Module/Rule.SqlProtocol/Convert/SqlProtocolRule.Convert.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\..\Rule\Rule.psm1
using module .\..\SqlProtocolRule.psm1

$exclude = @($MyInvocation.MyCommand.Name,'Template.*.txt')
$supportFileList = Get-ChildItem -Path $PSScriptRoot -Exclude $exclude
foreach ($supportFile in $supportFileList)
{
    Write-Verbose "Loading $($supportFile.FullName)"
    . $supportFile.FullName
}

# Header

<#
    .SYNOPSIS
        Convert the contents of an xccdf check-content element into a SqlProtocolRule
    .DESCRIPTION
        The SqlLoginRule class is used to extract the vulnerability ID's that can
        be set with the SqlServerDsc module from the check-content of the xccdf.
        Once a STIG rule is identified a SqlServerDsc rule, it is passed to the SqlProtocolRule
        class for parsing and validation.
#>


class SqlProtocolRuleConvert : SqlProtocolRule
{
    <#
        .SYNOPSIS
            Empty constructor for SplitFactory
    #>

    SqlProtocolRuleConvert ()
    {
    }

    <#
        .SYNOPSIS
            Converts a xccdf stig rule element into a SqlProtocol Rule
        .PARAMETER XccdfRule
            The STIG rule to convert
    #>


    SqlProtocolRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true)
    {
        $this.SetProtocolName()
        $this.SetEnabled()
        $this.SetDscResource()
    }

    #region Methods

    <#
        .SYNOPSIS
            Extracts the mitigation target name from the check-content and sets
            the value
        .DESCRIPTION
            Gets the mitigation target name from the xccdf content and sets the
            value. If the mitigation target name that is returned is not valid,
            the parser status is set to fail
    #>


    [void] SetProtocolName ()
    {
        $thisProtocolName = Get-ProtocolName -CheckContent $this.RawString

        if (-not $this.SetStatus($thisProtocolName))
        {
            $this.set_ProtocolName($thisProtocolName)
        }
    }

    [void] SetEnabled ()
    {
        $thisEnabled = Set-Enabled -CheckContent $this.rawstring

        if (-not $this.SetStatus($thisEnabled))
        {
            $this.set_Enabled($thisEnabled)
        }
    }

    static [bool] Match ([string] $CheckContent)
    {
        if
        (
            $CheckContent -Match "If Named Pipes is enabled"
        )
        {
            return $true
        }
        
        return $false
    }

    hidden [void] SetDscResource ()
    {
        if ($null -eq $this.DuplicateOf)
        {
            $this.DscResource = 'SqlProtocol'
        }
        else
        {
            $this.DscResource = 'None'
        }
    }
}