private String[] buildNmapStringArray(DataEntry entry)
{
String[] stringArray = new String[12];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
stringArray[3] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
stringArray[4] = entry.getFileName();
stringArray[5] = entry.getEntryTypeString();
stringArray[6] = ((NmapDataEntry)entry).getOS();
stringArray[7] = ((NmapDataEntry)entry).getOSDetail();
stringArray[8] = ((NmapDataEntry)entry).getOpenPortListString();
stringArray[9] = ((NmapDataEntry)entry).getClosedPortListString();
stringArray[10] = ((NmapDataEntry)entry).getFilteredPortListString();
stringArray[11] = ((NmapDataEntry)entry).getUnknownPortListString();
return(stringArray);
}
public void guiInsertUpdateRecordToDatabase(DataEntry entry, int oldId)
{
int revisionNo = getRevisionNo(oldId);
// Create
sqlite_conn = new SQLiteConnection("Data source=" + path + ";Version=3;New=True;Compress=True;");
// Open
sqlite_conn.Open();
// Create command
sqlite_cmd = sqlite_conn.CreateCommand();
String pluginName = addSlash(entry.getPluginName());
String ipList = addSlash(entry.getIp());
String description = addSlash(entry.getDescription());
String impact = addSlash(entry.getImpact());
String riskFactor = addSlash(RiskFactorFunction.getEnumString(entry.getRiskFactor()));
String recommendation = addSlash(entry.getRecommendation());
String bidList = addSlash(entry.getBid());
String cveList = addSlash(entry.getCve());
String osvdbList = addSlash(entry.getOsvdb());
String referenceLink = addSlash(entry.getReferenceLink());
sqlite_cmd.CommandText = "INSERT INTO Record (" +
"id," +
"originalId," +
"pluginName," +
"ipList," +
"description," +
"impact," +
"riskfactor," +
"recommendation," +
"bidlist," +
"cvelist," +
"osvdblist," +
"referenceLink," +
"revisionNo" +
")" +
"VALUES (" +
"NULL," + // pluginId (null means auto increment)
"'" + oldId + "'," + // originalId
"'" + pluginName + "'," + // pluginName
"'" + ipList + "'," + // ipList
"'" + description + "'," + // description
"'" + impact + "'," + // impact
"'" + riskFactor + "'," + // riskfactor
"'" + recommendation + "'," + // recommendation
"'" + bidList + "'," + // bidlist
"'" + cveList + "'," + // cvelist
"'" + osvdbList + "'," + // osvdblist
"'" + referenceLink + "'," + // referenceLink
"'" + revisionNo + "'" + // revisionNo
");";
// execute the command
sqlite_cmd.ExecuteNonQuery();
sqlite_conn.Close();
}
private String[] buildMbsaStringArray(DataEntry entry)
{
String[] stringArray = new String[35];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
// Recommendations
stringArray[5] = entry.getRecommendation();
stringArray[6] = entry.getBid();
stringArray[7] = entry.getCve();
stringArray[8] = entry.getOsvdb();
stringArray[9] = entry.getReferenceLink();
stringArray[10] = entry.getFileName();
stringArray[11] = entry.getEntryTypeString();
stringArray[12] = ((MBSADataEntry)entry).getCheckID();
stringArray[13] = ((MBSADataEntry)entry).getCheckGrade();
stringArray[14] = ((MBSADataEntry)entry).getCheckType();
stringArray[15] = ((MBSADataEntry)entry).getCheckCat();
stringArray[16] = ((MBSADataEntry)entry).getCheckRank();
stringArray[17] = ((MBSADataEntry)entry).getCheckName();
stringArray[18] = ((MBSADataEntry)entry).getCheckURL1();
stringArray[19] = ((MBSADataEntry)entry).getCheckURL2();
stringArray[20] = ((MBSADataEntry)entry).getCheckGroupID();
stringArray[21] = ((MBSADataEntry)entry).getCheckGroupName();
stringArray[22] = ((MBSADataEntry)entry).getDetailText();
stringArray[23] = ((MBSADataEntry)entry).getUpdateDataIsInstalled();
stringArray[24] = ((MBSADataEntry)entry).getUpdateDataRestartRequired();
stringArray[25] = ((MBSADataEntry)entry).getUpdateDataID();
stringArray[26] = ((MBSADataEntry)entry).getUpdateDataGUID();
stringArray[27] = ((MBSADataEntry)entry).getUpdateDataBulletinID();
stringArray[28] = ((MBSADataEntry)entry).getUpdateDataKBID();
stringArray[29] = ((MBSADataEntry)entry).getUpdateDataType();
stringArray[30] = ((MBSADataEntry)entry).getUpdateDataInformationURL();
stringArray[31] = ((MBSADataEntry)entry).getUpdateDataDownloadURL();
stringArray[32] = ((MBSADataEntry)entry).getSeverityString();
stringArray[33] = ((MBSADataEntry)entry).getTableHeaderString();
stringArray[34] = ((MBSADataEntry)entry).getTableRowDataString();
return(stringArray);
}
private String[] buildStringArray(DataEntry entry, RiskFactor riskFactor)
{
String[] stringArray = new String[9];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
String tempString = "";
foreach (String ip in entry.getIpList())
{
tempString += ip + '\n';
}
stringArray[1] = tempString.Substring(0, tempString.Length - 1);
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
stringArray[5] = entry.getRecommendation();
// Reference
// CVE
tempString = "N/A";
if (entry.getCve() != null)
{
tempString = entry.getCve();
}
stringArray[6] = tempString;
// BID
tempString = "N/A";
if (entry.getBid() != null)
{
tempString = entry.getBid();
}
stringArray[7] = tempString;
// OSVDB
tempString = "N/A";
if (entry.getOsvdb() != null)
{
tempString = entry.getOsvdb();
}
stringArray[8] = tempString;
return(stringArray);
}
/// <summary>
/// This is the buildStringArray method.
