예제 #1
0
        public async Task <IActionResult> UploadNewChecklist(List <IFormFile> checklistFiles, string systemGroupId, string system)
        {
            try {
                _logger.LogInformation("Calling UploadNewChecklist() with {0} checklists", checklistFiles.Count.ToString());
                if (checklistFiles.Count > 0)
                {
                    // grab the user/system ID from the token if there which is *should* always be
                    var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
                    // make sure the SYSTEM GROUP is valid here and then add the files...
                    SystemGroup sg;
                    SystemGroup recordSystem = null;

                    if (string.IsNullOrEmpty(systemGroupId))
                    {
                        sg         = new SystemGroup();
                        sg.title   = system;
                        sg.created = DateTime.Now;
                        if (claim != null && claim.Value != null)
                        {
                            sg.createdBy = Guid.Parse(claim.Value);
                        }
                        recordSystem = _systemRepo.AddSystemGroup(sg).GetAwaiter().GetResult();
                    }
                    else
                    {
                        sg = await _systemRepo.GetSystemGroup(systemGroupId);

                        if (sg == null)
                        {
                            sg         = new SystemGroup();
                            sg.title   = "None";
                            sg.created = DateTime.Now;
                            if (claim != null && claim.Value != null)
                            {
                                sg.createdBy = Guid.Parse(claim.Value);
                            }
                            recordSystem = _systemRepo.AddSystemGroup(sg).GetAwaiter().GetResult();
                        }
                        else
                        {
                            sg.updatedOn = DateTime.Now;
                            if (claim != null && claim.Value != null)
                            {
                                sg.updatedBy = Guid.Parse(claim.Value);
                            }
                            var updated = _systemRepo.UpdateSystemGroup(systemGroupId, sg).GetAwaiter().GetResult();
                        }
                    }

                    // result we send back
                    UploadResult uploadResult = new UploadResult();

                    // now go through the Checklists and set them up
                    foreach (IFormFile file in checklistFiles)
                    {
                        try {
                            string rawChecklist = string.Empty;

                            if (file.FileName.ToLower().EndsWith(".xml"))
                            {
                                // if an XML XCCDF SCAP scan file
                                _logger.LogInformation("UploadNewChecklist() parsing the SCAP Scan file for {0}.", file.FileName.ToLower());
                                using (var reader = new StreamReader(file.OpenReadStream()))
                                {
                                    // read in the file
                                    string xmlfile = reader.ReadToEnd();
                                    // pull out the rule IDs and their results of pass or fail and the title/type of SCAP scan done
                                    SCAPRuleResultSet results = SCAPScanResultLoader.LoadSCAPScan(xmlfile);
                                    // get the rawChecklist data so we can move on
                                    // generate a new checklist from a template based on the type and revision
                                    rawChecklist = SCAPScanResultLoader.GenerateChecklistData(results);
                                }
                            }
                            else if (file.FileName.ToLower().EndsWith(".ckl"))
                            {
                                // if a CKL file
                                _logger.LogInformation("UploadNewChecklist() parsing the Checklist CKL file for {0}.", file.FileName.ToLower());
                                using (var reader = new StreamReader(file.OpenReadStream()))
                                {
                                    rawChecklist = reader.ReadToEnd();
                                }
                            }
                            else
                            {
                                // log this is a bad file
                                return(BadRequest());
                            }

                            // clean up any odd data that can mess us up moving around, via JS, and such
                            _logger.LogInformation("UploadNewChecklist() sanitizing the checklist for {0}.", file.FileName.ToLower());
                            rawChecklist = SanitizeData(rawChecklist);

                            // create the new record for saving into the DB
                            Artifact newArtifact = MakeArtifactRecord(rawChecklist);

                            if (claim != null) // get the value
                            {
                                _logger.LogInformation("UploadNewChecklist() setting the created by ID of the checklist {0}.", file.FileName.ToLower());
                                newArtifact.createdBy = Guid.Parse(claim.Value);
                                if (sg.createdBy == Guid.Empty)
                                {
                                    sg.createdBy = Guid.Parse(claim.Value);
                                }
                                else
                                {
                                    sg.updatedBy = Guid.Parse(claim.Value);
                                }
                            }

                            // add the system record ID to the Artifact to know how to query it
                            _logger.LogInformation("UploadNewChecklist() setting the title of the checklist {0}.", file.FileName.ToLower());
                            if (recordSystem != null)
                            {
                                newArtifact.systemGroupId = recordSystem.InternalId.ToString();
                                // store the title for ease of use
                                newArtifact.systemTitle = recordSystem.title;
                            }
                            else
                            {
                                newArtifact.systemGroupId = sg.InternalId.ToString();
                                // store the title for ease of use
                                newArtifact.systemTitle = sg.title;
                            }
                            // save the artifact record and checklist to the database
                            _logger.LogInformation("UploadNewChecklist() saving the checklist {0} to the database", file.FileName.ToLower());
                            var record = await _artifactRepo.AddArtifact(newArtifact);

                            _logger.LogInformation("UploadNewChecklist() saved the checklist {0} to the database.", file.FileName.ToLower());

                            // add to the number of successful uploads
                            uploadResult.successful++;

                            // publish to the openrmf save new realm the new ID we can use
                            _logger.LogInformation("UploadNewChecklist() publish a message on a new checklist {0} for the scoring of it.", file.FileName.ToLower());
                            _msgServer.Publish("openrmf.checklist.save.new", Encoding.UTF8.GetBytes(record.InternalId.ToString()));
                            // publish to update the system checklist count
                            _logger.LogInformation("UploadNewChecklist() publish a message on a new checklist {0} for updating the count of checklists in the system.", file.FileName.ToLower());
                            _msgServer.Publish("openrmf.system.count.add", Encoding.UTF8.GetBytes(record.systemGroupId));
                            _msgServer.Flush();

                            // publish an audit event
                            _logger.LogInformation("UploadNewChecklist() publish an audit message on a new checklist {0}.", file.FileName.ToLower());
                            Audit newAudit = GenerateAuditMessage(claim, "add checklist");
                            newAudit.message = string.Format("UploadNewChecklist() uploaded a new checklist {0} in system group ({1}) {2}.", file.FileName.ToLower(), sg.InternalId.ToString(), sg.title);
                            newAudit.url     = "POST /";
                            _msgServer.Publish("openrmf.audit.upload", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
                            _msgServer.Flush();
                        }
                        catch (Exception ex) {
                            // add to the list of failed uploads
                            uploadResult.failed++;
                            uploadResult.failedUploads.Add(file.FileName);
                            // log it
                            _logger.LogError(ex, "UploadNewChecklist() error on checklist file not parsing right: {0}.", file.FileName.ToLower());
                            // see if there are any left
                        }
                    }
                    _logger.LogInformation("Called UploadNewChecklist() with {0} checklists successfully", checklistFiles.Count.ToString());
                    return(Ok(uploadResult));
                }
                else
                {
                    _logger.LogWarning("Called UploadNewChecklist() with NO checklists!");
                    return(BadRequest());
                }
            }
            catch (Exception ex) {
                _logger.LogError(ex, "Error uploading checklist file");
                return(BadRequest());
            }
        }