heimdall_tools 1.3.34 → 1.3.35

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d54d4b22df45a476f595fcb5e915848a0ab4afdedab5bc01aed87a4aeb98daba
-  data.tar.gz: 9f0b90c76302fe9eea2508d04b9b6df33907ed7a1d775ffc7ac0cc1150573f09
+  metadata.gz: 30a8aa48d76c322433d3b7233585d2f7265c5d9906147f904a56d7c37468943d
+  data.tar.gz: de9c85b3ec842451ba8ccd52ef66b516390677c1d9971e602c434cc21725d619
 SHA512:
-  metadata.gz: c2d99103ccb593b133e51cf5df81d9fa6d31426b24ba4b311840bdcbbf8aaa611c16db127eae2a10a6994113ce182e1d80f0716b341838e7bd1fa1120eced474
-  data.tar.gz: 8368dd53348c22851413faef53ee02515b64a8ef69a5ca02b81174d491b7db3129d158c02ce96733157e21d48bfa2e2922f5c0ab899465761256f4bf58027489
+  metadata.gz: 735203a3dedc20625a366530d50c5f0e11a5a654a13f1264b53dd239b6902a851b35ea49ae1b783714399d6c2215ebf137a2c54e4edb6a2c7e40e3a17ef1d8db
+  data.tar.gz: 19b63fc27d52ede491025d7880771e31ffeaf090707b73885970b9455e4c81bda1c15b428621436e8086f9e6d5521d6810fd1000df4f2900fe8b57911fc44488

data/README.md

@@ -12,6 +12,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **nessus_mapper** - commercial vulnerability scanner
 - **snyk_mapper** - commercial package vulnerability scanner
 - **nikto_mapper** - open-source web server scanner 
+- **jfrog_xray_mapper** - package vulnerability scanner
 
 Ruby 2.4 or higher (check using "ruby -v")
 
