heimdall_tools 1.3.40 → 1.3.41

data/lib/heimdall_tools/nessus_mapper.rb

@@ -6,7 +6,7 @@ require 'nokogiri'
 
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
-NESSUS_PLUGINS_NIST_MAPPING_FILE =   File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
+NESSUS_PLUGINS_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
 U_CCI_LIST =   File.join(RESOURCE_DIR, 'U_CCI_List.xml')
 
 IMPACT_MAPPING = {
@@ -14,16 +14,16 @@ IMPACT_MAPPING = {
   Low: 0.3,
   Medium: 0.5,
   High: 0.7,
-  Critical: 0.9,
+  Critical: 0.9
 }.freeze
 
-DEFAULT_NIST_TAG = ["unmapped"].freeze
+DEFAULT_NIST_TAG = ['unmapped'].freeze
 
 # Nessus results file 800-53 refs does not contain Nist rev version. Using this default
 # version in that case
 DEFAULT_NIST_REV = 'Rev_4'.freeze
 
-NA_PLUGIN_OUTPUT = "This Nessus Plugin does not provide output message.".freeze
+NA_PLUGIN_OUTPUT = 'This Nessus Plugin does not provide output message.'.freeze
 
 # rubocop:disable Metrics/AbcSize
 
@@ -51,19 +51,16 @@ module HeimdallTools
       rescue StandardError => e
         raise "Invalid Nessus XML file provided Exception: #{e}"
       end
-
     end
 
     def extract_report
-      begin
-        # When there are multiple hosts in the nessus report ReportHost field is an array
-        # When there is only one host in the nessus report ReportHost field is a hash
-        # Array() converts ReportHost to array in case there is only one host
-        reports = @data['NessusClientData_v2']['Report']['ReportHost']
-        reports.kind_of?(Array) ? reports : [reports]
-      rescue StandardError => e
-        raise "Invalid Nessus XML file provided Exception: #{e}"
-      end
+      # When there are multiple hosts in the nessus report ReportHost field is an array
+      # When there is only one host in the nessus report ReportHost field is a hash
+      # Array() converts ReportHost to array in case there is only one host
+      reports = @data['NessusClientData_v2']['Report']['ReportHost']
+      reports.is_a?(Array) ? reports : [reports]
+    rescue StandardError => e
+      raise "Invalid Nessus XML file provided Exception: #{e}"
     end
 
     def parse_refs(refs, key)
@@ -71,24 +68,20 @@ module HeimdallTools
     end
 
     def extract_scaninfo
-      begin
-        policy = @data['NessusClientData_v2']['Policy']
-        info = {}
+      policy = @data['NessusClientData_v2']['Policy']
+      info = {}
 
-        info['policyName'] = policy['policyName']
-        info['version'] = policy['Preferences']['ServerPreferences']['preference'].select {|x| x['name'].eql? 'sc_version'}.first['value']
-        info
-      rescue StandardError => e
-        raise "Invalid Nessus XML file provided Exception: #{e}"
-      end
+      info['policyName'] = policy['policyName']
+      info['version'] = policy['Preferences']['ServerPreferences']['preference'].select { |x| x['name'].eql? 'sc_version' }.first['value']
+      info
+    rescue StandardError => e
+      raise "Invalid Nessus XML file provided Exception: #{e}"
     end
 
     def extract_timestamp(report)
-      begin
-        timestamp = report['HostProperties']['tag'].select {|x| x['name'].eql? 'HOST_START'}.first['text']
-      rescue StandardError => e
-        raise "Invalid Nessus XML file provided Exception: #{e}"
-      end
+      report['HostProperties']['tag'].select { |x| x['name'].eql? 'HOST_START' }.first['text']
+    rescue StandardError => e
+      raise "Invalid Nessus XML file provided Exception: #{e}"
     end
 
     def format_desc(issue)
@@ -129,7 +122,7 @@ module HeimdallTools
 
     def cci_nist_tag(cci_refs)
       nist_tags = []
-      cci_refs.each do | cci_ref |
+      cci_refs.each do |cci_ref|
         item_node = @cci_xml.xpath("//cci_list/cci_items/cci_item[@id='#{cci_ref}']")[0] unless @cci_xml.nil?
         unless item_node.nil?
           nist_ref = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@index').text
@@ -140,7 +133,7 @@ module HeimdallTools
     end
 
