4.6.0 PR to Master for Release (#781)

* 4.5.0 PR to Dev for Release (#733)

* Migrate PowerSTIG to Azure DevOps for Build and Test (#603)

* update folder structure for azure dev ops

* dscresource unit test passing

* updated unit tests

* Unit test pathing update, all passing

* updated unit test to ensure regex data files are loaded

* updated .tests.header for unit\tools directory

* daily commit - Integrated test updates

* updated tests based on testing feedback

* optimized test header based on feedback

* updated build.psd1 case sensitive

* update build agent to windows-2019

* update build and azure yml files

* added hqrm tests to build yml and dependencies

* updated azure-pipelines.yml to include hqrm test

* updated HRQM display name

* updated test exclusion DSCResources

* intro logic to dynamically build requiredmodules

* updated yml to reflect master

* updated changelog.md

* Update azure-pipelines.yml

* rename sources to source (#605)

* Migrate PowerSTIG to Azure DevOps for Build, Test and Release Deployment (#606)

* updated powerstig for dynamic versioning

* updated gitversion to reflect base version

* updated if statement to adhere to style gls

* updated code to adhere to sgl hqrmtest

* updated code to adhere to sgl hqrm tests

* updated code to adhere to sgl hqrm

* update yml files to support CICD pipeline

* updated markdown function

* update change log structure

* updated spacing via PR feedback

* updated 2012R2 STIG after convert tests
reflected a minor delta

* Update PowerSTIG to parse and apply Vmware Vsphere 6.5 STIG V1R3 (#607)

* initial commit for vsphere

* updated based on test results

* updated based on vsphere module name

* updated module manifest to check build status

* updated newlines in raw xccdf

* updated newline

* updated newlies in rules

* updated tests

* updated processed Stig name

* updated vsphere schema

* updated composites

* updated spacing

* updated format

* Updated based on feedback

* update required parameter for composite

* updated service rule

* Added Integration DSCresrouce Vsphere Test

* reverted changes to test

* updated integration tests

* added unit tests

* added unit tests

* added unit tests

* updated formatting based on feedback

* updated based on feedback

* updated comments

* updated tests

* updated changelog.md

* trailing whitespace removed

* updated for HQRM tests

* updated based on pr feedback

* updated case

* update code based on PR feedback

* updated code based on PR feedback.

* updated tests based on PR feedback

* updated test based on PR feedback

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Unable to Import PowerSTIG 4.4.0 Due to cyclic dependency Error (#617)

* removed vmware.vspheredsc as a dependency because all of its required dependencies are loaded

* updated module load process for VMware modules

* updated build.yaml

* updated test

* Updated tests

* removed stop error action

* updated formating

* updated based on failing hqrm

* updated module  helper

* moved helper module

* updated location of module helper

* reduced vmware.VsphereDSC version

* updated build.yaml

* updated data file

* update module version schema

* updated based on testing

* Update changelog

* Update based on PR feedback

* Update PowerSTIG to successfully parse/apply Microsoft IIS Server/Site STIG - Ver 1, Rel10 (#623)

* added IIS Server V1R10

* updated changelog and added iis site v1r10

* updated changelog

* removed N-2 STIGS

* Update PowerSTIG to successfully parse Microsoft SQL Server 2012 Database STIG - Ver 1, Rel 20 (#621)

* updated PowerSTIG to use SQL 2012 Database V1R20

* quotes in test

* updated tabs to spaces in sql raw xccdf

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* explicit Pester version due to 5.x (latest) test failures

* Update PowerSTIG to successfully parse/apply Windows Defender Antivirus STIG - V1R8 (#626)

* added new Windows Defender STIG V1R8 removed V1R6

* updated based on PR feedback:

* merged origin

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* initial commit (#640)

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Update PowerSTIG to successfully parse/apply Microsoft IIS 10 Server/Site STIG - V1R1 (#641)

* added IIS 10.0 Server

* updated IIS 10 site stig

* updated based on tests

* updated based on tests

* updated log file

* added esxi 6.5 v1r4 (#637)

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Update PowerSTIG to successfully parse/apply Windows Server 2012 DNS STIG - Ver 1, Rel 14 (#635)

* DNS Update commit

* removed DNS 1.12

* explicit version for DscResource.Test

* Update PowerSTIG to allow for workgroup level scans (#643)

* added community requested functionality to not require domain/forest parameters

* updated warning message

* reverted to old module dscresource.test

* Updated based on feedback

* updated sql 2016 instance 1.9 (#638)

* Update PowerSTIG to successfully parse/apply MS SQL Server 2012 Instance Ver. 1 Rel. 20 (#642)

* updated sql 2012 Instance V1R20

* updated Get-SqlTechnologyRole

* removed tabs

* added a new line to the end of xccdf

* update build to use dscresource.test 0.13.1

* updated code based on feedback

* Initial updates for checklist improvements

* updated sql script query rule and test to take multiple db's withouth conflict

* updated based on testing

* First working version - multi-STIGs per checklist

* Backward compatibility support added for checklist

* Updates to formatting

* log file update for IE rule bug

* updated change log

* added new line to the end of the log files

* Updated based on pr feedback

* Updated for Pester testing.

* Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R21 (#656)

* Updated to support latest WIN10 STIG

* update 1.19 to remove extra slash for bug

* Polishing for PR

* Polishing for PR

* Update to CHANGELOG.md

* Updated for formatting

* Formatting updates for PR

* Update for formatting

* Updates to formatting for PR

* Formatting for PR

* update changelog

* Updates for PR

* updated manifest

* Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672)

* fixed V-88203 to be org setting with Tenant Guid

* updated changelog.md

* fixed registry rule issue in sql 2016 (#671)

* Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670)

* dialy commit

* updated build task to leverage nuget

* added new line for Common.Data.ps1

* warning message to troubleshoot ADO pipeline

* updated package tasks

* updated release.module.build

* updated module

* updated release

* updated release

* updated release

* hard coded nuget.exe path

* fixed FilePath parameter

* dynamically detect nuget.exe

* nuget dynamic detection

* testing alternate nuget detection

* updated release to leverage get-command for nuget
detection

* updated code to replace only the task needed

* updated build funct. conform to style guideline

* updated New-NuspecFile funciton

* Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679)

* added support for 2012 R2 V2R19

* added new line to xml

* added Server 2019 V1R5,removed V1R2 (#684)

* Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682)

* Added Windows Client V1R23, Removed Windows CLient V1R19

* Added Windows Client V1R23, Removed Windows CLient V1R19

* removed random tabs

* removed tabs from converted

* updated based on feedback

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* added support for 2016 V1R12 DC/MS (#685)

* Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689)

* updated PowerSTIG to use AccessControlDsc 1.4.1

* updated composites with AccessControlDsc 1.4.1

* Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701)

* added support for IIS 10 Site/Server V1R2

* updated IISServer 10 V1R1 org settings file

* Revert "updated IISServer 10 V1R1 org settings file"

This reverts commit 54d4e82.

* added Firefox V4R29 STIG, remove V4R27 (#700)

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705)

* added SQL 2016 Instance V1R10, removed V1R8

* Updated changelog.md

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* added dns V1R15 (#697)

squash/merge

* Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703)

* Updated xDnsServer version

* update module version

* updated changelog.md

* upgrade xWebadministration to 3.2.0 (#714)

* added IE 11 STIG - V1R19 (#708)

* Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710)

* removed old 2016 DC/MS processed STIGs

* updated changelog.md

* Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706)

* added support for IIS site/server V1R11

* removed old processed STIGs

* updated AuditPolicyDsc to 1.4.0.0 (#716)

* Allow application of applicable user rights assignments for non-domain and disconnected systems (#719)

* updated based on community feedback

* update based on feedback

* update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717)

* Updates to Checklisting

* updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721)

* Minor updates for PR

* Minor update for PR

* Updates to parameters

* Minor update for Registry rule checklist output

* Update PowerSTIG to use PSDSCResources 2.12.0.0 (#726)

* updated PSDSCResources to 2.12.0.0

* kick devops

* updated

* update revert

* Parameter name swap

* Updated PowerSTIG to use FileContentDsc 1.3.0.151 (#725)

* Minor update to parameter

* Update WindowsDefenderDSC Version to Latest (2.0.0) (#728)

* initial commit

* updated spacing

* updated format of composite

* converted server 2019 stigs

* update changelog.md

* updated windows defenderdsc

* updated integration tests

* updated integration tests

* Update tests

* updated based on tests

* updated based on feedback

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Removed ChecklistSTIGfiles.txt

* Update PowerSTIG to successfully parse/apply Windows 2012 R2 DC Version 2, Rev 21 (#727)

* updated DC and MS STIGS

* removed tabs

* added newline

* updated based on testing

* updated after merge

* Restored code to load manual check file

* Case update for PR

* Updates to formatting per style guide

* updated style guidelines

* updated based on testing (#732)

* updated to not include system drives (#736)

* changelog.md and filehash.md release update

Co-authored-by: Eric Jenkins <erjenkin@microsoft.com>
Co-authored-by: Steve Hose <33662177+stevehose@users.noreply.github.com>

* Update PowerSTIG with new SkipRuleCategory Parameter to skip entire STIG Category/Severity Level(s) (#740)

* Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672)

* fixed V-88203 to be org setting with Tenant Guid

* updated changelog.md

* fixed registry rule issue in sql 2016 (#671)

* Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670)

