Framework/Listeners/RemoteReports/UsageTelemetry.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
Set-StrictMode -Version Latest

class UsageTelemetry: ListenerBase {
    [Microsoft.ApplicationInsights.TelemetryClient] $TelemetryClient;

    hidden UsageTelemetry() {
        $this.TelemetryClient = [Microsoft.ApplicationInsights.TelemetryClient]::new()
        $this.TelemetryClient.InstrumentationKey = [Constants]::UsageTelemetryKey
    }

    hidden static [UsageTelemetry] $Instance = $null;

    static [UsageTelemetry] GetInstance() {
        if ( $null  -eq [UsageTelemetry]::Instance -or  $null  -eq [UsageTelemetry]::Instance.TelemetryClient) {
            [UsageTelemetry]::Instance = [UsageTelemetry]::new();
        }
        return [UsageTelemetry]::Instance
    }

    [void] RegisterEvents() {
        $this.UnregisterEvents();

        $this.RegisterEvent([AzSKRootEvent]::GenerateRunIdentifier, {
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                $runIdentifier = [AzSKRootEventArgument] ($Event.SourceArgs | Select-Object -First 1)
                $currentInstance.SetRunIdentifier($runIdentifier);
            }
            catch
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([SVTEvent]::EvaluationCompleted, {
            $azskSettings = [ConfigurationManager]::GetAzSKSettings();
            if($azskSettings.UsageTelemetryLevel -ne "Anonymous") { return; }
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                $invocationContext = [System.Management.Automation.InvocationInfo] $currentInstance.InvocationContext
                $SVTEventContexts = [SVTEventContext[]] $Event.SourceArgs
                $featureGroup = [RemoteReportHelper]::GetFeatureGroup($SVTEventContexts)
                if($featureGroup -eq [FeatureGroup]::Subscription){
                    [UsageTelemetry]::PushSubscriptionScanResults($currentInstance, $SVTEventContexts)
                }elseif($featureGroup -eq [FeatureGroup]::Service){
                    [UsageTelemetry]::PushServiceScanResults($currentInstance, $SVTEventContexts)
                }else{

                }
            }
            catch
            {
                $currentInstance.PublishException($_);
            }
            $currentInstance.TelemetryClient.Flush()
        });

        $this.RegisterEvent([AzSKGenericEvent]::Exception, {
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = ($Event.SourceArgs | Select-Object -First 1)
                [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er);
            }
            catch
            {
            }
        });

        $this.RegisterEvent([AzSKRootEvent]::CommandError, {
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er);
            }
            catch
            {
            }
        });

        $this.RegisterEvent([SVTEvent]::CommandError, {
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er);
            }
            catch
            {
            }
        });

        $this.RegisterEvent([SVTEvent]::EvaluationError, {
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er);
            }
            catch
            {
            }
        });

        $this.RegisterEvent([SVTEvent]::ControlError, {
            $currentInstance = [UsageTelemetry]::GetInstance();
            try
            {
                [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage
                [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er);
            }
            catch
            {
            }
        });
    }

    static [void] PushSubscriptionScanResults(
        [UsageTelemetry] $Publisher, `
        [SVTEventContext[]] $SVTEventContexts)
    {
        $eventData = @{
            [TelemetryKeys]::FeatureGroup = [FeatureGroup]::Subscription;
            "ScanKind" = [RemoteReportHelper]::GetSubscriptionScanKind(
                $Publisher.InvocationContext.MyCommand.Name,
                $Publisher.InvocationContext.BoundParameters);
        }
        $SVTEventContexts | ForEach-Object {
            $context = $_
            [hashtable] $eventDataClone = $eventData.Clone();
            $eventDataClone.Add("ControlIntId", $context.ControlItem.Id);
            $eventDataClone.Add("ControlId", $context.ControlItem.ControlID);
            $eventDataClone.Add("ControlSeverity", $context.ControlItem.ControlSeverity);
            if ($context.ControlItem.Enabled) {
                $eventDataClone.Add("ActualVerificationResult", $context.ControlResults[0].ActualVerificationResult)
                $eventDataClone.Add("AttestationStatus", $context.ControlResults[0].AttestationStatus)
                $eventDataClone.Add("VerificationResult", $context.ControlResults[0].VerificationResult)
            }
            else {
                $eventDataClone.Add("ActualVerificationResult", [VerificationResult]::Disabled)
                $eventDataClone.Add("AttestationStatus", [AttestationStatus]::None)
                $eventDataClone.Add("VerificationResult", [VerificationResult]::Disabled)
            }
            [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{})
        }
    }

