private String[] buildNmapStringArray(DataEntry entry)
{
String[] stringArray = new String[12];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
stringArray[3] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
stringArray[4] = entry.getFileName();
stringArray[5] = entry.getEntryTypeString();
stringArray[6] = ((NmapDataEntry)entry).getOS();
stringArray[7] = ((NmapDataEntry)entry).getOSDetail();
stringArray[8] = ((NmapDataEntry)entry).getOpenPortListString();
stringArray[9] = ((NmapDataEntry)entry).getClosedPortListString();
stringArray[10] = ((NmapDataEntry)entry).getFilteredPortListString();
stringArray[11] = ((NmapDataEntry)entry).getUnknownPortListString();
return(stringArray);
}
public void guiInsertUpdateRecordToDatabase(DataEntry entry, int oldId)
{
int revisionNo = getRevisionNo(oldId);
// Create
sqlite_conn = new SQLiteConnection("Data source=" + path + ";Version=3;New=True;Compress=True;");
// Open
sqlite_conn.Open();
// Create command
sqlite_cmd = sqlite_conn.CreateCommand();
String pluginName = addSlash(entry.getPluginName());
String ipList = addSlash(entry.getIp());
String description = addSlash(entry.getDescription());
String impact = addSlash(entry.getImpact());
String riskFactor = addSlash(RiskFactorFunction.getEnumString(entry.getRiskFactor()));
String recommendation = addSlash(entry.getRecommendation());
String bidList = addSlash(entry.getBid());
String cveList = addSlash(entry.getCve());
String osvdbList = addSlash(entry.getOsvdb());
String referenceLink = addSlash(entry.getReferenceLink());
sqlite_cmd.CommandText = "INSERT INTO Record (" +
"id," +
"originalId," +
"pluginName," +
"ipList," +
"description," +
"impact," +
"riskfactor," +
"recommendation," +
"bidlist," +
"cvelist," +
"osvdblist," +
"referenceLink," +
"revisionNo" +
")" +
"VALUES (" +
"NULL," + // pluginId (null means auto increment)
"'" + oldId + "'," + // originalId
"'" + pluginName + "'," + // pluginName
"'" + ipList + "'," + // ipList
"'" + description + "'," + // description
"'" + impact + "'," + // impact
"'" + riskFactor + "'," + // riskfactor
"'" + recommendation + "'," + // recommendation
"'" + bidList + "'," + // bidlist
"'" + cveList + "'," + // cvelist
"'" + osvdbList + "'," + // osvdblist
"'" + referenceLink + "'," + // referenceLink
"'" + revisionNo + "'" + // revisionNo
");";
// execute the command
sqlite_cmd.ExecuteNonQuery();
sqlite_conn.Close();
}
private String[] buildMbsaStringArray(DataEntry entry)
{
String[] stringArray = new String[35];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
// Recommendations
stringArray[5] = entry.getRecommendation();
stringArray[6] = entry.getBid();
stringArray[7] = entry.getCve();
stringArray[8] = entry.getOsvdb();
stringArray[9] = entry.getReferenceLink();
stringArray[10] = entry.getFileName();
stringArray[11] = entry.getEntryTypeString();
stringArray[12] = ((MBSADataEntry)entry).getCheckID();
stringArray[13] = ((MBSADataEntry)entry).getCheckGrade();
stringArray[14] = ((MBSADataEntry)entry).getCheckType();
stringArray[15] = ((MBSADataEntry)entry).getCheckCat();
stringArray[16] = ((MBSADataEntry)entry).getCheckRank();
stringArray[17] = ((MBSADataEntry)entry).getCheckName();
stringArray[18] = ((MBSADataEntry)entry).getCheckURL1();
stringArray[19] = ((MBSADataEntry)entry).getCheckURL2();
stringArray[20] = ((MBSADataEntry)entry).getCheckGroupID();
stringArray[21] = ((MBSADataEntry)entry).getCheckGroupName();
stringArray[22] = ((MBSADataEntry)entry).getDetailText();
stringArray[23] = ((MBSADataEntry)entry).getUpdateDataIsInstalled();
stringArray[24] = ((MBSADataEntry)entry).getUpdateDataRestartRequired();
stringArray[25] = ((MBSADataEntry)entry).getUpdateDataID();
stringArray[26] = ((MBSADataEntry)entry).getUpdateDataGUID();
stringArray[27] = ((MBSADataEntry)entry).getUpdateDataBulletinID();
stringArray[28] = ((MBSADataEntry)entry).getUpdateDataKBID();
stringArray[29] = ((MBSADataEntry)entry).getUpdateDataType();
stringArray[30] = ((MBSADataEntry)entry).getUpdateDataInformationURL();
stringArray[31] = ((MBSADataEntry)entry).getUpdateDataDownloadURL();
stringArray[32] = ((MBSADataEntry)entry).getSeverityString();
stringArray[33] = ((MBSADataEntry)entry).getTableHeaderString();
stringArray[34] = ((MBSADataEntry)entry).getTableRowDataString();
return(stringArray);
}
private String[] buildStringArray(DataEntry entry, RiskFactor riskFactor)
{
String[] stringArray = new String[9];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
String tempString = "";
foreach (String ip in entry.getIpList())
{
tempString += ip + '\n';
}
stringArray[1] = tempString.Substring(0, tempString.Length - 1);
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
stringArray[5] = entry.getRecommendation();
// Reference
// CVE
tempString = "N/A";
if (entry.getCve() != null)
{
tempString = entry.getCve();
}
stringArray[6] = tempString;
// BID
tempString = "N/A";
if (entry.getBid() != null)
{
tempString = entry.getBid();
}
stringArray[7] = tempString;
// OSVDB
tempString = "N/A";
if (entry.getOsvdb() != null)
{
tempString = entry.getOsvdb();
}
stringArray[8] = tempString;
return(stringArray);
}
/// <summary>
/// This is the buildStringArray method.
/// It is used to build an array of String from given entry and riskFactor.
