Exemplo n.º 1
0
        public bool DetectServerDataDirectory()
        {
            bool set_data_from_process_cmdline = false;
            bool set_data_from_env             = false;
            bool set_data_from_config          = false;

            if (this.AuditEnvironment.IsUnix)
            {
                List <ProcessInfo> processes = this.AuditEnvironment.GetAllRunningProcesses();
                if (processes != null && processes.Any(p => p.CommandLine.Contains("postgres") && p.CommandLine.Contains("-D")))
                {
                    ProcessInfo process = processes.Where(p => p.CommandLine.Contains("postgres") && p.CommandLine.Contains("-D")).First();
                    Match       m       = Regex.Match(process.CommandLine, @"-D\s+(\S+)\s+");
                    if (m.Success)
                    {
                        string             d  = m.Groups[1].Value;
                        AuditDirectoryInfo df = this.AuditEnvironment.ConstructDirectory(d);
                        if (df.Exists)
                        {
                            this.AuditEnvironment.Success("Auto-detected {0} server data directory at {1}.", this.ApplicationLabel, df.FullName);
                            this.ServerDataDirectory = df;
                            this.ApplicationFileSystemMap.Add("Data", df);
                            set_data_from_process_cmdline = true;
                        }
                    }
                }
                if (!set_data_from_process_cmdline)
                {
                    Dictionary <string, string> env = this.AuditEnvironment.GetEnvironmentVars();
                    if (env != null)
                    {
                        if (env.ContainsKey("PGDATA"))
                        {
                            if (!set_data_from_process_cmdline)
                            {
                                this.ServerDataDirectory = this.AuditEnvironment.ConstructDirectory(env["PGDATA"]);
                                this.AuditEnvironment.Success("Auto-detected {0} server data directory at {1}.", this.ApplicationLabel, this.ServerDataDirectory.FullName);
                                set_data_from_env = true;
                            }
                        }
                    }
                }
                if (!(set_data_from_process_cmdline || set_data_from_env))
                {
                    this.ServerDataDirectory = this.ConfigurationFile.Directory as AuditDirectoryInfo;
                    this.ApplicationFileSystemMap["Data"] = this.ServerDataDirectory;
                    set_data_from_config = true;
                }
                return(set_data_from_process_cmdline || set_data_from_env || set_data_from_config);
            }
            else
            {
                return(false);
            }
        }
Exemplo n.º 2
0
        public bool DetectServerDataDirectory()
        {
            bool set_data_from_process_cmdline = false;
            bool set_data_from_config          = false;

