Module/Rule/Convert/ConvertFactory.psm1

# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\..\Rule.HardCoded\Convert\HardCodedRule.Convert.psm1
using module .\..\..\Rule.AccountPolicy\Convert\AccountPolicyRule.Convert.psm1
using module .\..\..\Rule.AuditPolicy\Convert\AuditPolicyRule.Convert.psm1
using module .\..\..\Rule.DnsServerRootHint\Convert\DnsServerRootHintRule.Convert.psm1
using module .\..\..\Rule.DnsServerSetting\Convert\DnsServerSettingRule.Convert.psm1
using module .\..\..\Rule.Document\Convert\DocumentRule.Convert.psm1
using module .\..\..\Rule.FileContent\Convert\FileContentRule.Convert.psm1
using module .\..\..\Rule.Group\Convert\GroupRule.Convert.psm1
using module .\..\..\Rule.IISLogging\Convert\IISLoggingRule.Convert.psm1
using module .\..\..\Rule.Manual\Convert\ManualRule.Convert.psm1
using module .\..\..\Rule.MimeType\Convert\MimeTypeRule.Convert.psm1
using module .\..\..\Rule.Permission\Convert\PermissionRule.Convert.psm1
using module .\..\..\Rule.ProcessMitigation\Convert\ProcessMitigationRule.Convert.psm1
using module .\..\..\Rule.Registry\Convert\RegistryRule.Convert.psm1
using module .\..\..\Rule.SecurityOption\Convert\SecurityOptionRule.Convert.psm1
using module .\..\..\Rule.Service\Convert\ServiceRule.Convert.psm1
using module .\..\..\Rule.SqlScriptQuery\Convert\SqlScriptQueryRule.Convert.psm1
using module .\..\..\Rule.UserRight\Convert\UserRightRule.Convert.psm1
using module .\..\..\Rule.WebAppPool\Convert\WebAppPoolRule.Convert.psm1
using module .\..\..\Rule.WebConfigurationProperty\Convert\WebConfigurationPropertyRule.Convert.psm1
using module .\..\..\Rule.WindowsFeature\Convert\WindowsFeatureRule.Convert.psm1
using module .\..\..\Rule.WinEventLog\Convert\WinEventLogRule.Convert.psm1
using module .\..\..\Rule.AuditSetting\Convert\AuditSettingRule.Convert.psm1
using module .\..\..\Rule.SslSettings\Convert\SslSettingsRule.Convert.psm1
using module .\..\..\Rule.VsphereAdvancedSettings\Convert\VsphereAdvancedSettingsRule.Convert.psm1
using module .\..\..\Rule.VsphereService\Convert\VsphereServiceRule.Convert.psm1
using module .\..\..\Rule.VspherePortGroupSecurity\Convert\VspherePortGroupSecurityRule.Convert.psm1
using module .\..\..\Rule.VsphereAcceptanceLevel\Convert\VsphereAcceptanceLevelRule.Convert.psm1
using module .\..\..\Rule.VsphereSnmpAgent\Convert\VsphereSnmpAgentRule.Convert.psm1
using module .\..\..\Rule.VsphereKernelActiveDumpPartition\Convert\VsphereKernelActiveDumpPartitionRule.Convert.psm1
using module .\..\..\Rule.VsphereNtpSettings\Convert\VsphereNtpSettingsRule.Convert.psm1
using module .\..\..\Rule.VsphereVssSecurity\Convert\VsphereVssSecurityRule.Convert.psm1
using module .\..\..\Rule.RootCertificate\Convert\RootCertificateRule.Convert.psm1

# Header

class SplitFactory
{
    <#
        .SYNOPSIS
            Static method split
    #>

    static [System.Collections.ArrayList] XccdfRule ([xml.xmlelement] $Rule, [string] $TypeName)
    {
        [System.Collections.ArrayList] $ruleList = @()

        $instance = New-Object -TypeName $TypeName
        $hasMultipleRules = $instance.GetType().GetMethod('HasMultipleRules')

        if (-not $hasMultipleRules.IsStatic)
        {
            throw "$TypeName does not have a static HasMultipleRules method"
        }

        if ($HasMultipleRules.Invoke($HasMultipleRules, $Rule.rule.Check.'check-content'))
        {
            $splitMultipleRules = $instance.GetType().GetMethod('SplitMultipleRules')
            [string[]] $splitRules = $splitMultipleRules.Invoke($splitMultipleRules, $Rule.rule.Check.'check-content')
            [int] $byte = 97
            foreach ($splitRule in $splitRules)
            {
                <#
                    Creating the split rule name here since some split rules have hardcoded
                    values and are detected based on the split rule name
                #>

                $newRule = $Rule.Clone()
                $newRule.rule.Check.'check-content' = $splitRule
                $newRule.Id = "$($Rule.id).$([CHAR][BYTE]$byte)"
                $byte ++
                $ruleList += (New-Object -TypeName $TypeName -ArgumentList $newRule).AsRule()
            }
        }
        else
        {
            $ruleList += (New-Object -TypeName $TypeName -ArgumentList $Rule).AsRule()
        }
        return $ruleList
    }

    <#
        .SYNOPSIS
            Instance method split
    #>

    static [System.Collections.ArrayList] XccdfRule ([psobject] $Rule, [string] $TypeName, [string] $Property)
    {
        [System.Collections.ArrayList] $ruleList = @()

