Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle Eval-STIG style XCCDF #28

Merged
merged 9 commits into from
Nov 12, 2024
Merged

Handle Eval-STIG style XCCDF #28

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
1f268a7
tweaked regex for alternate cpe expressions to capture product and ve…
cd-rite Sep 17, 2024
719bff8
Merge branch 'main' of https://github.com/cd-rite/stig-manager-client…
cd-rite Oct 27, 2024
8a9e3c4
use ruleResult.message['#text'] if detail is not present
cd-rite Oct 28, 2024
f18ebcb
changes to accommodate Eval-STIG generated XCCDF files, which are in …
cd-rite Oct 29, 2024
256579e
adding eval-stig-style xccdf tests
cd-rite Oct 29, 2024
4321def
passing tests now
cd-rite Oct 29, 2024
4c21d06
restore indentation
csmig Oct 29, 2024
debfe29
removed unneeded condition, replace eval-stig remarks with standard s…
cd-rite Oct 31, 2024
c936efb
remark was already being truncated in the non-eval-stig case
cd-rite Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 24 additions & 3 deletions ReviewParser.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -541,7 +541,7 @@ export function reviewsFromXccdf(
// resultEngine info
const testSystem = testResult['test-system']
// SCC injects a CPE WFN bound to a URN
const m = testSystem.match(/[cC][pP][eE]:\/[AHOaho]?:(.*)/)
const m = testSystem.match(/^cpe:(?:\/|2\.3:)[aho]:(.*)/i)
let product, version
if (m?.[1]) {
;[, product, version] = m[1].split(':')
Expand Down Expand Up @@ -621,7 +621,7 @@ export function reviewsFromXccdf(

let resultEngine
if (resultEngineCommon) {
if (resultEngineCommon.product === 'stig-manager') {
if (resultEngineCommon.product === 'stig-manager' || resultEngineCommon.product === 'evaluate-stig') {
resultEngine = ruleResult.check?.['check-content']?.resultEngine
}
else {
Expand Down Expand Up @@ -661,6 +661,9 @@ export function reviewsFromXccdf(
const replacementText = `Result was reported by product "${resultEngine?.product}" version ${resultEngine?.version} at ${resultEngine?.time} using check content "${resultEngine?.checkContent?.location}"`

let detail = ruleResult.check?.['check-content']?.detail
if (!detail && ruleResult?.message?.['#text']) {
detail = ruleResult.message['#text']
}
if (!detail) {
switch (importOptions.emptyDetail) {
case 'ignore':
Expand All @@ -674,9 +677,20 @@ export function reviewsFromXccdf(
break
}
}
detail = truncateString(detail, maxCommentLength)

let comment = ruleResult.check?.['check-content']?.comment
// if no explicit ruleResult comment provided (ie. not stigman-generated xccdf), check for an override remark and use that instead (Eval-STIG style xccdf)
if (!comment && ruleResult.check?.['check-content']?.resultEngine?.overrides?.[0]?.remark) {
cd-rite marked this conversation as resolved.
Show resolved Hide resolved
comment = ruleResult.check?.['check-content']?.resultEngine?.overrides?.[0]?.remark
//for STIG Viewer compatibility, Eval-STIG concatenates the override remark into detail. Remove it from detail, if override remark is present
if (detail && comment && detail.endsWith(comment)) {
detail = detail.slice(0, -comment.length).trim()
}
}

// if detail is still too long after removing the override remark, truncate it
detail = truncateString(detail, maxCommentLength)

if (!comment) {
switch (importOptions.emptyComment) {
case 'ignore':
Expand All @@ -692,6 +706,13 @@ export function reviewsFromXccdf(
}
comment = truncateString(comment, maxCommentLength)

// overrides have the potential for long remarks when generated by Eval-STIG, so truncate them
if (resultEngine?.overrides) {
resultEngine.overrides.forEach(o => {
cd-rite marked this conversation as resolved.
Show resolved Hide resolved
if (o.remark?.length > 255) o.remark = o.remark.slice(0, 255)
})
}

