heimdall_tools 1.3.37 → 1.3.41

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6e9d50bdf3b2f06cdd02be70517a574ca2a4f979abdb80d705682f02fe7dd45
-  data.tar.gz: a695c5f4f843802da69e4e150befbbbc9914a87d4aa20319a8156fbf376e9805
+  metadata.gz: 6e2861d76ab4ec09b9a409e934365fdc47935378f99ceeca94ccdf7c1931661d
+  data.tar.gz: f5bc5a6c7339da985cc825216fbb817b070dc94ae31a568955a39c822163a07a
 SHA512:
-  metadata.gz: 2295f30b0e973d2e59f2860d7ed7fcfa2dd75367a5731f250d1c6b5842326d9df984db383ee8a03b9aedc741a73729c8a0b6d6fb5ef13bc463cfe3b750238801
-  data.tar.gz: 56a80ca04c456e1aff7769ce3f0f554a5a7c533a801cfff800812898d9a888d96264e5da0c08c86576432e7e690fbfe7aad4bc3f21f59c9107bfc1c12bb425ed
+  metadata.gz: 53c34b8edc9cd713ee7ae481d6c27c1213ed371a800d1c0e728ae4bfe196561fc3128349547ee839521967fdc96da9478115834541faeba2a83a07cfba1de1a8
+  data.tar.gz: 2f0fb2011e3caa5a9b31fbfe44bc6069284bd35700af2fc6e20a236a2532f328db320c6bd0283930e22ac73d87929ad7dc9306ca5e315fa52c6a7f477b7b6e84

data/README.md

@@ -15,6 +15,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **jfrog_xray_mapper** - package vulnerability scanner
 - **dbprotect_mapper** - database vulnerability scanner
 - **aws_config_mapper** - assess, audit, and evaluate AWS resources
+- **netsparker_mapper** - web application security scanner
 
 Ruby 2.4 or higher (check using "ruby -v")
 
@@ -234,6 +235,23 @@ FLAGS:
 example: heimdall_tools aws_config_mapper -o aws_config_results_hdf.json
 ```
 
+## netsparker_mapper
+
+netsparker_mapper translates an Netsparker XML results file into HDF format JSON to be viewable in Heimdall.
+
+  The current iteration only works with Netsparker Enterprise Vulnerabilities Scan.
+
+```
+USAGE: heimdall_tools netsparker_mapper [OPTIONS] -x <netsparker_results_xml> -o <hdf-scan-results.json>
+
+FLAGS:
+    -x <netsparker_results_xml>      : path to netsparker results XML file.
+    -o --output <scan-results>       : path to output scan-results json.
+    -V --verbose                     : verbose run [optional].
+
+example: heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json
+```
+
 ## version  
 
 Prints out the gem version

data/lib/heimdall_tools.rb

@@ -15,4 +15,5 @@ module HeimdallTools
   autoload :JfrogXrayMapper, 'heimdall_tools/jfrog_xray_mapper'
   autoload :DBProtectMapper, 'heimdall_tools/dbprotect_mapper'
   autoload :AwsConfigMapper, 'heimdall_tools/aws_config_mapper'
+  autoload :NetsparkerMapper, 'heimdall_tools/netsparker_mapper'
 end

data/lib/heimdall_tools/aws_config_mapper.rb

@@ -13,10 +13,9 @@ INSUFFICIENT_DATA_MSG = 'Not enough data has been collectd to determine complian
 ##
 # HDF mapper for use with AWS Config rules.
 #
-# Ruby AWS Ruby SDK for ConfigService: 
+# Ruby AWS Ruby SDK for ConfigService:
 # - https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ConfigService/Client.html
 #
-# rubocop:disable Metrics/AbcSize, Metrics/ClassLength
 module HeimdallTools
   class AwsConfigMapper
     def initialize(custom_mapping, verbose = false)
@@ -57,8 +56,8 @@ module HeimdallTools
          title: 'AWS Config',
          summary: 'AWS Config',
          controls: controls,
-         statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION }
-        )
+         statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION },
+      )
       results.to_hdf
     end
 
