heimdall_tools 1.3.39.pre1 → 1.3.43
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/data/aws-config-mapping.csv +107 -107
- data/lib/heimdall_tools.rb +1 -0
- data/lib/heimdall_tools/aws_config_mapper.rb +55 -36
- data/lib/heimdall_tools/burpsuite_mapper.rb +7 -11
- data/lib/heimdall_tools/cli.rb +19 -8
- data/lib/heimdall_tools/command.rb +0 -2
- data/lib/heimdall_tools/dbprotect_mapper.rb +9 -18
- data/lib/heimdall_tools/fortify_mapper.rb +1 -2
- data/lib/heimdall_tools/hdf.rb +4 -5
- data/lib/heimdall_tools/help/netsparker_mapper.md +7 -0
- data/lib/heimdall_tools/jfrog_xray_mapper.rb +33 -26
- data/lib/heimdall_tools/nessus_mapper.rb +39 -46
- data/lib/heimdall_tools/netsparker_mapper.rb +164 -0
- data/lib/heimdall_tools/nikto_mapper.rb +27 -27
- data/lib/heimdall_tools/snyk_mapper.rb +20 -22
- data/lib/heimdall_tools/sonarqube_mapper.rb +23 -21
- data/lib/heimdall_tools/zap_mapper.rb +3 -4
- data/lib/utilities/xml_to_hash.rb +6 -6
- metadata +43 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c43f6e237587993013cf521088d30cc83404ff141ec8b172ae8562bd8a48d977
|
|
4
|
+
data.tar.gz: e9ee689580ae95807ca329d086228f3ded50b2e6a162276e0d2d222729c42767
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d4880095e40720edc57619f79c5dd8a4000be7c16e9be8395e23057f3cd4f33844bea39c7d5f7814fbf9553b903057faf3ae49792f2f7fca4e0e89368ae4ad3
|
|
7
|
+
data.tar.gz: 95395b98c52a5854ca5115e3fea4159ccab351445a4a79fa241ecdc2c60f0f41b86f1328476b62594f3eb5d56bd02dc727b4172878a5aac8db38803318b6328d
|
data/README.md
CHANGED
|
@@ -15,6 +15,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
|
|
|
15
15
|
- **jfrog_xray_mapper** - package vulnerability scanner
|
|
16
16
|
- **dbprotect_mapper** - database vulnerability scanner
|
|
17
17
|
- **aws_config_mapper** - assess, audit, and evaluate AWS resources
|
|
18
|
+
- **netsparker_mapper** - web application security scanner
|
|
18
19
|
|
|
19
20
|
Ruby 2.4 or higher (check using "ruby -v")
|
|
20
21
|
|
|
@@ -234,6 +235,23 @@ FLAGS:
|
|
|
234
235
|
example: heimdall_tools aws_config_mapper -o aws_config_results_hdf.json
|
|
235
236
|
```
|
|
236
237
|
|
|
238
|
+
## netsparker_mapper
|
|
239
|
+
|
|
240
|
+
netsparker_mapper translates an Netsparker XML results file into HDF format JSON to be viewable in Heimdall.
|
|
241
|
+
|
|
242
|
+
The current iteration only works with Netsparker Enterprise Vulnerabilities Scan.
|
|
243
|
+
|
|
244
|
+
```
|
|
245
|
+
USAGE: heimdall_tools netsparker_mapper [OPTIONS] -x <netsparker_results_xml> -o <hdf-scan-results.json>
|
|
246
|
+
|
|
247
|
+
FLAGS:
|
|
248
|
+
-x <netsparker_results_xml> : path to netsparker results XML file.
|
|
249
|
+
-o --output <scan-results> : path to output scan-results json.
|
|
250
|
+
-V --verbose : verbose run [optional].
|
|
251
|
+
|
|
252
|
+
example: heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json
|
|
253
|
+
```
|
|
254
|
+
|
|
237
255
|
## version
|
|
238
256
|
|
|
239
257
|
Prints out the gem version
|
|
@@ -1,107 +1,107 @@
|
|
|
1
|
-
AwsConfigRuleName,NIST-ID,Rev
|
|
2
|
-
secretsmanager-scheduled-rotation-success-check,AC-2(1)|AC-2(j),4
|
|
3
|
-
iam-user-group-membership-check,AC-2(1)|AC-2(j)|AC-3|AC-6,4
|
|
4
|
-
iam-password-policy,AC-2(1)|AC-2(f)|AC-2(j)|IA-2|IA-5(1)(a)(d)(e)|IA-5(4),4
|
|
5
|
-
access-keys-rotated,AC-2(1)|AC-2(j),4
|
|
6
|
-
iam-user-unused-credentials-check,AC-2(1)|AC-2(3)|AC-2(f)|AC-3|AC-6,4
|
|
7
|
-
securityhub-enabled,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|SA-10|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
|
|
8
|
-
guardduty-enabled-centralized,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|RA-5|SA-10|SI-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
|
|
9
|
-
cloud-trail-cloud-watch-logs-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-6(1)(3)|AU-7(1)|AU-12(a)(c)|CA-7(a)(b)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
|
|
10
|
-