            if (this.AuditEnvironment.IsUnix)
            {
                List <ProcessInfo> processes = this.AuditEnvironment.GetAllRunningProcesses();
                if (processes != null && processes.Any(p => p.CommandLine.Contains("mysqld") && p.CommandLine.Contains("--datadir")))
                {
                    ProcessInfo process = processes.Where(p => p.CommandLine.Contains("mysqld") && p.CommandLine.Contains("--datadir")).First();
                    Match       m       = Regex.Match(process.CommandLine, @"--datadir=(\S+)\s+");
                    if (m.Success)
                    {
                        string             d  = m.Groups[1].Value;
                        AuditDirectoryInfo df = this.AuditEnvironment.ConstructDirectory(d);
                        if (df.Exists)
                        {
                            this.AuditEnvironment.Success("Auto-detected {0} server data directory at {1}.", this.ApplicationLabel, df.FullName);
                            this.ServerDataDirectory = df;
                            this.ApplicationFileSystemMap.Add("Data", df);
                            set_data_from_process_cmdline = true;
                        }
                    }
                }
                if (!set_data_from_process_cmdline)
                {
                    string t  = this.ConfigurationFile.ReadAsText();
                    Match  m3 = Regex.Match(t, @"[^#]?datadir\s?=\s?(\S+)");
                    if (m3.Success)
                    {
                        AuditDirectoryInfo df = this.AuditEnvironment.ConstructDirectory(m3.Groups[1].Value);
                        if (df.Exists)
                        {
                            this.AuditEnvironment.Success("Auto-detected {0} server data directory at {1}.", this.ApplicationLabel, df.FullName);
                            this.ServerDataDirectory = df;
                            this.ApplicationFileSystemMap.Add("Data", df);
                            set_data_from_config = true;
                        }
                    }
                }
                return(set_data_from_process_cmdline || set_data_from_config);
            }
            else
            {
                return(false);
            }
        }
Exemplo n.º 3
0
        public PackageSource(Dictionary <string, object> package_source_options, EventHandler <EnvironmentEventArgs> message_handler) : base(package_source_options, message_handler)
        {
            this.PackageSourceOptions = this.AuditOptions;
            if (this.PackageSourceOptions.ContainsKey("File"))
            {
                this.PackageManagerConfigurationFile = (string)this.PackageSourceOptions["File"];
                if (!this.AuditEnvironment.FileExists(this.PackageManagerConfigurationFile))
                {
                    throw new ArgumentException("Could not find the file " + this.PackageManagerConfigurationFile + ".", "package_source_options");
                }
            }
            else if (!this.PackageSourceOptions.ContainsKey("File") && this.DefaultPackageManagerConfigurationFile != string.Empty)
            {
                if (this.AuditEnvironment.FileExists(this.DefaultPackageManagerConfigurationFile))
                {
                    this.AuditEnvironment.Info("Using default {0} package manager configuration file {1}", this.PackageManagerLabel, this.DefaultPackageManagerConfigurationFile);
                    this.PackageManagerConfigurationFile = this.DefaultPackageManagerConfigurationFile;
                }
                else
                {
                    throw new ArgumentException(string.Format("No file option was specified and the default {0} package manager configuration file {1} was not found.", this.PackageManagerLabel, this.DefaultPackageManagerConfigurationFile));
                }
            }

            if (!string.IsNullOrEmpty(this.PackageManagerConfigurationFile))
            {
                AuditFileInfo      cf = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
                AuditDirectoryInfo d  = this.AuditEnvironment.ConstructDirectory(cf.DirectoryName);
                IFileInfo[]        pf;
                if ((pf = d.GetFiles("devaudit.yml")) != null)
                {
                    this.AuditProfile = new AuditProfile(this.AuditEnvironment, this.AuditEnvironment.ConstructFile(pf.First().FullName));
                }
            }

            if (this.PackageSourceOptions.ContainsKey("ListPackages"))
            {
                this.ListPackages = true;
            }

            if (this.PackageSourceOptions.ContainsKey("ListArtifacts"))
            {
                this.ListArtifacts = true;
            }

            if (this.PackageSourceOptions.ContainsKey("SkipPackagesAudit"))
            {
                this.SkipPackagesAudit = true;
            }

            if (this.PackageSourceOptions.ContainsKey("WithPackageInfo"))
            {
                this.WithPackageInfo = true;
            }

            if (this.PackageSourceOptions.ContainsKey("HttpsProxy"))
            {
                if (this.AuditOptions.ContainsKey("HttpsProxy"))
                {
                    DataSourceOptions.Add("HttpsProxy", (Uri)this.PackageSourceOptions["HttpsProxy"]);
                }
            }

            string[] ossi_pms = { "bower", "composer", "choco", "msi", "nuget", "oneget", "yarn" };
            if (this.DataSources.Count == 0 && ossi_pms.Contains(this.PackageManagerId))
            {
                this.HostEnvironment.Info("Using OSS Index as default package vulnerabilities data source for {0} package source.", this.PackageManagerLabel);
                this.DataSources.Add(new OSSIndexDataSource(this, this.DataSourceOptions));
            }
        }
Exemplo n.º 4
0
        public PackageSource(Dictionary <string, object> package_source_options, EventHandler <EnvironmentEventArgs> message_handler) : base(package_source_options, message_handler)
        {
            this.PackageSourceOptions = this.AuditOptions;
            if (this.PackageSourceOptions.ContainsKey("File"))
            {
                this.PackageManagerConfigurationFile = (string)this.PackageSourceOptions["File"];
                if (!this.AuditEnvironment.FileExists(this.PackageManagerConfigurationFile))
                {
                    throw new ArgumentException("Could not find the file " + this.PackageManagerConfigurationFile + ".", "package_source_options");
                }
            }
            else
            {
                this.PackageManagerConfigurationFile = "";
            }