@@ -181,6 +182,21 @@ FLAGS:
 example: heimdall_tools nikto_mapper -j nikto_results.json -o nikto_results.json
 ```
 
+## jfrog_xray_mapper
+
+jfrog_xray_mapper translates an JFrog Xray results JSON file into HDF format JSON to be viewable in Heimdall
+  
+```
+USAGE: heimdall_tools jfrog_xray_mapper [OPTIONS] -j <xray-results-json> -o <hdf-scan-results.json>
+
+FLAGS:
+    -j <xray_results_json>           : path to xray results JSON file.
+    -o --output <scan-results>       : path to output scan-results json.
+    -V --verbose                     : verbose run [optional].
+
+example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
+```
+
 ## version  
 
 Prints out the gem version

data/lib/data/cwe-nist-mapping.csv

@@ -64,10 +64,13 @@
 251, Often Misused: String Management,,4,
 252, Unchecked Return Value,,4,
 256, Plaintext Storage of a Password,SC-28,4,Protection of Information at Rest
+257, Storing Passwords in a Recoverable Format,IA-5,4,Authenticator Management
 258, Empty Password in Configuration File,SC-28,4,Protection of Information at Rest
 259, Use of Hard-coded Password,,4,
 260, Password in Configuration File,SC-28,4,Protection of Information at Rest
 261, Weak Cryptography for Passwords,SC-13,4,Cryptographic Protection
+262, Not Using Password Aging,IA-5,4,Authenticator Management
+263, Password Aging with Long Expiration,IA-5,4,Authenticator Management
 265, Privilege / Sandbox Issues,AC-6,4,Least Privilege
 269, Improper Privilege Management,AC-4,4,Information Flow Enforcement
 272, Least Privilege Violation,AC-6,4,Least Privilege: Privilege Levels for Code Execution -8
@@ -175,8 +178,9 @@
 662, Improper Synchonization,,4,
 667, Improper Locking,,4,
 676, Use of Potentially Dangerous Function,,4,
-690,: Unchecked Return Value to NULL Pointer Dereference,,4,
+690, Unchecked Return Value to NULL Pointer Dereference,,4,
 691, Insufficient Control Flow Management,SI-11,4,Error Handling
+693, Protection Mechanism Failure,IA-5,4,Authenticator Management
 694, Use of Multiple Resources with Duplicate Identifier,,4,
 732, Incorrect Permission Assignment for Critical Resource,AC-3,4,Access Enforcement
 733, Compiler Optimization Removal or Modification of Security-critical Code,,4,

data/lib/heimdall_tools.rb

@@ -12,4 +12,5 @@ module HeimdallTools
   autoload :NessusMapper, 'heimdall_tools/nessus_mapper'
   autoload :SnykMapper, 'heimdall_tools/snyk_mapper'
   autoload :NiktoMapper, 'heimdall_tools/nikto_mapper'
+  autoload :JfrogXrayMapper, 'heimdall_tools/jfrog_xray_mapper'
 end

data/lib/heimdall_tools/cli.rb

@@ -87,6 +87,18 @@ module HeimdallTools
       puts "#{options[:output]}"
     end
 
+    desc 'jfrog_xray_mapper', 'jfrog_xray_mapper translates Jfrog Xray results Json to HDF format Json be viewed on Heimdall'
+    long_desc Help.text(:jfrog_xray_mapper)
+    option :json, required: true, aliases: '-j'
+    option :output, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def jfrog_xray_mapper
+      hdf = HeimdallTools::JfrogXrayMapper.new(File.read(options[:json])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\r\HDF Generated:\n"
+      puts "#{options[:output]}"
+    end
+
     desc 'version', 'prints version'
     def version
       puts VERSION

data/lib/heimdall_tools/fortify_mapper.rb

@@ -3,6 +3,7 @@ require 'heimdall_tools/hdf'
 require 'utilities/xml_to_hash'
 
 NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
 
 module HeimdallTools
   class FortifyMapper
@@ -68,7 +69,7 @@ module HeimdallTools
       references = rule['References']['Reference']
       references = [references] unless references.is_a?(Array)
       tag = references.detect { |x| x['Author'].eql?(NIST_REFERENCE_NAME) }
-      tag.nil? ? 'unmapped' : tag['Title'].match(/[a-zA-Z][a-zA-Z]-\d{1,2}/)
+      tag.nil? ? DEFAULT_NIST_TAG : tag['Title'].match(/[a-zA-Z][a-zA-Z]-\d{1,2}/)
     end
 
     def impact(classid)

data/lib/heimdall_tools/help/jfrog_xray_mapper.md

@@ -0,0 +1,5 @@
+  jfrog_xray_mapper translates an JFrog Xray results JSON file into HDF format JSON to be viewable in Heimdall
+
+Examples:
+
+  heimdall_tools jfrog_xray_mapper -j xray_results.json -o output-file-name.json

data/lib/heimdall_tools/jfrog_xray_mapper.rb

@@ -0,0 +1,142 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+require 'utilities/xml_to_hash'
+
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+
+IMPACT_MAPPING = {
+  high: 0.7,
+  medium: 0.5,
+  low: 0.3,
+}.freeze
+
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+
+module HeimdallTools
+  class JfrogXrayMapper
+    def initialize(xray_json, name=nil, verbose = false)
+      @xray_json = xray_json
+      @verbose = verbose
+
+      begin
+        @cwe_nist_mapping = parse_mapper
+        @project = JSON.parse(xray_json)
+
+      rescue StandardError => e
+        raise "Invalid JFrog Xray JSON file provided Exception: #{e}"
+      end
+    end
+
+    def finding(vulnerability)
+      finding = {}
+      finding['status'] = 'failed'
+      finding['code_desc'] = []
+      finding['code_desc'] << "source_comp_id : #{vulnerability['source_comp_id'].to_s }"
+      finding['code_desc'] << "vulnerable_versions : #{vulnerability['component_versions']['vulnerable_versions'].to_s }"
+      finding['code_desc'] << "fixed_versions : #{vulnerability['component_versions']['fixed_versions'].to_s }"
+      finding['code_desc'] << "issue_type : #{vulnerability['issue_type'].to_s }"
+      finding['code_desc'] << "provider : #{vulnerability['provider'].to_s }"
+      finding['code_desc'] = finding['code_desc'].join("\n")
+      finding['run_time'] = NA_FLOAT
+
+      # Xray results does not profile scan timestamp; using current time to satisfy HDF format
+      finding['start_time'] = NA_STRING
+      [finding]
+    end
+
+    def nist_tag(cweid)
+      entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
