Module/Rule.VsphereVssSecurity/Convert/VsphereVssSecurityRule.Convert.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\VsphereVssSecurityRule.psm1

$exclude = @($MyInvocation.MyCommand.Name,'Template.*.txt')
$supportFileList = Get-ChildItem -Path $PSScriptRoot -Exclude $exclude
foreach ($supportFile in $supportFileList)
{
    Write-Verbose "Loading $($supportFile.FullName)"
    . $supportFile.FullName
}
# Header

<#
    .SYNOPSIS
        Convert the contents of an xccdf check-content element into a Vsphere Vss Security Rule object
    .DESCRIPTION
        The VsphereVssSecurityRule class is used to extract the VsphereVssSecurityRule settings
        from the check-content of the xccdf. Once a STIG rule is identified a
        VsphereVssSecurity rule, it is passed to the VsphereVssSecurityRule class for parsing
        and validation.
#>

class VsphereVssSecurityRuleConvert : VsphereVssSecurityRule
{
    <#
        .SYNOPSIS
            Empty constructor for SplitFactory
    #>

    VsphereVssSecurityRuleConvert ()
    {
    }

    <#
        .SYNOPSIS
            Converts an xccdf stig rule element into a Vsphere Rule
        .PARAMETER XccdfRule
            The STIG rule to convert
    #>

    VsphereVssSecurityRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true)
    {
        $fixText = [VsphereVssSecurityRule]::GetFixText($XccdfRule)
        $this.SetVsphereForgedTransmits($fixText)
        $this.SetVsphereMacChanges($fixText)
        $this.SetVsphereAllowPromiscuous($fixText)
        $this.SetDscResource()
    }

    # Methods
    <#
    .SYNOPSIS
        Extracts the Vsphere ForgedTransmits settings from the fix text and sets the value
    .DESCRIPTION
        Gets the ForgedTransmits from the xccdf content and sets the value.
        If the value that is returned is not valid, the parser status is
        set to fail.
    #>

    [void] SetVsphereForgedTransmits([string[]] $fixText)
    {
        $vsphereForgedTransmits = Get-VsphereForgedTransmits -FixText $fixText
        if (-not [String]::IsNullOrEmpty($vsphereForgedTransmits))
        {
            $this.set_ForgedTransmits($vsphereForgedTransmits)
        }
    }

    <#
    .SYNOPSIS
        Extracts the Vsphere MacChanges settings from the fix text and sets the value
    .DESCRIPTION
        Gets the MacChanges from the xccdf content and sets the value.
        If the value that is returned is not valid, the parser status is
        set to fail.
    #>

    [void] SetVsphereMacChanges([string[]] $fixText)
    {
        $vsphereMacChange = Get-VsphereMacChange -FixText $fixText
        if (-not [String]::IsNullOrEmpty($vsphereMacChange))
        {
            $this.set_MacChanges($vsphereMacChange)
        }
    }

    <#
    .SYNOPSIS
        Extracts the Vsphere AllowPromiscuous settings from the fix text and sets the value
    .DESCRIPTION
        Gets the AllowPromiscuous from the xccdf content and sets the value.
        If the value that is returned is not valid, the parser status is
        set to fail.
    #>

    [void] SetVsphereAllowPromiscuous([string[]] $fixText)
    {
        $vsphereAllowPromiscuous = Get-VsphereAllowPromiscuous -FixText $fixText
        if (-not [String]::IsNullOrEmpty($vsphereAllowPromiscuous))
        {
            $this.set_AllowPromiscuous($vsphereAllowPromiscuous)
        }
    }

    hidden [void] SetDscResource ()
    {
        if ($null -eq $this.DuplicateOf)
        {
            $this.DscResource = 'VMHostVssSecurity'
        }
        else
        {
            $this.DscResource = 'None'
        }
    }

    static [bool] Match ([string] $CheckContent)
    {
        if ($CheckContent -match 'Get-VirtualSwitch')
        {
            return $true
        }

        return $false
    }
}