heimdall_tools 1.3.38 → 1.3.42

data/lib/heimdall_tools/cli.rb

@@ -54,11 +54,10 @@ module HeimdallTools
       hdfs = HeimdallTools::NessusMapper.new(File.read(options[:xml])).to_hdf
 
       puts "\nHDF Generated:"
-      hdfs.keys.each do | host |
+      hdfs.each_key do |host|
         File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
         puts "#{options[:output_prefix]}-#{host}.json"
       end
-      
     end
 
     desc 'snyk_mapper', 'snyk_mapper translates Snyk results Json to HDF format Json be viewed on Heimdall'
@@ -69,7 +68,7 @@ module HeimdallTools
     def snyk_mapper
       hdfs = HeimdallTools::SnykMapper.new(File.read(options[:json]), options[:name]).to_hdf
       puts "\r\HDF Generated:\n"
-      hdfs.keys.each do | host |
+      hdfs.each_key do |host|
         File.write("#{options[:output_prefix]}-#{host}.json", hdfs[host])
         puts "#{options[:output_prefix]}-#{host}.json"
       end
@@ -84,7 +83,7 @@ module HeimdallTools
       hdf = HeimdallTools::NiktoMapper.new(File.read(options[:json])).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
     end
 
     desc 'jfrog_xray_mapper', 'jfrog_xray_mapper translates Jfrog Xray results Json to HDF format Json be viewed on Heimdall'
@@ -96,9 +95,9 @@ module HeimdallTools
       hdf = HeimdallTools::JfrogXrayMapper.new(File.read(options[:json])).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
     end
-    
+
     desc 'dbprotect_mapper', 'dbprotect_mapper translates dbprotect results xml to HDF format Json be viewed on Heimdall'
     long_desc Help.text(:dbprotect_mapper)
     option :xml, required: true, aliases: '-x'
@@ -108,7 +107,7 @@ module HeimdallTools
       hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
     end
 
     desc 'aws_config_mapper', 'aws_config_mapper pulls Ruby AWS SDK data to translate AWS Config Rule results into HDF format Json to be viewable in Heimdall'
@@ -120,7 +119,19 @@ module HeimdallTools
       hdf = HeimdallTools::AwsConfigMapper.new(options[:custom_mapping]).to_hdf
       File.write(options[:output], hdf)
       puts "\r\HDF Generated:\n"
-      puts "#{options[:output]}"
+      puts options[:output].to_s
+    end
+
+    desc 'netsparker_mapper', 'netsparker_mapper translates netsparker enterprise results xml to HDF format Json be viewed on Heimdall'
+    long_desc Help.text(:netsparker_mapper)
+    option :xml, required: true, aliases: '-x'
+    option :output, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def netsparker_mapper
+      hdf = HeimdallTools::NetsparkerMapper.new(File.read(options[:xml])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\r\HDF Generated:\n"
+      puts options[:output].to_s
     end
 
     desc 'version', 'prints version'

data/lib/heimdall_tools/command.rb

@@ -3,8 +3,6 @@ require 'thor'
 # Override thor's long_desc identation behavior
 # https://github.com/erikhuda/thor/issues/398
 
-# rubocop:disable Naming/UncommunicativeMethodParamName
-
 class Thor
   module Shell
     class Basic

data/lib/heimdall_tools/dbprotect_mapper.rb

@@ -10,21 +10,17 @@ IMPACT_MAPPING = {
   Informational: 0.0
 }.freeze
 
-# rubocop:disable Metrics/AbcSize
-
 module HeimdallTools
   class DBProtectMapper
-    def initialize(xml, name=nil, verbose = false)
+    def initialize(xml, _name = nil, verbose = false)
       @verbose = verbose
 
       begin
         dataset = xml_to_hash(xml)
         @entries = compile_findings(dataset['dataset'])
-
       rescue StandardError => e
         raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
       end
-
     end
 
     def to_hdf
@@ -46,7 +42,7 @@ module HeimdallTools
       end
       controls = collapse_duplicates(controls)
       results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
-                                       version: "",
+                                       version: '',
                                        title: @entries.first['Job Name'],
                                        summary: format_summary(@entries.first),
                                        controls: controls)
@@ -56,16 +52,15 @@ module HeimdallTools
     private
 