/// It is used to build an array of String from given entry and riskFactor.
/// </summary>
/// <param name="entry">the DataEntry being transformed to a string array</param>
/// <param name="riskFactor">the RiskFactor of the entry</param>
/// <returns>a string array being transformed to a xlsx row</returns>
private String[] buildStringArray(DataEntry entry, RiskFactor riskFactor)
{
String[] stringArray = new String[10];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
stringArray[5] = entry.getRecommendation();
// Reference
// CVE
String tempString = "N/A";
if (entry.getCve() != null)
{
tempString = entry.getCve();
}
stringArray[6] = tempString;
// BID
tempString = "N/A";
if (entry.getBid() != null)
{
tempString = entry.getBid();
}
stringArray[7] = tempString;
// OSVDB
tempString = "N/A";
if (entry.getOsvdb() != null)
{
tempString = entry.getOsvdb();
}
stringArray[8] = tempString;
// Reference Link
stringArray[9] = entry.getReferenceLink();
return(stringArray);
}
private String[] buildNessusStringArray(DataEntry entry)
{
String[] stringArray = new String[26];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
// Recommendations
stringArray[5] = entry.getRecommendation();
stringArray[6] = entry.getBid();
stringArray[7] = entry.getCve();
stringArray[8] = entry.getOsvdb();
stringArray[9] = entry.getReferenceLink();
stringArray[10] = entry.getFileName();
stringArray[11] = entry.getEntryTypeString();
stringArray[12] = ((NessusDataEntry)entry).getPort();
stringArray[13] = ((NessusDataEntry)entry).getProtocol();
stringArray[14] = ((NessusDataEntry)entry).getSvc_name();
stringArray[15] = ((NessusDataEntry)entry).getPluginFamily();
stringArray[16] = ((NessusDataEntry)entry).getPlugin_publication_date();
stringArray[17] = ((NessusDataEntry)entry).getPlugin_modification_date();
stringArray[18] = ((NessusDataEntry)entry).getCvss_vector();
stringArray[19] = ((NessusDataEntry)entry).getCvss_base_score();
stringArray[20] = ((NessusDataEntry)entry).getPlugin_output();
stringArray[21] = ((NessusDataEntry)entry).getPlugin_version();
stringArray[22] = ((NessusDataEntry)entry).getSee_also();
stringArray[23] = ((NessusDataEntry)entry).getPluginID();
stringArray[24] = ((NessusDataEntry)entry).getMicrosoftID();
stringArray[25] = ((NessusDataEntry)entry).getSeverityString();
return(stringArray);
}
private void insertRecordToDatabase(DataEntry entry)
{
String pluginName = addSlash(entry.getPluginName());
String ipList = addSlash(entry.getIp());
String description = addSlash(entry.getDescription());
String impact = addSlash(entry.getImpact());
String riskFactor = addSlash(RiskFactorFunction.getEnumString(entry.getRiskFactor()));
String recommendation = addSlash(entry.getRecommendation());
String bidList = addSlash(entry.getBid());
String cveList = addSlash(entry.getCve());
String osvdbList = addSlash(entry.getOsvdb());
String referenceLink = addSlash(entry.getReferenceLink());
sqlite_cmd.CommandText = "INSERT INTO Record (" +
"id," +
"originalId," +
"pluginName," +
"ipList," +
"description," +
"impact," +
"riskfactor," +
"recommendation," +
"bidlist," +
"cvelist," +
"osvdblist," +
"revisionNo" +
")" +
"VALUES (" +
"NULL," + // pluginId (null means auto increment)
"'" + originalId + "'," + // originalId
"'" + pluginName + "'," + // pluginName
"'" + ipList + "'," + // ipList
"'" + description + "'," + // description
"'" + impact + "'," + // impact
"'" + riskFactor + "'," + // riskfactor
"'" + recommendation + "'," + // recommendation
"'" + bidList + "'," + // bidlist
"'" + cveList + "'," + // cvelist
"'" + osvdbList + "'," + // osvdblist
"'" + "1" + "'" + // revisionNo
");";
originalId++;
// execute the command
sqlite_cmd.ExecuteNonQuery();
}
private String[] buildAcunetixStringArray(DataEntry entry, RiskFactor riskFactor, AffectedItem item)
{
String[] stringArray = new String[23];
// Plugin Name
stringArray[0] = entry.getPluginName();
// Hosts Affected
stringArray[1] = entry.getIp();
// Description
stringArray[2] = entry.getDescription();
// Impact
stringArray[3] = entry.getImpact();
// Risk Level
stringArray[4] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
stringArray[5] = entry.getRecommendation();
stringArray[6] = entry.getFileName();
stringArray[7] = ((AcunetixDataEntry)entry).getSubDomain();
stringArray[8] = item.getSubDirectory();
stringArray[9] = item.getDepartment();
stringArray[10] = item.getName();
stringArray[11] = item.getLink();
stringArray[12] = item.getDetail();
stringArray[13] = item.getRequest();
stringArray[14] = item.getResponse();
stringArray[15] = ((AcunetixDataEntry)entry).getModuleName();
stringArray[16] = ((AcunetixDataEntry)entry).getIsFalsePositive();
stringArray[17] = ((AcunetixDataEntry)entry).getAOP_SourceFile();
stringArray[18] = ((AcunetixDataEntry)entry).getAOP_SourceLine();
stringArray[19] = ((AcunetixDataEntry)entry).getAOP_Additional();
stringArray[20] = ((AcunetixDataEntry)entry).getDetailedInformation();
stringArray[21] = ((AcunetixDataEntry)entry).getAcunetixType();
stringArray[22] = ((AcunetixDataEntry)entry).getAcunetixReferenceListString();
return(stringArray);
}
private void createNextKeyRow()
{
table.Clear();
DataRow row;
String key = duplicateRecord.Keys.First();
tempEntryList = new List <DataEntry>();
foreach (DataEntry rawEntry in duplicateRecord[key])
{
int dbid = Program.state.panelRecordEdit_recordDatabaser.getDBID(rawEntry);
if (dbid == -1)
{
//error
break;
}
DataEntry entry = Program.state.panelRecordEdit_recordDatabaser.getEntryFromDatabaseId(dbid);
row = table.NewRow();
String MicrosoftID = key.Substring(0, key.IndexOf('@'));
row["Microsoft ID"] = MicrosoftID;
row["Plugin Name"] = entry.getPluginName();
row["Host Affected"] = entry.getIp();
row["Description"] = entry.getDescription();
row["Impact"] = entry.getImpact();
row["Risk Level"] = RiskFactorFunction.getEnumString(entry.getRiskFactor());
row["Recommendation"] = entry.getRecommendation();
row["Reference (CVE)"] = entry.getCve();
row["Reference (BID)"] = entry.getBid();
row["Reference (OSVDB)"] = entry.getOsvdb();
row["Reference Link"] = entry.getReferenceLink();
row["Entry Type"] = entry.getEntryTypeString();
table.Rows.Add(row);
tempEntryList.Add(entry);
}
duplicateRecord.Remove(key);
}
/*
* This is the buildTable method.
