RubyGems - heimdall_tools - Versions diffs - 1.3.30 → 1.3.35 - Mend

heimdall_tools 1.3.30 → 1.3.35

Files changed (18) hide show

checksums.yaml +4 -4
data/README.md +52 -0
data/lib/data/cwe-nist-mapping.csv +13 -5
data/lib/data/nikto-nist-mapping.csv +8942 -0
data/lib/heimdall_tools.rb +3 -0
data/lib/heimdall_tools/cli.rb +38 -0
data/lib/heimdall_tools/fortify_mapper.rb +2 -1
data/lib/heimdall_tools/help/jfrog_xray_mapper.md +5 -0
data/lib/heimdall_tools/help/nikto_mapper.md +7 -0
data/lib/heimdall_tools/help/snyk_mapper.md +7 -0
data/lib/heimdall_tools/jfrog_xray_mapper.rb +142 -0
data/lib/heimdall_tools/nessus_mapper.rb +1 -5
data/lib/heimdall_tools/nikto_mapper.rb +149 -0
data/lib/heimdall_tools/snyk_mapper.rb +161 -0
data/lib/heimdall_tools/sonarqube_mapper.rb +3 -1
data/lib/heimdall_tools/zap_mapper.rb +2 -1
metadata +10 -32
data/CHANGELOG.md +0 -266

data/lib/heimdall_tools/sonarqube_mapper.rb CHANGED Viewed

@@ -5,6 +5,8 @@ require 'heimdall_tools/hdf'
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
 MAPPING_FILES = {
   cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
   owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
@@ -237,7 +239,7 @@ class Control
       return [@mappings[tag_type][parsed_tag]].flatten.uniq
     end
-    ['unmapped'] # HDF expects this to be a list, but not an empty list even if there aren't results
+    DEFAULT_NIST_TAG # Entries with unmapped NIST tags are defaulted to NIST tags ‘SA-11, RA-5 Rev_4’
   end
   def hdf

data/lib/heimdall_tools/zap_mapper.rb CHANGED Viewed

@@ -7,6 +7,7 @@ require 'heimdall_tools/hdf'
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
 # rubocop:disable Metrics/AbcSize
@@ -66,7 +67,7 @@ module HeimdallTools
     def nist_tag(cweid)
       entries = @cwe_nist_mapping.select { |x| x[:cweid].to_s.eql?(cweid.to_s) }
       tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
-      tags.empty? ? ['unmapped'] : tags.flatten.uniq
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
     def impact(riskcode)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.30
+  version: 1.3.35
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-06-12 00:00:00.000000000 Z
+date: 2021-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -96,20 +96,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
-- !ruby/object:Gem::Dependency
-  name: nori
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.6'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.6'
 - !ruby/object:Gem::Dependency
   name: git-lite-version-bump
   requirement: !ruby/object:Gem::Requirement
@@ -166,20 +152,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -203,7 +175,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG.md
 - Guardfile
 - LICENSE.md
 - README.md
@@ -212,6 +183,7 @@ files:
 - lib/data/U_CCI_List.xml
 - lib/data/cwe-nist-mapping.csv
 - lib/data/nessus-plugins-nist-mapping.csv
+- lib/data/nikto-nist-mapping.csv
 - lib/data/owasp-nist-mapping.csv
 - lib/heimdall_tools.rb
 - lib/heimdall_tools/burpsuite_mapper.rb
@@ -222,10 +194,16 @@ files:
 - lib/heimdall_tools/help.rb
 - lib/heimdall_tools/help/burpsuite_mapper.md
 - lib/heimdall_tools/help/fortify_mapper.md
+- lib/heimdall_tools/help/jfrog_xray_mapper.md
 - lib/heimdall_tools/help/nessus_mapper.md
+- lib/heimdall_tools/help/nikto_mapper.md
+- lib/heimdall_tools/help/snyk_mapper.md
 - lib/heimdall_tools/help/sonarqube_mapper.md
 - lib/heimdall_tools/help/zap_mapper.md
+- lib/heimdall_tools/jfrog_xray_mapper.rb
 - lib/heimdall_tools/nessus_mapper.rb
+- lib/heimdall_tools/nikto_mapper.rb
+- lib/heimdall_tools/snyk_mapper.rb
 - lib/heimdall_tools/sonarqube_mapper.rb
 - lib/heimdall_tools/version.rb
 - lib/heimdall_tools/zap_mapper.rb
@@ -249,7 +227,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: Convert Forify, Openzap and Sonarqube results to HDF