cloudtrail-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
11
|
-
multi-region-cloudtrail-enabled,AC-2(4)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
12
|
-
rds-logging-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
13
|
-
cloudwatch-alarm-action-check,AC-2(4)|AU-6(1)(3)|AU-7(1)|CA-7(a)(b)|IR-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
|
|
14
|
-
redshift-cluster-configuration-check,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-13|SC-28,4
|
|
15
|
-
iam-root-access-key-check,AC-2(f)|AC-2(j)|AC-3|AC-6|AC-6(10),4
|
|
16
|
-
s3-bucket-logging-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
17
|
-
cloudtrail-s3-dataevents-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
18
|
-
root-account-mfa-enabled,AC-2(j)|IA-2(1)(11),4
|
|
19
|
-
emr-kerberos-enabled,AC-2(j)|AC-3|AC-5(c)|AC-6,4
|
|
20
|
-
iam-group-has-users-check,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
|
|
21
|
-
iam-policy-no-statements-with-admin-access,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
|
|
22
|
-
iam-user-no-policies-check,AC-2(j)|AC-3|AC-5(c)|AC-6,4
|
|
23
|
-
s3-bucket-public-write-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
24
|
-
lambda-function-public-access-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
25
|
-
rds-snapshots-public-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
26
|
-
redshift-cluster-public-access-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
27
|
-
s3-bucket-policy-grantee-check,AC-3|AC-6|SC-7|SC-7(3),4
|
|
28
|
-
s3-bucket-public-read-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
29
|
-
s3-account-level-public-access-blocks,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
30
|
-
dms-replication-not-public,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
31
|
-
ebs-snapshot-public-restorable-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
32
|
-
sagemaker-notebook-no-direct-internet-access,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
33
|
-
rds-instance-public-access-check,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
34
|
-
lambda-inside-vpc,AC-4|SC-7|SC-7(3),4
|
|
35
|
-
ec2-instances-in-vpc,AC-4|SC-7|SC-7(3),4
|
|
36
|
-
restricted-common-ports,AC-4|CM-2|SC-7|SC-7(3),4
|
|
37
|
-
restricted-ssh,AC-4|SC-7|SC-7(3),4
|
|
38
|
-
vpc-default-security-group-closed,AC-4|SC-7|SC-7(3),4
|
|
39
|
-
vpc-sg-open-only-to-authorized-ports,AC-4|SC-7|SC-7(3),4
|
|
40
|
-
acm-certificate-expiration-check,AC-4|AC-17(2)|SC-12,4
|
|
41
|
-
ec2-instance-no-public-ip,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
42
|
-
elasticsearch-in-vpc-only,AC-4|SC-7|SC-7(3),4
|
|
43
|
-
emr-master-no-public-ip,AC-4|AC-21(b)|SC-7|SC-7(3),4
|
|
44
|
-
internet-gateway-authorized-vpc-only,AC-4|AC-17(3)|SC-7|SC-7(3),4
|
|
45
|
-
codebuild-project-envvar-awscred-check,AC-6|IA-5(7)|SA-3(a),4
|
|
46
|
-
ec2-imdsv2-check,AC-6,4
|
|
47
|
-
iam-no-inline-policy-check,AC-6,4
|
|
48
|
-
alb-http-to-https-redirection-check,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13|SC-23,4
|
|
49
|
-
redshift-require-tls-ssl,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
|
|
50
|
-
s3-bucket-ssl-requests-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
|
|
51
|
-
elb-acm-certificate-required,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
|
|
52
|
-
alb-http-drop-invalid-header-enabled,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
|
|
53
|
-
elb-tls-https-listeners-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
|
|
54
|
-
api-gw-execution-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
55
|
-
elb-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
56
|
-
vpc-flow-logs-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
57
|
-
wafv2-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-7|SI-4(a)(b)(c),4
|
|
58
|
-
cloud-trail-encryption-enabled,AU-9|SC-13|SC-28,4
|
|
59
|
-
cloudwatch-log-group-encrypted,AU-9|SC-13|SC-28,4
