private void AutoLoadAsync()
{
#pragma warning disable SecurityIntelliSenseCS // MS Security rules violation
string destFile = Path.Combine(Application.UserAppDataPath, FileName);
#pragma warning restore SecurityIntelliSenseCS // MS Security rules violation
if (File.Exists(destFile))
{
try
{
_threatSource = new ThreatSource(ThreatSourceManager.GetCapecCatalog(destFile));
SuccessAutoLoad();
}
catch
{
#pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
File.Delete(destFile);
#pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
}
FinalizeAutoLoad();
}
else
{
NoAutoload();
}
}
private void Download()
{
if (string.IsNullOrWhiteSpace(SourceUrl))
{
throw new InvalidOperationException(string.Format(Resources.MissingParameterError, nameof(SourceUrl)));
}
string fileName = Path.GetFileName(SourceUrl);
#pragma warning disable SecurityIntelliSenseCS // MS Security rules violation
string fileWithPath = Path.Combine(Application.UserAppDataPath, fileName);
string fileNameWithoutExt = Path.GetFileNameWithoutExtension(SourceUrl);
string destFile = Path.Combine(Application.UserAppDataPath, FileName);
#pragma warning restore SecurityIntelliSenseCS // MS Security rules violation
#if CWE
bool cwe = fileNameWithoutExt.StartsWith("cwec_");
#endif
bool capec = fileNameWithoutExt.StartsWith("capec_");
#if CWE
if (!cwe && !capec)
#else
if (!capec)
#endif
{ throw new InvalidOperationException(string.Format(Resources.UnsupportedFileTypeError, fileName)); }
if (!File.Exists(fileWithPath))
{
using (var client = new WebClient())
{
#pragma warning disable SecurityIntelliSenseCS // MS Security rules violation
client.DownloadFile(new Uri(SourceUrl), fileWithPath);
#pragma warning restore SecurityIntelliSenseCS // MS Security rules violation
}
}
if (SourceUrl.EndsWith(".zip"))
{
ZipFile.ExtractToDirectory(fileWithPath, Application.UserAppDataPath);
#pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
#pragma warning disable SecurityIntelliSenseCS // MS Security rules violation
File.Move(Path.Combine(Application.UserAppDataPath, fileNameWithoutExt), destFile);
#pragma warning restore SecurityIntelliSenseCS // MS Security rules violation
#pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
}
else
{
if (string.CompareOrdinal(fileName, FileName) != 0)
{
#pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
#pragma warning disable SecurityIntelliSenseCS // MS Security rules violation
File.Move(Path.Combine(Application.UserAppDataPath, fileName), destFile);
#pragma warning restore SecurityIntelliSenseCS // MS Security rules violation
#pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
}
}
try
{
_threatSource = capec
? new ThreatSource(ThreatSourceManager.GetCapecCatalog(destFile))
:
#if CWE
new ThreatSource(ThreatSourceManager.GetCweCatalog(destFile));
#else
null;
#endif
FinalizeDownload(true);
}
catch (Exception exc)
{
#if DEBUG
Debug.WriteLine(exc.ToString());
#endif
if (File.Exists(destFile))
#pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
{
File.Delete(destFile);
}
#pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}'
FinalizeDownload(false);
}
}
