heimdall_tools 1.3.23 → 1.3.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/README.md +17 -4
- data/lib/heimdall_tools.rb +1 -0
- data/lib/heimdall_tools/burpsuite_mapper.rb +138 -0
- data/lib/heimdall_tools/cli.rb +10 -0
- data/lib/heimdall_tools/hdf.rb +1 -0
- data/lib/heimdall_tools/help/burpsuite_mapper.md +5 -0
- data/lib/heimdall_tools/sonarqube_mapper.rb +4 -2
- data/lib/heimdall_tools/zap_mapper.rb +3 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5d1e11d1521f5cb405e5900b4e799001c7351dc584b42e99ccf2d5fb0a84c361
|
4
|
+
data.tar.gz: e68d4a5e7b90f4f1158c08d0c305f95f2d8fa57d3cae075879ec4a494b576202
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4e14d8c4ad154009ff553d751b86d9d81b6de04169988ddc7ac2ac0d1f3bd1b43b9ce8dcbb2e18b7bb6c5720a3c4d300e14bad6b151d96242417586be304a0ac
|
7
|
+
data.tar.gz: 9347a1672c14849d11538b72e60aa6aa4b4ee56aaecb6e9e387869be8e88197b499b4b358c29cf2d6389992721ba05e61bd2262b01ab4f78be072a6da2e07c16
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,26 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...HEAD)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Converter: Burp Suite Pro [\#28](https://github.com/mitre/heimdall_tools/issues/28)
|
10
|
+
|
11
|
+
**Fixed bugs:**
|
12
|
+
|
13
|
+
- \[Bug\] Import mapping csvs by relative path [\#41](https://github.com/mitre/heimdall_tools/issues/41)
|
14
|
+
|
15
|
+
**Merged pull requests:**
|
16
|
+
|
17
|
+
- Update to pull data csvs by relative path [\#42](https://github.com/mitre/heimdall_tools/pull/42) ([rx294](https://github.com/rx294))
|
18
|
+
- Burpsuite mapper [\#40](https://github.com/mitre/heimdall_tools/pull/40) ([rx294](https://github.com/rx294))
|
19
|
+
|
20
|
+
## [v1.3.23](https://github.com/mitre/heimdall_tools/tree/v1.3.23) (2020-03-31)
|
21
|
+
|
22
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre5...v1.3.23)
|
23
|
+
|
3
24
|
## [v1.3.23.pre5](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre5) (2020-03-31)
|
4
25
|
|
5
26
|
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre4...v1.3.23.pre5)
|
data/README.md
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
# Heimdall Tools
|
2
2
|
|
3
3
|

|
4
|
-
|
5
4
|

|
6
5
|
|
7
6
|
HeimdallTools supplies several methods to convert output from various tools to "Heimdall Data Format"(HDF) format to be viewable in Heimdall. The current converters are:
|
@@ -9,8 +8,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
|
|
9
8
|
- **sonarqube_mapper** - open-source static code analysis tool
|
10
9
|
- **fortify_mapper** - commercial static code analysis tool
|
11
10
|
- **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
|
12
|
-
|
13
|
-
# Prerequisites
|
11
|
+
- **burpsuite_mapper** - commercial dynamic analysis tool
|
14
12
|
|
15
13
|
Ruby 2.4 or higher (check using "ruby -v")
|
16
14
|
|
@@ -107,7 +105,22 @@ FLAGS:
|
|
107
105
|
example: heimdall_tools zap_mapper -j zap_results.json -n site_name -o scan_results.json
|
108
106
|
```
|
109
107
|
|
110
|
-
##
|
108
|
+
## burpsuite_mapper
|
109
|
+
|
110
|
+
burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
|
111
|
+
|
112
|
+
```
|
113
|
+
USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
|
114
|
+
|
115
|
+
FLAGS:
|
116
|
+
-x --json <zap-json> : path to BurpSuitePro exported XML results file.
|
117
|
+
-o --output <scan-results> : path to output scan-results json.
|
118
|
+
-V --verbose : verbose run [optional].