|
|
60
|
-
s3-bucket-replication-enabled,AU-9(2)|CP-9(b)|CP-10|SC-5|SC-36,4
|
|
61
|
-
cw-loggroup-retention-period-check,AU-11|SI-12,4
|
|
62
|
-
ec2-instance-detailed-monitoring-enabled,CA-7(a)(b)|SI-4(2)|SI-4(a)(b)(c),4
|
|
63
|
-
rds-enhanced-monitoring-enabled,CA-7(a)(b),4
|
|
64
|
-
ec2-instance-managed-by-systems-manager,CM-2|CM-7(a)|CM-8(1)|CM-8(3)(a)|SA-3(a)|SA-10|SI-2(2)|SI-7(1),4
|
|
65
|
-
ec2-managedinstance-association-compliance-status-check,CM-2|CM-7(a)|CM-8(3)(a)|SI-2(2),4
|
|
66
|
-
ec2-stopped-instance,CM-2,4
|
|
67
|
-
ec2-volume-inuse-check,CM-2|SC-4,4
|
|
68
|
-
elb-deletion-protection-enabled,CM-2|CP-10,4
|
|
69
|
-
cloudtrail-security-trail-enabled,CM-2,4
|
|
70
|
-
ec2-managedinstance-patch-compliance-status-check,CM-8(3)(a)|SI-2(2)|SI-7(1),4
|
|
71
|
-
db-instance-backup-enabled,CP-9(b)|CP-10|SI-12,4
|
|
72
|
-
dynamodb-pitr-enabled,CP-9(b)|CP-10|SI-12,4
|
|
73
|
-
elasticache-redis-cluster-automatic-backup-check,CP-9(b)|CP-10|SI-12,4
|
|
74
|
-
dynamodb-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
75
|
-
ebs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
76
|
-
efs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
77
|
-
rds-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
78
|
-
dynamodb-autoscaling-enabled,CP-10|SC-5,4
|
|
79
|
-
rds-multi-az-support,CP-10|SC-5|SC-36,4
|
|
80
|
-
s3-bucket-versioning-enabled,CP-10|SI-12,4
|
|
81
|
-
vpc-vpn-2-tunnels-up,CP-10,4
|
|
82
|
-
elb-cross-zone-load-balancing-enabled,CP-10|SC-5,4
|
|
83
|
-
root-account-hardware-mfa-enabled,IA-2(1)(11),4
|
|
84
|
-
mfa-enabled-for-iam-console-access,IA-2(1)(2)(11),4
|
|
85
|
-
iam-user-mfa-enabled,IA-2(1)(2)(11),4
|
|
86
|
-
guardduty-non-archived-findings,IR-4(1)|IR-6(1)|IR-7(1)|RA-5|SA-10|SI-4(a)(b)(c),4
|
|
87
|
-
codebuild-project-source-repo-url-check,SA-3(a),4
|
|
88
|
-
autoscaling-group-elb-healthcheck-required,SC-5,4
|
|
89
|
-
rds-instance-deletion-protection-enabled,SC-5,4
|
|
90
|
-
alb-waf-enabled,SC-7|SI-4(a)(b)(c),4
|
|
91
|
-
elasticsearch-node-to-node-encryption-check,SC-7|SC-8|SC-8(1),4
|
|
92
|
-
cmk-backing-key-rotation-enabled,SC-12,4
|
|
93
|
-
kms-cmk-not-scheduled-for-deletion,SC-12|SC-28,4
|
|
94
|
-
api-gw-cache-enabled-and-encrypted,SC-13|SC-28,4
|
|
95
|
-
efs-encrypted-check,SC-13|SC-28,4
|
|
96
|
-
elasticsearch-encrypted-at-rest,SC-13|SC-28,4
|
|
97
|
-
encrypted-volumes,SC-13|SC-28,4
|
|
98
|
-
rds-storage-encrypted,SC-13|SC-28,4
|
|
99
|
-
s3-bucket-server-side-encryption-enabled,SC-13|SC-28,4
|
|
100
|
-
sagemaker-endpoint-configuration-kms-key-configured,SC-13|SC-28,4
|
|
101
|
-
sagemaker-notebook-instance-kms-key-configured,SC-13|SC-28,4
|
|
102
|
-
sns-encrypted-kms,SC-13|SC-28,4
|
|
103
|
-
dynamodb-table-encrypted-kms,SC-13,4
|
|
104
|
-
s3-bucket-default-lock-enabled,SC-28,4
|
|
105
|
-
ec2-ebs-encryption-by-default,SC-28,4
|
|
106
|
-
rds-snapshot-encrypted,SC-28,4
|
|
107
|
-
cloud-trail-log-file-validation-enabled,SI-7|SI-7(1),4
|
|
1
|
+
AwsConfigRuleSourceIdentifier,AwsConfigRuleName,NIST-ID,Rev
|
|
2
|
+
SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK,secretsmanager-scheduled-rotation-success-check,AC-2(1)|AC-2(j),4
|
|
3
|
+
IAM_USER_GROUP_MEMBERSHIP_CHECK,iam-user-group-membership-check,AC-2(1)|AC-2(j)|AC-3|AC-6,4
|
|
4
|
+
IAM_PASSWORD_POLICY,iam-password-policy,AC-2(1)|AC-2(f)|AC-2(j)|IA-2|IA-5(1)(a)(d)(e)|IA-5(4),4
|
|
5
|
+
ACCESS_KEYS_ROTATED,access-keys-rotated,AC-2(1)|AC-2(j),4
|
|
6
|
+
IAM_USER_UNUSED_CREDENTIALS_CHECK,iam-user-unused-credentials-check,AC-2(1)|AC-2(3)|AC-2(f)|AC-3|AC-6,4
|
|
7
|
+
SECURITYHUB_ENABLED,securityhub-enabled,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|SA-10|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
|
|
8
|
+
GUARDDUTY_ENABLED_CENTRALIZED,guardduty-enabled-centralized,AC-2(1)|AC-2(4)|AC-2(12)(a)|AC-2(g)|AC-17(1)|AU-6(1)(3)|CA-7(a)(b)|RA-5|SA-10|SI-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(16)|SI-4(a)(b)(c),4
