public static CHECKLIST LoadChecklist(string rawChecklist)
{
CHECKLIST myChecklist = new CHECKLIST();
rawChecklist = rawChecklist.Replace("\n", "").Replace("\t", "");
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(rawChecklist);
XmlNodeList assetList = xmlDoc.GetElementsByTagName("ASSET");
XmlNodeList vulnList = xmlDoc.GetElementsByTagName("VULN");
XmlNodeList stiginfoList = xmlDoc.GetElementsByTagName("STIG_INFO");
// ensure all three are valid otherwise this XML is junk
if (assetList != null && stiginfoList != null && vulnList != null)
{
// fill in the ASSET listing
if (assetList.Count >= 1)
{
myChecklist.ASSET = getAssetListing(assetList.Item(0));
}
// now get the STIG_INFO Listing
if (stiginfoList.Count >= 1)
{
myChecklist.STIGS.iSTIG.STIG_INFO = getStigInfoListing(stiginfoList.Item(0));
}
// now get the VULN listings until the end!
if (vulnList.Count > 0)
{
myChecklist.STIGS.iSTIG.VULN = getVulnerabilityListing(vulnList);
}
}
return(myChecklist);
}
public JsonResult Crear(ChecklistViewModel check)
{
EntitiesNoMasAccidentes bd = new EntitiesNoMasAccidentes();
NoMasAccidentes.Models.CHECKLIST checklist = new CHECKLIST();
checklist.NOMBRE_CHECKLIST = check.nombre;
checklist.DESCRIPCION_CHECKLIST = check.desc;
bd.CHECKLIST.Add(checklist);
try
{
bd.SaveChanges();
}
catch (System.Data.Entity.Validation.DbEntityValidationException dbEx)
{
Exception raise = dbEx;
foreach (var validationErrors in dbEx.EntityValidationErrors)
{
foreach (var validationError in validationErrors.ValidationErrors)
{
string message = string.Format("{0}:{1}",
validationErrors.Entry.Entity.ToString(),
validationError.ErrorMessage);
// raise a new exception nesting
// the current instance as InnerException
raise = new InvalidOperationException(message, raise);
}
}
}
return(Json("d"));
}
public string Get()
{
// open the web path/examples/ckl file
string filename = Directory.GetCurrentDirectory() + exampleSTIG;
string checklistXML = string.Empty;
string returnedXML = string.Empty;
if (System.IO.File.Exists(filename))
{
CHECKLIST asdChecklist = new CHECKLIST();
_logger.LogInformation("/example/: Example file active so returning an example ASD STIG.");
// put that into a class and deserialize that
asdChecklist = ChecklistLoader.LoadASDChecklist(filename);
XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST));
_logger.LogInformation("Serialized ASD example checklist");
// serialize into a string to return
using (var sww = new StringWriter())
{
using (XmlWriter writer = XmlWriter.Create(sww))
{
serializer.Serialize(writer, asdChecklist);
_logger.LogInformation("/example/: Returning XML string of ASD example checklist");
returnedXML = sww.ToString(); // Your XML
}
}
}
return(returnedXML);
}
public void Test_CHECKLISTWithDataIsValid()
{
CHECKLIST chk = new CHECKLIST();
// test things out
Assert.True(chk != null);
Assert.True(chk.ASSET != null);
Assert.True(chk.STIGS != null);
}
public static CHECKLIST LoadASDChecklist(string filepath)
{
CHECKLIST asdChecklist = new CHECKLIST();
if (System.IO.File.Exists(filepath))
{
XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST));
StreamReader reader = new StreamReader(filepath);
asdChecklist = (CHECKLIST)serializer.Deserialize(reader);
reader.Close();
}
return(asdChecklist);
}
/// <summary>
/// Reads in the raw checklist file CKL and from that XML string, creates a C# class
/// of all the data in the file by parsing it.
/// </summary>
/// <param name="rawChecklist">The long XML string of the checklist</param>
/// <returns>
/// A CHECKLITS record which is a C# representation of the CKL XML file in class form.
/// </returns>
public static CHECKLIST LoadChecklist(string rawChecklist)
{
CHECKLIST myChecklist = new CHECKLIST();
XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST));
// sanitize it for JS
rawChecklist = rawChecklist.Replace("\t", "");
XmlDocument xmlDoc = new XmlDocument();
// load the doc into the XML structure
xmlDoc.LoadXml(rawChecklist);
// get the three main nodes we care about
XmlNodeList assetList = xmlDoc.GetElementsByTagName("ASSET");
XmlNodeList vulnList = xmlDoc.GetElementsByTagName("VULN");
XmlNodeList stiginfoList = xmlDoc.GetElementsByTagName("STIG_INFO");
// ensure all three are valid otherwise this XML is junk
if (assetList != null && stiginfoList != null && vulnList != null)
{
// fill in the ASSET listing
if (assetList.Count >= 1)
{
myChecklist.ASSET = getAssetListing(assetList.Item(0));
}
// now get the STIG_INFO Listing
if (stiginfoList.Count >= 1)
{
myChecklist.STIGS.iSTIG.STIG_INFO = getStigInfoListing(stiginfoList.Item(0));
}
// now get the VULN listings until the end!
