Module/Rule.ProcessMitigation/Convert/ProcessMitigationRule.Convert.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\..\Rule\Rule.psm1
using module .\..\ProcessMitigationRule.psm1

$exclude = @($MyInvocation.MyCommand.Name,'Template.*.txt')
$supportFileList = Get-ChildItem -Path $PSScriptRoot -Exclude $exclude
foreach ($supportFile in $supportFileList)
{
    Write-Verbose "Loading $($supportFile.FullName)"
    . $supportFile.FullName
}
# Header

<#
    .SYNOPSIS
        Convert the contents of an xccdf check-content element into a process
        mitigation object
    .DESCRIPTION
        The ProcessMitigationRule class is used to extract the process mitigation
        settings from the check-content of the xccdf. Once a STIG rule is identified
        a process Mitigation rule, it is passed to the ProcessMitigationRule class
        for parsing and validation.
 
#>

class ProcessMitigationRuleConvert : ProcessMitigationRule
{
    <#
        .SYNOPSIS
            Empty constructor for SplitFactory
    #>

    ProcessMitigationRuleConvert ()
    {
    }

    <#
        .SYNOPSIS
            Converts a xccdf stig rule element into a Process Mitigation Rule
        .PARAMETER XccdfRule
            The STIG rule to convert
    #>

    ProcessMitigationRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true)
    {
        $this.SetMitigationTarget()
        $this.SetMitigationType()
        $this.SetMitigationName()
        $this.SetMitigationValue()

        if ($this.conversionstatus -eq 'pass')
        {
            $this.SetDuplicateRule()
        }
        $this.SetDscResource()
    }

    #region Methods

    <#
        .SYNOPSIS
            Extracts the mitigation target name from the check-content and sets
            the value
        .DESCRIPTION
            Gets the mitigation target name from the xccdf content and sets the
            value. If the mitigation target name that is returned is not valid,
            the parser status is set to fail
    #>

    [void] SetMitigationTarget ()
    {
        $thisMitigationTarget = Get-MitigationTargetName -CheckContent $this.SplitCheckContent

        if (-not $this.SetStatus($thisMitigationTarget))
        {
            $this.set_MitigationTarget($thisMitigationTarget)
        }
    }

    <#
        .SYNOPSIS
            Sets the type of the mitigation
        .DESCRIPTION
            Sets the mitigation target to enabled. If the mitigation target is
            not set to enabled, it is set to disabled
    #>

    [void] SetMitigationType ()
    {
        $mitigationType = Get-MitigationType -CheckContent $this.SplitCheckContent

        if (-not $this.SetStatus($mitigationType))
        {
            $this.set_MitigationType($mitigationType)
        }
    }

    <#
        .SYNOPSIS
            Sets the name of the mitigation
        .DESCRIPTION
            Sets the mitigation target to enabled. If the mitigation target is
            not set to enabled, it is set to disabled
    #>

    [void] SetMitigationName ()
    {
        $mitigationName = Get-MitigationName -CheckContent $this.SplitCheckContent

        if (-not $this.SetStatus($mitigationName))
        {
            $this.set_MitigationName($mitigationName)
        }
    }

        <#
        .SYNOPSIS
            Sets the Value of the mitigation
        .DESCRIPTION
            Sets the mitigation target to enabled. If the mitigation target is
            not set to enabled, it is set to disabled
    #>

    [void] SetMitigationValue ()
    {
        $mitigationValue = Get-MitigationValue -CheckContent $this.SplitCheckContent

        if (-not $this.SetStatus($mitigationValue))
        {
            $this.set_MitigationValue($mitigationValue)
        }
    }

    hidden [void] SetDscResource ()
    {
        if ($null -eq $this.DuplicateOf)
        {
            $this.DscResource = 'ProcessMitigation'
        }
        else
        {
            $this.DscResource = 'None'
        }
    }

    static [bool] Match ([string] $CheckContent)
    {
        if ($CheckContent -Match "Get-ProcessMitigation")
        {
            return $true
        }
        return $false
    }

    <#
        .SYNOPSIS
            Tests if a rule contains multiple checks
        .DESCRIPTION
            Search the rule text to determine if multiple mitigationsare defined
        .PARAMETER MitigationTarget
            The object the mitigation applies to
    #>

    <#{TODO}#> # HasMultipleRules is implemented inconsistently.
    static [bool] HasMultipleRules ([string] $CheckContent)
    {
        return Test-MultipleProcessMitigations -CheckContent ([ProcessMitigationRule]::SplitCheckContent($CheckContent))
    }

    <#
        .SYNOPSIS
            Splits a rule into multiple checks
        .DESCRIPTION
            Once a rule has been found to have multiple checks, the rule needs
            to be split. This method splits a {0} into multiple rules. Each
            split rule id is appended with a dot and letter to keep reporting
            per the ID consistent. An example would be is V-1000 contained 2
            checks, then SplitMultipleRules would return 2 objects with rule ids
            V-1000.a and V-1000.b
        .PARAMETER MitigationTarget
            The object the mitigation applies to
    #>

    static [string[]] SplitMultipleRules ([string] $CheckContent)
    {
       return Split-MultipleProcessMitigations -CheckContent $CheckContent
    }

    #endregion
}