/// </summary>
/// <param name="entry">the DataEntry being transformed to a string array</param>
/// <param name="riskFactor">the RiskFactor of the entry</param>
/// <returns>a string array being transformed to a xlsx row</returns>
private String[] buildStringArray(DataEntry entry, RiskFactor riskFactor)
{
String[] stringArray = new String[10];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
stringArray[5] = entry.getRecommendation();
// Reference
// CVE
String tempString = "N/A";
if (entry.getCve() != null)
{
tempString = entry.getCve();
}
stringArray[6] = tempString;
// BID
tempString = "N/A";
if (entry.getBid() != null)
{
tempString = entry.getBid();
}
stringArray[7] = tempString;
// OSVDB
tempString = "N/A";
if (entry.getOsvdb() != null)
{
tempString = entry.getOsvdb();
}
stringArray[8] = tempString;
// Reference Link
stringArray[9] = entry.getReferenceLink();
return(stringArray);
}
private String[] buildNessusStringArray(DataEntry entry)
{
String[] stringArray = new String[26];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
// Recommendations
stringArray[5] = entry.getRecommendation();
stringArray[6] = entry.getBid();
stringArray[7] = entry.getCve();
stringArray[8] = entry.getOsvdb();
stringArray[9] = entry.getReferenceLink();
stringArray[10] = entry.getFileName();
stringArray[11] = entry.getEntryTypeString();
stringArray[12] = ((NessusDataEntry)entry).getPort();
stringArray[13] = ((NessusDataEntry)entry).getProtocol();
stringArray[14] = ((NessusDataEntry)entry).getSvc_name();
stringArray[15] = ((NessusDataEntry)entry).getPluginFamily();
stringArray[16] = ((NessusDataEntry)entry).getPlugin_publication_date();
stringArray[17] = ((NessusDataEntry)entry).getPlugin_modification_date();
stringArray[18] = ((NessusDataEntry)entry).getCvss_vector();
stringArray[19] = ((NessusDataEntry)entry).getCvss_base_score();
stringArray[20] = ((NessusDataEntry)entry).getPlugin_output();
stringArray[21] = ((NessusDataEntry)entry).getPlugin_version();
stringArray[22] = ((NessusDataEntry)entry).getSee_also();
stringArray[23] = ((NessusDataEntry)entry).getPluginID();
stringArray[24] = ((NessusDataEntry)entry).getMicrosoftID();
stringArray[25] = ((NessusDataEntry)entry).getSeverityString();
return(stringArray);
}
private void insertRecordToDatabase(DataEntry entry)
{
String pluginName = addSlash(entry.getPluginName());
String ipList = addSlash(entry.getIp());
String description = addSlash(entry.getDescription());
String impact = addSlash(entry.getImpact());
String riskFactor = addSlash(RiskFactorFunction.getEnumString(entry.getRiskFactor()));
String recommendation = addSlash(entry.getRecommendation());
String bidList = addSlash(entry.getBid());
String cveList = addSlash(entry.getCve());
String osvdbList = addSlash(entry.getOsvdb());
String referenceLink = addSlash(entry.getReferenceLink());
sqlite_cmd.CommandText = "INSERT INTO Record (" +
"id," +
"originalId," +
"pluginName," +
"ipList," +
"description," +
"impact," +
"riskfactor," +
"recommendation," +
"bidlist," +
"cvelist," +
"osvdblist," +
"revisionNo" +
")" +
"VALUES (" +
"NULL," + // pluginId (null means auto increment)
"'" + originalId + "'," + // originalId
"'" + pluginName + "'," + // pluginName
"'" + ipList + "'," + // ipList
"'" + description + "'," + // description
"'" + impact + "'," + // impact
"'" + riskFactor + "'," + // riskfactor
"'" + recommendation + "'," + // recommendation
"'" + bidList + "'," + // bidlist
"'" + cveList + "'," + // cvelist
"'" + osvdbList + "'," + // osvdblist
"'" + "1" + "'" + // revisionNo
");";
originalId++;
// execute the command
sqlite_cmd.ExecuteNonQuery();
}
private String[] buildAcunetixStringArray(DataEntry entry, RiskFactor riskFactor, AffectedItem item)
{
String[] stringArray = new String[23];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
stringArray[5] = entry.getRecommendation();
stringArray[6] = entry.getFileName();
stringArray[7] = ((AcunetixDataEntry)entry).getSubDomain();
stringArray[8] = item.getSubDirectory();
stringArray[9] = item.getDepartment();
stringArray[10] = item.getName();
stringArray[11] = item.getLink();
stringArray[12] = item.getDetail();
stringArray[13] = item.getRequest();
stringArray[14] = item.getResponse();
stringArray[15] = ((AcunetixDataEntry)entry).getModuleName();
stringArray[16] = ((AcunetixDataEntry)entry).getIsFalsePositive();
stringArray[17] = ((AcunetixDataEntry)entry).getAOP_SourceFile();
stringArray[18] = ((AcunetixDataEntry)entry).getAOP_SourceLine();
stringArray[19] = ((AcunetixDataEntry)entry).getAOP_Additional();
stringArray[20] = ((AcunetixDataEntry)entry).getDetailedInformation();
stringArray[21] = ((AcunetixDataEntry)entry).getAcunetixType();
stringArray[22] = ((AcunetixDataEntry)entry).getAcunetixReferenceListString();
return(stringArray);
}
override protected void pushContent(string content)
{
if (elementStack.Count != 0)
{
if (elementStack.Peek().CompareTo("HostName") == 0)
{
hostName += content;
}
else
{
if (elementStack.Peek().CompareTo("solution") == 0)
{
this.recommendation += content;
}
else if (elementStack.Peek().CompareTo("risk_factor") == 0)
{
this.defaultRiskFactor = RiskFactorFunction.getEnum(content);
}
else if (elementStack.Peek().CompareTo("description") == 0)
{
this.impact += content;
}
else if (elementStack.Peek().CompareTo("synopsis") == 0)
{
this.description += content;
}
else if (elementStack.Peek().CompareTo("cve") == 0)
{
this.tempCve += content;
}
else if (elementStack.Peek().CompareTo("bid") == 0)
{
this.tempBid += content;
}
else if (elementStack.Peek().CompareTo("xref") == 0)
{
this.tempXref += content;
}
}
}
}
override protected void pushContent(string content)
{
if (elementStack.Count != 0)
{
if (elementStack.Peek().CompareTo("HostName") == 0)
{
tempIpList += content;
}
else
{
if (elementStack.Peek().CompareTo("solution") == 0)
{
this.tempRecommendation += content;
}
else if (elementStack.Peek().CompareTo("risk_factor") == 0)
{
this.tempRiskFactor = RiskFactorFunction.getEnum(content);
}
else if (elementStack.Peek().CompareTo("description") == 0)
{
this.tempImpact += content;
}
else if (elementStack.Peek().CompareTo("synopsis") == 0)
{
this.tempDescription += content;
}
else if (elementStack.Peek().CompareTo("cve") == 0)
{
this.tempCve += content;
}
else if (elementStack.Peek().CompareTo("bid") == 0)
{
this.tempBid += content;
}
else if (elementStack.Peek().CompareTo("osvdb") == 0)
{
this.tempOsvdb += content;
}
}
}
}
private void createNextKeyRow()
{
table.Clear();
DataRow row;
String key = duplicateRecord.Keys.First();
tempEntryList = new List <DataEntry>();
foreach (DataEntry rawEntry in duplicateRecord[key])
{
int dbid = Program.state.panelRecordEdit_recordDatabaser.getDBID(rawEntry);
if (dbid == -1)
{
//error
break;
}
DataEntry entry = Program.state.panelRecordEdit_recordDatabaser.getEntryFromDatabaseId(dbid);
row = table.NewRow();
String MicrosoftID = key.Substring(0, key.IndexOf('@'));
row["Microsoft ID"] = MicrosoftID;
row["Plugin Name"] = entry.getPluginName();
row["Host Affected"] = entry.getIp();
row["Description"] = entry.getDescription();
row["Impact"] = entry.getImpact();
row["Risk Level"] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
row["Recommendation"] = entry.getRecommendation();
row["Reference (CVE)"] = entry.getCve();
row["Reference (BID)"] = entry.getBid();
row["Reference (OSVDB)"] = entry.getOsvdb();
row["Reference Link"] = entry.getReferenceLink();
row["Entry Type"] = entry.getEntryTypeString();
table.Rows.Add(row);
tempEntryList.Add(entry);
}
duplicateRecord.Remove(key);
}
/// <summary>
/// This is the processData method.