* dialy commit

* updated build task to leverage nuget

* added new line for Common.Data.ps1

* warning message to troubleshoot ADO pipeline

* updated package tasks

* updated release.module.build

* updated module

* updated release

* updated release

* updated release

* hard coded nuget.exe path

* fixed FilePath parameter

* dynamically detect nuget.exe

* nuget dynamic detection

* testing alternate nuget detection

* updated release to leverage get-command for nuget
detection

* updated code to replace only the task needed

* updated build funct. conform to style guideline

* updated New-NuspecFile funciton

* Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679)

* added support for 2012 R2 V2R19

* added new line to xml

* added Server 2019 V1R5,removed V1R2 (#684)

* Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682)

* Added Windows Client V1R23, Removed Windows CLient V1R19

* Added Windows Client V1R23, Removed Windows CLient V1R19

* removed random tabs

* removed tabs from converted

* updated based on feedback

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* added support for 2016 V1R12 DC/MS (#685)

* Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689)

* updated PowerSTIG to use AccessControlDsc 1.4.1

* updated composites with AccessControlDsc 1.4.1

* Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701)

* added support for IIS 10 Site/Server V1R2

* updated IISServer 10 V1R1 org settings file

* Revert "updated IISServer 10 V1R1 org settings file"

This reverts commit 54d4e82.

* added Firefox V4R29 STIG, remove V4R27 (#700)

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705)

* added SQL 2016 Instance V1R10, removed V1R8

* Updated changelog.md

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* added dns V1R15 (#697)

squash/merge

* Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703)

* Updated xDnsServer version

* update module version

* updated changelog.md

* upgrade xWebadministration to 3.2.0 (#714)

* added IE 11 STIG - V1R19 (#708)

* Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710)

* removed old 2016 DC/MS processed STIGs

* updated changelog.md

* Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706)

* added support for IIS site/server V1R11

* removed old processed STIGs

* updated AuditPolicyDsc to 1.4.0.0 (#716)

* Allow application of applicable user rights assignments for non-domain and disconnected systems (#719)

* updated based on community feedback

* update based on feedback

* update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717)

* updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721)

* Added SkipRuleCategory support to PowerSTIG

* updating test to be compat with new feature

* updated test configs with dynamic logic

* updated test logic to run get-dscresource once

* updated to disallow skipping doc/man rules

* updated integration dscresource tests

* PR Feedback updates

Co-authored-by: Eric Jenkins <erjenkin@microsoft.com>

* Increase Code Coverage of PowerSTIG to %75 (#742)

* updated tests for increased code cov part 1

* fixed test

* update changelog.md

* update changelog

* tes

* reverted change

* added VsphereNTPsetting tests

* updated checklist test

* updated DomainName Function tests

* updated powerstig xml tests

* added tests for Convertto-PowerSTIGxml and Compare

* updated tests

* updated webconfig property rule test

* updated to convert all STIGS

* removed redundant tests

* update only select one of each STIG

* added all office stigs

* reverted some tests

* updated tests:

* removed dependency for helper files

* updated tests

* removed example folder

* update based on feedback

* updated test

* Increase Code Coverage of PowerSTIG (#745)

* Fixed Missing OrgSettings for V-88203 - Win10 Client 1.19 and 1.21 (#672)

* fixed V-88203 to be org setting with Tenant Guid

* updated changelog.md

* fixed registry rule issue in sql 2016 (#671)

* Release Process Update: Ensure the nuget package uses explicit DSC Resource Module Versions (#670)

* dialy commit

* updated build task to leverage nuget

* added new line for Common.Data.ps1

* warning message to troubleshoot ADO pipeline

* updated package tasks

* updated release.module.build

* updated module

* updated release

* updated release

* updated release

* hard coded nuget.exe path

* fixed FilePath parameter

* dynamically detect nuget.exe

* nuget dynamic detection

* testing alternate nuget detection

* updated release to leverage get-command for nuget
detection

* updated code to replace only the task needed

* updated build funct. conform to style guideline

* updated New-NuspecFile funciton

* Update PowerSTIG to successfully parse/apply Windows 2012 R2 MS Version 2, Rev 19 (#679)

* added support for 2012 R2 V2R19

* added new line to xml

* added Server 2019 V1R5,removed V1R2 (#684)

* Update PowerSTIG to successfully parse/apply Windows 10 STIG - V1R23 (#682)

* Added Windows Client V1R23, Removed Windows CLient V1R19

* Added Windows Client V1R23, Removed Windows CLient V1R19

* removed random tabs

* removed tabs from converted

* updated based on feedback

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* added support for 2016 V1R12 DC/MS (#685)

* Fixed: IIS Sever 10.0 STIG hardening rule V-100163 fails with error in Windows Server 2019 while using PowerSTIG 4.4.2 (#689)

* updated PowerSTIG to use AccessControlDsc 1.4.1

* updated composites with AccessControlDsc 1.4.1

* Update PowerSTIG to successfully parse/apply IIS 10.0 Site/Server V1R2 STIGs (#701)

* added support for IIS 10 Site/Server V1R2

* updated IISServer 10 V1R1 org settings file

* Revert "updated IISServer 10 V1R1 org settings file"

This reverts commit 54d4e82.

