/// <summary>
/// Return a checklist raw string based on the SCAP XML file results of an existing checklist file.
/// </summary>
/// <param name="results">The results list of pass and fail information rules from the SCAP scan</param>
/// <param name="checklistString">The raw XML of the checklist</param>
/// <param name="newChecklist">True/False on a new checklist (template). If true, add pass and fail items.</param>
/// <returns>A checklist raw XML string, if found</returns>
public static string UpdateChecklistData(SCAPRuleResultSet results, string checklistString, bool newChecklist)
{
// process the raw checklist into the CHECKLIST structure
CHECKLIST chk = ChecklistLoader.LoadChecklist(checklistString);
STIG_DATA data;
SCAPRuleResult result;
if (chk != null)
{
// if we read in the hostname, then use it in the Checklist data
if (!string.IsNullOrEmpty(results.hostname))
{
chk.ASSET.HOST_NAME = results.hostname;
}
// if we have the IP Address, use that as well
if (!string.IsNullOrEmpty(results.ipaddress))
{
chk.ASSET.HOST_IP = results.ipaddress;
}
// for each VULN see if there is a rule matching the rule in the
foreach (VULN v in chk.STIGS.iSTIG.VULN)
{
data = v.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Rule_ID").FirstOrDefault();
if (data != null)
{
// find if there is a matching rule
result = results.ruleResults.Where(z => z.ruleId.ToLower() == data.ATTRIBUTE_DATA.ToLower()).FirstOrDefault();
if (result != null)
{
// set the status
// only mark fails IF this is a new one, otherwise leave alone
if (result.result.ToLower() == "fail")
{
v.STATUS = "Open";
}
// mark the pass on any checklist item we find that passed
else if (result.result.ToLower() == "pass")
{
v.STATUS = "NotAFinding";
}
}
}
}
}
// serialize into a string again
System.Xml.Serialization.XmlSerializer xmlSerializer = new System.Xml.Serialization.XmlSerializer(chk.GetType());
using (StringWriter textWriter = new StringWriter())
{
xmlSerializer.Serialize(textWriter, chk);
checklistString = textWriter.ToString();
}
// strip out all the extra formatting crap and clean up the XML to be as simple as possible
System.Xml.Linq.XDocument xDoc = System.Xml.Linq.XDocument.Parse(checklistString, System.Xml.Linq.LoadOptions.None);
checklistString = xDoc.ToString(System.Xml.Linq.SaveOptions.DisableFormatting);
return(checklistString);
}
public async Task <IActionResult> GetTemplate(string id)
{
try {
_logger.LogInformation("Calling GetTemplate({0})", id);
Template template = new Template();
template = await _TemplateRepo.GetTemplate(id);
if (template == null)
{
_logger.LogWarning("GetTemplate({0}) is not a valid ID", id);
return(NotFound());
}
template.CHECKLIST = ChecklistLoader.LoadChecklist(template.rawChecklist);
_logger.LogInformation("Called GetTemplate({0}) successfully", id);
return(Ok(template));
}
catch (Exception ex) {
_logger.LogError(ex, "GetLatestTemplate({0}) Error Retrieving Template", id);
return(BadRequest());
}
}