virtual HRESULT ScanLeakEx(IVulCollection **pVulCollection, DWORD dwFlags) { TIME_CHECK( _T("ScanLeakEx ") ); ATLASSERT(pVulCollection); if(pVulCollection==NULL) return E_POINTER; HRESULT hr = S_OK; CVulCollection *pCollection = new CImplIUnkownT<CVulCollection>; IVulfix *pscan = new CImplVulfix; if( (dwFlags&VULSCAN_EXPRESS_SCAN) && RequireUsingInterface()) { // 对于需要使用接口的快速扫描, 只对比时间 pCollection->m_nStatus = pscan->ExpressScanSystem(); pCollection->m_statusValid = TRUE; } else { pCollection->m_statusValid = FALSE; if( SUCCEEDED( hr=pscan->Scan(0) )) { pCollection->m_statusValid = FALSE; _FillCollection(pscan, pCollection); } } delete pscan; *pVulCollection = pCollection; return hr; }
virtual HRESULT IsUsingInterface(BOOL *pRet) { if(!pRet) return E_POINTER; *pRet = RequireUsingInterface(); return S_OK; }
HRESULT WINAPI ExpressScanLeak(IVulCollection **pVulCollection, DWORD dwFlags, BOOL bQuickScan) { TIME_CHECK( _T("ExpressScanLeak ") ); ATLASSERT(pVulCollection); CVulCollection *pCollection = new CImplIUnkownT<CVulCollection>; BOOL bFoundSysVuls = FALSE; IVulfix *pscan = new CImplVulfix; dwFlags |= VULSCAN_EXPRESS_SCAN; if( bQuickScan && RequireUsingInterface() ) // Vista 进行快速扫描 { pCollection->m_nStatus = pscan->ExpressScanSystem(); pCollection->m_statusValid = TRUE; bFoundSysVuls = pCollection->m_nStatus>0; } else { pCollection->m_statusValid = FALSE; if( SUCCEEDED( pscan->Scan(dwFlags) )) { const CSimpleArray<LPTUpdateItem> &arr = pscan->GetResults(); for(int i=0; i<arr.GetSize(); ++i) { LPTUpdateItem pLeak = arr[i]; #ifdef _DEBUG _tcprintf(_T("-Quick.VUL %d %2d %s \n"), pLeak->nID, pLeak->nWarnLevel, pLeak->strName); #endif if( pLeak->isIgnored || pLeak->nWarnLevel<=0 || pLeak->isExclusive ) continue; TOverviewItem item; item.nLeakType = VTYPE_WINDOWS; item.nID = pLeak->nID; item.nLeakLevel = pLeak->nWarnLevel; item.dwFlags = pLeak->dwVFlags; item.strTitle = pLeak->strName; item.strDescription = pLeak->strDescription; item.strPubDate = pLeak->strPubdate; pCollection->leaks.Add( item ); } } bFoundSysVuls = pCollection->leaks.GetSize()>0; // 如果没有找到系统漏洞, 则搜索软件漏洞 if(!bFoundSysVuls) { const CSimpleArray<LPTVulSoft> &arr = pscan->GetSoftVuls(); for(int i=0; i<arr.GetSize(); ++i) { LPTVulSoft psoft = arr[i]; #ifdef _DEBUG _tcprintf(_T("-Quick.SOFT %d %2d %s \n"), psoft->nID, psoft->nLevel, psoft->strName); #endif if(psoft->isIgnored || psoft->state.comState==COM_ALL_DISABLED) continue; TOverviewItem item; item.nLeakType = VTYPE_SOFTLEAK; item.nID = psoft->nID; item.nLeakLevel = psoft->nLevel; item.dwFlags = 0; item.strTitle = psoft->strName; item.strDescription = psoft->strDescription; item.strPubDate = psoft->strPubdate; pCollection->leaks.Add( item ); } } } delete pscan; *pVulCollection = pCollection; return S_OK; }
HRESULT CImplVulfix::Scan(DWORD dwFlags) { TIME_CHECK( _T("CImplVulfix::Scan ") ); m_Canceled = FALSE; T_ComInit __init__com__; HRESULT hr ; do { Reset(); GetLangID(); CSysEnv& sysEnv = singleton<CSysEnv>::Instance(); sysEnv.Init(); if( FAILED( hr=sysEnv.IsSupported(FALSE) ) ) break; Init(); m_objIgnore.LoadIgnoreDB(); CString filenameSystem, filenameOffice, filenameSoft; GetXmlDBFileName(VTYPE_WINDOWS, filenameSystem, IsWin64()); GetXmlDBFileName(VTYPE_OFFICE, filenameOffice, FALSE); GetXmlDBFileName(VTYPE_SOFTLEAK, filenameSoft, FALSE); if( !PathFileExists(filenameSystem) && !PathFileExists(filenameOffice) && !PathFileExists(filenameSoft) ) { hr = KERR_LOAD_FILE; break; } m_pFilterOS = CreateOSFilter(sysEnv.m_WinVer, dwFlags); InitOSFilter( m_pFilterOS, sysEnv.m_WinVer, dwFlags); if( m_pFilterOS->WaitComplete() ) { m_dbOS.SetObserver( m_Observer ); m_dbOffice.SetObserver( m_Observer ); m_dbSoft.SetObserver( m_Observer ); m_pFilterOS->SetIIgnore( &m_objIgnore ); CString filename; try { FixLocale(); //BOOL bWin64 = IsWin64(); //PVOID OldValue = NULL; //if(bWin64) // Wow64DisableWow64FsRedirection(&OldValue); !m_Canceled && m_dbOffice.Load( filenameOffice, m_pFilterOS, dwFlags ); !m_Canceled && sysEnv.IsLangSupported() && sysEnv.IsOsSupported() && m_dbOS.Load( filenameSystem, m_pFilterOS, dwFlags ); !m_Canceled && m_dbSoft.Load( filenameSoft, NULL, dwFlags); //if(bWin64) // Wow64RevertWow64FsRedirection(OldValue); } catch (...) { hr = KERR_LOAD_FILE; } CSimpleArray<LPTUpdateItem> arrLeaks; CSimpleArray<TReplacedUpdate*> arrReplaced; m_dbOS.GetUnfixedLeakList( arrLeaks, m_arrFixedVuls, m_arrInvalid, arrReplaced ); m_dbOffice.GetUnfixedLeakList( arrLeaks, m_arrFixedVuls, m_arrInvalid, arrReplaced ); const CSimpleArray<int> &arrExpired = m_dbOS.GetExpiredIds(); CSimpleArray<int> arrReplacedId; for(int i=0; i<arrReplaced.GetSize(); ++i) { arrReplacedId.Add( arrReplaced[i]->nKBID ); } // select soft ignored vuls CSimpleArray<LPTVulSoft> arrSoftLeaks; m_dbSoft.GetUnfixedLeakList( arrSoftLeaks ); for(int i=0; i<arrSoftLeaks.GetSize(); ++i) { LPTVulSoft ps = arrSoftLeaks[i]; ps->isIgnored = m_objIgnore.IsIgnored( ps->nID ); if( ps->isIgnored ) { LPTUpdateItem pu = new TUpdateItem; pu->m_nType = VTYPE_SOFTLEAK; pu->nID = ps->nID; pu->strName = ps->matchedItem.strName; pu->strDescription = ps->strDescription; pu->strWebpage = ps->matchedItem.strWebpage; pu->nWarnLevel = ps->nLevel; pu->strPubdate = ps->strPubdate; m_arrIgnoredVuls.Add( pu ); m_arrIgnoredVulsFromSoft.Add( pu ); } else m_arrSoftLeaks.Add( ps ); } // select installable, ignored , expired for(int i=0; i<arrLeaks.GetSize(); ++i ) { LPTUpdateItem &pi = arrLeaks[i]; pi->isExpired = arrExpired.Find( pi->nID )!=-1; if(pi->isExpired) m_arrInvalid.Add( pi ); else if(pi->isIgnored) m_arrIgnoredVuls.Add( pi ); else { bool bReplaced = arrReplacedId.Find( pi->nID )!=-1; if(!bReplaced) m_arrLeaks.Add( pi ); } } // find correct replace relationship for(int i=0; i<arrReplaced.GetSize(); ++i) { TReplacedUpdate* pu = arrReplaced[i]; BOOL bInstalled = FindArrayIndex( m_arrFixedVuls, pu->nKBID )!=-1; if( !bInstalled ) { if( FindArrayIndex(m_arrFixedVuls, pu->nKBID2)!=-1 || FindArrayIndex(m_arrLeaks, pu->nKBID2)!=-1 || FindArrayIndex(m_arrIgnoredVuls, pu->nKBID2)!=-1 ) m_arrReplacedUpdates.Add( pu ); } } // - 保存最后无漏洞时间, 使得下次不再提示有风险 // -- 非快速扫描的结果才有效果 if( RequireUsingInterface() && !(dwFlags & VULSCAN_EXPRESS_SCAN) ) { BOOL hasMustLeak = FALSE; const CSimpleArray<LPTUpdateItem> &arrLeaks = GetResults(); for(int i=0; i<arrLeaks.GetSize(); ++i) { if(arrLeaks[i]->nWarnLevel>0) { hasMustLeak = TRUE; break; } } CString strVal; if(!hasMustLeak) { T_Date date; GetLatestPackgeDate(date.nYear, date.nMonth, date.nDay); strVal.Format(_T("%04d-%02d-%02d"), date.nYear, date.nMonth, date.nDay); } WriteVulConfig(_T("VulScan"), _T("LastSafePkgDate"), strVal); } } hr = KERR_NONE; } while (FALSE); return hr; }