/// <summary>
/// Take the STIG_INFO XML node in here and parse to fill in the checklist.
/// </summary>
/// <param name="node">The XML node for the STIG_INFO XML structure</param>
/// <returns>
/// The STIG_INFO record matching the XML to the C# class structure for including
/// into the larger CHECKLIST structure to use.
/// </returns>
private static STIG_INFO getStigInfoListing(XmlNode node)
{
STIG_INFO info = new STIG_INFO();
SI_DATA data; // used for the name/value pairs
// cycle through the children in STIG_INFO and get the SI_DATA
foreach (XmlElement child in node.ChildNodes)
{
// get the SI_DATA record for SID_DATA and SID_NAME and then return them
// each SI_DATA has 2
data = new SI_DATA();
foreach (XmlElement siddata in child.ChildNodes)
{
if (siddata.Name == "SID_NAME")
{
data.SID_NAME = siddata.InnerText;
}
else if (siddata.Name == "SID_DATA")
{
data.SID_DATA = siddata.InnerText;
}
}
info.SI_DATA.Add(data);
}
return(info);
}
public void Test_STIG_INFOWithDataIsValid()
{
STIG_INFO data = new STIG_INFO();
// test things out
Assert.True(data != null);
Assert.True(data.SI_DATA != null);
Assert.True(data.SI_DATA.Count == 0);
}
public void Test_NewSTIG_INFOIsValid()
{
STIG_INFO data = new STIG_INFO();
Assert.True(data != null);
}
/// <summary>
/// Take the raw checklist and generate a System Template record to save into
/// the database. This is called from the above routine when this API initially
/// starts up.
/// </summary>
/// <param name="rawChecklist">The long XML string of the checklist</param>
/// <param name="filename">The filename of the Manual xccdf this was generated from</param>
/// <returns>
/// A template record with a GUID that is all 1's, type of SYSTEM template, and the
/// rest of the Template data filled in to save as a database record.
/// </returns>
private static Template MakeTemplateSystemRecord(string rawChecklist, string filename)
{
Template newArtifact = new Template();
newArtifact.created = DateTime.Now;
// create the GUID of all 1's for the SYSTEM GUID
newArtifact.createdBy = Guid.Parse("11111111-1111-1111-1111-111111111111");
newArtifact.updatedOn = DateTime.Now;
// make these SYSTEM types versus the default USER type
newArtifact.templateType = "SYSTEM";
newArtifact.filename = filename;
newArtifact.description = "SYSTEM Template loaded by default by OpenRMF for SCAP Scans and Creation Wizard.";
// parse the checklist and get the data needed
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(rawChecklist);
string stigDescription = "";
string stigGUID = Guid.NewGuid().ToString();
// get the stigId from the Benchmark id tag
XmlNodeList nodeListing = xmlDoc.GetElementsByTagName("Benchmark");
foreach (XmlNode node in nodeListing)
{
if (node != null)
{
XmlAttributeCollection attrs = node.Attributes;
foreach (XmlAttribute xml in attrs)
{
if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "id")
{
newArtifact.stigId = xml.Value; // get the stigid for the checklist fields
}
}
}
}
// get the title and STIG type
nodeListing = xmlDoc.GetElementsByTagName("title");
foreach (XmlNode node in nodeListing)
{
if (node.ParentNode != null && node.ParentNode.Name == "Benchmark")
{
if (!string.IsNullOrEmpty(node.InnerText))
{
newArtifact.title = node.InnerText.Replace("STIG", "Security Technical Implementation Guide").Replace("MS Windows", "Windows")
.Replace("Microsoft Windows", "Windows").Replace("Dot Net", "DotNet");
newArtifact.stigType = newArtifact.title;
break;
}
}
}
// get the STIG description
nodeListing = xmlDoc.GetElementsByTagName("description");
foreach (XmlNode node in nodeListing)
{
if (node.ParentNode != null && node.ParentNode.Name == "Benchmark")
{
if (!string.IsNullOrEmpty(node.InnerText))
{
stigDescription = node.InnerText;
}
}
}