* It is used to create the table from given entry and riskFactor.
*/
private Dictionary <KeyValuePair <int, int>, String> buildTable(DataEntry entry, RiskFactor riskFactor)
{
Dictionary <KeyValuePair <int, int>, String> table = new Dictionary <KeyValuePair <int, int>, string>();
// Hosts Affected
table[new KeyValuePair <int, int>(1, 1)] = "Hosts Affected:";
String tempString = "";
foreach (String ip in entry.getIpList())
{
tempString += ip + '\n';
}
table[new KeyValuePair <int, int>(1, 2)] = tempString.Substring(0, tempString.Length - 1);
// Description
table[new KeyValuePair <int, int>(2, 1)] = "Description";
table[new KeyValuePair <int, int>(2, 2)] = entry.getDescription();
// Impact
table[new KeyValuePair <int, int>(3, 1)] = "Impact:";
table[new KeyValuePair <int, int>(3, 2)] = entry.getImpact();
// Risk Level
table[new KeyValuePair <int, int>(4, 1)] = "Risk Level:";
table[new KeyValuePair <int, int>(4, 2)] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
table[new KeyValuePair <int, int>(5, 1)] = "Recommendation:";
table[new KeyValuePair <int, int>(5, 2)] = entry.getRecommendation();
// Reference
bool hasRef = false;
table[new KeyValuePair <int, int>(6, 1)] = "Reference:";
tempString = "";
// CVE
if (entry.getCve() != null)
{
hasRef = true;
tempString = "CVE: " + entry.getCve() + "\n";
}
// BID
if (entry.getBid() != null)
{
hasRef = true;
tempString += "BID: " + entry.getBid() + "\n";
}
// OSVDB
if (entry.getOsvdb() != null)
{
hasRef = true;
tempString += "OSVDB: " + entry.getOsvdb();
}
if (!hasRef)
{
tempString = "N/A";
}
table[new KeyValuePair <int, int>(6, 2)] = tempString;
return(table);
}
private String getOutput(ref Record.Record record)
{
Dictionary <int, DataEntry> highRisk = record.getHighRisk();
Dictionary <int, DataEntry> mediumRisk = record.getMediumRisk();
Dictionary <int, DataEntry> lowRisk = record.getLowRisk();
Dictionary <int, DataEntry> noneRisk = record.getNoneRisk();
Dictionary <int, DataEntry> openPort = record.getOpenPort();
RiskStats riskStats = record.getRiskStats();
StringBuilder sb = new StringBuilder();
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
sb.Append("<br>High Risk: " + highRisk.Count + "\n");
sb.Append("<br>Medium Risk: " + mediumRisk.Count + "\n");
sb.Append("<br>Low Risk: " + lowRisk.Count + "\n");
sb.Append("<br>None Risk: " + noneRisk.Count + "\n");
sb.Append("<br>Open Port: " + openPort.Count + "\n");
sb.Append("</DIV>" + "\n");
// Per host statistics
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
sb.Append("<br/>");
sb.Append(HTMLOutputFormater.forHTML(entry.Key));
sb.Append(":\t");
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
sb.Append(HTMLOutputFormater.forHTML(RiskFactorFunction.getEnumString(hostRisk.Key) + " : "));
sb.Append(HTMLOutputFormater.forHTML(hostRisk.Value.ToString()) + '\t');
}
}
}
sb.Append("</DIV>" + "\n");
// High Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>High Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in highRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.HIGH));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Medium Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Medium Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in mediumRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.MEDIUM));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Low Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Low Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in lowRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.LOW));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// None Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>None Risk Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in noneRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.NONE));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Open Ports
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Open Ports Findings</H4>" + "\n");
foreach (KeyValuePair <int, DataEntry> entry in openPort)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry.Value, RiskFactor.OPEN));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
return(sb.ToString());
}
private String getDataEntryHTML(DataEntry entry, RiskFactor riskFactor)
{
String HTML_TABLE_START = "<table border=\"1\">";
String HTML_TABLE_END = "</table>\n";
StringBuilder sb = new StringBuilder();
sb.Append("<H5>" + HTMLOutputFormater.forHTML(entry.getPluginName()) + "</H5>");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
// Hosts Affected
sb.Append("<TR>\n");
sb.Append("<TD>Hosts Affected:</TD>\n");
sb.Append("<TD>");
foreach (String ip in entry.getIpList())
{
sb.Append(ip + "<br/>");
}
sb.Remove(sb.Length - 5, 5);
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Description
sb.Append("<TR>\n");
sb.Append("<TD>Description:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Impact
sb.Append("<TR>\n");
sb.Append("<TD>Impact:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getImpact()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Risk Level
sb.Append("<TR>\n");
sb.Append("<TD>Risk Level: </TD>\n");
sb.Append("<TD>");
