/** * @param VulnerableElement $element * @return string */ public function renderVulnerabilityTree(VulnerableElement $element) { $vulnerabilities = []; $childrenVulns = ''; $conditions = []; if ($element->hasChildren()) { $childrenHtml = []; foreach ($element->getChildrenArray() as $child) { $childrenHtml[] = $this->renderVulnerabilityTree($child); } $childrenVulns = implode('', $childrenHtml); } if ($element instanceof ConditionalVulnerableElement) { /** @var ICondition $condition */ foreach ($element->getConditions()->getConditions() as $condition) { $conditions[$condition->getName()] = $condition->toArray(); } } /** @var Vulnerability $vuln */ foreach ($element->getVulnerabilitySet()->getVulnerabilities() as $vuln) { $vulnerabilities[$vuln->getName()] = $vuln->asArray(); } sort($vulnerabilities); $vulnNames = VulnerabilityFactory::instance()->getAllVulnerabilityNames(); $computedVulnerabilities = []; /** @var Vulnerability $vuln */ foreach ($vulnNames as $vulnName) { $computedVulnerabilities[] = $element->getComputedVulnerability($vulnName)->asArray(); } $view = $this->pixie->view('admin/context/vuln_element'); $view->vulnerabilities = $vulnerabilities; $view->computedVulnerabilities = $computedVulnerabilities; $view->childrenVulns = $childrenVulns; $view->conditionList = $conditions; return $view->render(); }
/** * Builds vulnerability set from list of vulns * @param $vulnList * @return VulnerabilitySet */ protected function buildVulnerabilitySetFromArray($vulnList) { $resultSet = new VulnerabilitySet(); if (!is_array($vulnList) || empty($vulnList)) { return $resultSet; } $factory = VulnerabilityFactory::instance(); foreach ($vulnList as $name => $data) { if (!$factory->exists($name)) { continue; } $vuln = $factory->create($name); $vuln->fillFromArray($data); $resultSet->set($vuln); } return $resultSet; }
protected function buildAllVulnerabilitiesForm() { $allVulnsSet = new VulnerabilitySet(); $vulns = VulnerabilityFactory::instance()->getAllVulnerabilityNames(); foreach ($vulns as $vulnName) { $vulnType = 'VulnModule\\Vulnerability\\' . $vulnName; if (class_exists($vulnType)) { $vuln = new $vulnType(); } else { $vuln = new V(); } $allVulnsSet->set($vuln); } $vulnBuilder = $this->getFormFactory()->createBuilder('form', ['__ALL_VULNS__' => $allVulnsSet])->add('__ALL_VULNS__', 'vulnerability_set'); return $vulnBuilder->getForm(); }
/** * @param $vulnerabilities * @return VulnerabilitySet */ protected function buildVulnerabilitySetFromArray($vulnerabilities) { $vulnerabilitySet = new VulnerabilitySet(); if (!is_array($vulnerabilities)) { return $vulnerabilitySet; } $vulnNames = self::getVulnerabilityNames(); $factory = VulnerabilityFactory::instance(); // Vulnerabilities are set as array values foreach ($vulnNames as $oldName => $newName) { if (in_array($oldName, $vulnerabilities)) { $vulnerabilitySet->set($factory->create($newName)); } } // Vulnerabilities are set as array keys foreach ($vulnNames as $oldName => $newName) { if (!array_key_exists($oldName, $vulnerabilities)) { continue; } $vuln = $factory->create($newName); if (is_array($vulnerabilities[$oldName])) { if (array_key_exists('enabled', $vulnerabilities[$oldName])) { $vuln->setEnabled(!!$vulnerabilities[$oldName]['enabled']); } if ($oldName === 'xss') { if (array_key_exists('stored', $vulnerabilities[$oldName])) { /** @var XSS $vuln */ $vuln->setStored($vulnerabilities[$oldName]['stored']); } } if ($oldName === 'sql') { if (array_key_exists('blind', $vulnerabilities[$oldName])) { /** @var SQL $vuln */ $vuln->setBlind($vulnerabilities[$oldName]['blind']); } } } else { $vuln->setEnabled(!!$vulnerabilities[$oldName]); // It's enabled or not } $vulnerabilitySet->set($vuln); } return $vulnerabilitySet; }
/** * Renders vulnerability tree and chain for matrix. * @param $existingVulnsData * @return string */ public function renderVulnCellVulns($existingVulnsData) { $vulnHtml = []; $vulnNames = VulnerabilityFactory::instance()->getAllVulnerabilityNames(); $existingVulns = $existingVulnsData['vulns'] ?: []; $existingConditions = $existingVulnsData['conditions']; $children = $existingVulnsData['children']; $condHtml = null; $childrenHtml = null; if (count($existingConditions)) { $condHtml = '<strong>[' . trim(implode('; ', $existingConditions)) . ']</strong>'; } foreach ($vulnNames as $vulnName) { $isActiveVuln = array_key_exists($vulnName, $existingVulns); $content = null; if ($isActiveVuln) { $content = []; foreach ($existingVulns[$vulnName]['props'] as $propName => $propValue) { if (in_array($propName, ['enabled', 'name'])) { continue; } $content[] = $propName . ': ' . (is_bool($propValue) ? $propValue ? 'Yes' : 'No' : $propValue); } $content = '<span class="js-vulnerability vuln ' . ($existingVulns[$vulnName]['props']['enabled'] ? 'vuln-enabled' : 'vuln-disabled') . '">' . $vulnName . ($content ? ' (' . implode(', ', $content) . ')' : '') . ($existingVulns[$vulnName]['inherited'] ? ' <span class="js-vuln-tips vuln-tips">[inherit]</span>' : '') . '</span>'; } $vulnHtml[] = $content; } $vulnHtml = array_filter($vulnHtml); if (is_array($children) && count($children)) { $childrenHtml = []; foreach ($children as $child) { $childrenHtml[] = $this->renderVulnCellVulns($child); } $childrenHtml = array_filter($childrenHtml); if (count($childrenHtml)) { $childrenHtml = trim(implode('<br>', $childrenHtml)); if ($childrenHtml && ($condHtml || count($vulnHtml))) { $childrenHtml = '<div class="vuln-block">' . $childrenHtml . '</div>'; } } } if (!$childrenHtml && !count($vulnHtml)) { $condHtml = null; } if (empty($vulnHtml)) { $vulnHtml = null; } $vulnHtml = $vulnHtml ? trim(implode('<br>', $vulnHtml)) : null; return trim(implode('<br>', array_filter([$condHtml, $vulnHtml, $childrenHtml]))); }
/** * @param int $flags * @return array|ArrayObject <Vulnerability>|Vulnerability[] */ public function getComputedVulnerabilities($flags = 0) { $vulnNames = VulnerabilityFactory::instance()->getAllVulnerabilityNames(); $computedVulnerabilities = new ArrayObject(); /** @var Vulnerability $vuln */ foreach ($vulnNames as $vulnName) { $computedVulnerabilities[$vulnName] = $this->getComputedVulnerability($vulnName, $flags); } return $computedVulnerabilities; }