/// It is used to process each line on the text file.
/// </summary>
/// <param name="content"></param>
protected override void processData(string content)
{
if (!String.IsNullOrEmpty(content))
{
//if (startHardCodeLineCount)
// hardCodeLineCount++;
// in here, only content start with "Host" and contains "is up"
// would trigger the action to get the host list
if (content.Contains("Scan of http://"))
{
int e = content.IndexOf("Scan of http://");
int start = e + 15;
int end = content.IndexOf(":80/", start);
if (start < content.Length && end < content.Length)
{
tempIpList = content.Substring(start, end - start);
while (tempIpList.Length > 0 && tempIpList[tempIpList.Length - 1] == ' ')
{
tempIpList = tempIpList.Substring(0, tempIpList.Length - 1);
}
}
}
else if (content.Contains("Alert details"))
{
startReadEntry = true;
}
else if (startReadEntry == true && !finishReadPluginName && content.Contains(pluginNameKey))
{
int start = content.IndexOf(pluginNameKey) + pluginNameKey.Length;
int end = content.IndexOf("</td>", start);
tempPluginName = content.Substring(start, end - start);
finishReadPluginName = true;
}
//else if (startReadEntry == true && !finishReadPluginName && content.Contains(pluginNameKeyType2))
//{
// int start = pluginNameKeyType2.Length;
// int end = content.IndexOf("</td>", start);
// tempPluginName = content.Substring(start, end - start);
// finishReadPluginName = true;
//}
else if (startReadEntry == true && content.Contains(severityKey))
{
int start = content.IndexOf(severityContentKey) + severityContentKey.Length;
int end = content.IndexOf("</td>", start);
string temp = content.Substring(start, end - start);
tempRiskFactor = RiskFactorFunction.getEnum(temp); // get risk factor
}
else if (startReadEntry == true && content.Contains(descriptionKey))
{
startReadDescription = true;
}
else if (startReadEntry == true && startReadDescription == true && content.Contains(descriptionContentKey))
{
int start = content.IndexOf(descriptionContentKey) + descriptionContentKey.Length;
int end = content.IndexOf("</td>", start);
tempDescription = content.Substring(start, end - start);
}
else if (startReadEntry == true && content.Contains(impactKey))
{
startReadDescription = false;
startReadImpact = true;
}
else if (startReadEntry == true && startReadImpact == true && content.Contains(impactContentKey))
{
int start = content.IndexOf(impactContentKey) + impactContentKey.Length;
int end = content.IndexOf("</td>", start);
tempImpact = content.Substring(start, end - start);
}
else if (startReadEntry == true && content.Contains(recommendationKey))
{
startReadImpact = false;
startReadRecommendation = true;
}
else if (startReadEntry == true && startReadRecommendation == true && finishReadRecommendation == false && content.Contains(recommendationContentKey))
{
int start = content.IndexOf(recommendationContentKey) + recommendationContentKey.Length;
int end = content.IndexOf("</td>", start);
tempRecommendation = content.Substring(start, end - start);
}
else if (startReadEntry == true && content.Contains(affectedItemKey))
{
startReadRecommendation = false;
finishReadRecommendation = true;
tempAffectedItemList = new List <AffectedItem>();
startReadAffectedItem = true;
}
else if (startReadEntry == true && startReadAffectedItem == true && content.Contains(affectedItemContentKey))
{
int start = content.IndexOf(affectedItemContentKey) + affectedItemContentKey.Length;
int end = content.IndexOf("</td>", start);
String tempName = content.Substring(start, end - start);
tempAffectedItem = new AffectedItem(tempName);
tempAffectedItemList.Add(tempAffectedItem);
startFindAffectedItemDetail = true;
//hardCodeLineCount = 0;
//startHardCodeLineCount = false;
}
else if (startReadEntry == true && startFindAffectedItemDetail == true && content.Contains(affectedItemDetailKey))
{
//startReadAffectedItem = false;
startFindAffectedItemDetail = false;
startReadAffectedItemDetail = true;
}
else if (startReadEntry == true && startReadAffectedItemDetail == true && content.Contains(affectedItemDetailContentKey))
{
int start = content.IndexOf(affectedItemDetailContentKey) + affectedItemDetailContentKey.Length;
int end = content.IndexOf("</td>", start);
String tempDetail = content.Substring(start, end - start);
tempAffectedItem.addDetail(tempDetail);
startFindAffectedItemRequest = true;
startFindEndTag = true;
//startHardCodeLineCount = true;
}
else if (startReadEntry == true && startFindAffectedItemRequest == true && content.Contains(affectedItemRequestKey))
{
startReadAffectedItemDetail = false;
startFindAffectedItemRequest = false;
startReadAffectedItemRequest = true;
}
else if (startReadEntry == true && startReadAffectedItemRequest == true && content.Contains(affectedItemRequestContentKey))
{
int start = content.IndexOf(affectedItemRequestContentKey) + affectedItemRequestContentKey.Length;
int end = content.IndexOf("</td>", start);
String tempRequest = content.Substring(start, end - start);
tempAffectedItem.addRequest(tempRequest);
startFindAffectedItemResponse = true;
}
else if (startReadEntry == true && startFindAffectedItemResponse == true && content.Contains(affectedItemResponseKey))
{
startReadAffectedItemRequest = false;
startFindAffectedItemResponse = false;
startReadAffectedItemResponse = true;
}
else if (startReadEntry == true && startReadAffectedItemResponse == true && content.Contains(affectedItemResponseContentKey))
{
int start = content.IndexOf(affectedItemRequestContentKey) + affectedItemRequestContentKey.Length;
int end = content.IndexOf("</td>", start);
String tempResponse = content.Substring(start, end - start);
tempAffectedItem.addResponse(tempResponse);
}
else if (startReadEntry == true && startFindEndTag == true && (content.Contains("<tr style=\"height:5px\">") || content.Contains("</body></html>") || content.Contains("<tr style=\"height:13px\">")))
{
AcunetixDataEntry entry = new AcunetixDataEntry(tempPluginName,
tempIpList,
tempDescription,
tempImpact,
tempRiskFactor,
tempRecommendation,
tempFileName,
tempAffectedItemList,
"",
"",
"",
"",
"",
"",
"",
null);
this.tempRecord.acunetixAddEntry(entry);
tempPluginName = "";
tempDescription = "";
tempImpact = "";
tempRiskFactor = RiskFactor.NULL;
tempRecommendation = "";
tempAffectedItem = null;
tempAffectedItemList = null;
//hardCodeLineCount = 0;
//startHardCodeLineCount = false;
startReadDescription = false;
startReadImpact = false;
startReadRecommendation = false;
finishReadRecommendation = false;
startReadAffectedItem = false;
startFindAffectedItemDetail = false;
startReadAffectedItemDetail = false;
finishReadPluginName = false;
startFindAffectedItemRequest = false;
startReadAffectedItemRequest = false;
startFindAffectedItemResponse = false;
startReadAffectedItemResponse = false;
startFindEndTag = false;
}
}
}
/// <summary>
/// This is the startTag method.
/// It is used to handle the start tag/self closed tag from the XML file.
