Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
@inlguy
inlguy committed Jan 5, 2022
2 parents e322d60 + 1100a25 commit 8617638
Show file tree
Hide file tree
Showing 31 changed files with 553 additions and 466 deletions.
36 changes: 25 additions & 11 deletions CSETWebApi/CSETWeb_Api/CSETWebCore.Business/Maturity/MaturityBusiness.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,10 @@ public int GetMaturityTargetLevel(int assessmentId)
{
// The maturity target level is stored similar to a SAL level
int targetLevel = 1;
var myLevel = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == "Maturity_Level").FirstOrDefault();
var myLevel = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == Constants.Constants.MaturityLevel)
.FirstOrDefault();

if (myLevel != null)
{
targetLevel = int.Parse(myLevel.Standard_Specific_Sal_Level);
Expand Down Expand Up @@ -157,7 +160,9 @@ public List<MaturityLevel> GetMaturityLevelsForModel(int maturityModelId, int ta
/// <returns></returns>
public int GetTargetLevel(int assessmentId)
{
var asl = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == assessmentId).FirstOrDefault();
var asl = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == Constants.Constants.MaturityLevel)
.FirstOrDefault();
if (asl != null)
{
return int.Parse(asl.Standard_Specific_Sal_Level);
Expand Down Expand Up @@ -237,9 +242,12 @@ public List<LevelAnswers> GetAnswerDistributionByLevel(int assessmentId)
_context.FillEmptyMaturityQuestionsForAnalysis(assessmentId);

var model = _context.AVAILABLE_MATURITY_MODELS.Where(x => x.Assessment_Id == assessmentId).FirstOrDefault();

var selectedLevel = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == assessmentId).FirstOrDefault();
int targetLevel;

var selectedLevel = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == Constants.Constants.MaturityLevel)
.FirstOrDefault();

if (selectedLevel == null)
{
targetLevel = 1;
Expand Down Expand Up @@ -377,13 +385,15 @@ public void PersistSelectedMaturityModel(int assessmentId, string modelName)
// default the target level if CMMC
if (mm.Model_Name == "CMMC")
{
var targetLevel = _context.ASSESSMENT_SELECTED_LEVELS.Where(l => l.Assessment_Id == assessmentId && l.Level_Name == "Maturity_Level").FirstOrDefault();
var targetLevel = _context.ASSESSMENT_SELECTED_LEVELS
.Where(l => l.Assessment_Id == assessmentId && l.Level_Name == Constants.Constants.MaturityLevel)
.FirstOrDefault();
if (targetLevel == null)
{
_context.ASSESSMENT_SELECTED_LEVELS.Add(new ASSESSMENT_SELECTED_LEVELS()
{
Assessment_Id = assessmentId,
Level_Name = "Maturity_Level",
Level_Name = Constants.Constants.MaturityLevel,
Standard_Specific_Sal_Level = "1"
});
}
Expand Down Expand Up @@ -421,7 +431,9 @@ public void ClearMaturityModel(int assessmentId)
/// <returns></returns>
public int GetMaturityLevel(int assessmentId)
{
var result = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == "Maturity_Level").FirstOrDefault();
var result = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == Constants.Constants.MaturityLevel)
.FirstOrDefault();
if (result != null)
{
if (int.TryParse(result.Standard_Specific_Sal_Level, out int level))
Expand All @@ -443,7 +455,8 @@ public void PersistMaturityLevel(int assessmentId, int level)
// is more complex to allow for the different types of SALs
// as well as the user's selection(s).

var result = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == "Maturity_Level");
var result = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == Constants.Constants.MaturityLevel);
if (result.Any())
{
_context.ASSESSMENT_SELECTED_LEVELS.RemoveRange(result);
Expand All @@ -453,7 +466,7 @@ public void PersistMaturityLevel(int assessmentId, int level)
_context.ASSESSMENT_SELECTED_LEVELS.Add(new ASSESSMENT_SELECTED_LEVELS()
{
Assessment_Id = assessmentId,
Level_Name = "Maturity_Level",
Level_Name = Constants.Constants.MaturityLevel,
Standard_Specific_Sal_Level = level.ToString()
});

