Skip to content

Commit

Permalink
Update Output.cshtml to new Registry Object format. (#56)
Browse files Browse the repository at this point in the history 
* Update Output.cshtml to new Registry Object format.

* Also update gui.

* Command line option text cleanup.

* Verified Output.html is working.
  • Loading branch information
@gfs
gfs committed Apr 4, 2019
1 parent 13d56c8 commit c51cea3
Show file tree
Hide file tree
Showing 7 changed files with 70 additions and 47 deletions.
28 changes: 13 additions & 15 deletions Cli/Output/Output.cshtml
View file
@@ -1,6 +1,6 @@
@using RazorLight
@using AttackSurfaceAnalyzer.ObjectTypes

@using Newtonsoft.Json;

<!doctype html>
<html class="no-js" lang="">
Expand Down Expand Up @@ -456,8 +456,8 @@
<tr>
<th></th>
<th>Key</th>
<th>Value (if applicable)</th>
<th>Contents (if a value)</th>
<th>Subkeys (if applicable)</th>
<th>Values (if a value)</th>
</tr>
</thead>
<tbody>
Expand All @@ -466,32 +466,32 @@
<tr>
<td>Deleted</td>
<td>@i.Base.Key</td>
<td>@i.Base.Value</td>
<td>@i.Base.Contents</td>
<td>@JsonConvert.SerializeObject(i.Base.Subkeys)</td>
<td>@JsonConvert.SerializeObject(i.Base.Values)</td>
</tr>
}
@foreach (RegistryResult i in Model["registry_add"])
{
<tr>
<td>New</td>
<td>@i.Compare.Key</td>
<td>@i.Compare.Value</td>
<td>@i.Compare.Contents</td>
<td>@JsonConvert.SerializeObject(i.Compare.Subkeys)</td>
<td>@JsonConvert.SerializeObject(i.Compare.Values)</td>
</tr>
}
@foreach (RegistryResult i in Model["registry_modify"])
{
<tr>
<td>Modified:Before</td>
<td>@i.Base.Key</td>
<td>@i.Base.Value</td>
<td>@i.Base.Contents</td>
<td>JsonConvert.SerializeObject(@i.Base.Subkeys)</td>
<td>JsonConvert.SerializeObject(@i.Base.Values)</td>
</tr>
<tr>
<td>Modified:After</td>
<td>@i.Compare.Key</td>
<td>@i.Compare.Value</td>
<td>@i.Compare.Contents</td>
<td>JsonConvert.SerializeObject(@i.Compare.Subkeys)</td>
<td>JsonConvert.SerializeObject(@i.Compare.Values)</td>
</tr>
}
</tbody>
Expand Down Expand Up @@ -565,17 +565,15 @@
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.3/js/bootstrap.min.js" integrity="sha384-a5N7Y/aK3qNeh15eJKGWxsqtnX/wWdSZSKp+81YjTmS15nvnvxKHuzaWwXHDli+4" crossorigin="anonymous"></script>

<script type="text/javascript">
$(document).ready(function () {
<script type="text/javascript">$(document).ready(function () {
$('a[data-internal-link="replace"]').on('click', function (e) {
var href = $(e.target).attr('href'); // show this href
var $t = $('div' + href); // this element
if ($t) {
$('main').html($t.html());
}
});
})
</script>
})</script>

</body>

Expand Down
51 changes: 30 additions & 21 deletions Cli/Program.cs
View file
Expand Up @@ -27,7 +27,7 @@ namespace AttackSurfaceAnalyzer.Cli
[Verb("compare", HelpText = "Compare ASA executions and output a .html summary")]
public class CompareCommandOptions
{
[Option(Required = false, HelpText = "Name of output database (default: asa.sqlite)", Default = "asa.sqlite")]
[Option(Required = false, HelpText = "Name of output database", Default = "asa.sqlite")]
public string DatabaseFilename { get; set; }

[Option(Required = true, HelpText = "First run (pre-install) identifier")]
Expand All @@ -36,7 +36,7 @@ public class CompareCommandOptions
[Option(Required = true, HelpText = "Second run (post-install) identifier")]
public string SecondRunId { get; set; }

[Option(Required = false, HelpText = "Base name of output file (default: output)", Default = "output")]
[Option(Required = false, HelpText = "Base name of output file", Default = "output")]
public string OutputBaseFilename { get; set; }

