heimdall_tools 1.3.23 → 1.3.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 87c18b112ab38b1f06c4e7e85041c5c4d388d974c8ce256fdf928dbc4e2ecdf5
4
- data.tar.gz: f7fcefb5bc73c34fa17039cc2b40a068fbf754a8a7b9a07e35c4d6ad1dace8eb
3
+ metadata.gz: 5d1e11d1521f5cb405e5900b4e799001c7351dc584b42e99ccf2d5fb0a84c361
4
+ data.tar.gz: e68d4a5e7b90f4f1158c08d0c305f95f2d8fa57d3cae075879ec4a494b576202
5
5
  SHA512:
6
- metadata.gz: 983087a23a15d02b927b43e07ab5fa84451aa6d09bf6feba0acdbd3c24d2710374d2fde2e8b140650bdb1dcf90a5490a651c1672d0f8b4b2a05abc688136e041
7
- data.tar.gz: 717f833a3901385a7d15869f019c1ccacb2a9cdf9c9f4107e08b574620164596fcfcb00a050c7c4e3b9aed2aa6ff749e93fd095d3767e9d25dfbed5a8927ce91
6
+ metadata.gz: 4e14d8c4ad154009ff553d751b86d9d81b6de04169988ddc7ac2ac0d1f3bd1b43b9ce8dcbb2e18b7bb6c5720a3c4d300e14bad6b151d96242417586be304a0ac
7
+ data.tar.gz: 9347a1672c14849d11538b72e60aa6aa4b4ee56aaecb6e9e387869be8e88197b499b4b358c29cf2d6389992721ba05e61bd2262b01ab4f78be072a6da2e07c16
data/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  # Changelog
2
2
 
3
+ ## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
4
+
5
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...HEAD)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Converter: Burp Suite Pro [\#28](https://github.com/mitre/heimdall_tools/issues/28)
10
+
11
+ **Fixed bugs:**
12
+
13
+ - \[Bug\] Import mapping csvs by relative path [\#41](https://github.com/mitre/heimdall_tools/issues/41)
14
+
15
+ **Merged pull requests:**
16
+
17
+ - Update to pull data csvs by relative path [\#42](https://github.com/mitre/heimdall_tools/pull/42) ([rx294](https://github.com/rx294))
18
+ - Burpsuite mapper [\#40](https://github.com/mitre/heimdall_tools/pull/40) ([rx294](https://github.com/rx294))
19
+
20
+ ## [v1.3.23](https://github.com/mitre/heimdall_tools/tree/v1.3.23) (2020-03-31)
21
+
22
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre5...v1.3.23)
23
+
3
24
  ## [v1.3.23.pre5](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre5) (2020-03-31)
4
25
 
5
26
  [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre4...v1.3.23.pre5)
data/README.md CHANGED
@@ -1,7 +1,6 @@
1
1
  # Heimdall Tools
2
2
 
3
3
  ![Overall Status](https://github.com/mitre/heimdall_tools/workflows/heimdall_tools/badge.svg)
4
-
5
4
  ![Heimdall Tools Build](https://github.com/mitre/heimdall_tools/workflows/Build%20and%20release%20gem/badge.svg)
6
5
 
7
6
  HeimdallTools supplies several methods to convert output from various tools to "Heimdall Data Format"(HDF) format to be viewable in Heimdall. The current converters are:
@@ -9,8 +8,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
9
8
  - **sonarqube_mapper** - open-source static code analysis tool
10
9
  - **fortify_mapper** - commercial static code analysis tool
11
10
  - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
12
-
13
- # Prerequisites
11
+ - **burpsuite_mapper** - commercial dynamic analysis tool
14
12
 