// get the stigDate for the status date
nodeListing = xmlDoc.GetElementsByTagName("status");
foreach (XmlNode node in nodeListing)
{
if (node != null)
{
XmlAttributeCollection attrs = node.Attributes;
foreach (XmlAttribute xml in attrs)
{
if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "date")
{
newArtifact.stigDate = xml.Value; // get the stigid for the checklist fields
}
}
}
}
// get the release information
nodeListing = xmlDoc.GetElementsByTagName("version");
foreach (XmlNode node in nodeListing)
{
if (node.ParentNode != null && node.ParentNode.Name == "Benchmark")
{
if (!string.IsNullOrEmpty(node.InnerText))
{
newArtifact.version = node.InnerText;
break;
}
}
}
// get the release information
nodeListing = xmlDoc.GetElementsByTagName("plain-text");
foreach (XmlNode node in nodeListing)
{
if (node.ParentNode != null && node.ParentNode.Name == "Benchmark")
{
if (!string.IsNullOrEmpty(node.InnerText))
{
newArtifact.stigRelease = node.InnerText;
break;
}
}
}
// the dc:identifier equates to the asset target field
nodeListing = xmlDoc.GetElementsByTagName("dc:identifier");
foreach (XmlNode node in nodeListing)
{
if (!string.IsNullOrEmpty(node.InnerText))
{
newArtifact.CHECKLIST.ASSET.TARGET_KEY = node.InnerText;
break;
}
}
newArtifact.CHECKLIST.ASSET.WEB_OR_DATABASE = "false";
newArtifact.CHECKLIST.ASSET.ROLE = "None";
newArtifact.CHECKLIST.ASSET.ASSET_TYPE = "Computing";
// get all the STIG_INFO stuff for the main pieces of the checklist
STIG_INFO mainStigInfo = new STIG_INFO();
newArtifact.CHECKLIST.STIGS.iSTIG.STIG_INFO = mainStigInfo;
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "version", SID_DATA = newArtifact.version
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "classification", SID_DATA = "UNCLASSIFIED"
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "customname"
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "stigid", SID_DATA = newArtifact.stigId
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "description", SID_DATA = stigDescription
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "filename", SID_DATA = filename
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "releaseinfo", SID_DATA = newArtifact.stigRelease
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "title", SID_DATA = newArtifact.title
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "uuid", SID_DATA = stigGUID
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "notice", SID_DATA = "terms-of-use"
});
mainStigInfo.SI_DATA.Add(new SI_DATA()
{
SID_NAME = "source"
});
mainStigInfo = null;
// here is the big one, get all the vulnerabilities from 1 to N and put them into the VULN listing
VULN vulnitem = new VULN();
Vulnerability vulnListing = new Vulnerability();
string ruledescription = "";
nodeListing = xmlDoc.GetElementsByTagName("Group");
foreach (XmlNode node in nodeListing)
{
if (node != null)
{
// get the Vulnerability Number
XmlAttributeCollection attrs = node.Attributes;
foreach (XmlAttribute xml in attrs)
{
if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "id")
{
vulnListing.Vuln_Num = xml.Value;
break;
}
}
// get the rule information
foreach (XmlNode data in node.ChildNodes)
{
if (data.Name == "title")
{
vulnListing.Group_Title = data.InnerText;
}
else if (data.Name == "Rule")
{
// get all attributes
foreach (XmlAttribute xml in data.Attributes)
{
if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "id")
{
vulnListing.Rule_ID = xml.Value;
}
else if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "severity")
{
vulnListing.Severity = xml.Value;
}
else if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "weight")
{
vulnListing.Weight = xml.Value;
}
}
// cycle through the child nodes to get data from Rules also
foreach (XmlNode rule in data.ChildNodes)
