/// <summary> /// Return a checklist raw string based on the SCAP XML file results of an existing checklist file. /// </summary> /// <param name="results">The results list of pass and fail information rules from the SCAP scan</param> /// <param name="checklistString">The raw XML of the checklist</param> /// <param name="newChecklist">True/False on a new checklist (template). If true, add pass and fail items.</param> /// <returns>A checklist raw XML string, if found</returns> public static string UpdateChecklistData(SCAPRuleResultSet results, string checklistString, bool newChecklist) { // process the raw checklist into the CHECKLIST structure CHECKLIST chk = ChecklistLoader.LoadChecklist(checklistString); STIG_DATA data; SCAPRuleResult result; if (chk != null) { // if we read in the hostname, then use it in the Checklist data if (!string.IsNullOrEmpty(results.hostname)) { chk.ASSET.HOST_NAME = results.hostname; } // if we have the IP Address, use that as well if (!string.IsNullOrEmpty(results.ipaddress)) { chk.ASSET.HOST_IP = results.ipaddress; } // for each VULN see if there is a rule matching the rule in the foreach (VULN v in chk.STIGS.iSTIG.VULN) { data = v.STIG_DATA.Where(y => y.VULN_ATTRIBUTE == "Rule_ID").FirstOrDefault(); if (data != null) { // find if there is a matching rule result = results.ruleResults.Where(z => z.ruleId.ToLower() == data.ATTRIBUTE_DATA.ToLower()).FirstOrDefault(); if (result != null) { // set the status // only mark fails IF this is a new one, otherwise leave alone if (result.result.ToLower() == "fail") { v.STATUS = "Open"; } // mark the pass on any checklist item we find that passed else if (result.result.ToLower() == "pass") { v.STATUS = "NotAFinding"; } } } } } // serialize into a string again System.Xml.Serialization.XmlSerializer xmlSerializer = new System.Xml.Serialization.XmlSerializer(chk.GetType()); using (StringWriter textWriter = new StringWriter()) { xmlSerializer.Serialize(textWriter, chk); checklistString = textWriter.ToString(); } // strip out all the extra formatting crap and clean up the XML to be as simple as possible System.Xml.Linq.XDocument xDoc = System.Xml.Linq.XDocument.Parse(checklistString, System.Xml.Linq.LoadOptions.None); checklistString = xDoc.ToString(System.Xml.Linq.SaveOptions.DisableFormatting); return(checklistString); }
/// <summary> /// Return a checklist raw string based on the SCAP XML file results. /// </summary> /// <param name="results">The results list of pass and fail information rules from the SCAP scan</param> /// <returns>A checklist raw XML string, if found</returns> public static string GenerateChecklistData(SCAPRuleResultSet results) { string checklistString = NATSClient.GetArtifactByTemplateTitle(results.title); // generate the checklist from reading the template in using a Request/Reply to openrmf.template.read if (!string.IsNullOrEmpty(checklistString)) { return(UpdateChecklistData(results, checklistString, true)); } // return the default template string return(checklistString); }
public static SCAPRuleResultSet LoadSCAPScan(string xmlfile) { SCAPRuleResultSet results = new SCAPRuleResultSet(); // get the title of the SCAP scan we are using, which correlates to the Checklist // if a Nessus SCAP it uses "xccdf" tags xmlfile = xmlfile.Replace("\n", "").Replace("\t", ""); string searchTag = "cdf"; if (xmlfile.IndexOf("</xccdf:") > 0) { searchTag = "xccdf"; } // now process the document XmlDocument xmlDoc = new XmlDocument(); xmlDoc.LoadXml(xmlfile); // get the template title from the SCAP to use to grab an empty Checklist XmlNodeList title = xmlDoc.GetElementsByTagName(searchTag + ":title"); if (title != null && title.Count > 0 && title.Item(0).FirstChild != null) { // get the title of the STIG so we can ask for the checklist later to fill in results.title = title.Item(0).FirstChild.InnerText; } else { // if not a DoD SCAP this is a Nessus SCAP (or trash) title = xmlDoc.GetElementsByTagName("xccdf:benchmark"); if (title != null && title.Count > 0) { // get the title of the STIG so we can ask for the checklist later to fill in foreach (XmlNode node in title) { if (node.Attributes.Count > 1) { foreach (XmlAttribute attr in node.Attributes) { if (attr.Name == "href" && !string.IsNullOrEmpty(attr.Value)) { // grab the Attribute's value if (!string.IsNullOrEmpty(attr.Value)) { results.title = attr.Value.Substring(0, attr.Value.IndexOf("_STIG_SCAP")); break; // we found it } } } } } } } if (string.IsNullOrEmpty(results.title)) { return(results); // just return empty as we cannot match } // get the target-address XmlNodeList targetAddresses = xmlDoc.GetElementsByTagName(searchTag + ":target-address"); if (targetAddresses != null && targetAddresses.Count > 0) { foreach (XmlNode node in targetAddresses) { if (!string.IsNullOrEmpty(node.InnerText)) { // grab the Node's InnerText results.ipaddress = node.InnerText; break; // we found it } } } // get the hostname and other facts off the computer that was SCAP scanned XmlNodeList targetFacts = xmlDoc.GetElementsByTagName(searchTag + ":fact"); if (targetFacts != null && targetFacts.Count > 0) { foreach (XmlNode node in targetFacts) { if (node.Attributes.Count > 1 && node.Attributes[1].InnerText.EndsWith("host_name")) { // grab the Node's InnerText results.hostname = node.InnerText; break; // we found it } } } // get all the rules and their pass/fail results XmlNodeList ruleResults = xmlDoc.GetElementsByTagName(searchTag + ":rule-result"); if (ruleResults != null && ruleResults.Count > 0 && ruleResults.Item(0).FirstChild != null) { results.ruleResults = GetResultsListing(ruleResults, searchTag); } return(results); }