public void Test_NISTComplianceWithDataIsValid()
{
NISTCompliance nc = new NISTCompliance();
nc.control = "AC-1";
nc.index = "1.2";
nc.title = "My Title here";
nc.version = "23333";
nc.location = "this location";
nc.CCI = "34234234234";
nc.sortString = "AC-01";
ComplianceRecord cr = new ComplianceRecord();
cr.artifactId = "23423423423423423423";
cr.title = "mytitle";
cr.stigType = "Google Chrome";
cr.stigRelease = "Version 1";
cr.status = "valid";
cr.hostName = "myHost";
cr.updatedOn = DateTime.Now;
nc.complianceRecords.Add(cr);
// test things out
Assert.True(nc != null);
Assert.True(!string.IsNullOrEmpty(nc.control));
Assert.True(!string.IsNullOrEmpty(nc.index));
Assert.True(!string.IsNullOrEmpty(nc.title));
Assert.True(!string.IsNullOrEmpty(nc.version));
Assert.True(!string.IsNullOrEmpty(nc.location));
Assert.True(!string.IsNullOrEmpty(nc.CCI));
Assert.True(nc.complianceRecords.Count == 1);
// test one of the items in the list record
Assert.True(!string.IsNullOrEmpty(nc.complianceRecords[0].artifactId));
}
public async Task <IActionResult> OnGetAsync(int?id)
{
if (id == null)
{
return(NotFound());
}
ComplianceRecord = await _context.ComplianceRecord.FirstOrDefaultAsync(m => m.Id == id);
if (ComplianceRecord == null)
{
return(NotFound());
}
return(Page());
}
public async Task <IActionResult> OnPostAsync(int?id)
{
if (id == null)
{
return(NotFound());
}
ComplianceRecord = await _context.ComplianceRecord.FindAsync(id);
if (ComplianceRecord != null)
{
_context.ComplianceRecord.Remove(ComplianceRecord);
await _context.SaveChangesAsync();
}
return(RedirectToPage("./Index"));
}
public void Test_ComplianceRecordWithDataIsValid()
{
ComplianceRecord cr = new ComplianceRecord();
cr.artifactId = "23423423423423423423";
cr.title = "mytitle";
cr.stigType = "Google Chrome";
cr.stigRelease = "Version 1";
cr.status = "valid";
cr.hostName = "myHost";
cr.updatedOn = DateTime.Now;
// test things out
Assert.True(cr != null);
Assert.True(!string.IsNullOrEmpty(cr.artifactId));
Assert.True(!string.IsNullOrEmpty(cr.title));
Assert.True(!string.IsNullOrEmpty(cr.stigType));
Assert.True(!string.IsNullOrEmpty(cr.stigRelease));
Assert.True(!string.IsNullOrEmpty(cr.status));
Assert.True(!string.IsNullOrEmpty(cr.hostName));
Assert.True(!string.IsNullOrEmpty(cr.updatedOn.ToShortDateString()));
}
public static async Task <List <NISTCompliance> > GetSystemControls(string systemId, string filter, bool pii, string majorcontrol)
{
// for each system
// for each checklist in the system
// for each VULN listing
// for each CCI within the VULN listed
// match up the CCI to the NIST, then get the status, checklist and ID, STIG ID , VULN ID, and type and return it
try {
// Call the NATS subscription to get all CCI to NIST Major Controls
List <CciItem> cciItems = NATSClient.GetCCIListing();
// list of the NIST controls down to the index-to-CCI level we cycle through
List <NISTControl> controls = CreateListOfNISTControls(cciItems);
// the end result grouped by control and listing checklists and their status
List <NISTCompliance> complianceList = new List <NISTCompliance>();
if (!string.IsNullOrEmpty(majorcontrol))
{
// filter the list to just do the one major control
controls = controls.Where(x => x.control == majorcontrol).ToList();
// get all cciItems where at least one of the major controls exists in the references listing
List <CciItem> filteredCCIItems = new List <CciItem>();
foreach (CciItem cci in cciItems) // see if the major control is in here; if so keep it otherwise discard
{
if (cci.references != null && cci.references.Count > 0 && cci.references.Where(x => x.majorControl == majorcontrol).FirstOrDefault() != null)
{
filteredCCIItems.Add(cci);
}
}
cciItems = filteredCCIItems;
filteredCCIItems = null;
}
// get all the variables ready
List <STIG_DATA> sd;
Artifact art;
ComplianceRecord rec;
List <ControlSet> controlSet;
ControlSet controlRecord;
NISTCompliance compliance;
string host = "";
int parentIndex = 0;
// this routine uses "API to API" messaging via NATS to get the list of checklists per system, each checklist,
// as well as the controls that we need to run against for generating compliance
List <Artifact> checklists = NATSClient.GetChecklistsBySystem(systemId);
if (checklists != null && checklists.Count > 0)
{
controlSet = NATSClient.GetControlRecords(filter, pii);
foreach (Artifact a in checklists)
{
art = NATSClient.GetChecklist(a.InternalId.ToString());
if (art != null)
{
host = !string.IsNullOrEmpty(art.CHECKLIST.ASSET.HOST_NAME)? art.CHECKLIST.ASSET.HOST_NAME : "";
foreach (VULN v in art.CHECKLIST.STIGS.iSTIG.VULN)
{
// grab each CCI and then match to one or more NIST Control records