|
|
9
|
+
CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED,cloud-trail-cloud-watch-logs-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-6(1)(3)|AU-7(1)|AU-12(a)(c)|CA-7(a)(b)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
|
|
10
|
+
CLOUD_TRAIL_ENABLED,cloudtrail-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
11
|
+
MULTI_REGION_CLOUD_TRAIL_ENABLED,multi-region-cloudtrail-enabled,AC-2(4)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
12
|
+
RDS_LOGGING_ENABLED,rds-logging-enabled,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
13
|
+
CLOUDWATCH_ALARM_ACTION_CHECK,cloudwatch-alarm-action-check,AC-2(4)|AU-6(1)(3)|AU-7(1)|CA-7(a)(b)|IR-4(1)|SI-4(2)|SI-4(4)|SI-4(5)|SI-4(a)(b)(c),4
|
|
14
|
+
REDSHIFT_CLUSTER_CONFIGURATION_CHECK,redshift-cluster-configuration-check,AC-2(4)|AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-13|SC-28,4
|
|
15
|
+
IAM_ROOT_ACCESS_KEY_CHECK,iam-root-access-key-check,AC-2(f)|AC-2(j)|AC-3|AC-6|AC-6(10),4
|
|
16
|
+
S3_BUCKET_LOGGING_ENABLED,s3-bucket-logging-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
17
|
+
CLOUDTRAIL_S3_DATAEVENTS_ENABLED,cloudtrail-s3-dataevents-enabled,AC-2(g)|AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
18
|
+
ROOT_ACCOUNT_MFA_ENABLED,root-account-mfa-enabled,AC-2(j)|IA-2(1)(11),4
|
|
19
|
+
EMR_KERBEROS_ENABLED,emr-kerberos-enabled,AC-2(j)|AC-3|AC-5(c)|AC-6,4
|
|
20
|
+
IAM_GROUP_HAS_USERS_CHECK,iam-group-has-users-check,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
|
|
21
|
+
IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS,iam-policy-no-statements-with-admin-access,AC-2(j)|AC-3|AC-5(c)|AC-6|SC-2,4
|
|
22
|
+
IAM_USER_NO_POLICIES_CHECK,iam-user-no-policies-check,AC-2(j)|AC-3|AC-5(c)|AC-6,4
|
|
23
|
+
S3_BUCKET_PUBLIC_WRITE_PROHIBITED,s3-bucket-public-write-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
24
|
+
LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED,lambda-function-public-access-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
25
|
+
RDS_SNAPSHOTS_PUBLIC_PROHIBITED,rds-snapshots-public-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
26
|
+
REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK,redshift-cluster-public-access-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
27
|
+
S3_BUCKET_POLICY_GRANTEE_CHECK,s3-bucket-policy-grantee-check,AC-3|AC-6|SC-7|SC-7(3),4
|
|
28
|
+
S3_BUCKET_PUBLIC_READ_PROHIBITED,s3-bucket-public-read-prohibited,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
29
|
+
S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS,s3-account-level-public-access-blocks,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
30
|
+
DMS_REPLICATION_NOT_PUBLIC,dms-replication-not-public,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
31
|
+
EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK,ebs-snapshot-public-restorable-check,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
32
|
+
SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS,sagemaker-notebook-no-direct-internet-access,AC-3|AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
33
|
+
RDS_INSTANCE_PUBLIC_ACCESS_CHECK,rds-instance-public-access-check,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
34
|
+
LAMBDA_INSIDE_VPC,lambda-inside-vpc,AC-4|SC-7|SC-7(3),4
|
|
35
|
+
INSTANCES_IN_VPC,ec2-instances-in-vpc,AC-4|SC-7|SC-7(3),4
|
|
36
|
+
RESTRICTED_INCOMING_TRAFFIC,restricted-common-ports,AC-4|CM-2|SC-7|SC-7(3),4
|
|
37
|
+
INCOMING_SSH_DISABLED,restricted-ssh,AC-4|SC-7|SC-7(3),4
|
|
38
|
+
VPC_DEFAULT_SECURITY_GROUP_CLOSED,vpc-default-security-group-closed,AC-4|SC-7|SC-7(3),4
|
|
39
|
+
VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS,vpc-sg-open-only-to-authorized-ports,AC-4|SC-7|SC-7(3),4
|
|
40
|
+
ACM_CERTIFICATE_EXPIRATION_CHECK,acm-certificate-expiration-check,AC-4|AC-17(2)|SC-12,4
|
|
41
|
+
EC2_INSTANCE_NO_PUBLIC_IP,ec2-instance-no-public-ip,AC-4|AC-6|AC-21(b)|SC-7|SC-7(3),4