Expand Down Expand Up @@ -1449,7 +1462,8 @@ public void UpdateACETDashboardSummary(int assessmentId, Model.Acet.ACETDashboar
/// <returns></returns>
public void SetDefaultTargetLevels(int assessmentId, string modelName)
{
var result = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == "Maturity_Level");
var result = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == assessmentId && x.Level_Name == Constants.Constants.MaturityLevel);
//If any level is already selected, avoid setting default
if (result.Any())
{
Expand All @@ -1462,7 +1476,7 @@ public void SetDefaultTargetLevels(int assessmentId, string modelName)
_context.ASSESSMENT_SELECTED_LEVELS.Add(new ASSESSMENT_SELECTED_LEVELS()
{
Assessment_Id = assessmentId,
Level_Name = "Maturity_Level",
Level_Name = Constants.Constants.MaturityLevel,
Standard_Specific_Sal_Level = "1"
});
_context.SaveChanges();
Expand Down
4 changes: 2 additions & 2 deletions CSETWebApi/CSETWeb_Api/CSETWebCore.Business/Reports/ReportsDataBusiness.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ on a.Question_Or_Requirement_Id equals m.Mat_Question_Id

// if a maturity level is defined, only report on questions at or below that level
int? selectedLevel = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == myModel.Assessment_Id
&& x.Level_Name == "Maturity_Level").Select(x => int.Parse(x.Standard_Specific_Sal_Level)).FirstOrDefault();
&& x.Level_Name == Constants.Constants.MaturityLevel).Select(x => int.Parse(x.Standard_Specific_Sal_Level)).FirstOrDefault();

if (selectedLevel != null && selectedLevel != 0)
{
Expand Down Expand Up @@ -1097,7 +1097,7 @@ join asl in _context.ASSESSMENT_SELECTED_LEVELS on amm.Assessment_Id equals asl.
where amm.Assessment_Id == _assessmentId
&& ans.Assessment_Id == _assessmentId
&& ans.Is_Maturity == true
&& asl.Level_Name == "Maturity_Level"
&& asl.Level_Name == Constants.Constants.MaturityLevel
select new { amm, mm, mq, ans, asl }
).ToList();
var models = query.Select(x => new { x.mm, x.asl }).Distinct();
Expand Down
16 changes: 15 additions & 1 deletion CSETWebApi/CSETWeb_Api/CSETWebCore.Business/User/UserBusiness.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,21 @@ public UserCreateResponse CreateUser(UserDetail userDetail)
PasswordResetRequired = true
};
_context.USERS.Add(u);
_context.SaveChanges();
try
{
_context.SaveChanges();
}
catch (Microsoft.EntityFrameworkCore.DbUpdateException ex)
{
Microsoft.Data.SqlClient.SqlException sqlException = (Microsoft.Data.SqlClient.SqlException)ex.InnerException;
if (sqlException.Number != 2627)
{
throw ex;
}
//TODO: Add logging
Console.WriteLine(ex);
_context.USERS.Remove(u);
}

UserCreateResponse resp = new UserCreateResponse
{
Expand Down
1 change: 1 addition & 0 deletions CSETWebApi/CSETWeb_Api/CSETWebCore.Constants/Constants.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,7 @@ public static class Constants
public const string SIMPLE_SAL = "Simple";

