heimdall_tools 1.3.29 → 1.3.30

data/lib/heimdall_tools/cli.rb

@@ -53,9 +53,10 @@ module HeimdallTools
     def nessus_mapper
       hdfs = HeimdallTools::NessusMapper.new(File.read(options[:xml])).to_hdf
 
+      puts "\nHDF Generated:"
       hdfs.keys.each do | host |
         File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
-        puts "HDF Generated: #{options[:output_prefix]}-#{host}.json"
+        puts "#{options[:output_prefix]}-#{host}.json"
       end
       
     end

data/lib/heimdall_tools/nessus_mapper.rb

@@ -2,10 +2,13 @@ require 'json'
 require 'csv'
 require 'heimdall_tools/hdf'
 require 'utilities/xml_to_hash'
+require 'nokogiri'
+require 'pp'
 
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
 NESSUS_PLUGINS_NIST_MAPPING_FILE =   File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
+U_CCI_LIST =   File.join(RESOURCE_DIR, 'U_CCI_List.xml')
 
 IMPACT_MAPPING = {
   Info: 0.0,
@@ -25,12 +28,22 @@ NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
 
 # rubocop:disable Metrics/AbcSize
 
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+
 module HeimdallTools
   class NessusMapper
     def initialize(nessus_xml, verbose = false)
       @nessus_xml = nessus_xml
       @verbose = verbose
-
+      read_cci_xml
       begin
         @cwe_nist_mapping = parse_mapper
         @data = xml_to_hash(nessus_xml)
@@ -53,6 +66,7 @@ module HeimdallTools
         raise "Invalid Nessus XML file provided Exception: #{e}"
       end
     end
+
     def parse_refs(refs, key)
       refs.split(',').map { |x| x.split('|')[1] if x.include?(key) }.compact
     end
@@ -107,7 +121,29 @@ module HeimdallTools
       [finding]
     end
 
-    def nist_tag(pluginfamily, pluginid)
+    def read_cci_xml
+      cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
+      @cci_xml = Nokogiri::XML(File.open(cci_list_path))
+      @cci_xml.remove_namespaces!
+    rescue StandardError => e
+      puts "Exception: #{e.message}"
+    end
+
+    def cci_nist_tag(cci_refs)
+      nist_tags = []
+      cci_refs.each do | cci_ref |
+        item_node = @cci_xml.xpath("//cci_list/cci_items/cci_item[@id='#{cci_ref}']")[0] unless @cci_xml.nil?
+        unless item_node.nil?
+          nist_ref = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@index').text
+          nist_ver = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@version').text
+        end
+        nist_tags << nist_ref
+        nist_tags << "Rev_#{nist_ver}"
+      end
+      nist_tags
+    end
+
+    def plugin_nist_tag(pluginfamily, pluginid)
       entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i)) ) }
       tags = entries.map { |x| [x[:nistid].split('|'), "Rev_#{x[:rev]}"] }
       tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
@@ -163,6 +199,7 @@ module HeimdallTools
       @reports.each do | report|
         controls = []
         report['ReportItem'].each do | item |
+          printf("\rProcessing: %s", $spinner.next)
           @item = {}
           @item['tags']               = {}
           @item['descriptions']       = []
@@ -194,16 +231,9 @@ module HeimdallTools
             @item['impact']            = impact(item['severity']) 
           end
           if item['compliance-reference']
-            # TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
-            @item['tags']['nist']     = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
-          else
-            @item['tags']['nist']     = nist_tag(item['pluginFamily'],item['pluginID'])
-          end
-          if item['compliance-solution']
-            # TODO: Cover cases where 800-53 refs are not provided in nessus `compliance-reference` field
-            @item['tags']['nist']     = parse_refs(item['compliance-reference'],'800-53') << DEFAULT_NIST_REV
+            @item['tags']['nist']     = cci_nist_tag(parse_refs(item['compliance-reference'],'CCI'))
           else
-            @item['tags']['nist']     = nist_tag(item['pluginFamily'],item['pluginID'])
+            @item['tags']['nist']     = plugin_nist_tag(item['pluginFamily'],item['pluginID'])
           end
           if item['compliance-solution']
             @item['descriptions']       <<  desc_tags(item['compliance-solution'], 'check')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.29
+  version: 1.3.30
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-28 00:00:00.000000000 Z
+date: 2020-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -209,8 +209,8 @@ files:
 - README.md
 - Rakefile
 - exe/heimdall_tools
+- lib/data/U_CCI_List.xml
 - lib/data/cwe-nist-mapping.csv
-- lib/data/gitkeep
 - lib/data/nessus-plugins-nist-mapping.csv
 - lib/data/owasp-nist-mapping.csv
 - lib/heimdall_tools.rb