public async Task <IActionResult> GetCCIItem(string cciid) { if (!string.IsNullOrEmpty(cciid)) { try { _logger.LogInformation("Calling GetCCIItem({0})", cciid); var result = NATSClient.GetCCIItemReferences(cciid); if (result != null) { _logger.LogInformation("Called GetCCIItem({0}) successfully", cciid); return(Ok(result)); } else { _logger.LogWarning("Called GetCCIItem({0}) but had no returned data", cciid); return(NotFound()); // bad system reference } } catch (Exception ex) { _logger.LogError(ex, "GetCCIItem() Error getting CCI Item information for {0}", cciid); return(BadRequest()); } } else { _logger.LogWarning("Called GetCCIItem() but with an invalid or empty Id", cciid); return(BadRequest()); // no CCI Id entered } }
public async Task <IActionResult> GetAllMajorControls() { try { _logger.LogInformation("Calling GetAllMajorControls()"); var listing = NATSClient.GetControlRecords("high", true); if (listing != null) { _logger.LogInformation("Called GetAllMajorControls() successfully"); // get just the id, number, and title listing = listing.GroupBy(x => new { x.number, x.title }) .Select(g => new ControlSet { number = g.Key.number, title = g.Key.title }).ToList(); // return the distint listing return(Ok(listing.Distinct().OrderBy(x => x.indexsort).ToList())); } else { _logger.LogWarning("Called GetAllMajorControls() but no control records listing returned"); return(NotFound()); // nothing loaded yet } } catch (Exception ex) { _logger.LogError(ex, "GetAllMajorControls() Error listing all control sets. Please check the in memory database and XML file load."); return(BadRequest()); } }
public async Task <IActionResult> GetControl(string term) { _logger.LogInformation("Calling GetControl({0})", term); if (!string.IsNullOrEmpty(term)) { try { var record = NATSClient.GetControlRecord(term); if (record == null) { _logger.LogWarning("GetControl({0}) term not found", term); return(NotFound()); } _logger.LogInformation("Called GetControl({0}) successfully", term); return(Ok(record)); } catch (Exception ex) { _logger.LogError(ex, "GetControl() Error listing all control sets. Please check the in memory database and XML file load."); return(BadRequest()); } } else { _logger.LogWarning("GetControl({0}) term was not sent in the API call"); return(BadRequest("No valid control term sent")); } }
/// <summary> /// Return a checklist raw string based on the SCAP XML file results. /// </summary> /// <param name="results">The results list of pass and fail information rules from the SCAP scan</param> /// <returns>A checklist raw XML string, if found</returns> public static string GenerateChecklistData(SCAPRuleResultSet results) { string checklistString = NATSClient.GetArtifactByTemplateTitle(results.title); // generate the checklist from reading the template in using a Request/Reply to openrmf.template.read if (!string.IsNullOrEmpty(checklistString)) { return(UpdateChecklistData(results, checklistString, true)); } // return the default template string return(checklistString); }
public async Task <IActionResult> GetAllControls(string impactlevel = "", bool pii = false) { try { _logger.LogInformation("Calling GetAllControls({0}, {1})", impactlevel, pii.ToString()); var listing = NATSClient.GetControlRecords(impactlevel, pii); if (listing != null) { _logger.LogInformation("Called GetAllControls({0}, {1}) successfully", impactlevel, pii.ToString()); return(Ok(listing)); } else { _logger.LogWarning("Called GetAllControls({0}, {1}) but no control records listing returned", impactlevel, pii.ToString()); return(NotFound()); // nothing loaded yet } } catch (Exception ex) { _logger.LogError(ex, "GetAllControls() Error listing all control sets. Please check the in memory database and XML file load."); return(BadRequest()); } }
//[ResponseCache(Duration = 60, Location = ResponseCacheLocation.Any, VaryByQueryKeys = new [] {"systemGroupId", "artifactId"})] public async Task <IActionResult> GetLatestTemplate(string systemGroupId, string artifactId) { try { _logger.LogInformation("Calling GetLatestTemplate({0}, {1})", systemGroupId, artifactId); Artifact art = NATSClient.GetCurrentChecklist(systemGroupId, artifactId); if (art != null) { Template template = new Template(); string stigType = ""; SI_DATA data = art.CHECKLIST.STIGS.iSTIG.STIG_INFO.SI_DATA.Where(x => x.SID_NAME == "title").FirstOrDefault(); if (data != null) { // get the artifact checklists's actual checklist type from DISA stigType = data.SID_DATA; template = await _TemplateRepo.GetLatestTemplate(stigType); if (template == null) { _logger.LogWarning("GetLatestTemplate({0}, {1}) is not a valid ID", systemGroupId, artifactId); return(NotFound()); } // now let's compare versions and releases and see if there is a new one if (Convert.ToInt16(template.version) > Convert.ToInt16(art.version)) { _logger.LogInformation("Called GetLatestTemplate({0}, {1}) successfully and returned a new template version {2}", systemGroupId, artifactId, art.version); // new version, send it return(Ok(template)); } if (Convert.ToInt16(template.version) == Convert.ToInt16(art.version)) { // same version, let's check the release // checklist Release = Rxx where xx is a number like "R18 dated 25 Oct 2019" // template release is the full text "Release: 6 Benchmark Date: 24 Jan 2020" // so we need to remove Release:, trim it, then take the first "word" up to the space // convert to INT if possible, and then test the template release > checklist release int artifactRelease = GetReleaseValue(art.stigRelease); int templateRelease = GetReleaseValue(template.stigRelease); if (templateRelease > artifactRelease) { _logger.LogInformation("Called GetLatestTemplate({0}, {1}) successfully and returned a new template release {2}", systemGroupId, artifactId, template.stigRelease); return(Ok(template)); } else { _logger.LogInformation("Called GetLatestTemplate({0}, {1}) successfully and already at the correct version {2} and release {3}", systemGroupId, artifactId, art.version, art.stigRelease); return(NotFound("No New Template")); } } else { // this is not valid, return not found _logger.LogWarning("Called GetLatestTemplate({0}, {1}) with an odd version and release", systemGroupId, artifactId); return(NotFound("The checklist passed in had an Invalid Version and/or Release")); } } else { _logger.LogWarning("Called GetLatestTemplate({0}, {1}) with an invalid systemId or artifactId checklist type", systemGroupId, artifactId); return(BadRequest("The checklist passed in had an Invalid System Artifact/Checklist Type")); } } else { _logger.LogWarning("Called GetLatestTemplate({0}, {1}) with an invalid systemId or artifactId", systemGroupId, artifactId); return(BadRequest("The checklist passed in had an Invalid System Artifact/Checklist")); } } catch (Exception ex) { _logger.LogError(ex, "GetLatestTemplate({0}, {1}) Error Retrieving Latest Template", systemGroupId, artifactId); return(BadRequest()); } }
public async Task <IActionResult> GetCompliancBySystemExport(string id, string filter, bool pii, string majorcontrol = "") { if (!string.IsNullOrEmpty(id)) { try { _logger.LogInformation("Calling GetCompliancBySystemExport({0}, {1}, {2})", id, filter, pii.ToString()); // verify system information SystemGroup sg = NATSClient.GetSystemGroup(id); if (sg == null) { _logger.LogInformation("Called GetCompliancBySystemExport({0}, {1}, {2}) invalid System Group", id, filter, pii.ToString()); return(NotFound()); } var result = ComplianceGenerator.GetSystemControls(id, filter, pii, majorcontrol); if (result != null && result.Result != null && result.Result.Count > 0) { _logger.LogInformation("Called GetCompliancBySystemExport({0}, {1}, {2}) successfully. Putting into XLSX.", id, filter, pii.ToString()); // starting row uint rowNumber = 7; // create the XLSX in memory and send it out var memory = new MemoryStream(); using (SpreadsheetDocument spreadSheet = SpreadsheetDocument.Create(memory, SpreadsheetDocumentType.Workbook)) { // Add a WorkbookPart to the document. WorkbookPart workbookpart = spreadSheet.AddWorkbookPart(); workbookpart.Workbook = new Workbook(); // add styles to workbook WorkbookStylesPart wbsp = workbookpart.AddNewPart <WorkbookStylesPart>(); // Add a WorksheetPart to the WorkbookPart. WorksheetPart worksheetPart = workbookpart.AddNewPart <WorksheetPart>(); worksheetPart.Worksheet = new Worksheet(new SheetData()); // add stylesheet to use cell formats 1 - 4 wbsp.Stylesheet = ExcelStyleSheet.GenerateStylesheet(); DocumentFormat.OpenXml.Spreadsheet.Columns lstColumns = worksheetPart.Worksheet.GetFirstChild <DocumentFormat.OpenXml.Spreadsheet.Columns>(); if (lstColumns == null) // generate the column listings we need with custom widths { lstColumns = new DocumentFormat.OpenXml.Spreadsheet.Columns(); lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column() { Min = 1, Max = 1, Width = 20, CustomWidth = true }); // col A lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column() { Min = 2, Max = 2, Width = 60, CustomWidth = true }); lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column() { Min = 3, Max = 3, Width = 50, CustomWidth = true }); lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column() { Min = 4, Max = 4, Width = 25, CustomWidth = true }); worksheetPart.Worksheet.InsertAt(lstColumns, 0); } // Add Sheets to the Workbook. Sheets sheets = spreadSheet.WorkbookPart.Workbook.AppendChild <Sheets>(new Sheets()); // Append a new worksheet and associate it with the workbook. Sheet sheet = new Sheet() { Id = spreadSheet.WorkbookPart. GetIdOfPart(worksheetPart), SheetId = 1, Name = "System-Compliance" }; sheets.Append(sheet); // Get the sheetData cell table. SheetData sheetData = worksheetPart.Worksheet.GetFirstChild <SheetData>(); DocumentFormat.OpenXml.Spreadsheet.Cell refCell = null; DocumentFormat.OpenXml.Spreadsheet.Cell newCell = null; DocumentFormat.OpenXml.Spreadsheet.Row row = MakeTitleRow("OpenRMF by Cingulara and Tutela"); sheetData.Append(row); row = MakeXLSXInfoRow("System Name", sg.title, 2); sheetData.Append(row); row = MakeXLSXInfoRow("Generated", DateTime.Now.ToString("MM/dd/yy hh:mm tt"), 7); sheetData.Append(row); row = MakeComplianceHeaderRows(rowNumber); sheetData.Append(row); uint styleIndex = 0; // use this for 4, 5, 6, or 7 for status _logger.LogInformation("GetCompliancBySystemExport() cycling through all the vulnerabilities"); foreach (NISTCompliance nist in result.Result) { if (nist.complianceRecords.Count > 0) { foreach (ComplianceRecord rec in nist.complianceRecords) { rowNumber++; styleIndex = GetVulnerabilityStatus(rec.status, "high"); // make a new row for this set of items row = MakeDataRow(rowNumber, "A", nist.control, styleIndex); // now cycle through the rest of the items newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell() { CellReference = "B" + rowNumber.ToString() }; row.InsertBefore(newCell, refCell); newCell.CellValue = new CellValue(nist.title); newCell.DataType = new EnumValue <CellValues>(CellValues.String); newCell.StyleIndex = styleIndex; newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell() { CellReference = "C" + rowNumber.ToString() }; row.InsertBefore(newCell, refCell); newCell.CellValue = new CellValue(rec.title); newCell.DataType = new EnumValue <CellValues>(CellValues.String); newCell.StyleIndex = styleIndex; newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell() { CellReference = "D" + rowNumber.ToString() }; row.InsertBefore(newCell, refCell); // print out status, if N/A or NAF then just NAF if (rec.status.ToLower() == "open") { newCell.CellValue = new CellValue("Open"); } else if (rec.status.ToLower() == "not_reviewed") { newCell.CellValue = new CellValue("Not Reviewed"); } else { newCell.CellValue = new CellValue("Not a Finding"); } newCell.DataType = new EnumValue <CellValues>(CellValues.String); newCell.StyleIndex = styleIndex; sheetData.Append(row); } } else { rowNumber++; styleIndex = 0; // make a new row for this set of items row = MakeDataRow(rowNumber, "A", nist.control, styleIndex); // now cycle through the rest of the items newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell() { CellReference = "B" + rowNumber.ToString() }; row.InsertBefore(newCell, refCell); newCell.CellValue = new CellValue(nist.title); newCell.DataType = new EnumValue <CellValues>(CellValues.String); newCell.StyleIndex = styleIndex; sheetData.Append(row); } } // Save the new worksheet. workbookpart.Workbook.Save(); // Close the document. spreadSheet.Close(); // set the filename string filename = sg.title; if (!string.IsNullOrEmpty(sg.title) && sg.title.ToLower().Trim() == "none") { filename = sg.title.Trim() + "-" + filename; // add the system onto the front } // return the file memory.Seek(0, SeekOrigin.Begin); _logger.LogInformation("Called GetCompliancBySystemExport({0}, {1}, {2}) successfully", id, filter, pii.ToString()); return(File(memory, "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", CreateXLSXFilename(filename))); } // end of using statement } else { _logger.LogWarning("Called GetCompliancBySystemExport({0}, {1}, {2}) but had no returned data", id, filter, pii.ToString()); return(NotFound()); // bad system reference } } catch (Exception ex) { _logger.LogError(ex, "GetCompliancBySystemExport() Error exporting Compliance for system {0}", id); return(BadRequest()); } } else { _logger.LogWarning("Called GetCompliancBySystemExport() but with an invalid or empty system group Id", id); return(BadRequest()); // no term entered } }