if (vulnList.Count > 0)
{
myChecklist.STIGS.iSTIG.VULN = getVulnerabilityListing(vulnList);
}
}
return(myChecklist);
}
public void TestSTIGCL()
{
try
{
CRObjSerializer cros = new CRObjSerializer();
CHECKLIST ckl = cros.LoadSTIGCKL(@"C:\TEMP\ckl_testSave.xml");
foreach (var vuln in ckl.STIGS.iSTIG.VULN)
{
if (vuln.STIG_DATA[0].ATTRIBUTE_DATA == "V-70149")
{
//vuln.FINDING_DETAILS = "finding test test";
//Console.WriteLine(vuln.COMMENTS.ToString());
Console.WriteLine(vuln.FINDING_DETAILS.ToString());
vuln.STATUS = "Open";
}
}
cros.SaveCRObj(@"C:\TEMP\ckl_testSave.ckl", ckl);
}
catch (Exception ex)
{
throw new AssertFailedException(ex.Message);
}
}
public void Test_NewCHECKLISTIsValid()
{
CHECKLIST chk = new CHECKLIST();
Assert.True(chk != null);
}
/// <summary>
/// 項目檢核
/// </summary>
/// <param name="CheckSN">日常檢核件編號</param>
/// <param name="CheckID">機房檢核項目ID</param>
/// <param name="ListID">檢核項目ID</param>
/// <param name="CheckResult">檢核結果</param>
/// <param name="CheckDate">檢核日期</param>
/// <param name="ShiftID">班別</param>
/// <returns></returns>
public string Check(string CheckSN, int CheckID,
int ListID, string CheckResult,
string CheckDate, string Shift)
{
//初始化系統參數
Configer.Init();
//Log記錄用
SYSTEMLOG SL = new SYSTEMLOG();
SL.UId = Session["UserID"].ToString();
SL.Controller = "Process";
SL.Action = "GetProcess";
SL.StartDateTime = DateTime.Now;
string MailServer = Configer.MailServer;
int MailServerPort = Configer.MailServerPort;
string MailSender = Configer.MailSender;
List <string> MailReceiver = Configer.MailReceiver;
try
{
string Title = context.CHECKTITLES.Find(CheckID).Title;
string CheckName = context.CHECKLISTS.Find(ListID).Definition;
CHECKLIST CL = context.CHECKLISTS.Find(ListID);
if (CL.ShiftID == "00")
{
Shift = "00";
}
//檢查CHECKPROCESS有沒有資料
var query = context.CHECKPROCESSDETAILS.Where(b => b.ListID == ListID)
.Where(b => b.CheckSN == CheckSN)
.Where(b => b.CheckID == CheckID)
.Where(b => b.CheckDate == CheckDate)
.Where(b => b.ShiftID == Shift);
if (query.Count() > 0)
{
//update CHECKPROCESSDETAILS
CHECKPROCESSDETAIL CPD = context.CHECKPROCESSDETAILS.Where(b => b.ListID == ListID)
.Where(b => b.CheckSN == CheckSN)
.Where(b => b.CheckID == CheckID)
.Where(b => b.CheckDate == CheckDate)
.Where(b => b.ShiftID == Shift).First();
CPD.CheckResult = CheckResult;
CPD.UpadteAccount = Session["UserID"].ToString().Trim();
CPD.UpdateTime = DateTime.Now;
context.Entry(CPD).State = EntityState.Modified;
context.SaveChanges();
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 1;
SL.FailCount = 0;
SL.Result = false;
SL.Msg = "[" + CheckSN + "]檢核[" + Title + "][" + CheckName + "]作業成功";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
return("檢核成功");
}
else
{
//insert CHECKPROCESSDETAILS
CHECKPROCESSDETAIL newCPD = new CHECKPROCESSDETAIL();
newCPD.CheckSN = CheckSN;
newCPD.CheckID = CheckID;
newCPD.ListID = ListID;
newCPD.ShiftID = Shift;
newCPD.CheckDate = CheckDate;
newCPD.CheckResult = CheckResult;
newCPD.CreateAccount = Session["UserID"].ToString().Trim();
newCPD.CreateTime = DateTime.Now;
newCPD.UpadteAccount = Session["UserID"].ToString().Trim();
newCPD.UpdateTime = DateTime.Now;
context.CHECKPROCESSDETAILS.Add(newCPD);
context.SaveChanges();
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 1;
SL.FailCount = 0;
SL.Result = false;
SL.Msg = "[" + CheckSN + "]檢核[" + Title + "][" + CheckName + "]作業成功";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
return("檢核成功");
}
}
catch (Exception ex)
{
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 0;
SL.SuccessCount = 0;
SL.FailCount = 0;
SL.Result = false;
SL.Msg = "[" + CheckSN + "]檢核流程作業失敗," + "錯誤訊息[" + ex.ToString() + "]";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
return("檢核失敗");
}
}
/// <summary>
/// Copyright (C) 2015-2016 Jerome Athias - frhack.org
/// *** BETA VERSION ***
/// Parser for National Checklist Program (NCP) Checklists feed XML file and import into an XORCISM database
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
///
static void Main(string[] args)
{
//https://nvd.nist.gov/download.cfm#CVE_FEED
//National Checklist Program (NCP) Checklists
XORCISMEntities model = new XORCISMEntities();
//VOCABULARIES
int iVocabularyNCPID = 0;
#region vocabularyncp
try
{
//Hardcoded
iVocabularyNCPID = model.VOCABULARY.Where(o => o.VocabularyName == "NCP").Select(o => o.VocabularyID).FirstOrDefault();
}
catch (Exception ex)
{
}
if (iVocabularyNCPID <= 0)
{
XORCISMModel.VOCABULARY oVocabulary = new XORCISMModel.VOCABULARY();
oVocabulary.CreatedDate = DateTimeOffset.Now;
oVocabulary.VocabularyName = "NCP"; //Hardcoded
model.VOCABULARY.Add(oVocabulary);
model.SaveChanges();
iVocabularyNCPID = oVocabulary.VocabularyID;
Console.WriteLine("DEBUG iVocabularyNCPID=" + iVocabularyNCPID);
}
#endregion vocabularyncp
//TODO: download if needed (if updated)
string filepath = "checklist-0.1-feed.xml"; //Hardcoded
Console.WriteLine("DEBUG " + DateTimeOffset.Now);
XmlDocument docXML = new XmlDocument();
//TODO: Security controls/checks
//TODO: XSD validation
//TODO: ...
