heimdall_tools 1.3.23 → 1.3.24

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 87c18b112ab38b1f06c4e7e85041c5c4d388d974c8ce256fdf928dbc4e2ecdf5
4
- data.tar.gz: f7fcefb5bc73c34fa17039cc2b40a068fbf754a8a7b9a07e35c4d6ad1dace8eb
3
+ metadata.gz: 5d1e11d1521f5cb405e5900b4e799001c7351dc584b42e99ccf2d5fb0a84c361
4
+ data.tar.gz: e68d4a5e7b90f4f1158c08d0c305f95f2d8fa57d3cae075879ec4a494b576202
5
5
  SHA512:
6
- metadata.gz: 983087a23a15d02b927b43e07ab5fa84451aa6d09bf6feba0acdbd3c24d2710374d2fde2e8b140650bdb1dcf90a5490a651c1672d0f8b4b2a05abc688136e041
7
- data.tar.gz: 717f833a3901385a7d15869f019c1ccacb2a9cdf9c9f4107e08b574620164596fcfcb00a050c7c4e3b9aed2aa6ff749e93fd095d3767e9d25dfbed5a8927ce91
6
+ metadata.gz: 4e14d8c4ad154009ff553d751b86d9d81b6de04169988ddc7ac2ac0d1f3bd1b43b9ce8dcbb2e18b7bb6c5720a3c4d300e14bad6b151d96242417586be304a0ac
7
+ data.tar.gz: 9347a1672c14849d11538b72e60aa6aa4b4ee56aaecb6e9e387869be8e88197b499b4b358c29cf2d6389992721ba05e61bd2262b01ab4f78be072a6da2e07c16
data/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  # Changelog
2
2
 
3
+ ## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
4
+
5
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...HEAD)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Converter: Burp Suite Pro [\#28](https://github.com/mitre/heimdall_tools/issues/28)
10
+
11
+ **Fixed bugs:**
12
+
13
+ - \[Bug\] Import mapping csvs by relative path [\#41](https://github.com/mitre/heimdall_tools/issues/41)
14
+
15
+ **Merged pull requests:**
16
+
17
+ - Update to pull data csvs by relative path [\#42](https://github.com/mitre/heimdall_tools/pull/42) ([rx294](https://github.com/rx294))
18
+ - Burpsuite mapper [\#40](https://github.com/mitre/heimdall_tools/pull/40) ([rx294](https://github.com/rx294))
19
+
20
+ ## [v1.3.23](https://github.com/mitre/heimdall_tools/tree/v1.3.23) (2020-03-31)
21
+
22
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre5...v1.3.23)
23
+
3
24
  ## [v1.3.23.pre5](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre5) (2020-03-31)
4
25
 
5
26
  [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre4...v1.3.23.pre5)
data/README.md CHANGED
@@ -1,7 +1,6 @@
1
1
  # Heimdall Tools
2
2
 
3
3
  ![Overall Status](https://github.com/mitre/heimdall_tools/workflows/heimdall_tools/badge.svg)
4
-
5
4
  ![Heimdall Tools Build](https://github.com/mitre/heimdall_tools/workflows/Build%20and%20release%20gem/badge.svg)
6
5
 
7
6
  HeimdallTools supplies several methods to convert output from various tools to "Heimdall Data Format"(HDF) format to be viewable in Heimdall. The current converters are:
@@ -9,8 +8,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
9
8
  - **sonarqube_mapper** - open-source static code analysis tool
10
9
  - **fortify_mapper** - commercial static code analysis tool
11
10
  - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
12
-
13
- # Prerequisites
11
+ - **burpsuite_mapper** - commercial dynamic analysis tool
14
12
 