@@ -67,12 +66,12 @@ module HeimdallTools
     ##
     # Read in a config rule -> 800-53 control mapping CSV.
     #
-    # Params: 
+    # Params:
     # - path: The file path to the CSV file
     #
     # Returns: A mapped version of the csv in the format { rule_name: row, ... }
     def get_rule_mapping(path)
-      Hash[CSV.read(path, headers: true).map { |row| [row[0], row] }]
+      CSV.read(path, headers: true).map { |row| [row[0], row] }.to_h
     end
 
     ##
@@ -142,7 +141,7 @@ module HeimdallTools
       end
 
       # Map based on name for easy lookup
-      Hash[compliance_results.collect { |r| [r.config_rule_name, r.to_h] }]
+      compliance_results.collect { |r| [r.config_rule_name, r.to_h] }.to_h
     end
 
     ##
@@ -192,7 +191,7 @@ module HeimdallTools
                                      (result[:result_recorded_time] - result[:config_rule_invoked_time]).round(6)
                                    end
           # status
-          hdf_result['status'] = case result.dig(:compliance_type)
+          hdf_result['status'] = case result[:compliance_type]
                                  when 'COMPLIANT'
                                    'passed'
                                  when 'NON_COMPLIANT'
@@ -209,19 +208,19 @@ module HeimdallTools
         when 'NOT_APPLICABLE'
           rule[:impact] = 0
           rule[:results] << {
-            'run_time': 0,
-            'code_desc': NOT_APPLICABLE_MSG,
-            'skip_message': NOT_APPLICABLE_MSG,
-            'start_time': DateTime.now.strftime('%Y-%m-%dT%H:%M:%S%:z'),
-            'status': 'skipped'
+            run_time: 0,
+            code_desc: NOT_APPLICABLE_MSG,
+            skip_message: NOT_APPLICABLE_MSG,
+            start_time: DateTime.now.strftime('%Y-%m-%dT%H:%M:%S%:z'),
+            status: 'skipped'
           }
         when 'INSUFFICIENT_DATA'
           rule[:results] << {
-            'run_time': 0,
-            'code_desc': INSUFFICIENT_DATA_MSG,
-            'skip_message': INSUFFICIENT_DATA_MSG,
-            'start_time': DateTime.now.strftime('%Y-%m-%dT%H:%M:%S%:z'),
-            'status': 'skipped'
+            run_time: 0,
+            code_desc: INSUFFICIENT_DATA_MSG,
+            skip_message: INSUFFICIENT_DATA_MSG,
+            start_time: DateTime.now.strftime('%Y-%m-%dT%H:%M:%S%:z'),
+            status: 'skipped'
           }
         end
       end
@@ -245,11 +244,11 @@ module HeimdallTools
       # NIST tag
       result['nist'] = []
       default_mapping_match = @default_mapping[config_rule[:config_rule_name]]
-      
+
       result['nist'] += default_mapping_match[1].split('|') unless default_mapping_match.nil?
 
       custom_mapping_match = @custom_mapping[config_rule[:config_rule_name]]
-      
+
       result['nist'] += custom_mapping_match[1].split('|').map { |name| "#{name} (user provided)" } unless custom_mapping_match.nil?
 
       result['nist'] = ['unmapped'] if result['nist'].empty?
@@ -258,8 +257,10 @@ module HeimdallTools
     end
 
     def check_text(config_rule)
-      params = (JSON.parse(config_rule[:input_parameters]).map { |key, value| "#{key}: #{value}" }).join('<br/>')
-      check_text = config_rule[:config_rule_arn]
+      # If no input parameters, then provide an empty JSON array to the JSON
+      # parser because passing nil to JSON.parse throws an exception.
+      params = (JSON.parse(config_rule[:input_parameters] || '[]').map { |key, value| "#{key}: #{value}" }).join('<br/>')
+      check_text = config_rule[:config_rule_arn] || ''
       check_text += "<br/>#{params}" unless params.empty?