const review = {
ruleId,
result,
Expand Down
181 changes: 181 additions & 0 deletions WATCHER-test-files/WATCHER/xccdf/eval-stig-w-sm-resultEngine.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,181 @@
<?xml version="1.0" encoding="utf-8"?>
<cdf:Benchmark xmlns:cdf="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sm="http://github.com/nuwcdivnpt/stig-manager" id="xccdf_mil.disa.stig_benchmark_Google_Chrome_Current_Windows">
<cdf:status date="2024-01-24">accepted</cdf:status>
<cdf:title>Google Chrome Current Windows Security Technical Implementation Guide</cdf:title>
<cdf:description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address:............</cdf:description>
<cdf:reference href="https://cyber.mil">
<dc:publisher>DISA</dc:publisher>
<dc:source>STIG.DOD.MIL</dc:source>
</cdf:reference>
<cdf:plain-text id="release-info">Release: 9 Benchmark Date: 24 Jan 2024</cdf:plain-text>
<cdf:plain-text id="generator">3.4.1.22916</cdf:plain-text>
<cdf:plain-text id="conventionsVersion">1.10.0</cdf:plain-text>
<cdf:platform idref="cpe:2.3:a:disa:stig" />
<cdf:version>V2R9</cdf:version>
<cdf:metadata>
<dc:creator>Evaluate-STIG 1.2407.1</dc:creator>
<dc:publisher>DISA</dc:publisher>
<dc:source>STIG.DOD.MIL</dc:source>
</cdf:metadata>
<cdf:TestResult id="xccdf_mil.navy.navsea.Evaluate-STIG_testresult_Scan-GoogleChrome_Checks-1.2024.5.14" test-system="cpe:2.3:a:navsea:evaluate-stig:1.2407.1" start-time="2024-09-11T15:08:51-04:00" end-time="2024-09-11T15:08:59-04:00">
<cdf:organization>Naval Sea Systems Command (NAVSEA)</cdf:organization>
<cdf:target>CA1294WK16078-trimmed-no-detail</cdf:target>
<cdf:target-address>130.163.104.41</cdf:target-address>
<cdf:target-address>192.168.1.231</cdf:target-address>
<cdf:target-facts>
<cdf:fact type="string" name="fact:asset:identifier:hostname">host-123456</cdf:fact>
<cdf:fact type="string" name="fact:asset:identifier:fqdn">host-123456.mil</cdf:fact>
<cdf:fact type="string" name="fact:asset:identifier:macaddress">1C:1B:17:1D:15:1B</cdf:fact>
<cdf:fact type="string" name="fact:asset:identifier:ipaddress">30.13.04.41, 12.68.12.2</cdf:fact>
<cdf:fact type="string" name="fact:asset:identifier:role">Workstation</cdf:fact>
<cdf:fact type="boolean" name="fact:asset:identifier:webordatabase">false</cdf:fact>
<cdf:fact type="string" name="fact:asset:identifier:instance"></cdf:fact>
<cdf:fact type="string" name="fact:asset:identifier:site"></cdf:fact>
</cdf:target-facts>
<cdf:rule-result idref="xccdf_mil.disa.stig_rule_SV-221558r879534_rule" weight="10.0" severity="medium" time="2024-09-11T15:08:51-04:00" version="DTBC-0001">
<cdf:result>pass</cdf:result>
<cdf:ident system="http://cyber.mil/legacy">SV-57545</cdf:ident>
<cdf:ident system="http://cyber.mil/legacy">V-44711</cdf:ident>
<cdf:ident system="http://cyber.mil/cci">CCI-001414</cdf:ident>
<cdf:message severity="info">Evaluate-STIG 1.2407.1 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 09/11/2024:
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address:............


Evaluate-STIG Answer File [ValidTrueComment]:
1 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
2 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
3 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
4 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
5 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
6 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
</cdf:message>
<cdf:fix id="F-23262r769350_fix" />
<cdf:check system="Evaluate-STIG">
<cdf:check-content-ref name="Get-V221558" href="Scan-GoogleChrome_Checks" />
<cdf:check-content>
<sm:resultEngine>
<sm:time>2023-12-11T12:56:14.3576272-05:00</sm:time>
<sm:type>script</sm:type>
<sm:product>Evaluate-STIG</sm:product>
<sm:version>1.2310.1</sm:version>
<sm:overrides>
<sm:remark>Evaluate-STIG Answer File [ValidTrueComment]:
1 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
2 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
3 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
4 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
5 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.
6 Google Chrome is fully managed by a configuration management tool to ensure the latest version is deployed to clients.</sm:remark>
<sm:authority>Google_Chrome_Current_Windows_AnswerFile.xml</sm:authority>
<sm:newResult>pass</sm:newResult>
<sm:oldResult>unknown</sm:oldResult>
</sm:overrides>
<sm:checkContent>
<sm:location>Scan-GoogleChrome_Checks:1.2023.7.24</sm:location>
</sm:checkContent>
</sm:resultEngine>
</cdf:check-content>
</cdf:check>
</cdf:rule-result>
<cdf:rule-result idref="xccdf_mil.disa.stig_rule_SV-221559r879627_rule" weight="10.0" severity="medium" time="2024-09-11T15:08:51-04:00" version="DTBC-0002">
<cdf:result>pass</cdf:result>
<cdf:ident system="http://cyber.mil/legacy">SV-57557</cdf:ident>
<cdf:ident system="http://cyber.mil/legacy">V-44723</cdf:ident>
<cdf:ident system="http://cyber.mil/cci">CCI-001166</cdf:ident>
<cdf:message severity="info">Evaluate-STIG 1.2407.1 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 09/11/2024:
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address:............

