heimdall_tools 1.3.35 → 1.3.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +16 -0
- data/lib/heimdall_tools.rb +1 -0
- data/lib/heimdall_tools/cli.rb +12 -0
- data/lib/heimdall_tools/dbprotect_mapper.rb +127 -0
- data/lib/heimdall_tools/help/dbprotect_mapper.md +5 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 34a80978c354919fb48f33582e9a6b4e2676eb884c1868e8d710daeb6c8bfb9f
|
|
4
|
+
data.tar.gz: 58a1f7cde61bf0ad07454fd3cc90448ad40385a9f9d8dd951f24901ccce7a79d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49faba0d70053387a28208efc837a3978bb100e44d65436e0c8f9f6d335d1d8639987b77b44607a2d195cbafaf4646e2e4b80894a8ebb06a7206a929e2a115d3
|
|
7
|
+
data.tar.gz: 42c71d905a92366eb864113d86de09997cf1043133049d6e16efbc34967a5af2d648d4cb31b6a92fb17874941be8c92f367abcad3d37c26bb8f6b4d46d600f56
|
data/README.md
CHANGED
|
@@ -13,6 +13,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
|
|
|
13
13
|
- **snyk_mapper** - commercial package vulnerability scanner
|
|
14
14
|
- **nikto_mapper** - open-source web server scanner
|
|
15
15
|
- **jfrog_xray_mapper** - package vulnerability scanner
|
|
16
|
+
- **dbprotect_mapper** - database vulnerability scanner
|
|
16
17
|
|
|
17
18
|
Ruby 2.4 or higher (check using "ruby -v")
|
|
18
19
|
|
|
@@ -197,6 +198,21 @@ FLAGS:
|
|
|
197
198
|
example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
|
|
198
199
|
```
|
|
199
200
|
|
|
201
|
+
## dbprotect_mapper
|
|
202
|
+
|
|
203
|
+
dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.
|
|
204
|
+
|
|
205
|
+
```
|
|
206
|
+
USAGE: heimdall_tools dbprotect_mapper [OPTIONS] -x <check_results_details_report_xml> -o <db_protect_hdf.json>
|
|
207
|
+
|
|
208
|
+
FLAGS:
|
|
209
|
+
-x <check_results_details_report_xml> : path to DBProtect report XML file.
|
|
210
|
+
-o --output <scan-results> : path to output scan-results json.
|
|
211
|
+
-V --verbose : verbose run [optional].
|
|
212
|
+
|
|
213
|
+
example: heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
|
|
214
|
+
```
|
|
215
|
+
|
|
200
216
|
## version
|
|
201
217
|
|
|
202
218
|
Prints out the gem version
|
data/lib/heimdall_tools.rb
CHANGED
data/lib/heimdall_tools/cli.rb
CHANGED
|
@@ -99,6 +99,18 @@ module HeimdallTools
|
|
|
99
99
|
puts "#{options[:output]}"
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
+
desc 'dbprotect_mapper', 'dbprotect_mapper translates dbprotect results xml to HDF format Json be viewed on Heimdall'
|
|
103
|
+
long_desc Help.text(:dbprotect_mapper)
|
|
104
|
+
option :xml, required: true, aliases: '-x'
|
|
105
|
+
option :output, required: true, aliases: '-o'
|
|
106
|
+
option :verbose, type: :boolean, aliases: '-V'
|
|
107
|
+
def dbprotect_mapper
|
|
108
|
+
hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
|
|
109
|
+
File.write(options[:output], hdf)
|
|
110
|
+
puts "\r\HDF Generated:\n"
|
|
111
|
+
puts "#{options[:output]}"
|
|
112
|
+
end
|
|
113
|
+
|
|
102
114
|
desc 'version', 'prints version'
|
|
103
115
|
def version
|
|
104
116
|
puts VERSION
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
require 'json'
|
|
2
|
+
require 'csv'
|
|
3
|
+
require 'heimdall_tools/hdf'
|
|
4
|
+
require 'utilities/xml_to_hash'
|
|
5
|
+
|
|
6
|
+
IMPACT_MAPPING = {
|
|
7
|
+
High: 0.7,
|
|
8
|
+
Medium: 0.5,
|
|
9
|
+
Low: 0.3,
|
|
10
|
+
Informational: 0.0
|
|
11
|
+
}.freeze
|
|
12
|
+
|
|
13
|
+
# rubocop:disable Metrics/AbcSize
|
|
14
|
+
|
|
15
|
+
module HeimdallTools
|
|
16
|
+
class DBProtectMapper
|
|
17
|
+
def initialize(xml, name=nil, verbose = false)
|
|
18
|
+
@verbose = verbose
|
|
19
|
+
|
|
20
|
+
begin
|
|
21
|
+
dataset = xml_to_hash(xml)
|
|
22
|
+
@entries = compile_findings(dataset['dataset'])
|
|
23
|
+
|
|
24
|
+
rescue StandardError => e
|
|
25
|
+
raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def to_hdf
|
|
31
|
+
controls = []
|
|
32
|
+
@entries.each do |entry|
|
|
33
|
+
@item = {}
|
|
34
|
+
@item['id'] = entry['Check ID']
|
|
35
|
+
@item['title'] = entry['Check']
|
|
36
|
+
@item['desc'] = format_desc(entry)
|
|
37
|
+
@item['impact'] = impact(entry['Risk DV'])
|
|
38
|
+
@item['tags'] = {}
|
|
39
|
+
@item['descriptions'] = []
