/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
}
if (RetentionInDays != null)
{
model.RetentionInDays = RetentionInDays;
}
if (StorageAccountName != null)
{
model.StorageAccountName = StorageAccountName;
}
return(model);
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
private DatabaseSecurityAlertPolicy PolicizeDatabaseSecurityAlertModel(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix)
{
var policy = new DatabaseSecurityAlertPolicy()
{
State = model.ThreatDetectionState == ThreatDetectionStateType.Enabled ? SecurityAlertsPolicyState.Enabled : SecurityAlertsPolicyState.Disabled,
DisabledAlerts = ExtractExcludedDetectionType(model),
EmailAddresses = model.NotificationRecipientsEmails.Split(';').Where(mail => !string.IsNullOrEmpty(mail)).ToList(),
EmailAccountAdmins = model.EmailAdmins,
RetentionDays = Convert.ToInt32(model.RetentionInDays),
};
if (string.IsNullOrEmpty(model.StorageAccountName))
{
policy.StorageEndpoint = null;
policy.StorageAccountAccessKey = null;
}
else
{
BaseSecurityAlertPolicyProperties legacyProperties = new BaseSecurityAlertPolicyProperties();
PopulateStoragePropertiesInPolicy(model, legacyProperties, storageEndpointSuffix);
policy.StorageEndpoint = legacyProperties.StorageEndpoint;
policy.StorageAccountAccessKey = legacyProperties.StorageAccountAccessKey;
}
return(policy);
}
/// <summary>
/// Extracts the detection types from the given model
/// </summary>
private string ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model)
{
if (model.ExcludedDetectionTypes == null)
{
return(null);
}
StringBuilder detectionTypes = new StringBuilder();
if (IsDetectionTypeOn(DetectionType.Sql_Injection, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Sql_Injection).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Sql_Injection_Vulnerability, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Sql_Injection_Vulnerability).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Access_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Access_Anomaly).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Usage_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Usage_Anomaly).Append(";");
}
if (detectionTypes.Length != 0)
{
detectionTypes.Remove(detectionTypes.Length - 1, 1); // remove trailing semi-colon
}
return(detectionTypes.ToString());
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
}
model.ValidateContent();
return(model);
}
private void PopulateStoragePropertiesInPolicy(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties, string storageEndpointSuffix)
{
if (string.IsNullOrEmpty(model.StorageAccountName)) // can happen if the user didn't provide account name for a policy that lacked it
{
throw new Exception(string.Format(Properties.Resources.NoStorageAccountWhenConfiguringThreatDetectionPolicy));
}
properties.StorageEndpoint = string.Format("https://{0}.blob.{1}", model.StorageAccountName, storageEndpointSuffix);
properties.StorageAccountAccessKey = AzureCommunicator.GetStorageKeys(model.StorageAccountName)[StorageKeyKind.Primary];
}
private BaseSecurityAlertPolicyProperties PopulatePolicyProperties(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties)
{
properties.State = model.ThreatDetectionState.ToString();
properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
properties.EmailAccountAdmins = model.EmailAdmins ?
ThreatDetectionStateType.Enabled.ToString() :
ThreatDetectionStateType.Disabled.ToString();
properties.DisabledAlerts = ExtractExcludedDetectionType(model);
return(properties);
}
private BaseSecurityAlertPolicyProperties PopulateDatabasePolicyProperties(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix, BaseSecurityAlertPolicyProperties properties)
{
properties.State = model.ThreatDetectionState.ToString();
properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
properties.EmailAccountAdmins = model.EmailAdmins ?
