public Record.Record getRecord() { // Create sqlite_conn = new SQLiteConnection("Data source=" + path + ";Version=3;New=True;Compress=True;"); // Open sqlite_conn.Open(); // Create command sqlite_cmd = sqlite_conn.CreateCommand(); Record.Record tempRecord = new Record.Record(); sqlite_cmd.CommandText = "SELECT * " + "FROM Record AS R " + "WHERE (R.revisionNo = (SELECT MAX(R2.revisionNo) " + "FROM Record AS R2 " + "WHERE R.originalId = R2.originalId)" + ") OR " + "R.revisionNo = 1;"; SQLiteDataReader sqlite_datareader = sqlite_cmd.ExecuteReader(); while (sqlite_datareader.Read()) { // get the content of the text field List <String> cveList = sqlite_datareader["cvelist"].ToString().Split(',').ToList <String>(); List <String> bidList = sqlite_datareader["bidlist"].ToString().Split(',').ToList <String>(); List <String> osvdbList = sqlite_datareader["osvdblist"].ToString().Split(',').ToList <String>(); for (int i = 0; i < cveList.Count; i++) { String tempString = ""; foreach (char c in cveList[i]) { if (c != ' ') { tempString += c; } } cveList[i] = tempString; } for (int i = 0; i < bidList.Count; i++) { String tempString = ""; foreach (char c in bidList[i]) { if (c != ' ') { tempString += c; } } bidList[i] = tempString; } for (int i = 0; i < osvdbList.Count; i++) { String tempString = ""; foreach (char c in osvdbList[i]) { if (c != ' ') { tempString += c; } } osvdbList[i] = tempString; } tempRecord.guiAddEntry(new NessusDataEntry(sqlite_datareader["pluginName"].ToString(), sqlite_datareader["ipList"].ToString(), sqlite_datareader["description"].ToString(), sqlite_datareader["impact"].ToString(), (int)RiskFactorFunction.getEnum(sqlite_datareader["riskfactor"].ToString()), RiskFactorFunction.getEnum(sqlite_datareader["riskfactor"].ToString()), sqlite_datareader["recommendation"].ToString(), cveList, bidList, osvdbList, sqlite_datareader["referenceLink"].ToString())); } sqlite_conn.Close(); return(tempRecord); }
/// <summary> /// This is the getOutput method. /// It is used to create a series of string with HTML elements for the HTML /// output. /// </summary> /// <param name="record">the Record for output</param> /// <returns>a series of string with HTML tags for HTML output</returns> private String getOutput(ref Record.Record record) { #region // get Useful Data List <DataEntry> highRisk = record.getHighRiskEntriesWithoutHotfix(); List <DataEntry> mediumRisk = record.getMediumRiskEntriesWithoutHotfix(); List <DataEntry> lowRisk = record.getLowRiskEntriesWithoutHotfix(); List <DataEntry> noneRisk = record.getNoneRiskEntriesWithoutHotfix(); Dictionary <int, DataEntry> openPort = new Dictionary <int, DataEntry>(); if (Program.state.panelOutputSelect_isOutputOpenPort) { openPort = record.getOpenPort(); } List <DataEntry> tempEntries = record.getWholeEntriesWithoutOpenPortAndHotfix(); Record.Record tempRecord = new Record.Record(); foreach (DataEntry entry in tempEntries) { tempRecord.guiAddEntry(entry); } if (Program.state.panelOutputSelect_isOutputOpenPort) { foreach (DataEntry entry in openPort.Values) { tempRecord.guiAddEntry(entry); } } RiskStats riskStats = tempRecord.getRiskStats(); #endregion StringBuilder sb = new StringBuilder(); #region // print Risk Statistics