{
if (rule.Name == "version")
{
vulnListing.Rule_Ver = rule.InnerText;
}
else if (rule.Name == "title")
{
vulnListing.Rule_Title = rule.InnerText.Trim();
}
else if (rule.Name == "description")
{
// get the data and put the tags in it from the < and > text
ruledescription = rule.InnerText.Replace("<", "<").Replace(">", ">");
// now that you have the inside tags, you can chop up the data
// VulnDiscussion, which always has data
vulnListing.Vuln_Discuss = ruledescription.Substring(16, ruledescription.IndexOf("VulnDiscussion", 16) - 18);
ruledescription = ruledescription.Substring(vulnListing.Vuln_Discuss.Length + 33);
// FalsePositives
if (ruledescription.Substring(16, ruledescription.IndexOf("FalsePositives", 16) - 17) == "<")
{
vulnListing.False_Positives = ""; // empty
}
else
{
vulnListing.False_Positives = ruledescription.Substring(16, ruledescription.IndexOf("FalsePositives", 16) - 18);
}
ruledescription = ruledescription.Substring(vulnListing.False_Positives.Length + 33);
// FalseNegatives
if (ruledescription.Substring(16, ruledescription.IndexOf("FalseNegatives", 16) - 17) == "<")
{
vulnListing.False_Negatives = ""; // empty
}
else
{
vulnListing.False_Negatives = ruledescription.Substring(16, ruledescription.IndexOf("FalseNegatives", 16) - 18);
}
ruledescription = ruledescription.Substring(vulnListing.False_Negatives.Length + 33);
// Documentable
if (ruledescription.Substring(14, ruledescription.IndexOf("Documentable", 14) - 15) == "<")
{
vulnListing.Documentable = ""; // empty
}
else
{
vulnListing.Documentable = ruledescription.Substring(14, ruledescription.IndexOf("Documentable", 14) - 16);
}
ruledescription = ruledescription.Substring(vulnListing.Documentable.Length + 29);
// Mitigations
if (ruledescription.Substring(13, ruledescription.IndexOf("Mitigations", 13) - 14) == "<")
{
vulnListing.Mitigations = ""; // empty
}
else
{
vulnListing.Mitigations = ruledescription.Substring(13, ruledescription.IndexOf("Mitigations", 13) - 15);
}
ruledescription = ruledescription.Substring(vulnListing.Mitigations.Length + 27);
// SeverityOverrideGuidance, sometimes SecurityOverrideGuidance
if (ruledescription.IndexOf("SeverityOverrideGuidance", 26) >= 0)
{
if (ruledescription.Substring(26, ruledescription.IndexOf("SeverityOverrideGuidance", 26) - 27) == "<")
{
vulnListing.Security_Override_Guidance = ""; // empty
}
else
{
vulnListing.Security_Override_Guidance = ruledescription.Substring(26, ruledescription.IndexOf("SeverityOverrideGuidance", 26) - 28);
}
}
else if (ruledescription.IndexOf("SecurityOverrideGuidance", 26) >= 0)
{
if (ruledescription.Substring(26, ruledescription.IndexOf("SecurityOverrideGuidance", 26) - 27) == "<")
{
vulnListing.Security_Override_Guidance = ""; // empty
}
else
{
vulnListing.Security_Override_Guidance = ruledescription.Substring(26, ruledescription.IndexOf("SecurityOverrideGuidance", 26) - 28);
}
}
ruledescription = ruledescription.Substring(vulnListing.Security_Override_Guidance.Length + 53);
// PotentialImpacts
if (ruledescription.Substring(18, ruledescription.IndexOf("PotentialImpacts", 18) - 19) == "<")
{
vulnListing.Potential_Impact = ""; // empty
}
else
{
vulnListing.Potential_Impact = ruledescription.Substring(18, ruledescription.IndexOf("PotentialImpacts", 18) - 20);
}
ruledescription = ruledescription.Substring(vulnListing.Potential_Impact.Length + 37);
// ThirdPartyTools
if (ruledescription.Substring(17, ruledescription.IndexOf("ThirdPartyTools", 17) - 18) == "<")
{
vulnListing.Third_Party_Tools = ""; // empty
}
else
{
vulnListing.Third_Party_Tools = ruledescription.Substring(17, ruledescription.IndexOf("ThirdPartyTools", 17) - 19);
}
ruledescription = ruledescription.Substring(vulnListing.Third_Party_Tools.Length + 35);
// MitigationControl