     def compile_findings(dataset)
-      keys = dataset['metadata']['item'].map{ |e| e['name']}
-      findings = dataset['data']['row'].map { |e| Hash[keys.zip(e['value'])] }
-      findings
+      keys = dataset['metadata']['item'].map { |e| e['name'] }
+      dataset['data']['row'].map { |e| keys.zip(e['value']).to_h }
     end
 
     def format_desc(entry)
       text = []
       text << "Task : #{entry['Task']}"
       text << "Check Category : #{entry['Check Category']}"
-      text.join("; ")
+      text.join('; ')
     end
 
     def format_summary(entry)
@@ -90,14 +85,12 @@ module HeimdallTools
         finding['status'] = 'skipped'
       when 'Failed'
         finding['status'] = 'failed'
-        finding['backtrace'] = ["DB Protect Failed Check"]
+        finding['backtrace'] = ['DB Protect Failed Check']
       when 'Finding'
         finding['status'] = 'failed'
       when 'Not A Finding'
         finding['status'] = 'passed'
-      when 'Skipped'
-        finding['status'] = 'skipped'
-      else 
+      else
         finding['status'] = 'skipped'
       end
       [finding]
@@ -108,20 +101,18 @@ module HeimdallTools
     end
 
     # DBProtect report could have multiple issue entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
       end
       unique_controls
     end
-
-
   end
 end

data/lib/heimdall_tools/fortify_mapper.rb

@@ -3,7 +3,7 @@ require 'heimdall_tools/hdf'
 require 'utilities/xml_to_hash'
 
 NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze
-DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 module HeimdallTools
   class FortifyMapper
@@ -19,7 +19,6 @@ module HeimdallTools
         @rules = data['FVDL']['Description']
         @uuid = data['FVDL']['UUID']
         @fortify_version = data['FVDL']['EngineData']['EngineVersion']
-
       rescue StandardError => e
         raise "Invalid Fortify FVDL file provided Exception: #{e}"
       end

data/lib/heimdall_tools/hdf.rb

@@ -2,15 +2,14 @@ require 'json'
 require 'heimdall_tools/version'
 require 'openssl'
 
-NA_STRING = "".freeze
-NA_TAG = nil.freeze
+NA_STRING = ''.freeze
+NA_TAG = nil
 NA_ARRAY = [].freeze
 NA_HASH = {}.freeze
-NA_FLOAT = 0.0.freeze
+NA_FLOAT = 0.0
 
 PLATFORM_NAME = 'Heimdall Tools'.freeze
 
-
 module HeimdallTools
   class HeimdallDataFormat
     def initialize(profile_name: NA_TAG,
@@ -60,7 +59,7 @@ module HeimdallTools
       profile_block['groups']          = groups
       profile_block['status']          = status
       profile_block['controls']        = controls
-      profile_block['sha256']          = OpenSSL::Digest::SHA256.digest(profile_block.to_s).unpack("H*")[0]
+      profile_block['sha256']          = OpenSSL::Digest::SHA256.digest(profile_block.to_s).unpack1('H*')
       @results_json['profiles'] << profile_block
     end
 

data/lib/heimdall_tools/help/netsparker_mapper.md

@@ -0,0 +1,7 @@
+  netsparker_mapper translates an Netsparker  XML results file into HDF format json to be viewable in Heimdall
+
+  The current iteration only works with Netsparker Enterprise Vulnerabilities Scan.
+  
+Examples:
+
+  heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json

data/lib/heimdall_tools/jfrog_xray_mapper.rb

@@ -10,10 +10,10 @@ CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
 IMPACT_MAPPING = {
   high: 0.7,
   medium: 0.5,
-  low: 0.3,
+  low: 0.3
 }.freeze
 
-DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 # Loading spinner sign
 $spinner = Enumerator.new do |e|
@@ -27,14 +27,13 @@ end
 
 module HeimdallTools
   class JfrogXrayMapper
-    def initialize(xray_json, name=nil, verbose = false)
+    def initialize(xray_json, _name = nil, verbose = false)
       @xray_json = xray_json
       @verbose = verbose
 
       begin
         @cwe_nist_mapping = parse_mapper
         @project = JSON.parse(xray_json)
-
       rescue StandardError => e
         raise "Invalid JFrog Xray JSON file provided Exception: #{e}"
       end
@@ -44,11 +43,11 @@ module HeimdallTools
       finding = {}
       finding['status'] = 'failed'
       finding['code_desc'] = []
-      finding['code_desc'] << "source_comp_id : #{vulnerability['source_comp_id'].to_s }"
-      finding['code_desc'] << "vulnerable_versions : #{vulnerability['component_versions']['vulnerable_versions'].to_s }"
-      finding['code_desc'] << "fixed_versions : #{vulnerability['component_versions']['fixed_versions'].to_s }"
-      finding['code_desc'] << "issue_type : #{vulnerability['issue_type'].to_s }"
-      finding['code_desc'] << "provider : #{vulnerability['provider'].to_s }"
+      finding['code_desc'] << "source_comp_id : #{vulnerability['source_comp_id']}"
+      finding['code_desc'] << "vulnerable_versions : #{vulnerability['component_versions']['vulnerable_versions']}"
+      finding['code_desc'] << "fixed_versions : #{vulnerability['component_versions']['fixed_versions']}"
+      finding['code_desc'] << "issue_type : #{vulnerability['issue_type']}"
+      finding['code_desc'] << "provider : #{vulnerability['provider']}"
       finding['code_desc'] = finding['code_desc'].join("\n")
       finding['run_time'] = NA_FLOAT
 
@@ -57,17 +56,25 @@ module HeimdallTools
       [finding]
     end
 
+    def format_control_desc(vulnerability)
+      text = []
+      info = vulnerability['component_versions']['more_details']
+      text << info['description'].to_s
+      text << "cves: #{info['cves']}" unless info['cves'].nil?
+      text.join('<br>')
+    end
+
     def nist_tag(cweid)
-      entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
+      entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? }
       tags = entries.map { |x| x[:nistid] }
       tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
 
     def parse_identifiers(vulnerability, ref)
       # Extracting id number from reference style CWE-297
-      vulnerability['component_versions']['more_details']['cves'][0][ref.downcase].map { |e| e.split("#{ref}-")[1]  }
-      rescue
-        return []
+      vulnerability['component_versions']['more_details']['cves'][0][ref.downcase].map { |e| e.split("#{ref}-")[1] }
+    rescue StandardError
+      []
     end
 
     def impact(severity)
@@ -83,17 +90,17 @@ module HeimdallTools
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
     # Xray report could have multiple vulnerability entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
@@ -104,9 +111,9 @@ module HeimdallTools
     def to_hdf
       controls = []
       vulnerability_count = 0
-      @project['data'].uniq.each do | vulnerability |
+      @project['data'].uniq.each do |vulnerability|
         printf("\rProcessing: %s", $spinner.next)
-        
+
         vulnerability_count +=1
         item = {}
         item['tags']               = {}
@@ -115,26 +122,26 @@ module HeimdallTools
         item['source_location']    = NA_HASH
         item['descriptions']       = NA_ARRAY
 
-        # Xray JSONs might note have `id` fields populated. 
+        # Xray JSONs might note have `id` fields populated.
         # If thats a case MD5 hash is used to collapse vulnerability findings of the same type.
-        item['id']                 = vulnerability['id'].empty? ? OpenSSL::Digest::MD5.digest(vulnerability['summary'].to_s).unpack("H*")[0].to_s : vulnerability['id']
+        item['id']                 = vulnerability['id'].empty? ? OpenSSL::Digest::MD5.digest(vulnerability['summary'].to_s).unpack1('H*').to_s : vulnerability['id']
         item['title']              = vulnerability['summary'].to_s
-        item['desc']               = vulnerability['component_versions']['more_details']['description'].to_s
-        item['impact']             = impact(vulnerability['severity'].to_s) 
+        item['desc']               = format_control_desc(vulnerability)
+        item['impact']             = impact(vulnerability['severity'].to_s)
         item['code']               = NA_STRING
         item['results']            = finding(vulnerability)
 