    static [void] PushServiceScanResults(
        [UsageTelemetry] $Publisher, `
        [SVTEventContext[]] $SVTEventContexts)
    {
        $NA = "NA"
        $SVTEventContextFirst = $SVTEventContexts[0]
        $eventData = @{
            [TelemetryKeys]::FeatureGroup = [FeatureGroup]::Service;
            "ScanKind" = [RemoteReportHelper]::GetServiceScanKind(
                $Publisher.InvocationContext.MyCommand.Name,
                $Publisher.InvocationContext.BoundParameters);
            "Feature" = $SVTEventContextFirst.FeatureName;
            "ResourceGroup" = [RemoteReportHelper]::Mask($SVTEventContextFirst.ResourceContext.ResourceGroupName);
            "ResourceName" = [RemoteReportHelper]::Mask($SVTEventContextFirst.ResourceContext.ResourceName);
            "ResourceId" = [RemoteReportHelper]::Mask($SVTEventContextFirst.ResourceContext.ResourceId);
        }
        $SVTEventContexts | ForEach-Object {
            $SVTEventContext = $_
            [hashtable] $eventDataClone = $eventData.Clone()
            $eventDataClone.Add("ControlIntId", $SVTEventContext.ControlItem.Id);
            $eventDataClone.Add("ControlId", $SVTEventContext.ControlItem.ControlID);
            $eventDataClone.Add("ControlSeverity", $SVTEventContext.ControlItem.ControlSeverity);
            if (!$SVTEventContext.ControlItem.Enabled) {
                $eventDataClone.Add("ActualVerificationResult", [VerificationResult]::Disabled)
                $eventDataClone.Add("AttestationStatus", [AttestationStatus]::None)
                $eventDataClone.Add("VerificationResult", [VerificationResult]::Disabled)
                [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{})
            }
            elseif ($SVTEventContext.ControlResults.Count -eq 1 -and `
                ($SVTEventContextFirst.ResourceContext.ResourceName -eq $SVTEventContext.ControlResults[0].ChildResourceName -or `
                    [string]::IsNullOrWhiteSpace($SVTEventContext.ControlResults[0].ChildResourceName)))
            {
                $eventDataClone.Add("ActualVerificationResult", $SVTEventContext.ControlResults[0].ActualVerificationResult)
                $eventDataClone.Add("AttestationStatus", $SVTEventContext.ControlResults[0].AttestationStatus)
                $eventDataClone.Add("VerificationResult", $SVTEventContext.ControlResults[0].VerificationResult)
                $eventDataClone.Add("IsNestedResource", 'No')
                $eventDataClone.Add("NestedResourceName", $NA)
                [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{})
            }
            elseif ($SVTEventContext.ControlResults.Count -eq 1 -and `
                $SVTEventContextFirst.ResourceContext.ResourceName -ne $SVTEventContext.ControlResults[0].ChildResourceName)
            {
                $eventDataClone.Add("ActualVerificationResult", $SVTEventContext.ControlResults[0].ActualVerificationResult)
                $eventDataClone.Add("AttestationStatus", $SVTEventContext.ControlResults[0].AttestationStatus)
                $eventDataClone.Add("VerificationResult", $SVTEventContext.ControlResults[0].VerificationResult)
                $eventDataClone.Add("IsNestedResource", 'Yes')
                $eventDataClone.Add("NestedResourceName", [RemoteReportHelper]::Mask($SVTEventContext.ControlResults[0].ChildResourceName))
                [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{})
            }
            elseif ($SVTEventContext.ControlResults.Count -gt 1)
            {
                $eventDataClone.Add("IsNestedResource", 'Yes')
                $SVTEventContext.ControlResults | Foreach-Object {
                    [hashtable] $eventDataCloneL2 = $eventDataClone.Clone()
                    $eventDataCloneL2.Add("ActualVerificationResult", $_.ActualVerificationResult)
                    $eventDataCloneL2.Add("AttestationStatus", $_.AttestationStatus)
                    $eventDataCloneL2.Add("VerificationResult", $_.VerificationResult)
                    $eventDataCloneL2.Add("NestedResourceName", [RemoteReportHelper]::Mask($_.ChildResourceName))
                    [UsageTelemetry]::PushEvent($Publisher, $eventDataCloneL2, @{})
                }
            }
        }
    }

