Ejemplo n.º 1
        public void Test_NewSCAPRuleResultSetIsValid()
            SCAPRuleResultSet srrs = new SCAPRuleResultSet();

            Assert.True(srrs != null);
            Assert.True(srrs.ruleResults != null);
            Assert.True(srrs.ruleResults.Count == 0);
Ejemplo n.º 2
        public void Test_SCAPRuleResultSetWithDataIsValid()
            SCAPRuleResultSet srrs = new SCAPRuleResultSet();

            srrs.title     = "DEGTHATTESTSERVERS";
            srrs.hostname  = "DEGTHAT1";
            srrs.ipaddress = "x.x.123.232";

            SCAPRuleResult sr = new SCAPRuleResult();

            sr.ruleId = "1234";
            sr.result = "pass";


            // test things out
            Assert.True(srrs != null);
            Assert.True(srrs.ruleResults.Count == 1);
Ejemplo n.º 3
        public async Task <IActionResult> UploadNewChecklist(List <IFormFile> checklistFiles, string systemGroupId, string system)
            try {
                _logger.LogInformation("Calling UploadNewChecklist() with {0} checklists", checklistFiles.Count.ToString());
                if (checklistFiles.Count > 0)
                    // grab the user/system ID from the token if there which is *should* always be
                    var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
                    // make sure the SYSTEM GROUP is valid here and then add the files...
                    SystemGroup sg;
                    SystemGroup recordSystem = null;

                    if (string.IsNullOrEmpty(systemGroupId))
                        sg         = new SystemGroup();
                        sg.title   = system;
                        sg.created = DateTime.Now;
                        if (claim != null && claim.Value != null)
                            sg.createdBy = Guid.Parse(claim.Value);
                        recordSystem = _systemRepo.AddSystemGroup(sg).GetAwaiter().GetResult();
                        sg = await _systemRepo.GetSystemGroup(systemGroupId);

                        if (sg == null)
                            sg         = new SystemGroup();
                            sg.title   = "None";
                            sg.created = DateTime.Now;
                            if (claim != null && claim.Value != null)
                                sg.createdBy = Guid.Parse(claim.Value);
                            recordSystem = _systemRepo.AddSystemGroup(sg).GetAwaiter().GetResult();
                            sg.updatedOn = DateTime.Now;
                            if (claim != null && claim.Value != null)
                                sg.updatedBy = Guid.Parse(claim.Value);
                            var updated = _systemRepo.UpdateSystemGroup(systemGroupId, sg).GetAwaiter().GetResult();

                    // result we send back
                    UploadResult uploadResult = new UploadResult();

                    // now go through the Checklists and set them up
                    foreach (IFormFile file in checklistFiles)
                        try {
                            string rawChecklist = string.Empty;

                            if (file.FileName.ToLower().EndsWith(".xml"))
                                // if an XML XCCDF SCAP scan file
                                _logger.LogInformation("UploadNewChecklist() parsing the SCAP Scan file for {0}.", file.FileName.ToLower());
                                using (var reader = new StreamReader(file.OpenReadStream()))
                                    // read in the file
                                    string xmlfile = reader.ReadToEnd();
                                    // pull out the rule IDs and their results of pass or fail and the title/type of SCAP scan done
                                    SCAPRuleResultSet results = SCAPScanResultLoader.LoadSCAPScan(xmlfile);
                                    // get the rawChecklist data so we can move on
                                    // generate a new checklist from a template based on the type and revision
                                    rawChecklist = SCAPScanResultLoader.GenerateChecklistData(results);
                            else if (file.FileName.ToLower().EndsWith(".ckl"))
                                // if a CKL file
                                _logger.LogInformation("UploadNewChecklist() parsing the Checklist CKL file for {0}.", file.FileName.ToLower());
                                using (var reader = new StreamReader(file.OpenReadStream()))
                                    rawChecklist = reader.ReadToEnd();
                                // log this is a bad file

                            // clean up any odd data that can mess us up moving around, via JS, and such
                            _logger.LogInformation("UploadNewChecklist() sanitizing the checklist for {0}.", file.FileName.ToLower());
                            rawChecklist = SanitizeData(rawChecklist);

                            // create the new record for saving into the DB
                            Artifact newArtifact = MakeArtifactRecord(rawChecklist);

                            if (claim != null) // get the value
                                _logger.LogInformation("UploadNewChecklist() setting the created by ID of the checklist {0}.", file.FileName.ToLower());
                                newArtifact.createdBy = Guid.Parse(claim.Value);
                                if (sg.createdBy == Guid.Empty)
                                    sg.createdBy = Guid.Parse(claim.Value);
                                    sg.updatedBy = Guid.Parse(claim.Value);

                            // add the system record ID to the Artifact to know how to query it
                            _logger.LogInformation("UploadNewChecklist() setting the title of the checklist {0}.", file.FileName.ToLower());
                            if (recordSystem != null)
                                newArtifact.systemGroupId = recordSystem.InternalId.ToString();
                                // store the title for ease of use
                                newArtifact.systemTitle = recordSystem.title;
                                newArtifact.systemGroupId = sg.InternalId.ToString();
                                // store the title for ease of use
                                newArtifact.systemTitle = sg.title;
                            // save the artifact record and checklist to the database
                            _logger.LogInformation("UploadNewChecklist() saving the checklist {0} to the database", file.FileName.ToLower());
                            var record = await _artifactRepo.AddArtifact(newArtifact);

