public async Task <IActionResult> GetCCIItem(string cciid)
{
if (!string.IsNullOrEmpty(cciid))
{
try {
_logger.LogInformation("Calling GetCCIItem({0})", cciid);
var result = NATSClient.GetCCIItemReferences(cciid);
if (result != null)
{
_logger.LogInformation("Called GetCCIItem({0}) successfully", cciid);
return(Ok(result));
}
else
{
_logger.LogWarning("Called GetCCIItem({0}) but had no returned data", cciid);
return(NotFound()); // bad system reference
}
}
catch (Exception ex) {
_logger.LogError(ex, "GetCCIItem() Error getting CCI Item information for {0}", cciid);
return(BadRequest());
}
}
else
{
_logger.LogWarning("Called GetCCIItem() but with an invalid or empty Id", cciid);
return(BadRequest()); // no CCI Id entered
}
}
public async Task <IActionResult> GetAllMajorControls()
{
try {
_logger.LogInformation("Calling GetAllMajorControls()");
var listing = NATSClient.GetControlRecords("high", true);
if (listing != null)
{
_logger.LogInformation("Called GetAllMajorControls() successfully");
// get just the id, number, and title
listing = listing.GroupBy(x => new { x.number, x.title })
.Select(g => new ControlSet {
number = g.Key.number,
title = g.Key.title
}).ToList();
// return the distint listing
return(Ok(listing.Distinct().OrderBy(x => x.indexsort).ToList()));
}
else
{
_logger.LogWarning("Called GetAllMajorControls() but no control records listing returned");
return(NotFound()); // nothing loaded yet
}
}
catch (Exception ex) {
_logger.LogError(ex, "GetAllMajorControls() Error listing all control sets. Please check the in memory database and XML file load.");
return(BadRequest());
}
}
public async Task <IActionResult> GetControl(string term)
{
_logger.LogInformation("Calling GetControl({0})", term);
if (!string.IsNullOrEmpty(term))
{
try {
var record = NATSClient.GetControlRecord(term);
if (record == null)
{
_logger.LogWarning("GetControl({0}) term not found", term);
return(NotFound());
}
_logger.LogInformation("Called GetControl({0}) successfully", term);
return(Ok(record));
}
catch (Exception ex) {
_logger.LogError(ex, "GetControl() Error listing all control sets. Please check the in memory database and XML file load.");
return(BadRequest());
}
}
else
{
_logger.LogWarning("GetControl({0}) term was not sent in the API call");
return(BadRequest("No valid control term sent"));
}
}
/// <summary>
/// Return a checklist raw string based on the SCAP XML file results.
/// </summary>
/// <param name="results">The results list of pass and fail information rules from the SCAP scan</param>
/// <returns>A checklist raw XML string, if found</returns>
public static string GenerateChecklistData(SCAPRuleResultSet results)
{
string checklistString = NATSClient.GetArtifactByTemplateTitle(results.title);
// generate the checklist from reading the template in using a Request/Reply to openrmf.template.read
if (!string.IsNullOrEmpty(checklistString))
{
return(UpdateChecklistData(results, checklistString, true));
}
// return the default template string
return(checklistString);
}
public async Task <IActionResult> GetAllControls(string impactlevel = "", bool pii = false)
{
try {
_logger.LogInformation("Calling GetAllControls({0}, {1})", impactlevel, pii.ToString());
var listing = NATSClient.GetControlRecords(impactlevel, pii);
if (listing != null)
{
_logger.LogInformation("Called GetAllControls({0}, {1}) successfully", impactlevel, pii.ToString());
return(Ok(listing));
}
else
{
_logger.LogWarning("Called GetAllControls({0}, {1}) but no control records listing returned", impactlevel, pii.ToString());
return(NotFound()); // nothing loaded yet
}
}
catch (Exception ex) {
_logger.LogError(ex, "GetAllControls() Error listing all control sets. Please check the in memory database and XML file load.");
return(BadRequest());
}
}
//[ResponseCache(Duration = 60, Location = ResponseCacheLocation.Any, VaryByQueryKeys = new [] {"systemGroupId", "artifactId"})]
public async Task <IActionResult> GetLatestTemplate(string systemGroupId, string artifactId)
{
try {
_logger.LogInformation("Calling GetLatestTemplate({0}, {1})", systemGroupId, artifactId);
Artifact art = NATSClient.GetCurrentChecklist(systemGroupId, artifactId);
if (art != null)
{
Template template = new Template();
string stigType = "";
SI_DATA data = art.CHECKLIST.STIGS.iSTIG.STIG_INFO.SI_DATA.Where(x => x.SID_NAME == "title").FirstOrDefault();
if (data != null)
{
// get the artifact checklists's actual checklist type from DISA
stigType = data.SID_DATA;
template = await _TemplateRepo.GetLatestTemplate(stigType);
if (template == null)
{
_logger.LogWarning("GetLatestTemplate({0}, {1}) is not a valid ID", systemGroupId, artifactId);
return(NotFound());