sb.Append(RiskFactorFunction.getEnumString(riskFactor));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Recommendations
sb.Append("<TR>\n");
sb.Append("<TD>Recommendation:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getRecommendation()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Reference
bool hasRef = false;
sb.Append("<TR>\n");
sb.Append("<TD>Reference:</TD>\n");
sb.Append("<TD>");
// CVE
if (entry.getCve() != null)
{
hasRef = true;
sb.Append("CVE: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getCve()));
sb.Append("<br/>");
}
// BID
if (entry.getBid() != null)
{
hasRef = true;
sb.Append("BID: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getBid()));
sb.Append("<br/>");
}
// OSVDB
if (entry.getOsvdb() != null)
{
hasRef = true;
sb.Append("OSVDB: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getOsvdb()));
sb.Append("<br/>");
}
if (hasRef)
{
sb.Remove(sb.Length - 5, 5);
}
else
{
sb.Append("N/A");
}
sb.Append("</TD>\n");
sb.Append("</TR>\n");
sb.Append(HTML_TABLE_END);
return(sb.ToString());
}
public override void output(string path, ref Record.Record record)
{
Dictionary <int, DataEntry> highRisk = record.getHighRisk();
Dictionary <int, DataEntry> mediumRisk = record.getMediumRisk();
Dictionary <int, DataEntry> lowRisk = record.getLowRisk();
Dictionary <int, DataEntry> noneRisk = record.getNoneRisk();
Dictionary <int, DataEntry> openPort = record.getOpenPort();
RiskStats riskStats = record.getRiskStats();
using (WordprocessingDocument wordDoc = WordprocessingDocument.Create(path, WordprocessingDocumentType.Document)) {
MainDocumentPart mainDocumentPart = wordDoc.AddMainDocumentPart();
Document document = new Document();
Body body = new Body();
document.Append(body);
mainDocumentPart.Document = document;
// start output
addParagraph(body, "Risk Statistics", true, 5, false, false);
addParagraph(body, "High Risk: " + highRisk.Count, false, 2, false, false);
addParagraph(body, "Medium Risk: " + mediumRisk.Count, false, 2, false, false);
addParagraph(body, "Low Risk: " + lowRisk.Count, false, 2, false, false);
addParagraph(body, "None Risk: " + noneRisk.Count, false, 2, false, false);
addParagraph(body, "Open Port: " + openPort.Count, false, 2, false, false);
// Per host statistics
addParagraph(body, "Risk Statistics", true, 5, true, false);
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
String tempString = entry.Key;
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
tempString += " " + RiskFactorFunction.getEnumString(hostRisk.Key) + ": " +
hostRisk.Value.ToString();
}
}
addParagraph(body, tempString, false, 0, false, false);
}
// High Risks
addParagraph(body, "High Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in highRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.HIGH));
}
// Medium Risks
addParagraph(body, "Medium Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in mediumRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.MEDIUM));
}
// Low Risks
addParagraph(body, "Low Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in lowRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.LOW));
}
// None Risks
addParagraph(body, "None Risk Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in noneRisk)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.NONE));
}
// Open Ports
addParagraph(body, "Open Ports Findings\n", true, 2, true, false);
foreach (KeyValuePair <int, DataEntry> entry in openPort)
{
addParagraph(body, entry.Value.getPluginName(), true, 0, true, false);
addTable(body, buildTable(entry.Value, RiskFactor.OPEN));
}
}
}
/// <summary>
/// This is the output method.
/// It is used to output the file from given path and also given Record.
/// </summary>
/// <param name="path">the file path for output</param>
/// <param name="record">the Record for output</param>
public override void output(string path, ref Record.Record record)
{
#region // get Useful Data
List <DataEntry> highRisk = record.getHighRiskEntriesWithoutHotfix();
List <DataEntry> mediumRisk = record.getMediumRiskEntriesWithoutHotfix();
List <DataEntry> lowRisk = record.getLowRiskEntriesWithoutHotfix();
List <DataEntry> noneRisk = record.getNoneRiskEntriesWithoutHotfix();
Dictionary <int, DataEntry> openPort = new Dictionary <int, DataEntry>();
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
openPort = record.getOpenPort();
}
List <DataEntry> tempEntries = record.getWholeEntriesWithoutOpenPortAndHotfix();
Record.Record tempRecord = new Record.Record();
foreach (DataEntry entry in tempEntries)
{
tempRecord.guiAddEntry(entry);
}
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
foreach (DataEntry entry in openPort.Values)
{
tempRecord.guiAddEntry(entry);
}
}
RiskStats riskStats = tempRecord.getRiskStats();
#endregion
using (WordprocessingDocument wordDoc = WordprocessingDocument.Create(path, WordprocessingDocumentType.Document)) {
MainDocumentPart mainDocumentPart = wordDoc.AddMainDocumentPart();
styleDefinitionsPart = wordDoc.MainDocumentPart.StyleDefinitionsPart;
// If the Styles part does not exist, add it and then add the style.
if (styleDefinitionsPart == null)
{
styleDefinitionsPart = AddStylesPartToPackage(wordDoc);
// Code removed here...
