Private/Get-MsrcCvrfProductVulnerability.ps1

Function Get-MsrcCvrfProductVulnerability {
<#
    .SYNOPSIS
        Get product vulnerability details from a CVRF document

    .DESCRIPTION
       CVRF documents next products into several places, including:
       -Vulnerabilities
       -Threats
       -Remediations
       -Product Tree
       This function gathers the details for each product identified in a CVRF document.
       It provides a list of Threats, Remediations and CVSS Score Sets for each product.

    .PARAMETER Vulnerability

    .PARAMETER ProductTree

    .PARMETER DocumentTracking

    .PARAMETER DocumentTitle

    .EXAMPLE
        Get-MsrcCvrfDocument -ID 2016-Nov | Get-MsrcCvrfProductVulnerability

        Get product vulnerability details from a CVRF document using the pipeline

    .EXAMPLE
        $cvrfDocument = Get-MsrcCvrfDocument -ID 2016-Nov
        Get-MsrcCvrfProductVulnerability -Vulnerability $cvrfDocument.Vulnerability -ProductTree $cvrfDocument.ProductTree -DocumentTracking $cvrfDocument.DocumentTracking -DocumentTitle $cvrfDocument.DocumentTitle

        Get product vulnerability details from a CVRF document using a variable and parameters

#>
        
    Param (

    [Parameter(Mandatory,ValueFromPipelineByPropertyName)]
    $Vulnerability,

    [Parameter(Mandatory,ValueFromPipelineByPropertyName)]
    $ProductTree,

    [Parameter(Mandatory,ValueFromPipelineByPropertyName)]
    $DocumentTracking,


    [Parameter(Mandatory,ValueFromPipelineByPropertyName)]
    $DocumentTitle
)
Begin {}
Process {

    $ProductTree.Branch.Items | 
    ForEach-Object {
        $b = $_

        $b.Items | ForEach-Object {

            # $CvrfRelatedProducts += [PSCustomObject]@{
            [PSCustomObject]@{
                CvrfAlias   = $DocumentTracking.Identification.Alias.Value ;
                CvrfTitle   = $DocumentTitle.Value ;
                BranchName  = $b.Name ;
                ProductName = $_.Value ;
                ProductID   = $_.ProductID ;
            }
        }

    } | 
    ForEach-Object {

        $Remediations  = $Threats = $CVSSScoreSets = @()
        $MaximumSeverity = $RestartRequired = $null
        $o = $_

        $Vulnerability | ForEach-Object {

            $v = $_

            $v.Remediations | Where-Object {$_.ProductID -Contains $o.ProductID } | ForEach-Object {

                $_ | Add-Member -NotePropertyName VulnerabilityCVE   -NotePropertyValue $v.CVE -Force
                $_ | Add-Member -NotePropertyName VulnerabilityTitle -NotePropertyValue $v.Title.Value -Force
                $Remediations += $_
            }

             $v.Threats | Where-Object { $_.ProductID -Contains $ot.ProductID } | ForEach-Object {

                $_ | Add-Member -NotePropertyName VulnerabilityCVE   -NotePropertyValue $v.CVE -Force
                $_ | Add-Member -NotePropertyName VulnerabilityTitle -NotePropertyValue $v.Title.Value -Force
                $Threats += $_
             }

             $v.CVSSScoreSets | Where-Object {$_.ProductID -Contains $o.ProductID } | ForEach-Object {
                $_ | Add-Member -NotePropertyName VulnerabilityCVE   -NotePropertyValue $v.CVE -Force
                $_ | Add-Member -NotePropertyName VulnerabilityTitle -NotePropertyValue $v.Title.Value -Force
                $CVSSScoreSets += $_
             }

             $o | Add-Member -NotePropertyName Remediations  -NotePropertyValue $Remediations  -Force
             $o | Add-Member -NotePropertyName Threats       -NotePropertyValue $Threats       -Force
             $o | Add-Member -NotePropertyName CVSSScoreSets -NotePropertyValue $CVSSScoreSets -Force
             
        }

        $MaximumSeverity = Switch (
            (
            $v.Threats | 
            Where-Object {$_.ProductID -Contains $o.ProductID } |
            Where-Object {$_.Type -eq 3 } 
            ).Description.Value | Select-Object -Unique
        ) {
            'Critical'  { 'Critical'  ; break }
            'Important' { 'Important' ; break }
            'Moderate'  { 'Moderate'  ; break }
            'Low'       { 'Low'       ; break }
            default { 'Unkwown'}
        }

        $o | Add-Member -NotePropertyName MaximumSeverity -NotePropertyValue $MaximumSeverity -Force

        $RestartRequired = Switch ($Vulnerability.Remediations.RestartRequired.Value) {
            'Yes'   { 'Yes'   ; break }
            'Maybe' { 'Maybe' ; break }
            default { 'Unknown' }
        }

        $o | Add-Member -NotePropertyName RestartRequired -NotePropertyValue $RestartRequired -Force

        $o
    }
}
End {}
}