/// </summary>
/// <param name="tag">xml start tag name</param>
/// <param name="attributes">xml tag's attributes</param>
protected override void startTag(string tag, Dictionary <string, string> attributes)
{
if (tag.CompareTo("SecScan") == 0)
{
this.tempIpList = attributes["IP"];
elementStack.Push(tag);
}
else if (tag.CompareTo("Check") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("SecScan") == 0)
{
if (attributes.ContainsKey("Grade") && attributes.ContainsKey("Name"))
{
tempCheckGrade = attributes["Grade"];
this.tempRiskFactor = RiskFactorFunction.getEnum(scoreLookup[int.Parse(attributes["Grade"])]);
this.tempPluginName = attributes["Name"];
this.tempCheckName = attributes["Name"];
elementStack.Push(tag);
if (this.tempRiskFactor != RiskFactor.NULL && this.tempRiskFactor != RiskFactor.NA)
{
}
else
{
this.tempRiskFactor = RiskFactor.NULL;
}
}
if (attributes.ContainsKey("ID"))
{
this.tempCheckID = attributes["ID"];
}
if (attributes.ContainsKey("Type"))
{
this.tempCheckType = attributes["Type"];
}
if (attributes.ContainsKey("Cat"))
{
this.tempCheckCat = attributes["Cat"];
}
if (attributes.ContainsKey("Rank"))
{
this.tempCheckRank = attributes["Rank"];
}
//if (attributes.ContainsKey("Name"))
// this.tempCheckID = attributes["Name"];
if (attributes.ContainsKey("URL1"))
{
this.tempCheckURL1 = attributes["URL1"];
}
if (attributes.ContainsKey("URL2"))
{
this.tempCheckURL2 = attributes["URL2"];
}
if (attributes.ContainsKey("GroupID"))
{
this.tempCheckGroupID = attributes["GroupID"];
}
if (attributes.ContainsKey("GroupName"))
{
this.tempCheckGroupName = attributes["GroupName"];
}
}
}
else if (tag.CompareTo("Advice") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Check") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("Detail") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Check") == 0)
{
//if (attributes.ContainsKey("text"))
// tempDetailText = attributes["text"];
elementStack.Push(tag);
}
}
else if (tag.CompareTo("UpdateData") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Detail") == 0)
{
if (attributes.ContainsKey("IsInstalled") &&
attributes.ContainsKey("RestartRequired") &&
attributes.ContainsKey("Severity"))
{
this.tempRiskFactor = RiskFactor.NULL;
elementStack.Push(tag);
if (attributes["IsInstalled"] == "false" ||
attributes["RestartRequired"] == "true")
{
this.tempUpdateDataIsInstalled = attributes["IsInstalled"];
this.tempUpdateDataRestartRequired = attributes["RestartRequired"];
this.tempUpdateDataSeverity = int.Parse(attributes["Severity"]);
this.tempRiskFactor = RiskFactorFunction.getEnum(severityLookup[int.Parse(attributes["Severity"])]);
if (tempRiskFactor != RiskFactor.NA)
{
tempPluginId = attributes["ID"];
//if (String.IsNullOrEmpty(tempPluginName)) {
// tempPluginName = tempPluginId;
//}
//else {
// tempPluginName = tempPluginId;
//}
tempPluginName = tempPluginId;
if (attributes["IsInstalled"] == "false")
{
tempDescription = "The software update was not installed.";
}
else
{
tempDescription = "Installation of the software update was not completed. You must restart your computer to finish the installation";
}
}
}
}
if (attributes.ContainsKey("ID"))
{
this.tempUpdateDataID = attributes["ID"];
}
if (attributes.ContainsKey("GUID"))
{
this.tempUpdateDataGUID = attributes["GUID"];
}
if (attributes.ContainsKey("BulletinID"))
{
this.tempUpdateDataBulletinID = attributes["BulletinID"];
}
if (attributes.ContainsKey("KBID"))
{
this.tempUpdateDataKBID = attributes["KBID"];
}
if (attributes.ContainsKey("Type"))
{
this.tempUpdateDataType = attributes["Type"];
}
}
}
else if (tag.CompareTo("Title") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("UpdateData") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("References") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("UpdateData") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("BulletinURL") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("References") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("Head") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Detail") == 0)
{
tableHeader = new Dictionary <int, string>();
tableColCounter = 0;
isTableHeader = true;
elementStack.Push(tag);
}
}
else if (tag.CompareTo("Row") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Detail") == 0)
{
if (attributes.ContainsKey("Grade"))
{
//RiskFactor tempRF = RiskFactorFunction.getEnum(scoreLookup[int.Parse(attributes["Grade"])]);
//if (tempRiskFactor != RiskFactor.NULL &&
// tempRiskFactor != RiskFactor.NA) {
//this.tempRiskFactor = tempRF;tableColCounter = 0;
if (tableRowData == null)
{
tableRowData = new Dictionary <int, MBSARow>();
}
tableRowDataCounter++;
tableRowData[tableRowDataCounter] = new MBSARow();
tableRowData[tableRowDataCounter].setGrade(attributes["Grade"]);
tableColCounter = 0;
isTableHeader = false;
elementStack.Push(tag);
//}
}
}
}
else if (tag.CompareTo("Col") == 0)
{
if (elementStack.Count != 0 &&
//tempRiskFactor != RiskFactor.NULL &&
//tempRiskFactor != RiskFactor.NA &&
(elementStack.Peek().CompareTo("Row") == 0 ||
elementStack.Peek().CompareTo("Head") == 0))
{
string tempTag = elementStack.Pop();
if (elementStack.Peek().CompareTo("Detail") == 0)
{
elementStack.Push(tempTag);
elementStack.Push(tag);
}
else
{
elementStack.Push(tempTag);
}
}
}
else if (tag.CompareTo("SETTINGS") == 0)
{
elementStack.Push(tag);
}
else if (tag.CompareTo("OtherIDs") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("UpdateData") == 0)
{
//Console.WriteLine(tag);
elementStack.Push(tag);
}
}
else if (tag.CompareTo("OtherID") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("OtherIDs") == 0)
{
if (attributes.ContainsKey("Type"))
{
switch (attributes["Type"])
{
case "CVE":
tempType = "CVE";
//Console.WriteLine(tag);
elementStack.Push(tag);
break;
case "BID":
tempType = "BID";
//Console.WriteLine(tag);
elementStack.Push(tag);
break;
case "OSVDB":
tempType = "OSVDB";
//Console.WriteLine(tag);
elementStack.Push(tag);
break;
default:
break;
}
}
}
}
}
override protected void pushContent(string content)
{
if (elementStack.Count != 0)
{
if (elementStack.Peek().CompareTo("StartURL") == 0)
{
if (content.Contains("http://"))
{
content = content.Substring(content.IndexOf("http://") + "http://".Length);
}
if (content.Contains(":80/"))
{
content = content.Substring(0, content.IndexOf(":80/"));
}
tempIpList = content;
}
else if (elementStack.Peek().CompareTo("Name") == 0)
{
tempPluginName = content;
}
else if (elementStack.Peek().CompareTo("Details") == 0)
{
if (tempAffectedItem != null)
{
tempAffectedItem.addDetail(content);
}
}
else if (elementStack.Peek().CompareTo("Affects") == 0)
{
if (tempAffectedItem != null)
{
tempAffectedItem.setNameANDSubDirectory(content);
}
}
else if (elementStack.Peek().CompareTo("Severity") == 0)
{
tempRiskFactor = RiskFactorFunction.getEnum(content);
}
else if (elementStack.Peek().CompareTo("Impact") == 0)
{
tempImpact = content;
}
else if (elementStack.Peek().CompareTo("Description") == 0)
{
tempDescription = content;
}
