Framework/Core/SVT/SubscriptionSecurityStatus.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Set-StrictMode -Version Latest 
class SubscriptionSecurityStatus: SVTCommandBase
{

    SubscriptionSecurityStatus([string] $subscriptionId, [InvocationInfo] $invocationContext): 
        Base($subscriptionId, $invocationContext)
    { 
        $this.UseBaselineControls = $invocationContext.BoundParameters["UseBaselineControls"];
        $this.BaselineFilterCheck();
    }

    hidden [SVTEventContext[]] RunForSubscription([string] $methodNameToCall)
    {
        [SVTEventContext[]] $result = @();        
        $svtClassName = [SVTMapping]::SubscriptionMapping.ClassName

        $svtObject = $null;

        try
        {
            $svtObject = New-Object -TypeName $svtClassName -ArgumentList $this.SubscriptionContext.SubscriptionId
        }
        catch
        {
            # Unwrapping the first layer of exception which is added by New-Object function
            $this.CommandError($_.Exception.InnerException.ErrorRecord);
        }

        if($svtObject)
        {
            $svtObject.RunningLatestPSModule = $this.RunningLatestPSModule
            $this.SetSVTBaseProperties($svtObject);
            $result += $svtObject.$methodNameToCall();            
        }
        
        [ListenerHelper]::RegisterListeners();
        
        return $result;
    }
    hidden [SVTEventContext[]] RunAllControls()
    {
        return $this.RunForSubscription("EvaluateAllControls")
    }
    hidden [SVTEventContext[]] FetchAttestationInfo()
    {
        return $this.RunForSubscription("FetchStateOfAllControls")
    }
    #BaseLineControlFilter Function
    [void] BaselineFilterCheck()
    {
        #Load ControlSetting Resource Types and Filter resources
        $scanSource = [AzSKSettings]::GetInstance().GetScanSource();
        #Load ControlSetting Resource Types and Filter resources
        [ControlBaselineManager] $controlBaselineMngr = [ControlBaselineManager]::GetInstance();        
        $baselineControlsDetails = $controlBaselineMngr.GetBaselineControlDetails()
        #If Scan source is in suported sources or baselineControls switch is available
        if ($null -ne $baselineControlsDetails -and ($baselineControlsDetails.SubscriptionControlIdList | Measure-Object).Count -gt 0 -and ($baselineControlsDetails.SupportedSources -contains $scanSource -or $this.UseBaselineControls))
        {
            
            #$this.PublishCustomMessage("Running cmdlet with baseline resource types and controls.", [MessageType]::Warning);
            #Get the list of baseline control ids
            $controlIds = $baselineControlsDetails.SubscriptionControlIdList
            $baselineControlIds = [system.String]::Join(",",$controlIds);        
            if(-not [system.String]::IsNullOrEmpty($baselineControlIds))
            {
                $this.ControlIds = $controlIds;            
            }
        }
    }
}