</cdf:message>
<cdf:fix id="F-23263r478200_fix" />
<cdf:check system="Evaluate-STIG">
<cdf:check-content-ref name="Get-V221559" href="Scan-GoogleChrome_Checks" />
<cdf:check-content>
<sm:resultEngine>
<sm:time>2023-12-11T12:56:14.3576272-05:00</sm:time>
<sm:type>script</sm:type>
<sm:product>Evaluate-STIG</sm:product>
<sm:version>1.2310.1</sm:version>
<sm:checkContent>
<sm:location>Scan-GoogleChrome_Checks:1.2023.7.24</sm:location>
</sm:checkContent>
</sm:resultEngine>
</cdf:check-content>
</cdf:check>
</cdf:rule-result>
<cdf:rule-result idref="xccdf_mil.disa.stig_rule_SV-221561r879587_rule" weight="10.0" severity="medium" time="2024-09-11T15:08:51-04:00" version="DTBC-0004">
<cdf:result>pass</cdf:result>
<cdf:ident system="http://cyber.mil/legacy">SV-57553</cdf:ident>
<cdf:ident system="http://cyber.mil/legacy">V-44719</cdf:ident>
<cdf:ident system="http://cyber.mil/cci">CCI-000381</cdf:ident>
<cdf:message severity="info">Evaluate-STIG 1.2407.1 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 09/11/2024:
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address:............


</cdf:message>
<cdf:fix id="F-23265r478203_fix" />
<cdf:check system="Evaluate-STIG">
<cdf:check-content-ref name="Get-V221561" href="Scan-GoogleChrome_Checks" />
<cdf:check-content>
<sm:resultEngine>
<sm:time>2023-12-11T12:56:14.3576272-05:00</sm:time>
<sm:type>script</sm:type>
<sm:product>Evaluate-STIG</sm:product>
<sm:version>1.2310.1</sm:version>
<sm:checkContent>
<sm:location>Scan-GoogleChrome_Checks:1.2023.7.24</sm:location>
</sm:checkContent>
</sm:resultEngine>
</cdf:check-content>
</cdf:check>
</cdf:rule-result>
<cdf:rule-result idref="xccdf_mil.disa.stig_rule_SV-221562r879559_rule" weight="10.0" severity="medium" time="2024-09-11T15:08:51-04:00" version="DTBC-0005">
<cdf:result>pass</cdf:result>
<cdf:ident system="http://cyber.mil/legacy">SV-57561</cdf:ident>
<cdf:ident system="http://cyber.mil/legacy">V-44727</cdf:ident>
<cdf:ident system="http://cyber.mil/cci">CCI-000169</cdf:ident>
<cdf:message severity="info">Evaluate-STIG 1.2407.1 (Scan-GoogleChrome_Checks) found this to be NOT A FINDING on 09/11/2024:
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address:............


</cdf:message>
<cdf:fix id="F-23266r684814_fix" />
<cdf:check system="Evaluate-STIG">
<cdf:check-content-ref name="Get-V221562" href="Scan-GoogleChrome_Checks" />
<cdf:check-content>
<sm:resultEngine>
<sm:time>2023-12-11T12:56:14.3576272-05:00</sm:time>
<sm:type>script</sm:type>
<sm:product>Evaluate-STIG</sm:product>
<sm:version>1.2310.1</sm:version>
<sm:checkContent>
<sm:location>Scan-GoogleChrome_Checks:1.2023.7.24</sm:location>
</sm:checkContent>
</sm:resultEngine>
</cdf:check-content>
</cdf:check>
</cdf:rule-result>
<cdf:rule-result idref="xccdf_mil.disa.stig_rule_SV-221563r879630_rule" weight="10.0" severity="medium" time="2024-09-11T15:08:51-04:00" version="DTBC-0006">
<cdf:result>fail</cdf:result>
<cdf:ident system="http://cyber.mil/legacy">SV-57563</cdf:ident>
<cdf:ident system="http://cyber.mil/legacy">V-44729</cdf:ident>
<cdf:ident system="http://cyber.mil/cci">CCI-001170</cdf:ident>
<cdf:message severity="info"></cdf:message>
<cdf:fix id="F-23267r684817_fix" />
<cdf:check system="Evaluate-STIG">
<cdf:check-content-ref name="Get-V221563" href="Scan-GoogleChrome_Checks" />
<cdf:check-content>
<sm:resultEngine>
<sm:time>2023-12-11T12:56:14.3576272-05:00</sm:time>
<sm:type>script</sm:type>
<sm:product>Evaluate-STIG</sm:product>
<sm:version>1.2310.1</sm:version>
<sm:checkContent>
<sm:location>Scan-GoogleChrome_Checks:1.2023.7.24</sm:location>
</sm:checkContent>
</sm:resultEngine>
</cdf:check-content>
</cdf:check>
</cdf:rule-result>
<cdf:score maximum="100">97.62</cdf:score>
</cdf:TestResult>
</cdf:Benchmark>
Loading