* added Firefox V4R29 STIG, remove V4R27 (#700)

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Update PowerSTIG to successfully parse/apply SQL Server 2016 Instance V1R10 (#705)

* added SQL 2016 Instance V1R10, removed V1R8

* Updated changelog.md

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* added dns V1R15 (#697)

squash/merge

* Update PowerSTIG To Use xDnsServer version 1.16.0.0 (#703)

* Updated xDnsServer version

* update module version

* updated changelog.md

* upgrade xWebadministration to 3.2.0 (#714)

* added IE 11 STIG - V1R19 (#708)

* Removed Windows Server 2016 DC/MS V1R9 from processed STIGs folder (#710)

* removed old 2016 DC/MS processed STIGs

* updated changelog.md

* Update PowerSTIG to successfully parse/apply IIS Site/Server V1R11 STIGs (#706)

* added support for IIS site/server V1R11

* removed old processed STIGs

* updated AuditPolicyDsc to 1.4.0.0 (#716)

* Allow application of applicable user rights assignments for non-domain and disconnected systems (#719)

* updated based on community feedback

* update based on feedback

* update powerstig to use SecurityPolicyDsc 2.10.0.0 (#717)

* updated PowerSTIG to use ComputerMgmtDsc to 8.4.0 (#721)

* Added SkipRuleCategory support to PowerSTIG

* updating test to be compat with new feature

* updated test configs with dynamic logic

* updated test logic to run get-dscresource once

* updated to disallow skipping doc/man rules

* updated integration dscresource tests

* testing code coverage

* updated registryrule test to include more coverage

* updated sqlscriptqueryrule tests

* updated setScript in Get-ShutdownOnError function

* updated permissionrule tests with add. test case

* updated permRule test to increase code coverage

* updated changelog

* updated test and code coverage threshold

* updated code coverage threshold to 81

* updated CC threshold to 80

Co-authored-by: Eric Jenkins <erjenkin@microsoft.com>

* Fixed Functions.Checklist Manual Checks need to leverage psd1 files - Backward Compat Issue (#751)

* introducing back compat functions to checklist

* new-checklist back compat fix

* updated functions based on feedback

* updated ConvertTo-ManualCheckListHashTable with
 correct property id

* updated changelog.md

* removed unneeded comments.

* updated comment based help.

* updated throw message

* pre-release update (#753)

* Update spacing in DoD logon script (#758)

* updated spacing in rule

* Updated changelog.md

* Functions.Checklist Manual Checks need to leverage psd1 files - Backward Compat Issue (#756)

* fixed issue 746

* update functions based on feedback

* updated function to work correctly with psd1

* updated changelog.md

* updated tests for issue 746

* added support for Outlook 2016 V2R1 (#768)

* Update PowerSTIG to successfully parse/apply Microsoft SQL Server 2016 Instance Version 2; Release 1 (#766)

* added support for 2016 instance 2.1

* removed tabs from xccdf and processed xml

* Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server DNS STIG - Ver 2, Rel 1 (#763)

* updated Dns Server V2R1

* added new line to added DNS STIG

* Update PowerSTIG to successfully parse/apply Microsoft IIS 8.5 SITE/SERVER STIG - Ver 2, Rel 1 (#765)

* updated to add support for iis 8.5 v2r1

* updated org setting

* Update PowerSTIG to successfully parse/apply Microsoft IIS 10 SITE/SERVER STIG - Ver 2, Rel 1 (#764)

* updated to support IIS 10 site/server V2R1

* updated to support IIS 10 site/server V2R1

* update changelog

* updated rule split

* newline

* updated based on feedback

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* Update PowerSTIG to successfully parse/apply Microsoft Office System 2013 STIG - Ver 2, Rel 1 (#770)

* added xccdf, parser changes needed before convert

* add process xml after parser single quote removal

* updated replace statement based on feedback

* Update PowerSTIG to send a warning to the user when using a composite that leverages the new DISA Ids (#773)

* add disa warn msg to composites with new 2.1 stig

* updated changelog.md

* Provide Method to install DoD Root Certs for Server and Client OS (#775)

* initial commit

* updated changelog

* added unit test

* updated module import

* updated composite

* updated after testing

* updated tests

* updated coverted stig

* updated integration tests

* updated based on testing

* updated changelog to kick

* updated due to missing cert on 2019 stigs

* update to build.yaml

* updated based on comments

* updated based on test

* updated based on PR feedback

* Update PowerSTIG to Provide Rule Data from Processed xml (#777)

* create tooling function for rule query by end user

* update changelog.md

* update new functions to dsc guideline standards

* deving exception string tooling

* update function to address u009D in description

* added vulnId to non-detailed output

* merged local with 4.6.0

* updated functions, tests are outstanding

* updated tests.

