heimdall_tools 1.3.27 → 1.3.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -1
- data/README.md +1 -0
- data/lib/heimdall_tools/nessus_mapper.rb +69 -14
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 793e9f28cb98cddc239829d4164d2f316100b2157ae9e196d2c32e5271fca664
|
|
4
|
+
data.tar.gz: 267e61797626c6ec797fdffda2d03bee9de9ce5ed45f918d2cfcda9af86a9957
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 671713a138539ad4f68615aa1c74d727ddd221b27fb0d7ea22531b8c5caa19aed0d00eabab2b685edc00566b2098ea7514e3281e30fbcbc09ea4db31c0171762
|
|
7
|
+
data.tar.gz: 2f589a0a0db9cfd64cf23f25420f6609229bbc0dfc8e435e7bde4eb7c19c431a8446ccae650e2bb6820cee8a04e996eb205999a2ad2429063e491818127a8c86
|
data/CHANGELOG.md
CHANGED
|
@@ -2,10 +2,23 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
|
|
4
4
|
|
|
5
|
-
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.
|
|
5
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.27...HEAD)
|
|
6
|
+
|
|
7
|
+
**Closed issues:**
|
|
8
|
+
|
|
9
|
+
- Map 'Policy Compliance' entries for nessus\_mapper [\#49](https://github.com/mitre/heimdall_tools/issues/49)
|
|
10
|
+
|
|
11
|
+
**Merged pull requests:**
|
|
12
|
+
|
|
13
|
+
- Add code to translate Policy compliance results [\#51](https://github.com/mitre/heimdall_tools/pull/51) ([rx294](https://github.com/rx294))
|
|
14
|
+
|
|
15
|
+
## [v1.3.27](https://github.com/mitre/heimdall_tools/tree/v1.3.27) (2020-05-22)
|
|
16
|
+
|
|
17
|
+
[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...v1.3.27)
|
|
6
18
|
|
|
7
19
|
**Merged pull requests:**
|
|
8
20
|
|
|
21
|
+
- Updated the Dockerfile to run in an alpine ruby container [\#47](https://github.com/mitre/heimdall_tools/pull/47) ([jsa5593](https://github.com/jsa5593))
|
|
9
22
|
- Require a newer version of git-lite-version-bump for Windows support [\#46](https://github.com/mitre/heimdall_tools/pull/46) ([rbclark](https://github.com/rbclark))
|
|
10
23
|
|
|
11
24
|
## [v1.3.26](https://github.com/mitre/heimdall_tools/tree/v1.3.26) (2020-05-06)
|
data/README.md
CHANGED
|
@@ -9,6 +9,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
|
|
|
9
9
|
- **fortify_mapper** - commercial static code analysis tool
|
|
10
10
|
- **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
|
|
11
11
|
- **burpsuite_mapper** - commercial dynamic analysis tool
|
|
12
|
+
- **nessus_mapper** - commercial vulnerability scanner
|
|
12
13
|
|
|
13
14
|
Ruby 2.4 or higher (check using "ruby -v")
|
|
14
15
|
|
|
@@ -17,6 +17,10 @@ IMPACT_MAPPING = {
|
|
|
17
17
|
|
|
18
18
|
DEFAULT_NIST_TAG = ["unmapped"].freeze
|
|
19
19
|
|
|
20
|
+
# Nessus results file 800-53 refs does not contain Nist rev version. Using this default
|
|
21
|
+
# version in that case
|
|
22
|
+
DEFAULT_NIST_REV = 'Rev_4'.freeze
|
|
23
|
+
|
|
20
24
|
NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
|
|
21
25
|
|
|
22
26
|
# rubocop:disable Metrics/AbcSize
|
|
@@ -31,6 +35,8 @@ module HeimdallTools
|
|
|
31
35
|
@cwe_nist_mapping = parse_mapper
|
|
32
36
|
@data = xml_to_hash(nessus_xml)
|
|
33
37
|
|
|
38
|
+
File.write("273970.json", @data.to_json)
|
|
39
|
+
|
|
34
40
|
@reports = extract_report
|
|
35
41
|
@scaninfo = extract_scaninfo
|
|
36
42
|
rescue StandardError => e
|
|
@@ -50,6 +56,9 @@ module HeimdallTools
|
|
|
50
56
|
raise "Invalid Nessus XML file provided Exception: #{e}"
|
|
51
57
|
end
|
|
52
58
|
end
|
|
59
|
+
def parse_refs(refs, key)
|
|
60
|
+
refs.split(',').map { |x| x.split('|')[1] if x.include?(key) }.compact
|
|
61
|
+
end
|
|
53
62
|
|
|
54
63
|
def extract_scaninfo
|
|
55
64
|
begin
|
|
@@ -82,8 +91,20 @@ module HeimdallTools
|
|
|
82
91
|
|
|
83
92
|
def finding(issue, timestamp)
|
|
84
93
|
finding = {}
|
|
85
|
-
|
|
86
|
-
|
|
94
|
+
# if compliance-result field, this is a policy compliance result entry
|
|
95
|
+
# nessus policy compliance result provides a pass/fail data
|
|
96
|
+
# For non policy compliance results are defaulted to failed
|
|
97
|
+
if issue['compliance-result']
|
|
98
|
+
finding['status'] = issue['compliance-result'].eql?('PASSED') ? 'passed' : 'failed'
|
|
99
|
+
else
|
|
100
|
+
finding['status'] = 'failed'
