public LocalDataSource(AuditTarget target, AuditEnvironment host_env, Dictionary <string, object> datasource_options)
{
if (!datasource_options.ContainsKey("DirectoryPath"))
{
throw new ArgumentException("The datasource options does not contain the DirectoryPath");
}
this.DataSourceOptions = datasource_options;
this.Target = target;
this.HostEnvironment = host_env;
string dir_path = (string)this.DataSourceOptions["DirectoryPath"];
try
{
DirectoryInfo dir = new DirectoryInfo(dir_path);
if (!dir.Exists)
{
HostEnvironment.Error("The directory {0} does not exist.", dir.FullName);
this.Initialised = false;
return;
}
else
{
Directory = dir;
}
}
catch (Exception e)
{
this.HostEnvironment.Error(e, "An error occurred attempting to access the directory {0}.", dir_path);
this.Initialised = false;
return;
}
}
public HttpDataSource(AuditTarget target, Dictionary <string, object> datasource_options)
{
this.DataSourceOptions = datasource_options;
this.HostEnvironment = target.HostEnvironment;
this.AuditEnvironment = target.AuditEnvironment;
this.Target = target;
if (this.DataSourceOptions.ContainsKey("HttpsProxy"))
{
HttpsProxy = (Uri)this.Target.AuditOptions["HttpsProxy"];
}
if (this.DataSourceOptions.Keys.Contains("NoCache"))
{
NoCache = true;
}
else
{
DeleteCache = false;
}
if (this.DataSourceOptions.Keys.Contains("DeleteCache"))
{
DeleteCache = true;
}
else
{
DeleteCache = false;
}
}
public override bool IsEligibleForTarget(AuditTarget target)
{
if (target is ApplicationServer)
{
ApplicationServer server = target as ApplicationServer;
string[] eligible_servers = { "ossi" };
return(eligible_servers.Contains(server.PackageManagerId));
}
else if (target is Application)
{
if (target is NetFx4Application || target is Drupal7Application || target is Drupal8Application)
{
return(true);
}
else
{
return(false);
}
}
else if (target is PackageSource)
{
PackageSource source = target as PackageSource;
// string[] eligible_sources = {"nuget", "bower", "composer", "choco", "msi", "yarn", "oneget" };
// return eligible_sources.Contains(source.PackageManagerId);
return(false);
}
else
{
return(false);
}
}
public VulnersDataSource(AuditTarget target, Dictionary <string, object> options) : base(target, options)
{
this.ApiUrl = new Uri("https://vulners.com");
if (this.DataSourceOptions.ContainsKey("OSName"))
{
this.OSName = (string)this.DataSourceOptions["OSName"];
}
else if (!string.IsNullOrEmpty(this.AuditEnvironment.GetOSName()))
{
this.OSName = this.AuditEnvironment.OSName;
}
else
{
this.HostEnvironment.Error("The audit environment OS name could not be determined. Data source cannot be initialised.");
return;
}
if (this.DataSourceOptions.ContainsKey("OSVersion"))
{
this.OSVersion = (string)this.DataSourceOptions["OSVersion"];
}
else if (!string.IsNullOrEmpty(this.AuditEnvironment.GetOSVersion()))
{
this.OSVersion = this.AuditEnvironment.OSVersion;
}
else
{
this.HostEnvironment.Error("The audit environment OS version could not be determined. Data source cannot be initialised.");
return;
}
switch (this.OSName)
{
case "ubuntu":
case "debian":
PackageToSearchName = (p) =>
{
return(p.Name + " " + p.Version + " " + p.Architecture);
};
break;
case "centos":
case "oraclelinux":
case "rhel":
PackageToSearchName = (p) =>
{
return(p.Name + "-" + p.Version + "." + p.Architecture);
};
break;
default:
throw new NotSupportedException("Unknown OS type.");
}
this.Info = new DataSourceInfo("Vulners", "https://vulners.com", "Vulners.com is the security database containing descriptions for large amount of software vulnerabilities in machine-readable format. Cross-references between bulletins and continuously updating of database keeps you abreast of the latest information security threats.");
this.Initialised = true;
}
} = 43200; // Seconds in 12 hours
#endregion