sb.Append("<DIV>" + "\n"); sb.Append("<H4>Risk Statistics</H4>" + "\n"); sb.Append("<br>High Risk: " + highRisk.Count + "\n"); sb.Append("<br>Medium Risk: " + mediumRisk.Count + "\n"); sb.Append("<br>Low Risk: " + lowRisk.Count + "\n"); sb.Append("<br>None Risk: " + noneRisk.Count + "\n"); if (Program.state.panelOutputSelect_isOutputOpenPort) { sb.Append("<br>Open Port: " + openPort.Count + "\n"); } sb.Append("</DIV>" + "\n"); #endregion #region // print Host Statistics // Per host statistics sb.Append("<DIV>" + "\n"); sb.Append("<H4>Risk Statistics</H4>" + "\n"); foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats()) { sb.Append("<br/>"); sb.Append(HTMLOutputFormater.forHTML(entry.Key)); sb.Append(":\t"); Dictionary <RiskFactor, int> hostRisks = entry.Value; foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks) { if (hostRisk.Key != RiskFactor.NULL) { if (hostRisk.Key != RiskFactor.OPEN || (hostRisk.Key == RiskFactor.OPEN && Program.state.panelOutputSelect_isOutputOpenPort)) { sb.Append(HTMLOutputFormater.forHTML(RiskFactorFunction.getEnumString(hostRisk.Key) + " : ")); if (hostRisk.Key != RiskFactor.OPEN) { sb.Append(HTMLOutputFormater.forHTML(hostRisk.Value.ToString()) + '\t'); } else if (Program.state.panelOutputSelect_isOutputOpenPort) { bool isOutput = false; foreach (DataEntry tempEntry in openPort.Values) { if (tempEntry.getIp() == entry.Key) { sb.Append(tempEntry.getDescription().Split(',').Length.ToString() + '\t'); isOutput = true; break; } } if (!isOutput) { sb.Append("0\t"); } } } } } } sb.Append("</DIV>" + "\n"); #endregion #region // print HIGH/MEDIUM/LOW/NONE Findings // High Risks sb.Append("<DIV>" + "\n"); sb.Append("<H4>High Risk Findings</H4>" + "\n"); foreach (DataEntry entry in highRisk) { sb.Append("<p>" + "\n"); sb.Append(getDataEntryHTML(entry, RiskFactor.HIGH)); sb.Append("</p>" + "\n"); } sb.Append("</DIV>" + "\n"); // Medium Risks sb.Append("<DIV>" + "\n"); sb.Append("<H4>Medium Risk Findings</H4>" + "\n"); foreach (DataEntry entry in mediumRisk) { sb.Append("<p>" + "\n"); sb.Append(getDataEntryHTML(entry, RiskFactor.MEDIUM)); sb.Append("</p>" + "\n"); } sb.Append("</DIV>" + "\n"); // Low Risks sb.Append("<DIV>" + "\n"); sb.Append("<H4>Low Risk Findings</H4>" + "\n"); foreach (DataEntry entry in lowRisk) { sb.Append("<p>" + "\n"); sb.Append(getDataEntryHTML(entry, RiskFactor.LOW)); sb.Append("</p>" + "\n"); } sb.Append("</DIV>" + "\n"); // None Risks sb.Append("<DIV>" + "\n"); sb.Append("<H4>None Risk Findings</H4>" + "\n"); foreach (DataEntry entry in noneRisk) { sb.Append("<p>" + "\n"); sb.Append(getDataEntryHTML(entry, RiskFactor.NONE)); sb.Append("</p>" + "\n"); } sb.Append("</DIV>" + "\n"); #endregion #region // print Missing Hotfix Findings if (Program.state.panelOutputSelect_isOutputHotfix) { sb.Append("<DIV>" + "\n"); sb.Append("<H4>Missing Hotfix Findings</H4>" + "\n"); sb.Append("<p>" + "\n"); sb.Append(HTML_TABLE_START); sb.Append("\n"); sb.Append("<TR>\n"); sb.Append("<TD>Host</TD>\n"); sb.Append("<TD>Missing Hotfix(s)</TD>\n"); sb.Append("</TR>\n"); Dictionary <String, String> hotfixList = new Hotfix(record).getHotfixListGroupByHost(); foreach (KeyValuePair <String, String> finding in hotfixList) { sb.Append("<TR>\n"); // ip