docXML.Load(filepath);
XmlNodeList nodes;
nodes = docXML.SelectNodes("/ncp");
foreach (XmlNode nodeEntry in docXML.DocumentElement.ChildNodes)
{
//<entry ncp-checklist-id="7">
string sChecklistVocabularyID = "";
CHECKLIST oChecklist = null;
int iChecklistID = 0;
try
{
sChecklistVocabularyID = nodeEntry.Attributes["ncp-checklist-id"].InnerText;
}
catch (Exception exsChecklistVocabularyID)
{
Console.WriteLine("Exception: exiChecklistVocabularyID");
}
foreach (XmlNode nodeEntryInfo in nodeEntry.ChildNodes)
{
switch (nodeEntryInfo.Name)
{
case "ncp:checklist-details":
//int iChecklistID = 0;
foreach (XmlNode nodeChecklistDetail in nodeEntryInfo.ChildNodes)
{
switch (nodeChecklistDetail.Name)
{
case "ncp:title":
string sChecklistName = "";
string sChecklistVersion = "";
foreach (XmlNode nodeTitle in nodeChecklistDetail.ChildNodes)
{
switch (nodeTitle.Name)
{
case "ncp:checklist-name":
sChecklistName = nodeTitle.InnerText;
break;
case "ncp:version":
sChecklistVersion = nodeTitle.InnerText;
break;
default:
Console.WriteLine("ERROR Missing code for nodeTitle.Name=" + nodeTitle.Name);
break;
}
}
#region checklist
try
{
//TODO? add ChecklistVersion
oChecklist = model.CHECKLIST.Where(o => o.Title == sChecklistName).FirstOrDefault();
}
catch (Exception exiChecklistID)
{
}
if (oChecklist != null)
{
iChecklistID = oChecklist.ChecklistID;
//Update CHECKLIST
try
{
oChecklist.ChecklistVersion = sChecklistVersion;
oChecklist.ChecklistVocabularyID = sChecklistVocabularyID;
oChecklist.timestamp = DateTimeOffset.Now;
model.SaveChanges();
}
catch (Exception exUpdateCHECKLIST)
{
Console.WriteLine("Exception: exUpdateCHECKLIST " + exUpdateCHECKLIST.Message + " " + exUpdateCHECKLIST.InnerException);
}
}
else
{
Console.WriteLine("DEBUG Adding CHECKLIST");
//NOTE: Model comes from OCIL https://scap.nist.gov/specifications/ocil/
try
{
oChecklist = new CHECKLIST();
oChecklist.CreatedDate = DateTimeOffset.Now;
oChecklist.Title = sChecklistName;
oChecklist.ChecklistVersion = sChecklistVersion;
//oChecklist.ChecklistCategoryID= //TODO
//oChecklistOrganisationID //Updated later
oChecklist.ChecklistVocabularyID = sChecklistVocabularyID;
oChecklist.VocabularyID = iVocabularyNCPID;
oChecklist.timestamp = DateTimeOffset.Now;
model.CHECKLIST.Add(oChecklist);
model.SaveChanges();
iChecklistID = oChecklist.ChecklistID;
}
catch (Exception exAddCHECKLIST)
{
Console.WriteLine("Exception: exAddCHECKLIST " + exAddCHECKLIST.Message + " " + exAddCHECKLIST.InnerException);
}
}
#endregion checklist
//TODO CHECKLISTTAG sChecklistName
break;
case "ncp:authority":
#region authority
string sOrganisationName = "";
string sOrganisationReference = ""; //TODO
string sOrganisationDescription = "";
int iRoleID = 0;
foreach (XmlNode nodeAuthorityDetail in nodeChecklistDetail.ChildNodes)
{
switch (nodeAuthorityDetail.Name)
{
case "ncp:organization":
//<ncp:organization system-id="http://www.disa.mil/" name="Defense Information Systems Agency">
sOrganisationName = nodeAuthorityDetail.Attributes["name"].InnerText;
sOrganisationReference = nodeAuthorityDetail.Attributes["system-id"].InnerText;
Console.WriteLine("DEBUG sOrganisationReference=" + sOrganisationReference);
foreach (XmlNode nodeOrganizationDetail in nodeAuthorityDetail.ChildNodes)
{
switch (nodeOrganizationDetail.Name)
{
case "ncp:description":
//Not provided.