if (ruledescription.Substring(19, ruledescription.IndexOf("MitigationControl", 19) - 20) == "<")
{
vulnListing.Mitigation_Control = ""; // empty
}
else
{
vulnListing.Mitigation_Control = ruledescription.Substring(19, ruledescription.IndexOf("MitigationControl", 19) - 21);
}
ruledescription = ruledescription.Substring(vulnListing.Mitigation_Control.Length + 39);
// Responsibility
if (ruledescription.Substring(16, ruledescription.IndexOf("Responsibility", 16) - 17) == "<")
{
vulnListing.Responsibility = ""; // empty
}
else
{
vulnListing.Responsibility = ruledescription.Substring(16, ruledescription.IndexOf("Responsibility", 16) - 18);
}
ruledescription = ruledescription.Substring(vulnListing.Responsibility.Length + 33);
// in case there is another Reponsibility, trim it and then move to IAControls
ruledescription = ruledescription.Substring(ruledescription.IndexOf("<IAControls"));
// IAControls
if (ruledescription.Substring(12, ruledescription.IndexOf("IAControls", 12) - 13) == "<")
{
vulnListing.IA_Controls = ""; // empty
}
else
{
vulnListing.IA_Controls = ruledescription.Substring(12, ruledescription.IndexOf("IAControls", 12) - 14);
}
ruledescription = ruledescription.Substring(vulnListing.IA_Controls.Length + 25);
}
else if (rule.Name == "ident")
{
vulnListing.CCI_REF = rule.InnerText + "||"; // could be many of these CCI-xxx numbers
}
else if (rule.Name == "fixtext")
{
vulnListing.Fix_Text = rule.InnerText;
}
else if (rule.Name == "check")
{
foreach (XmlNode check in rule.ChildNodes)
{
if (check.Name == "check-content")
{
// check content
vulnListing.Check_Content = check.InnerText; // check text for manually checking the STIG
}
else if (check.Name == "check-content-ref")
{
// check content ref name
foreach (XmlAttribute xml in check.Attributes)
{
if (!string.IsNullOrEmpty(xml.Name) && xml.Name == "name")
{
vulnListing.Check_Content_Ref = xml.Value;
}
}
}
}
} // done checking the Rule child node, go see if there is more
} // end parsing inside child noted of the Rule tag; there are a lot in here we use!
} // end parsing inside the Rule tag
} // check if the group node is null
} // end parsing w/in the Group tag, now process the data
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Vuln_Num", ATTRIBUTE_DATA = vulnListing.Vuln_Num
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Severity", ATTRIBUTE_DATA = vulnListing.Severity
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Group_Title", ATTRIBUTE_DATA = vulnListing.Group_Title
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Rule_ID", ATTRIBUTE_DATA = vulnListing.Rule_ID
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Rule_Ver", ATTRIBUTE_DATA = vulnListing.Rule_Ver
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Rule_Title", ATTRIBUTE_DATA = vulnListing.Rule_Title
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Vuln_Discuss", ATTRIBUTE_DATA = vulnListing.Vuln_Discuss
}); //.Replace("\r\n",Environment.NewLine).Replace("\"","'")
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "IA_Controls", ATTRIBUTE_DATA = vulnListing.IA_Controls
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Check_Content", ATTRIBUTE_DATA = vulnListing.Check_Content
}); //.Replace("\r\n",Environment.NewLine).Replace("\"","'")
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Fix_Text", ATTRIBUTE_DATA = vulnListing.Fix_Text
}); //.Replace("\r\n",Environment.NewLine).Replace("\"","'")
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "False_Positives", ATTRIBUTE_DATA = vulnListing.False_Positives
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "False_Negatives", ATTRIBUTE_DATA = vulnListing.False_Negatives
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Documentable", ATTRIBUTE_DATA = vulnListing.Documentable