}
AddNewStyle(styleDefinitionsPart, "entry_heading", "Entry_heading");
Document document = new Document();
Body body = new Body();
document.Append(body);
mainDocumentPart.Document = document;
#region // print Risk Statistics
// start output
addParagraph(body, "Risk Statistics", true, 5, false, false);
addParagraph(body, "High Risk: " + highRisk.Count, false, 2, false, false);
addParagraph(body, "Medium Risk: " + mediumRisk.Count, false, 2, false, false);
addParagraph(body, "Low Risk: " + lowRisk.Count, false, 2, false, false);
addParagraph(body, "None Risk: " + noneRisk.Count, false, 2, false, false);
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
addParagraph(body, "Open Port: " + openPort.Count, false, 2, false, false);
}
#endregion
#region // print Host Statistics
// Per host statistics
addParagraph(body, "Risk Statistics", true, 5, true, false);
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
String tempString = entry.Key;
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
if (hostRisk.Key != RiskFactor.OPEN ||
(hostRisk.Key == RiskFactor.OPEN && Program.state.panelOutputSelect_isOutputOpenPort))
{
tempString += " " + RiskFactorFunction.getEnumString(hostRisk.Key) + ": ";
if (hostRisk.Key != RiskFactor.OPEN)
{
tempString += hostRisk.Value.ToString();
}
else if (Program.state.panelOutputSelect_isOutputOpenPort)
{
bool isOutput = false;
foreach (DataEntry tempEntry in openPort.Values)
{
if (tempEntry.getIp() == entry.Key)
{
tempString += tempEntry.getDescription().Split(',').Length.ToString();
isOutput = true;
break;
}
}
if (!isOutput)
{
tempString += "0";
}
}
}
}
}
addParagraph(body, tempString, false, 0, false, false);
}
#endregion
#region // print HIGH/MEDIUM/LOW/NONE Findings
// High Risks
addParagraph(body, "High Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in highRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.HIGH));
}
// Medium Risks
addParagraph(body, "Medium Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in mediumRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.MEDIUM));
}
// Low Risks
addParagraph(body, "Low Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in lowRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.LOW));
}
// None Risks
addParagraph(body, "None Risk Findings\n", true, 2, true, false);
foreach (DataEntry entry in noneRisk)
{
addParagraph(body, entry.getPluginName(), true, 0, true, false, true);
addTable(body, buildTable(entry, RiskFactor.NONE));
}
#endregion
#region // print Missing Hotfix findings
if (Program.state.panelOutputSelect_isOutputHotfix)
{
addParagraph(body, "Missing Hotfix Findings\n", true, 2, true, false);
addTable(body, buildTableHotfix(new Hotfix(record)));
}
#endregion
#region // print Open Port Findings
// Open Ports
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
addParagraph(body, "Open Ports Findings\n", true, 2, true, false);
addTable(body, buildTableOpenPort(openPort));
}
#endregion
#region // print IP Host Table
// Open Ports
if (Program.state.panelOutputSelect_isOutputIpHost)
{
addParagraph(body, "IP Host Table\n", true, 2, true, false);
addTable(body, buildTableIpHost());
}
#endregion
}
}
/// <summary>
/// This is the FormEditFinding method.
/// It is used to display the current Form and fill the dataGridView with
/// given data.
/// </summary>
/// <param name="indexArray">list of indexes that selected from the dataGridView on the previous form</param>
/// <param name="dataArray">data to fill the dataGridView on this form</param>
public FormEditFinding(List <int> indexArray, List <DataEntry> dataArray)
{
bool haveNessus = false;
bool haveMBSA = false;
this.indexArray = indexArray;
InitializeComponent();
//buttonApplyToAll.Hide();
List <String> tempIPListNew = new List <String>();
List <String> tempBidListNew = new List <String>();
List <String> tempCveListNew = new List <String>();
List <String> tempOsvdbListNew = new List <String>();
List <String> tempReferenceLinkListNew = new List <String>();
// fill cell values on dataGridView dataGridViewOld.
foreach (DataEntry entry in dataArray)
{
int n = dataGridViewOld.Rows.Add();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINNAME].Value = entry.getPluginName();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IPLIST].Value = entry.getIp();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.DESCRIPTION].Value = entry.getDescription();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IMPACT].Value = entry.getImpact();
if (entry.getRiskFactor() == RiskFactor.OPEN)
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = "OpenPort";
}
else
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = RiskFactorFunction.getEnumString(entry.getRiskFactor());
}
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RECOMMENDATION].Value = entry.getRecommendation();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.CVE].Value = entry.getCve();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.BID].Value = entry.getBid();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.OSVDB].Value = entry.getOsvdb();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.REFERENCELINK].Value = entry.getReferenceLink();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.ENTRYTYPE].Value = entry.getEntryTypeString();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINVERSION].Value = entry.getpluginversion();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINID].Value = entry.getpluginID();
//check whether it is NESSUS + MBSA
if (entry.getEntryType() == DataEntry.EntryType.NESSUS)
{
haveNessus = true;
}
else if (entry.getEntryType() == DataEntry.EntryType.MBSA)
{
haveMBSA = true;
}
List <String> tempIpList = entry.getIpList();
foreach (string ip in tempIpList)
{
if (!String.IsNullOrEmpty(ip) && !tempIPListNew.Contains(ip))
{
tempIPListNew.Add(ip);
}
}
List <String> tempBidList = entry.getBidList();
foreach (string bid in tempBidList)
{
if (!String.IsNullOrEmpty(bid) && !tempBidListNew.Contains(bid))
{
tempBidListNew.Add(bid);
}
}
List <String> tempCveList = entry.getCveList();
foreach (string cve in tempCveList)
{
if (!String.IsNullOrEmpty(cve) && !tempCveListNew.Contains(cve))
{
tempCveListNew.Add(cve);
}
}
List <String> tempOsvdbList = entry.getOsvdbList();
foreach (string osvdb in tempOsvdbList)
{
if (!String.IsNullOrEmpty(osvdb) && !tempOsvdbListNew.Contains(osvdb))
{
tempOsvdbListNew.Add(osvdb);
}
}
String tempReferenceLink = entry.getReferenceLink();
if (!String.IsNullOrEmpty(tempReferenceLink) && !tempReferenceLinkListNew.Contains(tempReferenceLink))
{
tempReferenceLinkListNew.Add(tempReferenceLink);
}
}
String ips = "";
foreach (String ip in tempIPListNew)
{
ips += ip + ", ";
}
if (!String.IsNullOrEmpty(ips))
{
ips = ips.Substring(0, ips.Length - 2);
}
String bids = "";
foreach (String bid in tempBidListNew)
{
bids += bid + ", ";
}
if (!String.IsNullOrEmpty(bids))
{
bids = bids.Substring(0, bids.Length - 2);
}
String cves = "";
foreach (String cve in tempCveListNew)
{
cves += cve + ", ";
}
if (!String.IsNullOrEmpty(cves))
{
cves = cves.Substring(0, cves.Length - 2);
}
String osvdbs = "";
foreach (String osvdb in tempOsvdbListNew)
{
osvdbs += osvdb + ", ";
}
if (!String.IsNullOrEmpty(osvdbs))
{
osvdbs = osvdbs.Substring(0, osvdbs.Length - 2);
}
String referenceLinks = "";
foreach (String referenceLink in tempReferenceLinkListNew)
{
referenceLinks += referenceLink + ", ";
}
if (!String.IsNullOrEmpty(referenceLinks))
{
referenceLinks = referenceLinks.Substring(0, referenceLinks.Length - 2);
}
// fill cell values on dataGridView dataGridViewNew.
