heimdall_tools 1.3.35 → 1.3.36

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 30a8aa48d76c322433d3b7233585d2f7265c5d9906147f904a56d7c37468943d
4
- data.tar.gz: de9c85b3ec842451ba8ccd52ef66b516390677c1d9971e602c434cc21725d619
3
+ metadata.gz: 34a80978c354919fb48f33582e9a6b4e2676eb884c1868e8d710daeb6c8bfb9f
4
+ data.tar.gz: 58a1f7cde61bf0ad07454fd3cc90448ad40385a9f9d8dd951f24901ccce7a79d
5
5
  SHA512:
6
- metadata.gz: 735203a3dedc20625a366530d50c5f0e11a5a654a13f1264b53dd239b6902a851b35ea49ae1b783714399d6c2215ebf137a2c54e4edb6a2c7e40e3a17ef1d8db
7
- data.tar.gz: 19b63fc27d52ede491025d7880771e31ffeaf090707b73885970b9455e4c81bda1c15b428621436e8086f9e6d5521d6810fd1000df4f2900fe8b57911fc44488
6
+ metadata.gz: 49faba0d70053387a28208efc837a3978bb100e44d65436e0c8f9f6d335d1d8639987b77b44607a2d195cbafaf4646e2e4b80894a8ebb06a7206a929e2a115d3
7
+ data.tar.gz: 42c71d905a92366eb864113d86de09997cf1043133049d6e16efbc34967a5af2d648d4cb31b6a92fb17874941be8c92f367abcad3d37c26bb8f6b4d46d600f56
data/README.md CHANGED
@@ -13,6 +13,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
13
13
  - **snyk_mapper** - commercial package vulnerability scanner
14
14
  - **nikto_mapper** - open-source web server scanner
15
15
  - **jfrog_xray_mapper** - package vulnerability scanner
16
+ - **dbprotect_mapper** - database vulnerability scanner
16
17
 