|
|
42
|
+
ELASTICSEARCH_IN_VPC_ONLY,elasticsearch-in-vpc-only,AC-4|SC-7|SC-7(3),4
|
|
43
|
+
EMR_MASTER_NO_PUBLIC_IP,emr-master-no-public-ip,AC-4|AC-21(b)|SC-7|SC-7(3),4
|
|
44
|
+
INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY,internet-gateway-authorized-vpc-only,AC-4|AC-17(3)|SC-7|SC-7(3),4
|
|
45
|
+
CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK,codebuild-project-envvar-awscred-check,AC-6|IA-5(7)|SA-3(a),4
|
|
46
|
+
EC2_IMDSV2_CHECK,ec2-imdsv2-check,AC-6,4
|
|
47
|
+
IAM_NO_INLINE_POLICY_CHECK,iam-no-inline-policy-check,AC-6,4
|
|
48
|
+
ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK,alb-http-to-https-redirection-check,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13|SC-23,4
|
|
49
|
+
REDSHIFT_REQUIRE_TLS_SSL,redshift-require-tls-ssl,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
|
|
50
|
+
S3_BUCKET_SSL_REQUESTS_ONLY,s3-bucket-ssl-requests-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
|
|
51
|
+
ELB_ACM_CERTIFICATE_REQUIRED,elb-acm-certificate-required,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-13,4
|
|
52
|
+
ALB_HTTP_DROP_INVALID_HEADER_ENABLED,alb-http-drop-invalid-header-enabled,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
|
|
53
|
+
ELB_TLS_HTTPS_LISTENERS_ONLY,elb-tls-https-listeners-only,AC-17(2)|SC-7|SC-8|SC-8(1)|SC-23,4
|
|
54
|
+
API_GW_EXECUTION_LOGGING_ENABLED,api-gw-execution-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
55
|
+
ELB_LOGGING_ENABLED,elb-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
56
|
+
VPC_FLOW_LOGS_ENABLED,vpc-flow-logs-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c),4
|
|
57
|
+
WAFV2_LOGGING_ENABLED,wafv2-logging-enabled,AU-2(a)(d)|AU-3|AU-12(a)(c)|SC-7|SI-4(a)(b)(c),4
|
|
58
|
+
CLOUD_TRAIL_ENCRYPTION_ENABLED,cloud-trail-encryption-enabled,AU-9|SC-13|SC-28,4
|
|
59
|
+
CLOUDWATCH_LOG_GROUP_ENCRYPTED,cloudwatch-log-group-encrypted,AU-9|SC-13|SC-28,4
|
|
60
|
+
S3_BUCKET_REPLICATION_ENABLED,s3-bucket-replication-enabled,AU-9(2)|CP-9(b)|CP-10|SC-5|SC-36,4
|
|
61
|
+
CW_LOGGROUP_RETENTION_PERIOD_CHECK,cw-loggroup-retention-period-check,AU-11|SI-12,4
|
|
62
|
+
EC2_INSTANCE_DETAILED_MONITORING_ENABLED,ec2-instance-detailed-monitoring-enabled,CA-7(a)(b)|SI-4(2)|SI-4(a)(b)(c),4
|
|
63
|
+
RDS_ENHANCED_MONITORING_ENABLED,rds-enhanced-monitoring-enabled,CA-7(a)(b),4
|
|
64
|
+
EC2_INSTANCE_MANAGED_BY_SSM,ec2-instance-managed-by-systems-manager,CM-2|CM-7(a)|CM-8(1)|CM-8(3)(a)|SA-3(a)|SA-10|SI-2(2)|SI-7(1),4
|
|
65
|
+
EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK,ec2-managedinstance-association-compliance-status-check,CM-2|CM-7(a)|CM-8(3)(a)|SI-2(2),4
|
|
66
|
+
EC2_STOPPED_INSTANCE,ec2-stopped-instance,CM-2,4
|
|
67
|
+
EC2_VOLUME_INUSE_CHECK,ec2-volume-inuse-check,CM-2|SC-4,4
|
|
68
|
+
ELB_DELETION_PROTECTION_ENABLED,elb-deletion-protection-enabled,CM-2|CP-10,4
|
|
69
|
+
CLOUDTRAIL_SECURITY_TRAIL_ENABLED,cloudtrail-security-trail-enabled,CM-2,4
|
|
70
|
+
EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK,ec2-managedinstance-patch-compliance-status-check,CM-8(3)(a)|SI-2(2)|SI-7(1),4
|
|
71
|
+
DB_INSTANCE_BACKUP_ENABLED,db-instance-backup-enabled,CP-9(b)|CP-10|SI-12,4
|
|
72
|
+
DYNAMODB_PITR_ENABLED,dynamodb-pitr-enabled,CP-9(b)|CP-10|SI-12,4
|
|
73
|
+
ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK,elasticache-redis-cluster-automatic-backup-check,CP-9(b)|CP-10|SI-12,4
|
|
74
|
+
DYNAMODB_IN_BACKUP_PLAN,dynamodb-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
75
|
+
EBS_IN_BACKUP_PLAN,ebs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
76
|
+
EFS_IN_BACKUP_PLAN,efs-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
77
|
+
RDS_IN_BACKUP_PLAN,rds-in-backup-plan,CP-9(b)|CP-10|SI-12,4
|
|
78
|
+
DYNAMODB_AUTOSCALING_ENABLED,dynamodb-autoscaling-enabled,CP-10|SC-5,4
|
|
79
|
+
RDS_MULTI_AZ_SUPPORT,rds-multi-az-support,CP-10|SC-5|SC-36,4
|
|
80
|
+
