private void ParseNessusWithXmlReader(string systemName, string fileName)
{
try
{
using (SQLiteTransaction sqliteTransaction = FindingsDatabaseActions.sqliteConnection.BeginTransaction())
{
CreateAddFileNameCommand(fileName);
CreateAddGroupNameCommand(systemName);
CreateAddSourceCommand();
XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings();
using (XmlReader xmlReader = XmlReader.Create(fileName, xmlReaderSettings))
{
WorkingSystem workingSystem = new WorkingSystem();
while (xmlReader.Read())
{
if (xmlReader.IsStartElement() && xmlReader.Name == "HostProperties")
{
workingSystem = new WorkingSystem();
workingSystem = ParseHostInformation(xmlReader, workingSystem);
CreateAddAssetCommand(workingSystem, systemName);
}
else if (xmlReader.IsStartElement() && xmlReader.Name == "ReportItem")
{
using (SQLiteCommand sqliteCommand = FindingsDatabaseActions.sqliteConnection.CreateCommand())
{
ParseVulnerabilityInformation(xmlReader, sqliteCommand, workingSystem);
if (sqliteCommand.Parameters["VulnId"].Value.Equals("19506") ||
sqliteCommand.Parameters["VulnId"].Value.Equals("21745") ||
sqliteCommand.Parameters["VulnId"].Value.Equals("26917"))
{
SetCredentialedStatusFallback(sqliteCommand);
}
sqliteCommand.Parameters.Add(new SQLiteParameter("FileName", Path.GetFileName(fileName)));
sqliteCommand.Parameters.Add(new SQLiteParameter("GroupName", systemName));
sqliteCommand.CommandText = SetInitialSqliteCommandText("Vulnerability");
sqliteCommand.CommandText = InsertParametersIntoSqliteCommandText(sqliteCommand, "Vulnerability");
sqliteCommand.ExecuteNonQuery();
sqliteCommand.CommandText = SetInitialSqliteCommandText("UniqueFinding");
sqliteCommand.CommandText = InsertParametersIntoSqliteCommandText(sqliteCommand, "UniqueFinding");
sqliteCommand.ExecuteNonQuery();
}
}
}
}
sqliteTransaction.Commit();
}
}
catch (Exception exception)
{
log.Error("Unable to parse the nessus file utilizing the XML reader.");
throw exception;
}
}
private void CreateAddAssetCommand(WorkingSystem workingSystem, string systemName)
{
try
{
using (SQLiteCommand sqliteCommand = FindingsDatabaseActions.sqliteConnection.CreateCommand())
{
sqliteCommand.Parameters.Add(new SQLiteParameter("IpAddress", workingSystem.IpAddress));
sqliteCommand.Parameters.Add(new SQLiteParameter("IsCredentialed", workingSystem.CredentialedScan));
if (!string.IsNullOrWhiteSpace(workingSystem.HostName))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("HostName", workingSystem.HostName));
}
else if (!string.IsNullOrWhiteSpace(workingSystem.NetBiosName))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("HostName", workingSystem.NetBiosName));
}
else
{
sqliteCommand.Parameters.Add(new SQLiteParameter("HostName", "Host Name Not Provided"));
}
if (UserPrefersHostName && !string.IsNullOrWhiteSpace(workingSystem.HostName))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", workingSystem.HostName));
}
else if (UserPrefersHostName && !string.IsNullOrWhiteSpace(workingSystem.NetBiosName))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", workingSystem.NetBiosName));
}
else
{
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", workingSystem.IpAddress));
}
if (!string.IsNullOrWhiteSpace(workingSystem.OperatingSystem))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("OperatingSystem", workingSystem.OperatingSystem));
}
sqliteCommand.CommandText = "INSERT INTO Assets (, GroupIndex) VALUES (, " +
"(SELECT GroupIndex FROM Groups WHERE GroupName = @GroupName));";
for (int i = 0; i < sqliteCommand.Parameters.Count; i++)
{
if (sqliteCommand.Parameters[i].ParameterName.Equals("GroupName"))
{
continue;
}
if (i == 0)
{
sqliteCommand.CommandText = sqliteCommand.CommandText.Insert(42, "@" + sqliteCommand.Parameters[i].ParameterName);
}
else
{
sqliteCommand.CommandText = sqliteCommand.CommandText.Insert(42, "@" + sqliteCommand.Parameters[i].ParameterName + ", ");
}
}
for (int i = 0; i < sqliteCommand.Parameters.Count; i++)
{
if (sqliteCommand.Parameters[i].ParameterName.Equals("GroupName"))
{
continue;
}
if (i == 0)
{
sqliteCommand.CommandText = sqliteCommand.CommandText.Insert(20, sqliteCommand.Parameters[i].ParameterName);
}
else
{
sqliteCommand.CommandText = sqliteCommand.CommandText.Insert(20, sqliteCommand.Parameters[i].ParameterName + ", ");
}
}
sqliteCommand.Parameters.Add(new SQLiteParameter("GroupName", systemName));
sqliteCommand.ExecuteNonQuery();
}
}
catch (Exception exception)
{
log.Error("Unable to insert asset into Assets.");
throw exception;
}
}
private SQLiteCommand ParseVulnerabilityInformation(XmlReader xmlReader, SQLiteCommand sqliteCommand, WorkingSystem workingSystem)
{
try
{
sqliteCommand.Parameters.Add(new SQLiteParameter("VulnId", xmlReader.GetAttribute("pluginID")));
sqliteCommand.Parameters.Add(new SQLiteParameter("RuleId", xmlReader.GetAttribute("pluginID")));
sqliteCommand.Parameters.Add(new SQLiteParameter("VulnTitle", xmlReader.GetAttribute("pluginName")));
sqliteCommand.Parameters.Add(new SQLiteParameter("LastObserved", workingSystem.StartTime.ToLongDateString()));
sqliteCommand.Parameters.Add(new SQLiteParameter("Status", "Ongoing"));