            if (!string.IsNullOrEmpty(this.PackageManagerConfigurationFile))
            {
                AuditFileInfo      cf = this.AuditEnvironment.ConstructFile(this.PackageManagerConfigurationFile);
                AuditDirectoryInfo d  = this.AuditEnvironment.ConstructDirectory(cf.DirectoryName);
                IFileInfo[]        pf;
                if ((pf = d.GetFiles("devaudit.yaml")) != null)
                {
                    this.AuditProfile = new AuditProfile(this.AuditEnvironment, this.AuditEnvironment.ConstructFile(pf.First().FullName));
                }
            }

            if (this.PackageSourceOptions.ContainsKey("ListPackages"))
            {
                this.ListPackages = true;
            }

            if (this.PackageSourceOptions.ContainsKey("WithPackageInfo"))
            {
                this.WithPackageInfo = true;
            }

            if (this.PackageSourceOptions.ContainsKey("ListArtifacts"))
            {
                this.ListArtifacts = true;
            }

            if (this.PackageSourceOptions.ContainsKey("SkipPackagesAudit"))
            {
                this.SkipPackagesAudit = true;
            }
            if (this.PackageSourceOptions.ContainsKey("HttpsProxy"))
            {
                this.HttpClient.HttpsProxy = (Uri)this.PackageSourceOptions["HttpsProxy"];
            }
            #region Cache option
            if (this.PackageSourceOptions.ContainsKey("Cache") && (bool)this.PackageSourceOptions["Cache"] == true)
            {
                this.ProjectVulnerabilitiesCacheEnabled = true;
                if (this.PackageSourceOptions.ContainsKey("CacheFile") && !string.IsNullOrEmpty((string)this.PackageSourceOptions["CacheFile"]))
                {
                    this.ProjectVulnerabilitiesCacheFile = (string)this.PackageSourceOptions["CacheFile"];
                }
                else
                {
                    this.ProjectVulnerabilitiesCacheFile = AppDomain.CurrentDomain.BaseDirectory + "DevAudit-net.cache";
                }
                if (this.PackageSourceOptions.ContainsKey("CacheTTL") && !string.IsNullOrEmpty((string)this.PackageSourceOptions["CacheTTL"]))

                {
                    int cache_ttl;
                    if (Int32.TryParse((string)this.PackageSourceOptions["CacheTTL"], out cache_ttl))
                    {
                        if (cache_ttl > 60 * 24 * 30)
                        {
                            throw new ArgumentOutOfRangeException("The value for the cache ttl is too large: " + this.PackageSourceOptions["CacheTTL"] + ".");
                        }
                        this.ProjectVulnerabilitiesCacheTTL = TimeSpan.FromMinutes(cache_ttl);
                    }
                    else
                    {
                        throw new ArgumentOutOfRangeException("The value for the cache ttl is not an integer: " + (string)this.PackageSourceOptions["CacheTTL"] + ".");
                    }
                }
                else
                {
                    this.ProjectVulnerabilitiesCacheTTL = TimeSpan.FromMinutes(180);
                }
                if (this.PackageSourceOptions.ContainsKey("CacheDump"))
                {
                    this.ProjectVulnerabilitiesCacheDump = true;
                }
                else
                {
                    this.ProjectVulnerabilitiesCacheDump = false;
                }
                this.ProjectVulnerabilitiesCacheInitialiseTask =
                    Task <BPlusTree <string, Tuple <OSSIndexProject, IEnumerable <OSSIndexProjectVulnerability> > > > .Run(() =>
                {
                    return(this.InitialiseProjectVulnerabilitiesCache(this.ProjectVulnerabilitiesCacheFile));    //Assembly.GetExecutingAssembly().Location + "win-audit.cache");
                });
            }
            else
            {
                this.ProjectVulnerabilitiesCacheEnabled = false;
            }
            #endregion
        }