15
13
  Ruby 2.4 or higher (check using "ruby -v")
16
14
 
@@ -107,7 +105,22 @@ FLAGS:
107
105
  example: heimdall_tools zap_mapper -j zap_results.json -n site_name -o scan_results.json
108
106
  ```
109
107
 
110
- ## version
108
+ ## burpsuite_mapper
109
+
110
+ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
111
+
112
+ ```
113
+ USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
114
+
115
+ FLAGS:
116
+ -x --json <zap-json> : path to BurpSuitePro exported XML results file.
117
+ -o --output <scan-results> : path to output scan-results json.
118
+ -V --verbose : verbose run [optional].
119
+
120
+ example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
121
+ ```
122
+
123
+ ## version
111
124
 
112
125
  Prints out the gem version
113
126
 
@@ -8,4 +8,5 @@ module HeimdallTools
8
8
  autoload :FortifyMapper, 'heimdall_tools/fortify_mapper'
9
9
  autoload :ZapMapper, 'heimdall_tools/zap_mapper'
10
10
  autoload :SonarQubeMapper, 'heimdall_tools/sonarqube_mapper'
11
+ autoload :BurpSuiteMapper, 'heimdall_tools/burpsuite_mapper'
11
12
  end
@@ -0,0 +1,138 @@
1
+ require 'json'
2
+ require 'csv'
3
+ require 'heimdall_tools/hdf'
4
+ require 'utilities/xml_to_hash'
5
+
6
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
7
+
8
+ CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
9
+
10
+ IMPACT_MAPPING = {
11
+ High: 0.7,
12
+ Medium: 0.5,
13
+ Low: 0.3,
14
+ Information: 0.3
15
+ }.freeze
16
+
17
+ CWE_REGEX = 'CWE-(\d*):'.freeze
18
+
19
+ DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze
20
+
21
+ # rubocop:disable Metrics/AbcSize
22
+
23
+ module HeimdallTools
24
+ class BurpSuiteMapper
25
+ def initialize(burps_xml, name=nil, verbose = false)
26
+ @burps_xml = burps_xml
27
+ @verbose = verbose
28
+
29
+ begin
30
+ @cwe_nist_mapping = parse_mapper
31
+ data = xml_to_hash(burps_xml)
32
+
33
+ @issues = data['issues']['issue']
34
+ @burpVersion = data['issues']['burpVersion']
35
+ @timestamp = data['issues']['exportTime']
36
+
37
+ rescue StandardError => e
38
+ raise "Invalid Burpsuite XML file provided Exception: #{e}"
39
+ end
40
+
41
+ end
42
+
43
+ def parse_html(block)
44
+ Nokogiri::HTML(block['#cdata-section']).text.to_s.strip unless block.nil?
45
+ end
46
+
47
+ def finding(issue)
48
+ finding = {}
49
+ finding['status'] = 'failed'
50
+ finding['code_desc'] = format_code_desc(issue)
51
+ finding['run_time'] = NA_FLOAT
52
+ finding['start_time'] = @timestamp
53
+ [finding]
54
+ end
55
+
56
+ def format_code_desc(issue)
57
+ desc = ''
58
+ desc += "Host: ip: #{issue['host']['ip']}, url: #{issue['host']['text']}\n"
59
+ desc += "Location: #{parse_html(issue['location'])}\n"
60
+ desc += "issueDetail: #{parse_html(issue['issueDetail'])}\n" unless issue['issueDetail'].nil?
61
+ desc += "confidence: #{issue['confidence']}\n" unless issue['confidence'].nil?
62
+ desc
63
+ end
64
+
65
+ def nist_tag(cweid)
66
+ entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
67
+ tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
68
+ tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
69
+ end
70
+
71
+ def parse_cwe(text)
72
+ reg = Regexp.new(CWE_REGEX, Regexp::IGNORECASE)
73
+ text.scan(reg).map(&:first)
74
+ end
75
+
76
+ def impact(severity)
77
+ IMPACT_MAPPING[severity.to_sym]
78
+ end
79
+
80
+ def parse_mapper
81
+ csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
82
+ headers: true,
83
+ header_converters: :symbol,
84
+ converters: :all })
85
+ csv_data.map(&:to_hash)
86
+ end
87
+
88
+ def desc_tags(data, label)
89
+ { "data": data || NA_STRING, "label": label || NA_STRING }
90
+ end
91
+
92
+ # Burpsuite report could have multiple issue entries for multiple findings of same issue type.
93
+ # The meta data is identical across entries
94
+ # method collapse_duplicates return unique controls with applicable findings collapsed into it.
95
+ def collapse_duplicates(controls)
96
+ unique_controls = []
97
+
98
+ controls.map { |x| x['id'] }.uniq.each do |id|
99
+ collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
100