    static [void] PushEvent([UsageTelemetry] $Publisher, `
                            [hashtable] $Properties, [hashtable] $Metrics)
    {
        try{
            [UsageTelemetry]::SetCommonProperties($Publisher, $Properties);
            $event = [Microsoft.ApplicationInsights.DataContracts.EventTelemetry]::new()
            $event.Name = "Control Scanned"
            $Properties.Keys | ForEach-Object {
                try{
                    $event.Properties.Add($_, $Properties[$_].ToString());
                }
                catch{
                }
            }
            $Metrics.Keys | ForEach-Object {
                try{
                    $event.Metrics.Add($_, $Metrics[$_]);
                }
                catch{
                }
            }
            $Publisher.TelemetryClient.TrackEvent($event);
        }
        catch{
        }
    }

    static [void] PushException([UsageTelemetry] $Publisher, `
                            [hashtable] $Properties, [hashtable] $Metrics, `
                            [System.Management.Automation.ErrorRecord] $ErrorRecord)
    {
        try{
            [UsageTelemetry]::SetCommonProperties($Publisher, $Properties);
            $ex = [Microsoft.ApplicationInsights.DataContracts.ExceptionTelemetry]::new()
            $ex.Exception = $ErrorRecord.Exception
            try{
                $ex.Properties.Add("ScriptStackTrace", [UsageTelemetry]::AnonScriptStackTrace($ErrorRecord.ScriptStackTrace))
            }catch{}
            $Properties.Keys | ForEach-Object {
                try{
                    $ex.Properties.Add($_, $Properties[$_].ToString());
                }
                catch{
                }
            }
            $Metrics.Keys | ForEach-Object {
                try{
                    $ex.Metrics.Add($_, $Metrics[$_]);
                }
                catch{
                }
            }
            $Publisher.TelemetryClient.TrackException($ex)
            $Publisher.TelemetryClient.Flush()
        }
        catch{
        }
    }

    hidden static [void] SetCommonProperties([UsageTelemetry] $Publisher, [hashtable] $Properties)
    {
        try{
            $NA = "NA";
            $Properties.Add("InfoVersion", "V1");
            try{
                $Properties.Add("ScanSource", [RemoteReportHelper]::GetScanSource());
            }catch{}
            try{
                $Properties.Add("ScannerVersion", $Publisher.GetCurrentModuleVersion());
            }catch{}
            try{
                $Properties.Add("ControlVersion", $Publisher.GetCurrentModuleVersion());
            }catch{}
            try{
                $azureContext = Get-AzureRmContext
                try{
                    $Properties.Add([TelemetryKeys]::SubscriptionId, [RemoteReportHelper]::Mask($azureContext.Subscription.Id))
                }catch{}
                try{
                    $Properties.Add([TelemetryKeys]::SubscriptionName, [RemoteReportHelper]::Mask($azureContext.Subscription.Name))
                }catch{}
                try{
                    $Properties.Add("AzureEnv", $azureContext.Environment.Name)
                }catch{}
                try{
                    $Properties.Add("TenantId", [RemoteReportHelper]::Mask($azureContext.Tenant.Id))
                }catch{}
                try{
                    $Properties.Add("AccountId", [RemoteReportHelper]::Mask($azureContext.Account.Id))
                }catch{}
                try{
                    $Properties.Add("RunIdentifier",  [RemoteReportHelper]::Mask($azureContext.Account.Id + '##' + $Publisher.RunIdentifier));
                }catch{
                    $Properties.Add("RunIdentifier",  $Publisher.RunIdentifier);
                }
                try{
                    $Properties.Add("AccountType", $azureContext.Account.Type)
                }catch{}
            }catch{
            }
        }
        catch{
        }
    }

    hidden static [string] AnonScriptStackTrace([string] $ScriptStackTrace)
    {
        try{
            $ScriptStackTrace = $ScriptStackTrace.Replace($env:USERNAME, "USERNAME")
            $lines = $ScriptStackTrace.Split([System.Environment]::NewLine, [System.StringSplitOptions]::RemoveEmptyEntries)
            $newLines = $lines | ForEach-Object {
                $line = $_
                $lineSplit = $line.Split(@(", "), [System.StringSplitOptions]::RemoveEmptyEntries);
                if($lineSplit.Count -eq 2){
                    $filePath = $lineSplit[1];
                    $startMarker = $filePath.IndexOf("AzSK")
                    if($startMarker -gt 0){
                        $anonFilePath = $filePath.Substring($startMarker, $filePath.Length - $startMarker)
                        $newLine = $lineSplit[0] + ", " + $anonFilePath
                        $newLine
                    }
                    else{
                        $line
                    }
                }
                else{
                    $line
                }
            }
            return ($newLines | Out-String)
        }
        catch{
            return $ScriptStackTrace
        }
    }
}