Framework/Listeners/RemoteReports/UsageTelemetry.ps1
|
Set-StrictMode -Version Latest class UsageTelemetry: ListenerBase { [Microsoft.ApplicationInsights.TelemetryClient] $TelemetryClient; hidden UsageTelemetry() { $this.TelemetryClient = [Microsoft.ApplicationInsights.TelemetryClient]::new() $this.TelemetryClient.InstrumentationKey = [Constants]::UsageTelemetryKey } hidden static [UsageTelemetry] $Instance = $null; static [UsageTelemetry] GetInstance() { if ( $null -eq [UsageTelemetry]::Instance -or $null -eq [UsageTelemetry]::Instance.TelemetryClient) { [UsageTelemetry]::Instance = [UsageTelemetry]::new(); } return [UsageTelemetry]::Instance } [void] RegisterEvents() { $this.UnregisterEvents(); $this.RegisterEvent([AzSKRootEvent]::GenerateRunIdentifier, { $currentInstance = [UsageTelemetry]::GetInstance(); try { $runIdentifier = [AzSKRootEventArgument] ($Event.SourceArgs | Select-Object -First 1) $currentInstance.SetRunIdentifier($runIdentifier); } catch { $currentInstance.PublishException($_); } }); $this.RegisterEvent([SVTEvent]::EvaluationCompleted, { $azskSettings = [ConfigurationManager]::GetAzSKSettings(); if($azskSettings.UsageTelemetryLevel -ne "Anonymous") { return; } $currentInstance = [UsageTelemetry]::GetInstance(); try { $invocationContext = [System.Management.Automation.InvocationInfo] $currentInstance.InvocationContext $SVTEventContexts = [SVTEventContext[]] $Event.SourceArgs $featureGroup = [RemoteReportHelper]::GetFeatureGroup($SVTEventContexts) if($featureGroup -eq [FeatureGroup]::Subscription){ [UsageTelemetry]::PushSubscriptionScanResults($currentInstance, $SVTEventContexts) }elseif($featureGroup -eq [FeatureGroup]::Service){ [UsageTelemetry]::PushServiceScanResults($currentInstance, $SVTEventContexts) }else{ } } catch { $currentInstance.PublishException($_); } $currentInstance.TelemetryClient.Flush() }); $this.RegisterEvent([AzSKGenericEvent]::Exception, { $currentInstance = [UsageTelemetry]::GetInstance(); try { [System.Management.Automation.ErrorRecord] $er = ($Event.SourceArgs | Select-Object -First 1) [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er); } catch { } }); $this.RegisterEvent([AzSKRootEvent]::CommandError, { $currentInstance = [UsageTelemetry]::GetInstance(); try { [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er); } catch { } }); $this.RegisterEvent([SVTEvent]::CommandError, { $currentInstance = [UsageTelemetry]::GetInstance(); try { [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er); } catch { } }); $this.RegisterEvent([SVTEvent]::EvaluationError, { $currentInstance = [UsageTelemetry]::GetInstance(); try { [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er); } catch { } }); $this.RegisterEvent([SVTEvent]::ControlError, { $currentInstance = [UsageTelemetry]::GetInstance(); try { [System.Management.Automation.ErrorRecord] $er = $Event.SourceArgs.ExceptionMessage [UsageTelemetry]::PushException($currentInstance, @{}, @{}, $er); } catch { } }); } static [void] PushSubscriptionScanResults( [UsageTelemetry] $Publisher, ` [SVTEventContext[]] $SVTEventContexts) { $eventData = @{ [TelemetryKeys]::FeatureGroup = [FeatureGroup]::Subscription; "ScanKind" = [RemoteReportHelper]::GetSubscriptionScanKind( $Publisher.InvocationContext.MyCommand.Name, $Publisher.InvocationContext.BoundParameters); } $SVTEventContexts | ForEach-Object { $context = $_ [hashtable] $eventDataClone = $eventData.Clone(); $eventDataClone.Add("ControlIntId", $context.ControlItem.Id); $eventDataClone.Add("ControlId", $context.ControlItem.ControlID); $eventDataClone.Add("ControlSeverity", $context.ControlItem.ControlSeverity); if ($context.ControlItem.Enabled) { $eventDataClone.Add("ActualVerificationResult", $context.ControlResults[0].ActualVerificationResult) $eventDataClone.Add("AttestationStatus", $context.ControlResults[0].AttestationStatus) $eventDataClone.Add("VerificationResult", $context.ControlResults[0].VerificationResult) } else { $eventDataClone.Add("ActualVerificationResult", [VerificationResult]::Disabled) $eventDataClone.Add("AttestationStatus", [AttestationStatus]::None) $eventDataClone.Add("VerificationResult", [VerificationResult]::Disabled) } [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{}) } } static [void] PushServiceScanResults( [UsageTelemetry] $Publisher, ` [SVTEventContext[]] $SVTEventContexts) { $NA = "NA" $SVTEventContextFirst = $SVTEventContexts[0] $eventData = @{ [TelemetryKeys]::FeatureGroup = [FeatureGroup]::Service; "ScanKind" = [RemoteReportHelper]::GetServiceScanKind( $Publisher.InvocationContext.MyCommand.Name, $Publisher.InvocationContext.BoundParameters); "Feature" = $SVTEventContextFirst.FeatureName; "ResourceGroup" = [RemoteReportHelper]::Mask($SVTEventContextFirst.ResourceContext.ResourceGroupName); "ResourceName" = [RemoteReportHelper]::Mask($SVTEventContextFirst.ResourceContext.ResourceName); "ResourceId" = [RemoteReportHelper]::Mask($SVTEventContextFirst.ResourceContext.ResourceId); } $SVTEventContexts | ForEach-Object { $SVTEventContext = $_ [hashtable] $eventDataClone = $eventData.Clone() $eventDataClone.Add("ControlIntId", $SVTEventContext.ControlItem.Id); $eventDataClone.Add("ControlId", $SVTEventContext.ControlItem.ControlID); $eventDataClone.Add("ControlSeverity", $SVTEventContext.ControlItem.ControlSeverity); if (!$SVTEventContext.ControlItem.Enabled) { $eventDataClone.Add("ActualVerificationResult", [VerificationResult]::Disabled) $eventDataClone.Add("AttestationStatus", [AttestationStatus]::None) $eventDataClone.Add("VerificationResult", [VerificationResult]::Disabled) [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{}) } elseif ($SVTEventContext.ControlResults.Count -eq 1 -and ` ($SVTEventContextFirst.ResourceContext.ResourceName -eq $SVTEventContext.ControlResults[0].ChildResourceName -or ` [string]::IsNullOrWhiteSpace($SVTEventContext.ControlResults[0].ChildResourceName))) { $eventDataClone.Add("ActualVerificationResult", $SVTEventContext.ControlResults[0].ActualVerificationResult) $eventDataClone.Add("AttestationStatus", $SVTEventContext.ControlResults[0].AttestationStatus) $eventDataClone.Add("VerificationResult", $SVTEventContext.ControlResults[0].VerificationResult) $eventDataClone.Add("IsNestedResource", 'No') $eventDataClone.Add("NestedResourceName", $NA) [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{}) } elseif ($SVTEventContext.ControlResults.Count -eq 1 -and ` $SVTEventContextFirst.ResourceContext.ResourceName -ne $SVTEventContext.ControlResults[0].ChildResourceName) { $eventDataClone.Add("ActualVerificationResult", $SVTEventContext.ControlResults[0].ActualVerificationResult) $eventDataClone.Add("AttestationStatus", $SVTEventContext.ControlResults[0].AttestationStatus) $eventDataClone.Add("VerificationResult", $SVTEventContext.ControlResults[0].VerificationResult) $eventDataClone.Add("IsNestedResource", 'Yes') $eventDataClone.Add("NestedResourceName", [RemoteReportHelper]::Mask($SVTEventContext.ControlResults[0].ChildResourceName)) [UsageTelemetry]::PushEvent($Publisher, $eventDataClone, @{}) } elseif ($SVTEventContext.ControlResults.Count -gt 1) { $eventDataClone.Add("IsNestedResource", 'Yes') $SVTEventContext.ControlResults | Foreach-Object { [hashtable] $eventDataCloneL2 = $eventDataClone.Clone() $eventDataCloneL2.Add("ActualVerificationResult", $_.ActualVerificationResult) $eventDataCloneL2.Add("AttestationStatus", $_.AttestationStatus) $eventDataCloneL2.Add("VerificationResult", $_.VerificationResult) $eventDataCloneL2.Add("NestedResourceName", [RemoteReportHelper]::Mask($_.ChildResourceName)) [UsageTelemetry]::PushEvent($Publisher, $eventDataCloneL2, @{}) } } } } static [void] PushEvent([UsageTelemetry] $Publisher, ` [hashtable] $Properties, [hashtable] $Metrics) { try{ [UsageTelemetry]::SetCommonProperties($Publisher, $Properties); $event = [Microsoft.ApplicationInsights.DataContracts.EventTelemetry]::new() $event.Name = "Control Scanned" $Properties.Keys | ForEach-Object { try{ $event.Properties.Add($_, $Properties[$_].ToString()); } catch{ } } $Metrics.Keys | ForEach-Object { try{ $event.Metrics.Add($_, $Metrics[$_]); } catch{ } } $Publisher.TelemetryClient.TrackEvent($event); } catch{ } } static [void] PushException([UsageTelemetry] $Publisher, ` [hashtable] $Properties, [hashtable] $Metrics, ` [System.Management.Automation.ErrorRecord] $ErrorRecord) { try{ [UsageTelemetry]::SetCommonProperties($Publisher, $Properties); $ex = [Microsoft.ApplicationInsights.DataContracts.ExceptionTelemetry]::new() $ex.Exception = $ErrorRecord.Exception try{ $ex.Properties.Add("ScriptStackTrace", [UsageTelemetry]::AnonScriptStackTrace($ErrorRecord.ScriptStackTrace)) }catch{} $Properties.Keys | ForEach-Object { try{ $ex.Properties.Add($_, $Properties[$_].ToString()); } catch{ } } $Metrics.Keys | ForEach-Object { try{ $ex.Metrics.Add($_, $Metrics[$_]); } catch{ } } $Publisher.TelemetryClient.TrackException($ex) $Publisher.TelemetryClient.Flush() } catch{ } } hidden static [void] SetCommonProperties([UsageTelemetry] $Publisher, [hashtable] $Properties) { try{ $NA = "NA"; $Properties.Add("InfoVersion", "V1"); try{ $Properties.Add("ScanSource", [RemoteReportHelper]::GetScanSource()); }catch{} try{ $Properties.Add("ScannerVersion", $Publisher.GetCurrentModuleVersion()); }catch{} try{ $Properties.Add("ControlVersion", $Publisher.GetCurrentModuleVersion()); }catch{} try{ $azureContext = Get-AzureRmContext try{ $Properties.Add([TelemetryKeys]::SubscriptionId, [RemoteReportHelper]::Mask($azureContext.Subscription.Id)) }catch{} try{ $Properties.Add([TelemetryKeys]::SubscriptionName, [RemoteReportHelper]::Mask($azureContext.Subscription.Name)) }catch{} try{ $Properties.Add("AzureEnv", $azureContext.Environment.Name) }catch{} try{ $Properties.Add("TenantId", [RemoteReportHelper]::Mask($azureContext.Tenant.Id)) }catch{} try{ $Properties.Add("AccountId", [RemoteReportHelper]::Mask($azureContext.Account.Id)) }catch{} try{ $Properties.Add("RunIdentifier", [RemoteReportHelper]::Mask($azureContext.Account.Id + '##' + $Publisher.RunIdentifier)); }catch{ $Properties.Add("RunIdentifier", $Publisher.RunIdentifier); } try{ $Properties.Add("AccountType", $azureContext.Account.Type) }catch{} }catch{ } } catch{ } } hidden static [string] AnonScriptStackTrace([string] $ScriptStackTrace) { try{ $ScriptStackTrace = $ScriptStackTrace.Replace($env:USERNAME, "USERNAME") $lines = $ScriptStackTrace.Split([System.Environment]::NewLine, [System.StringSplitOptions]::RemoveEmptyEntries) $newLines = $lines | ForEach-Object { $line = $_ $lineSplit = $line.Split(@(", "), [System.StringSplitOptions]::RemoveEmptyEntries); if($lineSplit.Count -eq 2){ $filePath = $lineSplit[1]; $startMarker = $filePath.IndexOf("AzSK") if($startMarker -gt 0){ $anonFilePath = $filePath.Substring($startMarker, $filePath.Length - $startMarker) $newLine = $lineSplit[0] + ", " + $anonFilePath $newLine } else{ $line } } else{ $line } } return ($newLines | Out-String) } catch{ return $ScriptStackTrace } } } |