/** * @param $name * @param int $flags * @return null|Vulnerability */ public function getComputedVulnerability($name, $flags = 0) { if (!is_string($name)) { throw new \InvalidArgumentException("Vulnerability name must be a string. Provided: '{$name}'"); } $computeOnlyRoot = (bool) ($flags & self::COMPUTE_ONLY_ROOT); if ($computeOnlyRoot && $this->getParent()) { return $this->getParent()->getComputedVulnerability($name, $flags); } if ($this->cachedVulnerabilities->hasOwnVulnerability($name)) { return $this->cachedVulnerabilities->get($name); } if ($this->vulnerabilitySet->hasOwnVulnerability($name)) { $vuln = $this->vulnerabilitySet->get($name); } else { $parent = $this->getParent(); if ($parent) { $vuln = $this->getParent()->getComputedVulnerability($name, $flags); } else { if ($this->host) { $vuln = $this->host->getParentVulnerability($name, null, null, $computeOnlyRoot); if ($vuln === null) { $vuln = VulnerabilityFactory::instance()->create($name, false); } } else { $vuln = VulnerabilityFactory::instance()->create($name, false); } } } if ($vuln) { if (!$vuln->isTargetedAt($this->targets)) { $this->cachedVulnerabilities->set(false, $name); $vuln = false; } else { $this->cachedVulnerabilities->set($vuln); } } else { $this->cachedVulnerabilities->set(false, $name); $vuln = false; } return $vuln; }
/** * Builds vulnerability set from list of vulns * @param $vulnList * @return VulnerabilitySet */ protected function buildVulnerabilitySetFromArray($vulnList) { $resultSet = new VulnerabilitySet(); if (!is_array($vulnList) || empty($vulnList)) { return $resultSet; } $factory = VulnerabilityFactory::instance(); foreach ($vulnList as $name => $data) { if (!$factory->exists($name)) { continue; } $vuln = $factory->create($name); $vuln->fillFromArray($data); $resultSet->set($vuln); } return $resultSet; }
protected function buildAllVulnerabilitiesForm() { $allVulnsSet = new VulnerabilitySet(); $vulns = VulnerabilityFactory::instance()->getAllVulnerabilityNames(); foreach ($vulns as $vulnName) { $vulnType = 'VulnModule\\Vulnerability\\' . $vulnName; if (class_exists($vulnType)) { $vuln = new $vulnType(); } else { $vuln = new V(); } $allVulnsSet->set($vuln); } $vulnBuilder = $this->getFormFactory()->createBuilder('form', ['__ALL_VULNS__' => $allVulnsSet])->add('__ALL_VULNS__', 'vulnerability_set'); return $vulnBuilder->getForm(); }
/** * @param $vulnerabilities * @return VulnerabilitySet */ protected function buildVulnerabilitySetFromArray($vulnerabilities) { $vulnerabilitySet = new VulnerabilitySet(); if (!is_array($vulnerabilities)) { return $vulnerabilitySet; } $vulnNames = self::getVulnerabilityNames(); $factory = VulnerabilityFactory::instance(); // Vulnerabilities are set as array values foreach ($vulnNames as $oldName => $newName) { if (in_array($oldName, $vulnerabilities)) { $vulnerabilitySet->set($factory->create($newName)); } } // Vulnerabilities are set as array keys foreach ($vulnNames as $oldName => $newName) { if (!array_key_exists($oldName, $vulnerabilities)) { continue; } $vuln = $factory->create($newName); if (is_array($vulnerabilities[$oldName])) { if (array_key_exists('enabled', $vulnerabilities[$oldName])) { $vuln->setEnabled(!!$vulnerabilities[$oldName]['enabled']); } if ($oldName === 'xss') { if (array_key_exists('stored', $vulnerabilities[$oldName])) { /** @var XSS $vuln */ $vuln->setStored($vulnerabilities[$oldName]['stored']); } } if ($oldName === 'sql') { if (array_key_exists('blind', $vulnerabilities[$oldName])) { /** @var SQL $vuln */ $vuln->setBlind($vulnerabilities[$oldName]['blind']); } } } else { $vuln->setEnabled(!!$vulnerabilities[$oldName]); // It's enabled or not } $vulnerabilitySet->set($vuln); } return $vulnerabilitySet; }