public static CHECKLIST LoadChecklist(string rawChecklist) { CHECKLIST myChecklist = new CHECKLIST(); rawChecklist = rawChecklist.Replace("\n", "").Replace("\t", ""); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.LoadXml(rawChecklist); XmlNodeList assetList = xmlDoc.GetElementsByTagName("ASSET"); XmlNodeList vulnList = xmlDoc.GetElementsByTagName("VULN"); XmlNodeList stiginfoList = xmlDoc.GetElementsByTagName("STIG_INFO"); // ensure all three are valid otherwise this XML is junk if (assetList != null && stiginfoList != null && vulnList != null) { // fill in the ASSET listing if (assetList.Count >= 1) { myChecklist.ASSET = getAssetListing(assetList.Item(0)); } // now get the STIG_INFO Listing if (stiginfoList.Count >= 1) { myChecklist.STIGS.iSTIG.STIG_INFO = getStigInfoListing(stiginfoList.Item(0)); } // now get the VULN listings until the end! if (vulnList.Count > 0) { myChecklist.STIGS.iSTIG.VULN = getVulnerabilityListing(vulnList); } } return(myChecklist); }
public JsonResult Crear(ChecklistViewModel check) { EntitiesNoMasAccidentes bd = new EntitiesNoMasAccidentes(); NoMasAccidentes.Models.CHECKLIST checklist = new CHECKLIST(); checklist.NOMBRE_CHECKLIST = check.nombre; checklist.DESCRIPCION_CHECKLIST = check.desc; bd.CHECKLIST.Add(checklist); try { bd.SaveChanges(); } catch (System.Data.Entity.Validation.DbEntityValidationException dbEx) { Exception raise = dbEx; foreach (var validationErrors in dbEx.EntityValidationErrors) { foreach (var validationError in validationErrors.ValidationErrors) { string message = string.Format("{0}:{1}", validationErrors.Entry.Entity.ToString(), validationError.ErrorMessage); // raise a new exception nesting // the current instance as InnerException raise = new InvalidOperationException(message, raise); } } } return(Json("d")); }
public string Get() { // open the web path/examples/ckl file string filename = Directory.GetCurrentDirectory() + exampleSTIG; string checklistXML = string.Empty; string returnedXML = string.Empty; if (System.IO.File.Exists(filename)) { CHECKLIST asdChecklist = new CHECKLIST(); _logger.LogInformation("/example/: Example file active so returning an example ASD STIG."); // put that into a class and deserialize that asdChecklist = ChecklistLoader.LoadASDChecklist(filename); XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST)); _logger.LogInformation("Serialized ASD example checklist"); // serialize into a string to return using (var sww = new StringWriter()) { using (XmlWriter writer = XmlWriter.Create(sww)) { serializer.Serialize(writer, asdChecklist); _logger.LogInformation("/example/: Returning XML string of ASD example checklist"); returnedXML = sww.ToString(); // Your XML } } } return(returnedXML); }
public void Test_CHECKLISTWithDataIsValid() { CHECKLIST chk = new CHECKLIST(); // test things out Assert.True(chk != null); Assert.True(chk.ASSET != null); Assert.True(chk.STIGS != null); }
public static CHECKLIST LoadASDChecklist(string filepath) { CHECKLIST asdChecklist = new CHECKLIST(); if (System.IO.File.Exists(filepath)) { XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST)); StreamReader reader = new StreamReader(filepath); asdChecklist = (CHECKLIST)serializer.Deserialize(reader); reader.Close(); } return(asdChecklist); }
/// <summary> /// Reads in the raw checklist file CKL and from that XML string, creates a C# class /// of all the data in the file by parsing it. /// </summary> /// <param name="rawChecklist">The long XML string of the checklist</param> /// <returns> /// A CHECKLITS record which is a C# representation of the CKL XML file in class form. /// </returns> public static CHECKLIST LoadChecklist(string rawChecklist) { CHECKLIST myChecklist = new CHECKLIST(); XmlSerializer serializer = new XmlSerializer(typeof(CHECKLIST)); // sanitize it for JS rawChecklist = rawChecklist.Replace("\t", ""); XmlDocument xmlDoc = new XmlDocument(); // load the doc into the XML structure xmlDoc.LoadXml(rawChecklist); // get the three main nodes we care about XmlNodeList assetList = xmlDoc.GetElementsByTagName("ASSET"); XmlNodeList vulnList = xmlDoc.GetElementsByTagName("VULN"); XmlNodeList stiginfoList = xmlDoc.GetElementsByTagName("STIG_INFO"); // ensure all three are valid otherwise this XML is junk if (assetList != null && stiginfoList != null && vulnList != null) { // fill in the ASSET listing if (assetList.Count >= 1) { myChecklist.ASSET = getAssetListing(assetList.Item(0)); } // now get the STIG_INFO Listing if (stiginfoList.Count >= 1) { myChecklist.STIGS.iSTIG.STIG_INFO = getStigInfoListing(stiginfoList.Item(0)); } // now get the VULN listings until the end! if (vulnList.Count > 0) { myChecklist.STIGS.iSTIG.VULN = getVulnerabilityListing(vulnList); } } return(myChecklist); }