     def plugin_nist_tag(pluginfamily, pluginid)
-      entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i)) ) && !x[:nistid].nil? }
+      entries = @cwe_nist_mapping.select { |x| (x[:pluginfamily].eql?(pluginfamily) && (x[:pluginid].eql?('*') || x[:pluginid].eql?(pluginid.to_i))) && !x[:nistid].nil? }
       tags = entries.map { |x| [x[:nistid].split('|'), "Rev_#{x[:rev]}"] }
       tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
@@ -148,15 +141,15 @@ module HeimdallTools
     def impact(severity)
       # Map CAT levels and Plugin severity to HDF impact levels
       case severity
-      when "0"
+      when '0'
         IMPACT_MAPPING[:Info]
-      when "1","III"
+      when '1', 'III'
         IMPACT_MAPPING[:Low]
-      when "2","II"
+      when '2', 'II'
         IMPACT_MAPPING[:Medium]
-      when "3","I"
+      when '3', 'I'
         IMPACT_MAPPING[:High]
-      when "4"
+      when '4'
         IMPACT_MAPPING[:Critical]
       else
         -1
@@ -172,17 +165,17 @@ module HeimdallTools
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
     # Nessus report could have multiple issue entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
@@ -192,9 +185,9 @@ module HeimdallTools
 
     def to_hdf
       host_results = {}
-      @reports.each do | report|
+      @reports.each do |report|
         controls = []
-        report['ReportItem'].each do | item |
+        report['ReportItem'].each do |item|
           printf("\rProcessing: %s", $spinner.next)
           @item = {}
           @item['tags']               = {}
@@ -207,7 +200,7 @@ module HeimdallTools
           # Current version covers STIG based 'Policy Compliance' results
           # TODO Cover cases for 'Policy Compliance' results based on CIS
           if item['compliance-reference']
-            @item['id']                 = parse_refs(item['compliance-reference'],'Vuln-ID').join.to_s
+            @item['id']                 = parse_refs(item['compliance-reference'], 'Vuln-ID').join.to_s
           else
             @item['id']                 = item['pluginID'].to_s
           end
@@ -222,17 +215,17 @@ module HeimdallTools
             @item['desc']              = format_desc(item).to_s
           end
           if item['compliance-reference']
-            @item['impact']            = impact(parse_refs(item['compliance-reference'],'CAT').join.to_s)
+            @item['impact']            = impact(parse_refs(item['compliance-reference'], 'CAT').join.to_s)
           else
-            @item['impact']            = impact(item['severity']) 
+            @item['impact']            = impact(item['severity'])
           end
           if item['compliance-reference']
-            @item['tags']['nist']     = cci_nist_tag(parse_refs(item['compliance-reference'],'CCI'))
+            @item['tags']['nist']     = cci_nist_tag(parse_refs(item['compliance-reference'], 'CCI'))
           else
-            @item['tags']['nist']     = plugin_nist_tag(item['pluginFamily'],item['pluginID'])
+            @item['tags']['nist']     = plugin_nist_tag(item['pluginFamily'], item['pluginID'])
           end
           if item['compliance-solution']
-            @item['descriptions']       <<  desc_tags(item['compliance-solution'], 'check')
+            @item['descriptions']       << desc_tags(item['compliance-solution'], 'check')
           end
 
           @item['code']               = ''

data/lib/heimdall_tools/netsparker_mapper.rb

@@ -17,13 +17,11 @@ IMPACT_MAPPING = {
   Information: 0.0
 }.freeze
 
-DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
-
-# rubocop:disable Metrics/AbcSize
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 module HeimdallTools
   class NetsparkerMapper
-    def initialize(xml, name=nil, verbose = false)
+    def initialize(xml, _name = nil, verbose = false)
       @verbose = verbose
 
