Skip to content

Commit

Permalink
updated Get-StigRule to include legacyid support (#801)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bcwilhite
bcwilhite committed Dec 14, 2020
1 parent fcb8de3 commit 9fb1d70
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
* Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2016 STIG - Ver 2, Rel 1: [#782](https://github.com/microsoft/PowerStig/issues/782)
* Update PowerSTIG to successfully parse/apply Microsoft Windows Server 2019 STIG - Ver 2, Rel 1 [#787](https://github.com/microsoft/PowerStig/issues/787)
* Update PowerSTIG to include LegacyId to assist in determining Legacy Vuln Ids with the new DISA standard: [#788](https://github.com/microsoft/PowerStig/issues/788)
* Update PowerSTIG to include LegacyId query via Get-StigRule function: [#800](https://github.com/microsoft/PowerStig/issues/800)
* Update PowerSTIG to fix LegacyId logic: [#791](https://github.com/microsoft/PowerStig/issues/791)

## [4.6.0] - 2020-12-01
Expand Down
23 changes: 23 additions & 0 deletions Tests/Unit/Module/STIG.RuleQuery.tests.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ $xmlTestData = @'
<Rule id="V-1000" severity="medium" conversionstatus="pass" title="SRG-APP-000000" dscresource="Registry">
<Description>&lt;VulnDiscussion&gt;Test STIG Description&lt;/VulnDiscussion&gt;&lt;</Description>
<DuplicateOf />
<LegacyId>V-1111</LegacyId>
<Ensure>Present</Ensure>
<IsNullOrEmpty>False</IsNullOrEmpty>
<Key>HKEY_LOCAL_MACHINE\Software\Microsoft\TestKeyData</Key>
Expand Down Expand Up @@ -57,6 +58,28 @@ try
$getStigRuleResult.OrganizationValueRequired | Should -Be 'False'
$getStigRuleResult.OrganizationValueTestString | Should -Be $([string]::Empty)
$getStigRuleResult.VulnId | Should -Be 'V-1000'
$getStigRuleResult.LegacyId | Should -Be 'V-1111'
$getStigRuleResult.Ensure | Should -Be 'Present'
$getStigRuleResult.Key | Should -Be 'HKEY_LOCAL_MACHINE\Software\Microsoft\TestKeyData'
$getStigRuleResult.ValueData | Should -Be 'TestValueData'
$getStigRuleResult.ValueName | Should -Be 'TestValueName'
$getStigRuleResult.ValueType | Should -Be 'String'
}

It 'Should return a V-1000 Rule PSCustomObject Detailed' {
$getStigRuleResult = Get-StigRule -LegacyId 'V-1111' -ProcessedXmlPath $testProcessedXml -Detailed
$getStigRuleResult.StigId | Should -Be 'TestSTIGData'
$getStigRuleResult.StigVersion | Should -Be '1.1'
$getStigRuleResult.Severity | Should -Be 'medium'
$getStigRuleResult.Title | Should -Be 'SRG-APP-000000'
$getStigRuleResult.Description | Should -Be 'Test STIG Description'
$getStigRuleResult.RuleType | Should -Be 'RegistryRule'
$getStigRuleResult.DscResource | Should -Be 'Registry'
$getStigRuleResult.DuplicateOf | Should -Be $([string]::Empty)
$getStigRuleResult.OrganizationValueRequired | Should -Be 'False'
$getStigRuleResult.OrganizationValueTestString | Should -Be $([string]::Empty)
$getStigRuleResult.VulnId | Should -Be 'V-1000'
$getStigRuleResult.LegacyId | Should -Be 'V-1111'
$getStigRuleResult.Ensure | Should -Be 'Present'
$getStigRuleResult.Key | Should -Be 'HKEY_LOCAL_MACHINE\Software\Microsoft\TestKeyData'
$getStigRuleResult.ValueData | Should -Be 'TestValueData'
Expand Down
34 changes: 30 additions & 4 deletions source/Module/STIG/Functions.RuleQuery.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ using module ..\Rule\Rule.psm1
VulnId within PowerSTIG is typically labled as the RuleId, which
may not be consistent with DISA terminology.
.PARAMETER LegacyId
Specify the "previous" VulnId/RuleId, prior to DISA October 2020 Id
updates.
.PARAMETER ProcessedXmlPath
Either the folder where the processed xml resides or a specific xml path.
The default is .\StigData\Processed\*.xml
Expand All @@ -27,12 +31,17 @@ function Get-StigRule
[OutputType([PSCustomObject])]
param
(
[Parameter(Mandatory = $true, Position = 0)]
[Parameter(Mandatory = $true, Position = 0, ParameterSetName = 'VulnId')]
[ValidateScript({$_ -match '^V-\d{1,}(|\.[a-z])$'})]
[Alias("RuleId")]
[string[]]
$VulnId,

[Parameter(Mandatory = $true, ParameterSetName = 'LegacyId')]
[ValidateScript({$_ -match '^V-\d{1,}(|\.[a-z])$'})]
[string[]]
$LegacyId,

[Parameter()]
[ValidateScript({Test-Path -Path $_})]
[string]
Expand All @@ -43,7 +52,23 @@ function Get-StigRule
$Detailed
)

$vulnIdPattern = '<Rule\s+id\s*="{0}"' -f $VulnId
switch ($PSCmdlet.ParameterSetName)
{
'VulnId'
{
$vulnIdPattern = '<Rule\s+id\s*="{0}"' -f $VulnId
$patternReplacement = '<Rule\s+id\s*="'
$xmlXPathPattern = '//Rule[@id = "{0}"]'
}

'LegacyId'
{
$vulnIdPattern = '<LegacyId>{0}' -f $LegacyId
$patternReplacement = '<LegacyId>'
$xmlXPathPattern = '//Rule[LegacyId="{0}"]'
}
}

$processedXml = Select-String -Path $ProcessedXmlPath -Pattern $vulnIdPattern -Exclude '*.org.default.xml' | Sort-Object -Property Pattern

if ($null -eq $processedXml)
Expand All @@ -58,8 +83,8 @@ function Get-StigRule
foreach ($technologyXml in $processedXml)
{
# based on the VulnId specificed use XPath to search the xml object
$vulnIdFromXml = $technologyXml.Pattern.Replace('<Rule\s+id\s*="', $null).Replace('"', $null)
$ruleIdXPath = '//Rule[@id = "{0}"]' -f $vulnIdFromXml
$vulnIdFromXml = $technologyXml.Pattern.Replace($patternReplacement, $null).Replace('"', $null)
$ruleIdXPath = $xmlXPathPattern -f $vulnIdFromXml
[xml] $xml = Get-Content -Path $technologyXml.Path
$ruleData = $xml.DISASTIG.SelectNodes($ruleIdXPath)
$ruleType = $ruleData.ParentNode.ToString()
Expand All @@ -84,6 +109,7 @@ function Get-StigRule
StigId = $xml.DISASTIG.stigid
StigVersion = $xml.DISASTIG.fullversion
VulnId = $ruleData.id
LegacyId = $ruleData.LegacyId
Severity = $ruleData.severity
Title = $ruleData.title
Description = $ruleDescriptionValue
Expand Down

0 comments on commit 9fb1d70

Please sign in to comment.