public void Test_NISTComplianceWithDataIsValid() { NISTCompliance nc = new NISTCompliance(); nc.control = "AC-1"; nc.index = "1.2"; nc.title = "My Title here"; nc.version = "23333"; nc.location = "this location"; nc.CCI = "34234234234"; nc.sortString = "AC-01"; ComplianceRecord cr = new ComplianceRecord(); cr.artifactId = "23423423423423423423"; cr.title = "mytitle"; cr.stigType = "Google Chrome"; cr.stigRelease = "Version 1"; cr.status = "valid"; cr.hostName = "myHost"; cr.updatedOn = DateTime.Now; nc.complianceRecords.Add(cr); // test things out Assert.True(nc != null); Assert.True(!string.IsNullOrEmpty(nc.control)); Assert.True(!string.IsNullOrEmpty(nc.index)); Assert.True(!string.IsNullOrEmpty(nc.title)); Assert.True(!string.IsNullOrEmpty(nc.version)); Assert.True(!string.IsNullOrEmpty(nc.location)); Assert.True(!string.IsNullOrEmpty(nc.CCI)); Assert.True(nc.complianceRecords.Count == 1); // test one of the items in the list record Assert.True(!string.IsNullOrEmpty(nc.complianceRecords[0].artifactId)); }
public async Task <IActionResult> OnGetAsync(int?id) { if (id == null) { return(NotFound()); } ComplianceRecord = await _context.ComplianceRecord.FirstOrDefaultAsync(m => m.Id == id); if (ComplianceRecord == null) { return(NotFound()); } return(Page()); }
public async Task <IActionResult> OnPostAsync(int?id) { if (id == null) { return(NotFound()); } ComplianceRecord = await _context.ComplianceRecord.FindAsync(id); if (ComplianceRecord != null) { _context.ComplianceRecord.Remove(ComplianceRecord); await _context.SaveChangesAsync(); } return(RedirectToPage("./Index")); }
public void Test_ComplianceRecordWithDataIsValid() { ComplianceRecord cr = new ComplianceRecord(); cr.artifactId = "23423423423423423423"; cr.title = "mytitle"; cr.stigType = "Google Chrome"; cr.stigRelease = "Version 1"; cr.status = "valid"; cr.hostName = "myHost"; cr.updatedOn = DateTime.Now; // test things out Assert.True(cr != null); Assert.True(!string.IsNullOrEmpty(cr.artifactId)); Assert.True(!string.IsNullOrEmpty(cr.title)); Assert.True(!string.IsNullOrEmpty(cr.stigType)); Assert.True(!string.IsNullOrEmpty(cr.stigRelease)); Assert.True(!string.IsNullOrEmpty(cr.status)); Assert.True(!string.IsNullOrEmpty(cr.hostName)); Assert.True(!string.IsNullOrEmpty(cr.updatedOn.ToShortDateString())); }
public static async Task <List <NISTCompliance> > GetSystemControls(string systemId, string filter, bool pii, string majorcontrol) { // for each system // for each checklist in the system // for each VULN listing // for each CCI within the VULN listed // match up the CCI to the NIST, then get the status, checklist and ID, STIG ID , VULN ID, and type and return it try { // Call the NATS subscription to get all CCI to NIST Major Controls List <CciItem> cciItems = NATSClient.GetCCIListing(); // list of the NIST controls down to the index-to-CCI level we cycle through List <NISTControl> controls = CreateListOfNISTControls(cciItems); // the end result grouped by control and listing checklists and their status List <NISTCompliance> complianceList = new List <NISTCompliance>(); if (!string.IsNullOrEmpty(majorcontrol)) { // filter the list to just do the one major control controls = controls.Where(x => x.control == majorcontrol).ToList(); // get all cciItems where at least one of the major controls exists in the references listing List <CciItem> filteredCCIItems = new List <CciItem>(); foreach (CciItem cci in cciItems) // see if the major control is in here; if so keep it otherwise discard { if (cci.references != null && cci.references.Count > 0 && cci.references.Where(x => x.majorControl == majorcontrol).FirstOrDefault() != null) { filteredCCIItems.Add(cci); } } cciItems = filteredCCIItems; filteredCCIItems = null; } // get all the variables ready List <STIG_DATA> sd; Artifact art; ComplianceRecord rec; List <ControlSet> controlSet; ControlSet controlRecord; NISTCompliance compliance; string host = ""; int parentIndex = 0; // this routine uses "API to API" messaging via NATS to get the list of checklists per system, each checklist, // as well as the controls that we need to run against for generating compliance List <Artifact> checklists = NATSClient.GetChecklistsBySystem(systemId); if (checklists != null && checklists.Count > 0) { controlSet = NATSClient.GetControlRecords(filter, pii); foreach (Artifact a in checklists) { art = NATSClient.GetChecklist(a.InternalId.ToString()); if (art != null) { host = !string.IsNullOrEmpty(art.CHECKLIST.ASSET.HOST_NAME)? art.CHECKLIST.ASSET.HOST_NAME : ""; foreach (VULN v in art.CHECKLIST.STIGS.iSTIG.VULN) { // grab each CCI and then match to one or more NIST Control records // fill