int no = dataGridViewNew.Rows.Add();
for (int i = 0; i < (int)ColumnIndex.MAX; i++)
{
if (i == (int)ColumnIndex.IPLIST)
{
dataGridViewNew.Rows[no].Cells[i].Value = ips;
continue;
}
if (i == (int)ColumnIndex.BID)
{
dataGridViewNew.Rows[no].Cells[i].Value = bids;
continue;
}
if (i == (int)ColumnIndex.CVE)
{
dataGridViewNew.Rows[no].Cells[i].Value = cves;
continue;
}
if (i == (int)ColumnIndex.OSVDB)
{
dataGridViewNew.Rows[no].Cells[i].Value = osvdbs;
continue;
}
if (i == (int)ColumnIndex.REFERENCELINK)
{
dataGridViewNew.Rows[no].Cells[i].Value = referenceLinks;
continue;
}
if (i == (int)ColumnIndex.ENTRYTYPE)
{
if (haveNessus && haveMBSA)
{
dataGridViewNew.Rows[no].Cells[i].Value = DataEntry.getEntryTypeString(DataEntry.EntryType.MBSA_NESSUS);
continue;
}
}
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[0].Cells[i].Value;
if (dataGridViewNew.Rows[no].Cells[i].Value.ToString() == "")
{
for (int j = 1; j < dataGridViewOld.Rows.Count; j++)
{
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[j].Cells[i].Value;
if (dataGridViewNew.Rows[no].Cells[i].Value.ToString() != "")
{
break;
}
}
}
}
this.TopMost = true;
this.TopMost = false;
}
/// <summary>
/// This is the getDataEntryHTML method.
/// It is used to create a string for HTML output from given entry and
/// RiskFactor.
/// </summary>
/// <param name="entry">the DataEntry being transformed to HTML text string</param>
/// <param name="riskFactor">riskFactor of that entry</param>
/// <returns>a HTML string text for that entry</returns>
private String getDataEntryHTML(DataEntry entry, RiskFactor riskFactor)
{
StringBuilder sb = new StringBuilder();
sb.Append("<H5>" + HTMLOutputFormater.forHTML(entry.getPluginName()) + "</H5>");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
// Hosts Affected
sb.Append("<TR>\n");
sb.Append("<TD>Hosts Affected:</TD>\n");
sb.Append("<TD>");
sb.Append(entry.getIp());
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Description
sb.Append("<TR>\n");
sb.Append("<TD>Description:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Impact
sb.Append("<TR>\n");
sb.Append("<TD>Impact:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getImpact()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Risk Level
sb.Append("<TR>\n");
sb.Append("<TD>Risk Level: </TD>\n");
sb.Append("<TD>");
sb.Append(RiskFactorFunction.getEnumString(riskFactor));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Recommendations
sb.Append("<TR>\n");
sb.Append("<TD>Recommendation:</TD>\n");
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getRecommendation()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Reference
bool hasRef = false;
sb.Append("<TR>\n");
sb.Append("<TD>Reference:</TD>\n");
sb.Append("<TD>");
// CVE/BID/OSVDB
if (!String.IsNullOrEmpty(entry.getCve()) || !String.IsNullOrEmpty(entry.getBid()) || !String.IsNullOrEmpty(entry.getOsvdb()))
{
// CVE
if (!String.IsNullOrEmpty(entry.getCve()))
{
hasRef = true;
sb.Append("CVE: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getCve()));
sb.Append("<br/>");
}
// BID
if (!String.IsNullOrEmpty(entry.getBid()))
{
hasRef = true;
sb.Append("BID: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getBid()));
sb.Append("<br/>");
}
// OSVDB
if (!String.IsNullOrEmpty(entry.getOsvdb()))
{
hasRef = true;
sb.Append("OSVDB: ");
sb.Append(HTMLOutputFormater.forHTML(entry.getOsvdb()));
sb.Append("<br/>");
}
}
if (hasRef)
{
sb.Remove(sb.Length - 5, 5);
}
else
{
sb.Append("N/A");
}
sb.Append("</TD>\n");
sb.Append("</TR>\n");
// Reference Link
if (!String.IsNullOrEmpty(entry.getReferenceLink()))
{
sb.Append("<TR>\n");
sb.Append("<TD>Reference Link:</TD>\n");
sb.Append("<TD><a href=\"");
sb.Append(HTMLOutputFormater.forHTML(entry.getReferenceLink()).Replace("\n", "<br/>"));
sb.Append("\" target=\"_blank\" >" + HTMLOutputFormater.forHTML(entry.getReferenceLink()).Replace("\n", "<br/>") + "</a></TD>\n");
sb.Append("</TR>\n");
}
sb.Append(HTML_TABLE_END);
return(sb.ToString());
}
/// <summary>
/// This is the buildTable method.
