go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows/firewall.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package windows 5 6 import ( 7 "encoding/json" 8 "io" 9 ) 10 11 const ( 12 FIREWALL_PROFILES = "Get-NetFirewallProfile | ConvertTo-Json" 13 FIREWALL_RULES = "Get-NetFirewallRule | ConvertTo-Json" 14 FIREWALL_SETTINGS = "Get-NetFirewallSetting | ConvertTo-Json" 15 ) 16 17 type WindowsFirewallRule struct { 18 ID string `json:"ID"` 19 Name string `json:"Name"` 20 DisplayName string `json:"DisplayName"` 21 Group string `json:"Group"` 22 Enabled int64 `json:"Enabled"` 23 Profile int64 `json:"Profile"` 24 Direction int64 `json:"Direction"` 25 Action int64 `json:"Action"` 26 EdgeTraversalPolicy int64 `json:"EdgeTraversalPolicy"` 27 LSM bool `json:"LSM"` 28 PrimaryStatus int64 `json:"PrimaryStatus"` 29 Status string `json:"Status"` 30 EnforcementStatus string `json:"EnforcementStatus"` 31 PolicyStoreSourceType int64 `json:"PolicyStoreSourceType"` 32 Caption *string `json:"Caption"` 33 Description string `json:"Description"` 34 ElementName string `json:"ElementName"` 35 InstanceID string `json:"InstanceID"` 36 PolicyDecisionStrategy int64 `json:"PolicyDecisionStrategy"` 37 ConditionListType int64 `json:"ConditionListType"` 38 CreationClassName string `json:"CreationClassName"` 39 ExecutionStrategy int64 `json:"ExecutionStrategy"` 40 PolicyRuleName string `json:"PolicyRuleName"` 41 SequencedActions int64 `json:"SequencedActions"` 42 SystemCreationClassName string `json:"SystemCreationClassName"` 43 SystemName string `json:"SystemName"` 44 DisplayGroup string `json:"DisplayGroup"` 45 LocalOnlyMapping bool `json:"LocalOnlyMapping"` 46 LooseSourceMapping bool `json:"LooseSourceMapping"` 47 PolicyStoreSource string `json:"PolicyStoreSource"` 48 Profiles int64 `json:"Profiles"` 49 RuleGroup string `json:"RuleGroup"` 50 StatusCode int64 `json:"StatusCode"` 51 // Platform dict `json:"Platform"` 52 // CommonName string `json:"CommonName"` 53 // PolicyKeywords string `json:"PolicyKeywords"` 54 // PolicyRoles string `json:"PolicyRoles"` 55 // Mandatory int64 `json:"Mandatory"` 56 // Priority string `json:"Priority"` 57 // RuleUsage string `json:"RuleUsage"` 58 // Owner string `json:"Owner"` 59 } 60 61 func ParseWindowsFirewallRules(input io.Reader) ([]WindowsFirewallRule, error) { 62 data, err := io.ReadAll(input) 63 if err != nil { 64 return nil, err 65 } 66 67 // for empty result set do not get the '{}', therefore lets abort here 68 if len(data) == 0 { 69 return []WindowsFirewallRule{}, nil 70 } 71 72 var winFirewallRules []WindowsFirewallRule 73 err = json.Unmarshal(data, &winFirewallRules) 74 if err != nil { 75 return nil, err 76 } 77 78 return winFirewallRules, nil 79 } 80 81 type WindowsFirewallSettings struct { 82 Name string `json:"Name"` 83 Exemptions int64 `json:"Exemptions"` 84 EnableStatefulFtp int64 `json:"EnableStatefulFtp"` 85 EnableStatefulPptp int64 `json:"EnableStatefulPptp"` 86 ActiveProfile int64 `json:"ActiveProfile"` 87 RequireFullAuthSupport int64 `json:"RequireFullAuthSupport"` 88 CertValidationLevel int64 `json:"CertValidationLevel"` 89 AllowIPsecThroughNAT int64 `json:"AllowIPsecThroughNAT"` 90 MaxSAIdleTimeSeconds string `json:"MaxSAIdleTimeSeconds"` 91 KeyEncoding int64 `json:"KeyEncoding"` 92 EnablePacketQueuing int64 `json:"EnablePacketQueuing"` 93 ElementName string `json:"ElementName"` 94 InstanceID string `json:"InstanceID"` 95 Profile int64 `json:"Profile"` 96 RemoteMachineTransportAuthorizationList string `json:"RemoteMachineTransportAuthorizationList"` 97 RemoteMachineTunnelAuthorizationList string `json:"RemoteMachineTunnelAuthorizationList"` 98 RemoteUserTransportAuthorizationList string `json:"RemoteUserTransportAuthorizationList"` 99 RemoteUserTunnelAuthorizationList string `json:"RemoteUserTunnelAuthorizationList"` 100 } 101 102 func ParseWindowsFirewallSettings(input io.Reader) (*WindowsFirewallSettings, error) { 103 data, err := io.ReadAll(input) 104 if err != nil { 105 return nil, err 106 } 107 108 // for empty result set do not get the '{}', therefore lets abort here 109 if len(data) == 0 { 110 return &WindowsFirewallSettings{}, nil 111 } 112 113 var winFirewallSettings WindowsFirewallSettings 114 err = json.Unmarshal(data, &winFirewallSettings) 115 if err != nil { 116 return nil, err 117 } 118 119 return &winFirewallSettings, nil 120 } 121 122 type WindowsFirewallProfile struct { 123 Profile string `json:"Profile"` 124 Enabled int64 `json:"Enabled"` 125 DefaultInboundAction int64 `json:"DefaultInboundAction"` 126 DefaultOutboundAction int64 `json:"DefaultOutboundAction"` 127 AllowInboundRules int64 `json:"AllowInboundRules"` 128 AllowLocalFirewallRules int64 `json:"AllowLocalFirewallRules"` 129 AllowLocalIPsecRules int64 `json:"AllowLocalIPsecRules"` 130 AllowUserApps int64 `json:"AllowUserApps"` 131 AllowUserPorts int64 `json:"AllowUserPorts"` 132 AllowUnicastResponseToMulticast int64 `json:"AllowUnicastResponseToMulticast"` 133 NotifyOnListen int64 `json:"NotifyOnListen"` 134 EnableStealthModeForIPsec int64 `json:"EnableStealthModeForIPsec"` 135 LogMaxSizeKilobytes int64 `json:"LogMaxSizeKilobytes"` 136 LogAllowed int64 `json:"LogAllowed"` 137 LogBlocked int64 `json:"LogBlocked"` 138 LogIgnored int64 `json:"LogIgnored"` 139 Caption *string `json:"Caption"` 140 Description *string `json:"Description"` 141 InstanceID string `json:"InstanceID"` 142 LogFileName string `json:"LogFileName"` 143 Name string `json:"Name"` 144 } 145 146 func ParseWindowsFirewallProfiles(input io.Reader) ([]WindowsFirewallProfile, error) { 147 data, err := io.ReadAll(input) 148 if err != nil { 149 return nil, err 150 } 151 152 // for empty result set do not get the '{}', therefore lets abort here 153 if len(data) == 0 { 154 return []WindowsFirewallProfile{}, nil 155 } 156 157 var winFirewallProfiles []WindowsFirewallProfile 158 err = json.Unmarshal(data, &winFirewallProfiles) 159 if err != nil { 160 return nil, err 161 } 162 163 return winFirewallProfiles, nil 164 }