#region Constructors
public OSSIndexApiv3DataSource(AuditTarget target, Dictionary <string, object> options) : base(target, options)
{
this.ApiUrl = new Uri(HOST);
this.PackageSource = target as PackageSource;
this.Info = new DataSourceInfo("OSS Index", "https://ossindex.sonatype.org",
"OSS Index is a free index of software information, focusing on vulnerabilities. The data has been made available to the community through a REST API as well as several open source tools. Particular focus is being made on software packages, both those used for development libraries as well as installation packages.");
// Get an appropriate place for the cache and initialize it
OperatingSystem os = Environment.OSVersion;
PlatformID pid = os.Platform;
switch (pid)
{
case PlatformID.Win32NT:
case PlatformID.Win32S:
case PlatformID.Win32Windows:
case PlatformID.WinCE:
{
var directory = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
string path = Path.Combine(directory, "OSSIndex", "cache");
if (Directory.Exists(path) && DeleteCache)
{
this.HostEnvironment.Info("Deleting existing file cache at {0}.", path);
Directory.Delete(path, true);
}
else if (Directory.Exists(path))
{
this.HostEnvironment.Debug("Using existing file cache at {0}.", path);
}
else
{
this.HostEnvironment.Debug("Creating new file cache at {0}.", path);
}
cache = new FileCache(path, new ObjectBinder());
break;
}
case PlatformID.Unix:
case PlatformID.MacOSX:
{
string home = Environment.GetEnvironmentVariable("HOME");
string path = Path.Combine(home, ".ossindex", "cache");
cache = new FileCache(path, new ObjectBinder());
break;
}
default:
cache = new FileCache(new ObjectBinder());
break;
}
this.Initialised = true;
}
public HttpDataSource(AuditTarget target, Dictionary <string, object> datasource_options)
{
this.DataSourceOptions = datasource_options;
this.HostEnvironment = target.HostEnvironment;
this.AuditEnvironment = target.AuditEnvironment;
this.Target = target;
if (this.Target.AuditOptions.ContainsKey("HttpsProxy"))
{
this.DataSourceOptions.Add("HttpsProxy", (Uri)this.Target.AuditOptions["HttpsProxy"]);
HttpsProxy = (Uri)this.Target.AuditOptions["HttpsProxy"];
}
}
public override bool IsEligibleForTarget(AuditTarget target)
{
if (target is PackageSource)
{
PackageSource source = target as PackageSource;
string[] eligible_sources = { "dpkg", "rpm", "yum" };
return(eligible_sources.Contains(source.PackageManagerId));
}
else
{
return(false);
}
}
public override bool IsEligibleForTarget(AuditTarget target)
{
if (target is PackageSource)
{
PackageSource source = target as PackageSource;
string[] eligible_sources = { "nuget", "bower", "composer", "chocolatey", "yarn", "oneget" };
return(eligible_sources.Contains(source.PackageManagerId));
}
else
{
return(false);
}
}
public abstract bool IsEligibleForTarget(AuditTarget target);
public OSSIndexDataSource(AuditTarget target, Dictionary <string, object> options) : base(target, options)
{
this.PackageSource = target as PackageSource;
this.Initialised = true;
this.Info = new DataSourceInfo("OSS Index", "https://ossindex.net", "OSS Index is a free index of software information, focusing on vulnerabilities. The data has been made available to the community through a REST API as well as several open source tools (with more in development!). Particular focus is being made on software packages, both those used for development libraries as well as installation packages.");
}
public override bool IsEligibleForTarget(AuditTarget target)
{
throw new NotImplementedException();
}
public LibrariesdotIODataSource(AuditTarget target, Dictionary <string, object> datasource_options) : base(target, datasource_options)
{
}
public AlEnvironment(AuditTarget at)
{
this.AuditTarget = at;
this.AuditEnvironment = this.AuditTarget.AuditEnvironment;
}
