public string ReadWassp(Object.File file, string groupName) { try { if (file.FilePath.IsFileInUse()) { LogWriter.LogError($"'{file.FileName}' is in use; please close any open instances and try again."); return("Failed; File In Use"); } HTMLtoXML htmlReader = new HTMLtoXML(); wasspFile = htmlReader.Convert(file.FilePath); if (wasspFile.Equals("Failed; See Log")) { return(wasspFile); } ParseWasspWithXmlReader(wasspFile, file); return("Processed"); } catch (Exception exception) { string error = $"Unable to process WASSP file '{file.FileName}'."; LogWriter.LogErrorWithDebug(error, exception); return("Failed; See Log"); } finally { if (File.Exists(wasspFile)) { File.Delete(wasspFile); } } }
private void ParseWasspWithXmlReader(string wasspFile, Object.File file) { try { XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings(); if (DatabaseBuilder.sqliteConnection.State.ToString().Equals("Closed")) { DatabaseBuilder.sqliteConnection.Open(); } using (SQLiteTransaction sqliteTransaction = DatabaseBuilder.sqliteConnection.BeginTransaction()) { using (SQLiteCommand sqliteCommand = DatabaseBuilder.sqliteConnection.CreateCommand()) { databaseInterface.InsertParameterPlaceholders(sqliteCommand); sqliteCommand.Parameters["FindingType"].Value = "WASSP"; sqliteCommand.Parameters["GroupName"].Value = string.IsNullOrWhiteSpace(_groupName) ? "All" : _groupName; sqliteCommand.Parameters["SourceName"].Value = "Windows Automated Security Scanning Program (WASSP)"; sqliteCommand.Parameters["SourceVersion"].Value = string.Empty; sqliteCommand.Parameters["SourceRelease"].Value = string.Empty; databaseInterface.InsertParsedFileSource(sqliteCommand, file); using (XmlReader xmlReader = XmlReader.Create(wasspFile, xmlReaderSettings)) { while (xmlReader.Read()) { if (xmlReader.IsStartElement() && xmlReader.Name.Equals("table")) { while (xmlReader.Read()) { if (xmlReader.NodeType == XmlNodeType.Element) { switch (xmlReader.Name) { case "MachineInfo": { sqliteCommand.Parameters["DiscoveredHostName"].Value = ObtainItemValue(xmlReader).Trim(); sqliteCommand.Parameters["DisplayedHostName"].Value = sqliteCommand.Parameters["DiscoveredHostName"].Value; break; } case "TestInfo": { sqliteCommand.Parameters["UniqueVulnerabilityIdentifier"].Value = ObtainItemValue(xmlReader); break; } case "DateInfo": { string dateTime = ObtainItemValue(xmlReader).Replace("\n", string.Empty); sqliteCommand.Parameters["FirstDiscovered"].Value = DateTime.ParseExact( dateTime, "ddd MMM dd HH:mm:ss yyyy", CultureInfo.InvariantCulture).ToShortDateString(); sqliteCommand.Parameters["LastObserved"].Value = sqliteCommand.Parameters["FirstDiscovered"].Value; break; } case "ValueInfo": { sqliteCommand.Parameters["VulnerabilityTitle"].Value = ObtainItemValue(xmlReader); break; } case "DescriptionInfo": { sqliteCommand.Parameters["VulnerabilityDescription"].Value = ObtainItemValue(xmlReader); break; } case "TestRes": { sqliteCommand.Parameters["Status"].Value = ObtainItemValue(xmlReader).ToVulneratorStatus(); break; } case "VulnInfo": { sqliteCommand.Parameters["PrimaryRawRiskIndicator"].Value = ObtainItemValue(xmlReader).ToRawRisk(); break; } case "RecInfo": { sqliteCommand.Parameters["FixText"].Value = ObtainItemValue(xmlReader); break; } } } else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("table")) { sqliteCommand.Parameters["DeltaAnalysisIsRequired"].Value = "False"; if (sqliteCommand.Parameters["VulnerabilityVersion"].Value == DBNull.Value) { sqliteCommand.Parameters["VulnerabilityVersion"].Value = string.Empty; } if (sqliteCommand.Parameters["VulnerabilityRelease"].Value == DBNull.Value) { sqliteCommand.Parameters["VulnerabilityRelease"].Value = string.Empty; } databaseInterface.InsertVulnerabilitySource(sqliteCommand); databaseInterface.InsertHardware(sqliteCommand); databaseInterface.InsertVulnerability(sqliteCommand); databaseInterface.MapVulnerabilityToSource(sqliteCommand); databaseInterface.UpdateUniqueFinding(sqliteCommand); databaseInterface.InsertUniqueFinding(sqliteCommand); break; } } } } } } sqliteTransaction.Commit(); } } catch (Exception exception) { LogWriter.LogError("Unable to parse WASSP file with XML reader."); throw exception; } finally { DatabaseBuilder.sqliteConnection.Close(); } }