+      tags = entries.map { |x| x[:nistid] }
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+    end
+
+    def parse_identifiers(vulnerability, ref)
+      # Extracting id number from reference style CWE-297
+      vulnerability['component_versions']['more_details']['cves'][0][ref.downcase].map { |e| e.split("#{ref}-")[1]  }
+      rescue
+        return []
+    end
+
+    def impact(severity)
+      IMPACT_MAPPING[severity.downcase.to_sym]
+    end
+
+    def parse_mapper
+      csv_data = CSV.read(CWE_NIST_MAPPING_FILE, **{ encoding: 'UTF-8',
+                                                   headers: true,
+                                                   header_converters: :symbol,
+                                                   converters: :all })
+      csv_data.map(&:to_hash)
+    end
+
+    def desc_tags(data, label)
+      { "data": data || NA_STRING, "label": label || NA_STRING }
+    end
+
+    # Xray report could have multiple vulnerability entries for multiple findings of same issue type.
+    # The meta data is identical across entries 
+    # method collapse_duplicates return unique controls with applicable findings collapsed into it.
+    def collapse_duplicates(controls)
+      unique_controls = []
+
+      controls.map { |x| x['id'] }.uniq.each do |id|
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        unique_control = controls.find { |x| x['id'].eql?(id) }
+        unique_control['results'] = collapsed_results.flatten
+        unique_controls << unique_control
+      end
+      unique_controls
+    end
+
+    def to_hdf
+      controls = []
+      vulnerability_count = 0
+      @project['data'].uniq.each do | vulnerability |
+        printf("\rProcessing: %s", $spinner.next)
+        
+        vulnerability_count +=1
+        item = {}
+        item['tags']               = {}
+        item['descriptions']       = []
+        item['refs']               = NA_ARRAY
+        item['source_location']    = NA_HASH
+        item['descriptions']       = NA_ARRAY
+
+        # Xray JSONs might note have `id` fields populated. 
+        # If thats a case MD5 hash is used to collapse vulnerability findings of the same type.
+        item['id']                 = vulnerability['id'].empty? ? OpenSSL::Digest::MD5.digest(vulnerability['summary'].to_s).unpack("H*")[0].to_s : vulnerability['id']
+        item['title']              = vulnerability['summary'].to_s
+        item['desc']               = vulnerability['component_versions']['more_details']['description'].to_s
+        item['impact']             = impact(vulnerability['severity'].to_s) 
+        item['code']               = NA_STRING
+        item['results']            = finding(vulnerability)
+
+        item['tags']['nist']       = nist_tag( parse_identifiers( vulnerability, 'CWE') )
+        item['tags']['cweid']      = parse_identifiers( vulnerability, 'CWE')
+
+        controls << item
+      end
+
+      controls = collapse_duplicates(controls)
+      results = HeimdallDataFormat.new(profile_name: "JFrog Xray Scan",
+                                       version: NA_STRING,
+                                       title: "JFrog Xray Scan", 
+                                       summary: "Continuous Security and Universal Artifact Analysis",
+                                       controls: controls)
+      results.to_hdf
+    end
+  end
+end

data/lib/heimdall_tools/sonarqube_mapper.rb

@@ -5,6 +5,8 @@ require 'heimdall_tools/hdf'
 
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+
 MAPPING_FILES = {
   cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
   owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
@@ -237,7 +239,7 @@ class Control
       return [@mappings[tag_type][parsed_tag]].flatten.uniq
     end
 
-    ['unmapped'] # HDF expects this to be a list, but not an empty list even if there aren't results
+    DEFAULT_NIST_TAG # Entries with unmapped NIST tags are defaulted to NIST tags ‘SA-11, RA-5 Rev_4’
   end
 
   def hdf

data/lib/heimdall_tools/zap_mapper.rb

@@ -7,6 +7,7 @@ require 'heimdall_tools/hdf'
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
 CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
 
 # rubocop:disable Metrics/AbcSize
 
@@ -66,7 +67,7 @@ module HeimdallTools
     def nist_tag(cweid)
       entries = @cwe_nist_mapping.select { |x| x[:cweid].to_s.eql?(cweid.to_s) }
       tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
-      tags.empty? ? ['unmapped'] : tags.flatten.uniq
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
 
     def impact(riskcode)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.34
+  version: 1.3.35
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-19 00:00:00.000000000 Z
+date: 2021-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -96,20 +96,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
-- !ruby/object:Gem::Dependency
-  name: nori
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.6'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.6'
 - !ruby/object:Gem::Dependency
   name: git-lite-version-bump
   requirement: !ruby/object:Gem::Requirement
@@ -166,20 +152,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -222,11 +194,13 @@ files:
 - lib/heimdall_tools/help.rb
 - lib/heimdall_tools/help/burpsuite_mapper.md
 - lib/heimdall_tools/help/fortify_mapper.md
+- lib/heimdall_tools/help/jfrog_xray_mapper.md
 - lib/heimdall_tools/help/nessus_mapper.md
 - lib/heimdall_tools/help/nikto_mapper.md
 - lib/heimdall_tools/help/snyk_mapper.md
 - lib/heimdall_tools/help/sonarqube_mapper.md
 - lib/heimdall_tools/help/zap_mapper.md
+- lib/heimdall_tools/jfrog_xray_mapper.rb
 - lib/heimdall_tools/nessus_mapper.rb
 - lib/heimdall_tools/nikto_mapper.rb
 - lib/heimdall_tools/snyk_mapper.rb
@@ -253,7 +227,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Convert Forify, Openzap and Sonarqube results to HDF