예제 #1
0
 private void AddVulnerability(OSSIndexQueryObject package, List <OSSIndexApiv2Vulnerability> vulnerabilities)
 {
     lock (vulnerabilities_lock)
     {
         this._Vulnerabilities.Add(package, vulnerabilities);
     }
 }
예제 #2
0
        protected override string GetVersion()
        {
            string    core_version = "8.x";
            Stopwatch sw           = new Stopwatch();

            sw.Start();
            AuditFileInfo changelog = this.ApplicationFileSystemMap["ChangeLog"] as AuditFileInfo;

            string[] c = changelog.ReadAsText()?.Split(this.AuditEnvironment.LineTerminator.ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
            if (c != null && c.Count() > 0)
            {
                foreach (string l in c)
                {
                    if (l.StartsWith("Drupal "))
                    {
                        core_version = l.Split(',')[0].Substring(7);
                        break;
                    }
                }
            }
            this.Version = core_version;
            sw.Stop();
            this.VersionInitialised = true;
            this.AuditEnvironment.Success("Got Drupal 8 version {0} in {1} ms.", this.Version, sw.ElapsedMilliseconds);
            OSSIndexQueryObject core = this.ModulePackages["core"].Where(p => p.Name == "drupal_core").First();

            core.Version = this.Version;
            return(this.Version);
        }
예제 #3
0
 AddPackageVulnerability(OSSIndexQueryObject package, IEnumerable <OSSIndexPackageVulnerability> vulnerability)
 {
     lock (package_vulnerabilities_lock)
     {
         this._VulnerabilitiesForPackage.Add(package, vulnerability);
         return(new KeyValuePair <OSSIndexQueryObject, IEnumerable <OSSIndexPackageVulnerability> >(package, vulnerability));
     }
 }
예제 #4
0
        protected override string GetVersion()
        {
            if (!this.ModulesInitialised)
            {
                throw new InvalidOperationException("Modules must be initialized before GetVersion is called.");
            }
            OSSIndexQueryObject core_module = this.ModulePackages["core"].Where(m => m.Name == "drupal_core").First();

            if (!string.IsNullOrEmpty(core_module.Version))
            {
                this.AuditEnvironment.Success("Got Drupal 7 version {0}.", core_module.Version);
                this.VersionInitialised = true;
                return(this.Version);
            }
            else
            {
                return(string.Empty);
            }
        }
예제 #5
0
 protected void BuildPackageSourceAuditReport()
 {
     int total_vulnerabilities = Source.Vulnerabilities.Sum(v => v.Value != null ? v.Value.Count(pv => pv.CurrentPackageVersionIsInRange) : 0);
     PrintMessageLine(ConsoleColor.White, "\nPackage Source Audit Results\n============================");
     PrintMessageLine(ConsoleColor.White, "{0} total vulnerabilit{2} found in {1} package source audit.\n", total_vulnerabilities, Source.PackageManagerLabel, total_vulnerabilities == 0 || total_vulnerabilities > 1 ? "ies" : "y");
     int packages_count = Source.Vulnerabilities.Count;
     int packages_processed = 0;
     foreach (var pv in Source.Vulnerabilities.OrderByDescending(sv => sv.Value.Count(v => v.CurrentPackageVersionIsInRange)))
     {
         OSSIndexQueryObject package = pv.Key;
         List<OSSIndexApiv2Vulnerability> package_vulnerabilities = pv.Value;
         PrintMessage(ConsoleColor.White, "[{0}/{1}] {2}", ++packages_processed, packages_count, package.Name);
         if (package_vulnerabilities.Count() == 0)
         {
             PrintMessage(" no known vulnerabilities.");
         }
         else if (package_vulnerabilities.Count(v => v.CurrentPackageVersionIsInRange) == 0)
         {
             PrintMessage(" {0} known vulnerabilit{1}, 0 affecting installed package version(s).", package_vulnerabilities.Count(), package_vulnerabilities.Count() > 1 ? "ies" : "y");
         }
         else
         {
             PrintMessage(ConsoleColor.Red, " [VULNERABLE] ");
             PrintMessage(" {0} known vulnerabilities, ", package_vulnerabilities.Count());
             PrintMessageLine(ConsoleColor.Magenta, " {0} affecting installed package version(s): [{1}]", package_vulnerabilities.Count(v => v.CurrentPackageVersionIsInRange), package_vulnerabilities.Where(v => v.CurrentPackageVersionIsInRange).Select(v => v.Package.Version).Distinct().Aggregate((s1, s2) => s1 + "," + s2));
             var matched_vulnerabilities = package_vulnerabilities.Where(v => v.CurrentPackageVersionIsInRange).ToList();
             int matched_vulnerabilities_count = matched_vulnerabilities.Count;
             int c = 0;
             matched_vulnerabilities.ForEach(v =>
             {
                 PrintMessage(ConsoleColor.White, "--[{0}/{1}] ", ++c, matched_vulnerabilities_count);
                 PrintMessageLine(ConsoleColor.Red, "{0} ", v.Title.Trim());
                 PrintMessageLine(ConsoleColor.White, "  --Description: {0}", v.Description.Trim());
                 PrintMessage(ConsoleColor.White, "  --Affected versions: ");
                 PrintMessageLine(ConsoleColor.Red, "{0}", string.Join(", ", v.Versions.ToArray()));
             });
         }
         PrintMessageLine("");
     }
 }
예제 #6
0
        public async Task <IEnumerable <OSSIndexArtifact> > SearchAsync(string package_manager, OSSIndexQueryObject package, Func <List <OSSIndexArtifact>, List <OSSIndexArtifact> > transform)
        {
            string api_version = "1.1";