[Option(Default = false, HelpText = "Increase logging verbosity")]
Expand All @@ -46,7 +46,7 @@ public class CompareCommandOptions
[Verb("export-collect", HelpText = "Compare ASA executions and output a .json report")]
public class ExportCollectCommandOptions
{
[Option(Required = false, HelpText = "Name of output database (default: asa.sqlite)", Default = "asa.sqlite")]
[Option(Required = false, HelpText = "Name of output database", Default = "asa.sqlite")]
public string DatabaseFilename { get; set; }

[Option(Required = true, HelpText = "First run (pre-install) identifier")]
Expand All @@ -55,7 +55,7 @@ public class ExportCollectCommandOptions
[Option(Required = true, HelpText = "Second run (post-install) identifier")]
public string SecondRunId { get; set; }

[Option(Required = false, HelpText = "Directory to output to (default: .)", Default = ".")]
[Option(Required = false, HelpText = "Directory to output to", Default = ".")]
public string OutputPath { get; set; }

[Option(Default = false, HelpText = "Increase logging verbosity")]
Expand All @@ -65,13 +65,13 @@ public class ExportCollectCommandOptions
[Verb("export-monitor", HelpText = "Output a .json report for a monitor run")]
public class ExportMonitorCommandOptions
{
[Option(Required = false, HelpText = "Name of output database (default: asa.sqlite)", Default = "asa.sqlite")]
[Option(Required = false, HelpText = "Name of output database", Default = "asa.sqlite")]
public string DatabaseFilename { get; set; }

[Option(Required = true, HelpText = "Monitor run identifier")]
public string RunId { get; set; }

[Option(Required = false, HelpText = "Directory to output to (default: .)", Default = ".")]
[Option(Required = false, HelpText = "Directory to output to", Default = ".")]
public string OutputPath { get; set; }

[Option(Default = false, HelpText = "Increase logging verbosity")]
Expand All @@ -84,7 +84,7 @@ public class CollectCommandOptions
[Option(Required = true, HelpText = "Identifies which run this is (used during comparison)")]
public string RunId { get; set; }

[Option(Required = false, HelpText = "Name of output database (default: asa.sqlite)", Default = "asa.sqlite")]
[Option(Required = false, HelpText = "Name of output database", Default = "asa.sqlite")]
public string DatabaseFilename { get; set; }

[Option('c', "certificates", Required = false, HelpText = "Enable the certificate store collector")]
Expand Down Expand Up @@ -129,7 +129,7 @@ public class MonitorCommandOptions
[Option(Required = true, HelpText = "Identifies which run this is. Monitor output can be combined with collect output, but doesn't need to be compared.")]
public string RunId { get; set; }

[Option(Required = false, HelpText = "Name of output database (default: asa.sqlite)", Default = "asa.sqlite")]
[Option(Required = false, HelpText = "Name of output database", Default = "asa.sqlite")]
public string DatabaseFilename { get; set; }

[Option('f', "file-system", Required = false, HelpText = "Enable the file system monitor. Unless -d is specified will monitor the entire file system.")]
Expand Down Expand Up @@ -314,6 +314,7 @@ private static int RunExportCollectCommand(ExportCollectCommandOptions opts)
#else
Logger.Setup(false, opts.Verbose);
#endif
Logger.Instance.Debug("Entering RunExportCollectCommand");

DatabaseManager.SqliteFilename = opts.DatabaseFilename;
Telemetry.Setup();
Expand All @@ -323,19 +324,19 @@ private static int RunExportCollectCommand(ExportCollectCommandOptions opts)

Telemetry.Client.TrackEvent("Begin Export Compare", StartEvent);
bool RunComparisons = true;
//string SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED = "select * from results where base_run_id=@base_run_id and compare_run_id=@compare_run_id";

string SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED = "select * from results where base_run_id=@base_run_id and compare_run_id=@compare_run_id";

var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection);
cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
RunComparisons = false;
}
}
//var cmd = new SqliteCommand(SQL_CHECK_IF_COMPARISON_PREVIOUSLY_COMPLETED, DatabaseManager.Connection);
//cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
//cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
//using (var reader = cmd.ExecuteReader())
//{
// while (reader.Read())
// {
// RunComparisons = false;
// }
//}
Logger.Instance.Debug("Halfway RunExportCollectCommand");

CompareCommandOptions options = new CompareCommandOptions();
options.DatabaseFilename = opts.DatabaseFilename;
Expand All @@ -346,6 +347,7 @@ private static int RunExportCollectCommand(ExportCollectCommandOptions opts)
{
CompareRuns(options);
}
Logger.Instance.Debug("Done comparing RunExportCollectCommand");

