/**
* @param VulnerableElement $element
* @return string
*/
public function vulnerabilityTreeAsArray(VulnerableElement $element)
{
$result = [];
$vulnerabilities = [];
$children = [];
$conditions = [];
if ($element->hasChildren()) {
$childrenArr = [];
foreach ($element->getChildrenArray() as $child) {
$childrenArr[] = $this->vulnerabilityTreeAsArray($child);
}
$children = $childrenArr;
}
if ($element instanceof ConditionalVulnerableElement) {
/** @var ICondition $condition */
foreach ($element->getConditions()->getConditions() as $condition) {
$conditions[$condition->getName()] = $condition->toArray();
}
}
/** @var Vulnerability $vuln */
foreach ($element->getVulnerabilitySet()->getVulnerabilities() as $vuln) {
$vulnerabilities[$vuln->getName()] = $vuln->asArray();
unset($vulnerabilities[$vuln->getName()]['name']);
}
ksort($vulnerabilities);
if ($element->getName()) {
$result['name'] = $element->getName();
}
if (count($conditions)) {
$result['conditions'] = $conditions;
}
if (count($vulnerabilities)) {
$result['vuln_list'] = $vulnerabilities;
}
if (count($children)) {
$result['children'] = $children;
}
return $result;
}
/**
* @param VulnerableElement $element
* @return string
*/
public function renderVulnerabilityTree(VulnerableElement $element)
{
$vulnerabilities = [];
$childrenVulns = '';
$conditions = [];
if ($element->hasChildren()) {
$childrenHtml = [];
foreach ($element->getChildrenArray() as $child) {
$childrenHtml[] = $this->renderVulnerabilityTree($child);
}
$childrenVulns = implode('', $childrenHtml);
}
if ($element instanceof ConditionalVulnerableElement) {
/** @var ICondition $condition */
foreach ($element->getConditions()->getConditions() as $condition) {
$conditions[$condition->getName()] = $condition->toArray();
}
}
/** @var Vulnerability $vuln */
foreach ($element->getVulnerabilitySet()->getVulnerabilities() as $vuln) {
$vulnerabilities[$vuln->getName()] = $vuln->asArray();
}
sort($vulnerabilities);
$vulnNames = VulnerabilityFactory::instance()->getAllVulnerabilityNames();
$computedVulnerabilities = [];
/** @var Vulnerability $vuln */
foreach ($vulnNames as $vulnName) {
$computedVulnerabilities[] = $element->getComputedVulnerability($vulnName)->asArray();
}
$view = $this->pixie->view('admin/context/vuln_element');
$view->vulnerabilities = $vulnerabilities;
$view->computedVulnerabilities = $computedVulnerabilities;
$view->childrenVulns = $childrenVulns;
$view->conditionList = $conditions;
return $view->render();
}
/**
* @param VulnerableElement $elem
* @param null|\VulnModule\Vulnerability[] $parentVulns
* @param bool $onlyChildren
* @param bool $inherits
* @return array
*/
protected function calcVulnerableElementVulns(VulnerableElement $elem, $parentVulns = null, $onlyChildren = false, $inherits = false)
{
$vulns = [];
/** @var \VulnModule\Vulnerability[] $computedVulns */
$computedVulns = $elem->getComputedVulnerabilities(VulnerableElement::COMPUTE_ONLY_ROOT);
if (!$onlyChildren) {
// Show disabled for any context except default and for conditional elements
$showDisabledVulns = (bool) (!$elem->getHost() || $elem->getHost()->getParent());
$customVulns = [];
$vulnList = !!$parentVulns ? $elem->getVulnerabilitySet()->getVulnerabilities() : $computedVulns;
foreach ($vulnList as $vuln) {
if (!$vuln) {
continue;
}
$hasOwnVuln = $elem->hasOwnVulnerability($vuln->getName());
if ($vuln->isEnabled() || $showDisabledVulns && $hasOwnVuln) {
if (!$parentVulns || !$parentVulns[$vuln->getName()]->equalsTo($vuln)) {
$customVulns[$vuln->getName()]['props'] = $vuln->asArray();
$customVulns[$vuln->getName()]['inherited'] = $inherits || !$hasOwnVuln;
$customVulns[$vuln->getName()]['vuln'] = $vuln;
}
}
}
if (count($customVulns)) {
$vulns['vulns'] = $customVulns;
}
}
if ($elem->hasChildren()) {
$childVulns = [];
foreach ($elem->getChildren() as $child) {
if ($childVuln = $this->calcVulnerableElementVulns($child, $computedVulns, false, $inherits)) {
$childVulns[] = $childVuln;
}
}
if (count($childVulns)) {
$vulns['children'] = $childVulns;
}
}
if ($elem instanceof ConditionalVulnerableElement) {
$conditions = [];
if ($elem->hasConditions()) {
foreach ($elem->getConditions()->getConditions() as $condition) {
$conditions[$condition->getName()] = $condition->__toString();
}
}
if (count($conditions)) {
$vulns['conditions'] = $conditions;
}
}
if (count($vulns)) {
if ($inherits) {
$vulns['inherited_block'] = true;
}
}
return $vulns;
}