2

I'm working with DISA STIG xml files, and having some issues. They use an XSL stylesheet file, so when I do a get-content on it all I get is three properties (Benchmark, xml, xml-stylesheet), zero child nodes. I've been looking for DAYS now how to actually be able to parse / search in the actual nodes inside the original XML files, for example to find or such.

It seems that 

$STIG = [xml]$XmlDocument = Get-Content -Path "$Path\U_IIS_8-5_Server_STIG_V1R2_Manual-xccdf.xml"

only has

xml                            xml-stylesheet                          Benchmark
---                            --------------                          ---------
version="1.0" encoding="utf-8" type='text/xsl' href='STIG_unclass.xsl' Benchmark

And I can't figure out how to turn this XML into an XML I can actually search, parse, etc.

Anthony Mastrean
  • 21,850
  • 21
  • 110
  • 188
Matthew Hunt
  • 33
  • 1
  • 5
  • Isn't the `Benchmark` you see simply the root element of the XML document and then allows you to navigate down with e.g. `$STIG.Benchmark`? – Martin Honnen Mar 07 '18 at 15:17

1 Answers1

0

PowerShell converts [xml] documents into deep/complex objects. I downloaded a STIG document and loaded it like so

PS> $xml = [xml](Get-Content .\U_A10_Networks_ADC_ALG_STIG_V1R1_Manual-xccdf.xml)

Now, you can evaluate the object

PS> $xml

xml                            xml-stylesheet                          Benchmark
---                            --------------                          ---------
version="1.0" encoding="utf-8" type='text/xsl' href='STIG_unclass.xsl' Benchmark

Or traverse its properties.

PS> $xml.Benchmark


dsig           : http://www.w3.org/2000/09/xmldsig#
xsi            : http://www.w3.org/2001/XMLSchema-instance
cpe            : http://cpe.mitre.org/language/2.0
xhtml          : http://www.w3.org/1999/xhtml
dc             : http://purl.org/dc/elements/1.1/
id             : A10_Networks_ADC_ALG_STIG
lang           : en
schemaLocation : http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd
                 http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd
xmlns          : http://checklists.nist.gov/xccdf/1.1
status         : status
title          : A10 Networks ADC ALG Security Technical Implementation Guide
description    : This Security Technical Implementation Guide is published as a tool to improve the security of
                 Department of Defense (DoD) information systems. The requirements are derived from the National
                 Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed
                 revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.
notice         : notice
reference      : reference
plain-text     : plain-text
version        : 1
Profile        : {Profile, Profile, Profile, Profile...}
Group          : {Group, Group, Group, Group...}

Looks like the majority of the information is down this path:

$xml.Benchmark.Group.Rule
Anthony Mastrean
  • 21,850
  • 21
  • 110
  • 188