sOrganisationDescription = nodeOrganizationDetail.InnerText;
break;
default:
Console.WriteLine("ERROR Missing code for nodeOrganizationDetail.Name=" + nodeOrganizationDetail.Name);
break;
}
}
break;
case "ncp:type":
//GOVERNMENTAL_AUTHORITY
//Using the table ROLE
#region authorityrole
string sAuthority = nodeAuthorityDetail.InnerText;
try
{
iRoleID = model.ROLE.Where(o => o.RoleName == sAuthority).FirstOrDefault().RoleID;
}
catch (Exception ex)
{
}
if (iRoleID <= 0)
{
Console.WriteLine("Adding ROLE/AUTHORITY");
try
{
ROLE oRole = new ROLE();
oRole.CreatedDate = DateTimeOffset.Now;
oRole.RoleName = sAuthority;
//oRole.RoleDescription //TODO See https://web.nvd.nist.gov/view/ncp/repository/glossary
oRole.VocabularyID = iVocabularyNCPID;
oRole.timestamp = DateTimeOffset.Now;
model.ROLE.Add(oRole);
model.SaveChanges();
iRoleID = oRole.RoleID;
}
catch (Exception exAddRole)
{
Console.WriteLine("Exception: exAddRole " + exAddRole.Message + " " + exAddRole.InnerException);
}
}
else
{
//Update ROLE
}
#endregion authorityrole
break;
default:
Console.WriteLine("ERROR Missing code for nodeAuthorityDetail.Name=" + nodeAuthorityDetail.Name);
break;
}
}
int iOrganisationID = 0;
#region organisation
try
{
iOrganisationID = model.ORGANISATION.Where(o => o.OrganisationName == sOrganisationName || o.OrganisationKnownAs == sOrganisationName).FirstOrDefault().OrganisationID;
}
catch (Exception exiOrganisationID)
{
}
if (iOrganisationID <= 0)
{
Console.WriteLine("DEBUG Adding ORGANISATION");
try
{
ORGANISATION oOrganisation = new ORGANISATION();
oOrganisation.CreatedDate = DateTimeOffset.Now;
oOrganisation.OrganisationName = sOrganisationName;
oOrganisation.OrganisationDescription = sOrganisationDescription;
oOrganisation.VocabularyID = iVocabularyNCPID;
oOrganisation.timestamp = DateTimeOffset.Now;
model.ORGANISATION.Add(oOrganisation);
model.SaveChanges();
iOrganisationID = oOrganisation.OrganisationID;
}
catch (Exception exAddORGANISATION)
{
Console.WriteLine("Exception: exAddORGANISATION " + exAddORGANISATION.Message + " " + exAddORGANISATION.InnerException);
}
}
else
{
//Update ORGANISATION
//TODO i.e. Description
}
#endregion organisation
try
{
oChecklist.OrganisationID = iOrganisationID;
oChecklist.timestamp = DateTimeOffset.Now;
model.SaveChanges();
}
catch (Exception exChecklistOrganisationID)
{
Console.WriteLine("Exception: exChecklistOrganisationID " + exChecklistOrganisationID.Message + " " + exChecklistOrganisationID.InnerException);
}
//TODO
//<ncp:organization system-id="http://www.disa.mil/" name="Defense Information Systems Agency">
//ORGANISATIONREFERENCE or ORGANISATIONDOMAINNAME
#region CHECKLISTAUTHORITY
int iChecklistAuthorityID = 0;
//TODO? VocabularyID
try
{
iChecklistAuthorityID = model.CHECKLISTAUTHORITY.Where(o => o.ChecklistID == iChecklistID && o.RoleID == iRoleID).FirstOrDefault().ChecklistAuthorityID;
}
catch (Exception ex)
{
}
if (iChecklistAuthorityID <= 0)
{
Console.WriteLine("DEBUG Adding CHECKLISTAUTHORITY");
try
{
CHECKLISTAUTHORITY oChecklistAuthority = new CHECKLISTAUTHORITY();
oChecklistAuthority.CreatedDate = DateTimeOffset.Now;
oChecklistAuthority.ChecklistID = iChecklistID;
oChecklistAuthority.OrganisationID = iOrganisationID;
oChecklistAuthority.RoleID = iRoleID;
oChecklistAuthority.VocabularyID = iVocabularyNCPID;
oChecklistAuthority.timestamp = DateTimeOffset.Now;
model.CHECKLISTAUTHORITY.Add(oChecklistAuthority);
model.SaveChanges();
iChecklistAuthorityID = oChecklistAuthority.ChecklistAuthorityID;
}
catch (Exception exAddChecklistAuthority)
{
Console.WriteLine("Exception: exAddChecklistAuthority " + exAddChecklistAuthority.Message + " " + exAddChecklistAuthority.InnerException);
}
}
else
{
//Update CHECKLISTAUTHORITY
}
#endregion CHECKLISTAUTHORITY
#endregion authority
break;
case "ncp:resource":
#region resource
string sReferenceURL = "";
int iReferenceAuthorID = 0;
string sReferenceTitle = "";
foreach (XmlNode nodeResource in nodeChecklistDetail.ChildNodes)
{
switch (nodeResource.Name)
{
case "ncp:reference":
try
{
sReferenceURL = nodeResource.Attributes["href"].InnerText;
}
catch (Exception)
{
}
break;
case "ncp:author":
//<ncp:author system-id="http://www.disa.mil/" name="Defense Information Systems Agency">
//TODO
//iReferenceAuthorID
break;
case "ncp:title":
//.NET Framework Security Checklist
sReferenceTitle = nodeResource.InnerText;
break;
default:
//ncp:sha-1
//ncp:sha-256
//<ncp:type>Prose</ncp:type>
Console.WriteLine("ERROR Missing code for nodeResource.Name=" + nodeResource.Name);
break;
}
}
//TODO Add REFERENCE REFERENCEHASHVALUE CHECKLISTREFERENCE
#endregion resource
break;
case "ncp:target-product":
#region targetproduct
//<ncp:target-product fips-140-2-compliance-flag="true">
string sProductName = string.Empty;
string sCPEName = string.Empty;
string sProductCategory = string.Empty;
foreach (XmlNode nodeProduct in nodeChecklistDetail.ChildNodes)
{
switch (nodeProduct.Name)
{
case "ncp:name":
sProductName = nodeProduct.InnerText;
break;
case "ncp:cpe-name":