+ unique_control = controls.find { |x| x['id'].eql?(id) }
101
+ unique_control['results'] = collapsed_results.flatten
102
+ unique_controls << unique_control
103
+ end
104
+ unique_controls
105
+ end
106
+
107
+ def to_hdf
108
+ controls = []
109
+ @issues.each do |issue|
110
+ @item = {}
111
+ @item['id'] = issue['type'].to_s
112
+ @item['title'] = parse_html(issue['name'])
113
+ @item['desc'] = parse_html(issue['issueBackground'])
114
+ @item['impact'] = impact(issue['severity'])
115
+ @item['tags'] = {}
116
+ @item['descriptions'] = []
117
+ @item['descriptions'] << desc_tags(parse_html(issue['issueBackground']), 'check')
118
+ @item['descriptions'] << desc_tags(parse_html(issue['remediationBackground']), 'fix')
119
+ @item['refs'] = NA_ARRAY
120
+ @item['source_location'] = NA_HASH
121
+ @item['tags']['nist'] = nist_tag(parse_cwe(parse_html(issue['vulnerabilityClassifications'])))
122
+ @item['tags']['cweid'] = parse_html(issue['vulnerabilityClassifications'])
123
+ @item['tags']['confidence'] = issue['confidence'].to_s
124
+ @item['code'] = ''
125
+ @item['results'] = finding(issue)
126
+
127
+ controls << @item
128
+ end
129
+ controls = collapse_duplicates(controls)
130
+ results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
131
+ version: @burpVersion,
132
+ title: "BurpSuite Pro Scan",
133
+ summary: "BurpSuite Pro Scan",
134
+ controls: controls)
135
+ results.to_hdf
136
+ end
137
+ end
138
+ end
@@ -35,6 +35,16 @@ module HeimdallTools
35
35
  File.write(options[:output], hdf)
36
36
  end
37
37
 
38
+ desc 'burpsuite_mapper', 'burpsuite_mapper translates Burpsuite xml report to HDF format Json be viewed on Heimdall'
39
+ long_desc Help.text(:burpsuite_mapper)
40
+ option :xml, required: true, aliases: '-x'
41
+ option :output, required: true, aliases: '-o'
42
+ option :verbose, type: :boolean, aliases: '-V'
43
+ def burpsuite_mapper
44
+ hdf = HeimdallTools::BurpSuiteMapper.new(File.read(options[:xml])).to_hdf
45
+ File.write(options[:output], hdf)
46
+ end
47
+
38
48
  desc 'version', 'prints version'
39
49
  def version
40
50
  puts VERSION
@@ -2,6 +2,7 @@ require 'json'
2
2
  require 'heimdall_tools/version'
3
3
  require 'openssl'
4
4
 
5
+ NA_STRING = "".freeze
5
6
  NA_TAG = nil.freeze
6
7
  NA_ARRAY = [].freeze
7
8
  NA_HASH = {}.freeze
@@ -0,0 +1,5 @@
1
+ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
2
+
3
+ Examples:
4
+
5
+ heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
@@ -3,9 +3,11 @@ require 'json'
3
3
  require 'csv'
4
4
  require 'heimdall_tools/hdf'
5
5
 
6
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
7
+
6
8
  MAPPING_FILES = {
7
- cwe: './lib/data/cwe-nist-mapping.csv'.freeze,
8
- owasp: './lib/data/owasp-nist-mapping.csv'.freeze
9
+ cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
10
+ owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
9
11
  }.freeze
10
12
 
11
13
  IMPACT_MAPPING = {
@@ -4,7 +4,9 @@ require 'csv'
4
4
  require 'heimdall_tools/hdf'
5
5
 
6
6
 
7
- CWE_NIST_MAPPING_FILE = './lib/data/cwe-nist-mapping.csv'.freeze
7
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
8
+
9
+ CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
8
10
 
9
11
  # rubocop:disable Metrics/AbcSize
10
12
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.23
4
+ version: 1.3.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2020-03-31 00:00:00.000000000 Z
13
+ date: 2020-04-07 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: nokogiri
@@ -213,11 +213,13 @@ files:
213
213
  - lib/data/gitkeep
214
214
  - lib/data/owasp-nist-mapping.csv
215
215
  - lib/heimdall_tools.rb
216
+ - lib/heimdall_tools/burpsuite_mapper.rb
216
217
  - lib/heimdall_tools/cli.rb
217
218
  - lib/heimdall_tools/command.rb
218
219
  - lib/heimdall_tools/fortify_mapper.rb
219
220
  - lib/heimdall_tools/hdf.rb
220
221
  - lib/heimdall_tools/help.rb
222
+ - lib/heimdall_tools/help/burpsuite_mapper.md
221
223
  - lib/heimdall_tools/help/fortify_mapper.md
222
224
  - lib/heimdall_tools/help/sonarqube_mapper.md
223
225
  - lib/heimdall_tools/help/zap_mapper.md