S3_BUCKET_VERSIONING_ENABLED,s3-bucket-versioning-enabled,CP-10|SI-12,4
|
|
81
|
+
VPC_VPN_2_TUNNELS_UP,vpc-vpn-2-tunnels-up,CP-10,4
|
|
82
|
+
ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED,elb-cross-zone-load-balancing-enabled,CP-10|SC-5,4
|
|
83
|
+
ROOT_ACCOUNT_HARDWARE_MFA_ENABLED,root-account-hardware-mfa-enabled,IA-2(1)(11),4
|
|
84
|
+
MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS,mfa-enabled-for-iam-console-access,IA-2(1)(2)(11),4
|
|
85
|
+
IAM_USER_MFA_ENABLED,iam-user-mfa-enabled,IA-2(1)(2)(11),4
|
|
86
|
+
GUARDDUTY_NON_ARCHIVED_FINDINGS,guardduty-non-archived-findings,IR-4(1)|IR-6(1)|IR-7(1)|RA-5|SA-10|SI-4(a)(b)(c),4
|
|
87
|
+
CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK,codebuild-project-source-repo-url-check,SA-3(a),4
|
|
88
|
+
AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED,autoscaling-group-elb-healthcheck-required,SC-5,4
|
|
89
|
+
RDS_INSTANCE_DELETION_PROTECTION_ENABLED,rds-instance-deletion-protection-enabled,SC-5,4
|
|
90
|
+
ALB_WAF_ENABLED,alb-waf-enabled,SC-7|SI-4(a)(b)(c),4
|
|
91
|
+
ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK,elasticsearch-node-to-node-encryption-check,SC-7|SC-8|SC-8(1),4
|
|
92
|
+
CMK_BACKING_KEY_ROTATION_ENABLED,cmk-backing-key-rotation-enabled,SC-12,4
|
|
93
|
+
KMS_CMK_NOT_SCHEDULED_FOR_DELETION,kms-cmk-not-scheduled-for-deletion,SC-12|SC-28,4
|
|
94
|
+
API_GW_CACHE_ENABLED_AND_ENCRYPTED,api-gw-cache-enabled-and-encrypted,SC-13|SC-28,4
|
|
95
|
+
EFS_ENCRYPTED_CHECK,efs-encrypted-check,SC-13|SC-28,4
|
|
96
|
+
ELASTICSEARCH_ENCRYPTED_AT_REST,elasticsearch-encrypted-at-rest,SC-13|SC-28,4
|
|
97
|
+
ENCRYPTED_VOLUMES,encrypted-volumes,SC-13|SC-28,4
|
|
98
|
+
RDS_STORAGE_ENCRYPTED,rds-storage-encrypted,SC-13|SC-28,4
|
|
99
|
+
S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED,s3-bucket-server-side-encryption-enabled,SC-13|SC-28,4
|
|
100
|
+
SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED,sagemaker-endpoint-configuration-kms-key-configured,SC-13|SC-28,4
|
|
101
|
+
SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED,sagemaker-notebook-instance-kms-key-configured,SC-13|SC-28,4
|
|
102
|
+
SNS_ENCRYPTED_KMS,sns-encrypted-kms,SC-13|SC-28,4
|
|
103
|
+
DYNAMODB_TABLE_ENCRYPTED_KMS,dynamodb-table-encrypted-kms,SC-13,4
|
|
104
|
+
S3_BUCKET_DEFAULT_LOCK_ENABLED,s3-bucket-default-lock-enabled,SC-28,4
|
|
105
|
+
EC2_EBS_ENCRYPTION_BY_DEFAULT,ec2-ebs-encryption-by-default,SC-28,4
|
|
106
|
+
RDS_SNAPSHOT_ENCRYPTED,rds-snapshot-encrypted,SC-28,4
|
|
107
|
+
CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED,cloud-trail-log-file-validation-enabled,SI-7|SI-7(1),4
|
data/lib/heimdall_tools.rb
CHANGED
|
@@ -15,4 +15,5 @@ module HeimdallTools
|
|
|
15
15
|
autoload :JfrogXrayMapper, 'heimdall_tools/jfrog_xray_mapper'
|
|
16
16
|
autoload :DBProtectMapper, 'heimdall_tools/dbprotect_mapper'
|
|
17
17
|
autoload :AwsConfigMapper, 'heimdall_tools/aws_config_mapper'
|
|
18
|
+
autoload :NetsparkerMapper, 'heimdall_tools/netsparker_mapper'
|
|
18
19
|
end
|
|
@@ -13,17 +13,20 @@ INSUFFICIENT_DATA_MSG = 'Not enough data has been collectd to determine complian
|
|
|
13
13
|
##
|
|
14
14
|
# HDF mapper for use with AWS Config rules.
|
|
15
15
|
#
|
|
16
|
-
# Ruby AWS Ruby SDK for ConfigService:
|
|
16
|
+
# Ruby AWS Ruby SDK for ConfigService:
|
|
17
17
|
# - https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ConfigService/Client.html
|
|
18
18
|
#
|
|
19
|
-
# rubocop:disable Metrics/AbcSize, Metrics/ClassLength
|
|
20
19
|
module HeimdallTools
|
|
21
20
|
class AwsConfigMapper
|
|
22
|
-
def initialize(custom_mapping, verbose = false)
|
|
21
|
+
def initialize(custom_mapping, endpoint = nil, verbose = false)
|
|
23
22
|
@verbose = verbose
|
|
24
23
|
@default_mapping = get_rule_mapping(AWS_CONFIG_MAPPING_FILE)
|
|
25
24
|
@custom_mapping = custom_mapping.nil? ? {} : get_rule_mapping(custom_mapping)
|
|
26
|
-
|
|
25
|
+
if endpoint.nil?