address for the open port findings sb.Append("<TD>"); //MessageBox.Show(finding.Key); sb.Append(finding.Key); sb.Append("</TD>\n"); // open ports sb.Append("<TD>"); sb.Append(HTMLOutputFormater.forHTML(finding.Value).Replace("\n", "<br/>")); sb.Append("</TD>\n"); sb.Append("</TR>\n"); } sb.Append(HTML_TABLE_END); sb.Append("</p>" + "\n"); sb.Append("</DIV>" + "\n"); } #endregion #region // print Open Port Findings // Open Ports if (Program.state.panelOutputSelect_isOutputOpenPort) { sb.Append("<DIV>" + "\n"); sb.Append("<H4>Open Ports Findings</H4>" + "\n"); sb.Append("<p>" + "\n"); sb.Append(HTML_TABLE_START); sb.Append("\n"); sb.Append("<TR>\n"); sb.Append("<TD>Host</TD>\n"); sb.Append("<TD>Open Port(s)</TD>\n"); sb.Append("</TR>\n"); foreach (KeyValuePair <int, DataEntry> keyValuePair in openPort) { DataEntry entry = keyValuePair.Value; sb.Append("<TR>\n"); // ip address for the open port findings sb.Append("<TD>"); sb.Append(entry.getIp()); sb.Append("</TD>\n"); // open ports sb.Append("<TD>"); sb.Append(HTMLOutputFormater.forHTML(entry.getDescription()).Replace("\n", "<br/>")); sb.Append("</TD>\n"); sb.Append("</TR>\n"); } sb.Append(HTML_TABLE_END); sb.Append("</p>" + "\n"); sb.Append("</DIV>" + "\n"); } #endregion return(sb.ToString()); }
/// <summary> /// This is the output method. /// It is used to output the file from given path and also given Record. /// </summary> /// <param name="path">the file path for output</param> /// <param name="record">the Record for output</param> public override void output(string path, ref Record.Record record) { #region // get Useful Data List <DataEntry> highRisk = record.getHighRiskEntriesWithoutHotfix(); List <DataEntry> mediumRisk = record.getMediumRiskEntriesWithoutHotfix(); List <DataEntry> lowRisk = record.getLowRiskEntriesWithoutHotfix(); List <DataEntry> noneRisk = record.getNoneRiskEntriesWithoutHotfix(); Dictionary <int, DataEntry> openPort = new Dictionary <int, DataEntry>(); if (Program.state.panelOutputSelect_isOutputOpenPort) { openPort = record.getOpenPort(); } List <DataEntry> tempEntries = record.getWholeEntriesWithoutOpenPortAndHotfix(); Record.Record tempRecord = new Record.Record(); foreach (DataEntry entry in tempEntries) { tempRecord.guiAddEntry(entry); } if (Program.state.panelOutputSelect_isOutputOpenPort) { foreach (DataEntry entry in openPort.Values) { tempRecord.guiAddEntry(entry); } } RiskStats riskStats = tempRecord.getRiskStats(); #endregion using (WordprocessingDocument wordDoc = WordprocessingDocument.Create(path, WordprocessingDocumentType.Document)) { MainDocumentPart mainDocumentPart = wordDoc.AddMainDocumentPart(); styleDefinitionsPart = wordDoc.MainDocumentPart.StyleDefinitionsPart; // If the Styles part does not exist, add it and then add the style. if (styleDefinitionsPart == null) { styleDefinitionsPart = AddStylesPartToPackage(wordDoc); // Code removed here... } AddNewStyle(styleDefinitionsPart, "entry_heading", "Entry_heading"); Document document = new Document(); Body body = new Body(); document.Append(body); mainDocumentPart.Document = document; #region // print Risk Statistics // start output addParagraph(body, "Risk Statistics", true, 5, false, false); addParagraph(body, "High