/// It is used to build the table from given entry and riskFactor.
/// </summary>
/// <param name="entry">the DataEntry being transformed to a dictionary</param>
/// <param name="riskFactor">the RiskFactor of the entry.</param>
/// <returns>a dictionary with table's values</returns>
private Dictionary <KeyValuePair <int, int>, String> buildTable(DataEntry entry, RiskFactor riskFactor)
{
Dictionary <KeyValuePair <int, int>, String> table = new Dictionary <KeyValuePair <int, int>, string>();
// Hosts Affected
table[new KeyValuePair <int, int>(1, 1)] = "Hosts Affected:";
table[new KeyValuePair <int, int>(1, 2)] = entry.getIp();
// Description
table[new KeyValuePair <int, int>(2, 1)] = "Description";
table[new KeyValuePair <int, int>(2, 2)] = entry.getDescription();
// Impact
table[new KeyValuePair <int, int>(3, 1)] = "Impact:";
table[new KeyValuePair <int, int>(3, 2)] = entry.getImpact();
// Risk Level
table[new KeyValuePair <int, int>(4, 1)] = "Risk Level:";
table[new KeyValuePair <int, int>(4, 2)] = RiskFactorFunction.getEnumString(riskFactor);
// Recommendations
table[new KeyValuePair <int, int>(5, 1)] = "Recommendation:";
table[new KeyValuePair <int, int>(5, 2)] = entry.getRecommendation();
// Reference
table[new KeyValuePair <int, int>(6, 1)] = "Reference:";
// CVE/BID/OSVDB
String tempString = "";
if (!String.IsNullOrEmpty(entry.getCve()) ||
!String.IsNullOrEmpty(entry.getBid()) ||
!String.IsNullOrEmpty(entry.getOsvdb()))
{
// CVE
if (!String.IsNullOrEmpty(entry.getCve()))
{
tempString = "CVE: " + entry.getCve() + "\n";
}
// BID
if (!String.IsNullOrEmpty(entry.getBid()))
{
tempString += "BID: " + entry.getBid() + "\n";
}
// OSVDB
if (!String.IsNullOrEmpty(entry.getOsvdb()))
{
tempString += "OSVDB: " + entry.getOsvdb();
}
}
else
{
tempString = "N/A";
}
table[new KeyValuePair <int, int>(6, 2)] = tempString;
// Reference Link
if (!String.IsNullOrEmpty(entry.getReferenceLink()))
{
table[new KeyValuePair <int, int>(7, 1)] = "Reference Link";
table[new KeyValuePair <int, int>(7, 2)] = entry.getReferenceLink();
}
return(table);
}
public Form4(List <int> indexArray, List <DataEntry> dataArray, int columnIndex)
{
this.indexArray = indexArray;
this.columnIndex = columnIndex;
InitializeComponent();
foreach (DataEntry entry in dataArray)
{
int n = dataGridViewOld.Rows.Add();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINNAME].Value = entry.getPluginName();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IPLIST].Value = entry.getIp();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.DESCRIPTION].Value = entry.getDescription();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IMPACT].Value = entry.getImpact();
if (entry.getRiskFactor() == RiskFactor.OPEN)
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = "OpenPort";
}
else
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = RiskFactorFunction.getEnumString(entry.getRiskFactor());
}
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RECOMMENDATION].Value = entry.getRecommendation();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.CVE].Value = entry.getCve();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.BID].Value = entry.getBid();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.OSVDB].Value = entry.getOsvdb();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.REFERENCELINK].Value = entry.getReferenceLink();
}
int no = dataGridViewNew.Rows.Add();
for (int i = 0; i < (int)ColumnIndex.MAX; i++)
{
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[0].Cells[i].Value;
}
}
/// <summary>
/// This is the getOutput method.
/// It is used to create a series of string with HTML elements for the HTML
/// output.
/// </summary>
/// <param name="record">the Record for output</param>
/// <returns>a series of string with HTML tags for HTML output</returns>
private String getOutput(ref Record.Record record)
{
#region // get Useful Data
List <DataEntry> highRisk = record.getHighRiskEntriesWithoutHotfix();
List <DataEntry> mediumRisk = record.getMediumRiskEntriesWithoutHotfix();
List <DataEntry> lowRisk = record.getLowRiskEntriesWithoutHotfix();
List <DataEntry> noneRisk = record.getNoneRiskEntriesWithoutHotfix();
Dictionary <int, DataEntry> openPort = new Dictionary <int, DataEntry>();
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
openPort = record.getOpenPort();
}
List <DataEntry> tempEntries = record.getWholeEntriesWithoutOpenPortAndHotfix();
Record.Record tempRecord = new Record.Record();
foreach (DataEntry entry in tempEntries)
{
tempRecord.guiAddEntry(entry);
}
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
foreach (DataEntry entry in openPort.Values)
{
tempRecord.guiAddEntry(entry);
}
}
RiskStats riskStats = tempRecord.getRiskStats();
#endregion
StringBuilder sb = new StringBuilder();
#region // print Risk Statistics
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
sb.Append("<br>High Risk: " + highRisk.Count + "\n");
sb.Append("<br>Medium Risk: " + mediumRisk.Count + "\n");
sb.Append("<br>Low Risk: " + lowRisk.Count + "\n");
sb.Append("<br>None Risk: " + noneRisk.Count + "\n");
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
sb.Append("<br>Open Port: " + openPort.Count + "\n");
}
sb.Append("</DIV>" + "\n");
#endregion
#region // print Host Statistics
// Per host statistics
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Risk Statistics</H4>" + "\n");
foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats())
{
sb.Append("<br/>");
sb.Append(HTMLOutputFormater.forHTML(entry.Key));
sb.Append(":\t");
Dictionary <RiskFactor, int> hostRisks = entry.Value;
foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks)
{
if (hostRisk.Key != RiskFactor.NULL)
{
if (hostRisk.Key != RiskFactor.OPEN ||
(hostRisk.Key == RiskFactor.OPEN && Program.state.panelOutputSelect_isOutputOpenPort))
