From 1728c879c6461c318b4238c1a16bf823f595e5ed Mon Sep 17 00:00:00 2001
From: Kanchana <shujan.kanchana@gmail.com>
Date: Tue, 3 Dec 2019 19:32:12 +0530
Subject: [PATCH] Added policy Evaluation rule

---
 .../cloud/awsrules/utils/PacmanUtils.java     | 45 +++++++++
 .../policies/AzurePolicyEvaluationRule.java   | 94 +++++++++++++++++++
 .../cloud/constants/PacmanRuleConstants.java  |  2 +
 3 files changed, 141 insertions(+)
 create mode 100644 jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/azurerules/policies/AzurePolicyEvaluationRule.java

diff --git a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java
index 73bf004b2..e029c5526 100644
--- a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java
+++ b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java
@@ -2956,5 +2956,50 @@ public static Map<String, Object> checkResourceIdBypolicyName(String esUrl, Map<
 		}
 		return secMap;
 	}
+	
+	/**
+	 * Function for creating the rule list of a particular virtual machine with
+	 * resource id
+	 * 
+	 * @param esUrl
+	 * @param resourceId
+	 * @param policyDefinitionName
+	 * @return
+	 * @throws Exception
+	 */
+	public static Map<String, Object> getAzurePolicyEvaluationResults(String esUrl, String resourceId,
+			String policyDefinitionName) throws Exception {
+
+		JsonParser jsonParser = new JsonParser();
+		Map<String, Object> policyEvaluationResultsMap = new HashMap<>();
+		Map<String, Object> mustFilter = new HashMap<String, Object>();
+		mustFilter.put(convertAttributetoKeyword("resourceIdLower"), resourceId);
+		mustFilter.put(convertAttributetoKeyword("policyDefinitionName"), policyDefinitionName);
+		mustFilter.put(PacmanRuleConstants.LATEST, "true");
+		JsonObject resultJson = RulesElasticSearchRepositoryUtil.getQueryDetailsFromES(esUrl, mustFilter, null, null,
+				null, 0, null, null, null);
+		if (resultJson != null && resultJson.has(PacmanRuleConstants.HITS)) {
+			String hitsJsonString = resultJson.get(PacmanRuleConstants.HITS).toString();
+			JsonObject hitsJson = (JsonObject) jsonParser.parse(hitsJsonString);
+			JsonArray jsonArray = hitsJson.getAsJsonObject().get(PacmanRuleConstants.HITS).getAsJsonArray();
+			if (jsonArray.size() > 0) {
+				for (int i = 0; i < jsonArray.size(); i++) {
+					JsonObject firstObject = (JsonObject) jsonArray.get(i);
+					JsonObject sourceJson = (JsonObject) firstObject.get(PacmanRuleConstants.SOURCE);
+					if (null != sourceJson) {
+						boolean isCompliant = sourceJson.get("isCompliant").getAsBoolean();
+						policyEvaluationResultsMap.put("isCompliant", isCompliant);
+						policyEvaluationResultsMap.put("policyName", sourceJson.get("policyName").getAsString());
+						policyEvaluationResultsMap.put("policyDescription",
+								sourceJson.get("policyDescription"));
+
+					}
+
+				}
+			}
+		}
+		return policyEvaluationResultsMap;
+	}
+
 