            using (HttpClient client = CreateHttpClient())
            {
                HttpResponseMessage response = await client.GetAsync("v" + api_version + "/search/artifact/" +
                                                                     string.Format("{0}/{1}/{2}", package_manager, package.Name, package.Version, package.Vendor));

                if (response.IsSuccessStatusCode)
                {
                    string r = await response.Content.ReadAsStringAsync();

                    List <OSSIndexArtifact> artifacts = JsonConvert.DeserializeObject <List <OSSIndexArtifact> >(r);
                    if (artifacts.Count() == 0 || transform == null)
                    {
                        return(artifacts);
                    }
                    else
                    {
                        return(transform(artifacts));
                    }
                }
                else
                {
                    throw new OSSIndexHttpException(package_manager, response.StatusCode, response.ReasonPhrase, response.RequestMessage);
                }
            }
        }
예제 #7
0
        public async Task <IEnumerable <OSSIndexArtifact> > SearchAsync(string package_manager, OSSIndexQueryObject package, Func <List <OSSIndexArtifact>, List <OSSIndexArtifact> > transform)
        {
            string api_version = "1.1";

            using (HttpClient client = new HttpClient())
            {
                client.BaseAddress = new Uri(@HOST);
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                client.DefaultRequestHeaders.Add("user-agent", "DevAudit");
                HttpResponseMessage response = await client.GetAsync("v" + api_version + "/search/artifact/" +
                                                                     string.Format("{0}/{1}/{2}", package_manager, package.Name, package.Version, package.Vendor));

                if (response.IsSuccessStatusCode)
                {
                    string r = await response.Content.ReadAsStringAsync();

                    List <OSSIndexArtifact> artifacts = JsonConvert.DeserializeObject <List <OSSIndexArtifact> >(r);
                    if (artifacts.Count() == 0 || transform == null)
                    {
                        return(artifacts);
                    }
                    else
                    {
                        return(transform(artifacts));
                    }
                }
                else
                {
                    throw new OSSIndexHttpException(package_manager, response.StatusCode, response.ReasonPhrase, response.RequestMessage);
                }
            }
        }