-        item['tags']['nist']       = nist_tag( parse_identifiers( vulnerability, 'CWE') )
-        item['tags']['cweid']      = parse_identifiers( vulnerability, 'CWE')
+        item['tags']['nist']       = nist_tag(parse_identifiers(vulnerability, 'CWE'))
+        item['tags']['cweid']      = parse_identifiers(vulnerability, 'CWE')
 
         controls << item
       end
 
       controls = collapse_duplicates(controls)
-      results = HeimdallDataFormat.new(profile_name: "JFrog Xray Scan",
+      results = HeimdallDataFormat.new(profile_name: 'JFrog Xray Scan',
                                        version: NA_STRING,
-                                       title: "JFrog Xray Scan", 
-                                       summary: "Continuous Security and Universal Artifact Analysis",
+                                       title: 'JFrog Xray Scan',
+                                       summary: 'Continuous Security and Universal Artifact Analysis',
                                        controls: controls)
       results.to_hdf
     end

data/lib/heimdall_tools/nessus_mapper.rb

@@ -6,7 +6,7 @@ require 'nokogiri'
 
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
-NESSUS_PLUGINS_NIST_MAPPING_FILE =   File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
+NESSUS_PLUGINS_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
 U_CCI_LIST =   File.join(RESOURCE_DIR, 'U_CCI_List.xml')
 
 IMPACT_MAPPING = {
@@ -14,16 +14,16 @@ IMPACT_MAPPING = {
   Low: 0.3,
   Medium: 0.5,
   High: 0.7,
-  Critical: 0.9,
+  Critical: 0.9
 }.freeze
 
-DEFAULT_NIST_TAG = ["unmapped"].freeze
+DEFAULT_NIST_TAG = ['unmapped'].freeze
 
 # Nessus results file 800-53 refs does not contain Nist rev version. Using this default
 # version in that case
 DEFAULT_NIST_REV = 'Rev_4'.freeze
 
-NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
+NA_PLUGIN_OUTPUT = 'This Nessus Plugin does not provide output message.'.freeze
 
 # rubocop:disable Metrics/AbcSize
 
@@ -51,19 +51,16 @@ module HeimdallTools
       rescue StandardError => e
         raise "Invalid Nessus XML file provided Exception: #{e}"
       end
-
     end
 
     def extract_report
-      begin
-        # When there are multiple hosts in the nessus report ReportHost field is an array
-        # When there is only one host in the nessus report ReportHost field is a hash
-        # Array() converts ReportHost to array in case there is only one host
-        reports = @data['NessusClientData_v2']['Report']['ReportHost']
-        reports.kind_of?(Array) ? reports : [reports]
-      rescue StandardError => e
-        raise "Invalid Nessus XML file provided Exception: #{e}"
-      end
+      # When there are multiple hosts in the nessus report ReportHost field is an array
+      # When there is only one host in the nessus report ReportHost field is a hash
+      # Array() converts ReportHost to array in case there is only one host
+      reports = @data['NessusClientData_v2']['Report']['ReportHost']
+      reports.is_a?(Array) ? reports : [reports]
+    rescue StandardError => e
+      raise "Invalid Nessus XML file provided Exception: #{e}"
     end
 
     def parse_refs(refs, key)
@@ -71,24 +68,20 @@ module HeimdallTools
     end
 
     def extract_scaninfo
-      begin
-        policy = @data['NessusClientData_v2']['Policy']
-        info = {}
+      policy = @data['NessusClientData_v2']['Policy']
+      info = {}
 