sCPEName = nodeProduct.InnerText;
break;
case "ncp:product-category":
sProductCategory = nodeProduct.InnerText;
break;
default:
Console.WriteLine("ERROR Missing code for nodeProduct " + nodeProduct.Name);
break;
}
}
Console.WriteLine("DEBUG sProductName=" + sProductName); //Microsoft .NET Framework 1.0
Console.WriteLine("DEBUG sCPEName=" + sCPEName); //Microsoft .NET Framework 1.0
Console.WriteLine("DEBUG sProductCategory=" + sProductCategory); //
//Operating System //TODO? OS
int iCategoryID = 0;
#region category
//TODO? + VocabularyID
try
{
iCategoryID = model.CATEGORY.Where(o => o.CategoryName == sProductCategory).FirstOrDefault().CategoryID;
}
catch (Exception exiCategoryID)
{
}
if (iCategoryID <= 0)
{
Console.WriteLine("DEBUG Adding CATEGORY");
try
{
CATEGORY oCategory = new CATEGORY();
oCategory.CreatedDate = DateTimeOffset.Now;
oCategory.CategoryName = sProductCategory;
oCategory.VocabularyID = iVocabularyNCPID;
oCategory.timestamp = DateTimeOffset.Now;
model.CATEGORY.Add(oCategory);
model.SaveChanges();
iCategoryID = oCategory.CategoryID;
}
catch (Exception exAddCategory)
{
Console.WriteLine("Exception: exAddCategory " + exAddCategory.Message + " " + exAddCategory.InnerException);
}
}
#endregion category
int iProductCategoryID = 0;
#region productcategory
//TODO? + VocabularyID
try
{
iProductCategoryID = model.PRODUCTCATEGORY.Where(o => o.ProductCategoryName == sProductCategory).FirstOrDefault().ProductCategoryID;
}
catch (Exception exiProductCategoryID)
{
}
if (iProductCategoryID <= 0)
{
Console.WriteLine("DEBUG Adding PRODUCTCATEGORY");
try
{
PRODUCTCATEGORY oProductCategory = new PRODUCTCATEGORY();
oProductCategory.CreatedDate = DateTimeOffset.Now;
oProductCategory.ProductCategoryName = sProductCategory;
oProductCategory.CategoryID = iCategoryID;
//TODO
//oProductCategory.OrganisationID //Defense Information Systems Agency
oProductCategory.VocabularyID = iVocabularyNCPID;
oProductCategory.timestamp = DateTimeOffset.Now;
model.PRODUCTCATEGORY.Add(oProductCategory);
model.SaveChanges();
iProductCategoryID = oProductCategory.ProductCategoryID;
}
catch (Exception exAddProductCategory)
{
Console.WriteLine("Exception: exAddProductCategory " + exAddProductCategory.Message + " " + exAddProductCategory.InnerException);
}
}
#endregion productcategory
int iProductID = 0;
#region product
//Note: It seems that ProductNames are the 'same' in NCP and OVAL :-)
try
{
iProductID = model.PRODUCT.Where(o => o.ProductName == sProductName).FirstOrDefault().ProductID;
}
catch (Exception exiProductID)
{
}
if (iProductID <= 0)
{
Console.WriteLine("DEBUG Adding PRODUCT");
try
{
PRODUCT oProduct = new PRODUCT();
oProduct.ProductName = sProductName;
//TODO? Vendor...
string sProductVendor = "";
#region productvendor
//Hardcoded
if (sProductName.Contains("Microsoft"))
{
sProductVendor = "Microsoft";
}
if (sProductName.Contains("Windows"))
{
sProductVendor = "Microsoft";
}
if (sProductName.Contains("VBScript"))
{
sProductVendor = "Microsoft";
}
if (sProductName.Contains("Skype"))
{
sProductVendor = "Microsoft";
}
if (sProductName.Contains("Outlook"))
{
sProductVendor = "Microsoft";
}
if (sProductName.Contains("MSN Messenger"))
{
sProductVendor = "Microsoft";
}
if (sProductName.Contains("Internet Explorer"))
{
sProductVendor = "Microsoft";
}
//Print Spooler Service
//Licence Logging Service
//File and Print Sharing
//Remote Desktop Client
//Local Security Authority Subsystem Service (LSASS)
//Task Scheduler
//Kerberos
//NetBIOS
if (sProductName.Contains("Google"))
{
sProductVendor = "Google";
}
if (sProductName.Contains("Adobe"))
{
sProductVendor = "Adobe";
}
if (sProductName.Contains("Flash Player"))
{
sProductVendor = "Adobe";
}
if (sProductName.Contains("Apple"))
{
sProductVendor = "Apple";
}
if (sProductName.Contains("Mozilla"))
{
sProductVendor = "Mozilla";
}
if (sProductName.Contains("Oracle"))
{
sProductVendor = "Oracle";
}
if (sProductName.Contains("Solaris"))
{
sProductVendor = "Oracle";
}
//Oracle VirtualBox
if (sProductName.Contains("Apache"))
{
sProductVendor = "Apache";
}
if (sProductName.Contains("OpenOffice"))
{
sProductVendor = "Apache";
}
if (sProductName.Contains("avast"))
{
sProductVendor = "Avast";
}
if (sProductName.Contains("TechSmith"))
{
sProductVendor = "TechSmith";
}
if (sProductName.Contains("Kaspersky"))
{
sProductVendor = "Kaspersky";
}
if (sProductName.Contains("Symantec"))
{
sProductVendor = "Symantec";
}
if (sProductName.Contains("Norton"))
{
sProductVendor = "Symantec"; //Norton
}
if (sProductName.Contains("McAfee"))
{
sProductVendor = "McAfee";
}
if (sProductName.Contains("MySQL"))
{
sProductVendor = "MySQL";
}
if (sProductName.Contains("Kodak"))
{
sProductVendor = "Kodak";
}
if (sProductName.Contains("Lotus"))
{
sProductVendor = "Lotus";
}
if (sProductName.Contains("VMware"))
{
sProductVendor = "VMware";
}
if (sProductName.Contains("Trend Micro"))
{
sProductVendor = "Trend Micro";
}
//Crystal Enterprise
if (sProductName.Contains("Crystal Reports"))
{
sProductVendor = "SAP"; //SAP AG? SAP AE?