}
// now let's compare versions and releases and see if there is a new one
if (Convert.ToInt16(template.version) > Convert.ToInt16(art.version))
{
_logger.LogInformation("Called GetLatestTemplate({0}, {1}) successfully and returned a new template version {2}", systemGroupId, artifactId, art.version);
// new version, send it
return(Ok(template));
}
if (Convert.ToInt16(template.version) == Convert.ToInt16(art.version))
{
// same version, let's check the release
// checklist Release = Rxx where xx is a number like "R18 dated 25 Oct 2019"
// template release is the full text "Release: 6 Benchmark Date: 24 Jan 2020"
// so we need to remove Release:, trim it, then take the first "word" up to the space
// convert to INT if possible, and then test the template release > checklist release
int artifactRelease = GetReleaseValue(art.stigRelease);
int templateRelease = GetReleaseValue(template.stigRelease);
if (templateRelease > artifactRelease)
{
_logger.LogInformation("Called GetLatestTemplate({0}, {1}) successfully and returned a new template release {2}", systemGroupId, artifactId, template.stigRelease);
return(Ok(template));
}
else
{
_logger.LogInformation("Called GetLatestTemplate({0}, {1}) successfully and already at the correct version {2} and release {3}", systemGroupId, artifactId, art.version, art.stigRelease);
return(NotFound("No New Template"));
}
}
else
{
// this is not valid, return not found
_logger.LogWarning("Called GetLatestTemplate({0}, {1}) with an odd version and release", systemGroupId, artifactId);
return(NotFound("The checklist passed in had an Invalid Version and/or Release"));
}
}
else
{
_logger.LogWarning("Called GetLatestTemplate({0}, {1}) with an invalid systemId or artifactId checklist type", systemGroupId, artifactId);
return(BadRequest("The checklist passed in had an Invalid System Artifact/Checklist Type"));
}
}
else
{
_logger.LogWarning("Called GetLatestTemplate({0}, {1}) with an invalid systemId or artifactId", systemGroupId, artifactId);
return(BadRequest("The checklist passed in had an Invalid System Artifact/Checklist"));
}
}
catch (Exception ex) {
_logger.LogError(ex, "GetLatestTemplate({0}, {1}) Error Retrieving Latest Template", systemGroupId, artifactId);
return(BadRequest());
}
}
public async Task <IActionResult> GetCompliancBySystemExport(string id, string filter, bool pii, string majorcontrol = "")
{
if (!string.IsNullOrEmpty(id))
{
try {
_logger.LogInformation("Calling GetCompliancBySystemExport({0}, {1}, {2})", id, filter, pii.ToString());
// verify system information
SystemGroup sg = NATSClient.GetSystemGroup(id);
if (sg == null)
{
_logger.LogInformation("Called GetCompliancBySystemExport({0}, {1}, {2}) invalid System Group", id, filter, pii.ToString());
return(NotFound());
}
var result = ComplianceGenerator.GetSystemControls(id, filter, pii, majorcontrol);
if (result != null && result.Result != null && result.Result.Count > 0)
{
_logger.LogInformation("Called GetCompliancBySystemExport({0}, {1}, {2}) successfully. Putting into XLSX.", id, filter, pii.ToString());
// starting row
uint rowNumber = 7;
// create the XLSX in memory and send it out
var memory = new MemoryStream();
using (SpreadsheetDocument spreadSheet = SpreadsheetDocument.Create(memory, SpreadsheetDocumentType.Workbook))
{
// Add a WorkbookPart to the document.
WorkbookPart workbookpart = spreadSheet.AddWorkbookPart();
workbookpart.Workbook = new Workbook();
// add styles to workbook
WorkbookStylesPart wbsp = workbookpart.AddNewPart <WorkbookStylesPart>();
// Add a WorksheetPart to the WorkbookPart.
WorksheetPart worksheetPart = workbookpart.AddNewPart <WorksheetPart>();
worksheetPart.Worksheet = new Worksheet(new SheetData());
// add stylesheet to use cell formats 1 - 4
wbsp.Stylesheet = ExcelStyleSheet.GenerateStylesheet();
DocumentFormat.OpenXml.Spreadsheet.Columns lstColumns = worksheetPart.Worksheet.GetFirstChild <DocumentFormat.OpenXml.Spreadsheet.Columns>();
if (lstColumns == null) // generate the column listings we need with custom widths
{
lstColumns = new DocumentFormat.OpenXml.Spreadsheet.Columns();
lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column()
{
Min = 1, Max = 1, Width = 20, CustomWidth = true
}); // col A
lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column()
{
Min = 2, Max = 2, Width = 60, CustomWidth = true
});
lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column()
{
Min = 3, Max = 3, Width = 50, CustomWidth = true
});
lstColumns.Append(new DocumentFormat.OpenXml.Spreadsheet.Column()
{
Min = 4, Max = 4, Width = 25, CustomWidth = true
});
worksheetPart.Worksheet.InsertAt(lstColumns, 0);
}
// Add Sheets to the Workbook.