-        info['policyName'] = policy['policyName']
-        info['version'] = policy['Preferences']['ServerPreferences']['preference'].select {|x| x['name'].eql? 'sc_version'}.first['value']
-        info
-      rescue StandardError => e
-        raise "Invalid Nessus XML file provided Exception: #{e}"
-      end
+      info['policyName'] = policy['policyName']
+      info['version'] = policy['Preferences']['ServerPreferences']['preference'].select { |x| x['name'].eql? 'sc_version' }.first['value']
+      info
+    rescue StandardError => e
+      raise "Invalid Nessus XML file provided Exception: #{e}"
     end
 
     def extract_timestamp(report)
-      begin
-        timestamp = report['HostProperties']['tag'].select {|x| x['name'].eql? 'HOST_START'}.first['text']
-      rescue StandardError => e
-        raise "Invalid Nessus XML file provided Exception: #{e}"
-      end
+      report['HostProperties']['tag'].select { |x| x['name'].eql? 'HOST_START' }.first['text']
+    rescue StandardError => e
+      raise "Invalid Nessus XML file provided Exception: #{e}"
     end
 
     def format_desc(issue)
@@ -129,7 +122,7 @@ module HeimdallTools
 
     def cci_nist_tag(cci_refs)
       nist_tags = []
-      cci_refs.each do | cci_ref |
+      cci_refs.each do |cci_ref|
         item_node = @cci_xml.xpath("//cci_list/cci_items/cci_item[@id='#{cci_ref}']")[0] unless @cci_xml.nil?
         unless item_node.nil?
           nist_ref = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@index').text
@@ -140,7 +133,7 @@ module HeimdallTools
     end
 
     def plugin_nist_tag(pluginfamily, pluginid)
-      entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i)) ) }
+      entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i))) && !x[:nistid].nil? }
       tags = entries.map { |x| [x[:nistid].split('|'), "Rev_#{x[:rev]}"] }
       tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
@@ -148,15 +141,15 @@ module HeimdallTools
     def impact(severity)
       # Map CAT levels and Plugin severity to HDF impact levels
       case severity
-      when "0"
+      when '0'
         IMPACT_MAPPING[:Info]
-      when "1","III"
+      when '1', 'III'
         IMPACT_MAPPING[:Low]
-      when "2","II"
+      when '2', 'II'
         IMPACT_MAPPING[:Medium]
-      when "3","I"
+      when '3', 'I'
         IMPACT_MAPPING[:High]
-      when "4"
+      when '4'
         IMPACT_MAPPING[:Critical]
       else
         -1
@@ -172,17 +165,17 @@ module HeimdallTools
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
     # Nessus report could have multiple issue entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
@@ -192,9 +185,9 @@ module HeimdallTools
 
     def to_hdf
       host_results = {}
-      @reports.each do | report|
+      @reports.each do |report|
         controls = []
-        report['ReportItem'].each do | item |
+        report['ReportItem'].each do |item|
           printf("\rProcessing: %s", $spinner.next)
           @item = {}
           @item['tags']               = {}
@@ -207,7 +200,7 @@ module HeimdallTools
           # Current version covers STIG based 'Policy Compliance' results
           # TODO Cover cases for 'Policy Compliance' results based on CIS
           if item['compliance-reference']
-            @item['id']                 = parse_refs(item['compliance-reference'],'Vuln-ID').join.to_s
+            @item['id']                 = parse_refs(item['compliance-reference'], 'Vuln-ID').join.to_s
           else
             @item['id']                 = item['pluginID'].to_s
           end
@@ -222,17 +215,17 @@ module HeimdallTools
             @item['desc']              = format_desc(item).to_s
           end
           if item['compliance-reference']
-            @item['impact']            = impact(parse_refs(item['compliance-reference'],'CAT').join.to_s)
+            @item['impact']            = impact(parse_refs(item['compliance-reference'], 'CAT').join.to_s)
           else
-            @item['impact']            = impact(item['severity']) 
+            @item['impact']            = impact(item['severity'])
           end
           if item['compliance-reference']
-            @item['tags']['nist']     = cci_nist_tag(parse_refs(item['compliance-reference'],'CCI'))
+            @item['tags']['nist']     = cci_nist_tag(parse_refs(item['compliance-reference'], 'CCI'))
           else
-            @item['tags']['nist']     = plugin_nist_tag(item['pluginFamily'],item['pluginID'])
+            @item['tags']['nist']     = plugin_nist_tag(item['pluginFamily'], item['pluginID'])
           end
           if item['compliance-solution']
-            @item['descriptions']       <<  desc_tags(item['compliance-solution'], 'check')
+            @item['descriptions']       << desc_tags(item['compliance-solution'], 'check')
           end
 
           @item['code']               = ''