Framework/Listeners/Webhook/WebhookOutput.ps1

Set-StrictMode -Version Latest 

class WebhookOutput: ListenerBase
{        
    hidden static [WebhookOutput] $Instance = $null;  
    #Default source is kept as SDL / PowerShell.
    #This value must be set in respective environment i.e. CICD,CA
    [string] $WebhookSource;

    WebhookOutput()
    {
        
    }


    static [WebhookOutput] GetInstance()
    {
        if($null -eq [WebhookOutput]::Instance)
        {
            [WebhookOutput]::Instance = [WebhookOutput]::new();
        }
        return [WebhookOutput]::Instance;
    }

    [void] RegisterEvents()
    {
        $this.UnregisterEvents();

        $this.RegisterEvent([SVTEvent]::EvaluationCompleted, {
            $currentInstance = [WebhookOutput]::GetInstance();
            try
            {
                $currentInstance.WriteControlResult([SVTEventContext[]] ($Event.SourceArgs));
            }
            catch
            {
                $currentInstance.PublishException($_);
            }
        });
    }

    hidden [void] WriteControlResult([SVTEventContext[]] $eventContextAll)
    {
        try
        {
            $settings = [ConfigurationManager]::GetAzSKSettings()
            $tempBodyObjectsAll = [System.Collections.ArrayList]::new()

            if(-not [string]::IsNullOrWhiteSpace($settings.WebhookSource))
            {
                $this.WebhookSource = $settings.WebhookSource
            }

            if(-not [string]::IsNullOrWhiteSpace($settings.WebhookUrl))
            {
                $eventContextAll | ForEach-Object{
                $eventContext = $_
                    $tempBodyObjects = $this.GetWebhookBodyObjects($this.WebhookSource,$eventContext) #need to prioritize this
                    $tempBodyObjects | ForEach-Object{
                    Set-Variable -Name tempBody -Value $_ -Scope Local
                    $tempBodyObjectsAll.Add($tempBody)
                    
                }
                }

                PostWebhookData `
                        -webHookUrl $settings.WebhookUrl `
                        -authZHeaderName $settings.WebhookAuthZHeaderName `
                        -authZHeaderValue $settings.WebhookAuthZHeaderValue `
                        -eventBody $tempBodyObjectsAll `
                        -logType $settings.WebhookType
                        #Currently logType param is not used
                          
            }
        }
        catch
        {
            [Exception] $ex = [Exception]::new(("Invalid Webhook Settings: " + $_.Exception.ToString()), $_.Exception)
            throw [SuppressedException] $ex
        }
    }

    hidden [PSObject[]] GetWebhookBodyObjects([string] $Source,[SVTEventContext] $eventContext)
    {
        [PSObject[]] $output = @();
        [array] $eventContext.ControlResults | ForEach-Object{
            Set-Variable -Name ControlResult -Value $_ -Scope Local
            $out = "" | Select-Object ResourceType, ResourceGroup, Reference, ResourceName, ChildResourceName, ControlStatus, ActualVerificationResult, ControlId, SubscriptionName, SubscriptionId, FeatureName, Source, Recommendation, ControlSeverity, TimeTakenInMs, AttestationStatus, AttestedBy, Justification
            if($eventContext.IsResource())
            {
                $out.ResourceType=$eventContext.ResourceContext.ResourceType
                $out.ResourceGroup=$eventContext.ResourceContext.ResourceGroupName            
                $out.ResourceName=$eventContext.ResourceContext.ResourceName
                $out.ChildResourceName=$ControlResult.ChildResourceName
            }

            $out.Reference=$eventContext.Metadata.Reference
            $out.ControlStatus=$ControlResult.VerificationResult.ToString()
            $out.ActualVerificationResult=$ControlResult.ActualVerificationResult.ToString()
            $out.ControlId=$eventContext.ControlItem.ControlID
            $out.SubscriptionName=$eventContext.SubscriptionContext.SubscriptionName
            $out.SubscriptionId=$eventContext.SubscriptionContext.SubscriptionId
            $out.FeatureName=$eventContext.FeatureName
            $out.Recommendation=$eventContext.ControlItem.Recommendation
            $out.ControlSeverity=$eventContext.ControlItem.ControlSeverity.ToString()
            $out.Source=$Source

            #mapping the attestation properties
            if($null -ne $ControlResult -and $null -ne $ControlResult.StateManagement -and $null -ne $ControlResult.StateManagement.AttestedStateData)
            {
                $attestedData = $ControlResult.StateManagement.AttestedStateData;
                $out.AttestationStatus = $ControlResult.AttestationStatus.ToString();
                $out.AttestedBy = $attestedData.AttestedBy;
                $out.Justification = $attestedData.Justification;
            }
            
            #$out.TimeTakenInMs=[int] $Metrics["TimeTakenInMs"]
            $output += $out
        }
        return $output    
    }
}


function PostWebhookData($webHookUrl, $authZHeaderName, $authZHeaderValue, $eventBody, $logType)
{
    #$now = [DateTime]::Now.DateTime
    #$eventDataX = @{"event" = "Hello Splunk! This is AzSK speaking @ $now"} | ConvertTo-Json

    $eventJson = @{
        "event" = $eventBody
    } | ConvertTo-Json

    $defaultSecurityProtocol = $null
    try
    {
        [TertiaryBool] $AllowSelfSignedWebhookCertificate = [TertiaryBool]::NotSet;
        $AllowSelfSignedWebhookCertificate = [ConfigurationManager]::GetLocalAzSKSettings().AllowSelfSignedWebhookCertificate;
        if($AllowSelfSignedWebhookCertificate -eq [TertiaryBool]::NotSet)
        {
            $serverAllowSelfSignedWebhookCertificate = [ConfigurationManager]::GetAzSKConfigData().AllowSelfSignedWebhookCertificate;
            if($serverAllowSelfSignedWebhookCertificate)
            {
                $AllowSelfSignedWebhookCertificate = [TertiaryBool]::True;
            }
            else
            {
                $AllowSelfSignedWebhookCertificate = [TertiaryBool]::False;
            }
        }
        if($AllowSelfSignedWebhookCertificate -eq [TertiaryBool]::NotSet)
        {
            $AllowSelfSignedWebhookCertificate = [TertiaryBool]::False;
        }

        if($AllowSelfSignedWebhookCertificate -ne [TertiaryBool]::False)
        {
            [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
        }
        $defaultSecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol
        [System.Net.ServicePointManager]::SecurityProtocol = `
                    [System.Net.SecurityProtocolType]::Tls12
    
        if (-not [String]::IsNullOrWhiteSpace($authZHeaderValue))
        {
            $response = Invoke-WebRequest `
                        -Uri $webhookUrl `
                        -Method "Post" `
                        -Body $eventJson `
                        -Header @{ $authZHeaderName = $authZHeaderValue} 
        }
        else 
        {
            $response = Invoke-WebRequest `
                        -Uri $webhookUrl `
                        -Method "Post" `
                        -Body $eventJson
        }
    }
    catch 
    {
        $msg = $_.Exception.Message
        $status = $_.Exception.Status
        $hr = "{0:x8}" -f ($_.Exception.HResult)
        $innerException = $_.Exception.InnerException
        #Just issue a warning as about being unable to send notification...
        Write-Warning("`n`t[$status] `n`t[0x$hr] `n`t[$msg] `n`t[$innerException]")
    }
    finally 
    {
        # Set securityProtocol and CertValidation behavior back to default state.
        [System.Net.ServicePointManager]::SecurityProtocol = $defaultSecurityProtocol
        [System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null
    }
}