public void TestSTIGCL() { try { CRObjSerializer cros = new CRObjSerializer(); CHECKLIST ckl = cros.LoadSTIGCKL(@"C:\TEMP\ckl_testSave.xml"); foreach (var vuln in ckl.STIGS.iSTIG.VULN) { if (vuln.STIG_DATA[0].ATTRIBUTE_DATA == "V-70149") { //vuln.FINDING_DETAILS = "finding test test"; //Console.WriteLine(vuln.COMMENTS.ToString()); Console.WriteLine(vuln.FINDING_DETAILS.ToString()); vuln.STATUS = "Open"; } } cros.SaveCRObj(@"C:\TEMP\ckl_testSave.ckl", ckl); } catch (Exception ex) { throw new AssertFailedException(ex.Message); } }
public void Test_NewCHECKLISTIsValid() { CHECKLIST chk = new CHECKLIST(); Assert.True(chk != null); }
/// <summary> /// 項目檢核 /// </summary> /// <param name="CheckSN">日常檢核件編號</param> /// <param name="CheckID">機房檢核項目ID</param> /// <param name="ListID">檢核項目ID</param> /// <param name="CheckResult">檢核結果</param> /// <param name="CheckDate">檢核日期</param> /// <param name="ShiftID">班別</param> /// <returns></returns> public string Check(string CheckSN, int CheckID, int ListID, string CheckResult, string CheckDate, string Shift) { //初始化系統參數 Configer.Init(); //Log記錄用 SYSTEMLOG SL = new SYSTEMLOG(); SL.UId = Session["UserID"].ToString(); SL.Controller = "Process"; SL.Action = "GetProcess"; SL.StartDateTime = DateTime.Now; string MailServer = Configer.MailServer; int MailServerPort = Configer.MailServerPort; string MailSender = Configer.MailSender; List <string> MailReceiver = Configer.MailReceiver; try { string Title = context.CHECKTITLES.Find(CheckID).Title; string CheckName = context.CHECKLISTS.Find(ListID).Definition; CHECKLIST CL = context.CHECKLISTS.Find(ListID); if (CL.ShiftID == "00") { Shift = "00"; } //檢查CHECKPROCESS有沒有資料 var query = context.CHECKPROCESSDETAILS.Where(b => b.ListID == ListID) .Where(b => b.CheckSN == CheckSN) .Where(b => b.CheckID == CheckID) .Where(b => b.CheckDate == CheckDate) .Where(b => b.ShiftID == Shift); if (query.Count() > 0) { //update CHECKPROCESSDETAILS CHECKPROCESSDETAIL CPD = context.CHECKPROCESSDETAILS.Where(b => b.ListID == ListID) .Where(b => b.CheckSN == CheckSN) .Where(b => b.CheckID == CheckID) .Where(b => b.CheckDate == CheckDate) .Where(b => b.ShiftID == Shift).First(); CPD.CheckResult = CheckResult; CPD.UpadteAccount = Session["UserID"].ToString().Trim(); CPD.UpdateTime = DateTime.Now; context.Entry(CPD).State = EntityState.Modified; context.SaveChanges(); SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 1; SL.FailCount = 0; SL.Result = false; SL.Msg = "[" + CheckSN + "]檢核[" + Title + "][" + CheckName + "]作業成功"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); return("檢核成功"); } else { //insert CHECKPROCESSDETAILS CHECKPROCESSDETAIL newCPD = new CHECKPROCESSDETAIL(); newCPD.CheckSN = CheckSN; newCPD.CheckID = CheckID; newCPD.ListID = ListID; newCPD.ShiftID = Shift; newCPD.CheckDate = CheckDate; newCPD.CheckResult = CheckResult; newCPD.CreateAccount = Session["UserID"].ToString().Trim(); newCPD.CreateTime = DateTime.Now; newCPD.UpadteAccount = Session["UserID"].ToString().Trim(); newCPD.UpdateTime = DateTime.Now; context.CHECKPROCESSDETAILS.Add(newCPD); context.SaveChanges(); SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 1; SL.FailCount = 0; SL.Result = false; SL.Msg = "[" + CheckSN + "]檢核[" + Title + "][" + CheckName + "]作業成功"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); return("檢核成功"); } } catch (Exception ex) { SL.EndDateTime = DateTime.Now; SL.TotalCount = 0; SL.SuccessCount = 0; SL.FailCount = 0; SL.Result = false; SL.Msg = "[" + CheckSN + "]檢核流程作業失敗," + "錯誤訊息[" + ex.ToString() + "]"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); return("檢核失敗"); } }
/// <summary> /// Copyright (C) 2015-2016 Jerome Athias - frhack.org /// *** BETA VERSION *** /// Parser for National Checklist Program (NCP) Checklists feed XML file and import into an XORCISM database /// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. /// /// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. /// /// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA /// </summary> /// static void Main(string[] args) { //https://nvd.nist.gov/download.cfm#CVE_FEED //National Checklist Program (NCP) Checklists XORCISMEntities model = new XORCISMEntities(); //VOCABULARIES int iVocabularyNCPID = 0; #region vocabularyncp try { //Hardcoded iVocabularyNCPID = model.VOCABULARY.Where(o => o.VocabularyName == "NCP").Select(o => o.VocabularyID).FirstOrDefault(); } catch (Exception ex) { } if (iVocabularyNCPID <= 0) { XORCISMModel.VOCABULARY oVocabulary = new