 }
diff --git a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/azurerules/policies/AzurePolicyEvaluationRule.java b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/azurerules/policies/AzurePolicyEvaluationRule.java
new file mode 100644
index 000000000..951396b0c
--- /dev/null
+++ b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/azurerules/policies/AzurePolicyEvaluationRule.java
@@ -0,0 +1,94 @@
+package com.tmobile.cloud.azurerules.policies;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+
+import com.tmobile.cloud.awsrules.utils.PacmanUtils;
+import com.tmobile.cloud.constants.PacmanRuleConstants;
+import com.tmobile.pacman.commons.PacmanSdkConstants;
+import com.tmobile.pacman.commons.exception.RuleExecutionFailedExeption;
+import com.tmobile.pacman.commons.rule.Annotation;
+import com.tmobile.pacman.commons.rule.BaseRule;
+import com.tmobile.pacman.commons.rule.PacmanRule;
+import com.tmobile.pacman.commons.rule.RuleResult;
+
+/**
+ * Possible network Just In Time (JIT) access will be monitored by Azure
+ * Security Center as recommendations
+ */
+
+@PacmanRule(key = "check-for-azure-policy-evaluation-results", desc = "Azure policy evaluation results for different target types", severity = PacmanSdkConstants.SEV_HIGH, category = PacmanSdkConstants.SECURITY)
+public class AzurePolicyEvaluationRule extends BaseRule {
+
+	private static final Logger logger = LoggerFactory.getLogger(AzurePolicyEvaluationRule.class);
+
+	
+	@Override
+	public RuleResult execute(Map<String, String> ruleParam, Map<String, String> resourceAttributes) {
+		logger.debug("======== Azure Policy Evaluation Rule started =========");
+
+		MDC.put("executionId", ruleParam.get("executionId"));
+		MDC.put("ruleId", ruleParam.get(PacmanSdkConstants.RULE_ID));
+
+		String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
+		String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
+
+		String resourceId = resourceAttributes.get(PacmanRuleConstants.RESOURCE_ID).toLowerCase();
+		String pacmanHost = PacmanUtils.getPacmanHost(PacmanRuleConstants.ES_URI);
+		String policyDefinitionName = ruleParam.get("policyDefinitionName");
+		String azurePolicyEvaluationResultsURl = ruleParam.get("azurePolicyEvaluationResults");
+
+		Map<String, Object> policyEvaluationResultsMap = new HashMap<>();
+		try {
+
+			policyEvaluationResultsMap = PacmanUtils.getAzurePolicyEvaluationResults(
+					pacmanHost + azurePolicyEvaluationResultsURl, resourceId, policyDefinitionName);
+			if (!policyEvaluationResultsMap.isEmpty()) {
+				boolean isCompliant = (boolean) policyEvaluationResultsMap.get("isCompliant");
+				if (!isCompliant == true) {
+					List<LinkedHashMap<String, Object>> issueList = new ArrayList<>();
+					LinkedHashMap<String, Object> issue = new LinkedHashMap<>();
+					Annotation annotation = null;
+					annotation = Annotation.buildAnnotation(ruleParam, Annotation.Type.ISSUE);
+					annotation.put(PacmanSdkConstants.DESCRIPTION,
+							policyEvaluationResultsMap.get("policyDescription").toString());
+					annotation.put(PacmanRuleConstants.SEVERITY, severity);
+					annotation.put(PacmanRuleConstants.CATEGORY, category);
+					annotation.put(PacmanRuleConstants.AZURE_SUBSCRIPTION, resourceAttributes.get(PacmanRuleConstants.AZURE_SUBSCRIPTION));
+					annotation.put(PacmanRuleConstants.AZURE_SUBSCRIPTION_NAME, resourceAttributes.get(PacmanRuleConstants.AZURE_SUBSCRIPTION_NAME));
+					issue.put("resourceId", resourceId);
+					issue.put("policyDescription", policyEvaluationResultsMap.get("policyDescription").toString());
+					issue.put("policyName", policyEvaluationResultsMap.get("policyName").toString());
+					issueList.add(issue);
+					annotation.put(PacmanRuleConstants.ISSUE_DETAILS, issueList.toString());
+					logger.debug(
+							"======== Azure Policy Evaluation Rule ended with annotation {} : =========",
+							annotation);
+					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,
+							annotation);
+
+				}
+			}
+
+		} catch (Exception exception) {
+			logger.error("error: ", exception);
+			throw new RuleExecutionFailedExeption(exception.getMessage());
+		}
+
+		logger.debug("======== Azure Policy Evaluation Rule ended=========");
+		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
+	}
+
+	@Override
+	public String getHelpText() {
+		return "Azure Policy Evaluation Rule ";
+	}
+
+}
diff --git a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java
index 68a02ce34..a329658bc 100644
--- a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java
+++ b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java
@@ -359,4 +359,6 @@ private PacmanRuleConstants() {
 	public static final String AZURERESOURCEID= "recommendation._resourceIdLower";
 	public static final String RECOMMENDATION = "recommendation";
 	public static final String DETAILS = "details";
+	public static final String AZURE_SUBSCRIPTION = "subscription";
+    public static final String AZURE_SUBSCRIPTION_NAME = "subscriptionName";
 }