Exemplo n.º 1
0
 /**
  * @return VulnerabilityHost|Context|Field|null
  */
 public function getTreeHost()
 {
     if ($this->host) {
         return $this->host;
     }
     if ($this->parent) {
         return $this->parent->getTreeHost();
     }
     return null;
 }
Exemplo n.º 2
0
 /**
  * @param VulnerableElement $element
  * @return string
  */
 public function vulnerabilityTreeAsArray(VulnerableElement $element)
 {
     $result = [];
     $vulnerabilities = [];
     $children = [];
     $conditions = [];
     if ($element->hasChildren()) {
         $childrenArr = [];
         foreach ($element->getChildrenArray() as $child) {
             $childrenArr[] = $this->vulnerabilityTreeAsArray($child);
         }
         $children = $childrenArr;
     }
     if ($element instanceof ConditionalVulnerableElement) {
         /** @var ICondition $condition */
         foreach ($element->getConditions()->getConditions() as $condition) {
             $conditions[$condition->getName()] = $condition->toArray();
         }
     }
     /** @var Vulnerability $vuln */
     foreach ($element->getVulnerabilitySet()->getVulnerabilities() as $vuln) {
         $vulnerabilities[$vuln->getName()] = $vuln->asArray();
         unset($vulnerabilities[$vuln->getName()]['name']);
     }
     ksort($vulnerabilities);
     if ($element->getName()) {
         $result['name'] = $element->getName();
     }
     if (count($conditions)) {
         $result['conditions'] = $conditions;
     }
     if (count($vulnerabilities)) {
         $result['vuln_list'] = $vulnerabilities;
     }
     if (count($children)) {
         $result['children'] = $children;
     }
     return $result;
 }
Exemplo n.º 3
0
 /**
  * @param VulnerableElement $element
  * @return string
  */
 public function renderVulnerabilityTree(VulnerableElement $element)
 {
     $vulnerabilities = [];
     $childrenVulns = '';
     $conditions = [];
     if ($element->hasChildren()) {
         $childrenHtml = [];
         foreach ($element->getChildrenArray() as $child) {
             $childrenHtml[] = $this->renderVulnerabilityTree($child);
         }
         $childrenVulns = implode('', $childrenHtml);
     }
     if ($element instanceof ConditionalVulnerableElement) {
         /** @var ICondition $condition */
         foreach ($element->getConditions()->getConditions() as $condition) {
             $conditions[$condition->getName()] = $condition->toArray();
         }
     }
     /** @var Vulnerability $vuln */
     foreach ($element->getVulnerabilitySet()->getVulnerabilities() as $vuln) {
         $vulnerabilities[$vuln->getName()] = $vuln->asArray();
     }
     sort($vulnerabilities);
     $vulnNames = VulnerabilityFactory::instance()->getAllVulnerabilityNames();
     $computedVulnerabilities = [];
     /** @var Vulnerability $vuln */
     foreach ($vulnNames as $vulnName) {
         $computedVulnerabilities[] = $element->getComputedVulnerability($vulnName)->asArray();
     }
     $view = $this->pixie->view('admin/context/vuln_element');
     $view->vulnerabilities = $vulnerabilities;
     $view->computedVulnerabilities = $computedVulnerabilities;
     $view->childrenVulns = $childrenVulns;
     $view->conditionList = $conditions;
     return $view->render();
 }
Exemplo n.º 4
0
 /**
  * @param VulnerableElement $vulnTree
  */
 public function setVulnTree(VulnerableElement $vulnTree)
 {
     $vulnTree->setHost($this);
     $this->vulnTree = $vulnTree;
     $this->clearCache();
 }
Exemplo n.º 5
0
 protected function buildVulnerabilityElementFromArray($data, $conditional = false)
 {
     $vulnerabilities = $this->buildVulnerabilitySetFromArray($data['vuln_list']);
     if ($conditional) {
         $vulnElement = new ConditionalVulnerableElement($vulnerabilities);
         if (is_array($data['conditions'])) {
             $factory = ConditionFactory::instance();
             $conditionSet = new ConditionSet();
             foreach ($data['conditions'] as $name => $conditionData) {
                 $condition = $factory->create($name);
                 $condition->fillFromArray($conditionData);
                 $conditionSet->addCondition($condition);
             }
             $vulnElement->setConditions($conditionSet);
         }
     } else {
         $vulnElement = new VulnerableElement($vulnerabilities);
     }
     if ($data['name']) {
         $vulnElement->setName($data['name']);
     }
     if (is_array($data['children'])) {
         foreach ($data['children'] as $childData) {
             $child = $this->buildVulnerabilityElementFromArray($childData, true);
             $vulnElement->addChild($child);
         }
     }
     return $vulnElement;
 }
 public function getDefaultElement()
 {
     $default = parent::getDefaultElement();
     return $default === $this ? $default->hasConditions() ? null : $default : $default;
 }
 /**
  * @param VulnerableElement $elem
  * @param null|\VulnModule\Vulnerability[] $parentVulns
  * @param bool $onlyChildren
  * @param bool $inherits
  * @return array
  */
 protected function calcVulnerableElementVulns(VulnerableElement $elem, $parentVulns = null, $onlyChildren = false, $inherits = false)
 {
     $vulns = [];
     /** @var \VulnModule\Vulnerability[] $computedVulns */
     $computedVulns = $elem->getComputedVulnerabilities(VulnerableElement::COMPUTE_ONLY_ROOT);
     if (!$onlyChildren) {
         // Show disabled for any context except default and for conditional elements
         $showDisabledVulns = (bool) (!$elem->getHost() || $elem->getHost()->getParent());
         $customVulns = [];
         $vulnList = !!$parentVulns ? $elem->getVulnerabilitySet()->getVulnerabilities() : $computedVulns;
         foreach ($vulnList as $vuln) {
             if (!$vuln) {
                 continue;
             }
             $hasOwnVuln = $elem->hasOwnVulnerability($vuln->getName());
             if ($vuln->isEnabled() || $showDisabledVulns && $hasOwnVuln) {
                 if (!$parentVulns || !$parentVulns[$vuln->getName()]->equalsTo($vuln)) {
                     $customVulns[$vuln->getName()]['props'] = $vuln->asArray();
                     $customVulns[$vuln->getName()]['inherited'] = $inherits || !$hasOwnVuln;
                     $customVulns[$vuln->getName()]['vuln'] = $vuln;
                 }
             }
         }
         if (count($customVulns)) {
             $vulns['vulns'] = $customVulns;
         }
     }
     if ($elem->hasChildren()) {
         $childVulns = [];
         foreach ($elem->getChildren() as $child) {
             if ($childVuln = $this->calcVulnerableElementVulns($child, $computedVulns, false, $inherits)) {
                 $childVulns[] = $childVuln;
             }
         }
         if (count($childVulns)) {
             $vulns['children'] = $childVulns;
         }
     }
     if ($elem instanceof ConditionalVulnerableElement) {
         $conditions = [];
         if ($elem->hasConditions()) {
             foreach ($elem->getConditions()->getConditions() as $condition) {
                 $conditions[$condition->getName()] = $condition->__toString();
             }
         }
         if (count($conditions)) {
             $vulns['conditions'] = $conditions;
         }
     }
     if (count($vulns)) {
         if ($inherits) {
             $vulns['inherited_block'] = true;
         }
     }
     return $vulns;
 }