XORCISMModel.VOCABULARY(); oVocabulary.CreatedDate = DateTimeOffset.Now; oVocabulary.VocabularyName = "NCP"; //Hardcoded model.VOCABULARY.Add(oVocabulary); model.SaveChanges(); iVocabularyNCPID = oVocabulary.VocabularyID; Console.WriteLine("DEBUG iVocabularyNCPID=" + iVocabularyNCPID); } #endregion vocabularyncp //TODO: download if needed (if updated) string filepath = "checklist-0.1-feed.xml"; //Hardcoded Console.WriteLine("DEBUG " + DateTimeOffset.Now); XmlDocument docXML = new XmlDocument(); //TODO: Security controls/checks //TODO: XSD validation //TODO: ... docXML.Load(filepath); XmlNodeList nodes; nodes = docXML.SelectNodes("/ncp"); foreach (XmlNode nodeEntry in docXML.DocumentElement.ChildNodes) { //<entry ncp-checklist-id="7"> string sChecklistVocabularyID = ""; CHECKLIST oChecklist = null; int iChecklistID = 0; try { sChecklistVocabularyID = nodeEntry.Attributes["ncp-checklist-id"].InnerText; } catch (Exception exsChecklistVocabularyID) { Console.WriteLine("Exception: exiChecklistVocabularyID"); } foreach (XmlNode nodeEntryInfo in nodeEntry.ChildNodes) { switch (nodeEntryInfo.Name) { case "ncp:checklist-details": //int iChecklistID = 0; foreach (XmlNode nodeChecklistDetail in nodeEntryInfo.ChildNodes) { switch (nodeChecklistDetail.Name) { case "ncp:title": string sChecklistName = ""; string sChecklistVersion = ""; foreach (XmlNode nodeTitle in nodeChecklistDetail.ChildNodes) { switch (nodeTitle.Name) { case "ncp:checklist-name": sChecklistName = nodeTitle.InnerText; break; case "ncp:version": sChecklistVersion = nodeTitle.InnerText; break; default: Console.WriteLine("ERROR Missing code for nodeTitle.Name=" + nodeTitle.Name); break; } } #region checklist try { //TODO? add ChecklistVersion oChecklist = model.CHECKLIST.Where(o => o.Title == sChecklistName).FirstOrDefault(); } catch (Exception exiChecklistID) { } if (oChecklist != null) { iChecklistID = oChecklist.ChecklistID; //Update CHECKLIST try { oChecklist.ChecklistVersion = sChecklistVersion; oChecklist.ChecklistVocabularyID = sChecklistVocabularyID; oChecklist.timestamp = DateTimeOffset.Now; model.SaveChanges(); } catch (Exception exUpdateCHECKLIST) { Console.WriteLine("Exception: exUpdateCHECKLIST " + exUpdateCHECKLIST.Message + " " + exUpdateCHECKLIST.InnerException); } } else { Console.WriteLine("DEBUG Adding CHECKLIST"); //NOTE: Model comes from OCIL https://scap.nist.gov/specifications/ocil/ try { oChecklist = new CHECKLIST(); oChecklist.CreatedDate = DateTimeOffset.Now; oChecklist.Title = sChecklistName; oChecklist.ChecklistVersion = sChecklistVersion; //oChecklist.ChecklistCategoryID= //TODO //oChecklistOrganisationID //Updated later oChecklist.ChecklistVocabularyID = sChecklistVocabularyID; oChecklist.VocabularyID = iVocabularyNCPID; oChecklist.timestamp = DateTimeOffset.Now; model.CHECKLIST.Add(oChecklist); model.SaveChanges(); iChecklistID = oChecklist.ChecklistID; } catch (Exception exAddCHECKLIST) { Console.WriteLine("Exception: exAddCHECKLIST " + exAddCHECKLIST.Message + " " + exAddCHECKLIST.InnerException); } } #endregion checklist //TODO CHECKLISTTAG sChecklistName break; case "ncp:authority": #region authority string sOrganisationName = ""; string sOrganisationReference = ""; //TODO string sOrganisationDescription = ""; int iRoleID = 0; foreach (XmlNode nodeAuthorityDetail in nodeChecklistDetail.ChildNodes) { switch (nodeAuthorityDetail.Name) { case "ncp:organization": //<ncp:organization system-id="http://www.disa.mil/" name="Defense Information Systems Agency"> sOrganisationName = nodeAuthorityDetail.Attributes["name"].InnerText; sOrganisationReference = nodeAuthorityDetail.Attributes["system-id"].InnerText; Console.WriteLine("DEBUG sOrganisationReference=" + sOrganisationReference); foreach (XmlNode nodeOrganizationDetail in nodeAuthorityDetail.ChildNodes) { switch (nodeOrganizationDetail.Name) { case "ncp:description": //Not provided. sOrganisationDescription = nodeOrganizationDetail.InnerText; break; default: Console.WriteLine("ERROR Missing code for nodeOrganizationDetail.Name=" + nodeOrganizationDetail.Name); break; } } break; case "ncp:type": //GOVERNMENTAL_AUTHORITY //Using the table ROLE #region authorityrole string sAuthority = nodeAuthorityDetail.InnerText; try { iRoleID = model.ROLE.Where(o => o.RoleName == sAuthority).FirstOrDefault().RoleID; } catch (Exception ex) { } if (iRoleID <= 0) { Console.WriteLine("Adding ROLE/AUTHORITY"); try { ROLE oRole = new ROLE(); oRole.CreatedDate = DateTimeOffset.Now; oRole.RoleName = sAuthority; //oRole.RoleDescription //TODO See https://web.nvd.nist.gov/view/ncp/repository/glossary oRole.VocabularyID = iVocabularyNCPID; oRole.timestamp = DateTimeOffset.Now; model.ROLE.Add(oRole); model.SaveChanges(); iRoleID = oRole.RoleID; } catch (Exception exAddRole) { Console.WriteLine("Exception: exAddRole " + exAddRole.Message + " " + exAddRole.InnerException); } } else { //Update ROLE } #endregion authorityrole break; default: Console.WriteLine("ERROR Missing code for nodeAuthorityDetail.Name=" + nodeAuthorityDetail.Name); break; } } int iOrganisationID = 0; #region organisation try { iOrganisationID = model.ORGANISATION.Where(o => o.OrganisationName == sOrganisationName || o.OrganisationKnownAs == sOrganisationName).FirstOrDefault().OrganisationID; } catch (Exception exiOrganisationID) { } if (iOrganisationID <= 0) { Console.WriteLine("DEBUG Adding ORGANISATION"); try { ORGANISATION oOrganisation = new ORGANISATION(); oOrganisation.CreatedDate = DateTimeOffset.Now; oOrganisation.OrganisationName = sOrganisationName; oOrganisation.OrganisationDescription = sOrganisationDescription; oOrganisation.VocabularyID = iVocabularyNCPID; oOrganisation.timestamp = DateTimeOffset.Now; model.ORGANISATION.Add(oOrganisation); model.SaveChanges(); iOrganisationID = oOrganisation.OrganisationID; } catch (Exception exAddORGANISATION) { Console.WriteLine("Exception: exAddORGANISATION " + exAddORGANISATION.Message + " " + exAddORGANISATION.InnerException); } } else { //Update ORGANISATION //TODO i.e. Description } #endregion organisation try { oChecklist.OrganisationID = iOrganisationID; oChecklist.timestamp = DateTimeOffset.Now; model.SaveChanges(); } catch (Exception exChecklistOrganisationID) { Console.WriteLine("Exception: exChecklistOrganisationID " + exChecklistOrganisationID.Message + " " + exChecklistOrganisationID.InnerException); } //TODO //<ncp:organization system-id="http://www.disa.mil/" name="Defense Information Systems Agency"> //ORGANISATIONREFERENCE or ORGANISATIONDOMAINNAME #region CHECKLISTAUTHORITY int iChecklistAuthorityID = 0; //TODO? VocabularyID try { iChecklistAuthorityID = model.CHECKLISTAUTHORITY.Where(o => o.ChecklistID == iChecklistID && o.RoleID == iRoleID).FirstOrDefault().ChecklistAuthorityID; } catch (Exception ex) { } if (iChecklistAuthorityID <= 0) { Console.WriteLine("DEBUG Adding CHECKLISTAUTHORITY"); try { CHECKLISTAUTHORITY oChecklistAuthority = new CHECKLISTAUTHORITY(); oChecklistAuthority.CreatedDate = DateTimeOffset.Now; oChecklistAuthority.ChecklistID = iChecklistID; oChecklistAuthority.OrganisationID = iOrganisationID; oChecklistAuthority.RoleID = iRoleID; oChecklistAuthority.VocabularyID = iVocabularyNCPID; oChecklistAuthority.timestamp = DateTimeOffset.Now; model.CHECKLISTAUTHORITY.Add(oChecklistAuthority); model.SaveChanges(); iChecklistAuthorityID = oChecklistAuthority.ChecklistAuthorityID; } catch (Exception exAddChecklistAuthority) { Console.WriteLine("Exception: exAddChecklistAuthority " + exAddChecklistAuthority.Message + " " + exAddChecklistAuthority.InnerException); } } else { //Update CHECKLISTAUTHORITY } #endregion CHECKLISTAUTHORITY #endregion authority break; case "ncp:resource": #region resource string sReferenceURL = ""; int iReferenceAuthorID = 0; string sReferenceTitle = ""; foreach (XmlNode nodeResource in nodeChecklistDetail.ChildNodes) { switch (nodeResource.Name) { case "ncp:reference": try { sReferenceURL = nodeResource.Attributes["href"].InnerText; } catch (Exception) { } break; case "ncp:author": //<ncp:author system-id="http://www.disa.mil/" name="Defense Information Systems Agency"> //TODO //iReferenceAuthorID break; case "ncp:title": //.NET Framework Security Checklist sReferenceTitle = nodeResource.InnerText; break; default: //ncp:sha-1 //ncp:sha-256 //<ncp:type>Prose</ncp:type> Console.WriteLine("ERROR Missing code for nodeResource.Name=" + nodeResource.Name); break; } } //TODO Add REFERENCE REFERENCEHASHVALUE CHECKLISTREFERENCE #endregion resource break; case "ncp:target-product": #region targetproduct //<ncp:target-product fips-140-2-compliance-flag="true"> string sProductName = string.Empty; string sCPEName = string.Empty; string sProductCategory = string.Empty; foreach (XmlNode nodeProduct in nodeChecklistDetail.ChildNodes) { switch (nodeProduct.Name) { case "ncp:name": sProductName = nodeProduct.InnerText; break; case "ncp:cpe-name": sCPEName = nodeProduct.InnerText; break; case "ncp:product-category": sProductCategory = nodeProduct.InnerText; break; default: Console.WriteLine("ERROR Missing code for nodeProduct " + nodeProduct.Name); break; } } Console.WriteLine("DEBUG sProductName=" + sProductName); //Microsoft .NET Framework 1.0 Console.WriteLine("DEBUG sCPEName=" + sCPEName); //Microsoft .NET Framework 1.0 