       begin
@@ -33,7 +31,6 @@ module HeimdallTools
 
         @vulnerabilities = data['netsparker-enterprise']['vulnerabilities']['vulnerability']
         @scan_info = data['netsparker-enterprise']['target']
-
       rescue StandardError => e
         raise "Invalid Netsparker XML file provided Exception: #{e}"
       end
@@ -63,7 +60,7 @@ module HeimdallTools
       controls = collapse_duplicates(controls)
       results = HeimdallDataFormat.new(profile_name: 'Netsparker Enterprise Scan',
                                        title: "Netsparker Enterprise Scan ID: #{@scan_info['scan-id']} URL: #{@scan_info['url']}",
-                                       summary: "Netsparker Enterprise Scan",
+                                       summary: 'Netsparker Enterprise Scan',
                                        target_id: @scan_info['url'],
                                        controls: controls)
       results.to_hdf
@@ -79,25 +76,25 @@ module HeimdallTools
       finding = {}
       finding['status'] = 'failed'
       finding['code_desc'] = []
-      finding['code_desc'] << "http-request : #{parse_html(vulnerability['http-request']['content']) }"
+      finding['code_desc'] << "http-request : #{parse_html(vulnerability['http-request']['content'])}"
       finding['code_desc'] << "method : #{vulnerability['http-request']['method']}"
       finding['code_desc'] = finding['code_desc'].join("\n")
 
       finding['message'] = []
-      finding['message'] << "http-response : #{parse_html(vulnerability['http-response']['content']) }"
+      finding['message'] << "http-response : #{parse_html(vulnerability['http-response']['content'])}"
       finding['message'] << "duration : #{vulnerability['http-response']['duration']}"
       finding['message'] << "status-code : #{vulnerability['http-response']['status-code']}"
       finding['message'] = finding['message'].join("\n")
       finding['run_time'] = NA_FLOAT
 
-      finding['start_time'] =  @scan_info['initiated']
+      finding['start_time'] = @scan_info['initiated']
       [finding]
     end
 
     def format_control_desc(vulnerability)
       text = []
-      text << "#{parse_html(vulnerability['description'])}" unless vulnerability['description'].nil?
-      text << "Exploitation-skills: #{parse_html(vulnerability['exploitation-skills'])}"  unless vulnerability['exploitation-skills'].nil?
+      text << parse_html(vulnerability['description']).to_s unless vulnerability['description'].nil?
+      text << "Exploitation-skills: #{parse_html(vulnerability['exploitation-skills'])}" unless vulnerability['exploitation-skills'].nil?
       text << "Extra-information: #{vulnerability['extra-information']}" unless vulnerability['extra-information'].nil?
       text << "Classification: #{vulnerability['classification']}" unless vulnerability['classification'].nil?
       text << "Impact: #{parse_html(vulnerability['impact'])}" unless vulnerability['impact'].nil?
@@ -106,14 +103,14 @@ module HeimdallTools
       text << "Certainty: #{vulnerability['certainty']}" unless vulnerability['certainty'].nil?
       text << "Type: #{vulnerability['type']}" unless vulnerability['type'].nil?
       text << "Confirmed: #{vulnerability['confirmed']}" unless vulnerability['confirmed'].nil?
-      text.join("<br>")
+      text.join('<br>')
     end
 
     def format_check_text(vulnerability)
       text = []
       text << "Exploitation-skills: #{parse_html(vulnerability['exploitation-skills'])}" unless vulnerability['exploitation-skills'].nil?
       text << "Proof-of-concept: #{parse_html(vulnerability['proof-of-concept'])}" unless vulnerability['proof-of-concept'].nil?
-      text.join("<br>")
+      text.join('<br>')
     end
 
     def format_fix_text(vulnerability)
@@ -121,7 +118,7 @@ module HeimdallTools
       text << "Remedial-actions: #{parse_html(vulnerability['remedial-actions'])}" unless vulnerability['remedial-actions'].nil?
       text << "Remedial-procedure: #{parse_html(vulnerability['remedial-procedure'])}" unless vulnerability['remedial-procedure'].nil?
       text << "Remedy-references: #{parse_html(vulnerability['remedy-references'])}" unless vulnerability['remedy-references'].nil?
-      text.join("<br>")
+      text.join('<br>')
     end
 
     def nist_tag(classification)
@@ -146,7 +143,7 @@ module HeimdallTools
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
     # Netsparker report could have multiple issue entries for multiple findings of same issue type.
@@ -156,7 +153,7 @@ module HeimdallTools
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control

data/lib/heimdall_tools/nikto_mapper.rb

@@ -9,10 +9,10 @@ NIKTO_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'nikto-nist-mapping.csv')
 IMPACT_MAPPING = {
   high: 0.7,
   medium: 0.5,
-  low: 0.3,
+  low: 0.3
 }.freeze
 
-DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 # Loading spinner sign
 $spinner = Enumerator.new do |e|
@@ -26,7 +26,7 @@ end
 
 module HeimdallTools
   class NiktoMapper
-    def initialize(nikto_json, name=nil, verbose = false)
+    def initialize(nikto_json, _name = nil, verbose = false)
       @nikto_json = nikto_json
       @verbose = verbose
 
@@ -36,9 +36,9 @@ module HeimdallTools
         raise "Invalid Nikto to NIST mapping file: Exception: #{e}"
       end
 
-        # TODO: Support Multi-target scan results
-        # Nikto multi-target scans generate invalid format JSONs
-        # Possible workaround to use https://stackoverflow.com/a/58209963/1670307
+      # TODO: Support Multi-target scan results
+      # Nikto multi-target scans generate invalid format JSONs
+      # Possible workaround to use https://stackoverflow.com/a/58209963/1670307
 
       begin
         @project = JSON.parse(nikto_json)
@@ -64,7 +64,7 @@ module HeimdallTools
     def finding(vulnerability)
       finding = {}
       finding['status'] = 'failed'
-      finding['code_desc'] = "URL : #{vulnerability['url'].to_s } Method: #{vulnerability['method'].to_s}"
+      finding['code_desc'] = "URL : #{vulnerability['url']} Method: #{vulnerability['method']}"
       finding['run_time'] = NA_FLOAT
       finding['start_time'] = NA_STRING
       [finding]
@@ -83,32 +83,32 @@ module HeimdallTools
     def parse_mapper
       csv_data = CSV.read(NIKTO_NIST_MAPPING_FILE, **{ encoding: 'UTF-8',
                                                    headers: true,
-                                                   header_converters: :symbol})
+                                                   header_converters: :symbol })
       csv_data.map(&:to_hash)
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
-    # Nikto report could have multiple vulnerability entries for multiple findings of same issue type.  
-    # The meta data is identical across entries   
-    # method collapse_duplicates return unique controls with applicable findings collapsed into it. 
-    def collapse_duplicates(controls) 
-      unique_controls = []  
-
-      controls.map { |x| x['id'] }.uniq.each do |id|  
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']} 
-        unique_control = controls.find { |x| x['id'].eql?(id) } 
-        unique_control['results'] = collapsed_results.flatten 
-        unique_controls << unique_control 
-      end 
-      unique_controls 
-    end 
+    # Nikto report could have multiple vulnerability entries for multiple findings of same issue type.
+    # The meta data is identical across entries
+    # method collapse_duplicates return unique controls with applicable findings collapsed into it.
+    def collapse_duplicates(controls)
+      unique_controls = []
+
+      controls.map { |x| x['id'] }.uniq.each do |id|
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
+        unique_control = controls.find { |x| x['id'].eql?(id) }
+        unique_control['results'] = collapsed_results.flatten
+        unique_controls << unique_control
+      end
+      unique_controls
+    end
 
     def to_hdf
       controls = []
-      @project['vulnerabilities'].each do | vulnerability |
+      @project['vulnerabilities'].each do |vulnerability|
         printf("\rProcessing: %s", $spinner.next)
 
         item = {}
@@ -125,11 +125,11 @@ module HeimdallTools
         # Duplicating vulnerability msg field
         item['desc']               = vulnerability['msg'].to_s
 
-        # Nitko does not provide finding severity; hard-coding severity to medium 
-        item['impact']             = impact('medium') 
+        # Nitko does not provide finding severity; hard-coding severity to medium
+        item['impact']             = impact('medium')
         item['code']               = NA_STRING
         item['results']            = finding(vulnerability)
-        item['tags']['nist']       = nist_tag( vulnerability['id'].to_s )
+        item['tags']['nist']       = nist_tag(vulnerability['id'].to_s)
         item['tags']['ösvdb']      = vulnerability['OSVDB']
 
         controls << item

data/lib/heimdall_tools/snyk_mapper.rb

@@ -10,12 +10,12 @@ CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
 IMPACT_MAPPING = {
   high: 0.7,
   medium: 0.5,
-  low: 0.3,
+  low: 0.3
 }.freeze
 
 SNYK_VERSION_REGEX = 'v(\d+.)(\d+.)(\d+)'.freeze
 
-DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 # Loading spinner sign
 $spinner = Enumerator.new do |e|
@@ -29,7 +29,7 @@ end
 
 module HeimdallTools
   class SnykMapper
-    def initialize(synk_json, name=nil, verbose = false)
+    def initialize(synk_json, _name = nil, verbose = false)
       @synk_json = synk_json
       @verbose = verbose
 