// fill in the compliance record for the control and add the compliance record to that control w/in the larger list
sd = v.STIG_DATA.Where(x => x.VULN_ATTRIBUTE == "CCI_REF").ToList();
foreach (STIG_DATA d in sd)
{
foreach (NISTControl ctrl in controls.Where(x => x.CCI == d.ATTRIBUTE_DATA).ToList())
{
// for each CTRL, if it already has a complianceList record for the checklist and this control, then update the record
// if no record, then make a new one
if (complianceList.Where(z => z.control == ctrl.control).Count() > 0) // should at most be 1
{
compliance = complianceList.Where(z => z.control == ctrl.control).First();
}
else
{
compliance = new NISTCompliance();
compliance.control = ctrl.control; // major control family
compliance.title = "Unknown";
controlRecord = controlSet.Where(x => x.number == ctrl.control.Replace(" ", "")).FirstOrDefault();
if (controlRecord != null)
{
compliance.title = controlRecord.title;
compliance.sortString = GenerateControlIndexSort(ctrl.index);
complianceList.Add(compliance); // add it to the listing
}
else // get the generic family name of the control if any if this is an allowed control
{
parentIndex = GetFirstIndex(ctrl.index);
if (parentIndex > 0)
{
controlRecord = controlSet.Where(x => x.number == ctrl.index.Substring(0, parentIndex) ||
x.subControlNumber == ctrl.index.Substring(0, parentIndex)).FirstOrDefault();
if (controlRecord != null)
{
if (!string.IsNullOrEmpty(controlRecord.title))
{
compliance.title = controlRecord.title;
}
compliance.sortString = GenerateControlIndexSort(ctrl.index);
complianceList.Add(compliance); // add it to the listing
}
}
}
// moved this above where there is a real title, otherwise this is a ghost control not used anymore
// also means it is not linked to Low / Moderate / High which is a required param calling this code
//compliance.sortString = GenerateControlIndexSort(ctrl.index);
//complianceList.Add(compliance); // add it to the listing
}
// For the compliance record, does it have a listing for the checklist/artifactId
if (compliance.complianceRecords.Where(c => c.artifactId == a.InternalId).Count() > 0) // if a new record, will be 0
{
rec = compliance.complianceRecords.Where(c => c.artifactId == a.InternalId).First(); //grab the the record to update the status
rec.status = GenerateStatus(rec.status, v.STATUS);
}
else
{
rec = new ComplianceRecord();
rec.artifactId = a.InternalId;
rec.status = v.STATUS;
rec.updatedOn = a.updatedOn.Value;
rec.title = a.title;
rec.stigType = a.stigType;
rec.stigRelease = a.stigRelease;
rec.hostName = host;
compliance.complianceRecords.Add(rec); // add the new compliance record to the control we are making
}
}
}
}
}
}
// // fill the compliance list with those in the controls not yet in the complianceList but in the valid control set
List <string> missingIndexes = controls.Where(x => !complianceList.Any(x2 => x2.control == x.control)).Select(y => y.control).Distinct().ToList();
foreach (string index in missingIndexes)
{
compliance = new NISTCompliance();
compliance.control = index; // add the control family
compliance.title = "Unknown";
//controlRecord = controlSet.Where(x => x.number == index.Replace(" ", "") || x.subControlNumber == index.Replace(" ", "")).FirstOrDefault();
controlRecord = controlSet.Where(x => x.number == index.Replace(" ", "")).FirstOrDefault();
if (controlRecord != null)
{
compliance.title = controlRecord.title;
compliance.sortString = GenerateControlIndexSort(index);
complianceList.Add(compliance); // add it to the listing
}
else // get the generic family name of the control if any
{
parentIndex = GetFirstIndex(index);
if (parentIndex > 0)
{
controlRecord = controlSet.Where(x => x.number == index.Substring(0, GetFirstIndex(index)) ||
x.subControlNumber == index.Substring(0, GetFirstIndex(index))).FirstOrDefault();
if (controlRecord != null)
{
if (!string.IsNullOrEmpty(controlRecord.title))
{
compliance.title = controlRecord.title;
}
compliance.sortString = GenerateControlIndexSort(index);
complianceList.Add(compliance); // add it to the listing
}
}
else
{
Console.WriteLine(string.Format("control not found: {0}", index));
}
}
// moved this to above where we find a title, otherwise these are orphaned are not listed
//compliance.sortString = GenerateControlIndexSort(index);
//complianceList.Add(compliance); // add it to the listing
}
// order by the index, which also groups them by the major control
return(complianceList.OrderBy(x => x.sortString).ToList());
}
else
{
return(null);
}
}
catch (Exception ex) {
// log it here
throw ex;
}
}
public void Test_NewComplianceRecordIsValid()
{
ComplianceRecord cr = new ComplianceRecord();
Assert.True(cr != null);
}