* added tests for RuleQuery functions.

* update build.yaml to skip broke git changelog test

* mod build.yaml to correct exclusion for changelog

* updated test based on feedback

* Update Windows 10 Client STIGs based on ACAS results (#779)

* update for rule v-63381 acas scan

* update PowerSTIG to parse V-63685

* updated changelog

* updated build yaml for changelog

* merge conflict issue reprocessed stig

Co-authored-by: Brian Wilhite <bcwilhite@live.com>

* updated filehash and changelog

* removed ~merged files

Co-authored-by: Eric Jenkins <erjenkin@microsoft.com>
Co-authored-by: Steve Hose <33662177+stevehose@users.noreply.github.com>

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 ## [Unreleased]
 
+## [4.6.0] - 2020-12-01
+
+* Provide Method to install DoD Root Certs for Server OS and Client OS: [#755](https://github.com/microsoft/PowerStig/issues/755)
+* Update Windows 10 Client STIGs based on ACAS results: [#778](https://github.com/microsoft/PowerStig/issues/778)
+* Update PowerSTIG to Provide Rule Data from Processed xml: [#747](https://github.com/microsoft/PowerStig/issues/747)
+* Update PowerSTIG to send a warning to the user when using a composite that leverages the new DISA Ids: [#772](https://github.com/microsoft/PowerStig/issues/772)
+* Update PowerSTIG to successfully parse/apply Microsoft Office System 2013 STIG - Ver 2, Rel 1: [#769](https://github.com/microsoft/PowerStig/issues/769)
+* Update PowerSTIG to successfully parse/apply Microsoft Windows 2012 Server DNS STIG - Ver 2, Rel 1: [#760](https://github.com/microsoft/PowerStig/issues/760)
+* Update PowerSTIG to successfully parse/apply Microsoft SQL Server 2016 Instance Version 2; Release 1: [#761](https://github.com/microsoft/PowerStig/issues/761)
+* Update PowerSTIG to successfully parse/apply Microsoft Outlook 2016 Version 2; Release 1: [#767](https://github.com/microsoft/PowerStig/issues/767)
+* Update spacing in DoD logon script: [#757](https://github.com/microsoft/PowerStig/issues/757)
+* Update PowerSTIG to Increase Code Coverage of Unit Tests: [#737](https://github.com/microsoft/PowerStig/issues/737)
+* Update PowerSTIG with new SkipRuleSeverity Parameter to skip entire STIG Category/Severity Level(s): [#711](https://github.com/microsoft/PowerStig/issues/711)
+* Update PowerSTIG to successfully parse/apply Microsoft IIS 10 SITE/SERVER STIG - Ver 2, Rel 1: [#759](https://github.com/microsoft/PowerStig/issues/759)
+* Update PowerSTIG to successfully parse/apply IIS 8.5 Site/Server V2R1 STIGs: [#762](https://github.com/microsoft/PowerStig/issues/762)
+
 ## [4.5.1] - 2020-10-12
 
 * Fixed [#746](https://github.com/microsoft/PowerStig/issues/746): Functions.Checklist Manual Checks need to leverage psd1 files - Backward Compat Issue

Tests/Integration/DSCResources/.tests.header.ps1

@@ -1,5 +1,11 @@
 $script:DSCModuleName = 'PowerStig'
 
+# Using global variable so that Get-DscResource will only run when needed
+if ($null -eq $global:getDscResource)
+{
+    $global:getDscResource = Get-DscResource -Module $script:DSCModuleName
+}
+
 $script:projectRoot = Split-Path -Path (Split-Path -Path (Split-Path -Path $PSScriptRoot -Parent) -Parent) -Parent
 $script:buildOutput = Join-Path -Path $projectRoot -ChildPath 'output'
 $script:modulePath = (Get-ChildItem -Path $buildOutput -Filter 'PowerStig.psd1' -Recurse).FullName

Tests/Integration/DSCResources/Adobe.config.ps1

@@ -25,53 +25,34 @@ configuration Adobe_config
         $SkipRuleType,
 
         [Parameter()]
-        [hashtable]
-        $Exception,
+        [string[]]
+        $SkipRuleSeverity,
 
         [Parameter()]
         [hashtable]
-        $BackwardCompatibilityException,
+        $Exception,
 
         [Parameter()]
         [object]
-        $OrgSettings
+        $OrgSettings,
+
+        [Parameter()]
+        [string[]]
+        $ResourceParameters
     )
 
