/// <summary>
/// Copyright (C) 2014-2015 Jerome Athias
/// Unfinished tool to retrieve OVAL Definitions corresponding to a CPE an XORCISM database
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
static void Main(string[] args)
{
//TODO FIX MODELS
//Search the CPE fo OVALDEFINITIONs using the CPE list collected from CVE NVD
XORCISMEntities model = new XORCISMEntities();
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
XOVALEntities oval_model = new XOVALEntities();
oval_model.Configuration.AutoDetectChangesEnabled = false;
oval_model.Configuration.ValidateOnSaveEnabled = false;
XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities();
vuln_model.Configuration.AutoDetectChangesEnabled = false;
vuln_model.Configuration.ValidateOnSaveEnabled = false;
List <OVALDEFINITIONVULNERABILITY> ListOVALDefVulns = oval_model.OVALDEFINITIONVULNERABILITY.ToList();
foreach (OVALDEFINITIONVULNERABILITY oOVALDefVuln in ListOVALDefVulns)
{
Console.WriteLine("DEBUG ************************************************************");
Console.WriteLine("DEBUG " + oOVALDefVuln.OVALDEFINITION.OVALDefinitionIDPattern);
int iVulnerabilityID = (int)oOVALDefVuln.VulnerabilityID;
string sVULReferentialID = vuln_model.VULNERABILITY.FirstOrDefault(o => o.VulnerabilityID == oOVALDefVuln.VulnerabilityID).VULReferentialID;
//Console.WriteLine("DEBUG " + oOVALDefVuln.VULNERABILITY.VULReferentialID);
Console.WriteLine("DEBUG " + sVULReferentialID);
//List<VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == oOVALDefVuln.VULNERABILITY.VulnerabilityID).ToList();
List <VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == iVulnerabilityID).ToList();
foreach (VULNERABILITYFORCPE oVulnCPE in ListVulnCPEs)
{
//Console.WriteLine("DEBUG " + oVulnCPE.CPE.CPEName);
string sCPEName = model.CPE.FirstOrDefault(o => o.CPEID == oVulnCPE.CPEID).CPEName;
Console.WriteLine("DEBUG " + sCPEName);
}
}
model.Dispose();
}
/// <summary>
/// Copyright (C) 2014-2015 Jerome Athias
/// TEST/DEBUG ONLY tool to play with an XORCISM database (check the proper import and relationships creation between CVE and OVAL)
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
static void Main(string[] args)
{
XORCISMEntities model = new XORCISMEntities();
XOVALEntities oval_model = new XOVALEntities();
XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities();
string sCVEID = "CVE-2014-3802"; //HARDCODED
VULNERABILITY oVulnerability = null;
try
{
oVulnerability = vuln_model.VULNERABILITY.Where(o => o.VULReferentialID == sCVEID).FirstOrDefault();
}
catch (Exception ex)
{
}
if (oVulnerability != null)
{
//Check if we have an OVALDEFINITION for the VULNERABILITY
int iOVALDEFINITIONVULNERABILITYID = 0;
try
{
iOVALDEFINITIONVULNERABILITYID = oval_model.OVALDEFINITIONVULNERABILITY.Where(o => o.VulnerabilityID == oVulnerability.VulnerabilityID).Select(o => o.OVALDefinitionVulnerabilityID).FirstOrDefault();
}
catch (Exception ex)
{
}
if (iOVALDEFINITIONVULNERABILITYID > 0)
{
Console.WriteLine("DEBUG: We already have a definition");
}
else
{
//Search a Product in the Vulnerability's Definition
foreach (PRODUCT oProduct in model.PRODUCT)
{
if (oVulnerability.VULDescription.ToLower().Contains(oProduct.ProductName.ToLower()))
{
Console.WriteLine("DEBUG: Potential Product: " + oProduct.ProductName);
//Platform
//CPE
}
}
//Search a Filename in the Vulnerability's Definition
foreach (FILE oFile in model.FILE)
{
if (oVulnerability.VULDescription.ToLower().Contains(oFile.FileName.ToLower()))
{
Console.WriteLine("DEBUG: Potential File: " + oFile.FileName);
}
}
//regex .dll
}
}
else
{
Console.WriteLine("ERROR: Vulnerability not found");
}
}