}
if (sProductName.Contains("PostgreSQL"))
{
sProductVendor = "DB Consulting Inc.";
}
if (sProductVendor == "")
{
if (sProductName.Contains("IBM"))
{
sProductVendor = "IBM";
}
if (sProductName.Contains("Sun"))
{
sProductVendor = "Oracle";
}
}
//Macrovision Rovi Corporation
//Opera
//VLC
//Winamp
//VirtualBox
//Perl
//Python
//RealPlayer
//DirectX
//DirectShow
//...
#endregion productvendor
Console.WriteLine("DEBUG sProductVendor=" + sProductVendor);
oProduct.ProductVendor = sProductVendor;
//TODO OrganisationID
oProduct.CPEName = sCPEName;
oProduct.CreatedDate = DateTimeOffset.Now;
oProduct.VocabularyID = iVocabularyNCPID;
oProduct.timestamp = DateTimeOffset.Now;
model.PRODUCT.Add(oProduct);
model.SaveChanges();
iProductID = oProduct.ProductID;
}
catch (Exception exAddProduct)
{
Console.WriteLine("Exception: exAddProduct " + exAddProduct.Message + " " + exAddProduct.InnerException);
}
}
#endregion product
int iCategoryForProductID = 0;
#region PRODUCTCATEGORYFORPRODUCT
try
{
iCategoryForProductID = model.PRODUCTCATEGORYFORPRODUCT.Where(o => o.ProductCategoryID == iProductCategoryID && o.ProductID == iProductID).FirstOrDefault().ProductCategoryForProductID;
}
catch (Exception ex)
{
}
if (iCategoryForProductID <= 0)
{
Console.WriteLine("Adding PRODUCTCATEGORYFORPRODUCT");
try
{
PRODUCTCATEGORYFORPRODUCT oCategoryForProduct = new PRODUCTCATEGORYFORPRODUCT();
oCategoryForProduct.CreatedDate = DateTimeOffset.Now;
oCategoryForProduct.ProductCategoryID = iProductCategoryID;
oCategoryForProduct.ProductID = iProductID;
oCategoryForProduct.VocabularyID = iVocabularyNCPID;
oCategoryForProduct.timestamp = DateTimeOffset.Now;
model.PRODUCTCATEGORYFORPRODUCT.Add(oCategoryForProduct);
model.SaveChanges();
}
catch (Exception exPRODUCTCATEGORYFORPRODUCT)
{
Console.WriteLine("Exception exPRODUCTCATEGORYFORPRODUCT " + exPRODUCTCATEGORYFORPRODUCT.Message + " " + exPRODUCTCATEGORYFORPRODUCT.InnerException);
}
}
else
{
//Update PRODUCTCATEGORYFORPRODUCT
}
#endregion PRODUCTCATEGORYFORPRODUCT
int iCPEID = 0;
#region cpe
try
{
iCPEID = model.CPE.Where(o => o.CPEName == sCPEName).FirstOrDefault().CPEID;
}
catch (Exception exCPEID)
{
}
if (iCPEID <= 0)
{
Console.WriteLine("ERROR CPE Unknown " + sCPEName);
//Console.WriteLine("DEBUG Adding CPE");
}
#endregion cpe
#endregion targetproduct
break;
case "ncp:other-link":
#region link
//<ncp:other-link dependency_flag="true">
string sReference = "";
string sReferenceLinkTitle = "";
foreach (XmlNode nodeLink in nodeChecklistDetail.ChildNodes)
{
switch (nodeLink.Name)
{
case "ncp:reference":
//ncp:reference href="http://www.nsa.gov/ia/_files/app/I731-008R-2006.pdf"/>
//TODO? other attributes?
