Пример #1
0
    public static List<string> GetFileInfo(IEnumerable<string> lFileHash, Bit9ReturnValues lBit9ReturnValues)
    {
      var lBit9Info = new List<string>();
      var oBit9Return = new object[69];

      var sAcekDecode = Object_Fido_Configs.GetAsString("fido.detectors.bit9.acek", null);
      sAcekDecode = Aes_Crypto.DecryptStringAES(sAcekDecode, "1");
      var sUserID = Aes_Crypto.DecryptStringAES(Object_Fido_Configs.GetAsString("fido.detectors.bit9.userid", null), sAcekDecode);
      var sPwd = Aes_Crypto.DecryptStringAES(Object_Fido_Configs.GetAsString("fido.detectors.bit9.pwd", null), sAcekDecode);
      var sBit9Server = Object_Fido_Configs.GetAsString("fido.detectors.bit9.server", null);
      var sDb = Object_Fido_Configs.GetAsString("fido.detectors.bit9.db", null);

      try
      {
        //todo: take connection string and encrypt to put in XML config
        var vConnection = new SqlConnection("user id=" + sUserID + ";password="******";Server=" + sBit9Server + ",1433;Integrated Security=sspi;Database=" + sDb + ";connection timeout=60");
        if (lFileHash != null)
        {
          //todo: SQL injection. Store query in database and fill variables when retrieving
          foreach (var CMD in lFileHash.Select(sFileHash => "SELECT * FROM [das].[dbo].[Fido_FileInstanceInfo] WHERE MD5 = '" + sFileHash + "'").Select(sQuery => new SqlCommand(sQuery, vConnection)))
          {
            CMD.CommandType = CommandType.Text;
            vConnection.Open();
            using (var objReader = CMD.ExecuteReader())
            {
              if (objReader.HasRows)
              {
                while (objReader.Read())
                {
                  var quant = objReader.GetSqlValues(oBit9Return);
                  if (!oBit9Return.Any()) continue;
                  lBit9Info.AddRange(oBit9Return.Select(item => item.ToString()));
                }
              }
            }
            vConnection.Close();
          }
        }
        else if (lBit9ReturnValues != null)
        {
          //todo: SQL injection. Store query in database and fill values when retrieving
          var sQuery = "SELECT * FROM [das].[dbo].[Fido_FileInstanceInfo] WHERE FILE_NAME = '" + lBit9ReturnValues.FileName.ToLower() + "' AND Path_Name = '" + lBit9ReturnValues.FilePath.ToLower() + "' AND Computer_Name = '" + lBit9ReturnValues.HostName + "'";
          var CMD = new SqlCommand(sQuery, vConnection) {CommandType = CommandType.Text};
          vConnection.Open();
          using (var objReader = CMD.ExecuteReader())
          {
            if (objReader.HasRows)
            {
              while (objReader.Read())
              {
                var quant = objReader.GetSqlValues(oBit9Return);
                if (!oBit9Return.Any()) continue;
                lBit9Info.AddRange(oBit9Return.Select(item => item.ToString()));
              }
            }
          }
          vConnection.Close();
        }

        //if no count then no hash information exists
        if (lBit9Info.Count != 0)
        {
        }
      }
      catch (Exception e)
      {
        Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught retrieving file information from Bit9:" + e);
      }
        
      return lBit9Info;
    }
Пример #2
0
 private static void AntiVirusToBit9(FidoReturnValues lFidoReturnValues)
 {
   var lBit9ReturnValues = new Bit9ReturnValues();
   var sFileInfo = lFidoReturnValues.Antivirus.FilePath.Split('\\');
   if ((sFileInfo != null) && (sFileInfo.Length != 0))
   {
     Console.WriteLine(@"Antivirus detector found! Cross-referencing with Bit9.");
     lBit9ReturnValues.FileName = sFileInfo[sFileInfo.Length - 1];
     lFidoReturnValues.Antivirus.FileName = lBit9ReturnValues.FileName;
     for (var i = 0; i < sFileInfo.Length - 1; i++)
     {
       if (i == sFileInfo.Length - 2)
       {
         lBit9ReturnValues.FilePath += sFileInfo[i];
       }
       else
       {
         if (!sFileInfo[i].Contains("'"))
         {
           lBit9ReturnValues.FilePath += sFileInfo[i] + "\\";
         }
         else
         {
           break;
         }
       }
     }
     lBit9ReturnValues.HostName = lFidoReturnValues.Hostname;
     var lBit9Info = Detect_Bit9.GetFileInfo(null, lBit9ReturnValues);
   }
 }