     Import-DscResource -ModuleName PowerStig
 
     Node localhost
     {
-        & ([scriptblock]::Create("
-        Adobe BaseLineSettings
-        {
-            AdobeApp    = '$TechnologyVersion'
-            StigVersion = '$StigVersion'
-            $(if ($OrgSettings -is [hashtable])
-            {
-                "Orgsettings = @{`n$($OrgSettings.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($OrgSettings[$PSItem].Keys), $($OrgSettings[$PSItem][$OrgSettings[$PSItem].Keys]), '}'})}"
-            }
-            elseif ($null -ne $OrgSettings)
-            {
-                "Orgsettings = '$OrgSettings'"
-            })
-            $(if ($null -ne $Exception)
-            {
-                "Exception = @{`n$($Exception.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}"
-            })
-            $(if ($null -ne $BackwardCompatibilityException)
-            {
-                "Exception = @{`n$($BackwardCompatibilityException.Keys |
-                    ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}"
-            })
-            $(if ($null -ne $SkipRule)
-            {
-                "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            })
-        }")
-        )
+        $psboundParams = $PSBoundParameters
+        $psboundParams.AdobeApp = $psboundParams['TechnologyVersion']
+        $psboundParams.Remove('TechnologyRole')
+        $psboundParams.Remove('ConfigurationData')
+        $psboundParams.Remove('TechnologyVersion')
+
+        $resourceParamString = New-ResourceParameterString -ResourceParameters $ResourceParameters -PSBoundParams $psboundParams
+        $resourceScriptBlockString = New-ResourceString -ResourceParameterString $resourceParamString -ResourceName Adobe
+        & ([scriptblock]::Create($resourceScriptBlockString))
     }
 }

Tests/Integration/DSCResources/Adobe.integration.tests.ps1

@@ -7,6 +7,8 @@ $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCCompositeRe
 . $configFile
 
 $stigList = Get-StigVersionTable -CompositeResourceName $script:DSCCompositeResourceName
+$resourceInformation = $global:getDscResource | Where-Object -FilterScript {$PSItem.Name -eq $script:DSCCompositeResourceName}
+$resourceParameters = $resourceInformation.Properties.Name
 
 foreach ($stig in $stigList)
 {
@@ -23,6 +25,13 @@ foreach ($stig in $stigList)
     $skipRuleTypeMultiple = $null
     $expectedSkipRuleTypeMultipleCount = 0 + $blankSkipRuleId.Count
 
+    $singleSkipRuleSeverity = 'CAT_I'
+    $multipleSkipRuleSeverity = 'CAT_I', 'CAT_II'
+    $expectedSingleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $singleSkipRuleSeverity
+    $expectedSingleSkipRuleSeverityCount = ($expectedSingleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+    $expectedMultipleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $multipleSkipRuleSeverity
+    $expectedMultipleSkipRuleSeverityCount = ($expectedMultipleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+
     $getRandomExceptionRuleParams = @{
         RuleType       = 'RegistryRule'
         PowerStigXml   = $powerstigXml

Tests/Integration/DSCResources/Common.integration.ps1

@@ -13,10 +13,11 @@ Describe ($title + " $($stig.StigVersion) mof output") {
     $technologyConfig = "$($script:DSCCompositeResourceName)_config"
 
     $testParameterList = @{
-        TechnologyVersion = $stig.TechnologyVersion
-        TechnologyRole    = $stig.TechnologyRole
-        StigVersion       = $stig.StigVersion
-        OutputPath        = $TestDrive
+        TechnologyVersion  = $stig.TechnologyVersion
+        TechnologyRole     = $stig.TechnologyRole
+        StigVersion        = $stig.StigVersion
+        OutputPath         = $TestDrive
+        ResourceParameters = $resourceParameters
     }
 
     # Add additional test parameters to current test configuration
@@ -89,17 +90,17 @@ Describe ($title + " $($stig.StigVersion) mof output") {
 
         Context 'Single Backward Compatibility Exception' {
             It "Should compile the MOF with STIG exception $($backCompatException.Keys) without throwing" {
-                {& $technologyConfig @testParameterList -BackwardCompatibilityException $backCompatException} | Should -Not -Throw
+                {& $technologyConfig @testParameterList -Exception $backCompatException} | Should -Not -Throw
             }
         }
 
         Context 'Multiple Backward Compatibility Exceptions' {
             It "Should compile the MOF with STIG exceptions $($backCompatExceptionMultiple.Keys) without throwing" {
-                {& $technologyConfig @testParameterList -BackwardCompatibilityException $backCompatExceptionMultiple} | Should -Not -Throw
+                {& $technologyConfig @testParameterList -Exception $backCompatExceptionMultiple} | Should -Not -Throw
             }
         }
 