|
|
26
|
+
@client = Aws::ConfigService::Client.new
|
|
27
|
+
else
|
|
28
|
+
@client = Aws::ConfigService::Client.new(endpoint: endpoint)
|
|
29
|
+
end
|
|
27
30
|
@issues = get_all_config_rules
|
|
28
31
|
end
|
|
29
32
|
|
|
@@ -35,8 +38,8 @@ module HeimdallTools
|
|
|
35
38
|
def to_hdf
|
|
36
39
|
controls = @issues.map do |issue|
|
|
37
40
|
@item = {}
|
|
38
|
-
@item['id'] = issue[:
|
|
39
|
-
@item['title'] = issue[:config_rule_name]
|
|
41
|
+
@item['id'] = issue[:config_rule_id]
|
|
42
|
+
@item['title'] = "#{get_account_id(issue[:config_rule_arn])} - #{issue[:config_rule_name]}"
|
|
40
43
|
@item['desc'] = issue[:description]
|
|
41
44
|
@item['impact'] = 0.5
|
|
42
45
|
@item['tags'] = hdf_tags(issue)
|
|
@@ -52,27 +55,42 @@ module HeimdallTools
|
|
|
52
55
|
@item
|
|
53
56
|
end
|
|
54
57
|
end
|
|
58
|
+
|
|
55
59
|
results = HeimdallDataFormat.new(
|
|
56
60
|
profile_name: 'AWS Config',
|
|
57
61
|
title: 'AWS Config',
|
|
58
62
|
summary: 'AWS Config',
|
|
59
63
|
controls: controls,
|
|
60
|
-
statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION }
|
|
61
|
-
|
|
64
|
+
statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION },
|
|
65
|
+
)
|
|
62
66
|
results.to_hdf
|
|
63
67
|
end
|
|
64
68
|
|
|
65
69
|
private
|
|
66
70
|
|
|
71
|
+
##
|
|
72
|
+
# Gets the account ID from a config rule ARN
|
|
73
|
+
#
|
|
74
|
+
# https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
|
75
|
+
# https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
|
|
76
|
+
#
|
|
77
|
+
# Params:
|
|
78
|
+
# - arn: The ARN of the config rule
|
|
79
|
+
#
|
|
80
|
+
# Returns: The account ID portion of the ARN
|
|
81
|
+
def get_account_id(arn)
|
|
82
|
+
/:(\d{12}):config-rule/.match(arn)&.captures&.first || 'no-account-id'
|
|
83
|
+
end
|
|
84
|
+
|
|
67
85
|
##
|
|
68
86
|
# Read in a config rule -> 800-53 control mapping CSV.
|
|
69
87
|
#
|
|
70
|
-
# Params:
|
|
88
|
+
# Params:
|
|
71
89
|
# - path: The file path to the CSV file
|
|
72
90
|
#
|
|
73
91
|
# Returns: A mapped version of the csv in the format { rule_name: row, ... }
|
|
74
92
|
def get_rule_mapping(path)
|
|
75
|
-
|
|
93
|
+
CSV.read(path, headers: true).map { |row| [row['AwsConfigRuleSourceIdentifier'], row] }.to_h
|
|
76
94
|
end
|
|
77
95
|
|
|
78
96
|
##
|
|
@@ -142,7 +160,7 @@ module HeimdallTools
|
|
|
142
160
|
end
|
|
143
161
|
|
|
144
162
|
# Map based on name for easy lookup
|
|
145
|
-
|
|
163
|
+
compliance_results.collect { |r| [r.config_rule_name, r.to_h] }.to_h
|
|
146
164
|
end
|
|
147
165
|
|
|
148
166
|
##
|
|
@@ -192,7 +210,7 @@ module HeimdallTools
|
|
|
192
210
|
(result[:result_recorded_time] - result[:config_rule_invoked_time]).round(6)
|
|
193
211
|
end
|
|
194
212
|
# status
|
|
195
|
-
hdf_result['status'] = case result
|
|
213
|
+
hdf_result['status'] = case result[:compliance_type]
|
|
196
214
|
when 'COMPLIANT'
|
|
197
215
|
'passed'
|
|
198
216
|
when 'NON_COMPLIANT'
|
|
@@ -209,19 +227,19 @@ module HeimdallTools
|
|
|
209
227
|
when 'NOT_APPLICABLE'
|
|
210
228
|
rule[:impact] = 0
|
|
211
229
|
rule[:results] << {
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
230
|
+
run_time: 0,
|
|
231
|
+
code_desc: NOT_APPLICABLE_MSG,
|
|
232
|
+
skip_message: NOT_APPLICABLE_MSG,
|
|
233
|
+
start_time: DateTime.now.strftime('%Y-%m-%dT%H:%M:%S%:z'),
|
|
234
|
+
status: 'skipped'
|
|
217
235
|
}
|
|
218
236
|
when 'INSUFFICIENT_DATA'
|
|
219
237
|
rule[:results] << {
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
238
|
+
run_time: 0,
|
|
239
|
+
code_desc: INSUFFICIENT_DATA_MSG,
|
|
240
|
+
skip_message: INSUFFICIENT_DATA_MSG,
|
|
241
|
+
start_time: DateTime.now.strftime('%Y-%m-%dT%H:%M:%S%:z'),
|
|
242
|
+
status: 'skipped'
|
|
225
243
|
}
|
|
226
244
|
end
|
|
227
245
|
end
|
|
@@ -239,18 +257,17 @@ module HeimdallTools
|
|
|
239
257
|
def hdf_tags(config_rule)
|
|
240
258
|
result = {}
|
|
241
259
|
|
|
242
|
-
|
|
243
|
-
@custom_mapping
|
|
260
|
+
source_identifier = config_rule.dig(:source, :source_identifier)
|
|
244
261
|
|
|
245
262
|
# NIST tag
|
|
246
263
|
result['nist'] = []
|
|
247
|
-
default_mapping_match = @default_mapping[
|
|
248
|
-
|
|
249
|
-
result['nist'] += default_mapping_match[
|
|
264
|
+
default_mapping_match = @default_mapping[source_identifier]
|
|
265
|
+
|
|
266
|
+
result['nist'] += default_mapping_match['NIST-ID'].split('|') unless default_mapping_match.nil?