Console.WriteLine("DEBUG sProductCategory=" + sProductCategory); // //Operating System //TODO? OS int iCategoryID = 0; #region category //TODO? + VocabularyID try { iCategoryID = model.CATEGORY.Where(o => o.CategoryName == sProductCategory).FirstOrDefault().CategoryID; } catch (Exception exiCategoryID) { } if (iCategoryID <= 0) { Console.WriteLine("DEBUG Adding CATEGORY"); try { CATEGORY oCategory = new CATEGORY(); oCategory.CreatedDate = DateTimeOffset.Now; oCategory.CategoryName = sProductCategory; oCategory.VocabularyID = iVocabularyNCPID; oCategory.timestamp = DateTimeOffset.Now; model.CATEGORY.Add(oCategory); model.SaveChanges(); iCategoryID = oCategory.CategoryID; } catch (Exception exAddCategory) { Console.WriteLine("Exception: exAddCategory " + exAddCategory.Message + " " + exAddCategory.InnerException); } } #endregion category int iProductCategoryID = 0; #region productcategory //TODO? + VocabularyID try { iProductCategoryID = model.PRODUCTCATEGORY.Where(o => o.ProductCategoryName == sProductCategory).FirstOrDefault().ProductCategoryID; } catch (Exception exiProductCategoryID) { } if (iProductCategoryID <= 0) { Console.WriteLine("DEBUG Adding PRODUCTCATEGORY"); try { PRODUCTCATEGORY oProductCategory = new PRODUCTCATEGORY(); oProductCategory.CreatedDate = DateTimeOffset.Now; oProductCategory.ProductCategoryName = sProductCategory; oProductCategory.CategoryID = iCategoryID; //TODO //oProductCategory.OrganisationID //Defense Information Systems Agency oProductCategory.VocabularyID = iVocabularyNCPID; oProductCategory.timestamp = DateTimeOffset.Now; model.PRODUCTCATEGORY.Add(oProductCategory); model.SaveChanges(); iProductCategoryID = oProductCategory.ProductCategoryID; } catch (Exception exAddProductCategory) { Console.WriteLine("Exception: exAddProductCategory " + exAddProductCategory.Message + " " + exAddProductCategory.InnerException); } } #endregion productcategory int iProductID = 0; #region product //Note: It seems that ProductNames are the 'same' in NCP and OVAL :-) try { iProductID = model.PRODUCT.Where(o => o.ProductName == sProductName).FirstOrDefault().ProductID; } catch (Exception exiProductID) { } if (iProductID <= 0) { Console.WriteLine("DEBUG Adding PRODUCT"); try { PRODUCT oProduct = new PRODUCT(); oProduct.ProductName = sProductName; //TODO? Vendor... string sProductVendor = ""; #region productvendor //Hardcoded if (sProductName.Contains("Microsoft")) { sProductVendor = "Microsoft"; } if (sProductName.Contains("Windows")) { sProductVendor = "Microsoft"; } if (sProductName.Contains("VBScript")) { sProductVendor = "Microsoft"; } if (sProductName.Contains("Skype")) { sProductVendor = "Microsoft"; } if (sProductName.Contains("Outlook")) { sProductVendor = "Microsoft"; } if (sProductName.Contains("MSN Messenger")) { sProductVendor = "Microsoft"; } if (sProductName.Contains("Internet Explorer")) { sProductVendor = "Microsoft"; } //Print Spooler Service //Licence Logging Service //File and Print Sharing //Remote Desktop Client //Local Security Authority Subsystem Service (LSASS) //Task Scheduler //Kerberos //NetBIOS if (sProductName.Contains("Google")) { sProductVendor = "Google"; } if (sProductName.Contains("Adobe")) { sProductVendor = "Adobe"; } if (sProductName.Contains("Flash Player")) { sProductVendor = "Adobe"; } if (sProductName.Contains("Apple")) { sProductVendor = "Apple"; } if (sProductName.Contains("Mozilla")) { sProductVendor = "Mozilla"; } if (sProductName.Contains("Oracle")) { sProductVendor = "Oracle"; } if (sProductName.Contains("Solaris")) { sProductVendor = "Oracle"; } //Oracle VirtualBox if (sProductName.Contains("Apache")) { sProductVendor = "Apache"; } if (sProductName.Contains("OpenOffice")) { sProductVendor = "Apache"; } if (sProductName.Contains("avast")) { sProductVendor = "Avast"; } if (sProductName.Contains("TechSmith")) { sProductVendor = "TechSmith"; } if (sProductName.Contains("Kaspersky")) { sProductVendor = "Kaspersky"; } if (sProductName.Contains("Symantec")) { sProductVendor = "Symantec"; } if (sProductName.Contains("Norton")) { sProductVendor = "Symantec"; //Norton } if (sProductName.Contains("McAfee")) { sProductVendor = "McAfee"; } if (sProductName.Contains("MySQL")) { sProductVendor = "MySQL"; } if (sProductName.Contains("Kodak")) { sProductVendor = "Kodak"; } if (sProductName.Contains("Lotus")) { sProductVendor = "Lotus"; } if (sProductName.Contains("VMware")) { sProductVendor = "VMware"; } if (sProductName.Contains("Trend Micro")) { sProductVendor = "Trend Micro"; } //Crystal Enterprise if (sProductName.Contains("Crystal Reports")) { sProductVendor = "SAP"; //SAP AG? SAP AE? } if (sProductName.Contains("PostgreSQL")) { sProductVendor = "DB Consulting Inc."; } if (sProductVendor == "") { if (sProductName.Contains("IBM")) { sProductVendor = "IBM"; } if (sProductName.Contains("Sun")) { sProductVendor = "Oracle"; } } //Macrovision Rovi Corporation //Opera //VLC //Winamp //VirtualBox //Perl //Python //RealPlayer //DirectX //DirectShow //... #endregion productvendor Console.WriteLine("DEBUG sProductVendor=" + sProductVendor); oProduct.ProductVendor = sProductVendor; //TODO OrganisationID oProduct.CPEName = sCPEName; oProduct.CreatedDate = DateTimeOffset.Now; oProduct.VocabularyID = iVocabularyNCPID; oProduct.timestamp = DateTimeOffset.Now; model.PRODUCT.Add(oProduct); model.SaveChanges(); iProductID = oProduct.ProductID; } catch (Exception exAddProduct) { Console.WriteLine("Exception: exAddProduct " + exAddProduct.Message + " " + exAddProduct.InnerException); } } #endregion product int iCategoryForProductID = 0; #region PRODUCTCATEGORYFORPRODUCT try { iCategoryForProductID = model.PRODUCTCATEGORYFORPRODUCT.Where(o => o.ProductCategoryID == iProductCategoryID && o.ProductID == iProductID).FirstOrDefault().ProductCategoryForProductID; } catch (Exception ex) { } if (iCategoryForProductID <= 0) { Console.WriteLine("Adding PRODUCTCATEGORYFORPRODUCT"); try { PRODUCTCATEGORYFORPRODUCT oCategoryForProduct = new PRODUCTCATEGORYFORPRODUCT(); oCategoryForProduct.CreatedDate = DateTimeOffset.Now; oCategoryForProduct.ProductCategoryID = iProductCategoryID; oCategoryForProduct.ProductID = iProductID; oCategoryForProduct.VocabularyID = iVocabularyNCPID; oCategoryForProduct.timestamp = DateTimeOffset.Now; model.PRODUCTCATEGORYFORPRODUCT.Add(oCategoryForProduct); model.SaveChanges(); } catch (Exception exPRODUCTCATEGORYFORPRODUCT) { Console.WriteLine("Exception exPRODUCTCATEGORYFORPRODUCT " + exPRODUCTCATEGORYFORPRODUCT.Message + " " + exPRODUCTCATEGORYFORPRODUCT.InnerException); } } else { //Update PRODUCTCATEGORYFORPRODUCT } #endregion PRODUCTCATEGORYFORPRODUCT int iCPEID = 0; #region cpe try { iCPEID = model.CPE.Where(o => o.CPEName == sCPEName).FirstOrDefault().CPEID; } catch (Exception exCPEID) { } if (iCPEID <= 0) { Console.WriteLine("ERROR CPE Unknown " + sCPEName); //Console.WriteLine("DEBUG Adding CPE"); } #endregion cpe #endregion targetproduct break; case "ncp:other-link": #region link //<ncp:other-link dependency_flag="true"> string sReference = ""; string sReferenceLinkTitle = ""; foreach (XmlNode nodeLink in nodeChecklistDetail.ChildNodes) { switch (nodeLink.Name) { case "ncp:reference": //ncp:reference href="http://www.nsa.gov/ia/_files/app/I731-008R-2006.pdf"/> //TODO? other attributes? try { sReference = nodeLink.Attributes["href"].InnerText; } catch (Exception exhref) { } break; case "ncp:title": sReferenceLinkTitle = nodeLink.InnerText; break; default: Console.WriteLine("ERROR MISSING CODE FOR nodeLink.Name=" + nodeLink.Name); break; } } if (sReference != "") { #region reference int iReferenceID = 0; try { iReferenceID = model.REFERENCE.Where(o => o.ReferenceURL == sReference).FirstOrDefault().ReferenceID; } catch (Exception exiReferenceID) { } if (iReferenceID <= 0) { Console.WriteLine("DEBUG Adding REFERENCE"); try { REFERENCE oReference = new REFERENCE(); oReference.CreatedDate = DateTimeOffset.Now; oReference.ReferenceURL = sReference; oReference.ReferenceTitle = sReferenceLinkTitle; oReference.VocabularyID = iVocabularyNCPID; oReference.timestamp = DateTimeOffset.Now; model.REFERENCE.Add(oReference); model.SaveChanges(); iReferenceID = oReference.ReferenceID; } catch (Exception exAddReference) { Console.WriteLine("Exception: exAddReference " + exAddReference.Message + " " + exAddReference.InnerException); } } else { //Update REFERENCE //TODO Test if same Title } #endregion reference } #endregion link break; default: Console.WriteLine("ERROR Missing code for nodeChecklistDetail " + nodeChecklistDetail.Name); break; } } break; default: Console.WriteLine("ERROR Missing code for nodeEntryInfo " + nodeEntryInfo.Name); //<ncp:documentation> //<ncp:checklist-role>Desktop Client</ncp:checklist-role> //CHECKLISTCATEGORY //<ncp:regulatory-compliance>DOD Directive 8500.</ncp:regulatory-compliance> //<ncp:regulatory-compliance>TBD</ncp:regulatory-compliance> //COMPLIANCE break; } } } }