        $instance = New-Object -TypeName $TypeName -ArgumentList $Rule
        if ($instance.HasMultipleRules())
        {
            [string[]] $splitRules = $instance.SplitMultipleRules()
            foreach ($splitRule in $splitRules)
            {
                $ruleClone = $instance.Clone()
                $ruleClone.$Property = $splitRule
                $ruleList += $ruleClone.AsRule()
            }
        }
        else
        {
            $ruleList += $instance.AsRule()
        }
        return $ruleList
    }
}

class ConvertFactory
{
    static [System.Collections.ArrayList] Rule ([xml.xmlelement] $Rule)
    {
        [System.Collections.ArrayList] $ruleTypeList = @()

        switch ($Rule.rule.check.'check-content')
        {
            {[HardCodedRuleConvert]::Match($PSItem)}
            {
                $hardCodedRule = [SplitFactory]::XccdfRule($Rule, 'HardCodedRuleConvert')
                if ($hardCodedRule -is [System.Collections.ICollection])
                {
                    $null = $ruleTypeList.AddRange($hardCodedRule)
                }
                else
                {
                    $null = $ruleTypeList.Add($hardCodedRule)
                }
                break
            }
            {[AccountPolicyRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [AccountPolicyRuleConvert]::new($Rule).AsRule()
                )
            }
            {[AuditPolicyRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [AuditPolicyRuleConvert]::new($Rule).AsRule()
                )
            }
            {[DnsServerSettingRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [DnsServerSettingRuleConvert]::new($Rule).AsRule()
                )
            }
            {[DnsServerRootHintRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [DnsServerRootHintRuleConvert]::new($Rule).AsRule()
                )
            }
            {[FileContentRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'FileContentRuleConvert')
                )
            }
            {[GroupRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [GroupRuleConvert]::new($Rule).AsRule()
                )
            }
            {[IisLoggingRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [IisLoggingRuleConvert]::new($Rule).AsRule()
                )
            }
            {[MimeTypeRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'MimeTypeRuleConvert')
                )
            }
            {[PermissionRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'PermissionRuleConvert')
                )
            }
            {[ProcessMitigationRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'ProcessMitigationRuleConvert')
                )
            }
            {[RegistryRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'RegistryRuleConvert')
                )
            }
            {[SecurityOptionRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [SecurityOptionRuleConvert]::new($Rule).AsRule()
                )
            }
            {[ServiceRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'ServiceRuleConvert', 'ServiceName')
                )
            }
            {[SqlScriptQueryRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [SqlScriptQueryRuleConvert]::new($Rule).AsRule()
                )
            }
            {[UserRightRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'UserRightRuleConvert')
                )
            }
            {[WebAppPoolRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [WebAppPoolRuleConvert]::new($Rule).AsRule()
                )
            }
            {[WebConfigurationPropertyRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'WebConfigurationPropertyRuleConvert')
                )
            }
            {[WindowsFeatureRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'WindowsFeatureRuleConvert', 'Name')
                )
            }
            {[WinEventLogRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [WinEventLogRuleConvert]::new($Rule).AsRule()
                )
            }
            {[AuditSettingRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [AuditSettingRuleConvert]::new($Rule).AsRule()
                )
            }
            {[SslSettingsRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [SslSettingsRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereAdvancedSettingsRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereAdvancedSettingsRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereServiceRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereServiceRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VspherePortGroupSecurityRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VspherePortGroupSecurityRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereAcceptanceLevelRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereAcceptanceLevelRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereSnmpAgentRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereSnmpAgentRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereKernelActiveDumpPartitionRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereKernelActiveDumpPartitionRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereNtpSettingsRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereNtpSettingsRuleConvert]::new($Rule).AsRule()
                )
            }
            {[VsphereVssSecurityRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.Add(
                    [VsphereVssSecurityRuleConvert]::new($Rule).AsRule()
                )
            }
            {[RootCertificateRuleConvert]::Match($PSItem)}
            {
                $null = $ruleTypeList.AddRange(
                    [SplitFactory]::XccdfRule($Rule, 'RootCertificateRuleConvert')
                )
            }
            <#
                Some rules have a documentation requirement only for exceptions,
                so the DocumentRule needs to be at the end of the switch as a
                catch all for documentation rules. Once a rule has been parsed,
                it should not be converted into a document rule.
            #>

            {[DocumentRuleConvert]::Match($PSItem) -and $ruleTypeList.Count -eq 0}
            {
                $null = $ruleTypeList.Add(
                    [DocumentRuleConvert]::new($Rule).AsRule()
                )
            }
            default
            {
                $null = $ruleTypeList.Add(
                    [ManualRuleConvert]::new($Rule).AsRule()
                )
            }
        }

         <#
            Rules can be split into multiple rules of multiple types, so the list
            of Id's needs to be validated to be unique.
         #>


        $ruleCount = ($ruleTypeList | Measure-Object).count
        $uniqueRuleCount = ($ruleTypeList |
            Select-Object -Property Id -Unique |
                Measure-Object).count

        if ($uniqueRuleCount -ne $ruleCount)
        {
            [int] $byte = 97 # Lowercase A
            foreach ($convertedrule in $ruleTypeList)
            {
                $convertedrule.id = "$($Rule.id).$([CHAR][BYTE]$byte)"
                if ([string]::IsNullOrEmpty($convertedrule.LegacyId) -eq $false)
                {
                    $convertedrule.LegacyId = "$($convertedrule.LegacyId).$([CHAR][BYTE]$byte)"
                }
                $byte ++
            }
        }

        return $ruleTypeList
    }
}