Sheets sheets = spreadSheet.WorkbookPart.Workbook.AppendChild <Sheets>(new Sheets());
// Append a new worksheet and associate it with the workbook.
Sheet sheet = new Sheet()
{
Id = spreadSheet.WorkbookPart.
GetIdOfPart(worksheetPart), SheetId = 1, Name = "System-Compliance"
};
sheets.Append(sheet);
// Get the sheetData cell table.
SheetData sheetData = worksheetPart.Worksheet.GetFirstChild <SheetData>();
DocumentFormat.OpenXml.Spreadsheet.Cell refCell = null;
DocumentFormat.OpenXml.Spreadsheet.Cell newCell = null;
DocumentFormat.OpenXml.Spreadsheet.Row row = MakeTitleRow("OpenRMF by Cingulara and Tutela");
sheetData.Append(row);
row = MakeXLSXInfoRow("System Name", sg.title, 2);
sheetData.Append(row);
row = MakeXLSXInfoRow("Generated", DateTime.Now.ToString("MM/dd/yy hh:mm tt"), 7);
sheetData.Append(row);
row = MakeComplianceHeaderRows(rowNumber);
sheetData.Append(row);
uint styleIndex = 0; // use this for 4, 5, 6, or 7 for status
_logger.LogInformation("GetCompliancBySystemExport() cycling through all the vulnerabilities");
foreach (NISTCompliance nist in result.Result)
{
if (nist.complianceRecords.Count > 0)
{
foreach (ComplianceRecord rec in nist.complianceRecords)
{
rowNumber++;
styleIndex = GetVulnerabilityStatus(rec.status, "high");
// make a new row for this set of items
row = MakeDataRow(rowNumber, "A", nist.control, styleIndex);
// now cycle through the rest of the items
newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell()
{
CellReference = "B" + rowNumber.ToString()
};
row.InsertBefore(newCell, refCell);
newCell.CellValue = new CellValue(nist.title);
newCell.DataType = new EnumValue <CellValues>(CellValues.String);
newCell.StyleIndex = styleIndex;
newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell()
{
CellReference = "C" + rowNumber.ToString()
};
row.InsertBefore(newCell, refCell);
newCell.CellValue = new CellValue(rec.title);
newCell.DataType = new EnumValue <CellValues>(CellValues.String);
newCell.StyleIndex = styleIndex;
newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell()
{
CellReference = "D" + rowNumber.ToString()
};
row.InsertBefore(newCell, refCell);
// print out status, if N/A or NAF then just NAF
if (rec.status.ToLower() == "open")
{
newCell.CellValue = new CellValue("Open");
}
else if (rec.status.ToLower() == "not_reviewed")
{
newCell.CellValue = new CellValue("Not Reviewed");
}
else
{
newCell.CellValue = new CellValue("Not a Finding");
}
newCell.DataType = new EnumValue <CellValues>(CellValues.String);
newCell.StyleIndex = styleIndex;
sheetData.Append(row);
}
}
else
{
rowNumber++;
styleIndex = 0;
// make a new row for this set of items
row = MakeDataRow(rowNumber, "A", nist.control, styleIndex);
// now cycle through the rest of the items
newCell = new DocumentFormat.OpenXml.Spreadsheet.Cell()
{
CellReference = "B" + rowNumber.ToString()
};
row.InsertBefore(newCell, refCell);
newCell.CellValue = new CellValue(nist.title);
newCell.DataType = new EnumValue <CellValues>(CellValues.String);
newCell.StyleIndex = styleIndex;
sheetData.Append(row);
}
}
// Save the new worksheet.
workbookpart.Workbook.Save();
// Close the document.
spreadSheet.Close();
// set the filename
string filename = sg.title;
if (!string.IsNullOrEmpty(sg.title) && sg.title.ToLower().Trim() == "none")
{
filename = sg.title.Trim() + "-" + filename; // add the system onto the front
}
// return the file
memory.Seek(0, SeekOrigin.Begin);
_logger.LogInformation("Called GetCompliancBySystemExport({0}, {1}, {2}) successfully", id, filter, pii.ToString());
return(File(memory, "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", CreateXLSXFilename(filename)));
} // end of using statement
}
else
{
_logger.LogWarning("Called GetCompliancBySystemExport({0}, {1}, {2}) but had no returned data", id, filter, pii.ToString());
return(NotFound()); // bad system reference
}
}
catch (Exception ex) {
_logger.LogError(ex, "GetCompliancBySystemExport() Error exporting Compliance for system {0}", id);
return(BadRequest());
}
}
else
{
_logger.LogWarning("Called GetCompliancBySystemExport() but with an invalid or empty system group Id", id);
return(BadRequest()); // no term entered
}
}