{
sb.Append(HTMLOutputFormater.forHTML(RiskFactorFunction.getEnumString(hostRisk.Key) + " : "));
if (hostRisk.Key != RiskFactor.OPEN)
{
sb.Append(HTMLOutputFormater.forHTML(hostRisk.Value.ToString()) + '\t');
}
else if (Program.state.panelOutputSelect_isOutputOpenPort)
{
bool isOutput = false;
foreach (DataEntry tempEntry in openPort.Values)
{
if (tempEntry.getIp() == entry.Key)
{
sb.Append(tempEntry.getDescription().Split(',').Length.ToString() + '\t');
isOutput = true;
break;
}
}
if (!isOutput)
{
sb.Append("0\t");
}
}
}
}
}
}
sb.Append("</DIV>" + "\n");
#endregion
#region // print HIGH/MEDIUM/LOW/NONE Findings
// High Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>High Risk Findings</H4>" + "\n");
foreach (DataEntry entry in highRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.HIGH));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Medium Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Medium Risk Findings</H4>" + "\n");
foreach (DataEntry entry in mediumRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.MEDIUM));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// Low Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Low Risk Findings</H4>" + "\n");
foreach (DataEntry entry in lowRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.LOW));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
// None Risks
sb.Append("<DIV>" + "\n");
sb.Append("<H4>None Risk Findings</H4>" + "\n");
foreach (DataEntry entry in noneRisk)
{
sb.Append("<p>" + "\n");
sb.Append(getDataEntryHTML(entry, RiskFactor.NONE));
sb.Append("</p>" + "\n");
}
sb.Append("</DIV>" + "\n");
#endregion
#region // print Missing Hotfix Findings
if (Program.state.panelOutputSelect_isOutputHotfix)
{
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Missing Hotfix Findings</H4>" + "\n");
sb.Append("<p>" + "\n");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
sb.Append("<TR>\n");
sb.Append("<TD>Host</TD>\n");
sb.Append("<TD>Missing Hotfix(s)</TD>\n");
sb.Append("</TR>\n");
Dictionary <String, String> hotfixList = new Hotfix(record).getHotfixListGroupByHost();
foreach (KeyValuePair <String, String> finding in hotfixList)
{
sb.Append("<TR>\n");
// ip address for the open port findings
sb.Append("<TD>");
//MessageBox.Show(finding.Key);
sb.Append(finding.Key);
sb.Append("</TD>\n");
// open ports
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(finding.Value).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
}
sb.Append(HTML_TABLE_END);
sb.Append("</p>" + "\n");
sb.Append("</DIV>" + "\n");
}
#endregion
#region // print Open Port Findings
// Open Ports
if (Program.state.panelOutputSelect_isOutputOpenPort)
{
sb.Append("<DIV>" + "\n");
sb.Append("<H4>Open Ports Findings</H4>" + "\n");
sb.Append("<p>" + "\n");
sb.Append(HTML_TABLE_START);
sb.Append("\n");
sb.Append("<TR>\n");
sb.Append("<TD>Host</TD>\n");
sb.Append("<TD>Open Port(s)</TD>\n");
sb.Append("</TR>\n");
foreach (KeyValuePair <int, DataEntry> keyValuePair in openPort)
{
DataEntry entry = keyValuePair.Value;
sb.Append("<TR>\n");
// ip address for the open port findings
sb.Append("<TD>");
sb.Append(entry.getIp());
sb.Append("</TD>\n");
// open ports
sb.Append("<TD>");
sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>"));
sb.Append("</TD>\n");
sb.Append("</TR>\n");
}
sb.Append(HTML_TABLE_END);
sb.Append("</p>" + "\n");
sb.Append("</DIV>" + "\n");
}
#endregion
return(sb.ToString());
}
/// <summary>
/// This is the FormEditFinding method.
/// It is used to hide the current Form and display the Form
/// FormEditFindingString for user to edit.
/// </summary>
/// <param name="indexArray">list of indexes that selected from the dataGridView on the previous form</param>
/// <param name="dataArray">data to fill the dataGridView on this form (actually the next form)</param>
/// <param name="columnIndex">determine which column needs to display on next form</param>
public FormEditFinding(List <int> indexArray, List <DataEntry> dataArray, int columnIndex)
{
this.indexArray = indexArray;
this.columnIndex = columnIndex;
InitializeComponent();
//buttonApplyToAll.Show();
#region // actually useless on filling values on this form's dataGridViews
foreach (DataEntry entry in dataArray)
{
int n = dataGridViewOld.Rows.Add();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINNAME].Value = entry.getPluginName();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IPLIST].Value = entry.getIp();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.DESCRIPTION].Value = entry.getDescription();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.IMPACT].Value = entry.getImpact();
if (entry.getRiskFactor() == RiskFactor.OPEN)
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = "OpenPort";
}
else
{
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RISKFACTOR].Value = RiskFactorFunction.getEnumString(entry.getRiskFactor());
}
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.RECOMMENDATION].Value = entry.getRecommendation();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.CVE].Value = entry.getCve();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.BID].Value = entry.getBid();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.OSVDB].Value = entry.getOsvdb();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.REFERENCELINK].Value = entry.getReferenceLink();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.ENTRYTYPE].Value = entry.getEntryTypeString();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINVERSION].Value = entry.getpluginversion();
dataGridViewOld.Rows[n].Cells[(int)ColumnIndex.PLUGINID].Value = entry.getpluginID();
}
int no = dataGridViewNew.Rows.Add();
for (int i = 0; i < (int)ColumnIndex.MAX; i++)
{
dataGridViewNew.Rows[no].Cells[i].Value = dataGridViewOld.Rows[0].Cells[i].Value;
}
#endregion
}