private string InjectDefinitionValues(string input, FprVulnerability fprVulnerability)
{
string output = input;
string placeholder = string.Empty;
foreach (string key in fprVulnerability.ReplacementDefinitions.Keys)
{
string[] locationDefArray = new string[] { "SourceFunction", "SinkFunction", "PrimaryCall.name" };
placeholder = "<Replace key=\"" + key + "\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
if (locationDefArray.Contains(key))
{
switch (key)
{
case "SourceFunction":
{
placeholder = "<Replace key=\"" + key + "\" link=\"SourceLocation\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
break;
}
case "SinkFunction":
{
placeholder = "<Replace key=\"" + key + "\" link=\"SinkLocation\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
break;
}
case "PrimaryCall.name":
{
placeholder = "<Replace key=\"" + key + "\" link=\"PrimaryLocation\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
break;
}
default:
{ break; }
}
}
}
output = output.Replace("<", "");
output = output.Replace(">", "");
return(output);
}
private void AddVulnerabilityAndUniqueFinding(FprVulnerability fprVulnerability)
{
try
{
using (SQLiteCommand sqliteCommand = FindingsDatabaseActions.sqliteConnection.CreateCommand())
{
FprDescription fprDescription = fprDescriptionList.FirstOrDefault(x => x.ClassId == fprVulnerability.ClassId);
sqliteCommand.Parameters.Add(new SQLiteParameter("VulnId", fprVulnerability.ClassId));
sqliteCommand.Parameters.Add(new SQLiteParameter("Description", InjectDefinitionValues(fprDescription.Description, fprVulnerability)));
sqliteCommand.Parameters.Add(new SQLiteParameter("RiskStatement", InjectDefinitionValues(fprDescription.RiskStatement, fprVulnerability)));
sqliteCommand.Parameters.Add(new SQLiteParameter("VulnTitle", InjectDefinitionValues(fprDescription.VulnTitle, fprVulnerability)));
sqliteCommand.Parameters.Add(new SQLiteParameter("CrossReferences", fprVulnerability.InstanceId));
sqliteCommand.Parameters.Add(new SQLiteParameter("CheckContent", fprVulnerability.Category));
sqliteCommand.Parameters.Add(new SQLiteParameter("FileName", file));
sqliteCommand.Parameters.Add(new SQLiteParameter("LastObserved", lastObserved));
sqliteCommand.Parameters.Add(new SQLiteParameter("AssetIdToReport", softwareName));
sqliteCommand.Parameters.Add(new SQLiteParameter("Version", version));
sqliteCommand.Parameters.Add(new SQLiteParameter("FindingDetails", "Instance ID:" + Environment.NewLine + fprVulnerability.InstanceId));
List <KeyValuePair <string, string> > nistControls = fprDescription.References.Where(
x => x.Key.Contains("800-53")).OrderByDescending(x => x.Key).ToList();
if (nistControls != null && nistControls.Count > 0)
{
sqliteCommand.Parameters.Add(new SQLiteParameter("NistControl", nistControls[0].Value.Split(' ')[0]));
}
sqliteCommand.Parameters.Add(new SQLiteParameter("FixText", fprDescription.FixText));
List <KeyValuePair <string, string> > asdStigs = fprDescription.References.Where(
x => x.Key.Contains("AS&D")).ToList();
string[] delimiter = new string[] { "CAT" };
if (asdStigs != null && asdStigs.Count > 0)
{
asdStigs = asdStigs.OrderByDescending(x => Convert.ToDecimal(x.Key.Substring(5, 1))).
ThenByDescending(x => x.Key.Split(',')[0].Substring(7).Length).
ThenByDescending(x => x.Key.Substring(7)).ToList();
if (asdStigs[0].Value.Contains(", "))
{
string[] asdStigValues = asdStigs[0].Value.Split(',').ToArray();
foreach (string stigValue in asdStigValues)
{
sqliteCommand.Parameters.Add(new SQLiteParameter("StigId", stigValue.Trim().Split(' ')[0]));
sqliteCommand.Parameters.Add(new SQLiteParameter("RawRisk", stigValue.Split(delimiter, StringSplitOptions.None)[1].Trim()));
sqliteCommand.Parameters.Add(new SQLiteParameter("Impact", RawRiskToImpactConverter(stigValue.Split(delimiter, StringSplitOptions.None)[1].Trim())));
CreateAddVulnerabilityCommand(sqliteCommand);
CreateAddUniqueFindingCommand(sqliteCommand);
}
}
else
{
sqliteCommand.Parameters.Add(new SQLiteParameter("StigId", asdStigs[0].Value.Replace(", ", Environment.NewLine).Trim().Split(' ')[0]));
sqliteCommand.Parameters.Add(new SQLiteParameter("RawRisk", asdStigs[0].Value.Split(delimiter, StringSplitOptions.None)[1].Trim()));
sqliteCommand.Parameters.Add(new SQLiteParameter("Impact", RawRiskToImpactConverter(asdStigs[0].Value.Split(delimiter, StringSplitOptions.None)[1].Trim())));
CreateAddVulnerabilityCommand(sqliteCommand);
CreateAddUniqueFindingCommand(sqliteCommand);
}
}
else
{
CreateAddVulnerabilityCommand(sqliteCommand);
CreateAddUniqueFindingCommand(sqliteCommand);
}
}
}
catch (Exception exception)
{
log.Error("Unable to generate SQLiteParameter List.");
throw exception;
}
}
private void ParseFvdlVulnerablityNode(XmlReader xmlReader)
{
try
{
FprVulnerability fprVulnerability = new FprVulnerability();
string kingdom = string.Empty;
string type = string.Empty;
string subType = string.Empty;
while (xmlReader.Read())
{
if (xmlReader.IsStartElement())
{
switch (xmlReader.Name)
{
case "ClassID":
{
fprVulnerability.ClassId = ObtainCurrentNodeValue(xmlReader);
break;
}
case "Kingdom":
{
kingdom = ObtainCurrentNodeValue(xmlReader);
break;
}
case "Type":
{
type = ObtainCurrentNodeValue(xmlReader);
break;
}
case "Subtype":
{
subType = ObtainCurrentNodeValue(xmlReader);
break;
}
case "InstanceID":
{
fprVulnerability.InstanceId = ObtainCurrentNodeValue(xmlReader);
break;
}
case "Def":
{
fprVulnerability.ReplacementDefinitions.Add(xmlReader.GetAttribute("key"), xmlReader.GetAttribute("value"));
break;
}
case "LocationDef":
{
FprVulnerability.LocationDef locationDef = new FprVulnerability.LocationDef();
locationDef.Path = xmlReader.GetAttribute("path");
locationDef.Line = xmlReader.GetAttribute("line");
locationDef.LineEnd = xmlReader.GetAttribute("lineEnd");
locationDef.ColumnStart = xmlReader.GetAttribute("colStart");
locationDef.ColumnEnd = xmlReader.GetAttribute("colEnd");
fprVulnerability.LocationDefinitions.Add(locationDef);
break;
}
default:
{ break; }
}
}
else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("Vulnerability"))
{
if (!string.IsNullOrWhiteSpace(subType))
{
fprVulnerability.Category = kingdom + " : " + type + " : " + subType;
}
else
{
fprVulnerability.Category = kingdom + " : " + type;
}
fprVulnerabilityList.Add(fprVulnerability);
return;
}
}
}
catch (Exception exception)
{
log.Error("Unable to parse FVDL Vulnerability node.");
throw exception;
}
}