15
13
  Ruby 2.4 or higher (check using "ruby -v")
16
14
 
@@ -107,7 +105,22 @@ FLAGS:
107
105
  example: heimdall_tools zap_mapper -j zap_results.json -n site_name -o scan_results.json
108
106
  ```
109
107
 
110
- ## version
108
+ ## burpsuite_mapper
109
+
110
+ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
111
+
112
+ ```
113
+ USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
114
+
115
+ FLAGS:
116
+ -x --json <zap-json> : path to BurpSuitePro exported XML results file.
117
+ -o --output <scan-results> : path to output scan-results json.
118
+ -V --verbose : verbose run [optional].
119
+
120
+ example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
121
+ ```
122
+
123
+ ## version
111
124
 
112
125
  Prints out the gem version
113
126
 
@@ -8,4 +8,5 @@ module HeimdallTools
8
8
  autoload :FortifyMapper, 'heimdall_tools/fortify_mapper'
9
9
  autoload :ZapMapper, 'heimdall_tools/zap_mapper'
10
10
  autoload :SonarQubeMapper, 'heimdall_tools/sonarqube_mapper'
11
+ autoload :BurpSuiteMapper, 'heimdall_tools/burpsuite_mapper'
11
12
  end
@@ -0,0 +1,138 @@
1
+ require 'json'
2
+ require 'csv'
3
+ require 'heimdall_tools/hdf'
4
+ require 'utilities/xml_to_hash'
5
+
6
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
7
+
8
+ CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
9
+
10
+ IMPACT_MAPPING = {
11
+ High: 0.7,
12
+ Medium: 0.5,
13
+ Low: 0.3,
14
+ Information: 0.3
15
+ }.freeze
16
+
17
+ CWE_REGEX = 'CWE-(\d*):'.freeze
18
+
19
+ DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze
20
+
21
+ # rubocop:disable Metrics/AbcSize
22
+
23
+ module HeimdallTools
24
+ class BurpSuiteMapper
25
+ def initialize(burps_xml, name=nil, verbose = false)
26
+ @burps_xml = burps_xml
27
+ @verbose = verbose
28
+
29
+ begin
30
+ @cwe_nist_mapping = parse_mapper
31
+ data = xml_to_hash(burps_xml)
32
+
33
+ @issues = data['issues']['issue']
34
+ @burpVersion = data['issues']['burpVersion']
35
+ @timestamp = data['issues']['exportTime']
36
+
37
+ rescue StandardError => e
38
+ raise "Invalid Burpsuite XML file provided Exception: #{e}"
39
+ end
40
+
41
+ end
42
+
43
+ def parse_html(block)
44
+ Nokogiri::HTML(block['#cdata-section']).text.to_s.strip unless block.nil?
45
+ end
46
+
47
+ def finding(issue)
48
+ finding = {}
49
+ finding['status'] = 'failed'
50
+ finding['code_desc'] = format_code_desc(issue)
51
+ finding['run_time'] = NA_FLOAT
52
+ finding['start_time'] = @timestamp
53
+ [finding]
54
+ end
55
+
56
+ def format_code_desc(issue)
57
+ desc = ''
58
+ desc += "Host: ip: #{issue['host']['ip']}, url: #{issue['host']['text']}\n"
59
+ desc += "Location: #{parse_html(issue['location'])}\n"
60
+ desc += "issueDetail: #{parse_html(issue['issueDetail'])}\n" unless issue['issueDetail'].nil?
61
+ desc += "confidence: #{issue['confidence']}\n" unless issue['confidence'].nil?
62
+ desc
63
+ end
64
+
65
+ def nist_tag(cweid)
66
+ entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
67
+ tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
68
+ tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
69
+ end
70
+
71
+ def parse_cwe(text)
72
+ reg = Regexp.new(CWE_REGEX, Regexp::IGNORECASE)
73
+ text.scan(reg).map(&:first)
74
+ end
75
+
76
+ def impact(severity)
77
+ IMPACT_MAPPING[severity.to_sym]
78
+ end
79
+
80
+ def parse_mapper
81
+ csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
82
+ headers: true,
83
+ header_converters: :symbol,
84
+ converters: :all })
85
+ csv_data.map(&:to_hash)
86
+ end
87
+
88
+ def desc_tags(data, label)
89
+ { "data": data || NA_STRING, "label": label || NA_STRING }
90
+ end
91
+
92
+ # Burpsuite report could have multiple issue entries for multiple findings of same issue type.
93
+ # The meta data is identical across entries
94
+ # method collapse_duplicates return unique controls with applicable findings collapsed into it.
95
+ def collapse_duplicates(controls)
96
+ unique_controls = []
97
+
98
+ controls.map { |x| x['id'] }.uniq.each do |id|
99
+ collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
100