|
|
267
|
+
|
|
268
|
+
custom_mapping_match = @custom_mapping[source_identifier]
|
|
250
269
|
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
result['nist'] += custom_mapping_match[1].split('|').map { |name| "#{name} (user provided)" } unless custom_mapping_match.nil?
|
|
270
|
+
result['nist'] += custom_mapping_match['NIST-ID'].split('|').map { |name| "#{name} (user provided)" } unless custom_mapping_match.nil?
|
|
254
271
|
|
|
255
272
|
result['nist'] = ['unmapped'] if result['nist'].empty?
|
|
256
273
|
|
|
@@ -258,8 +275,11 @@ module HeimdallTools
|
|
|
258
275
|
end
|
|
259
276
|
|
|
260
277
|
def check_text(config_rule)
|
|
261
|
-
|
|
262
|
-
|
|
278
|
+
# If no input parameters, then provide an empty JSON array to the JSON
|
|
279
|
+
# parser because passing nil to JSON.parse throws an exception.
|
|
280
|
+
params = (JSON.parse(config_rule[:input_parameters] || '[]').map { |key, value| "#{key}: #{value}" }).join('<br/>')
|
|
281
|
+
check_text = "ARN: #{config_rule[:config_rule_arn] || 'N/A'}"
|
|
282
|
+
check_text += "<br/>Source Identifier: #{config_rule.dig(:source, :source_identifier) || 'N/A'}"
|
|
263
283
|
check_text += "<br/>#{params}" unless params.empty?
|
|
264
284
|
check_text
|
|
265
285
|
end
|
|
@@ -274,11 +294,10 @@ module HeimdallTools
|
|
|
274
294
|
def hdf_descriptions(config_rule)
|
|
275
295
|
[
|
|
276
296
|
{
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
}
|
|
297
|
+
label: 'check',
|
|
298
|
+
data: check_text(config_rule)
|
|
299
|
+
},
|
|
280
300
|
]
|
|
281
301
|
end
|
|
282
302
|
end
|
|
283
303
|
end
|
|
284
|
-
# rubocop:enable Metrics/AbcSize, Metrics/ClassLength
|
|
@@ -16,13 +16,11 @@ IMPACT_MAPPING = {
|
|
|
16
16
|
|
|
17
17
|
CWE_REGEX = 'CWE-(\d*):'.freeze
|
|
18
18
|
|
|
19
|
-
DEFAULT_NIST_TAG =
|
|
20
|
-
|
|
21
|
-
# rubocop:disable Metrics/AbcSize
|
|
19
|
+
DEFAULT_NIST_TAG = %w{SA-11 RA-5 Rev_4}.freeze
|
|
22
20
|
|
|
23
21
|
module HeimdallTools
|
|
24
22
|
class BurpSuiteMapper
|
|
25
|
-
def initialize(burps_xml,
|
|
23
|
+
def initialize(burps_xml, _name = nil, verbose = false)
|
|
26
24
|
@burps_xml = burps_xml
|
|
27
25
|
@verbose = verbose
|
|
28
26
|
|
|
@@ -33,11 +31,9 @@ module HeimdallTools
|
|
|
33
31
|
@issues = data['issues']['issue']
|
|
34
32
|
@burpVersion = data['issues']['burpVersion']
|
|
35
33
|
@timestamp = data['issues']['exportTime']
|
|
36
|
-
|
|
37
34
|
rescue StandardError => e
|
|
38
35
|
raise "Invalid Burpsuite XML file provided Exception: #{e}"
|
|
39
36
|
end
|
|
40
|
-
|
|
41
37
|
end
|
|
42
38
|
|
|
43
39
|
def parse_html(block)
|
|
@@ -86,17 +82,17 @@ module HeimdallTools
|
|
|
86
82
|
end
|
|
87
83
|
|
|
88
84
|
def desc_tags(data, label)
|
|
89
|
-
{
|
|
85
|
+
{ data: data || NA_STRING, label: label || NA_STRING }
|
|
90
86
|
end
|
|
91
87
|
|
|
92
88
|
# Burpsuite report could have multiple issue entries for multiple findings of same issue type.
|
|
93
|
-
# The meta data is identical across entries
|
|
89
|
+
# The meta data is identical across entries
|
|
94
90
|
# method collapse_duplicates return unique controls with applicable findings collapsed into it.
|
|
95
91
|
def collapse_duplicates(controls)
|
|
96
92
|
unique_controls = []
|
|
97
93
|
|
|
98
94
|
controls.map { |x| x['id'] }.uniq.each do |id|
|
|
99
|
-
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
|
|
95
|
+
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
|
|
100
96
|
unique_control = controls.find { |x| x['id'].eql?(id) }
|
|
101
97
|
unique_control['results'] = collapsed_results.flatten
|
|
102
98
|
unique_controls << unique_control
|
|
@@ -129,8 +125,8 @@ module HeimdallTools
|
|
|
129
125
|
controls = collapse_duplicates(controls)
|
|
130
126
|
results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
|
|
131
127
|
version: @burpVersion,
|
|
132
|
-
title:
|
|
133
|
-
summary:
|
|
128
|
+
title: 'BurpSuite Pro Scan',
|
|
129
|
+
summary: 'BurpSuite Pro Scan',
|
|
134
130
|
controls: controls)
|
|
135
131
|
results.to_hdf
|
|
136
132
|
end
|