WriteScanJson(0, opts.FirstRunId, opts.SecondRunId, true, opts.OutputPath);

Expand All @@ -358,6 +360,8 @@ public static void WriteScanJson(int ResultType, string BaseId, string CompareId
string GET_COMPARISON_RESULTS = "select * from compared where base_run_id=@base_run_id and compare_run_id=@compare_run_id and data_type=@data_type order by base_row_key;";
string GET_SERIALIZED_RESULTS = "select serialized from @table_name where row_key = @row_key and run_id = @run_id";

Logger.Instance.Debug("Starting WriteScanJson");

List<RESULT_TYPE> ToExport = new List<RESULT_TYPE> { (RESULT_TYPE)ResultType };
Dictionary<RESULT_TYPE, int> actualExported = new Dictionary<RESULT_TYPE, int>();
JsonSerializer serializer = new JsonSerializer
Expand Down Expand Up @@ -803,6 +807,8 @@ private static bool HasResults(string BaseRunId, string CompareRunId, RESULT_TYP

comparators = new List<BaseCompare>();

Logger.Instance.Debug("Getting result types");

var cmd = new SqliteCommand(SQL_GET_RESULT_TYPES, DatabaseManager.Connection);
cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
Expand Down Expand Up @@ -878,7 +884,8 @@ private static bool HasResults(string BaseRunId, string CompareRunId, RESULT_TYP
}
}
}

Logger.Instance.Debug("Inserting run into results table as running");

cmd = new SqliteCommand(INSERT_RUN_INTO_RESULT_TABLE_SQL, DatabaseManager.Connection, DatabaseManager.Transaction);
cmd.Parameters.AddWithValue("@base_run_id", opts.FirstRunId);
cmd.Parameters.AddWithValue("@compare_run_id", opts.SecondRunId);
Expand All @@ -887,6 +894,7 @@ private static bool HasResults(string BaseRunId, string CompareRunId, RESULT_TYP

foreach (var c in comparators)
{
Logger.Instance.Info("Starting {0}", c.GetType());
if (!c.TryCompare(opts.FirstRunId, opts.SecondRunId))
{
Logger.Instance.Warn("Error when comparing {0}", c.GetType().FullName);
Expand Down Expand Up @@ -1210,6 +1218,7 @@ private static int RunCompareCommand(CompareCommandOptions opts)
#endif
DatabaseManager.SqliteFilename = opts.DatabaseFilename;

Logger.Instance.Debug("Starting CompareRuns");
var results = CompareRuns(opts);

var engine = new RazorLightEngineBuilder()
Expand Down
4 changes: 2 additions & 2 deletions Gui/wwwroot/js/Analyze.js
View file
Expand Up @@ -385,11 +385,11 @@ function InsertIntoRegistryTable(result) {
}));
tmp.append($('<td/>', {
scope: "col",
html: appendObj.Value
html: JSON.stringify(appendObj.Subkeys)
}));
tmp.append($('<td/>', {
scope: "col",
html: appendObj.Contents
html: JSON.stringify(appendObj.Values)
}));
$('#RegistryResultsTableBody').append(tmp);
tmp = $('<tr/>');
Expand Down
6 changes: 4 additions & 2 deletions Lib/Collectors/Registry/RegistryCollector.cs
View file
Expand Up @@ -4,6 +4,7 @@
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using AttackSurfaceAnalyzer.ObjectTypes;
using AttackSurfaceAnalyzer.Utils;
Expand Down Expand Up @@ -127,9 +128,10 @@ public override void Execute()
(hive =>
{
Logger.Instance.Debug("Starting " + hive.ToString());
if (Filter.IsFiltered(Filter.RuntimeString(), "Scan", "Registry", "Hive", "Exclude", hive.ToString()))
if (Filter.IsFiltered(Filter.RuntimeString(), "Scan", "Registry", "Hive", "Exclude", hive.ToString(), out Regex Capturer))
{
Logger.Instance.Debug("Excluding {0} due to filter.", hive.ToString());
Logger.Instance.Info("Hi mom");
Logger.Instance.Info("Excluding hive '{0}' due to filter '{1}'.", hive.ToString(), Capturer.ToString());
}
else
{
Expand Down
17 changes: 13 additions & 4 deletions Lib/Utils/DatabaseManager.cs
View file
Expand Up @@ -20,7 +20,6 @@ public static class DatabaseManager
private static readonly string SQL_CREATE_REGISTRY_COLLECTION = "create table if not exists registry (run_id text, row_key text, key text, value text, subkeys text, permissions text, serialized text)";
private static readonly string SQL_CREATE_CERTIFICATES_COLLECTION = "create table if not exists certificates (run_id text, row_key text, pkcs12 text, store_location text, store_name text, hash text, hash_plus_store text, cert text, cn text, serialized text)";

