heimdall_tools 1.3.27 → 1.3.28

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ec12dcca7139b389b594827c467624eb68c04b3c65c2f9cf978a79c191d1df5c
4
- data.tar.gz: 13c5f3844677537895b7b66cae5bde9bcf1b62106d71becefe6b90a86cfd24bb
3
+ metadata.gz: 793e9f28cb98cddc239829d4164d2f316100b2157ae9e196d2c32e5271fca664
4
+ data.tar.gz: 267e61797626c6ec797fdffda2d03bee9de9ce5ed45f918d2cfcda9af86a9957
5
5
  SHA512:
6
- metadata.gz: e889225ffead476f7d2563888081a95ed4fbc6486611a5102329ecdd1ab5744082b7fc8864a995b6b05a514419be2d4487072b462c4bb7e9231cb9c1823db1ff
7
- data.tar.gz: b87c89909ccf8cb5d90abd4f8a306bcaddfcf6b2ef63c17ebe7f5f8f05f6883fd3ac71515463d698a8afcbb101a30312d6d64305ce132ef7092ea449cc8c3714
6
+ metadata.gz: 671713a138539ad4f68615aa1c74d727ddd221b27fb0d7ea22531b8c5caa19aed0d00eabab2b685edc00566b2098ea7514e3281e30fbcbc09ea4db31c0171762
7
+ data.tar.gz: 2f589a0a0db9cfd64cf23f25420f6609229bbc0dfc8e435e7bde4eb7c19c431a8446ccae650e2bb6820cee8a04e996eb205999a2ad2429063e491818127a8c86
@@ -2,10 +2,23 @@
2
2
 
3
3
  ## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
4
4
 
5
- [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...HEAD)
5
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.27...HEAD)
6
+
7
+ **Closed issues:**
8
+
9
+ - Map 'Policy Compliance' entries for nessus\_mapper [\#49](https://github.com/mitre/heimdall_tools/issues/49)
10
+
11
+ **Merged pull requests:**
12
+
13
+ - Add code to translate Policy compliance results [\#51](https://github.com/mitre/heimdall_tools/pull/51) ([rx294](https://github.com/rx294))
14
+
15
+ ## [v1.3.27](https://github.com/mitre/heimdall_tools/tree/v1.3.27) (2020-05-22)
16
+
17
+ [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...v1.3.27)
6
18
 
7
19
  **Merged pull requests:**
8
20
 
21
+ - Updated the Dockerfile to run in an alpine ruby container [\#47](https://github.com/mitre/heimdall_tools/pull/47) ([jsa5593](https://github.com/jsa5593))
9
22
  - Require a newer version of git-lite-version-bump for Windows support [\#46](https://github.com/mitre/heimdall_tools/pull/46) ([rbclark](https://github.com/rbclark))
10
23
 
11
24
  ## [v1.3.26](https://github.com/mitre/heimdall_tools/tree/v1.3.26) (2020-05-06)
data/README.md CHANGED
@@ -9,6 +9,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
9
9
  - **fortify_mapper** - commercial static code analysis tool
10
10
  - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
11
11
  - **burpsuite_mapper** - commercial dynamic analysis tool
12
+ - **nessus_mapper** - commercial vulnerability scanner
12
13
 
13
14
  Ruby 2.4 or higher (check using "ruby -v")
14
15
 
@@ -17,6 +17,10 @@ IMPACT_MAPPING = {
17
17
 
18
18
  DEFAULT_NIST_TAG = ["unmapped"].freeze
19
19
 
20
+ # Nessus results file 800-53 refs does not contain Nist rev version. Using this default
21
+ # version in that case
22
+ DEFAULT_NIST_REV = 'Rev_4'.freeze
23
+
20
24
  NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
21
25
 
22
26
  # rubocop:disable Metrics/AbcSize
@@ -31,6 +35,8 @@ module HeimdallTools
31
35
  @cwe_nist_mapping = parse_mapper
32
36
  @data = xml_to_hash(nessus_xml)
33
37
 
38
+ File.write("273970.json", @data.to_json)
39
+
34
40
  @reports = extract_report
35
41
  @scaninfo = extract_scaninfo
36
42
  rescue StandardError => e
@@ -50,6 +56,9 @@ module HeimdallTools
50
56
  raise "Invalid Nessus XML file provided Exception: #{e}"
51
57
  end
52
58
  end
59
+ def parse_refs(refs, key)
60
+ refs.split(',').map { |x| x.split('|')[1] if x.include?(key) }.compact
61
+ end
53
62
 
54
63
  def extract_scaninfo
55
64
  begin
@@ -82,8 +91,20 @@ module HeimdallTools
82
91
 