public static Score ScoreChecklist(CHECKLIST xml) { try { Score score = new Score(); if (!string.IsNullOrEmpty(xml.ASSET.HOST_NAME)) { score.hostName = xml.ASSET.HOST_NAME; } else if (!string.IsNullOrEmpty(xml.ASSET.HOST_FQDN)) { score.hostName = xml.ASSET.HOST_FQDN; } // CAT 1 score.totalCat1NotReviewed = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_reviewed" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count(); score.totalCat1NotApplicable = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_applicable" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count(); score.totalCat1Open = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "open" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count(); score.totalCat1NotAFinding = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "notafinding" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "high").FirstOrDefault() != null).Count(); // CAT 2 score.totalCat2NotReviewed = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_reviewed" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count(); score.totalCat2NotApplicable = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_applicable" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count(); score.totalCat2Open = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "open" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count(); score.totalCat2NotAFinding = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "notafinding" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "medium").FirstOrDefault() != null).Count(); // CAT 3 score.totalCat3NotReviewed = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_reviewed" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count(); score.totalCat3NotApplicable = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "not_applicable" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count(); score.totalCat3Open = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "open" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count(); score.totalCat3NotAFinding = xml.STIGS.iSTIG.VULN.Where(x => x.STATUS.ToLower() == "notafinding" && x.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Severity" && y.ATTRIBUTE_DATA == "low").FirstOrDefault() != null).Count(); // get the title and release which is a list of children of child nodes buried deeper :face-palm-emoji: score.stigRelease = xml.STIGS.iSTIG.STIG_INFO.SI_DATA.Where(x => x.SID_NAME.ToLower() == "releaseinfo").FirstOrDefault().SID_DATA; score.stigType = xml.STIGS.iSTIG.STIG_INFO.SI_DATA.Where(x => x.SID_NAME.ToLower() == "title").FirstOrDefault().SID_DATA; // shorten the names a bit if (score != null && !string.IsNullOrEmpty(score.stigType)) { score.stigType = score.stigType.Replace("Security Technical Implementation Guide", "STIG"); score.stigType = score.stigType.Replace("Windows", "WIN"); score.stigType = score.stigType.Replace("Application Security and Development", "ASD"); score.stigType = score.stigType.Replace("Microsoft Internet Explorer", "MSIE"); score.stigType = score.stigType.Replace("Red Hat Enterprise Linux", "REL"); score.stigType = score.stigType.Replace("MS SQL Server", "MSSQL"); score.stigType = score.stigType.Replace("Server", "SVR"); score.stigType = score.stigType.Replace("Workstation", "WRK"); } if (score != null && !string.IsNullOrEmpty(score.stigRelease)) { score.stigRelease = score.stigRelease.Replace("Release: ", "R"); // i.e. R11, R2 for the release number score.stigRelease = score.stigRelease.Replace("Benchmark Date:", "dated"); } return(score); } catch (Exception ex) { Console.WriteLine("Oops! The Scoring Engine had a major problem..." + ex.Message); return(new Score()); } }
public ActionResult EditItem(vCHECKLIST_Manage VCLM) { //初始化系統參數 Configer.Init(); //Log記錄用 SYSTEMLOG SL = new SYSTEMLOG(); SL.UId = Session["UserID"].ToString(); SL.Controller = "Document"; SL.Action = "EditItem"; SL.StartDateTime = DateTime.Now; string MailServer = Configer.MailServer; int MailServerPort = Configer.MailServerPort; string MailSender = Configer.MailSender; List <string> MailReceiver = Configer.MailReceiver; try { if (ModelState.IsValid) { CHECKLIST nowCL = context.CHECKLISTS.Find(VCLM.ListID); //nowCL.ListID = CL.ListID; nowCL.CheckID = VCLM.CheckID; nowCL.ListName = VCLM.ListName; nowCL.Definition = VCLM.Definition; nowCL.StartTime = VCLM.StartTime; nowCL.EndTime = VCLM.EndTime; nowCL.ShiftID = VCLM.ShiftID; nowCL.ClassID = VCLM.ClassID; nowCL.CheckType = VCLM.CheckType; nowCL.AlwaysShow = VCLM.AlwaysShow; nowCL.ChargerID = VCLM.ChargerID; nowCL.ShowOrder = VCLM.ShowOrder; nowCL.UpadteAccount = Session["UserID"].ToString().Trim();; nowCL.UpdateTime = DateTime.Now; context.Entry(nowCL).State = EntityState.Modified; context.SaveChanges(); SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 1; SL.FailCount = 0; SL.Result = true; SL.Msg = "編輯檢核項目作業成功,ListID:[" + VCLM.ListID + "]"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); //string Title = context.CHECKTITLES.Find(VCLM.CheckID).Title; return(RedirectToAction("ListItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle })); } else { TempData["EditMsg"] = "<script>alert('編輯失敗');</script>"; return(RedirectToAction("EditItem", "Document", new { ListID = VCLM.ListID })); } } catch (Exception ex) { SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 0; SL.FailCount = 1; SL.Result = false; SL.Msg = "編輯檢核項目作業失敗," + "錯誤訊息[" + ex.ToString() + "]"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); TempData["EditMsg"] = "<script>alert('發生異常');</script>"; return(RedirectToAction("EditItem", "Document", new { ListID = VCLM.ListID })); } }