data/CHANGELOG.md DELETED Viewed

@@ -1,266 +0,0 @@
-# Changelog
-## [v1.3.29](https://github.com/mitre/heimdall_tools/tree/v1.3.29) (2020-05-28)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.28...v1.3.29)
-**Merged pull requests:**
-- Remove debug line [\#53](https://github.com/mitre/heimdall_tools/pull/53) ([rx294](https://github.com/rx294))
-## [v1.3.28](https://github.com/mitre/heimdall_tools/tree/v1.3.28) (2020-05-28)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.27...v1.3.28)
-**Closed issues:**
-- Map 'Policy Compliance' entries for nessus\_mapper [\#49](https://github.com/mitre/heimdall_tools/issues/49)
-**Merged pull requests:**
-- Add code to translate Policy compliance results [\#51](https://github.com/mitre/heimdall_tools/pull/51) ([rx294](https://github.com/rx294))
-## [v1.3.27](https://github.com/mitre/heimdall_tools/tree/v1.3.27) (2020-05-22)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.26...v1.3.27)
-**Merged pull requests:**
-- Updated the Dockerfile to run in an alpine ruby container [\#47](https://github.com/mitre/heimdall_tools/pull/47) ([jsa5593](https://github.com/jsa5593))
-- Require a newer version of git-lite-version-bump for Windows support [\#46](https://github.com/mitre/heimdall_tools/pull/46) ([rbclark](https://github.com/rbclark))
-## [v1.3.26](https://github.com/mitre/heimdall_tools/tree/v1.3.26) (2020-05-06)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.25...v1.3.26)
-**Implemented enhancements:**
-- Converter: Nessus Transform for Audit results and vulnerability scan results  [\#29](https://github.com/mitre/heimdall_tools/issues/29)
-**Merged pull requests:**
-- Nessus Mapper  [\#45](https://github.com/mitre/heimdall_tools/pull/45) ([rx294](https://github.com/rx294))
-## [v1.3.25](https://github.com/mitre/heimdall_tools/tree/v1.3.25) (2020-04-16)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.24...v1.3.25)
-**Closed issues:**
-- Add minimum required json fields to work heimdall server    [\#5](https://github.com/mitre/heimdall_tools/issues/5)
-**Merged pull requests:**
-- Make sure the fields we are looking for in Fortify exist before we parse the element [\#44](https://github.com/mitre/heimdall_tools/pull/44) ([rbclark](https://github.com/rbclark))
-- Update actions to use ruby/setup-ruby [\#43](https://github.com/mitre/heimdall_tools/pull/43) ([Bialogs](https://github.com/Bialogs))
-## [v1.3.24](https://github.com/mitre/heimdall_tools/tree/v1.3.24) (2020-04-07)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...v1.3.24)
-**Implemented enhancements:**
-- Converter: Burp Suite Pro [\#28](https://github.com/mitre/heimdall_tools/issues/28)
-**Fixed bugs:**
-- \[Bug\] Import mapping csvs by relative path  [\#41](https://github.com/mitre/heimdall_tools/issues/41)
-**Merged pull requests:**
-- Update to pull data csvs by relative path [\#42](https://github.com/mitre/heimdall_tools/pull/42) ([rx294](https://github.com/rx294))
-- Burpsuite mapper [\#40](https://github.com/mitre/heimdall_tools/pull/40) ([rx294](https://github.com/rx294))
-## [v1.3.23](https://github.com/mitre/heimdall_tools/tree/v1.3.23) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre5...v1.3.23)
-## [v1.3.23.pre5](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre5) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre4...v1.3.23.pre5)
-**Merged pull requests:**
-- Rubygems automatically trims the word \_api\_key when referencing the key [\#39](https://github.com/mitre/heimdall_tools/pull/39) ([rbclark](https://github.com/rbclark))
-## [v1.3.23.pre4](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre4) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre3...v1.3.23.pre4)
