/// <summary> /// Return a checklist raw string based on the SCAP XML file results of an existing checklist file. /// </summary> /// <param name="results">The results list of pass and fail information rules from the SCAP scan</param> /// <param name="checklistString">The raw XML of the checklist</param> /// <param name="newChecklist">True/False on a new checklist (template). If true, add pass and fail items.</param> /// <returns>A checklist raw XML string, if found</returns> public static string UpdateChecklistData(SCAPRuleResultSet results, string checklistString, bool newChecklist) { // process the raw checklist into the CHECKLIST structure CHECKLIST chk = ChecklistLoader.LoadChecklist(checklistString); STIG_DATA data; SCAPRuleResult result; if (chk != null) { // if we read in the hostname, then use it in the Checklist data if (!string.IsNullOrEmpty(results.hostname)) { chk.ASSET.HOST_NAME = results.hostname; } // if we have the IP Address, use that as well if (!string.IsNullOrEmpty(results.ipaddress)) { chk.ASSET.HOST_IP = results.ipaddress; } // for each VULN see if there is a rule matching the rule in the foreach (VULN v in chk.STIGS.iSTIG.VULN) { data = v.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Rule_ID").FirstOrDefault(); if (data != null) { // find if there is a matching rule result = results.ruleResults.Where(z => z.ruleId.ToLower() == data.ATTRIBUTE_DATA.ToLower()).FirstOrDefault(); if (result != null) { // set the status // only mark fails IF this is a new one, otherwise leave alone if (result.result.ToLower() == "fail") { v.STATUS = "Open"; } // mark the pass on any checklist item we find that passed else if (result.result.ToLower() == "pass") { v.STATUS = "NotAFinding"; } } } } } // serialize into a string again System.Xml.Serialization.XmlSerializer xmlSerializer = new System.Xml.Serialization.XmlSerializer(chk.GetType()); using (StringWriter textWriter = new StringWriter()) { xmlSerializer.Serialize(textWriter, chk); checklistString = textWriter.ToString(); } // strip out all the extra formatting crap and clean up the XML to be as simple as possible System.Xml.Linq.XDocument xDoc = System.Xml.Linq.XDocument.Parse(checklistString, System.Xml.Linq.LoadOptions.None); checklistString = xDoc.ToString(System.Xml.Linq.SaveOptions.DisableFormatting); return(checklistString); }
public async Task <IActionResult> GetTemplate(string id) { try { _logger.LogInformation("Calling GetTemplate({0})", id); Template template = new Template(); template = await _TemplateRepo.GetTemplate(id); if (template == null) { _logger.LogWarning("GetTemplate({0}) is not a valid ID", id); return(NotFound()); } template.CHECKLIST = ChecklistLoader.LoadChecklist(template.rawChecklist); _logger.LogInformation("Called GetTemplate({0}) successfully", id); return(Ok(template)); } catch (Exception ex) { _logger.LogError(ex, "GetLatestTemplate({0}) Error Retrieving Template", id); return(BadRequest()); } }