else if (elementStack.Peek().CompareTo("Recommendation") == 0)
{
tempRecommendation = content;
}
else if (elementStack.Peek().CompareTo("Request") == 0)
{
if (tempAffectedItem != null)
{
tempAffectedItem.addRequest(content);
}
}
else if (elementStack.Peek().CompareTo("Response") == 0)
{
if (tempAffectedItem != null)
{
tempAffectedItem.addResponse(content);
}
}
else if (elementStack.Peek().CompareTo("ModuleName") == 0)
{
tempModuleName = content;
}
else if (elementStack.Peek().CompareTo("IsFalsePositive") == 0)
{
tempIsFalsePositive = content;
}
else if (elementStack.Peek().CompareTo("AOP_SourceFile") == 0)
{
tempAOP_SourceFile = content;
}
else if (elementStack.Peek().CompareTo("AOP_SourceLine") == 0)
{
tempAOP_SourceLine = content;
}
else if (elementStack.Peek().CompareTo("AOP_Additional") == 0)
{
tempAOP_Additional = content;
}
else if (elementStack.Peek().CompareTo("Type") == 0)
{
tempType = content;
}
else if (elementStack.Peek().CompareTo("DetailedInformation") == 0)
{
tempDetailedInformation = content;
}
else if (elementStack.Peek().CompareTo("Database") == 0)
{
if (tempAcunetixReference != null)
{
tempAcunetixReference.setDatabases(content);
}
}
else if (elementStack.Peek().CompareTo("URL") == 0)
{
if (tempAcunetixReference != null)
{
tempAcunetixReference.setUrl(content);
}
}
}
}
//private int tempCounter = 0;
#endregion
protected override void startTag(string tag, Dictionary <string, string> attributes)
{
if (tag.CompareTo("SecScan") == 0)
{
this.tempIpList = attributes["IP"];
elementStack.Push(tag);
}
else if (tag.CompareTo("Check") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("SecScan") == 0)
{
if (attributes.ContainsKey("Grade") && attributes.ContainsKey("Name"))
{
this.tempRiskFactor = RiskFactorFunction.getEnum(scoreLookup[int.Parse(attributes["Grade"])]);
if (this.tempRiskFactor != RiskFactor.NULL && this.tempRiskFactor != RiskFactor.NA)
{
this.tempPluginName = attributes["Name"];
elementStack.Push(tag);
}
else
{
this.tempRiskFactor = RiskFactor.NULL;
}
}
}
}
else if (tag.CompareTo("Advice") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Check") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("Detail") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Check") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("UpdateData") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Detail") == 0)
{
if (attributes.ContainsKey("IsInstalled") &&
attributes.ContainsKey("RestartRequired") &&
attributes.ContainsKey("Severity"))
{
this.tempRiskFactor = RiskFactor.NULL;
elementStack.Push(tag);
if (attributes["IsInstalled"] == "false" ||
attributes["RestartRequired"] == "true")
{
this.tempRiskFactor = RiskFactorFunction.getEnum(severityLookup[int.Parse(attributes["Severity"])]);
if (tempRiskFactor != RiskFactor.NA)
{
tempPluginId = attributes["ID"];
if (String.IsNullOrEmpty(tempPluginName))
{
tempPluginName = tempPluginId;
}
else
{
tempPluginName = tempPluginId;
}
if (attributes["IsInstalled"] == "false")
{
tempDescription = "The software update was not installed.";
}
else
{
tempDescription = "Installation of the software update was not completed. You must restart your computer to finish the installation";
}
}
}
}
}
}
else if (tag.CompareTo("Title") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("UpdateData") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("References") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("UpdateData") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("BulletinURL") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("References") == 0)
{
elementStack.Push(tag);
}
}
else if (tag.CompareTo("Head") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Detail") == 0)
{
tableHeader.Clear();
tableColCounter = 0;
isTableHeader = true;
elementStack.Push(tag);
}
}
else if (tag.CompareTo("Row") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("Detail") == 0)
{
if (attributes.ContainsKey("Grade"))
{
RiskFactor tempRF = RiskFactorFunction.getEnum(scoreLookup[int.Parse(attributes["Grade"])]);
if (tempRiskFactor != RiskFactor.NULL &&
tempRiskFactor != RiskFactor.NA)
{
this.tempRiskFactor = tempRF;
tableColCounter = 0;
isTableHeader = false;
elementStack.Push(tag);
}
}
}
}
else if (tag.CompareTo("Col") == 0)
{
if (elementStack.Count != 0 &&
tempRiskFactor != RiskFactor.NULL &&
tempRiskFactor != RiskFactor.NA &&
(elementStack.Peek().CompareTo("Row") == 0 ||
elementStack.Peek().CompareTo("Head") == 0))
{
string tempTag = elementStack.Pop();
if (elementStack.Peek().CompareTo("Detail") == 0)
{
elementStack.Push(tempTag);
elementStack.Push(tag);
}
else
{
elementStack.Push(tempTag);
}
}
}
else if (tag.CompareTo("SETTINGS") == 0)
{
elementStack.Push(tag);
}
else if (tag.CompareTo("OtherIDs") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("UpdateData") == 0)
{
//Console.WriteLine(tag);
elementStack.Push(tag);
}
}
else if (tag.CompareTo("OtherID") == 0)
{
if (elementStack.Count != 0 &&
elementStack.Peek().CompareTo("OtherIDs") == 0)
{
if (attributes.ContainsKey("Type"))
{
switch (attributes["Type"])
{
case "CVE":
tempType = "CVE";
//Console.WriteLine(tag);
elementStack.Push(tag);
break;
case "BID":
tempType = "BID";
//Console.WriteLine(tag);
elementStack.Push(tag);
break;
case "OSVDB":
tempType = "OSVDB";
//Console.WriteLine(tag);
elementStack.Push(tag);
break;
default:
break;
}
}
}
}
}
/// <summary>
/// This is the output method.
/// It is used to output the file from given path and also given Record.
/// </summary>
/// <param name="path">the file path for output</param>
/// <param name="record">the Record for output</param>
public override void output(string path, ref Record.Record record)
{
#region // get Useful Data
List <DataEntry> highRisk = record.getHighRiskEntriesWithoutHotfix();
List <DataEntry> mediumRisk = record.getMediumRiskEntriesWithoutHotfix();
List <DataEntry> lowRisk = record.getLowRiskEntriesWithoutHotfix();
List <DataEntry> noneRisk = record.getNoneRiskEntriesWithoutHotfix();
Dictionary <int, DataEntry> openPort = new Dictionary <int, DataEntry>();
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
openPort = record.getOpenPort();
}
List <DataEntry> tempEntries = record.getWholeEntriesWithoutOpenPortAndHotfix();
Record.Record tempRecord = new Record.Record();
foreach (DataEntry entry in tempEntries)
{
tempRecord.guiAddEntry(entry);
}
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
foreach (DataEntry entry in openPort.Values)
{
tempRecord.guiAddEntry(entry);
}
}
RiskStats riskStats = tempRecord.getRiskStats();
#endregion
using (WordprocessingDocument wordDoc = WordprocessingDocument.Create(path, WordprocessingDocumentType.Document)) {
MainDocumentPart mainDocumentPart = wordDoc.AddMainDocumentPart();
styleDefinitionsPart = wordDoc.MainDocumentPart.StyleDefinitionsPart;
// If the Styles part does not exist, add it and then add the style.
if (styleDefinitionsPart == null)
{
styleDefinitionsPart = AddStylesPartToPackage(wordDoc);
// Code removed here...