//Maturity Levels
public const string MaturityLevel = "Maturity_Level";
public const string IncompleteMaturity = "Incomplete";
public const string SubBaselineMaturity = "Sub-Baseline";
public const string BaselineMaturity = "Baseline";
Expand Down
8 changes: 4 additions & 4 deletions CSETWebApi/CSETWeb_Api/CSETWebCore.DatabaseManager/DbManager.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,10 +288,10 @@ public void ExecuteNonQuery(string sql, string connectionString)
public string DatabaseCode { get; private set; } = "CSETWeb";
public string ClientCode { get; private set; } = "DHS";
public string ApplicationCode { get; private set; } = "CSET";
public string CurrentCSETConnectionString { get; private set; } = @"data source=(LocalDB)\MSSQLLocalDB;initial catalog=CSETWeb;integrated security=True;connect timeout=5;MultipleActiveResultSets=True;";
public string OldCSETConnectionString { get; private set; } = @"data source=(localdb)\v11.0;initial catalog = CSETWeb;Integrated Security = SSPI;connect timeout=5;MultipleActiveResultSets=True";
public string CurrentMasterConnectionString { get; private set; } = @"data source=(LocalDB)\MSSQLLocalDB;Database=Master;integrated security=True;connect timeout=5;MultipleActiveResultSets=True;";
public string OldMasterConnectionString { get; private set; } = @"data source=(LocalDB)\v11.0;Database=Master;integrated security=True;connect timeout=5;MultipleActiveResultSets=True;";
public string CurrentCSETConnectionString { get; private set; } = @"data source=(LocalDB)\MSSQLLocalDB;initial catalog=CSETWeb;integrated security=True;connect timeout=25;MultipleActiveResultSets=True;";
public string OldCSETConnectionString { get; private set; } = @"data source=(localdb)\v11.0;initial catalog = CSETWeb;Integrated Security = SSPI;connect timeout=25;MultipleActiveResultSets=True";
public string CurrentMasterConnectionString { get; private set; } = @"data source=(LocalDB)\MSSQLLocalDB;Database=Master;integrated security=True;connect timeout=25;MultipleActiveResultSets=True;";
public string OldMasterConnectionString { get; private set; } = @"data source=(LocalDB)\v11.0;Database=Master;integrated security=True;connect timeout=25;MultipleActiveResultSets=True;";
public bool LocalDb2019Installed
{
get { return IsLocalDb2019Installed(); }
Expand Down
4 changes: 3 additions & 1 deletion CSETWebApi/CSETWeb_Api/CSETWebCore.Helpers/MaturityStructure.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,9 @@ private void LoadStructure()


// cull any questions that are above the target level (if the model supports a target)
var targetLevel = _context.ASSESSMENT_SELECTED_LEVELS.Where(x => x.Assessment_Id == this.AssessmentId && x.Level_Name == "Maturity_Level").FirstOrDefault();
var targetLevel = _context.ASSESSMENT_SELECTED_LEVELS
.Where(x => x.Assessment_Id == this.AssessmentId && x.Level_Name == Constants.Constants.MaturityLevel)
.FirstOrDefault();
if (targetLevel != null)
{
questions.RemoveAll(x => x.Maturity_LevelNavigation.Level > int.Parse(targetLevel.Standard_Specific_Sal_Level));
Expand Down
34 changes: 25 additions & 9 deletions CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Controllers/AuthController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
using CSETWebCore.Model.Auth;
using CSETWebCore.Model.Authentication;
using Microsoft.AspNetCore.Mvc;
using System;

namespace CSETWebCore.Api.Controllers
{
Expand All @@ -11,6 +12,8 @@ public class AuthController : ControllerBase
{
private readonly IUserAuthentication _userAuthentication;
private readonly ITokenManager _tokenManager;
private static readonly object _locker = new object();
static readonly log4net.ILog _logger = log4net.LogManager.GetLogger(typeof(AuthController));

public AuthController(IUserAuthentication userAuthentication, ITokenManager tokenManager)
{
Expand Down Expand Up @@ -44,17 +47,30 @@ public IActionResult Login([FromBody] Login login)
[Route("api/auth/login/standalone")]
public IActionResult LoginStandalone([FromBody] Login login)
{
_tokenManager.GenerateSecret();
LoginResponse resp = _userAuthentication.AuthenticateStandalone(login);
if (resp != null)
_logger.Info("Logging into standalone...");
try
{
return Ok(resp);
}
_tokenManager.GenerateSecret();
lock (_locker)
{
LoginResponse resp = _userAuthentication.AuthenticateStandalone(login);
if (resp != null)
{
return Ok(resp);
}

