public string Get() { // open the web path/examples/ckl file string filename = Directory.GetCurrentDirectory() + exampleSTIG; string checklistXML = string.Empty; string returnedXML = string.Empty; if (System.IO.File.Exists(filename)) { CHECKLIST asdChecklist = new CHECKLIST(); _logger.LogInformation("/example/: Example file active so returning an example ASD STIG."); // put that into a class and deserialize that asdChecklist = ChecklistLoader.LoadASDChecklist(filename); XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST)); _logger.LogInformation("Serialized ASD example checklist"); // serialize into a string to return using (var sww = new StringWriter()) { using (XmlWriter writer = XmlWriter.Create(sww)) { serializer.Serialize(writer, asdChecklist); _logger.LogInformation("/example/: Returning XML string of ASD example checklist"); returnedXML = sww.ToString(); // Your XML } } } return(returnedXML); }
/// <summary> /// Return a checklist raw string based on the SCAP XML file results of an existing checklist file. /// </summary> /// <param name="results">The results list of pass and fail information rules from the SCAP scan</param> /// <param name="checklistString">The raw XML of the checklist</param> /// <param name="newChecklist">True/False on a new checklist (template). If true, add pass and fail items.</param> /// <returns>A checklist raw XML string, if found</returns> public static string UpdateChecklistData(SCAPRuleResultSet results, string checklistString, bool newChecklist) { // process the raw checklist into the CHECKLIST structure CHECKLIST chk = ChecklistLoader.LoadChecklist(checklistString); STIG_DATA data; SCAPRuleResult result; if (chk != null) { // if we read in the hostname, then use it in the Checklist data if (!string.IsNullOrEmpty(results.hostname)) { chk.ASSET.HOST_NAME = results.hostname; } // if we have the IP Address, use that as well if (!string.IsNullOrEmpty(results.ipaddress)) { chk.ASSET.HOST_IP = results.ipaddress; } // for each VULN see if there is a rule matching the rule in the foreach (VULN v in chk.STIGS.iSTIG.VULN) { data = v.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Rule_ID").FirstOrDefault(); if (data != null) { // find if there is a matching rule result = results.ruleResults.Where(z => z.ruleId.ToLower() == data.ATTRIBUTE_DATA.ToLower()).FirstOrDefault(); if (result != null) { // set the status // only mark fails IF this is a new one, otherwise leave alone if (result.result.ToLower() == "fail") { v.STATUS = "Open"; } // mark the pass on any checklist item we find that passed else if (result.result.ToLower() == "pass") { v.STATUS = "NotAFinding"; } } } } } // serialize into a string again System.Xml.Serialization.XmlSerializer xmlSerializer = new System.Xml.Serialization.XmlSerializer(chk.GetType()); using (StringWriter textWriter = new StringWriter()) { xmlSerializer.Serialize(textWriter, chk); checklistString = textWriter.ToString(); } // strip out all the extra formatting crap and clean up the XML to be as simple as possible System.Xml.Linq.XDocument xDoc = System.Xml.Linq.XDocument.Parse(checklistString, System.Xml.Linq.LoadOptions.None); checklistString = xDoc.ToString(System.Xml.Linq.SaveOptions.DisableFormatting); return(checklistString); }
public async Task <IActionResult> Get(Guid id) { Score cklScore = new Score(); string checklist = await _cache.GetStringAsync(id.ToString()); if (!string.IsNullOrEmpty(checklist)) { _logger.LogInformation("/score/{id}: checklist is valid so putting into class to run queries."); Artifact asdSTIGChecklist = JsonConvert.DeserializeObject <Artifact>(checklist); if (asdSTIGChecklist.Checklist == null || asdSTIGChecklist.Checklist.Items == null) { // load the checklist asdSTIGChecklist.Checklist = ChecklistLoader.LoadASDChecklist(Directory.GetCurrentDirectory() + "/wwwroot/data" + asdSTIGChecklist.filePath); // save it to the cache for next time _logger.LogInformation("/score/{id}: Pulling in latest checklist file."); _cache.SetString(asdSTIGChecklist.id.ToString(), JsonConvert.SerializeObject(asdSTIGChecklist)); } if (asdSTIGChecklist != null && asdSTIGChecklist.Checklist.Items != null && asdSTIGChecklist.Checklist.Items.Length == 2 && asdSTIGChecklist.Checklist.Items[1] != null) { _logger.LogInformation("/score/{id}: Scoring the checklist."); // now see what score you can get CHECKLISTSTIGS objSTIG = (CHECKLISTSTIGS)asdSTIGChecklist.Checklist.Items[1]; CHECKLISTSTIGSISTIG[] iSTIG = objSTIG.iSTIG; if (iSTIG.Length == 1 && iSTIG[0] != null) { CHECKLISTSTIGSISTIG asdSTIG = (CHECKLISTSTIGSISTIG)iSTIG[0]; if (asdSTIG.VULN != null && asdSTIG.VULN.Length > 0) { CHECKLISTSTIGSISTIGVULN[] asdVulnerabilities = asdSTIG.VULN; cklScore.NotReviewed = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "not_reviewed").Count(); cklScore.NotApplicable = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "not_applicable").Count(); cklScore.Open = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "open").Count(); cklScore.NotAFinding = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "notafinding").Count(); } } } } return(Json(cklScore)); }
public async Task <IActionResult> GetTemplate(string id) { try { _logger.LogInformation("Calling GetTemplate({0})", id); Template template = new Template(); template = await _TemplateRepo.GetTemplate(id); if (template == null) { _logger.LogWarning("GetTemplate({0}) is not a valid ID", id); return(NotFound()); } template.CHECKLIST = ChecklistLoader.LoadChecklist(template.rawChecklist); _logger.LogInformation("Called GetTemplate({0}) successfully", id); return(Ok(template)); } catch (Exception ex) { _logger.LogError(ex, "GetLatestTemplate({0}) Error Retrieving Template", id); return(BadRequest()); } }