try
{
sReference = nodeLink.Attributes["href"].InnerText;
}
catch (Exception exhref)
{
}
break;
case "ncp:title":
sReferenceLinkTitle = nodeLink.InnerText;
break;
default:
Console.WriteLine("ERROR MISSING CODE FOR nodeLink.Name=" + nodeLink.Name);
break;
}
}
if (sReference != "")
{
#region reference
int iReferenceID = 0;
try
{
iReferenceID = model.REFERENCE.Where(o => o.ReferenceURL == sReference).FirstOrDefault().ReferenceID;
}
catch (Exception exiReferenceID)
{
}
if (iReferenceID <= 0)
{
Console.WriteLine("DEBUG Adding REFERENCE");
try
{
REFERENCE oReference = new REFERENCE();
oReference.CreatedDate = DateTimeOffset.Now;
oReference.ReferenceURL = sReference;
oReference.ReferenceTitle = sReferenceLinkTitle;
oReference.VocabularyID = iVocabularyNCPID;
oReference.timestamp = DateTimeOffset.Now;
model.REFERENCE.Add(oReference);
model.SaveChanges();
iReferenceID = oReference.ReferenceID;
}
catch (Exception exAddReference)
{
Console.WriteLine("Exception: exAddReference " + exAddReference.Message + " " + exAddReference.InnerException);
}
}
else
{
//Update REFERENCE
//TODO Test if same Title
}
#endregion reference
}
#endregion link
break;
default:
Console.WriteLine("ERROR Missing code for nodeChecklistDetail " + nodeChecklistDetail.Name);
break;
}
}
break;
default:
Console.WriteLine("ERROR Missing code for nodeEntryInfo " + nodeEntryInfo.Name);
//<ncp:documentation>
//<ncp:checklist-role>Desktop Client</ncp:checklist-role>
//CHECKLISTCATEGORY
//<ncp:regulatory-compliance>DOD Directive 8500.</ncp:regulatory-compliance>
//<ncp:regulatory-compliance>TBD</ncp:regulatory-compliance>
//COMPLIANCE
break;
}
}
}
}
public static Score ScoreChecklist(CHECKLIST xml)
{
try {
Score score = new Score();
if (!string.IsNullOrEmpty(xml.ASSET.HOST_NAME))
{
score.hostName = xml.ASSET.HOST_NAME;
}
else if (!string.IsNullOrEmpty(xml.ASSET.HOST_FQDN))
{
score.hostName = xml.ASSET.HOST_FQDN;
}
// CAT 1
score.totalCat1NotReviewed = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_reviewed" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count();
score.totalCat1NotApplicable = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_applicable" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count();
score.totalCat1Open = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "open" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count();
score.totalCat1NotAFinding = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "notafinding" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count();
// CAT 2
score.totalCat2NotReviewed = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_reviewed" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count();
score.totalCat2NotApplicable = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_applicable" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count();
score.totalCat2Open = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "open" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count();
score.totalCat2NotAFinding = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "notafinding" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count();
// CAT 3
score.totalCat3NotReviewed = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_reviewed" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count();
score.totalCat3NotApplicable = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_applicable" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count();
score.totalCat3Open = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "open" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count();
score.totalCat3NotAFinding = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "notafinding" &&
x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" &&
y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count();
// get the title and release which is a list of children of child nodes buried deeper :face-palm-emoji:
score.stigRelease = xml.STIGS.iSTIG.STIG_INFO.SI_DATA.Where(x => x.SID_NAME.ToLower() == "releaseinfo").FirstOrDefault().SID_DATA;
score.stigType = xml.STIGS.iSTIG.STIG_INFO.SI_DATA.Where(x => x.SID_NAME.ToLower() == "title").FirstOrDefault().SID_DATA;
// shorten the names a bit
if (score != null && !string.IsNullOrEmpty(score.stigType))
{
score.stigType = score.stigType.Replace("Security Technical Implementation Guide", "STIG");
score.stigType = score.stigType.Replace("Windows", "WIN");
score.stigType = score.stigType.Replace("Application Security and Development", "ASD");
score.stigType = score.stigType.Replace("Microsoft Internet Explorer", "MSIE");
score.stigType = score.stigType.Replace("Red Hat Enterprise Linux", "REL");
score.stigType = score.stigType.Replace("MS SQL Server", "MSSQL");
score.stigType = score.stigType.Replace("Server", "SVR");
score.stigType = score.stigType.Replace("Workstation", "WRK");
}
if (score != null && !string.IsNullOrEmpty(score.stigRelease))
{
score.stigRelease = score.stigRelease.Replace("Release: ", "R"); // i.e. R11, R2 for the release number
score.stigRelease = score.stigRelease.Replace("Benchmark Date:", "dated");
}
return(score);
}
catch (Exception ex) {
Console.WriteLine("Oops! The Scoring Engine had a major problem..." + ex.Message);
return(new Score());
}
}
public ActionResult EditItem(vCHECKLIST_Manage VCLM)
{
//初始化系統參數
Configer.Init();
//Log記錄用
SYSTEMLOG SL = new SYSTEMLOG();
SL.UId = Session["UserID"].ToString();
SL.Controller = "Document";
SL.Action = "EditItem";
SL.StartDateTime = DateTime.Now;
string MailServer = Configer.MailServer;
int MailServerPort = Configer.MailServerPort;