public ActionResult EditItem(int ListID) { //初始化系統參數 Configer.Init(); //Log記錄用 SYSTEMLOG SL = new SYSTEMLOG(); SL.UId = Session["UserID"].ToString(); SL.Controller = "Document"; SL.Action = "EditItem"; SL.TotalCount = 1; SL.StartDateTime = DateTime.Now; string MailServer = Configer.MailServer; int MailServerPort = Configer.MailServerPort; string MailSender = Configer.MailSender; List <string> MailReceiver = Configer.MailReceiver; try { CHECKLIST CL = context.CHECKLISTS.Find(ListID); CHECKTITLE CT = context.CHECKTITLES.Find(CL.CheckID); vCHECKLIST_Manage VCTM = new vCHECKLIST_Manage(); VCTM.CheckTitle = CT.Title; VCTM.CheckID = CL.CheckID; VCTM.ListName = CL.ListName; VCTM.Definition = CL.Definition; VCTM.CheckTitle = CT.Title; TempData["CheckID"] = CL.CheckID; TempData["Title"] = CT.Title; //取得班別清單 var query1 = from s in context.CHECKSHIFTS select new { s.ShiftID, s.ShiftValue }; VCTM.ShiftID = CL.ShiftID; VCTM.ShiftIDList = new SelectList(query1, "ShiftID", "ShiftValue"); //取得分類清單 var query2 = from c in context.CHECKCLASSES select new { c.ClassID, c.ClassValue }; VCTM.ClassID = CL.ClassID; VCTM.ClassIDList = new SelectList(query2, "ClassID", "ClassValue"); //取得負責人清單 var query = from u in context.EPSUSERS select new { u.UId, u.UserName }; VCTM.ChargerID = CL.ChargerID; VCTM.ChargerList = new SelectList(query, "UId", "UserName"); VCTM.CheckType = CL.CheckType; VCTM.AlwaysShow = CL.AlwaysShow; VCTM.StartTime = CL.StartTime; VCTM.EndTime = CL.EndTime; VCTM.ShowOrder = CL.ShowOrder; SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 1; SL.FailCount = 0; SL.Result = true; SL.Msg = "取得檢核項目資料作業成功,ListID:[" + ListID.ToString() + "]"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); return(View(VCTM)); } catch (Exception ex) { SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 0; SL.FailCount = 1; SL.Result = false; SL.Msg = "取得檢核項目資料作業失敗," + "錯誤訊息[" + ex.ToString() + "]"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); return(RedirectToAction("ListItem", "Document")); } }
public ActionResult AddItem(vCHECKLIST_Manage VCLM) { //初始化系統參數 Configer.Init(); //Log記錄用 SYSTEMLOG SL = new SYSTEMLOG(); SL.UId = Session["UserID"].ToString(); SL.Controller = "Document"; SL.Action = "AddItem"; SL.TotalCount = 1; SL.StartDateTime = DateTime.Now; string MailServer = Configer.MailServer; int MailServerPort = Configer.MailServerPort; string MailSender = Configer.MailSender; List <string> MailReceiver = Configer.MailReceiver; try { if (ModelState.IsValid) { CHECKLIST CL = new CHECKLIST(); CL.CheckID = VCLM.CheckID; CL.ListName = VCLM.ListName; CL.Definition = VCLM.Definition; CL.CheckType = VCLM.CheckType; CL.ClassID = VCLM.ClassID; CL.ChargerID = VCLM.ChargerID; CL.ShiftID = VCLM.ShiftID; CL.StartTime = VCLM.StartTime; CL.EndTime = VCLM.EndTime; CL.AlwaysShow = VCLM.AlwaysShow; CL.ShowOrder = VCLM.ShowOrder; CL.CreateAccount = Session["UserID"].ToString().Trim(); CL.CreateTime = DateTime.Now; CL.UpadteAccount = Session["UserID"].ToString().Trim(); CL.UpdateTime = DateTime.Now; context.CHECKLISTS.Add(CL); context.SaveChanges(); SL.EndDateTime = DateTime.Now; SL.SuccessCount = 1; SL.FailCount = 0; SL.Result = true; SL.Msg = "建立檢核項目作業成功"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); //TempData["CreateMsg"] = "<script>alert('新增成功');</script>"; return(RedirectToAction("AddItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle })); } else { TempData["CreateMsg"] = "<script>alert('新增失敗');</script>"; return(RedirectToAction("AddItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle })); } } catch (Exception ex) { SL.EndDateTime = DateTime.Now; SL.TotalCount = 1; SL.SuccessCount = 0; SL.FailCount = 1; SL.Result = false; SL.Msg = "建立檢核項目作業失敗," + "錯誤訊息[" + ex.ToString() + "]"; SF.log2DB(SL, MailServer, MailServerPort, MailSender, MailReceiver); TempData["CreateMsg"] = "<script>alert('發生異常');</script>"; return(RedirectToAction("AddItem", "Document", new { CheckID = VCLM.CheckID, Title = VCLM.CheckTitle })); } }