-        Context 'Single Rule' {
+        Context 'Single Skip Rule' {
             It 'Should compile the MOF without throwing' {
                 {& $technologyConfig @testParameterList -SkipRule $skipRule } | Should -Not -Throw
             }
@@ -115,7 +116,7 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
-        Context 'Multiple Rules' {
+        Context 'Multiple Skip Rules' {
             It 'Should compile the MOF without throwing' {
                 {& $technologyConfig @testParameterList -SkipRule $skipRuleMultiple} | Should -Not -Throw
             }
@@ -133,7 +134,7 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
-        Context "$($stig.TechnologyRole) $($stig.StigVersion) Single Type" {
+        Context "$($stig.TechnologyRole) $($stig.StigVersion) Single Skip Rule Type" {
             It "Should compile the MOF without throwing" {
                 {& $technologyConfig @testParameterList -SkipRuleType $skipRuleType} | Should -Not -Throw
             }
@@ -149,9 +150,9 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
-        Context 'Multiple Types' {
+        Context "$($stig.TechnologyRole) $($stig.StigVersion) Multiple Skip Rule Types" {
             It "Should compile the MOF without throwing" {
-                {& $technologyConfig @testParameterList -SkipruleType $skipRuleTypeMultiple} | Should -Not -Throw
+                {& $technologyConfig @testParameterList -SkipRuleType $skipRuleTypeMultiple} | Should -Not -Throw
             }
             # Gets the mof content
             $configurationDocumentPath = "$TestDrive\localhost.mof"
@@ -165,6 +166,38 @@ Describe ($title + " $($stig.StigVersion) mof output") {
             }
         }
 
+        Context "When $($stig.TechnologyRole) $($stig.StigVersion) Single Skip Rule Severity Category is leveraged" {
+            It "Should compile the MOF with $singleSkipRuleSeverity SkipRuleSeverity without throwing" {
+                {& $technologyConfig @testParameterList -SkipRuleSeverity $singleSkipRuleSeverity} | Should -Not -Throw
+            }
+            # Gets the mof content
+            $configurationDocumentPath = "$TestDrive\localhost.mof"
+            $instances = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($configurationDocumentPath, 4)
+
+            # Counts how many Skips there are and how many there should be.
+            $dscMof = @($instances | Where-Object -FilterScript {$PSItem.ResourceID -match "\[Skip\]"})
+
+            It "Should have $expectedSingleSkipRuleSeverityCount Skipped settings" {
+                $dscMof.Count | Should -Be $expectedSingleSkipRuleSeverityCount
+            }
+        }
+
+        Context "When $($stig.TechnologyRole) $($stig.StigVersion) Multiple Skip Rule Severity Categories are leveraged" {
+            It "Should compile the MOF with $($multipleSkipRuleSeverity -join ',') without throwing" {
+                {& $technologyConfig @testParameterList -SkipRuleSeverity $multipleSkipRuleSeverity} | Should -Not -Throw
+            }
+            # Gets the mof content
+            $configurationDocumentPath = "$TestDrive\localhost.mof"
+            $instances = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($configurationDocumentPath, 4)
+
+            # Counts how many Skips there are and how many there should be.
+            $dscMof = @($instances | Where-Object -FilterScript {$PSItem.ResourceID -match "\[Skip\]"})
+
+            It "Should have $expectedMultipleSkipRuleSeverityCount Skipped settings" {
+                $dscMof.Count | Should -Be $expectedMultipleSkipRuleSeverityCount
+            }
+        }
+
         Context 'OrgSettings' {
             $stigPath = $stig.path.TrimEnd(".xml")
             $orgSettings = $stigPath + ".org.default.xml"

Tests/Integration/DSCResources/Firefox.config.ps1

@@ -25,52 +25,33 @@ configuration Firefox_config
         $SkipRuleType,
 
         [Parameter()]
-        [hashtable]
-        $Exception,
+        [string[]]
+        $SkipRuleSeverity,
 
         [Parameter()]
         [hashtable]
-        $BackwardCompatibilityException,
+        $Exception,
 
         [Parameter()]
         [object]
-        $OrgSettings
+        $OrgSettings,
+
+        [Parameter()]
+        [string[]]
+        $ResourceParameters
     )
 