string MailSender = Configer.MailSender;
List <string> MailReceiver = Configer.MailReceiver;
try
{
if (ModelState.IsValid)
{
CHECKLIST nowCL = context.CHECKLISTS.Find(VCLM.ListID);
//nowCL.ListID = CL.ListID;
nowCL.CheckID = VCLM.CheckID;
nowCL.ListName = VCLM.ListName;
nowCL.Definition = VCLM.Definition;
nowCL.StartTime = VCLM.StartTime;
nowCL.EndTime = VCLM.EndTime;
nowCL.ShiftID = VCLM.ShiftID;
nowCL.ClassID = VCLM.ClassID;
nowCL.CheckType = VCLM.CheckType;
nowCL.AlwaysShow = VCLM.AlwaysShow;
nowCL.ChargerID = VCLM.ChargerID;
nowCL.ShowOrder = VCLM.ShowOrder;
nowCL.UpadteAccount = Session["UserID"].ToString().Trim();;
nowCL.UpdateTime = DateTime.Now;
context.Entry(nowCL).State = EntityState.Modified;
context.SaveChanges();
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 1;
SL.FailCount = 0;
SL.Result = true;
SL.Msg = "編輯檢核項目作業成功,ListID:[" + VCLM.ListID + "]";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
//string Title = context.CHECKTITLES.Find(VCLM.CheckID).Title;
return(RedirectToAction("ListItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle }));
}
else
{
TempData["EditMsg"] = "<script>alert('編輯失敗');</script>";
return(RedirectToAction("EditItem", "Document", new { ListID = VCLM.ListID }));
}
}
catch (Exception ex)
{
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 0;
SL.FailCount = 1;
SL.Result = false;
SL.Msg = "編輯檢核項目作業失敗," + "錯誤訊息[" + ex.ToString() + "]";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
TempData["EditMsg"] = "<script>alert('發生異常');</script>";
return(RedirectToAction("EditItem", "Document", new { ListID = VCLM.ListID }));
}
}
public ActionResult EditItem(int ListID)
{
//初始化系統參數
Configer.Init();
//Log記錄用
SYSTEMLOG SL = new SYSTEMLOG();
SL.UId = Session["UserID"].ToString();
SL.Controller = "Document";
SL.Action = "EditItem";
SL.TotalCount = 1;
SL.StartDateTime = DateTime.Now;
string MailServer = Configer.MailServer;
int MailServerPort = Configer.MailServerPort;
string MailSender = Configer.MailSender;
List <string> MailReceiver = Configer.MailReceiver;
try
{
CHECKLIST CL = context.CHECKLISTS.Find(ListID);
CHECKTITLE CT = context.CHECKTITLES.Find(CL.CheckID);
vCHECKLIST_Manage VCTM = new vCHECKLIST_Manage();
VCTM.CheckTitle = CT.Title;
VCTM.CheckID = CL.CheckID;
VCTM.ListName = CL.ListName;
VCTM.Definition = CL.Definition;
VCTM.CheckTitle = CT.Title;
TempData["CheckID"] = CL.CheckID;
TempData["Title"] = CT.Title;
//取得班別清單
var query1 = from s in context.CHECKSHIFTS
select new
{
s.ShiftID,
s.ShiftValue
};
VCTM.ShiftID = CL.ShiftID;
VCTM.ShiftIDList = new SelectList(query1, "ShiftID", "ShiftValue");
//取得分類清單
var query2 = from c in context.CHECKCLASSES
select new
{
c.ClassID,
c.ClassValue
};
VCTM.ClassID = CL.ClassID;
VCTM.ClassIDList = new SelectList(query2, "ClassID", "ClassValue");
//取得負責人清單
var query = from u in context.EPSUSERS
select new
{
u.UId,
u.UserName
};
VCTM.ChargerID = CL.ChargerID;
VCTM.ChargerList = new SelectList(query, "UId", "UserName");
VCTM.CheckType = CL.CheckType;
VCTM.AlwaysShow = CL.AlwaysShow;
VCTM.StartTime = CL.StartTime;
VCTM.EndTime = CL.EndTime;
VCTM.ShowOrder = CL.ShowOrder;
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 1;
SL.FailCount = 0;
SL.Result = true;
SL.Msg = "取得檢核項目資料作業成功,ListID:[" + ListID.ToString() + "]";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
return(View(VCTM));
}
catch (Exception ex)
{
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 0;
SL.FailCount = 1;
SL.Result = false;
SL.Msg = "取得檢核項目資料作業失敗," + "錯誤訊息[" + ex.ToString() + "]";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
return(RedirectToAction("ListItem", "Document"));
}
}
public ActionResult AddItem(vCHECKLIST_Manage VCLM)
{
//初始化系統參數
Configer.Init();
//Log記錄用
SYSTEMLOG SL = new SYSTEMLOG();
SL.UId = Session["UserID"].ToString();
SL.Controller = "Document";
SL.Action = "AddItem";
SL.TotalCount = 1;
SL.StartDateTime = DateTime.Now;
string MailServer = Configer.MailServer;
int MailServerPort = Configer.MailServerPort;
string MailSender = Configer.MailSender;
List <string> MailReceiver = Configer.MailReceiver;
try
{
if (ModelState.IsValid)
{
CHECKLIST CL = new CHECKLIST();
CL.CheckID = VCLM.CheckID;
CL.ListName = VCLM.ListName;
CL.Definition = VCLM.Definition;
CL.CheckType = VCLM.CheckType;
CL.ClassID = VCLM.ClassID;
CL.ChargerID = VCLM.ChargerID;
CL.ShiftID = VCLM.ShiftID;
CL.StartTime = VCLM.StartTime;
CL.EndTime = VCLM.EndTime;
CL.AlwaysShow = VCLM.AlwaysShow;
CL.ShowOrder = VCLM.ShowOrder;
CL.CreateAccount = Session["UserID"].ToString().Trim();
CL.CreateTime = DateTime.Now;
CL.UpadteAccount = Session["UserID"].ToString().Trim();
CL.UpdateTime = DateTime.Now;
context.CHECKLISTS.Add(CL);
context.SaveChanges();
SL.EndDateTime = DateTime.Now;
SL.SuccessCount = 1;
SL.FailCount = 0;
SL.Result = true;
SL.Msg = "建立檢核項目作業成功";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
//TempData["CreateMsg"] = "<script>alert('新增成功');</script>";
return(RedirectToAction("AddItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle }));
}
else
{
TempData["CreateMsg"] = "<script>alert('新增失敗');</script>";
return(RedirectToAction("AddItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle }));
}
}
catch (Exception ex)
{
SL.EndDateTime = DateTime.Now;
SL.TotalCount = 1;
SL.SuccessCount = 0;
SL.FailCount = 1;
SL.Result = false;
SL.Msg = "建立檢核項目作業失敗," + "錯誤訊息[" + ex.ToString() + "]";
SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver);
TempData["CreateMsg"] = "<script>alert('發生異常');</script>";
return(RedirectToAction("AddItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle }));
}
}
