Framework/Core/SVT/SubscriptionSecurityStatus.ps1

Set-StrictMode -Version Latest 
class SubscriptionSecurityStatus: SVTCommandBase
{

    SubscriptionSecurityStatus([string] $subscriptionId, [InvocationInfo] $invocationContext): 
        Base($subscriptionId, $invocationContext)
    { 
        $this.UseBaselineControls = $invocationContext.BoundParameters["UseBaselineControls"];
        $this.UsePreviewBaselineControls = $invocationContext.BoundParameters["UsePreviewBaselineControls"];
        $this.BaselineFilterCheck();
    }

    hidden [SVTEventContext[]] RunForSubscription([string] $methodNameToCall)
    {
        [SVTEventContext[]] $result = @();        
        $svtClassName = [SVTMapping]::SubscriptionMapping.ClassName;

        $svtObject = $null;

        try
        {
            $extensionSVTClassName = $svtClassName + "Ext";
            $extensionSVTClassFilePath = [ConfigurationManager]::LoadExtensionFile($svtClassName);                
            if([string]::IsNullOrWhiteSpace($extensionSVTClassFilePath))
            {
                $svtObject = New-Object -TypeName $svtClassName -ArgumentList $this.SubscriptionContext.SubscriptionId
            }
            else {
                # file has to be loaded here due to scope contraint
                . $extensionSVTClassFilePath
                $svtObject = New-Object -TypeName $extensionSVTClassName -ArgumentList $this.SubscriptionContext.SubscriptionId
            }
        }
        catch
        {
            # Unwrapping the first layer of exception which is added by New-Object function
            $this.CommandError($_.Exception.InnerException.ErrorRecord);
        }

        if($svtObject)
        {
            $svtObject.RunningLatestPSModule = $this.RunningLatestPSModule
            $this.SetSVTBaseProperties($svtObject);
            $result += $svtObject.$methodNameToCall();    
            #$this.FetchRBACTelemetry($svtObject);
            [CustomData] $customData = [CustomData]::new();
            $customData.Name = "SubSVTObject";
            $customData.Value = $svtObject;
            $this.PublishCustomData($customData);        
        }

        #save result into local compliance report
        if($this.IsLocalComplianceStoreEnabled -and ($result | Measure-Object).Count -gt 0)
        {
            # Persist scan data to subscription
            try 
            {
                if($null -eq $this.ComplianceReportHelper)
                {
                    $this.ComplianceReportHelper = [ComplianceReportHelper]::new($this.SubscriptionContext, $this.GetCurrentModuleVersion())
                }
                if($this.ComplianceReportHelper.HaveRequiredPermissions())
                {
                    $this.ComplianceReportHelper.StoreComplianceDataInUserSubscription($result)
                }
                else
                {
                    $this.IsLocalComplianceStoreEnabled = $false;
                }
            }
            catch 
            {
                $this.PublishException($_);
            }
        }        
        [ListenerHelper]::RegisterListeners();
        
        return $result;
    }

    hidden [SVTEventContext[]] RunAllControls()
    {
        return $this.RunForSubscription("EvaluateAllControls")
    }
    hidden [SVTEventContext[]] FetchAttestationInfo()
    {
        return $this.RunForSubscription("FetchStateOfAllControls")
    }
    #BaseLineControlFilter Function
    [void] BaselineFilterCheck()
    {
        #Load ControlSetting Resource Types and Filter resources
        $scanSource = [AzSKSettings]::GetInstance().GetScanSource();
        #Load ControlSetting Resource Types and Filter resources
        [PartialScanManager] $partialScanMngr = [PartialScanManager]::GetInstance();        
        $baselineControlsDetails = $partialScanMngr.GetBaselineControlDetails()
        #If Scan source is in supported sources or baselineControls switch is available
        if ($null -ne $baselineControlsDetails -and ($baselineControlsDetails.SubscriptionControlIdList | Measure-Object).Count -gt 0 -and ($baselineControlsDetails.SupportedSources -contains $scanSource -or $this.UseBaselineControls))
        {
            
            #$this.PublishCustomMessage("Running cmdlet with baseline resource types and controls.", [MessageType]::Warning);
            #Get the list of baseline control ids
            $controlIds = $baselineControlsDetails.SubscriptionControlIdList
            $baselineControlIds = [system.String]::Join(",",$controlIds);        
            if(-not [system.String]::IsNullOrEmpty($baselineControlIds))
            {
                $this.ControlIds = $controlIds;            
            }
        }
        elseif (($baselineControlsDetails.SubscriptionControlIdList | Measure-Object).Count -eq 0 -and $this.UseBaselineControls) 
        {
            throw ([SuppressedException]::new(("There are no baseline controls defined for this policy. No controls will be scanned."), [SuppressedExceptionType]::Generic))
        }

        $previewBaselineControlsDetails = $partialScanMngr.GetPreviewBaselineControlDetails()
        #If Scan source is in supported sources or baselineControls switch is available
        if ($null -ne $previewBaselineControlsDetails -and ($previewBaselineControlsDetails.SubscriptionControlIdList | Measure-Object).Count -gt 0 -and ($previewBaselineControlsDetails.SupportedSources -contains $scanSource -or $this.UsePreviewBaselineControls))
        {
            #Get the list of baseline control ids
            $controlIds = $previewBaselineControlsDetails.SubscriptionControlIdList
            $previewBaselineControlIds = [system.String]::Join(",",$controlIds);        
            if(-not [system.String]::IsNullOrEmpty($previewBaselineControlIds))
            {
                $this.ControlIds += $controlIds;            
            }
        }
        elseif (($previewBaselineControlsDetails.SubscriptionControlIdList | Measure-Object).Count -eq 0 -and $this.UsePreviewBaselineControls) 
        {
            throw ([SuppressedException]::new(("There are no preview baseline controls defined for this policy. No controls will be scanned."), [SuppressedExceptionType]::Generic))
        }
    }    
}