     Import-DscResource -ModuleName PowerStig
 
     Node localhost
     {
-        & ([scriptblock]::Create("
-        Firefox FirefoxConfiguration
-        {
-            Stigversion = '$StigVersion'
-            $(if ($OrgSettings -is [hashtable])
-            {
-                "Orgsettings = @{`n$($OrgSettings.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($OrgSettings[$PSItem].Keys), $($OrgSettings[$PSItem][$OrgSettings[$PSItem].Keys]), '}'})}"
-            }
-            elseif ($null -ne $OrgSettings)
-            {
-                "Orgsettings = '$OrgSettings'"
-            })
-            $(if ($null -ne $Exception)
-            {
-                "Exception = @{`n$($Exception.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}"
-            })
-            $(if ($null -ne $BackwardCompatibilityException)
-            {
-                "Exception = @{`n$($BackwardCompatibilityException.Keys |
-                    ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}"
-            })
-            $(if ($null -ne $SkipRule)
-            {
-                "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            })
-        }")
-        )
+        $psboundParams = $PSBoundParameters
+        $psboundParams.Remove('TechnologyRole')
+        $psboundParams.Remove('ConfigurationData')
+        $psboundParams.Remove('TechnologyVersion')
+
+        $resourceParamString = New-ResourceParameterString -ResourceParameters $ResourceParameters -PSBoundParams $psboundParams
+        $resourceScriptBlockString = New-ResourceString -ResourceParameterString $resourceParamString -ResourceName Firefox
+        & ([scriptblock]::Create($resourceScriptBlockString))
     }
 }

Tests/Integration/DSCResources/Firefox.integration.tests.ps1

@@ -7,6 +7,8 @@ $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCCompositeRe
 . $configFile
 
 $stigList = Get-StigVersionTable -CompositeResourceName $script:DSCCompositeResourceName
+$resourceInformation = $global:getDscResource | Where-Object -FilterScript {$PSItem.Name -eq $script:DSCCompositeResourceName}
+$resourceParameters = $resourceInformation.Properties.Name
 
 foreach ($stig in $stigList)
 {
@@ -23,6 +25,13 @@ foreach ($stig in $stigList)
     $skipRuleTypeMultiple = $null
     $expectedSkipRuleTypeMultipleCount = 0 + $blankSkipRuleId.Count
 
+    $singleSkipRuleSeverity = 'CAT_I'
+    $multipleSkipRuleSeverity = 'CAT_I', 'CAT_II'
+    $expectedSingleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $singleSkipRuleSeverity
+    $expectedSingleSkipRuleSeverityCount = ($expectedSingleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+    $expectedMultipleSkipRuleSeverity = Get-CategoryRule -PowerStigXml $powerstigXml -RuleCategory $multipleSkipRuleSeverity
+    $expectedMultipleSkipRuleSeverityCount = ($expectedMultipleSkipRuleSeverity | Measure-Object).Count + $blankSkipRuleId.Count
+
     $getRandomExceptionRuleParams = @{
         RuleType       = 'FileContentRule'
         PowerStigXml   = $powerstigXml

Tests/Integration/DSCResources/IisServer.config.ps1

@@ -24,13 +24,17 @@ configuration IisServer_Config
         [string[]]
         $SkipRuleType,
 
+        [Parameter()]
+        [string[]]
+        $SkipRuleSeverity,
+
         [Parameter()]
         [hashtable]
         $Exception,
 
         [Parameter()]
-        [hashtable]
-        $BackwardCompatibilityException,
+        [string[]]
+        $ResourceParameters,
 
         [Parameter()]
         [object]
@@ -46,42 +50,14 @@ configuration IisServer_Config
 
     Node localhost
     {
-        & ([scriptblock]::Create("
-        IisServer ServerConfiguration
-        {
-            IisVersion  = '$TechnologyVersion'
-            StigVersion = '$StigVersion'
-            LogPath     = '$LogPath'
-            $(if ($OrgSettings -is [hashtable])
-            {
-                "Orgsettings = @{`n$($OrgSettings.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($OrgSettings[$PSItem].Keys), $($OrgSettings[$PSItem][$OrgSettings[$PSItem].Keys]), '}'})}"
-            }
-            elseif ($null -ne $OrgSettings)
-            {
-                "Orgsettings = '$OrgSettings'"
-            })
-            $(if ($null -ne $Exception)
-            {
-                "Exception = @{`n$($Exception.Keys |
-                    ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f
-                        $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}"
-            })
-            $(if ($null -ne $BackwardCompatibilityException)
-            {
-                "Exception = @{`n$($BackwardCompatibilityException.Keys |
-                    ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}"
-            })
-            $(if ($null -ne $SkipRule)
-            {
-                "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            }
-            if ($null -ne $SkipRuleType)
-            {
-                "SkipRuleType = @($( ($SkipRuleType | ForEach-Object {"'$PSItem'"}) -join ',' ))`n"
-            })
-        }")
-        )
+        $psboundParams = $PSBoundParameters
+        $psboundParams.IisVersion = $psboundParams['TechnologyVersion']
+        $psboundParams.Remove('TechnologyRole')
+        $psboundParams.Remove('ConfigurationData')
+        $psboundParams.Remove('TechnologyVersion')
+
+        $resourceParamString = New-ResourceParameterString -ResourceParameters $ResourceParameters -PSBoundParams $psboundParams
+        $resourceScriptBlockString = New-ResourceString -ResourceParameterString $resourceParamString -ResourceName IisServer
+        & ([scriptblock]::Create($resourceScriptBlockString))
     }
 }