Framework/Listeners/RemoteReports/AIOrgTelemetry.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
Set-StrictMode -Version Latest

class AIOrgTelemetry: ListenerBase {
    [Microsoft.ApplicationInsights.TelemetryClient] $TelemetryClient;

    hidden AIOrgTelemetry() {
        $this.TelemetryClient = [Microsoft.ApplicationInsights.TelemetryClient]::new()
    }

    hidden static [AIOrgTelemetry] $Instance = $null;

    static [AIOrgTelemetry] GetInstance() {
        if ( $null  -eq [AIOrgTelemetry]::Instance -or  $null  -eq [AIOrgTelemetry]::Instance.TelemetryClient) {
            [AIOrgTelemetry]::Instance = [AIOrgTelemetry]::new();
        }
        return [AIOrgTelemetry]::Instance
    }

    [void] RegisterEvents() {
        $this.UnregisterEvents();

        $this.RegisterEvent([AzSKRootEvent]::GenerateRunIdentifier, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                $runIdentifier = [AzSKRootEventArgument] ($Event.SourceArgs | Select-Object -First 1)
                $currentInstance.SetRunIdentifier($runIdentifier);
            }
            catch
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([SVTEvent]::EvaluationCompleted, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                $invocationContext = [System.Management.Automation.InvocationInfo] $currentInstance.InvocationContext
                $SVTEventContexts = [SVTEventContext[]] $Event.SourceArgs
                $featureGroup = [RemoteReportHelper]::GetFeatureGroup($SVTEventContexts)
                if($featureGroup -eq [FeatureGroup]::Subscription){
                    $currentInstance.PushSubscriptionScanResults($SVTEventContexts)
                }elseif($featureGroup -eq [FeatureGroup]::Service){
                    $currentInstance.PushServiceScanResults($SVTEventContexts)
                }else{
                }
            }
            catch
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([AzSKGenericEvent]::Exception, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = ($Event.SourceArgs | Select-Object -First 1)
                [AIOrgTelemetryHelper]::TrackException($er, $currentInstance.InvocationContext)
            }
            catch
            {
            }
        });

        $this.RegisterEvent([AzSKRootEvent]::CommandError, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [AIOrgTelemetryHelper]::TrackException($er, $currentInstance.InvocationContext)
            }
            catch
            {
            }
        });

        $this.RegisterEvent([SVTEvent]::CommandError, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [AIOrgTelemetryHelper]::TrackException($er, $currentInstance.InvocationContext)
            }
            catch
            {
            }
        });

        $this.RegisterEvent([SVTEvent]::EvaluationError, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [AIOrgTelemetryHelper]::TrackException($er, $currentInstance.InvocationContext)
            }
            catch
            {
            }
        });

        $this.RegisterEvent([SVTEvent]::ControlError, {
            $currentInstance = [AIOrgTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [AIOrgTelemetryHelper]::TrackException($er, $currentInstance.InvocationContext)
            }
            catch
            {
            }
        });
    }

    hidden [void] PushSubscriptionScanResults([SVTEventContext[]] $SVTEventContexts)
    {
        $SVTEventContextFirst = $SVTEventContexts[0]
        $baseProperties = @{
            "RunIdentifier" = $this.RunIdentifier;
            [TelemetryKeys]::FeatureGroup = [FeatureGroup]::Subscription;
            "ScanKind" = [RemoteReportHelper]::GetSubscriptionScanKind(
                $this.InvocationContext.MyCommand.Name,
                $this.InvocationContext.BoundParameters);
            "SubscriptionMetadata" = [Helpers]::ConvertToJsonCustomCompressed($SVTEventContextFirst.SubscriptionContext.SubscriptionMetadata);
        }
        $this.PushControlResults($SVTEventContexts, $baseProperties)
    }

    hidden [void] PushServiceScanResults([SVTEventContext[]] $SVTEventContexts)
    {
        $SVTEventContextFirst = $SVTEventContexts[0]
        $baseProperties = @{
            "RunIdentifier" = $this.RunIdentifier;
            [TelemetryKeys]::FeatureGroup = [FeatureGroup]::Service;
            "ScanKind" = [RemoteReportHelper]::GetServiceScanKind(
                $this.InvocationContext.MyCommand.Name,
                $this.InvocationContext.BoundParameters);
            "Feature" = $SVTEventContextFirst.FeatureName;
            "ResourceGroup" = $SVTEventContextFirst.ResourceContext.ResourceGroupName;
            "ResourceName" = $SVTEventContextFirst.ResourceContext.ResourceName;
            "ResourceId" = $SVTEventContextFirst.ResourceContext.ResourceId;
            "ResourceMetadata" = [Helpers]::ConvertToJsonCustomCompressed($SVTEventContextFirst.ResourceContext.ResourceMetadata);
        }
        $this.PushControlResults($SVTEventContexts, $baseProperties)
    }