-## [v1.3.23.pre3](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre3) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre2...v1.3.23.pre3)
-## [v1.3.23.pre2](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre2) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre...v1.3.23.pre2)
-## [v1.3.23.pre](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.22...v1.3.23.pre)
-**Merged pull requests:**
-- Restructure workflow for publishing gem [\#37](https://github.com/mitre/heimdall_tools/pull/37) ([rbclark](https://github.com/rbclark))
-## [v1.3.22](https://github.com/mitre/heimdall_tools/tree/v1.3.22) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.21...v1.3.22)
-## [v1.3.21](https://github.com/mitre/heimdall_tools/tree/v1.3.21) (2020-03-31)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.20...v1.3.21)
-## [v1.3.20](https://github.com/mitre/heimdall_tools/tree/v1.3.20) (2020-03-30)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.19...v1.3.20)
-**Fixed bugs:**
-- Unable to Convert Fortify 19.2.0 FVDL file to HDF [\#25](https://github.com/mitre/heimdall_tools/issues/25)
-## [v1.3.19](https://github.com/mitre/heimdall_tools/tree/v1.3.19) (2020-03-30)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.18...v1.3.19)
-**Merged pull requests:**
-- Remove all gems from Gemfile and declare them properly in the gemspec [\#33](https://github.com/mitre/heimdall_tools/pull/33) ([rbclark](https://github.com/rbclark))
-## [v1.3.18](https://github.com/mitre/heimdall_tools/tree/v1.3.18) (2020-03-28)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.17...v1.3.18)
-## [v1.3.17](https://github.com/mitre/heimdall_tools/tree/v1.3.17) (2020-03-26)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.16...v1.3.17)
-**Closed issues:**
-- Request New converters [\#23](https://github.com/mitre/heimdall_tools/issues/23)
-## [v1.3.16](https://github.com/mitre/heimdall_tools/tree/v1.3.16) (2020-03-25)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.15...v1.3.16)
-## [v1.3.15](https://github.com/mitre/heimdall_tools/tree/v1.3.15) (2020-03-25)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.14...v1.3.15)
-## [v1.3.14](https://github.com/mitre/heimdall_tools/tree/v1.3.14) (2020-03-24)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.13...v1.3.14)
-## [v1.3.13](https://github.com/mitre/heimdall_tools/tree/v1.3.13) (2020-03-24)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.12...v1.3.13)
-## [v1.3.12](https://github.com/mitre/heimdall_tools/tree/v1.3.12) (2020-03-24)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.11...v1.3.12)
-## [v1.3.11](https://github.com/mitre/heimdall_tools/tree/v1.3.11) (2020-03-24)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.10...v1.3.11)
-## [v1.3.10](https://github.com/mitre/heimdall_tools/tree/v1.3.10) (2020-03-24)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.9...v1.3.10)
-## [v1.3.9](https://github.com/mitre/heimdall_tools/tree/v1.3.9) (2020-03-23)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.8...v1.3.9)
-**Closed issues:**
-- Update XML parser [\#26](https://github.com/mitre/heimdall_tools/issues/26)
-**Merged pull requests:**
-- Update XML parser [\#27](https://github.com/mitre/heimdall_tools/pull/27) ([rx294](https://github.com/rx294))
-## [v1.3.8](https://github.com/mitre/heimdall_tools/tree/v1.3.8) (2020-03-09)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.7...v1.3.8)
-**Closed issues:**
-- \[BUG\] | sonarqube\_mapper is not handling NIST mapping correctly [\#21](https://github.com/mitre/heimdall_tools/issues/21)
-**Merged pull requests:**