in the compliance record for the control and add the compliance record to that control w/in the larger list sd = v.STIG_DATA.Where(x => x.VULN_ATTRIBUTE == "CCI_REF").ToList(); foreach (STIG_DATA d in sd) { foreach (NISTControl ctrl in controls.Where(x => x.CCI == d.ATTRIBUTE_DATA).ToList()) { // for each CTRL, if it already has a complianceList record for the checklist and this control, then update the record // if no record, then make a new one if (complianceList.Where(z => z.control == ctrl.control).Count() > 0) // should at most be 1 { compliance = complianceList.Where(z => z.control == ctrl.control).First(); } else { compliance = new NISTCompliance(); compliance.control = ctrl.control; // major control family compliance.title = "Unknown"; controlRecord = controlSet.Where(x => x.number == ctrl.control.Replace(" ", "")).FirstOrDefault(); if (controlRecord != null) { compliance.title = controlRecord.title; compliance.sortString = GenerateControlIndexSort(ctrl.index); complianceList.Add(compliance); // add it to the listing } else // get the generic family name of the control if any if this is an allowed control { parentIndex = GetFirstIndex(ctrl.index); if (parentIndex > 0) { controlRecord = controlSet.Where(x => x.number == ctrl.index.Substring(0, parentIndex) || x.subControlNumber == ctrl.index.Substring(0, parentIndex)).FirstOrDefault(); if (controlRecord != null) { if (!string.IsNullOrEmpty(controlRecord.title)) { compliance.title = controlRecord.title; } compliance.sortString = GenerateControlIndexSort(ctrl.index); complianceList.Add(compliance); // add it to the listing } } } // moved this above where there is a real title, otherwise this is a ghost control not used anymore // also means it is not linked to Low / Moderate / High which is a required param calling this code //compliance.sortString = GenerateControlIndexSort(ctrl.index); //complianceList.Add(compliance); // add it to the listing } // For the compliance record, does it have a listing for the checklist/artifactId if (compliance.complianceRecords.Where(c => c.artifactId == a.InternalId).Count() > 0) // if a new record, will be 0 { rec = compliance.complianceRecords.Where(c => c.artifactId == a.InternalId).First(); //grab the the record to update the status rec.status = GenerateStatus(rec.status, v.STATUS); } else { rec = new ComplianceRecord(); rec.artifactId = a.InternalId; rec.status = v.STATUS; rec.updatedOn = a.updatedOn.Value; rec.title = a.title; rec.stigType = a.stigType; rec.stigRelease = a.stigRelease; rec.hostName = host; compliance.complianceRecords.Add(rec); // add the new compliance record to the control we are making } } } } } } // // fill the compliance list with those in the controls not yet in the complianceList but in the valid control set List <string> missingIndexes = controls.Where(x => !complianceList.Any(x2 => x2.control == x.control)).Select(y => y.control).Distinct().ToList(); foreach (string index in missingIndexes) { compliance = new NISTCompliance(); compliance.control = index; // add the control family compliance.title = "Unknown"; //controlRecord = controlSet.Where(x => x.number == index.Replace(" ", "") || x.subControlNumber == index.Replace(" ", "")).FirstOrDefault(); controlRecord = controlSet.Where(x => x.number == index.Replace(" ", "")).FirstOrDefault(); if (controlRecord != null) { compliance.title = controlRecord.title; compliance.sortString = GenerateControlIndexSort(index); complianceList.Add(compliance); // add it to the listing } else // get the generic family name of the control if any { parentIndex = GetFirstIndex(index); if (parentIndex > 0) { controlRecord = controlSet.Where(x => x.number == index.Substring(0, GetFirstIndex(index)) || x.subControlNumber == index.Substring(0, GetFirstIndex(index))).FirstOrDefault(); if (controlRecord != null) { if (!string.IsNullOrEmpty(controlRecord.title)) { compliance.title = controlRecord.title; } compliance.sortString = GenerateControlIndexSort(index); complianceList.Add(compliance); // add it to the listing } } else { Console.WriteLine(string.Format("control not found: {0}", index)); } } // moved this to above where we find a title, otherwise these are orphaned are not listed //compliance.sortString = GenerateControlIndexSort(index); //complianceList.Add(compliance); // add it to the listing } // order by the index, which also groups them by the major control return(complianceList.OrderBy(x => x.sortString).ToList()); } else { return(null); } } catch (Exception ex) { // log it here throw ex; } }
public void Test_NewComplianceRecordIsValid() { ComplianceRecord cr = new ComplianceRecord(); Assert.True(cr != null); }