public string Get()
{
// open the web path/examples/ckl file
string filename = Directory.GetCurrentDirectory() + exampleSTIG;
string checklistXML = string.Empty;
string returnedXML = string.Empty;
if (System.IO.File.Exists(filename))
{
CHECKLIST asdChecklist = new CHECKLIST();
_logger.LogInformation("/example/: Example file active so returning an example ASD STIG.");
// put that into a class and deserialize that
asdChecklist = ChecklistLoader.LoadASDChecklist(filename);
XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST));
_logger.LogInformation("Serialized ASD example checklist");
// serialize into a string to return
using (var sww = new StringWriter())
{
using (XmlWriter writer = XmlWriter.Create(sww))
{
serializer.Serialize(writer, asdChecklist);
_logger.LogInformation("/example/: Returning XML string of ASD example checklist");
returnedXML = sww.ToString(); // Your XML
}
}
}
return(returnedXML);
}
/// <summary>
/// Return a checklist raw string based on the SCAP XML file results of an existing checklist file.
/// </summary>
/// <param name="results">The results list of pass and fail information rules from the SCAP scan</param>
/// <param name="checklistString">The raw XML of the checklist</param>
/// <param name="newChecklist">True/False on a new checklist (template). If true, add pass and fail items.</param>
/// <returns>A checklist raw XML string, if found</returns>
public static string UpdateChecklistData(SCAPRuleResultSet results, string checklistString, bool newChecklist)
{
// process the raw checklist into the CHECKLIST structure
CHECKLIST chk = ChecklistLoader.LoadChecklist(checklistString);
STIG_DATA data;
SCAPRuleResult result;
if (chk != null)
{
// if we read in the hostname, then use it in the Checklist data
if (!string.IsNullOrEmpty(results.hostname))
{
chk.ASSET.HOST_NAME = results.hostname;
}
// if we have the IP Address, use that as well
if (!string.IsNullOrEmpty(results.ipaddress))
{
chk.ASSET.HOST_IP = results.ipaddress;
}
// for each VULN see if there is a rule matching the rule in the
foreach (VULN v in chk.STIGS.iSTIG.VULN)
{
data = v.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Rule_ID").FirstOrDefault();
if (data != null)
{
// find if there is a matching rule
result = results.ruleResults.Where(z => z.ruleId.ToLower() == data.ATTRIBUTE_DATA.ToLower()).FirstOrDefault();
if (result != null)
{
// set the status
// only mark fails IF this is a new one, otherwise leave alone
if (result.result.ToLower() == "fail")
{
v.STATUS = "Open";
}
// mark the pass on any checklist item we find that passed
else if (result.result.ToLower() == "pass")
{
v.STATUS = "NotAFinding";
}
}
}
}
}
// serialize into a string again
System.Xml.Serialization.XmlSerializer xmlSerializer = new System.Xml.Serialization.XmlSerializer(chk.GetType());
using (StringWriter textWriter = new StringWriter())
{
xmlSerializer.Serialize(textWriter, chk);
checklistString = textWriter.ToString();
}
// strip out all the extra formatting crap and clean up the XML to be as simple as possible
System.Xml.Linq.XDocument xDoc = System.Xml.Linq.XDocument.Parse(checklistString, System.Xml.Linq.LoadOptions.None);
checklistString = xDoc.ToString(System.Xml.Linq.SaveOptions.DisableFormatting);
return(checklistString);
}
public async Task <IActionResult> Get(Guid id)
{
Score cklScore = new Score();
string checklist = await _cache.GetStringAsync(id.ToString());
if (!string.IsNullOrEmpty(checklist))
{
_logger.LogInformation("/score/{id}: checklist is valid so putting into class to run queries.");
Artifact asdSTIGChecklist = JsonConvert.DeserializeObject <Artifact>(checklist);
if (asdSTIGChecklist.Checklist == null || asdSTIGChecklist.Checklist.Items == null)
{
// load the checklist
asdSTIGChecklist.Checklist = ChecklistLoader.LoadASDChecklist(Directory.GetCurrentDirectory() +
"/wwwroot/data" + asdSTIGChecklist.filePath);
// save it to the cache for next time
_logger.LogInformation("/score/{id}: Pulling in latest checklist file.");
_cache.SetString(asdSTIGChecklist.id.ToString(), JsonConvert.SerializeObject(asdSTIGChecklist));
}
if (asdSTIGChecklist != null && asdSTIGChecklist.Checklist.Items != null &&
asdSTIGChecklist.Checklist.Items.Length == 2 && asdSTIGChecklist.Checklist.Items[1] != null)
{
_logger.LogInformation("/score/{id}: Scoring the checklist.");
// now see what score you can get
CHECKLISTSTIGS objSTIG = (CHECKLISTSTIGS)asdSTIGChecklist.Checklist.Items[1];
CHECKLISTSTIGSISTIG[] iSTIG = objSTIG.iSTIG;
if (iSTIG.Length == 1 && iSTIG[0] != null)
{
CHECKLISTSTIGSISTIG asdSTIG = (CHECKLISTSTIGSISTIG)iSTIG[0];
if (asdSTIG.VULN != null && asdSTIG.VULN.Length > 0)
{
CHECKLISTSTIGSISTIGVULN[] asdVulnerabilities = asdSTIG.VULN;
cklScore.NotReviewed = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "not_reviewed").Count();
cklScore.NotApplicable = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "not_applicable").Count();
cklScore.Open = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "open").Count();
cklScore.NotAFinding = asdVulnerabilities.Where(x => x.STATUS.ToLower() == "notafinding").Count();
}
}
}
}
return(Json(cklScore));
}
public async Task <IActionResult> GetTemplate(string id)
{
try {
_logger.LogInformation("Calling GetTemplate({0})", id);
Template template = new Template();
template = await _TemplateRepo.GetTemplate(id);
if (template == null)
{
_logger.LogWarning("GetTemplate({0}) is not a valid ID", id);
return(NotFound());
}
template.CHECKLIST = ChecklistLoader.LoadChecklist(template.rawChecklist);
_logger.LogInformation("Called GetTemplate({0}) successfully", id);
return(Ok(template));
}
catch (Exception ex) {
_logger.LogError(ex, "GetLatestTemplate({0}) Error Retrieving Template", id);
return(BadRequest());
}
}