}
AddNewStyle(styleDefinitionsPart, "entry_heading", "Entry_heading");
Document document = new Document();
Body body = new Body();
document.Append(body);
mainDocumentPart.Document = document;
#region // print Risk Statistics
// start output
addParagraph(body, "Risk Statistics", true, 5, false, false);
addParagraph(body, "High Risk: " + highRisk.Count, false, 2, false, false);
addParagraph(body, "Medium Risk: " + mediumRisk.Count, false, 2, false, false);
addParagraph(body, "Low Risk: " + lowRisk.Count, false, 2, false, false);
addParagraph(body, "None Risk: " + noneRisk.Count, false, 2, false, false);
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
addParagraph(body, "Open Port: " + openPort.Count, false, 2, false, false);
}
#endregion
#region // print Host Statistics
// Per host statistics
addParagraph(body, "Risk Statistics", true, 5, true, false);
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
String tempString = entry.Key;
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
if (hostRisk.Key != RiskFactor.OPEN ||
(hostRisk.Key == RiskFactor.OPEN && Program.state.panelOutputSelect_isOutputOpenPort))
{
tempString += " " + RiskFactorFunction.getEnumString(hostRisk.Key) + ": ";
if (hostRisk.Key != RiskFactor.OPEN)
{
tempString += hostRisk.Value.ToString();
}
else if (Program.state.panelOutputSelect_isOutputOpenPort)
{
bool isOutput = false;
foreach (DataEntry tempEntry in openPort.Values)
{
if (tempEntry.getIp() == entry.Key)
{
tempString += tempEntry.getDescription().Split(',').Length.ToString();
isOutput = true;
break;
}
}
if (!isOutput)
{
tempString += "0";
}
}
}
}
}
addParagraph(body, tempString, false, 0, false, false);
}
#endregion
#region // print HIGH/MEDIUM/LOW/NONE Findings
// High Risks
addParagraph(body, "High Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in highRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.HIGH));
}
// Medium Risks
addParagraph(body, "Medium Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in mediumRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.MEDIUM));
}
// Low Risks
addParagraph(body, "Low Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in lowRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.LOW));
}
// None Risks
addParagraph(body, "None Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in noneRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.NONE));
}
#endregion
#region // print Missing Hotfix findings
if (Program.state.panelOutputSelect_isOutputHotfix)
{
addParagraph(body, "Missing Hotfix Findings\n", true, 2, true, false);
addTable(body, buildTableHotfix(new Hotfix(record)));
}
#endregion
#region // print Open Port Findings
// Open Ports
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
addParagraph(body, "Open Ports Findings\n", true, 2, true, false);
addTable(body, buildTableOpenPort(openPort));
}
#endregion
#region // print IP Host Table
// Open Ports
if (Program.state.panelOutputSelect_isOutputIpHost)
{
addParagraph(body, "IP Host Table\n", true, 2, true, false);
addTable(body, buildTableIpHost());
}
#endregion
}
}
/// <summary>
/// This is the buildTable method.
/// It is used to build the table from given entry and riskFactor.
/// </summary>
/// <param name="entry">the DataEntry being transformed to a dictionary</param>
/// <param name="riskFactor">the RiskFactor of the entry.</param>
/// <returns>a dictionary with table's values</returns>
private Dictionary <KeyValuePair <int, int>, String> buildTable(DataEntry entry, RiskFactor riskFactor)
{
Dictionary <KeyValuePair <int, int>, String> table = new Dictionary <KeyValuePair <int, int>, string>();
// Hosts Affected
table[new KeyValuePair <int, int>(1, 1)] = "Hosts Affected:";
table[new KeyValuePair <int, int>(1, 2)] = entry.getIp();
// Description
table[new KeyValuePair <int, int>(2, 1)] = "Description";
table[new KeyValuePair <int, int>(2, 2)] = entry.getDescription();
// Impact
table[new KeyValuePair <int, int>(3, 1)] = "Impact:";
table[new KeyValuePair <int, int>(3, 2)] = entry.getImpact();
// Risk Level
table[new KeyValuePair <int, int>(4, 1)] = "Risk Level:";
table[new KeyValuePair <int, int>(4, 2)] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
table[new KeyValuePair <int, int>(5, 1)] = "Recommendation:";
table[new KeyValuePair <int, int>(5, 2)] = entry.getRecommendation();
// Reference
table[new KeyValuePair <int, int>(6, 1)] = "Reference:";
// CVE/BID/OSVDB
String tempString = "";
if (!String.IsNullOrEmpty(entry.getCve()) ||
!String.IsNullOrEmpty(entry.getBid()) ||
!String.IsNullOrEmpty(entry.getOsvdb()))
{
// CVE
if (!String.IsNullOrEmpty(entry.getCve()))
{
tempString = "CVE: " + entry.getCve() + "\n";
}
// BID
if (!String.IsNullOrEmpty(entry.getBid()))
{
tempString += "BID: " + entry.getBid() + "\n";
}
// OSVDB
if (!String.IsNullOrEmpty(entry.getOsvdb()))
{
tempString += "OSVDB: " + entry.getOsvdb();
}
}
else
{
tempString = "N/A";
}
table[new KeyValuePair <int, int>(6, 2)] = tempString;
// Reference Link
if (!String.IsNullOrEmpty(entry.getReferenceLink()))
{
table[new KeyValuePair <int, int>(7, 1)] = "Reference Link";
table[new KeyValuePair <int, int>(7, 2)] = entry.getReferenceLink();
}
return(table);
}
public Form4(List <int> indexArray, List <DataEntry> dataArray, int columnIndex)
{
this.indexArray = indexArray;
this.columnIndex = columnIndex;
InitializeComponent();
foreach (DataEntry entry in dataArray)
{
int n = dataGridViewOld.Rows.Add();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINNAME].Value = entry.getPluginName();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IPLIST].Value = entry.getIp();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.DESCRIPTION].Value = entry.getDescription();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IMPACT].Value = entry.getImpact();
if (entry.getRiskFactor() == RiskFactor.OPEN)
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = "OpenPort";
}
else
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = RiskFactorFunction.getEnumString(entry.getRiskFactor());
}
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RECOMMENDATION].Value = entry.getRecommendation();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.CVE].Value = entry.getCve();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.BID].Value = entry.getBid();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.OSVDB].Value = entry.getOsvdb();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.REFERENCELINK].Value = entry.getReferenceLink();
}
int no = dataGridViewNew.Rows.Add();
for (int i = 0; i < (int)ColumnIndex.MAX; i++)
{
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[0].Cells[i].Value;
}
}
/// <summary>
/// This is the FormEditFinding method.
/// It is used to display the current Form and fill the dataGridView with
/// given data.