private static readonly string SQL_CREATE_COMPARE_RESULT_TABLE = "create table if not exists compared (base_run_id text, compare_run_id test, change_type int, base_row_key text, compare_row_key text, data_type int)";

private static readonly string SQL_CREATE_ANALYZED_TABLE = "create table if not exists results (base_run_id text, compare_run_id text, status int)";

Expand All @@ -29,16 +28,20 @@ public static class DatabaseManager
private static readonly string SQL_CREATE_REGISTRY_ROW_KEY_INDEX = "create index if not exists registry_row_key_index on registry(row_key)";
private static readonly string SQL_CREATE_REGISTRY_RUN_ID_INDEX = "create index if not exists registry_run_id_index on registry(run_id)";

private static readonly string SQL_CREATE_COMPARE_RESULT_TABLE = "create table if not exists compared (base_run_id text, compare_run_id test, change_type int, base_row_key text, compare_row_key text, data_type int)";
private static readonly string SQL_CREATE_RESULT_CHANGE_TYPE_INDEX = "create index if not exists i_compared_change_type_index on compared(change_type)";
private static readonly string SQL_CREATE_RESULT_BASE_RUN_ID_INDEX = "create index if not exists i_compared_base_run_id on compared(base_run_id)";
private static readonly string SQL_CREATE_RESULT_COMPARE_RUN_ID_INDEX = "create index if not exists i_compared_compare_run_id on compared(compare_run_id)";
private static readonly string SQL_CREATE_RESULT_BASE_ROW_KEY_INDEX = "create index if not exists i_compared_base_row_key on compared(base_row_key)";
private static readonly string SQL_CREATE_RESULT_DATA_TYPE_INDEX = "create index if not exists i_compared_data_type_index on compared(data_type)";

private static readonly string SQL_CREATE_RESULT_CHANGE_TYPE_INDEX = "create index if not exists change_type_index on compared(change_type)";
private static readonly string SQL_CREATE_RESULT_BASE_RUN_ID_INDEX = "create index if not exists base_run_index on compared(base_run_id)";
private static readonly string SQL_CREATE_RESULT_COMPARE_RUN_ID_INDEX = "create index if not exists compare_run_index on compared(compare_run_id)";

private static readonly string SQL_CREATE_PERSISTED_SETTINGS = "create table if not exists persisted_settings (setting text, value text, unique(setting))";
private static readonly string SQL_CREATE_DEFAULT_SETTINGS = "insert or ignore into persisted_settings (setting, value) values ('telemetry_opt_out','false')";


private static readonly string SQL_GET_RESULT_TYPES_SINGLE = "select * from runs where run_id = @run_id";

private static readonly string SQL_TRUNCATE_CERTIFICATES = "delete from certificates where run_id=@run_id";
private static readonly string SQL_TRUNCATE_FILES = "delete from file_system where run_id=@run_id";
private static readonly string SQL_TRUNCATE_USERS = "delete from user_account where run_id = @run_id";
Expand Down Expand Up @@ -122,6 +125,12 @@ public static void Setup()
cmd = new SqliteCommand(SQL_CREATE_RESULT_COMPARE_RUN_ID_INDEX, DatabaseManager.Connection, DatabaseManager.Transaction);
cmd.ExecuteNonQuery();

cmd = new SqliteCommand(SQL_CREATE_RESULT_BASE_ROW_KEY_INDEX, DatabaseManager.Connection, DatabaseManager.Transaction);
cmd.ExecuteNonQuery();

cmd = new SqliteCommand(SQL_CREATE_RESULT_DATA_TYPE_INDEX, DatabaseManager.Connection, DatabaseManager.Transaction);
cmd.ExecuteNonQuery();

DatabaseManager.Transaction.Commit();
_transaction = null;
Logger.Instance.Debug("Done with database setup");
Expand Down

0 comments on commit c51cea3

Please sign in to comment.