    hidden [void] PushControlResults([SVTEventContext[]] $SVTEventContexts, [hashtable] $BaseProperties){
        $telemetryEvents = [System.Collections.ArrayList]::new()
        foreach($context in $SVTEventContexts){
            $propertiesCollection = $this.AttachControlProperties($BaseProperties, $context)
            foreach($properties in $propertiesCollection){
                $telemetryEvent = "" | Select-Object Name, Properties, Metrics
                $telemetryEvent.Name = "Control Scanned"
                $telemetryEvent.Properties = $properties
                $telemetryEvents.Add($telemetryEvent) | Out-Null
            }
        }
        [AIOrgTelemetryHelper]::TrackEvents($telemetryEvents);
    }

    hidden [hashtable[]] AttachControlProperties([hashtable] $BaseProperties, [SVTEventContext] $context){
        if($context -eq $null) {return  ([hashtable[]]([System.Collections.ArrayList]::new()))}
        $properties = @{}
        if ($BaseProperties -ne $null) {
            $properties = $BaseProperties.Clone()
        }
        $propertiesArray = [System.Collections.ArrayList]::new()
        $properties.Add("ControlIntId", $context.ControlItem.Id);
        $properties.Add("ControlId", $context.ControlItem.ControlID);
        $properties.Add("ControlSeverity", $context.ControlItem.ControlSeverity);
        if (!$context.ControlItem.Enabled) {
            $properties.Add("VerificationResult", [VerificationResult]::Disabled)
            $properties.Add("AttestationStatus", [AttestationStatus]::None)
            $propertiesArray.Add($properties) | Out-Null
        }else{
            $results = $context.ControlResults            
            if($results.Count -eq 1){
                $properties.Add("HasAttestationWritePermissions", $results[0].CurrentSessionContext.Permissions.HasAttestationWritePermissions)
                $properties.Add("HasAttestationReadPermissions", $results[0].CurrentSessionContext.Permissions.HasAttestationReadPermissions)
                $properties.Add("ActualVerificationResult", $results[0].ActualVerificationResult)
                $properties.Add("AttestationStatus", $results[0].AttestationStatus)
                $properties.Add("VerificationResult", $results[0].VerificationResult)
                $properties.Add("HasRequiredAccess", $results[0].CurrentSessionContext.Permissions.HasRequiredAccess)
                if($context.ResourceContext -ne $null){
                    if($context.ResourceContext.ResourceName -eq $results[0].ChildResourceName -or [string]::IsNullOrWhiteSpace($results[0].ChildResourceName)){
                        $properties.Add("IsNestedResource", 'No')
                        $properties.Add("NestedResourceName", "NA")
                    }else{
                        $properties.Add("IsNestedResource", 'Yes')
                        $properties.Add("NestedResourceName", $results[0].ChildResourceName)
                    }
                }
                if(($results[0].StateManagement -ne $null) -and ($results[0].StateManagement.AttestedStateData -ne $null)) {
                    $properties.Add("AttestedBy", $results[0].StateManagement.AttestedStateData.AttestedBy)
                    $properties.Add("Justification", $results[0].StateManagement.AttestedStateData.Justification)
                    $properties.Add("AttestedState", [Helpers]::ConvertToJsonCustomCompressed($results[0].StateManagement.AttestedStateData.DataObject))
                }
                if(($results[0].StateManagement -ne $null) -and ($results[0].StateManagement.CurrentStateData -ne $null)) {
                    $properties.Add("CurrentState", [Helpers]::ConvertToJsonCustomCompressed($results[0].StateManagement.CurrentStateData.DataObject))
                }
                $propertiesArray.Add($properties) | Out-Null
            }elseif($results.Count -gt 1){
                $properties.Add("IsNestedResource", 'Yes')
                foreach($result in $results){
                    $propertiesIn = $properties.Clone()
                    $propertiesIn.Add("ActualVerificationResult", $result.ActualVerificationResult)
                    $propertiesIn.Add("AttestationStatus", $result.AttestationStatus)
                    $propertiesIn.Add("VerificationResult", $result.VerificationResult)
                    $propertiesIn.Add("NestedResourceName", $result.ChildResourceName)
                    $propertiesIn.Add("HasRequiredAccess", $result.CurrentSessionContext.Permissions.HasRequiredAccess)
                    if(($result.StateManagement -ne $null) -and ($result.StateManagement.AttestedStateData -ne $null)) {
                        $propertiesIn.Add("AttestedBy", $result.StateManagement.AttestedStateData.AttestedBy)
                        $propertiesIn.Add("Justification", $result.StateManagement.AttestedStateData.Justification)
                        $propertiesIn.Add("AttestedState", [Helpers]::ConvertToJsonCustomCompressed($result.StateManagement.AttestedStateData.DataObject))
                    }
                    if(($result.StateManagement -ne $null) -and ($result.StateManagement.CurrentStateData -ne $null)) {
                        $propertiesIn.Add("CurrentState", [Helpers]::ConvertToJsonCustomCompressed($result.StateManagement.CurrentStateData.DataObject))
                    }
                    $propertiesArray.Add($propertiesIn) | Out-Null
                }
            }
        }
        $returnObj = [hashtable[]] $propertiesArray
        return $returnObj;
    }
}