(true)); }
public ActionResult WriteMonitorJson(string RunId, int ResultType, string OutputPath) { AttackSurfaceAnalyzerClient.WriteMonitorJson(RunId, ResultType, OutputPath); return(Json(true)); }
public ActionResult StopMonitoring() { return(Json(AttackSurfaceAnalyzerClient.StopMonitors())); }
public ActionResult GetLatestRunId() { return(Json(AttackSurfaceAnalyzerClient.GetLatestRunId())); }