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Mitigations", ATTRIBUTE_DATA = vulnListing.Mitigations
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Potential_Impact", ATTRIBUTE_DATA = vulnListing.Potential_Impact
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Third_Party_Tools", ATTRIBUTE_DATA = vulnListing.Third_Party_Tools
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Mitigation_Control", ATTRIBUTE_DATA = vulnListing.Mitigation_Control
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Responsibility", ATTRIBUTE_DATA = vulnListing.Responsibility
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Security_Override_Guidance", ATTRIBUTE_DATA = vulnListing.Security_Override_Guidance
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Check_Content_Ref", ATTRIBUTE_DATA = vulnListing.Check_Content_Ref
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Weight", ATTRIBUTE_DATA = vulnListing.Weight
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "Class", ATTRIBUTE_DATA = vulnListing.Class
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "STIGRef", ATTRIBUTE_DATA = newArtifact.title + " :: Version " + newArtifact.version + ", " + newArtifact.stigRelease
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "TargetKey", ATTRIBUTE_DATA = newArtifact.CHECKLIST.ASSET.TARGET_KEY
});
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "STIG_UUID", ATTRIBUTE_DATA = stigGUID
}); // use the same UUID throughout
if (vulnListing.CCI_REF != null) //there are CCI REFs in here so get them
// there can be more than one in here; make sure we have at least one
{
foreach (string str in vulnListing.CCI_REF.Split("||"))
{
if (!string.IsNullOrEmpty(str) && str.Length > 3) // make sure it is valid
{
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "CCI_REF", ATTRIBUTE_DATA = str
});
}
}
}
else
{
vulnitem.STIG_DATA.Add(new STIG_DATA()
{
VULN_ATTRIBUTE = "CCI_REF", ATTRIBUTE_DATA = ""
});
}
vulnitem.STATUS = "Not_Reviewed"; // by default
vulnitem.COMMENTS = "";
vulnitem.FINDING_DETAILS = "";
vulnitem.SEVERITY_JUSTIFICATION = "";
vulnitem.SEVERITY_OVERRIDE = "";
// add the item to the CHECKLIST format for later serialization
newArtifact.CHECKLIST.STIGS.iSTIG.VULN.Add(vulnitem);
// reset the VULN item in the Checklist
vulnitem = new VULN();
// reset the temporary class to read all the variables into
vulnListing = new Vulnerability();
} // for each group item in the manual XCCDF XML file
// take the class structure and stringify it for the rawChecklist
XmlSerializer xmlSerializer = new XmlSerializer(typeof(CHECKLIST));
using (StringWriter textWriter = new StringWriter())
{
xmlSerializer.Serialize(textWriter, newArtifact.CHECKLIST);
newArtifact.rawChecklist = textWriter.ToString().Replace("\n", "").Replace("\t", "");
}
// get all the extra crap out of it that MS puts in there
newArtifact.rawChecklist = newArtifact.rawChecklist.Substring(newArtifact.rawChecklist.IndexOf("<ASSET>"));
newArtifact.rawChecklist = "<?xml version='1.0' encoding='UTF-8'?><!--DISA STIG Viewer :: 2.9.1--><CHECKLIST>" +
newArtifact.rawChecklist.Replace("xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"", "")
.Replace("<CHECKLIST >", "<CHECKLIST>")
.Replace("<HOST_NAME />", "<HOST_NAME></HOST_NAME>")
.Replace("<HOST_IP />", "<HOST_IP></HOST_IP>")
.Replace("<HOST_MAC />", "<HOST_MAC></HOST_MAC>")
.Replace("<HOST_FQDN />", "<HOST_FQDN></HOST_FQDN>")
.Replace("<TECH_AREA />", "<TECH_AREA></TECH_AREA>")
.Replace("<WEB_DB_SITE />", "<WEB_DB_SITE></WEB_DB_SITE>")
.Replace("<WEB_DB_INSTANCE />", "<WEB_DB_INSTANCE></WEB_DB_INSTANCE>");
// nullify the CHECKLIST data
newArtifact.CHECKLIST = new CHECKLIST();
// Return the new record to save into the database
return(newArtifact);
}