                            _logger.LogInformation("UploadNewChecklist() saved the checklist {0} to the database.", file.FileName.ToLower());

                            // add to the number of successful uploads

                            // publish to the openrmf save new realm the new ID we can use
                            _logger.LogInformation("UploadNewChecklist() publish a message on a new checklist {0} for the scoring of it.", file.FileName.ToLower());
                            _msgServer.Publish("openrmf.checklist.save.new", Encoding.UTF8.GetBytes(record.InternalId.ToString()));
                            // publish to update the system checklist count
                            _logger.LogInformation("UploadNewChecklist() publish a message on a new checklist {0} for updating the count of checklists in the system.", file.FileName.ToLower());
                            _msgServer.Publish("openrmf.system.count.add", Encoding.UTF8.GetBytes(record.systemGroupId));

                            // publish an audit event
                            _logger.LogInformation("UploadNewChecklist() publish an audit message on a new checklist {0}.", file.FileName.ToLower());
                            Audit newAudit = GenerateAuditMessage(claim, "add checklist");
                            newAudit.message = string.Format("UploadNewChecklist() uploaded a new checklist {0} in system group ({1}) {2}.", file.FileName.ToLower(), sg.InternalId.ToString(), sg.title);
                            newAudit.url     = "POST /";
                            _msgServer.Publish("openrmf.audit.upload", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
                        catch (Exception ex) {
                            // add to the list of failed uploads
                            // log it
                            _logger.LogError(ex, "UploadNewChecklist() error on checklist file not parsing right: {0}.", file.FileName.ToLower());
                            // see if there are any left
                    _logger.LogInformation("Called UploadNewChecklist() with {0} checklists successfully", checklistFiles.Count.ToString());
                    _logger.LogWarning("Called UploadNewChecklist() with NO checklists!");
            catch (Exception ex) {
                _logger.LogError(ex, "Error uploading checklist file");
Ejemplo n.º 4
        public async Task <IActionResult> UpdateChecklist(string id, IFormFile checklistFile, string systemGroupId)
            try {
                _logger.LogInformation("Calling UpdateChecklist({0})", id);
                //var name = checklistFile.FileName;
                string rawChecklist = string.Empty;
                if (checklistFile.FileName.ToLower().EndsWith(".xml"))
                    // if an XML XCCDF SCAP scan checklistFile
                    using (var reader = new StreamReader(checklistFile.OpenReadStream()))
                        // read in the checklistFile
                        string xmlfile = reader.ReadToEnd();
                        // pull out the rule IDs and their results of pass or fail and the title/type of SCAP scan done
                        SCAPRuleResultSet results = SCAPScanResultLoader.LoadSCAPScan(xmlfile);
                        // get the raw checklist from the msg checklist NATS reader
                        // update the rawChecklist data so we can move on
                        var record = await _artifactRepo.GetArtifact(id);

                        rawChecklist = SCAPScanResultLoader.UpdateChecklistData(results, record.rawChecklist, false);
                else if (checklistFile.FileName.ToLower().EndsWith(".ckl"))
                    // if a CKL file
                    using (var reader = new StreamReader(checklistFile.OpenReadStream()))
                        rawChecklist = reader.ReadToEnd();
                    // log this is a bad checklistFile

                _logger.LogInformation("UpdateChecklist({0}) sanitizing the checklist XML", id);
                rawChecklist = SanitizeData(rawChecklist);
                // update and fill in the same info
                Artifact newArtifact = MakeArtifactRecord(rawChecklist);
                Artifact oldArtifact = await _artifactRepo.GetArtifact(id);

                if (oldArtifact != null && oldArtifact.createdBy != Guid.Empty)
                    _logger.LogInformation("UpdateChecklist({0}) copying the old data into the new one to replace it", id);
                    // this is an update of an older one, keep the createdBy intact
                    newArtifact.createdBy = oldArtifact.createdBy;
                    // keep it a part of the same system group
                    if (!string.IsNullOrEmpty(oldArtifact.systemGroupId))
                        newArtifact.systemGroupId = oldArtifact.systemGroupId;
                        newArtifact.systemTitle   = oldArtifact.systemTitle;
                oldArtifact = null;

                // grab the user/system ID from the token if there which is *should* always be
                var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
                if (claim != null) // get the value
                    _logger.LogInformation("UpdateChecklist({0}) getting the updated by ID", id);
                    newArtifact.updatedBy = Guid.Parse(claim.Value);

                _logger.LogInformation("UpdateChecklist({0}) saving the new artifact record", id);
                await _artifactRepo.UpdateArtifact(id, newArtifact);

                // publish to the openrmf save new realm the new ID we can use
                _logger.LogInformation("UpdateChecklist({0}) publishing the updated checklist for scoring", id);
                _msgServer.Publish("openrmf.checklist.save.update", Encoding.UTF8.GetBytes(id));
                _logger.LogInformation("Called UpdateChecklist({0}) successfully", id);

                // publish an audit event
                _logger.LogInformation("UpdateChecklist() publish an audit message on an updated checklist {0}.", checklistFile.FileName);
                Audit newAudit = GenerateAuditMessage(claim, "update checklist");
                newAudit.message = string.Format("UpdateChecklist() updated checklist {0} with file {1}.", id, checklistFile.FileName);
                newAudit.url     = "PUT /";
                _msgServer.Publish("openrmf.audit.upload", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
            catch (Exception ex) {
                _logger.LogError(ex, "Error Uploading updated Checklist file");