resp = new LoginResponse() {
LinkerTime = new Helpers.BuildNumberHelper().GetLinkerTime()
};
return Ok(resp);
resp = new LoginResponse()
{
LinkerTime = new Helpers.BuildNumberHelper().GetLinkerTime()
};
return Ok(resp);
}
}
catch (Exception e)
{
_logger.Error(e.Message);
return StatusCode(500);
}
}

/// <summary>
Expand Down
4 changes: 2 additions & 2 deletions CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Documents/htmlhelp_crr/2_1_crr_architecture.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: center; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_B9F55B79DA">Table 1: CRR Domain Composition</span><table class="de_tbl_663 detbl" style="width: 663px; height: 193; margin-left: auto; margin-right: auto;">
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_B9F55B79DA">Table 1: CRR Domain Composition</span><table class="de_tbl_663 detbl" style="width: 663px; height: 193; margin-left: 0; margin-right: auto;">
<col style="width: 296px;" class="de_col_1_296" />
<col style="width: 123px;" class="de_col_2_123" />
<col style="width: 121px;" class="de_col_3_121" />
Expand Down Expand Up @@ -423,7 +423,7 @@
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_4AF4BF9DD6"><img alt="Image shows The Cyber Resilience Review Domain Architecture" style="border: solid 0px; " width="600" height="397" class="de_custom_img de_780D01ADE8" src="drex_2_1_crr_architecture_custom.png" data-full-src="drex_2_1_crr_architecture_custom_2.png" data-full-width="1256" data-full-height="831" /></span></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: center; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_B9F55B79DA">Figure 1: The Cyber Resilience Review Domain Architecture</span></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_B9F55B79DA">Figure 1: The Cyber Resilience Review Domain Architecture</span></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
</div> <div class="menu_on_page">
<h2>The contents of 2.1 CRR Architecture</h2>
Expand Down
2 changes: 1 addition & 1 deletion CSETWebApi/CSETWeb_Api/CSETWeb_ApiCore/Documents/htmlhelp_crr/2_crr_overview.htm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@
<div class="description_on_page"><div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><div class="ic"><h1><strong>2 CRR OVERVIEW</strong></h1></div></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><h3><span class="de_1BAB0D9893"><strong>CRR Method</strong></span></h3></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_4AF4BF9DD6">The CRR is a lightweight assessment method that was created by CISA for the purpose of evaluating the cybersecurity and service continuity practices of critical infrastructure owners and operators. The CRR, consisting of 299 questions, is typically delivered in a six-hour workshop led by facilitators from CISA. The facilitators elicit answers from the critical infrastructure organization’s personnel in cybersecurity, operations, physical security, and business continuity.</span></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_4AF4BF9DD6">The CRR is a lightweight assessment method that was created by the Cybersecurity and Infrastructure Security Agency (CISA) for the purpose of evaluating the cybersecurity and service continuity practices of critical infrastructure owners and operators. The CRR, consisting of 299 questions, is typically delivered in a six-hour workshop led by facilitators from CISA. The facilitators elicit answers from the critical infrastructure organization’s personnel in cybersecurity, operations, physical security, and business continuity.</span></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;"><span class="de_4AF4BF9DD6">The CRR Assessment Package allows organizations to apply the same method without the participation of external facilitators. It contains the same questions, scoring mechanisms, and options for improvement as the externally facilitated CRR.</span></div>
<div class="p" style="text-align: left; direction: ltr; margin-left: 0px; text-indent: 0px;">&#160;</div>
Expand Down
Loading

0 comments on commit 8617638

Please sign in to comment.