sqliteCommand.Parameters.Add(new SQLiteParameter("FindingType", "ACAS"));
if (UserPrefersHostName && !string.IsNullOrWhiteSpace(workingSystem.HostName))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", workingSystem.HostName));
}
else if (UserPrefersHostName && !string.IsNullOrWhiteSpace(workingSystem.NetBiosName))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", workingSystem.NetBiosName));
}
else
{
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", workingSystem.IpAddress));
}
while (xmlReader.Read())
{
if (xmlReader.IsStartElement())
{
switch (xmlReader.Name)
{
case "description":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("Description", xmlReader.Value));
break;
}
case "plugin_publication_date":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("PluginPublishedDate",
DateTime.Parse(xmlReader.Value).ToLongDateString()));
sqliteCommand.Parameters.Add(new SQLiteParameter("Age",
(DateTime.Now - DateTime.Parse(xmlReader.Value)).Days.ToString()));
break;
}
case "plugin_modification_date":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("PluginModifiedDate",
DateTime.Parse(xmlReader.Value).ToLongDateString()));
break;
}
case "patch_publication_date":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("PatchPublishedDate",
DateTime.Parse(xmlReader.Value).ToLongDateString()));
break;
}
case "risk_factor":
{
xmlReader.Read();
if (xmlReader.Value.Equals("None"))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("Impact", "Informational"));
}
else
{
sqliteCommand.Parameters.Add(new SQLiteParameter("Impact", xmlReader.Value));
}
break;
}
case "solution":
{
xmlReader.Read();
if (xmlReader.Value.Equals("n/a"))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("FixText",
"Informational finding - no solution provided."));
}
else
{
sqliteCommand.Parameters.Add(new SQLiteParameter("FixText", xmlReader.Value));
}
break;
}
case "synopsis":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("RiskStatement", xmlReader.Value));
break;
}
case "plugin_output":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("PluginOutput", xmlReader.Value));
break;
}
case "stig_severity":
{
xmlReader.Read();
sqliteCommand.Parameters.Add(new SQLiteParameter("RawRisk", xmlReader.Value));
break;
}
case "xref":
{
xmlReader.Read();
if (!sqliteCommand.Parameters.Contains("CrossReferences"))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("CrossReferences", xmlReader.Value));
}
else
{
sqliteCommand.Parameters["CrossReferences"].Value =
sqliteCommand.Parameters["CrossReferences"].Value + Environment.NewLine + xmlReader.Value;
}
if (xmlReader.Value.Contains("IAV"))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("IavmNumber", xmlReader.Value));
}
break;
}
case "cve":
{
xmlReader.Read();
if (!sqliteCommand.Parameters.Contains("CrossReferences"))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("CrossReferences", xmlReader.Value));
}
else
{
sqliteCommand.Parameters["CrossReferences"].Value =
sqliteCommand.Parameters["CrossReferences"].Value + Environment.NewLine + xmlReader.Value;
}
break;
}
case "cpe":
{
xmlReader.Read();
if (!sqliteCommand.Parameters.Contains("CPEs"))
{
sqliteCommand.Parameters.Add(new SQLiteParameter("CPEs", xmlReader.Value));
}
else
{
sqliteCommand.Parameters["CPEs"].Value =
sqliteCommand.Parameters["CPEs"].Value + Environment.NewLine + xmlReader.Value;
}
break;
}
default:
{ break; }
}
}
else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name == "ReportItem")
{
break;
}
}
return(sqliteCommand);
}
catch (Exception exception)
{
log.Error("Unable to parse vulnerability information.");
throw exception;
}
}
private WorkingSystem ParseHostInformation(XmlReader xmlReader, WorkingSystem workingSystem)
{
try
{
while (xmlReader.Read())
{
if (xmlReader.IsStartElement() && xmlReader.Name.Equals("tag"))
{
switch (xmlReader.GetAttribute("name"))
{
case "HOST_END":
{
xmlReader.Read();
DateTime scanEndTime;
if (DateTime.TryParseExact(xmlReader.Value.Replace(" ", " "), dateTimeFormat, System.Globalization.CultureInfo.InvariantCulture,
System.Globalization.DateTimeStyles.None, out scanEndTime))
{
workingSystem.SetEndTime(scanEndTime);
}
break;
}
case "Credentialed_Scan":
{
xmlReader.Read();
workingSystem.SetCredentialedScan(xmlReader.Value);
break;
}
case "host-fqdn":
{
xmlReader.Read();
workingSystem.SetHostName(xmlReader.Value);
break;
}
case "netbios-name":
{
xmlReader.Read();
workingSystem.SetNetBiosName(xmlReader.Value);
break;
}
case "operating-system":
{
xmlReader.Read();
workingSystem.SetOperatingSystem(xmlReader.Value);
break;
}
case "host-ip":
{
xmlReader.Read();
workingSystem.SetIpAddress(xmlReader.Value);
break;
}
case "HOST_START":
{
xmlReader.Read();
DateTime scanStartTime;
if (DateTime.TryParseExact(xmlReader.Value.Replace(" ", " "), dateTimeFormat, null, System.Globalization.DateTimeStyles.None, out scanStartTime))
{
workingSystem.SetStartTime(scanStartTime);
}
break;
}
default:
{ break; }
}
}
else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("HostProperties"))
{
break;
}
}
return(workingSystem);
}
catch (Exception exception)
{
log.Error("Unable to parse host information.");
throw exception;
}
}