Risk: " + highRisk.Count, false, 2, false, false); addParagraph(body, "Medium Risk: " + mediumRisk.Count, false, 2, false, false); addParagraph(body, "Low Risk: " + lowRisk.Count, false, 2, false, false); addParagraph(body, "None Risk: " + noneRisk.Count, false, 2, false, false); if (Program.state.panelOutputSelect_isOutputOpenPort) { addParagraph(body, "Open Port: " + openPort.Count, false, 2, false, false); } #endregion #region // print Host Statistics // Per host statistics addParagraph(body, "Risk Statistics", true, 5, true, false); foreach (KeyValuePair <String, Dictionary <RiskFactor, int> > entry in riskStats.getRiskStats()) { String tempString = entry.Key; Dictionary <RiskFactor, int> hostRisks = entry.Value; foreach (KeyValuePair <RiskFactor, int> hostRisk in hostRisks) { if (hostRisk.Key != RiskFactor.NULL) { if (hostRisk.Key != RiskFactor.OPEN || (hostRisk.Key == RiskFactor.OPEN && Program.state.panelOutputSelect_isOutputOpenPort)) { tempString += " " + RiskFactorFunction.getEnumString(hostRisk.Key) + ": "; if (hostRisk.Key != RiskFactor.OPEN) { tempString += hostRisk.Value.ToString(); } else if (Program.state.panelOutputSelect_isOutputOpenPort) { bool isOutput = false; foreach (DataEntry tempEntry in openPort.Values) { if (tempEntry.getIp() == entry.Key) { tempString += tempEntry.getDescription().Split(',').Length.ToString(); isOutput = true; break; } } if (!isOutput) { tempString += "0"; } } } } } addParagraph(body, tempString, false, 0, false, false); } #endregion #region // print HIGH/MEDIUM/LOW/NONE Findings // High Risks addParagraph(body, "High Risk Findings\n", true, 2, true, false); foreach (DataEntry entry in highRisk) { addParagraph(body, entry.getPluginName(), true, 0, true, false, true); addTable(body, buildTable(entry, RiskFactor.HIGH)); } // Medium Risks addParagraph(body, "Medium Risk Findings\n", true, 2, true, false); foreach (DataEntry entry in mediumRisk) { addParagraph(body, entry.getPluginName(), true, 0, true, false, true); addTable(body, buildTable(entry, RiskFactor.MEDIUM)); } // Low Risks addParagraph(body, "Low Risk Findings\n", true, 2, true, false); foreach (DataEntry entry in lowRisk) { addParagraph(body, entry.getPluginName(), true, 0, true, false, true); addTable(body, buildTable(entry, RiskFactor.LOW)); } // None Risks addParagraph(body, "None Risk Findings\n", true, 2, true, false); foreach (DataEntry entry in noneRisk) { addParagraph(body, entry.getPluginName(), true, 0, true, false, true); addTable(body, buildTable(entry, RiskFactor.NONE)); } #endregion #region // print Missing Hotfix findings if (Program.state.panelOutputSelect_isOutputHotfix) { addParagraph(body, "Missing Hotfix Findings\n", true, 2, true, false); addTable(body, buildTableHotfix(new Hotfix(record))); } #endregion #region // print Open Port Findings // Open Ports if (Program.state.panelOutputSelect_isOutputOpenPort) { addParagraph(body, "Open Ports Findings\n", true, 2, true, false); addTable(body, buildTableOpenPort(openPort)); } #endregion #region // print IP Host Table // Open Ports if (Program.state.panelOutputSelect_isOutputIpHost) { addParagraph(body, "IP Host Table\n", true, 2, true, false); addTable(body, buildTableIpHost()); } #endregion } }