+ unique_control = controls.find { |x| x['id'].eql?(id) }
101
+ unique_control['results'] = collapsed_results.flatten
102
+ unique_controls << unique_control
103
+ end
104
+ unique_controls
105
+ end
106
+
107
+ def to_hdf
108
+ controls = []
109
+ @issues.each do |issue|
110
+ @item = {}
111
+ @item['id'] = issue['type'].to_s
112
+ @item['title'] = parse_html(issue['name'])
113
+ @item['desc'] = parse_html(issue['issueBackground'])
114
+ @item['impact'] = impact(issue['severity'])
115
+ @item['tags'] = {}
116
+ @item['descriptions'] = []
117
+ @item['descriptions'] << desc_tags(parse_html(issue['issueBackground']), 'check')
118
+ @item['descriptions'] << desc_tags(parse_html(issue['remediationBackground']), 'fix')
119
+ @item['refs'] = NA_ARRAY
120
+ @item['source_location'] = NA_HASH
121
+ @item['tags']['nist'] = nist_tag(parse_cwe(parse_html(issue['vulnerabilityClassifications'])))
122
+ @item['tags']['cweid'] = parse_html(issue['vulnerabilityClassifications'])
123
+ @item['tags']['confidence'] = issue['confidence'].to_s
124
+ @item['code'] = ''
125
+ @item['results'] = finding(issue)
126
+
127
+ controls << @item
128
+ end
129
+ controls = collapse_duplicates(controls)
130
+ results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
131
+ version: @burpVersion,
132
+ title: "BurpSuite Pro Scan",
133
+ summary: "BurpSuite Pro Scan",
134
+ controls: controls)
135
+ results.to_hdf
136
+ end
137
+ end
138
+ end
@@ -35,6 +35,16 @@ module HeimdallTools
35
35
  File.write(options[:output], hdf)
36
36
  end
37
37
 
38
+ desc 'burpsuite_mapper', 'burpsuite_mapper translates Burpsuite xml report to HDF format Json be viewed on Heimdall'
39
+ long_desc Help.text(:burpsuite_mapper)
40
+ option :xml, required: true, aliases: '-x'
41
+ option :output, required: true, aliases: '-o'
42
+ option :verbose, type: :boolean, aliases: '-V'
43
+ def burpsuite_mapper
44
+ hdf = HeimdallTools::BurpSuiteMapper.new(File.read(options[:xml])).to_hdf
45
+ File.write(options[:output], hdf)
46
+ end
47
+
38
48
  desc 'version', 'prints version'
39
49
  def version
40
50
  puts VERSION
@@ -2,6 +2,7 @@ require 'json'
2
2
  require 'heimdall_tools/version'
3
3
  require 'openssl'
4
4
 
5
+ NA_STRING = "".freeze
5
6
  NA_TAG = nil.freeze
6
7
  NA_ARRAY = [].freeze
7
8
  NA_HASH = {}.freeze
@@ -0,0 +1,5 @@
1
+ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
2
+
3
+ Examples:
4
+
5
+ heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
@@ -3,9 +3,11 @@ require 'json'
3
3
  require 'csv'
4
4
  require 'heimdall_tools/hdf'
5
5
 
6
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
7
+
6
8
  MAPPING_FILES = {
7
- cwe: './lib/data/cwe-nist-mapping.csv'.freeze,
8
- owasp: './lib/data/owasp-nist-mapping.csv'.freeze
9
+ cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
10
+ owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
9
11
  }.freeze
10
12
 
11
13
  IMPACT_MAPPING = {
@@ -4,7 +4,9 @@ require 'csv'
4
4
  require 'heimdall_tools/hdf'
5
5
 
6
6
 
7
- CWE_NIST_MAPPING_FILE = './lib/data/cwe-nist-mapping.csv'.freeze
7
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
8
+
9
+ CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
8
10
 
9
11
  # rubocop:disable Metrics/AbcSize
10
12
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.23
4
+ version: 1.3.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2020-03-31 00:00:00.000000000 Z
13
+ date: 2020-04-07 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: nokogiri
@@ -213,11 +213,13 @@ files:
213
213
  - lib/data/gitkeep
214
214
  - lib/data/owasp-nist-mapping.csv
215
215
  - lib/heimdall_tools.rb
216
+ - lib/heimdall_tools/burpsuite_mapper.rb
216
217
  - lib/heimdall_tools/cli.rb
217
218
  - lib/heimdall_tools/command.rb
218
219
  - lib/heimdall_tools/fortify_mapper.rb
219
220
  - lib/heimdall_tools/hdf.rb
220
221
  - lib/heimdall_tools/help.rb
222
+ - lib/heimdall_tools/help/burpsuite_mapper.md
221
223
  - lib/heimdall_tools/help/fortify_mapper.md
222
224
  - lib/heimdall_tools/help/sonarqube_mapper.md
223
225
  - lib/heimdall_tools/help/zap_mapper.md