Framework/Listeners/UserReports/WriteSummaryFile.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
Set-StrictMode -Version Latest 
class WriteSummaryFile: FileOutputBase
{   
    hidden static [WriteSummaryFile] $Instance = $null;

    static [WriteSummaryFile] GetInstance()
    {
        if ( $null -eq  [WriteSummaryFile]::Instance)
        {
            [WriteSummaryFile]::Instance = [WriteSummaryFile]::new();
        }
    
        return [WriteSummaryFile]::Instance
    }

    [void] RegisterEvents()
    {
        $this.UnregisterEvents();       

        $this.RegisterEvent([AzSKRootEvent]::GenerateRunIdentifier, {
            $currentInstance = [WriteSummaryFile]::GetInstance();
            try 
            {
                $currentInstance.SetRunIdentifier([AzSKRootEventArgument] ($Event.SourceArgs | Select-Object -First 1));            
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([SVTEvent]::CommandStarted, {
            $currentInstance = [WriteSummaryFile]::GetInstance();
            try 
            {
                $currentInstance.SetFilePath($Event.SourceArgs.SubscriptionContext, ("SecurityReport-" + $currentInstance.RunIdentifier + ".csv"));
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });
        
        $this.RegisterEvent([SVTEvent]::CommandCompleted, {
            $currentInstance = [WriteSummaryFile]::GetInstance();
            
            if(($Event.SourceArgs.ControlResults|Where-Object{$_.VerificationResult -ne[VerificationResult]::NotScanned}|Measure-Object).Count -gt 0)
            {
                $currentInstance.SetFilePath($Event.SourceArgs[0].SubscriptionContext, ("SecurityReport-" + $currentInstance.RunIdentifier + ".csv"));
            }
            else
            {
                # While running GAI -InfoType AttestationInfo, no controls are evaluated. So the value of VerificationResult is by default NotScanned for all controls.
                # In that case the csv file should be renamed to AttestationReport.
                $currentInstance.SetFilePath($Event.SourceArgs[0].SubscriptionContext, ("AttestationReport-" + $currentInstance.RunIdentifier + ".csv"));
            }

            # Export CSV Report
            try 
            {
                $currentInstance.WriteToCSV($Event.SourceArgs);
                $currentInstance.FilePath = "";
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }

        });

        $this.RegisterEvent([AzSKRootEvent]::UnsupportedResources, {
            $currentInstance = [WriteSummaryFile]::GetInstance();
            try 
            {
                $message = $Event.SourceArgs.Messages | Select-Object -First 1
                if($message -and $message.DataObject)
                {
                    $filePath = $currentInstance.CalculateFilePath($Event.SourceArgs.SubscriptionContext, [FileOutputBase]::ETCFolderPath, ("UnsupportedResources-" + $currentInstance.RunIdentifier + ".csv.LOG"));
                    $message.DataObject | Export-Csv $filePath -NoTypeInformation
                }
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([AzSKRootEvent]::WriteCSV, {
            $currentInstance = [WriteSummaryFile]::GetInstance();
            try 
            {
                $fileName = 'Control Details';
                $folderPath = '';
                $fileExtension = 'csv';

                $message = $Event.SourceArgs.Messages | Select-Object -First 1
                if($message -and $message.DataObject)
                {
                    if(-not [string]::IsNullOrEmpty($message.DataObject.FileName))
                    {
                        $fileName = $message.DataObject.FileName
                    }
                    if(-not [string]::IsNullOrEmpty($message.DataObject.FolderPath))
                    {
                        $folderPath = $message.DataObject.FolderPath
                    }
                    if(-not [string]::IsNullOrEmpty($message.DataObject.FileExtension))
                    {
                        $fileExtension = $message.DataObject.FileExtension
                    }
                        
                    $filePath = $currentInstance.CalculateFilePath($Event.SourceArgs.SubscriptionContext, $folderPath, ($fileName + "." + $fileExtension));
                    $message.DataObject.MessageData | Export-Csv $filePath -NoTypeInformation
                }
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });
    }

   [void] WriteToCSV([SVTEventContext[]] $arguments)
    {
        if ([string]::IsNullOrEmpty($this.FilePath)) {
            return;
        }
        [CsvOutputItem[]] $csvItems = @();
        $anyAttestedControls = $null -ne ($arguments | 
            Where-Object { 
                $null -ne ($_.ControlResults | Where-Object { $_.AttestationStatus -ne [AttestationStatus]::None } | Select-Object -First 1) 
            } | Select-Object -First 1);

