go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows_firewall.go

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows_firewall.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package resources
     5  
     6  import (
     7  	"go.mondoo.com/cnquery/llx"
     8  	"go.mondoo.com/cnquery/providers-sdk/v1/util/convert"
     9  	"go.mondoo.com/cnquery/providers/os/connection/shared"
    10  	"go.mondoo.com/cnquery/providers/os/resources/powershell"
    11  	"go.mondoo.com/cnquery/providers/os/resources/windows"
    12  )
    13  
    14  func (w *mqlWindowsFirewallProfile) id() (string, error) {
    15  	return w.InstanceID.Data, nil
    16  }
    17  
    18  func (w *mqlWindowsFirewallRule) id() (string, error) {
    19  	return w.InstanceID.Data, nil
    20  }
    21  
    22  func (w *mqlWindowsFirewall) settings() (map[string]interface{}, error) {
    23  	conn := w.MqlRuntime.Connection.(shared.Connection)
    24  
    25  	// query firewall profiles
    26  	encodedCmd := powershell.Encode(windows.FIREWALL_SETTINGS)
    27  	executedCmd, err := conn.RunCommand(encodedCmd)
    28  	if err != nil {
    29  		return nil, err
    30  	}
    31  
    32  	fwSettings, err := windows.ParseWindowsFirewallSettings(executedCmd.Stdout)
    33  	if err != nil {
    34  		return nil, err
    35  	}
    36  	return convert.JsonToDict(fwSettings)
    37  }
    38  
    39  func (w *mqlWindowsFirewall) profiles() ([]interface{}, error) {
    40  	conn := w.MqlRuntime.Connection.(shared.Connection)
    41  
    42  	// query firewall profiles
    43  	encodedCmd := powershell.Encode(windows.FIREWALL_PROFILES)
    44  	executedCmd, err := conn.RunCommand(encodedCmd)
    45  	if err != nil {
    46  		return nil, err
    47  	}
    48  
    49  	fwProfiles, err := windows.ParseWindowsFirewallProfiles(executedCmd.Stdout)
    50  	if err != nil {
    51  		return nil, err
    52  	}
    53  
    54  	// convert firewall profiles to MQL resource
    55  	mqlFwProfiles := make([]interface{}, len(fwProfiles))
    56  	for i, p := range fwProfiles {
    57  
    58  		mqlFwProfile, err := CreateResource(w.MqlRuntime, "windows.firewall.profile", map[string]*llx.RawData{
    59  			"instanceID":                      llx.StringData(p.InstanceID),
    60  			"name":                            llx.StringData(p.Name),
    61  			"enabled":                         llx.IntData(p.Enabled),
    62  			"defaultInboundAction":            llx.IntData(p.DefaultInboundAction),
    63  			"defaultOutboundAction":           llx.IntData(p.DefaultOutboundAction),
    64  			"allowInboundRules":               llx.IntData(p.AllowInboundRules),
    65  			"allowLocalFirewallRules":         llx.IntData(p.AllowLocalFirewallRules),
    66  			"allowLocalIPsecRules":            llx.IntData(p.AllowLocalIPsecRules),
    67  			"allowUserApps":                   llx.IntData(p.AllowUserApps),
    68  			"allowUserPorts":                  llx.IntData(p.AllowUserPorts),
    69  			"allowUnicastResponseToMulticast": llx.IntData(p.AllowUnicastResponseToMulticast),
    70  			"notifyOnListen":                  llx.IntData(p.NotifyOnListen),
    71  			"enableStealthModeForIPsec":       llx.IntData(p.EnableStealthModeForIPsec),
    72  			"logMaxSizeKilobytes":             llx.IntData(p.LogMaxSizeKilobytes),
    73  			"logAllowed":                      llx.IntData(p.LogAllowed),
    74  			"logBlocked":                      llx.IntData(p.LogBlocked),
    75  			"logIgnored":                      llx.IntData(p.LogIgnored),
    76  			"logFileName":                     llx.StringData(p.LogFileName),
    77  		})
    78  		if err != nil {
    79  			return nil, err
    80  		}
    81  
    82  		mqlFwProfiles[i] = mqlFwProfile
    83  	}
    84  
    85  	return mqlFwProfiles, nil
    86  }
    87  
    88  func (w *mqlWindowsFirewall) rules() ([]interface{}, error) {
    89  	conn := w.MqlRuntime.Connection.(shared.Connection)
    90  
    91  	// query firewall rules
    92  	encodedCmd := powershell.Encode(windows.FIREWALL_RULES)
    93  	executedCmd, err := conn.RunCommand(encodedCmd)
    94  	if err != nil {
    95  		return nil, err
    96  	}
    97  
    98  	fwRules, err := windows.ParseWindowsFirewallRules(executedCmd.Stdout)
    99  	if err != nil {
   100  		return nil, err
   101  	}
   102  
   103  	// convert firewall rules to MQL resource
   104  	mqlFwRules := make([]interface{}, len(fwRules))
   105  	for i, r := range fwRules {
   106  
   107  		mqlFwRule, err := CreateResource(w.MqlRuntime, "windows.firewall.rule", map[string]*llx.RawData{
   108  			"instanceID":            llx.StringData(r.InstanceID),
   109  			"name":                  llx.StringData(r.Name),
   110  			"displayName":           llx.StringData(r.DisplayName),
   111  			"description":           llx.StringData(r.Description),
   112  			"displayGroup":          llx.StringData(r.DisplayGroup),
   113  			"enabled":               llx.IntData(r.Enabled),
   114  			"direction":             llx.IntData(r.Direction),
   115  			"action":                llx.IntData(r.Action),
   116  			"edgeTraversalPolicy":   llx.IntData(r.EdgeTraversalPolicy),
   117  			"looseSourceMapping":    llx.BoolData(r.LooseSourceMapping),
   118  			"localOnlyMapping":      llx.BoolData(r.LocalOnlyMapping),
   119  			"primaryStatus":         llx.IntData(r.PrimaryStatus),
   120  			"status":                llx.StringData(r.Status),
   121  			"enforcementStatus":     llx.StringData(r.EnforcementStatus),
   122  			"policyStoreSource":     llx.StringData(r.PolicyStoreSource),
   123  			"policyStoreSourceType": llx.IntData(r.PolicyStoreSourceType),
   124  		})
   125  		if err != nil {
   126  			return nil, err
   127  		}
   128  
   129  		mqlFwRules[i] = mqlFwRule
   130  	}
   131  
   132  	return mqlFwRules, nil
   133  }