Module/Rule.nxFile/Convert/nxFileRule.Convert.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\..\Rule\Rule.psm1
using module .\..\nxFileRule.psm1

$exclude = @($MyInvocation.MyCommand.Name,'Template.*.txt')
$supportFileList = Get-ChildItem -Path $PSScriptRoot -Exclude $exclude
foreach ($supportFile in $supportFileList)
{
    Write-Verbose "Loading $($supportFile.FullName)"
    . $supportFile.FullName
}

<#
    .SYNOPSIS
        Convert the contents of an xccdf check-content and/or fixtext element
        into a Linux package object.
    .DESCRIPTION
        The nxFileRuleConvert class is used to extract the Linux file contents
        modification from the check-content of the xccdf. Once a STIG rule is
        identified as a nxFile rule, it is passed to the nxFileRuleConvert
        class for parsing and validation.
#>

class nxFileRuleConvert : nxFileRule
{
    <#
        .SYNOPSIS
            Empty constructor for SplitFactory.
    #>

    nxFileRuleConvert ()
    {
    }

    <#
        .SYNOPSIS
            Converts a xccdf STIG rule element into a nxFileRule.
        .PARAMETER XccdfRule
            The STIG rule to convert.
    #>

    nxFileRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true)
    {
        $rawString = $this.RawString
        $this.SetFilePath($rawString)
        $this.SetContents($rawString)

        if ($this.conversionstatus -eq 'pass')
        {
            $this.SetDuplicateRule()
            $this.SetDscResource()
        }
    }

    <#
        .SYNOPSIS
            Extracts the contents from the check-content and sets the value.
        .DESCRIPTION
            Gets the contents from the xccdf content and sets the value. If
            the name that is returned is not valid, the parser status is set to fail.
    #>

    [void] SetContents ([string[]] $CheckContent)
    {
        $contents = Get-nxFileContents -CheckContent $CheckContent

        if (-not $this.SetStatus($contents))
        {
            $this.set_Contents($contents)
        }
    }

    <#
        .SYNOPSIS
            Extracts the file path from the check-content and sets the value.
        .DESCRIPTION
            Gets the file path from the xccdf content and sets the value. If
            the path that is returned is not valid, the parser status is set to fail.
    #>

    [void] SetFilePath ([string] $CheckContent)
    {
        $filePath = Get-nxFileDestinationPath -CheckContent $CheckContent

        if (-not $this.SetStatus($filePath))
        {
            $this.set_FilePath($filePath)
        }
    }

    <#
        .SYNOPSIS
            Match to detect nxFileRule.
    #>

    static [bool] Match ([string] $CheckContent)
    {
        if
        (
            $CheckContent -Match '#\s+(?:cat|grep|more).*/.*/.*(?:grep|).*' -and
            $CheckContent -Match 'Verify\s+the\s+operating\s+system\s+displays\s+the\s+Standard\s+Mandatory\s+DoD\s+Notice\s+and\s+Consent\s+Banner' -and
            $CheckContent -NotMatch 'ESXi'
        )
        {
            return $true
        }

        return $false
    }

    <#
        .SYNOPSIS
            Sets the DSC Resource.
    #>

    hidden [void] SetDscResource ()
    {
        if ($null -eq $this.DuplicateOf)
        {
            $this.DscResource = 'nxFile'
        }
        else
        {
            $this.DscResource = 'None'
        }
    }
}