public static List<string> GetFileInfo(IEnumerable<string> lFileHash, Bit9ReturnValues lBit9ReturnValues) { var lBit9Info = new List<string>(); var oBit9Return = new object[69]; var sAcekDecode = Object_Fido_Configs.GetAsString("fido.detectors.bit9.acek", null); sAcekDecode = Aes_Crypto.DecryptStringAES(sAcekDecode, "1"); var sUserID = Aes_Crypto.DecryptStringAES(Object_Fido_Configs.GetAsString("fido.detectors.bit9.userid", null), sAcekDecode); var sPwd = Aes_Crypto.DecryptStringAES(Object_Fido_Configs.GetAsString("fido.detectors.bit9.pwd", null), sAcekDecode); var sBit9Server = Object_Fido_Configs.GetAsString("fido.detectors.bit9.server", null); var sDb = Object_Fido_Configs.GetAsString("fido.detectors.bit9.db", null); try { //todo: take connection string and encrypt to put in XML config var vConnection = new SqlConnection("user id=" + sUserID + ";password="******";Server=" + sBit9Server + ",1433;Integrated Security=sspi;Database=" + sDb + ";connection timeout=60"); if (lFileHash != null) { //todo: SQL injection. Store query in database and fill variables when retrieving foreach (var CMD in lFileHash.Select(sFileHash => "SELECT * FROM [das].[dbo].[Fido_FileInstanceInfo] WHERE MD5 = '" + sFileHash + "'").Select(sQuery => new SqlCommand(sQuery, vConnection))) { CMD.CommandType = CommandType.Text; vConnection.Open(); using (var objReader = CMD.ExecuteReader()) { if (objReader.HasRows) { while (objReader.Read()) { var quant = objReader.GetSqlValues(oBit9Return); if (!oBit9Return.Any()) continue; lBit9Info.AddRange(oBit9Return.Select(item => item.ToString())); } } } vConnection.Close(); } } else if (lBit9ReturnValues != null) { //todo: SQL injection. Store query in database and fill values when retrieving var sQuery = "SELECT * FROM [das].[dbo].[Fido_FileInstanceInfo] WHERE FILE_NAME = '" + lBit9ReturnValues.FileName.ToLower() + "' AND Path_Name = '" + lBit9ReturnValues.FilePath.ToLower() + "' AND Computer_Name = '" + lBit9ReturnValues.HostName + "'"; var CMD = new SqlCommand(sQuery, vConnection) {CommandType = CommandType.Text}; vConnection.Open(); using (var objReader = CMD.ExecuteReader()) { if (objReader.HasRows) { while (objReader.Read()) { var quant = objReader.GetSqlValues(oBit9Return); if (!oBit9Return.Any()) continue; lBit9Info.AddRange(oBit9Return.Select(item => item.ToString())); } } } vConnection.Close(); } //if no count then no hash information exists if (lBit9Info.Count != 0) { } } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught retrieving file information from Bit9:" + e); } return lBit9Info; }
private static void AntiVirusToBit9(FidoReturnValues lFidoReturnValues) { var lBit9ReturnValues = new Bit9ReturnValues(); var sFileInfo = lFidoReturnValues.Antivirus.FilePath.Split('\\'); if ((sFileInfo != null) && (sFileInfo.Length != 0)) { Console.WriteLine(@"Antivirus detector found! Cross-referencing with Bit9."); lBit9ReturnValues.FileName = sFileInfo[sFileInfo.Length - 1]; lFidoReturnValues.Antivirus.FileName = lBit9ReturnValues.FileName; for (var i = 0; i < sFileInfo.Length - 1; i++) { if (i == sFileInfo.Length - 2) { lBit9ReturnValues.FilePath += sFileInfo[i]; } else { if (!sFileInfo[i].Contains("'")) { lBit9ReturnValues.FilePath += sFileInfo[i] + "\\"; } else { break; } } } lBit9ReturnValues.HostName = lFidoReturnValues.Hostname; var lBit9Info = Detect_Bit9.GetFileInfo(null, lBit9ReturnValues); } }