/// </summary>
/// <param name="indexArray">list of indexes that selected from the dataGridView on the previous form</param>
/// <param name="dataArray">data to fill the dataGridView on this form</param>
public FormEditFinding(List <int> indexArray, List <DataEntry> dataArray)
{
bool haveNessus = false;
bool haveMBSA = false;
this.indexArray = indexArray;
InitializeComponent();
//buttonApplyToAll.Hide();
List <String> tempIPListNew = new List <String>();
List <String> tempBidListNew = new List <String>();
List <String> tempCveListNew = new List <String>();
List <String> tempOsvdbListNew = new List <String>();
List <String> tempReferenceLinkListNew = new List <String>();
// fill cell values on dataGridView dataGridViewOld.
foreach (DataEntry entry in dataArray)
{
int n = dataGridViewOld.Rows.Add();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINNAME].Value = entry.getPluginName();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IPLIST].Value = entry.getIp();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.DESCRIPTION].Value = entry.getDescription();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IMPACT].Value = entry.getImpact();
if (entry.getRiskFactor() == RiskFactor.OPEN)
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = "OpenPort";
}
else
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = RiskFactorFunction.getEnumString(entry.getRiskFactor());
}
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RECOMMENDATION].Value = entry.getRecommendation();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.CVE].Value = entry.getCve();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.BID].Value = entry.getBid();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.OSVDB].Value = entry.getOsvdb();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.REFERENCELINK].Value = entry.getReferenceLink();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.ENTRYTYPE].Value = entry.getEntryTypeString();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINVERSION].Value = entry.getpluginversion();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINID].Value = entry.getpluginID();
//check whether it is NESSUS + MBSA
if (entry.getEntryType() == DataEntry.EntryType.NESSUS)
{
haveNessus = true;
}
else if (entry.getEntryType() == DataEntry.EntryType.MBSA)
{
haveMBSA = true;
}
List <String> tempIpList = entry.getIpList();
foreach (string ip in tempIpList)
{
if (!String.IsNullOrEmpty(ip) && !tempIPListNew.Contains(ip))
{
tempIPListNew.Add(ip);
}
}
List <String> tempBidList = entry.getBidList();
foreach (string bid in tempBidList)
{
if (!String.IsNullOrEmpty(bid) && !tempBidListNew.Contains(bid))
{
tempBidListNew.Add(bid);
}
}
List <String> tempCveList = entry.getCveList();
foreach (string cve in tempCveList)
{
if (!String.IsNullOrEmpty(cve) && !tempCveListNew.Contains(cve))
{
tempCveListNew.Add(cve);
}
}
List <String> tempOsvdbList = entry.getOsvdbList();
foreach (string osvdb in tempOsvdbList)
{
if (!String.IsNullOrEmpty(osvdb) && !tempOsvdbListNew.Contains(osvdb))
{
tempOsvdbListNew.Add(osvdb);
}
}
String tempReferenceLink = entry.getReferenceLink();
if (!String.IsNullOrEmpty(tempReferenceLink) && !tempReferenceLinkListNew.Contains(tempReferenceLink))
{
tempReferenceLinkListNew.Add(tempReferenceLink);
}
}
String ips = "";
foreach (String ip in tempIPListNew)
{
ips += ip + ", ";
}
if (!String.IsNullOrEmpty(ips))
{
ips = ips.Substring(0, ips.Length - 2);
}
String bids = "";
foreach (String bid in tempBidListNew)
{
bids += bid + ", ";
}
if (!String.IsNullOrEmpty(bids))
{
bids = bids.Substring(0, bids.Length - 2);
}
String cves = "";
foreach (String cve in tempCveListNew)
{
cves += cve + ", ";
}
if (!String.IsNullOrEmpty(cves))
{
cves = cves.Substring(0, cves.Length - 2);
}
String osvdbs = "";
foreach (String osvdb in tempOsvdbListNew)
{
osvdbs += osvdb + ", ";
}
if (!String.IsNullOrEmpty(osvdbs))
{
osvdbs = osvdbs.Substring(0, osvdbs.Length - 2);
}
String referenceLinks = "";
foreach (String referenceLink in tempReferenceLinkListNew)
{
referenceLinks += referenceLink + ", ";
}
if (!String.IsNullOrEmpty(referenceLinks))
{
referenceLinks = referenceLinks.Substring(0, referenceLinks.Length - 2);
}
// fill cell values on dataGridView dataGridViewNew.
int no = dataGridViewNew.Rows.Add();
for (int i = 0; i < (int)ColumnIndex.MAX; i++)
{
if (i == (int)ColumnIndex.IPLIST)
{
dataGridViewNew.Rows[no].Cells[i].Value = ips;
continue;
}
if (i == (int)ColumnIndex.BID)
{
dataGridViewNew.Rows[no].Cells[i].Value = bids;
continue;
}
if (i == (int)ColumnIndex.CVE)
{
dataGridViewNew.Rows[no].Cells[i].Value = cves;
continue;
}
if (i == (int)ColumnIndex.OSVDB)
{
dataGridViewNew.Rows[no].Cells[i].Value = osvdbs;
continue;
}
if (i == (int)ColumnIndex.REFERENCELINK)
{
dataGridViewNew.Rows[no].Cells[i].Value = referenceLinks;
continue;
}
if (i == (int)ColumnIndex.ENTRYTYPE)
{
if (haveNessus && haveMBSA)
{
dataGridViewNew.Rows[no].Cells[i].Value = DataEntry.getEntryTypeString(DataEntry.EntryType.MBSA_NESSUS);
continue;
}
}
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[0].Cells[i].Value;
if (dataGridViewNew.Rows[no].Cells[i].Value.ToString() == "")
{
for (int j = 1; j < dataGridViewOld.Rows.Count; j++)
{
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[j].Cells[i].Value;
if (dataGridViewNew.Rows[no].Cells[i].Value.ToString() != "")
{
break;
}
}
}
}
this.TopMost = true;
this.TopMost = false;
}
public Record.Record getRecord()
{
// Create
sqlite_conn = new SQLiteConnection("Data source=" + path + ";Version=3;New=True;Compress=True;");
// Open
sqlite_conn.Open();
// Create command
sqlite_cmd = sqlite_conn.CreateCommand();
Record.Record tempRecord = new Record.Record();
sqlite_cmd.CommandText = "SELECT * " +
"FROM Record AS R " +
"WHERE (R.revisionNo = (SELECT MAX(R2.revisionNo) " +
"FROM Record AS R2 " +
"WHERE R.originalId = R2.originalId)" +
") OR " +
"R.revisionNo = 1;";
SQLiteDataReader sqlite_datareader = sqlite_cmd.ExecuteReader();
while (sqlite_datareader.Read())
{
// get the content of the text field
List <String> cveList = sqlite_datareader["cvelist"].ToString().Split(',').ToList <String>();
List <String> bidList = sqlite_datareader["bidlist"].ToString().Split(',').ToList <String>();
List <String> osvdbList = sqlite_datareader["osvdblist"].ToString().Split(',').ToList <String>();
for (int i = 0; i < cveList.Count; i++)
{
String tempString = "";
foreach (char c in cveList[i])
{
if (c != ' ')
{
tempString += c;
}
}
cveList[i] = tempString;
}
for (int i = 0; i < bidList.Count; i++)
{
String tempString = "";
foreach (char c in bidList[i])
{
if (c != ' ')
{
tempString += c;
}
}
bidList[i] = tempString;
}
for (int i = 0; i < osvdbList.Count; i++)
{
String tempString = "";
foreach (char c in osvdbList[i])
{
if (c != ' ')
{
tempString += c;
}
}
osvdbList[i] = tempString;
}
tempRecord.guiAddEntry(new NessusDataEntry(sqlite_datareader["pluginName"].ToString(),
sqlite_datareader["ipList"].ToString(),