ThreatDetectionStateType.Enabled.ToString() :
ThreatDetectionStateType.Disabled.ToString();
properties.DisabledAlerts = string.Join(";", ExtractExcludedDetectionType(model));
PopulateStoragePropertiesInPolicy(model, properties, storageEndpointSuffix);
properties.RetentionDays = Convert.ToInt32(model.RetentionInDays);
return(properties);
}
private static void ModelizeStorageAccount(BaseThreatDetectionPolicyModel model, string storageEndpoint)
{
if (string.IsNullOrEmpty(storageEndpoint))
{
model.StorageAccountName = string.Empty;
return;
}
var accountNameStartIndex = storageEndpoint.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase) ? 8 : 7; // https:// or http://
var accountNameEndIndex = storageEndpoint.IndexOf(".blob", StringComparison.InvariantCultureIgnoreCase);
model.StorageAccountName = storageEndpoint.Substring(accountNameStartIndex, accountNameEndIndex - accountNameStartIndex);
}
/// <summary>
/// Updates the given model with all the disabled alerts information
/// </summary>
private static void ModelizeDisabledAlerts(BaseThreatDetectionPolicyModel model, string disabledAlerts)
{
Func <string, DetectionType> toDetectionType = (s) =>
{
DetectionType value;
Enum.TryParse(s.Trim(), true, out value);
return(value);
};
if (string.IsNullOrEmpty(disabledAlerts))
{
model.ExcludedDetectionTypes = new DetectionType[] {};
}
else
{
model.ExcludedDetectionTypes = disabledAlerts.Split(';').Select(toDetectionType).ToArray();
}
}
/// <summary>
/// Extracts the detection types from the given model
/// </summary>
private static string[] ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model)
{
if (model.ExcludedDetectionTypes == null)
{
return(null);
}
if (model.ExcludedDetectionTypes.Any(t => t == DetectionType.None))
{
if (model.ExcludedDetectionTypes.Count() == 1)
{
return(new string[0]);
}
if (model.ExcludedDetectionTypes.Any(t => t != DetectionType.None))
{
throw new Exception(Properties.Resources.InvalidDetectionTypeList);
}
}
return(model.ExcludedDetectionTypes);
}
/// <summary>
/// Extracts the detection types from the given model
/// </summary>
private static string ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model)
{
if (model.ExcludedDetectionTypes == null)
{
return(null);
}
if (model.ExcludedDetectionTypes.Any(t => t == DetectionType.None))
{
if (model.ExcludedDetectionTypes.Count() == 1)
{
return(string.Empty);
}
if (model.ExcludedDetectionTypes.Any(t => t != DetectionType.None))
{
throw new Exception(Properties.Resources.InvalidDetectionTypeList);
}
}
return(string.Join(";", model.ExcludedDetectionTypes.Select(t => t.ToString())));
}
/// <summary>
/// Extracts the detection types from the given model
/// </summary>
private string ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model)
{
if (model.ExcludedDetectionTypes == null)
{
return(null);
}
StringBuilder detectionTypes = new StringBuilder();
if (IsDetectionTypeOn(DetectionType.Successful_SQLi, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Successful_SQLi).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Attempted_SQLi, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Attempted_SQLi).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Client_GEO_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Client_GEO_Anomaly).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Failed_Logins_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Failed_Logins_Anomaly).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Failed_Queries_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Failed_Queries_Anomaly).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Data_Extraction_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Data_Extraction_Anomaly).Append(";");
}
if (IsDetectionTypeOn(DetectionType.Data_Alteration_Anomaly, model.ExcludedDetectionTypes))
{
detectionTypes.Append(SecurityConstants.Data_Alteration_Anomaly).Append(";");
}
if (detectionTypes.Length != 0)
{
detectionTypes.Remove(detectionTypes.Length - 1, 1); // remove trailing comma
}
return(detectionTypes.ToString());
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix)
{
var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
var properties = PopulateDatabasePolicyProperties(model, storageEndpointSuffix, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties;
updateParameters.Properties = properties;
return(updateParameters);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private static BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model)
{
model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeStorageAccount(model, threatDetectionProperties.StorageEndpoint);
model.ExcludedDetectionTypes = threatDetectionProperties.DisabledAlerts.Split(';').Where(alert => !string.IsNullOrEmpty(alert)).ToArray() ?? new string[] { };
model.RetentionInDays = (uint)threatDetectionProperties.RetentionDays;
return(model);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private static BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model)
{
model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeStorageAccount(model, threatDetectionProperties.StorageEndpoint);
ModelizeDisabledAlerts(model, threatDetectionProperties.DisabledAlerts.Split(';'));
model.RetentionInDays = (uint)threatDetectionProperties.RetentionDays;
return(model);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model)
{
model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeDisabledAlerts(model, threatDetectionProperties.DisabledAlerts);
return(model);
}