|
119
|
+
|
120
|
+
example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
|
121
|
+
```
|
122
|
+
|
123
|
+
## version
|
111
124
|
|
112
125
|
Prints out the gem version
|
113
126
|
|
data/lib/heimdall_tools.rb
CHANGED
@@ -0,0 +1,138 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'csv'
|
3
|
+
require 'heimdall_tools/hdf'
|
4
|
+
require 'utilities/xml_to_hash'
|
5
|
+
|
6
|
+
RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
|
7
|
+
|
8
|
+
CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
|
9
|
+
|
10
|
+
IMPACT_MAPPING = {
|
11
|
+
High: 0.7,
|
12
|
+
Medium: 0.5,
|
13
|
+
Low: 0.3,
|
14
|
+
Information: 0.3
|
15
|
+
}.freeze
|
16
|
+
|
17
|
+
CWE_REGEX = 'CWE-(\d*):'.freeze
|
18
|
+
|
19
|
+
DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze
|
20
|
+
|
21
|
+
# rubocop:disable Metrics/AbcSize
|
22
|
+
|
23
|
+
module HeimdallTools
|
24
|
+
class BurpSuiteMapper
|
25
|
+
def initialize(burps_xml, name=nil, verbose = false)
|
26
|
+
@burps_xml = burps_xml
|
27
|
+
@verbose = verbose
|
28
|
+
|
29
|
+
begin
|
30
|
+
@cwe_nist_mapping = parse_mapper
|
31
|
+
data = xml_to_hash(burps_xml)
|
32
|
+
|
33
|
+
@issues = data['issues']['issue']
|
34
|
+
@burpVersion = data['issues']['burpVersion']
|
35
|
+
@timestamp = data['issues']['exportTime']
|
36
|
+
|
37
|
+
rescue StandardError => e
|
38
|
+
raise "Invalid Burpsuite XML file provided Exception: #{e}"
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
def parse_html(block)
|
44
|
+
Nokogiri::HTML(block['#cdata-section']).text.to_s.strip unless block.nil?
|
45
|
+
end
|
46
|
+
|
47
|
+
def finding(issue)
|
48
|
+
finding = {}
|
49
|
+
finding['status'] = 'failed'
|
50
|
+
finding['code_desc'] = format_code_desc(issue)
|
51
|
+
finding['run_time'] = NA_FLOAT
|
52
|
+
finding['start_time'] = @timestamp
|
53
|
+
[finding]
|
54
|
+
end
|
55
|
+
|
56
|
+
def format_code_desc(issue)
|
57
|
+
desc = ''
|
58
|
+
desc += "Host: ip: #{issue['host']['ip']}, url: #{issue['host']['text']}\n"
|
59
|
+
desc += "Location: #{parse_html(issue['location'])}\n"
|
60
|
+
desc += "issueDetail: #{parse_html(issue['issueDetail'])}\n" unless issue['issueDetail'].nil?
|
61
|
+
desc += "confidence: #{issue['confidence']}\n" unless issue['confidence'].nil?
|
62
|
+
desc
|
63
|
+
end
|
64
|
+
|
65
|
+
def nist_tag(cweid)
|
66
|
+
entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
|
67
|
+
tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
|
68
|
+
tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
|
69
|
+
end
|
70
|
+
|
71
|
+
def parse_cwe(text)
|
72
|
+
reg = Regexp.new(CWE_REGEX, Regexp::IGNORECASE)
|
73
|
+
text.scan(reg).map(&:first)
|
74
|
+
end
|
75
|
+
|
76
|
+
def impact(severity)
|
77
|
+
IMPACT_MAPPING[severity.to_sym]
|
78
|
+
end
|
79
|
+
|
80
|
+
def parse_mapper
|
81
|
+
csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
|
82
|
+
headers: true,
|
83
|
+
header_converters: :symbol,
|
84
|
+
converters: :all })
|
85
|
+
csv_data.map(&:to_hash)
|
86
|
+
end
|
87
|
+
|
88
|
+
def desc_tags(data, label)