-- Fixes \#21 \[BUG\] | sonarqube\_mapper is not handling NIST mapping correctly [\#22](https://github.com/mitre/heimdall_tools/pull/22) ([rx294](https://github.com/rx294))
-## [v1.3.7](https://github.com/mitre/heimdall_tools/tree/v1.3.7) (2020-03-06)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.6...v1.3.7)
-## [v1.3.6](https://github.com/mitre/heimdall_tools/tree/v1.3.6) (2020-03-05)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.5...v1.3.6)
-## [v1.3.5](https://github.com/mitre/heimdall_tools/tree/v1.3.5) (2020-03-05)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.4...v1.3.5)
-## [v1.3.4](https://github.com/mitre/heimdall_tools/tree/v1.3.4) (2020-03-04)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.3...v1.3.4)
-**Closed issues:**
-- Support Authenticated Sonarqube API  for sonarqube\_mapper [\#18](https://github.com/mitre/heimdall_tools/issues/18)
-## [v1.3.3](https://github.com/mitre/heimdall_tools/tree/v1.3.3) (2020-03-04)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.2...v1.3.3)
-**Merged pull requests:**
-- Cleanup GPR and Rubygems release flow [\#38](https://github.com/mitre/heimdall_tools/pull/38) ([rbclark](https://github.com/rbclark))
-- Sonarqube authentication option [\#20](https://github.com/mitre/heimdall_tools/pull/20) ([rx294](https://github.com/rx294))
-## [v1.3.2](https://github.com/mitre/heimdall_tools/tree/v1.3.2) (2019-12-27)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.1...v1.3.2)
-**Merged pull requests:**
-- Adding dockerfile for heimdall tools [\#15](https://github.com/mitre/heimdall_tools/pull/15) ([rx294](https://github.com/rx294))
-## [v1.3.1](https://github.com/mitre/heimdall_tools/tree/v1.3.1) (2019-12-27)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.0...v1.3.1)
-**Closed issues:**
-- Update HDF format generate jsons in Inspec results style [\#10](https://github.com/mitre/heimdall_tools/issues/10)
-**Merged pull requests:**
-- Updating required nori gem version [\#16](https://github.com/mitre/heimdall_tools/pull/16) ([rx294](https://github.com/rx294))
-- Populate shasum and runtime field  [\#14](https://github.com/mitre/heimdall_tools/pull/14) ([rx294](https://github.com/rx294))
-- Updates as per feedback [\#13](https://github.com/mitre/heimdall_tools/pull/13) ([rx294](https://github.com/rx294))
-- updating samples  [\#12](https://github.com/mitre/heimdall_tools/pull/12) ([rx294](https://github.com/rx294))
-- Change to results view on heimdall [\#11](https://github.com/mitre/heimdall_tools/pull/11) ([rx294](https://github.com/rx294))
-## [v1.3.0](https://github.com/mitre/heimdall_tools/tree/v1.3.0) (2019-09-24)
-[Full Changelog](https://github.com/mitre/heimdall_tools/compare/c9c08305796eaf12d7abb2535c285a4acd2f5a91...v1.3.0)
-**Closed issues:**
-- README needs authors [\#9](https://github.com/mitre/heimdall_tools/issues/9)
-- Get NIST rev version from CSV [\#4](https://github.com/mitre/heimdall_tools/issues/4)
-- Output in evaluation format, not profile  [\#2](https://github.com/mitre/heimdall_tools/issues/2)
-**Merged pull requests:**
-- Fixes to PR \#6 [\#8](https://github.com/mitre/heimdall_tools/pull/8) ([rx294](https://github.com/rx294))
-- Update README fortify-fvdl flag to fvdl as in usage [\#7](https://github.com/mitre/heimdall_tools/pull/7) ([mirskiy](https://github.com/mirskiy))
-- Add SonarQube Mapper and OWASP NIST mappings [\#6](https://github.com/mitre/heimdall_tools/pull/6) ([mirskiy](https://github.com/mirskiy))
-- OWASP ZAP Mapper PR [\#3](https://github.com/mitre/heimdall_tools/pull/3) ([rx294](https://github.com/rx294))
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*