-
Notifications
You must be signed in to change notification settings - Fork 290
Using AsaLib
Gabe Stocco edited this page Apr 22, 2020
·
20 revisions
Search Nuget for Microsoft.CST.AttackSurfaceAnalyzer.
API Documentation is available at https://microsoft.github.io/AttackSurfaceAnalyzer/.
Setting up for using the database (optional)
DatabaseManager.Setup(dbPath);
For logging messages (optional)
Logger.Setup(false, true);
Strings.Setup();
Disable telemetry (optional)
AsaTelemetry.Setup(test: true);
You can perform collection and get the results in memory.
var cc = new CertificateCollector();
cc.Execute();
ConcurrentQueue<CollectObject> results = cc.Results;
You can also choose to write the results to the database.
cc.Results.AsParallel().ForAll(x => DatabaseManager.Write(x, FirstRunId));
while (DatabaseManager.HasElements)
{
Thread.Sleep(1);
}
From the database
BaseCompare bc = new BaseCompare();
if (!bc.TryCompare(FirstRunId, SecondRunId))
{
// Error while comparing
}
else
{
ConcurrentDictionary<(RESULT_TYPE, CHANGE_TYPE), ConcurrentQueue<CompareResult>> results = bc.Results;
}
From memory
IEnumerable<(CollectObject,string)> DifferentItems = ...
IEnumerable<(CollectObject,CollectObject)> ModifiedItems = ...
BaseCompare bc = new BaseCompare();
bc.Compare(DifferentItems,ModifiedItems,FirstRunId,SecondRunId)
ConcurrentDictionary<(RESULT_TYPE, CHANGE_TYPE), ConcurrentQueue<CompareResult>> results = bc.Results;
Analysis is performed on CompareResult objects.
BaseCompare bc = new BaseCompare();
bc.Compare(DifferentItems,ModifiedItems,FirstRunId,SecondRunId);
Analyzer analyzer = new Analyzer(PLATFORM.WINDOWS, pathToAnalysisFile);
if (analyzer.VerifyRules().Any()){
// Error With Rules
}
else {
foreach (var key in bc.Results.Keys)
{
if (bc.Results[key] is ConcurrentQueue<CompareResult> queue)
{
Parallel.ForEach(queue, (res) =>
{
res.Rules = analyzer.Analyze(res);
res.Analysis = res.Rules.Max(x => x.Flag);
});
}
}
}