/// <summary>
/// Handles the Click event of the buttonReplace control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void buttonReplace_Click(object sender, EventArgs e)
{
Cursor currentCursor = Cursor.Current;
try
{
// Set wait cursor:
Cursor.Current = Cursors.WaitCursor;
// Create replace parameters:
ReplaceParameters parameters = new ReplaceParameters();
parameters.FileCrawlerParameters.PathInfoList = this.pathList.ToList();
parameters.ReplacePatterns = this.patternList.ToList();
// Process:
using (ProcessingForm form = new ProcessingForm())
{
form.ReplaceParameters = parameters;
form.ShowDialog(this);
}
}
finally
{
// Restore original cursor:
Cursor.Current = currentCursor;
}
}
public async Task <ActionResult <Resource> > Replace(int id, [FromBody] ReplaceParameters parameters)
{
return(await _telemetryCollector.WithStopwatch <ActionResult>(async() =>
{
if (await _service.Replace(id, parameters.OldValue, parameters.NewValue))
{
return Ok();
}
return BadRequest();
}));
}
/// <summary>
/// Runs the specified args.
/// </summary>
/// <param name="args">The args.</param>
public void Run(string[] args)
{
// Parse command line args:
CommandLineArgsParser parser = new CommandLineArgsParser();
string errorMessage;
if (!parser.ParseArguments(args, out errorMessage))
{
if (!string.IsNullOrWhiteSpace(errorMessage))
{
System.Console.WriteLine(@"ERROR: " + errorMessage);
System.Console.WriteLine();
}
parser.PrintHelp();
return;
}
try
{
// Read Project File:
Stream openFileStream = new FileStream(parser.ProjectPath, FileMode.Open);
XmlSerializer serializer = new XmlSerializer(typeof(ReplacerProject));
XmlReader reader = new XmlTextReader(openFileStream);
if (!serializer.CanDeserialize(reader))
{
System.Console.WriteLine(@"Invalid Project file");
openFileStream.Close();
return;
}
ReplacerProject project = (ReplacerProject)serializer.Deserialize(reader);
openFileStream.Close();
// Setup logging:
this.logToConsole = parser.LogToConsole;
if (!string.IsNullOrWhiteSpace(parser.LogFilePath))
{
this.logFile = new StreamWriter(parser.LogFilePath, true, Encoding.UTF8);
}
// Process:
// Create replace parameters:
ReplaceParameters parameters = new ReplaceParameters
{
FileCrawlerParameters = { PathInfoList = project.FileFolderPaths.ToList() },
ReplacePatterns = project.PatternList.ToList()
};
// Initialize replacer:
Business.Engine.Replacer replacer = new Business.Engine.Replacer();
replacer.AddObserver(this);
// Start process:
replacer.Replace(parameters);
}
catch (Exception exc)
{
if (!this.logToConsole)
{
System.Console.WriteLine(exc);
}
this.Log(new LogMessage
{
TimeStamp = DateTime.Now,
Message = exc.ToString()
});
}
finally
{
if (this.logFile != null)
{
this.logFile.Close();
}
}
}
private static string ReplacingBadGuyValues(string sHtmlBody, FidoReturnValues lFidoReturnValues)
{
var replacements = new Dictionary <string, string>();
var detectors = Object_Fido_Configs.GetAsString("fido.application.detectors", null).Split(',');
var lBadMD5Hashes = new List <string>();
var lBadURLs = new List <string>();
var lGoodMD5Hashes = new List <string>();
var lGoodURLs = new List <string>();
replacements.Add("%threatip%", lFidoReturnValues.DstIP ?? string.Empty);
replacements.Add("%dnsname%", lFidoReturnValues.DNSName ?? string.Empty);
replacements.Add("%timeoccurred%", lFidoReturnValues.TimeOccurred + " (UTC)" ?? DateTime.Now.ToString(CultureInfo.InvariantCulture));
replacements.Add("%malwaretype%", lFidoReturnValues.MalwareType ?? "unknown");
replacements.Add("%detector%", lFidoReturnValues.CurrentDetector ?? string.Empty);
replacements.Add("%prevmach%", lFidoReturnValues.IsMachSeenBefore ? lFidoReturnValues.IsMachSeenBefore.ToString() + " " + lFidoReturnValues.PreviousAlerts.TimeStamp : "No");
replacements.Add("%prevuser%", lFidoReturnValues.IsUserSeenBefore ? lFidoReturnValues.IsUserSeenBefore.ToString() + " " + lFidoReturnValues.PreviousAlerts.TimeStamp : "No");
replacements.Add("%prevurl%", lFidoReturnValues.IsUrlSeenBefore ? lFidoReturnValues.IsUrlSeenBefore.ToString() : "No");
replacements.Add("%prevhash%", lFidoReturnValues.IsHashSeenBefore ? lFidoReturnValues.IsHashSeenBefore.ToString() : "No");
replacements.Add("%previp%", lFidoReturnValues.IsIPSeenBefore ? lFidoReturnValues.IsIPSeenBefore.ToString() : "No");
if (lFidoReturnValues.CurrentDetector == "antivirus")
{
replacements = Notfication_Helper.AntivirusReplacements(lFidoReturnValues);
}
if (lFidoReturnValues.CurrentDetector == "bit9")
{
if (!string.IsNullOrEmpty(lFidoReturnValues.Bit9.FileName))
{
replacements.Add("%bit9_filename%", lFidoReturnValues.Bit9.FileName);
}
}
if (lFidoReturnValues.CurrentDetector == "carbonblackv1")
{
if (!string.IsNullOrEmpty(lFidoReturnValues.CB.Alert.ProcessPath))
{
replacements.Add("%threatfile%", lFidoReturnValues.CB.Alert.ProcessPath);
}
if (!string.IsNullOrEmpty(lFidoReturnValues.CB.Alert.ProcessPath))
{
replacements.Add("%hostcount%", lFidoReturnValues.CB.Alert.HostCount + @" other host(s) have this file.");
}
if (!string.IsNullOrEmpty(lFidoReturnValues.CB.Alert.ProcessPath))
{
replacements.Add("%netconns%", lFidoReturnValues.CB.Alert.NetConn + @" network connections initiated by this file.");
}
}
if (lFidoReturnValues.Detectors != null)
{
var sListOfDetectors = lFidoReturnValues.Detectors.Aggregate(string.Empty, (current, sDetector) => current + (sDetector + ", "));
replacements.Add("%detectors%", sListOfDetectors);
}
else
{
replacements.Add("%detectors%", "No");
}
ReplaceParameters replaceParameters = new ReplaceParameters(lBadMD5Hashes, lGoodMD5Hashes, lBadURLs, lGoodURLs, replacements);
replacements = Notfication_Helper.StartReplacements(lFidoReturnValues, detectors, replaceParameters);
return(replacements.Aggregate(sHtmlBody, (current, replacement) => current.Replace(replacement.Key, replacement.Value)));
}