        #$anyFixableControls = $null -ne ($arguments | Where-Object { $_.ControlItem.FixControl } | Select-Object -First 1);

        $arguments | ForEach-Object {
            $item = $_
            if ($item -and $item.ControlResults) {
                $item.ControlResults | ForEach-Object{
                    $csvItem = [CsvOutputItem]@{
                        ControlID = $item.ControlItem.ControlID;
                        ControlSeverity = $item.ControlItem.ControlSeverity;
                        Description = $item.ControlItem.Description;
                        FeatureName = $item.FeatureName;
                        ChildResourceName = $_.ChildResourceName;
                        Recommendation = $item.ControlItem.Recommendation;    
                
                    };
                    if($_.VerificationResult -ne [VerificationResult]::NotScanned)
                    {
                        $csvItem.Status = $_.VerificationResult.ToString();
                    }
                    if($this.InvocationContext.BoundParameters['IncludeUserComments'] -eq $True)
                    {
                      $csvItem.UserComments=$_.UserComments;    
                    }
                    #if($anyFixableControls)
                    #{
                    if($item.ControlItem.FixControl)
                    {
                        $csvItem.SupportsAutoFix = "Yes";
                    }
                    else
                    {
                        $csvItem.SupportsAutoFix = "No";
                    }
                    #}
                    
                    if($item.ControlItem.IsBaselineControl)
                    {
                        $csvItem.IsBaselineControl = "Yes";
                    }
                    else
                    {
                        $csvItem.IsBaselineControl = "No";
                    }
            
                    if($anyAttestedControls)
                    {
                        $csvItem.ActualStatus = $_.ActualVerificationResult.ToString();
                    }

                    if($item.IsResource())
                    {
                        $csvItem.ResourceName = $item.ResourceContext.ResourceName;
                        $csvItem.ResourceGroupName = $item.ResourceContext.ResourceGroupName;
                        $csvItem.ResourceId = $item.ResourceContext.ResourceId;
                        $csvItem.DetailedLogFile = "/$([Helpers]::SanitizeFolderName($item.ResourceContext.ResourceGroupName))/$($item.FeatureName).LOG";
                    }
                    else
                    {
                        $csvItem.ResourceId = $item.SubscriptionContext.scope;
                        $csvItem.DetailedLogFile = "/$([Helpers]::SanitizeFolderName($item.SubscriptionContext.SubscriptionName))/$($item.FeatureName).LOG"
                    }

                    if($_.AttestationStatus -ne [AttestationStatus]::None)
                    {
                        $csvItem.AttestedSubStatus = $_.AttestationStatus.ToString();
                        if($null -ne $_.StateManagement -and $null -ne $_.StateManagement.AttestedStateData)
                        {
                            $csvItem.AttesterJustification = $_.StateManagement.AttestedStateData.Justification
                            $csvItem.AttestedBy =  $_.StateManagement.AttestedStateData.AttestedBy
                            if(![string]::IsNullOrWhiteSpace($_.StateManagement.AttestedStateData.ExpiryDate))
                            {
                                $csvItem.AttestationExpiryDate =  $_.StateManagement.AttestedStateData.ExpiryDate
                            }
                        }
                    }
                    
                    $csvItems += $csvItem;
                }                                
            }
        } 

        if ($csvItems.Count -gt 0) {
            # Remove Null properties
            $nonNullProps = @();
            
            [CsvOutputItem].GetMembers() | Where-Object { $_.MemberType -eq [System.Reflection.MemberTypes]::Property } | ForEach-Object {
                $propName = $_.Name;
                if(($csvItems | Where-object { -not [string]::IsNullOrWhiteSpace($_.$propName) } | Measure-object).Count -ne 0)
                {
                    $nonNullProps += $propName;
                }
            };
            if($this.InvocationContext.BoundParameters['IncludeUserComments'] -eq $true -and -not ([Helpers]::CheckMember($nonNullProps, "UserComments")))
            {
              $nonNullProps += "UserComments";
            }
            $csvItems | Select-Object -Property $nonNullProps | Export-Csv $this.FilePath -NoTypeInformation
        }
    }    
}