       check_text
     end
@@ -274,11 +275,10 @@ module HeimdallTools
     def hdf_descriptions(config_rule)
       [
         {
-          'label': 'check',
-          'data': check_text(config_rule)
-        }
+          label: 'check',
+          data: check_text(config_rule)
+        },
       ]
     end
   end
 end
-# rubocop:enable Metrics/AbcSize, Metrics/ClassLength

data/lib/heimdall_tools/burpsuite_mapper.rb

@@ -16,13 +16,11 @@ IMPACT_MAPPING = {
 
 CWE_REGEX = 'CWE-(\d*):'.freeze
 
-DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze
-
-# rubocop:disable Metrics/AbcSize
+DEFAULT_NIST_TAG = %w{SA-11 RA-5 Rev_4}.freeze
 
 module HeimdallTools
   class BurpSuiteMapper
-    def initialize(burps_xml, name=nil, verbose = false)
+    def initialize(burps_xml, _name = nil, verbose = false)
       @burps_xml = burps_xml
       @verbose = verbose
 
@@ -33,11 +31,9 @@ module HeimdallTools
         @issues = data['issues']['issue']
         @burpVersion = data['issues']['burpVersion']
         @timestamp = data['issues']['exportTime']
-
       rescue StandardError => e
         raise "Invalid Burpsuite XML file provided Exception: #{e}"
       end
-
     end
 
     def parse_html(block)
@@ -63,7 +59,7 @@ module HeimdallTools
     end
 
     def nist_tag(cweid)
-      entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
+      entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? }
       tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
       tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
@@ -86,17 +82,17 @@ module HeimdallTools
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
     # Burpsuite report could have multiple issue entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
@@ -129,8 +125,8 @@ module HeimdallTools
       controls = collapse_duplicates(controls)
       results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
                                        version: @burpVersion,
-                                       title: "BurpSuite Pro Scan",
-                                       summary: "BurpSuite Pro Scan",
+                                       title: 'BurpSuite Pro Scan',
+                                       summary: 'BurpSuite Pro Scan',
                                        controls: controls)
       results.to_hdf
     end

data/lib/heimdall_tools/cli.rb

@@ -54,11 +54,10 @@ module HeimdallTools
       hdfs = HeimdallTools::NessusMapper.new(File.read(options[:xml])).to_hdf
 
       puts "\nHDF Generated:"
-      hdfs.keys.each do | host |
+      hdfs.each_key do |host|
         File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
         puts "#{options[:output_prefix]}-#{host}.json"
       end
-      
     end
 
     desc 'snyk_mapper', 'snyk_mapper translates Snyk results Json to HDF format Json be viewed on Heimdall'
@@ -69,7 +68,7 @@ module HeimdallTools
     def snyk_mapper
       hdfs = HeimdallTools::SnykMapper.new(File.read(options[:json]), options[:name]).to_hdf
       puts "\r\HDF Generated:\n"
-      hdfs.keys.each do | host |
+      hdfs.each_key do |host|
         File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
         puts "#{options[:output_prefix]}-#{host}.json"
       end
@@ -84,7 +83,7 @@ module HeimdallTools
       hdf = HeimdallTools::NiktoMapper.new(File.read(options[:json])).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
     end
 
     desc 'jfrog_xray_mapper', 'jfrog_xray_mapper translates Jfrog Xray results Json to HDF format Json be viewed on Heimdall'
@@ -96,9 +95,9 @@ module HeimdallTools
       hdf = HeimdallTools::JfrogXrayMapper.new(File.read(options[:json])).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
     end
-    
+
     desc 'dbprotect_mapper', 'dbprotect_mapper translates dbprotect results xml to HDF format Json be viewed on Heimdall'
     long_desc Help.text(:dbprotect_mapper)
     option :xml, required: true, aliases: '-x'
@@ -108,7 +107,7 @@ module HeimdallTools
       hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
     end
 
     desc 'aws_config_mapper', 'aws_config_mapper pulls Ruby AWS SDK data to translate AWS Config Rule results into HDF format Json to be viewable in Heimdall'
@@ -120,7 +119,19 @@ module HeimdallTools
       hdf = HeimdallTools::AwsConfigMapper.new(options[:custom_mapping]).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
+    end
+
+    desc 'netsparker_mapper', 'netsparker_mapper translates netsparker enterprise results xml to HDF format Json be viewed on Heimdall'
+    long_desc Help.text(:netsparker_mapper)