17
18
  Ruby 2.4 or higher (check using "ruby -v")
18
19
 
@@ -197,6 +198,21 @@ FLAGS:
197
198
  example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
198
199
  ```
199
200
 
201
+ ## dbprotect_mapper
202
+
203
+ dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.
204
+
205
+ ```
206
+ USAGE: heimdall_tools dbprotect_mapper [OPTIONS] -x <check_results_details_report_xml> -o <db_protect_hdf.json>
207
+
208
+ FLAGS:
209
+ -x <check_results_details_report_xml> : path to DBProtect report XML file.
210
+ -o --output <scan-results> : path to output scan-results json.
211
+ -V --verbose : verbose run [optional].
212
+
213
+ example: heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
214
+ ```
215
+
200
216
  ## version
201
217
 
202
218
  Prints out the gem version
@@ -13,4 +13,5 @@ module HeimdallTools
13
13
  autoload :SnykMapper, 'heimdall_tools/snyk_mapper'
14
14
  autoload :NiktoMapper, 'heimdall_tools/nikto_mapper'
15
15
  autoload :JfrogXrayMapper, 'heimdall_tools/jfrog_xray_mapper'
16
+ autoload :DBProtectMapper, 'heimdall_tools/dbprotect_mapper'
16
17
  end
@@ -99,6 +99,18 @@ module HeimdallTools
99
99
  puts "#{options[:output]}"
100
100
  end
101
101
 
102
+ desc 'dbprotect_mapper', 'dbprotect_mapper translates dbprotect results xml to HDF format Json be viewed on Heimdall'
103
+ long_desc Help.text(:dbprotect_mapper)
104
+ option :xml, required: true, aliases: '-x'
105
+ option :output, required: true, aliases: '-o'
106
+ option :verbose, type: :boolean, aliases: '-V'
107
+ def dbprotect_mapper
108
+ hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
109
+ File.write(options[:output], hdf)
110
+ puts "\r\HDF Generated:\n"
111
+ puts "#{options[:output]}"
112
+ end
113
+
102
114
  desc 'version', 'prints version'
103
115
  def version
104
116
  puts VERSION
@@ -0,0 +1,127 @@
1
+ require 'json'
2
+ require 'csv'
3
+ require 'heimdall_tools/hdf'
4
+ require 'utilities/xml_to_hash'
5
+
6
+ IMPACT_MAPPING = {
7
+ High: 0.7,
8
+ Medium: 0.5,
9
+ Low: 0.3,
10
+ Informational: 0.0
11
+ }.freeze
12
+
13
+ # rubocop:disable Metrics/AbcSize
14
+
15
+ module HeimdallTools
16
+ class DBProtectMapper
17
+ def initialize(xml, name=nil, verbose = false)
18
+ @verbose = verbose
19
+
20
+ begin
21
+ dataset = xml_to_hash(xml)
22
+ @entries = compile_findings(dataset['dataset'])
23
+
24
+ rescue StandardError => e
25
+ raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
26
+ end
27
+
28
+ end
29
+
30
+ def to_hdf
31
+ controls = []
32
+ @entries.each do |entry|
33
+ @item = {}
34
+ @item['id'] = entry['Check ID']
35
+ @item['title'] = entry['Check']
36
+ @item['desc'] = format_desc(entry)
37
+ @item['impact'] = impact(entry['Risk DV'])
38
+ @item['tags'] = {}
39
+ @item['descriptions'] = []
40
+ @item['refs'] = NA_ARRAY
41
+ @item['source_location'] = NA_HASH
42
+ @item['code'] = ''
43
+ @item['results'] = finding(entry)
44
+
45
+ controls << @item
46
+ end
47
+ controls = collapse_duplicates(controls)
48
+ results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
49
+ version: "",
50
+ title: @entries.first['Job Name'],
51
+ summary: format_summary(@entries.first),
52
+ controls: controls)
53
+ results.to_hdf
54
+ end
55
+
56
+ private
57
+
58
+ def compile_findings(dataset)
59
+ keys = dataset['metadata']['item'].map{ |e| e['name']}
60
+ findings = dataset['data']['row'].map { |e| Hash[keys.zip(e['value'])] }
61
+ findings
62
+ end
63
+
64
+ def format_desc(entry)
65
+ text = []
66
+ text << "Task : #{entry['Task']}"
67
+ text << "Check Category : #{entry['Check Category']}"
68
+ text.join("; ")
69
+ end
70
+
71
+ def format_summary(entry)
72
+ text = []
73
+ text << "Organization : #{entry['Organization']}"
74
+ text << "Asset : #{entry['Check Asset']}"
75
+ text << "Asset Type : #{entry['Asset Type']}"
76
+ text << "IP Address, Port, Instance : #{entry['Asset Type']}"
77
+ text << "IP Address, Port, Instance : #{entry['IP Address, Port, Instance']}"
78
+ text.join("\n")
79
+ end
80
+
81
+ def finding(entry)
82
+ finding = {}
83
+
84
+ finding['code_desc'] = entry['Details']
85
+ finding['run_time'] = 0.0
86
+ finding['start_time'] = entry['Date']
87
+
88
+ case entry['Result Status']
89
+ when 'Fact'
90
+ finding['status'] = 'skipped'
91
+ when 'Failed'
92
+ finding['status'] = 'failed'
93
+ finding['backtrace'] = ["DB Protect Failed Check"]
94
+ when 'Finding'
95
+ finding['status'] = 'failed'
96
+ when 'Not A Finding'
97
+ finding['status'] = 'passed'
98
+ when 'Skipped'
99
+ finding['status'] = 'skipped'
100
+ else
101
+ finding['status'] = 'skipped'
102
+ end
103
+ [finding]
104
+ end
105
+
106
+ def impact(severity)
107
+ IMPACT_MAPPING[severity.to_sym]
108
+ end
109
+
110
+ # DBProtect report could have multiple issue entries for multiple findings of same issue type.
111
+ # The meta data is identical across entries
112
+ # method collapse_duplicates return unique controls with applicable findings collapsed into it.
113
+ def collapse_duplicates(controls)
114
+ unique_controls = []
115
+
116
+ controls.map { |x| x['id'] }.uniq.each do |id|
117
+ collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
118
+ unique_control = controls.find { |x| x['id'].eql?(id) }
119
+ unique_control['results'] = collapsed_results.flatten
120
+ unique_controls << unique_control
121
+ end
122
+ unique_controls
123
+ end
124
+
125
+
126
+ end
127
+ end
@@ -0,0 +1,5 @@
1
+ dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.
2
+
3
+ Examples:
4
+
5
+ heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.35
4
+ version: 1.3.36
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2021-02-17 00:00:00.000000000 Z
13
+ date: 2021-03-01 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: nokogiri
@@ -189,10 +189,12 @@ files:
189
189
  - lib/heimdall_tools/burpsuite_mapper.rb
190
190
  - lib/heimdall_tools/cli.rb
191
191
  - lib/heimdall_tools/command.rb
192
+ - lib/heimdall_tools/dbprotect_mapper.rb
192
193
  - lib/heimdall_tools/fortify_mapper.rb
193
194
  - lib/heimdall_tools/hdf.rb
194
195
  - lib/heimdall_tools/help.rb
195
196
  - lib/heimdall_tools/help/burpsuite_mapper.md
197
+ - lib/heimdall_tools/help/dbprotect_mapper.md
196
198
  - lib/heimdall_tools/help/fortify_mapper.md
197
199
  - lib/heimdall_tools/help/jfrog_xray_mapper.md
198
200
  - lib/heimdall_tools/help/nessus_mapper.md