83
92
  def finding(issue, timestamp)
84
93
  finding = {}
85
- finding['status'] = 'failed'
86
- finding['code_desc'] = issue['plugin_output'] || NA_PLUGIN_OUTPUT
94
+ # if compliance-result field, this is a policy compliance result entry
95
+ # nessus policy compliance result provides a pass/fail data
96
+ # For non policy compliance results are defaulted to failed
97
+ if issue['compliance-result']
98
+ finding['status'] = issue['compliance-result'].eql?('PASSED') ? 'passed' : 'failed'
99
+ else
100
+ finding['status'] = 'failed'
101
+ end
102
+
103
+ if issue['description']
104
+ finding['code_desc'] = issue['description'].to_s || NA_PLUGIN_OUTPUT
105
+ else
106
+ finding['code_desc'] = issue['plugin_output'] || NA_PLUGIN_OUTPUT
107
+ end
87
108
  finding['run_time'] = NA_FLOAT
88
109
  finding['start_time'] = timestamp
89
110
  [finding]
@@ -96,14 +117,15 @@ module HeimdallTools
96
117
  end
97
118
 
98
119
  def impact(severity)
120
+ # Map CAT levels and Plugin severity to HDF impact levels
99
121
  case severity
100
122
  when "0"
101
123
  IMPACT_MAPPING[:Info]
102
- when "1"
124
+ when "1","III"
103
125
  IMPACT_MAPPING[:Low]
104
- when "2"
126
+ when "2","II"
105
127
  IMPACT_MAPPING[:Medium]
106
- when "3"
128
+ when "3","I"
107
129
  IMPACT_MAPPING[:High]
108
130
  when "4"
109
131
  IMPACT_MAPPING[:Critical]
@@ -142,21 +164,54 @@ module HeimdallTools
142
164
  def to_hdf
143
165
  host_results = {}
144
166
  @reports.each do | report|
145
- # Under current version of the converter `Policy Compliance` items are ignored
146
- report_items = report['ReportItem'].select {|x| !x['pluginFamily'].eql? 'Policy Compliance'}
147
-
148
167
  controls = []
149
- report_items.each do | item |
168
+ report['ReportItem'].each do | item |
150
169
  @item = {}
151
- @item['id'] = item['pluginID'].to_s
152
- @item['title'] = item['pluginName'].to_s
153
- @item['desc'] = format_desc(item).to_s
154
- @item['impact'] = impact(item['severity'])
155
170
  @item['tags'] = {}
156
171
  @item['descriptions'] = []
157
172
  @item['refs'] = NA_ARRAY
158
173
  @item['source_location'] = NA_HASH
159
- @item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
174
+
175
+ # Nessus results field set are different for 'Policy Compliance' plug-in family vs other plug-in families
176
+ # Following if conditions capture compliance* if it exists else it will default to plugin* fields
177
+ # Current version covers STIG based 'Policy Compliance' results
178
+ # TODO Cover cases for 'Policy Compliance' results based on CIS
179
+ if item['compliance-reference']
180
+ @item['id'] = parse_refs(item['compliance-reference'],'Vuln-ID').join.to_s
181
+ else
182
+ @item['id'] = item['pluginID'].to_s
183
+ end
184
+ if item['compliance-check-name']
185
+ @item['title'] = item['compliance-check-name'].to_s
186
+ else
187
+ @item['title'] = item['pluginName'].to_s
188
+ end
189
+ if item['compliance-info']
190
+ @item['desc'] = item['compliance-info'].to_s
191
+ else
192
+ @item['desc'] = format_desc(item).to_s
193
+ end
194
+ if item['compliance-reference']
195
+ @item['impact'] = impact(parse_refs(item['compliance-reference'],'CAT').join.to_s)
196
+ else
197
+ @item['impact'] = impact(item['severity'])
198
+ end
199
+ if item['compliance-reference']
200
+ # TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
201
+ @item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
202
+ else
203
+ @item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
204
+ end
205
+ if item['compliance-solution']
206
+ # TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
207
+ @item['tags']['nist'] = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
208
+ else
209
+ @item['tags']['nist'] = nist_tag(item['pluginFamily'],item['pluginID'])
210
+ end
211
+ if item['compliance-solution']
212
+ @item['descriptions'] << desc_tags(item['compliance-solution'], 'check')
213
+ end
214
+
160
215
  @item['code'] = ''
161
216
  @item['results'] = finding(item, extract_timestamp(report))
162
217
  controls << @item
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.27
4
+ version: 1.3.28
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2020-05-22 00:00:00.000000000 Z
13
+ date: 2020-05-28 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: nokogiri