@@ -38,10 +38,9 @@ module HeimdallTools
         @projects = JSON.parse(synk_json)
 
         # Cover single and multi-project scan use cases.
-        unless @projects.kind_of?(Array)
-          @projects = [ @projects ]
+        unless @projects.is_a?(Array)
+          @projects = [@projects]
         end
-
       rescue StandardError => e
         raise "Invalid Snyk JSON file provided Exception: #{e}"
       end
@@ -52,7 +51,7 @@ module HeimdallTools
       begin
         info['policy'] = project['policy']
         reg = Regexp.new(SNYK_VERSION_REGEX, Regexp::IGNORECASE)
-        info['version'] = info['policy'].scan(reg).join 
+        info['version'] = info['policy'].scan(reg).join
         info['projectName'] = project['projectName']
         info['summary'] = project['summary']
 
@@ -65,7 +64,7 @@ module HeimdallTools
     def finding(vulnerability)
       finding = {}
       finding['status'] = 'failed'
-      finding['code_desc'] = "From : [ #{vulnerability['from'].join(" , ").to_s } ]"
+      finding['code_desc'] = "From : [ #{vulnerability['from'].join(' , ')} ]"
       finding['run_time'] = NA_FLOAT
 
       # Snyk results does not profile scan timestamp; using current time to satisfy HDF format
@@ -81,9 +80,9 @@ module HeimdallTools
 
     def parse_identifiers(vulnerability, ref)
       # Extracting id number from reference style CWE-297
-      vulnerability['identifiers'][ref].map { |e| e.split("#{ref}-")[1]  }
-      rescue
-        return []
+      vulnerability['identifiers'][ref].map { |e| e.split("#{ref}-")[1] }
+    rescue StandardError
+      []
     end
 
     def impact(severity)
@@ -99,17 +98,17 @@ module HeimdallTools
     end
 
     def desc_tags(data, label)
-      { "data": data || NA_STRING, "label": label || NA_STRING }
+      { data: data || NA_STRING, label: label || NA_STRING }
     end
 
     # Snyk report could have multiple vulnerability entries for multiple findings of same issue type.
-    # The meta data is identical across entries 
+    # The meta data is identical across entries
     # method collapse_duplicates return unique controls with applicable findings collapsed into it.
     def collapse_duplicates(controls)
       unique_controls = []
 
       controls.map { |x| x['id'] }.uniq.each do |id|
-        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
         unique_control = controls.find { |x| x['id'].eql?(id) }
         unique_control['results'] = collapsed_results.flatten
         unique_controls << unique_control
@@ -117,12 +116,11 @@ module HeimdallTools
       unique_controls
     end
 
-
     def to_hdf
       project_results = {}
-      @projects.each do | project |
+      @projects.each do |project|
         controls = []
-        project['vulnerabilities'].each do | vulnerability |
+        project['vulnerabilities'].each do |vulnerability|
           printf("\rProcessing: %s", $spinner.next)
 
           item = {}
@@ -135,13 +133,13 @@ module HeimdallTools
           item['title']              = vulnerability['title'].to_s
           item['id']                 = vulnerability['id'].to_s
           item['desc']               = vulnerability['description'].to_s
-          item['impact']             = impact(vulnerability['severity']) 
+          item['impact']             = impact(vulnerability['severity'])
           item['code']               = ''
           item['results']            = finding(vulnerability)
-          item['tags']['nist']       = nist_tag( parse_identifiers( vulnerability, 'CWE') )
-          item['tags']['cweid']      = parse_identifiers( vulnerability, 'CWE')
-          item['tags']['cveid']      = parse_identifiers( vulnerability, 'CVE')
-          item['tags']['ghsaid']     = parse_identifiers( vulnerability, 'GHSA')
+          item['tags']['nist']       = nist_tag(parse_identifiers(vulnerability, 'CWE'))
+          item['tags']['cweid']      = parse_identifiers(vulnerability, 'CWE')
+          item['tags']['cveid']      = parse_identifiers(vulnerability, 'CVE')
+          item['tags']['ghsaid']     = parse_identifiers(vulnerability, 'GHSA')
 
           controls << item
         end