|
89
|
+
{ "data": data || NA_STRING, "label": label || NA_STRING }
|
90
|
+
end
|
91
|
+
|
92
|
+
# Burpsuite report could have multiple issue entries for multiple findings of same issue type.
|
93
|
+
# The meta data is identical across entries
|
94
|
+
# method collapse_duplicates return unique controls with applicable findings collapsed into it.
|
95
|
+
def collapse_duplicates(controls)
|
96
|
+
unique_controls = []
|
97
|
+
|
98
|
+
controls.map { |x| x['id'] }.uniq.each do |id|
|
99
|
+
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
|
100
|
+
unique_control = controls.find { |x| x['id'].eql?(id) }
|
101
|
+
unique_control['results'] = collapsed_results.flatten
|
102
|
+
unique_controls << unique_control
|
103
|
+
end
|
104
|
+
unique_controls
|
105
|
+
end
|
106
|
+
|
107
|
+
def to_hdf
|
108
|
+
controls = []
|
109
|
+
@issues.each do |issue|
|
110
|
+
@item = {}
|
111
|
+
@item['id'] = issue['type'].to_s
|
112
|
+
@item['title'] = parse_html(issue['name'])
|
113
|
+
@item['desc'] = parse_html(issue['issueBackground'])
|
114
|
+
@item['impact'] = impact(issue['severity'])
|
115
|
+
@item['tags'] = {}
|
116
|
+
@item['descriptions'] = []
|
117
|
+
@item['descriptions'] << desc_tags(parse_html(issue['issueBackground']), 'check')
|
118
|
+
@item['descriptions'] << desc_tags(parse_html(issue['remediationBackground']), 'fix')
|
119
|
+
@item['refs'] = NA_ARRAY
|
120
|
+
@item['source_location'] = NA_HASH
|
121
|
+
@item['tags']['nist'] = nist_tag(parse_cwe(parse_html(issue['vulnerabilityClassifications'])))
|
122
|
+
@item['tags']['cweid'] = parse_html(issue['vulnerabilityClassifications'])
|
123
|
+
@item['tags']['confidence'] = issue['confidence'].to_s
|
124
|
+
@item['code'] = ''
|
125
|
+
@item['results'] = finding(issue)
|
126
|
+
|
127
|
+
controls << @item
|
128
|
+
end
|
129
|
+
controls = collapse_duplicates(controls)
|
130
|
+
results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
|
131
|
+
version: @burpVersion,
|
132
|
+
title: "BurpSuite Pro Scan",
|
133
|
+
summary: "BurpSuite Pro Scan",
|
134
|
+
controls: controls)
|
135
|
+
results.to_hdf
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
data/lib/heimdall_tools/cli.rb
CHANGED
@@ -35,6 +35,16 @@ module HeimdallTools
|
|
35
35
|
File.write(options[:output], hdf)
|
36
36
|
end
|
37
37
|
|
38
|
+
desc 'burpsuite_mapper', 'burpsuite_mapper translates Burpsuite xml report to HDF format Json be viewed on Heimdall'
|
39
|
+
long_desc Help.text(:burpsuite_mapper)
|
40
|
+
option :xml, required: true, aliases: '-x'
|
41
|
+
option :output, required: true, aliases: '-o'
|
42
|
+
option :verbose, type: :boolean, aliases: '-V'
|
43
|
+
def burpsuite_mapper
|
44
|
+
hdf = HeimdallTools::BurpSuiteMapper.new(File.read(options[:xml])).to_hdf
|
45
|
+
File.write(options[:output], hdf)
|
46
|
+
end
|
47
|
+
|
38
48
|
desc 'version', 'prints version'
|
39
49
|
def version
|
40
50
|
puts VERSION
|
data/lib/heimdall_tools/hdf.rb
CHANGED
@@ -3,9 +3,11 @@ require 'json'
|
|
3
3
|
require 'csv'
|
4
4
|
require 'heimdall_tools/hdf'
|
5
5
|
|
6
|
+
RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
|
7
|
+
|
6
8
|
MAPPING_FILES = {
|
7
|
-
cwe: '
|
8
|
-
owasp: '
|
9
|
+
cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
|
10
|
+
owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
|
9
11
|
}.freeze
|
10
12
|
|
11
13
|
IMPACT_MAPPING = {
|
@@ -4,7 +4,9 @@ require 'csv'
|
|
4
4
|
require 'heimdall_tools/hdf'
|
5
5
|
|
6
6
|
|
7
|
-
|
7
|
+
RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
|
8
|
+
|
9
|
+
CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
|
8
10
|
|
9
11
|
# rubocop:disable Metrics/AbcSize
|
10
12
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: heimdall_tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Robert Thew
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date: 2020-
|
13
|
+
date: 2020-04-07 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: nokogiri
|
@@ -213,11 +213,13 @@ files:
|
|
213
213
|
- lib/data/gitkeep
|
214
214
|
- lib/data/owasp-nist-mapping.csv
|
215
215
|
- lib/heimdall_tools.rb
|
216
|
+
- lib/heimdall_tools/burpsuite_mapper.rb
|
216
217
|
- lib/heimdall_tools/cli.rb
|
217
218
|
- lib/heimdall_tools/command.rb
|
218
219
|
- lib/heimdall_tools/fortify_mapper.rb
|
219
220
|
- lib/heimdall_tools/hdf.rb
|
220
221
|
- lib/heimdall_tools/help.rb
|
222
|
+
- lib/heimdall_tools/help/burpsuite_mapper.md
|
221
223
|
- lib/heimdall_tools/help/fortify_mapper.md
|
222
224
|
- lib/heimdall_tools/help/sonarqube_mapper.md
|
223
225
|
- lib/heimdall_tools/help/zap_mapper.md
|