Update PowerSTIG to include LegacyId to assist in determining Legacy …

…Vuln Ids with the new DISA standard. (#789) * added support for legacyid in processed xml * updated change log * updated tests for legacy id * updated tests to reflect new base rule prop.
microsoft · Dec 4, 2020 · 795642f · 795642f
1 parent 7007278
commit 795642f
Show file tree

Hide file tree

Showing 16 changed files with 643 additions and 63 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## [Unreleased]
 
+* Update PowerSTIG to include LegacyId to assist in determining Legacy Vuln Ids with the new DISA standard. [#788](https://github.com/microsoft/PowerStig/issues/788)
+
 ## [4.6.0] - 2020-12-01
 
 * Provide Method to install DoD Root Certs for Server OS and Client OS: [#755](https://github.com/microsoft/PowerStig/issues/755)

diff --git a/Tests/Unit/Module/Rule.tests.ps1 b/Tests/Unit/Module/Rule.tests.ps1
@@ -15,6 +15,9 @@ try
             It 'Should return the rule Id' {
                 $stig.id | Should Be 'V-1000'
             }
+            It 'Should return the legacy Id' {
+                $stig.legacyid | Should Be 'V-1111'
+            }
             It 'Should return the Severity' {
                 $stig.severity | Should Be 'medium'
             }

diff --git a/Tests/Unit/Module/STIG.PowerStigXml.tests.ps1 b/Tests/Unit/Module/STIG.PowerStigXml.tests.ps1
@@ -26,9 +26,9 @@ Describe 'Compare-PowerStigXml' {
 
 Describe 'Get-BaseRulePropertyName' {
 
-    It 'Should return 11 base rule types' {
+    It 'Should return 12 base rule types' {
         $baseRulePropertyName = Get-BaseRulePropertyName
-        $baseRulePropertyName.Count  | Should -Be 11
+        $baseRulePropertyName.Count  | Should -Be 12
     }
 }
 

diff --git a/Tools/TestHelper/Data/samplegroup.xml.txt b/Tools/TestHelper/Data/samplegroup.xml.txt
@@ -13,6 +13,7 @@
             <dc:subject>Technology</dc:subject>
             <dc:identifier>2350</dc:identifier>
         </reference>
+        <ident system="http://cyber.mil/legacy">{6}</ident>
         <ident system="http://cce.mitre.org">CCE--12345-6</ident>
         <ident system="http://iase.disa.mil/cci">CCI-123456</ident>
         <fixtext fixref="F-12345r1_fix">{4}</fixtext>

diff --git a/Tools/TestHelper/TestHelper.psm1 b/Tools/TestHelper/TestHelper.psm1
@@ -136,6 +136,10 @@ function Get-TestStigRule
         [string]
         $FixText = 'This is a string of text that tells an admin how to fix an item if it is not currently configured properly and ignored by the parser',
 
+        [Parameter(Parametersetname = 'UseExisting')]
+        [string]
+        $LegacyId = 'V-1111',
+
         [Parameter(Parametersetname = 'UseExisting')]
         [Parameter(Parametersetname = 'FileProvided')]
         [switch]
@@ -162,7 +166,7 @@ function Get-TestStigRule
     {
         # Get the samplegroup element text and merge in the parameter strings
         $groupElement = Get-Content -Path "$PSScriptRoot\data\sampleGroup.xml.txt" -Encoding UTF8 -Raw
-        $groupElement = $groupElement -f $GroupId, $GroupTitle, $RuleTitle, $RuleDescription, $FixText, $CheckContent
+        $groupElement = $groupElement -f $GroupId, $GroupTitle, $RuleTitle, $RuleDescription, $FixText, $CheckContent, $LegacyId
     }
 
     # Get and merge the group element data into the xccdf xml document and create an xml object to return

diff --git a/source/Module/Rule.HardCoded/Convert/HardCodedRule.Convert.psm1 b/source/Module/Rule.HardCoded/Convert/HardCodedRule.Convert.psm1
@@ -75,6 +75,13 @@ class HardCodedRuleConvert
     #>
     [object] SetRule ([xml.xmlelement] $XccdfRule, [string] $TypeName)
     {
+        # Support for HardCodedRule Split rule with Legacy Id present
+        $legacyId = ($XccdfRule.rule.ident | Where-Object -FilterScript {$PSItem.'#text' -match "^V-.*"}).'#text'
+        if ($XccdfRule.id -match '^V-.*\.[a-z]$' -and [string]::IsNullOrEmpty($legacyId) -eq $false)
+        {
+            $legacyId = '{0}.{1}' -f $legacyId, $XccdfRule.id.Split('.')[1]
+        }
+
         $newRule = New-Object -TypeName $TypeName -ArgumentList $XccdfRule
         $propertyHashtable = Get-HardCodedRuleProperty -CheckContent $XccdfRule.Rule.Check.'check-content'
         foreach ($property in $propertyHashtable.Keys)
@@ -85,6 +92,7 @@ class HardCodedRuleConvert
         {
             $newRule.set_OrganizationValueRequired($true)
         }
+        $newRule.set_LegacyId($legacyId)
         $newRule.set_Severity($XccdfRule.rule.severity)
         $newRule.set_Description($XccdfRule.rule.description)
         $newRule.set_RawString($XccdfRule.Rule.check.'check-content')

diff --git a/source/Module/Rule/Convert/ConvertFactory.psm1 b/source/Module/Rule/Convert/ConvertFactory.psm1
@@ -344,6 +344,10 @@ class ConvertFactory
             foreach ($convertedrule in $ruleTypeList)
             {
                 $convertedrule.id = "$($Rule.id).$([CHAR][BYTE]$byte)"
+                if ([string]::IsNullOrEmpty($convertedrule.LegacyId) -eq $false)
+                {
+                    $convertedrule.LegacyId = "$($convertedrule.LegacyId).$([CHAR][BYTE]$byte)"
+                }
                 $byte ++
             }
         }

diff --git a/source/Module/Rule/Rule.psm1 b/source/Module/Rule/Rule.psm1
@@ -43,6 +43,7 @@ foreach ($supportFile in $supportFileList)
 class Rule : ICloneable
 {
     [string] $Id
+    [string] $LegacyId
     [string] $Title
     [severity] $Severity
     [status] $ConversionStatus
@@ -102,6 +103,7 @@ class Rule : ICloneable
     {
         # This relaces the current Invokeclass method
         $this.Id = $Rule.Id
+        $this.LegacyId = ($rule.Rule.ident | Where-Object -FilterScript {$PSItem.'#text' -match "^V-.*"}).'#text'
         $this.Title = $Rule.Title
         $this.Severity = $Rule.rule.severity
         $this.Description = $Rule.rule.description

diff --git a/source/StigData/Processed/IISServer-10.0-2.1.xml b/source/StigData/Processed/IISServer-10.0-2.1.xml
diff --git a/source/StigData/Processed/IISServer-8.5-2.1.xml b/source/StigData/Processed/IISServer-8.5-2.1.xml