sqlite_datareader["description"].ToString(),
sqlite_datareader["impact"].ToString(),
(int)RiskFactorFunction.getEnum(sqlite_datareader["riskfactor"].ToString()),
RiskFactorFunction.getEnum(sqlite_datareader["riskfactor"].ToString()),
sqlite_datareader["recommendation"].ToString(),
cveList,
bidList,
osvdbList,
sqlite_datareader["referenceLink"].ToString()));
}
sqlite_conn.Close();
return(tempRecord);
}
private DataEntry rowToDataEntry(DataGridViewRow row)
{
List <String> cveList = null;
if (row.Cells[(int)ColumnIndex.CVE].Value == null)
{
cveList = new List <string>();
}
else
{
cveList = row.Cells[(int)ColumnIndex.CVE].Value.ToString().Split(',').ToList <String>();
}
List <String> bidList = null;
if (row.Cells[(int)ColumnIndex.BID].Value == null)
{
bidList = new List <string>();
}
else
{
bidList = row.Cells[(int)ColumnIndex.BID].Value.ToString().Split(',').ToList <String>();
}
List <String> osvdbList = null;
if (row.Cells[(int)ColumnIndex.OSVDB].Value == null)
{
osvdbList = new List <string>();
}
else
{
osvdbList = row.Cells[(int)ColumnIndex.OSVDB].Value.ToString().Split(',').ToList <String>();
}
for (int i = 0; i < cveList.Count; i++)
{
String tempString = "";
foreach (char c in cveList[i])
{
if (c != ' ')
{
tempString += c;
}
}
cveList[i] = tempString;
}
for (int i = 0; i < bidList.Count; i++)
{
String tempString = "";
foreach (char c in bidList[i])
{
if (c != ' ')
{
tempString += c;
}
}
bidList[i] = tempString;
}
for (int i = 0; i < osvdbList.Count; i++)
{
String tempString = "";
foreach (char c in osvdbList[i])
{
if (c != ' ')
{
tempString += c;
}
}
osvdbList[i] = tempString;
}
return(new NessusDataEntry(row.Cells[(int)ColumnIndex.PLUGINNAME].Value.ToString(),
row.Cells[(int)ColumnIndex.IPLIST].Value.ToString(),
row.Cells[(int)ColumnIndex.DESCRIPTION].Value.ToString(),
row.Cells[(int)ColumnIndex.IMPACT].Value.ToString(),
(int)RiskFactorFunction.getEnum(row.Cells[(int)ColumnIndex.RISKFACTOR].Value.ToString()),
RiskFactorFunction.getEnum(row.Cells[(int)ColumnIndex.RISKFACTOR].Value.ToString()),
row.Cells[(int)ColumnIndex.RECOMMENDATION].Value.ToString(),
cveList,
bidList,
osvdbList,
row.Cells[(int)ColumnIndex.REFERENCELINK].Value.ToString()));
}
public override void output(string path, ref Record.Record record)
{
Dictionary <int, DataEntry> highRisk = record.getHighRisk();
Dictionary <int, DataEntry> mediumRisk = record.getMediumRisk();
Dictionary <int, DataEntry> lowRisk = record.getLowRisk();
Dictionary <int, DataEntry> noneRisk = record.getNoneRisk();
Dictionary <int, DataEntry> openPort = record.getOpenPort();
RiskStats riskStats = record.getRiskStats();
using (WordprocessingDocument wordDoc = WordprocessingDocument.Create(path, WordprocessingDocumentType.Document)) {
MainDocumentPart mainDocumentPart = wordDoc.AddMainDocumentPart();
Document document = new Document();
Body body = new Body();
document.Append(body);
mainDocumentPart.Document = document;
// start output
addParagraph(body, "Risk Statistics", true, 5, false, false);
addParagraph(body, "High Risk: " + highRisk.Count, false, 2, false, false);
addParagraph(body, "Medium Risk: " + mediumRisk.Count, false, 2, false, false);
addParagraph(body, "Low Risk: " + lowRisk.Count, false, 2, false, false);
addParagraph(body, "None Risk: " + noneRisk.Count, false, 2, false, false);
addParagraph(body, "Open Port: " + openPort.Count, false, 2, false, false);
// Per host statistics
addParagraph(body, "Risk Statistics", true, 5, true, false);
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
String tempString = entry.Key;
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
tempString += " " + RiskFactorFunction.getEnumString(hostRisk.Key) + ": " +
hostRisk.Value.ToString();
}
}
addParagraph(body, tempString, false, 0, false, false);
}
// High Risks
addParagraph(body, "High Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in highRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.HIGH));
}
// Medium Risks
addParagraph(body, "Medium Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in mediumRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.MEDIUM));
}
// Low Risks
addParagraph(body, "Low Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in lowRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.LOW));
}
// None Risks
addParagraph(body, "None Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in noneRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.NONE));
}
// Open Ports
addParagraph(body, "Open Ports Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in openPort)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.OPEN));
}
}
}
/// <summary>
/// This is the FormEditFinding method.
/// It is used to hide the current Form and display the Form
/// FormEditFindingString for user to edit.
/// </summary>
/// <param name="indexArray">list of indexes that selected from the dataGridView on the previous form</param>
/// <param name="dataArray">data to fill the dataGridView on this form (actually the next form)</param>
/// <param name="columnIndex">determine which column needs to display on next form</param>
public FormEditFinding(List <int> indexArray, List <DataEntry> dataArray, int columnIndex)
{
this.indexArray = indexArray;
this.columnIndex = columnIndex;
InitializeComponent();
//buttonApplyToAll.Show();
#region // actually useless on filling values on this form's dataGridViews
foreach (DataEntry entry in dataArray)
{
int n = dataGridViewOld.Rows.Add();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINNAME].Value = entry.getPluginName();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IPLIST].Value = entry.getIp();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.DESCRIPTION].Value = entry.getDescription();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IMPACT].Value = entry.getImpact();
if (entry.getRiskFactor() == RiskFactor.OPEN)
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = "OpenPort";
}
else
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = RiskFactorFunction.getEnumString(entry.getRiskFactor());
}
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RECOMMENDATION].Value = entry.getRecommendation();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.CVE].Value = entry.getCve();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.BID].Value = entry.getBid();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.OSVDB].Value = entry.getOsvdb();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.REFERENCELINK].Value = entry.getReferenceLink();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.ENTRYTYPE].Value = entry.getEntryTypeString();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINVERSION].Value = entry.getpluginversion();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINID].Value = entry.getpluginID();
}
int no = dataGridViewNew.Rows.Add();
for (int i = 0; i < (int)ColumnIndex.MAX; i++)
{
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[0].Cells[i].Value;
}
#endregion
}