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
if issue['description']
|
|
104
|
+
finding['code_desc'] = issue['description'].to_s || NA_PLUGIN_OUTPUT
|
|
105
|
+
else
|
|
106
|
+
finding['code_desc'] = issue['plugin_output'] || NA_PLUGIN_OUTPUT
|
|
107
|
+
end
|
|
87
108
|
finding['run_time'] = NA_FLOAT
|
|
88
109
|
finding['start_time'] = timestamp
|
|
89
110
|
[finding]
|
|
@@ -96,14 +117,15 @@ module HeimdallTools
|
|
|
96
117
|
end
|
|
97
118
|
|
|
98
119
|
def impact(severity)
|
|
120
|
+
# Map CAT levels and Plugin severity to HDF impact levels
|
|
99
121
|
case severity
|
|
100
122
|
when "0"
|
|
101
123
|
IMPACT_MAPPING[:Info]
|
|
102
|
-
when "1"
|
|
124
|
+
when "1","III"
|
|
103
125
|
IMPACT_MAPPING[:Low]
|
|
104
|
-
when "2"
|
|
126
|
+
when "2","II"
|
|
105
127
|
IMPACT_MAPPING[:Medium]
|
|
106
|
-
when "3"
|
|
128
|
+
when "3","I"
|
|
107
129
|
IMPACT_MAPPING[:High]
|
|
108
130
|
when "4"
|
|
109
131
|
IMPACT_MAPPING[:Critical]
|
|
@@ -142,21 +164,54 @@ module HeimdallTools
|
|
|
142
164
|
def to_hdf
|
|
143
165
|
host_results = {}
|
|
144
166
|
@reports.each do | report|
|
|
145
|
-
# Under current version of the converter `Policy Compliance` items are ignored
|
|
146
|
-
report_items = report['ReportItem'].select {|x| !x['pluginFamily'].eql? 'Policy Compliance'}
|
|
147
|
-
|
|
148
167
|
controls = []
|
|
149
|
-
|
|
168
|
+
report['ReportItem'].each do | item |
|
|
150
169
|
@item = {}
|
|
151
|
-
@item['id'] = item['pluginID'].to_s
|
|
152
|
-
@item['title'] = item['pluginName'].to_s
|
|
153
|
-
@item['desc'] = format_desc(item).to_s
|
|
154
|
-
@item['impact'] = impact(item['severity'])
|
|
155
170
|
@item['tags'] = {}
|
|
156
171
|
@item['descriptions'] = []
|
|
157
172
|
@item['refs'] = NA_ARRAY
|
|
158
173
|
@item['source_location'] = NA_HASH
|
|
159
|
-
|
|
174
|
+
|
|
175
|
+
# Nessus results field set are different for 'Policy Compliance' plug-in family vs other plug-in families
|
|
176
|
+
# Following if conditions capture compliance* if it exists else it will default to plugin* fields
|
|
177
|
+
# Current version covers STIG based 'Policy Compliance' results
|
|
178
|
+
# TODO Cover cases for 'Policy Compliance' results based on CIS
|
|
179
|
+
if item['compliance-reference']
|
|
180
|
+
@item['id'] = parse_refs(item['compliance-reference'],'Vuln-ID').join.to_s
|
|
181
|
+
else
|
|
182
|
+
@item['id'] = item['pluginID'].to_s
|
|
183
|
+
end
|
|
184
|
+
if item['compliance-check-name']
|
|
185
|
+
@item['title'] = item['compliance-check-name'].to_s
|
|
186
|
+
else
|
|
187
|
+
@item['title'] = item['pluginName'].to_s
|
|
188
|
+
end
|
|
189
|
+
if item['compliance-info']
|
|
190
|
+
@item['desc'] = item['compliance-info'].to_s
|
|
191
|
+
else
|
|
192
|
+
@item['desc'] = format_desc(item).to_s
|
|
193
|
+
end
|
|
194
|
+
if item['compliance-reference']
|
|
195
|
+
@item['impact'] = impact(parse_refs(item['compliance-reference'],'CAT').join.to_s)
|
|
196
|
+
else
|
|
197
|
+
@item['impact'] = impact(item['severity'])
|
|
198
|
+
end
|
|
199
|
+
if item['compliance-reference']
|
|
200
|
+
# TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
|
|
201
|
+
@item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
|
|
202
|
+
else
|
|
203
|
+
@item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
|
|
204
|
+
end
|
|
205
|
+
if item['compliance-solution']
|
|
206
|
+
# TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
|
|
207
|
+
@item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
|
|
208
|
+
else
|
|
209
|
+
@item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
|
|
210
|
+
end
|
|
211
|
+
if item['compliance-solution']
|
|
212
|
+
@item['descriptions'] << desc_tags(item['compliance-solution'], 'check')
|
|
213
|
+
end
|
|
214
|
+
|
|
160
215
|
@item['code'] = ''
|
|
161
216
|
@item['results'] = finding(item, extract_timestamp(report))
|
|
162
217
|
controls << @item
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heimdall_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.28
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2020-05-
|
|
13
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: nokogiri
|