Framework/Helpers/RemoteApiHelper.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Set-StrictMode -Version Latest

class RemoteApiHelper {
    hidden static [string] $ApiBaseEndpoint = [ConfigurationManager]::GetAzSKConfigData().AzSKApiBaseURL; #"https://localhost:44348/api"

    hidden static [string] GetAccessToken() {
        return [Helpers]::GetAccessToken("https://management.core.windows.net/");
    }

    hidden static [psobject] PostContent($uri, $content, $type) {
        try {
            $accessToken = [RemoteApiHelper]::GetAccessToken()
            $result = Invoke-WebRequest -Uri $([RemoteApiHelper]::ApiBaseEndpoint + $uri) `
                -Method Post `
                -Body $content `
                -ContentType $type `
                -Headers @{"Authorization" = "Bearer $accessToken"} `
                -UseBasicParsing
            return $result
        }
        catch {
            return "ERROR"
        }
    }

    hidden static [psobject] PostJsonContent($uri, $obj) {
        $postContent = [Helpers]::ConvertToJsonCustomCompressed($obj)
        return [RemoteApiHelper]::PostContent($uri, $postContent, "application/json")
    }

    static [void] PostSubscriptionScanResult($scanResult) {
        [RemoteApiHelper]::PostJsonContent("/scanresults/subscription", $scanResult) | Out-Null
    }

    static [void] PostServiceScanResult($scanResult) {
        [RemoteApiHelper]::PostJsonContent("/scanresults/service", $scanResult) | Out-Null
    }

    static [void] PostResourceInventory($resources) {
        [RemoteApiHelper]::PostJsonContent("/inventory/resources", $resources) | Out-Null
    }

    static [void] PostResourceControlsInventory($resourceControlData) {
        [RemoteApiHelper]::PostJsonContent("/inventory/resourceControls", $resourceControlData) | Out-Null
    }

    static [void] PostResourceFlatInventory($resourcesFlat) {
        [RemoteApiHelper]::PostJsonContent("/inventory/resourcesflat", $resourcesFlat) | Out-Null
    }

    static [void] PostApplicableControlSet([SVTEventContext[]] $contexts) {
        if (($contexts | Measure-Object).Count -lt 1) { return; }
        $set = [RemoteApiHelper]::ConvertToSimpleSet($contexts);
        [RemoteApiHelper]::PostJsonContent("/scanresults/service/applicable", $set) | Out-Null
    }
    
    static [void] PostRBACTelemetry([TelemetryRBAC[]] $RBACAccess){
        [RemoteApiHelper]::PostJsonContent("/inventory/RBACTelemetry", $RBACAccess) | Out-Null    
    }

    hidden static [psobject] ConvertToSimpleSet([SVTEventContext[]] $contexts) {
        $firstContext = $contexts[0]
        $set = "" | Select-Object "SubscriptionId", "SubscriptionName", "Source", "ScannerVersion", "ControlVersion", "ControlSet"
        $set.SubscriptionId = $firstContext.SubscriptionContext.SubscriptionId
        $set.SubscriptionName = $firstContext.SubscriptionContext.SubscriptionName
        $set.Source = [RemoteReportHelper]::GetScanSource()
        #RENAME
        $module = Get-Module 'AzSK*' | Select-Object -First 1
        $set.ScannerVersion = $module.Version.ToString()
        $set.ControlVersion = $module.Version.ToString()
        $set.ControlSet = [System.Collections.ArrayList]::new()
        foreach ($item in $contexts) {
            $controlItem = "" | Select-Object "FeatureName", "ResourceGroupName", "ResourceName", "ResourceId", "ControlIntId", "ControlId", "ControlSeverity"
            $controlItem.FeatureName = $item.FeatureName
            if([Helpers]::CheckMember($item,"ResourceContext"))
            {
                $controlItem.ResourceGroupName = $item.ResourceContext.ResourceGroupName
                $controlItem.ResourceName = $item.ResourceContext.ResourceName
                $controlItem.ResourceId = $item.ResourceContext.ResourceId
            }            
            
            $controlItem.ControlIntId = $item.ControlItem.Id
            $controlItem.ControlId = $item.ControlItem.ControlID
            $controlItem.ControlSeverity = $item.ControlItem.ControlSeverity
            $set.ControlSet.Add($controlItem) | Out-Null
        }
        return $set;
    }

    static [void] PushFeatureControlsTelemetry($ResourceControlsData)
    {        
        if($null -ne $ResourceControlsData.ResourceContext -and ($ResourceControlsData.Controls | Measure-Object).Count -gt 0)
        {
            $ResourceControlsDataMini = "" | Select-Object ResourceName, ResourceGroupName, ResourceId, Controls, ChildResourceNames
            $ResourceControlsDataMini.ResourceName = $ResourceControlsData.ResourceContext.ResourceName;
            $ResourceControlsDataMini.ResourceGroupName = $ResourceControlsData.ResourceContext.ResourceGroupName;
            $ResourceControlsDataMini.ResourceId = $ResourceControlsData.ResourceContext.ResourceId;
            $controls = @();
            $ResourceControlsData.Controls | ForEach-Object {
                $control = "" | Select-Object ControlStringId, ControlId;
                $control.ControlStringId = $_.ControlId;
                $control.ControlId = $_.Id;
                $controls += $control;
            }
            $ResourceControlsDataMini.Controls = $controls;        
            $ResourceControlsDataMini.ChildResourceNames = $ResourceControlsData.ChildResourceNames;   

            [RemoteApiHelper]::PostResourceControlsInventory($ResourceControlsDataMini);
        }
    }
}