/// <summary>
/// Return a checklist raw string based on the SCAP XML file results of an existing checklist file.
/// </summary>
/// <param name="results">The results list of pass and fail information rules from the SCAP scan</param>
/// <param name="checklistString">The raw XML of the checklist</param>
/// <param name="newChecklist">True/False on a new checklist (template). If true, add pass and fail items.</param>
/// <returns>A checklist raw XML string, if found</returns>
public static string UpdateChecklistData(SCAPRuleResultSet results, string checklistString, bool newChecklist)
{
// process the raw checklist into the CHECKLIST structure
CHECKLIST chk = ChecklistLoader.LoadChecklist(checklistString);
STIG_DATA data;
SCAPRuleResult result;
if (chk != null)
{
// if we read in the hostname, then use it in the Checklist data
if (!string.IsNullOrEmpty(results.hostname))
{
chk.ASSET.HOST_NAME = results.hostname;
}
// if we have the IP Address, use that as well
if (!string.IsNullOrEmpty(results.ipaddress))
{
chk.ASSET.HOST_IP = results.ipaddress;
}
// for each VULN see if there is a rule matching the rule in the
foreach (VULN v in chk.STIGS.iSTIG.VULN)
{
data = v.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Rule_ID").FirstOrDefault();
if (data != null)
{
// find if there is a matching rule
result = results.ruleResults.Where(z => z.ruleId.ToLower() == data.ATTRIBUTE_DATA.ToLower()).FirstOrDefault();
if (result != null)
{
// set the status
// only mark fails IF this is a new one, otherwise leave alone
if (result.result.ToLower() == "fail")
{
v.STATUS = "Open";
}
// mark the pass on any checklist item we find that passed
else if (result.result.ToLower() == "pass")
{
v.STATUS = "NotAFinding";
}
}
}
}
}
// serialize into a string again
System.Xml.Serialization.XmlSerializer xmlSerializer = new System.Xml.Serialization.XmlSerializer(chk.GetType());
using (StringWriter textWriter = new StringWriter())
{
xmlSerializer.Serialize(textWriter, chk);
checklistString = textWriter.ToString();
}
// strip out all the extra formatting crap and clean up the XML to be as simple as possible
System.Xml.Linq.XDocument xDoc = System.Xml.Linq.XDocument.Parse(checklistString, System.Xml.Linq.LoadOptions.None);
checklistString = xDoc.ToString(System.Xml.Linq.SaveOptions.DisableFormatting);
return(checklistString);
}
/// <summary>
/// Return a checklist raw string based on the SCAP XML file results.
/// </summary>
/// <param name="results">The results list of pass and fail information rules from the SCAP scan</param>
/// <returns>A checklist raw XML string, if found</returns>
public static string GenerateChecklistData(SCAPRuleResultSet results)
{
string checklistString = NATSClient.GetArtifactByTemplateTitle(results.title);
// generate the checklist from reading the template in using a Request/Reply to openrmf.template.read
if (!string.IsNullOrEmpty(checklistString))
{
return(UpdateChecklistData(results, checklistString, true));
}
// return the default template string
return(checklistString);
}
public static SCAPRuleResultSet LoadSCAPScan(string xmlfile)
{
SCAPRuleResultSet results = new SCAPRuleResultSet();
// get the title of the SCAP scan we are using, which correlates to the Checklist
// if a Nessus SCAP it uses "xccdf" tags
xmlfile = xmlfile.Replace("\n", "").Replace("\t", "");
string searchTag = "cdf";
if (xmlfile.IndexOf("</xccdf:") > 0)
{
searchTag = "xccdf";
}
// now process the document
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(xmlfile);
// get the template title from the SCAP to use to grab an empty Checklist
XmlNodeList title = xmlDoc.GetElementsByTagName(searchTag + ":title");
if (title != null && title.Count > 0 && title.Item(0).FirstChild != null)
{
// get the title of the STIG so we can ask for the checklist later to fill in
results.title = title.Item(0).FirstChild.InnerText;
}
else
{
// if not a DoD SCAP this is a Nessus SCAP (or trash)
title = xmlDoc.GetElementsByTagName("xccdf:benchmark");
if (title != null && title.Count > 0)
{
// get the title of the STIG so we can ask for the checklist later to fill in
foreach (XmlNode node in title)
{
if (node.Attributes.Count > 1)
{
foreach (XmlAttribute attr in node.Attributes)
{
if (attr.Name == "href" && !string.IsNullOrEmpty(attr.Value))
{
// grab the Attribute's value
if (!string.IsNullOrEmpty(attr.Value))
{
results.title = attr.Value.Substring(0, attr.Value.IndexOf("_STIG_SCAP"));
break; // we found it
}
}
}
}
}
}
}
if (string.IsNullOrEmpty(results.title))
{
return(results); // just return empty as we cannot match
}
// get the target-address
XmlNodeList targetAddresses = xmlDoc.GetElementsByTagName(searchTag + ":target-address");
if (targetAddresses != null && targetAddresses.Count > 0)
{
foreach (XmlNode node in targetAddresses)
{
if (!string.IsNullOrEmpty(node.InnerText))
{
// grab the Node's InnerText
results.ipaddress = node.InnerText;
break; // we found it
}
}
}
// get the hostname and other facts off the computer that was SCAP scanned
XmlNodeList targetFacts = xmlDoc.GetElementsByTagName(searchTag + ":fact");
if (targetFacts != null && targetFacts.Count > 0)
{
foreach (XmlNode node in targetFacts)
{
if (node.Attributes.Count > 1 && node.Attributes[1].InnerText.EndsWith("host_name"))
{
// grab the Node's InnerText
results.hostname = node.InnerText;
break; // we found it
}
}
}
// get all the rules and their pass/fail results
XmlNodeList ruleResults = xmlDoc.GetElementsByTagName(searchTag + ":rule-result");
if (ruleResults != null && ruleResults.Count > 0 && ruleResults.Item(0).FirstChild != null)
{
results.ruleResults = GetResultsListing(ruleResults, searchTag);
}
return(results);
}