+    option :xml, required: true, aliases: '-x'
+    option :output, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def netsparker_mapper
+      hdf = HeimdallTools::NetsparkerMapper.new(File.read(options[:xml])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\r\HDF Generated:\n"
+      puts options[:output].to_s
     end
 
     desc 'version', 'prints version'

data/lib/heimdall_tools/command.rb

@@ -3,8 +3,6 @@ require 'thor'
 # Override thor's long_desc identation behavior
 # https://github.com/erikhuda/thor/issues/398
 
-# rubocop:disable Naming/UncommunicativeMethodParamName
-
 class Thor
   module Shell
     class Basic

data/lib/heimdall_tools/dbprotect_mapper.rb

@@ -10,21 +10,17 @@ IMPACT_MAPPING = {
   Informational: 0.0
 }.freeze
 
-# rubocop:disable Metrics/AbcSize
-
 module HeimdallTools
   class DBProtectMapper
-    def initialize(xml, name=nil, verbose = false)
+    def initialize(xml, _name = nil, verbose = false)
       @verbose = verbose
 
       begin
         dataset = xml_to_hash(xml)
         @entries = compile_findings(dataset['dataset'])
-
       rescue StandardError => e
         raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
       end
-
     end
 
     def to_hdf
@@ -46,7 +42,7 @@ module HeimdallTools
       end
       controls = collapse_duplicates(controls)
       results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
-                                       version: "",
+                                       version: '',
                                        title: @entries.first['Job Name'],
                                        summary: format_summary(@entries.first),
                                        controls: controls)
@@ -56,16 +52,15 @@ module HeimdallTools
     private
 
     def compile_findings(dataset)
-      keys = dataset['metadata']['item'].map{ |e| e['name']}
-      findings = dataset['data']['row'].map { |e| Hash[keys.zip(e['value'])] }
-      findings
+      keys = dataset['metadata']['item'].map { |e| e['name'] }
+      dataset['data']['row'].map { |e| keys.zip(e['value']).to_h }
     end
 
     def format_desc(entry)
       text = []
       text << "Task : #{entry['Task']}"
       text << "Check Category : #{entry['Check Category']}"
-      text.join("; ")
+      text.join('; ')
     end
 
     def format_summary(entry)
@@ -90,14 +85,12 @@ module HeimdallTools
         finding['status'] = 'skipped'
       when 'Failed'
         finding['status'] = 'failed'
-        finding['backtrace'] = ["DB Protect Failed Check"]
+        finding['backtrace'] = ['DB Protect Failed Check']
       when 'Finding'
         finding['status'] = 'failed'
       when 'Not A Finding'
         finding['status'] = 'passed'
-      when 'Skipped'
-        finding['status'] = 'skipped'
-      else 
+      else
         finding['status'] = 'skipped'
       end
       [finding]
@@ -108,20 +101,18 @@ module HeimdallTools
     end
 
     # DBProtect report could have multiple issue entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
       end
       unique_controls
     end
-
-
   end
 end

data/lib/heimdall_tools/fortify_mapper.rb

@@ -3,7 +3,7 @@ require 'heimdall_tools/hdf'
 require 'utilities/xml_to_hash'
 
 NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze
-DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 module HeimdallTools
   class FortifyMapper
@@ -19,7 +19,6 @@ module HeimdallTools
         @rules = data['FVDL']['Description']
         @uuid = data['FVDL']['UUID']
         @fortify_version = data['FVDL']['EngineData']['EngineVersion']
-
       rescue StandardError => e
         raise "Invalid Fortify FVDL file provided Exception: #{e}"
       end

data/lib/heimdall_tools/hdf.rb

@@ -2,15 +2,14 @@ require 'json'
 require 'heimdall_tools/version'
 require 'openssl'
 
-NA_STRING = "".freeze
-NA_TAG = nil.freeze
+NA_STRING = ''.freeze
+NA_TAG = nil
 NA_ARRAY = [].freeze
 NA_HASH = {}.freeze
-NA_FLOAT = 0.0.freeze
+NA_FLOAT = 0.0
 
 PLATFORM_NAME = 'Heimdall Tools'.freeze
 
-
 module HeimdallTools
   class HeimdallDataFormat
     def initialize(profile_name: NA_TAG,
@@ -60,7 +59,7 @@ module HeimdallTools
       profile_block['groups']          = groups
       profile_block['status']          = status
       profile_block['controls']        = controls
-      profile_block['sha256']          = OpenSSL::Digest::SHA256.digest(profile_block.to_s).unpack("H*")[0]
+      profile_block['sha256']          = OpenSSL::Digest::SHA256.digest(profile_block.to_s).unpack1('H*')
       @results_json['profiles'] << profile_block
     end