|
|
40
|
+
@item['refs'] = NA_ARRAY
|
|
41
|
+
@item['source_location'] = NA_HASH
|
|
42
|
+
@item['code'] = ''
|
|
43
|
+
@item['results'] = finding(entry)
|
|
44
|
+
|
|
45
|
+
controls << @item
|
|
46
|
+
end
|
|
47
|
+
controls = collapse_duplicates(controls)
|
|
48
|
+
results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
|
|
49
|
+
version: "",
|
|
50
|
+
title: @entries.first['Job Name'],
|
|
51
|
+
summary: format_summary(@entries.first),
|
|
52
|
+
controls: controls)
|
|
53
|
+
results.to_hdf
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
private
|
|
57
|
+
|
|
58
|
+
def compile_findings(dataset)
|
|
59
|
+
keys = dataset['metadata']['item'].map{ |e| e['name']}
|
|
60
|
+
findings = dataset['data']['row'].map { |e| Hash[keys.zip(e['value'])] }
|
|
61
|
+
findings
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def format_desc(entry)
|
|
65
|
+
text = []
|
|
66
|
+
text << "Task : #{entry['Task']}"
|
|
67
|
+
text << "Check Category : #{entry['Check Category']}"
|
|
68
|
+
text.join("; ")
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def format_summary(entry)
|
|
72
|
+
text = []
|
|
73
|
+
text << "Organization : #{entry['Organization']}"
|
|
74
|
+
text << "Asset : #{entry['Check Asset']}"
|
|
75
|
+
text << "Asset Type : #{entry['Asset Type']}"
|
|
76
|
+
text << "IP Address, Port, Instance : #{entry['Asset Type']}"
|
|
77
|
+
text << "IP Address, Port, Instance : #{entry['IP Address, Port, Instance']}"
|
|
78
|
+
text.join("\n")
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def finding(entry)
|
|
82
|
+
finding = {}
|
|
83
|
+
|
|
84
|
+
finding['code_desc'] = entry['Details']
|
|
85
|
+
finding['run_time'] = 0.0
|
|
86
|
+
finding['start_time'] = entry['Date']
|
|
87
|
+
|
|
88
|
+
case entry['Result Status']
|
|
89
|
+
when 'Fact'
|
|
90
|
+
finding['status'] = 'skipped'
|
|
91
|
+
when 'Failed'
|
|
92
|
+
finding['status'] = 'failed'
|
|
93
|
+
finding['backtrace'] = ["DB Protect Failed Check"]
|
|
94
|
+
when 'Finding'
|
|
95
|
+
finding['status'] = 'failed'
|
|
96
|
+
when 'Not A Finding'
|
|
97
|
+
finding['status'] = 'passed'
|
|
98
|
+
when 'Skipped'
|
|
99
|
+
finding['status'] = 'skipped'
|
|
100
|
+
else
|
|
101
|
+
finding['status'] = 'skipped'
|
|
102
|
+
end
|
|
103
|
+
[finding]
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def impact(severity)
|
|
107
|
+
IMPACT_MAPPING[severity.to_sym]
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
# DBProtect report could have multiple issue entries for multiple findings of same issue type.
|
|
111
|
+
# The meta data is identical across entries
|
|
112
|
+
# method collapse_duplicates return unique controls with applicable findings collapsed into it.
|
|
113
|
+
def collapse_duplicates(controls)
|
|
114
|
+
unique_controls = []
|
|
115
|
+
|
|
116
|
+
controls.map { |x| x['id'] }.uniq.each do |id|
|
|
117
|
+
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
|
|
118
|
+
unique_control = controls.find { |x| x['id'].eql?(id) }
|
|
119
|
+
unique_control['results'] = collapsed_results.flatten
|
|
120
|
+
unique_controls << unique_control
|
|
121
|
+
end
|
|
122
|
+
unique_controls
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
|
|
126
|
+
end
|
|
127
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heimdall_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.36
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-03-01 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: nokogiri
|
|
@@ -189,10 +189,12 @@ files:
|
|
|
189
189
|
- lib/heimdall_tools/burpsuite_mapper.rb
|
|
190
190
|
- lib/heimdall_tools/cli.rb
|
|
191
191
|
- lib/heimdall_tools/command.rb
|
|
192
|
+
- lib/heimdall_tools/dbprotect_mapper.rb
|
|
192
193
|
- lib/heimdall_tools/fortify_mapper.rb
|
|
193
194
|
- lib/heimdall_tools/hdf.rb
|
|
194
195
|
- lib/heimdall_tools/help.rb
|
|
195
196
|
- lib/heimdall_tools/help/burpsuite_mapper.md
|
|
197
|
+
- lib/heimdall_tools/help/dbprotect_mapper.md
|
|
196
198
|
- lib/heimdall_tools/help/fortify_mapper.md
|
|
197
199
|
- lib/heimdall_tools/help/jfrog_xray_mapper.md
|
|
198
200
|
- lib/heimdall_tools/help/nessus_mapper.md
|