heimdall_tools 1.3.40 → 1.3.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,7 +5,7 @@ require 'heimdall_tools/hdf'
5
5
 
6
6
  RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
7
7
 
8
- DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
8
+ DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
9
9
 
10
10
  MAPPING_FILES = {
11
11
  cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
@@ -33,16 +33,18 @@ class SonarQubeApi
33
33
 
34
34
  PAGE_SIZE = 100
35
35
 
36
- def initialize(api_url, auth=nil)
36
+ def initialize(api_url, auth = nil)
37
37
  @api_url = api_url
38
38
  @auth = auth
39
39
  end
40
40
 
41
- def query_api(endpoint, params={})
42
- creds = {
43
- username: @auth.split(':')[0],
44
- password: @auth.split(':')[1]
45
- } unless @auth.nil?
41
+ def query_api(endpoint, params = {})
42
+ unless @auth.nil?
43
+ creds = {
44
+ username: @auth.split(':')[0],
45
+ password: @auth.split(':')[1]
46
+ }
47
+ end
46
48
 
47
49
  response = HTTParty.get(@api_url + endpoint, { query: params, basic_auth: creds })
48
50
  check_response response
@@ -109,9 +111,9 @@ end
109
111
  module HeimdallTools
110
112
  class SonarQubeMapper
111
113
  # Fetches the necessary data from the API and builds report
112
- def initialize(project_name, sonarqube_url, auth=nil)
114
+ def initialize(project_name, sonarqube_url, auth = nil)
113
115
  @project_name = project_name
114
- @api = SonarQubeApi.new(sonarqube_url,auth)
116
+ @api = SonarQubeApi.new(sonarqube_url, auth)
115
117
 
116
118
  @mappings = load_nist_mappings
117
119
  @findings = @api.query_issues(@project_name).map { |x| Finding.new(x, @api) }
@@ -132,16 +134,16 @@ module HeimdallTools
132
134
  headers: true,
133
135
  header_converters: :symbol,
134
136
  converters: :all })
135
- mappings[mapping_type] = Hash[csv_data.reject{ |row| row[:nistid].nil? }.map { |row|
136
- [row[(mapping_type.to_s.downcase + 'id').to_sym].to_s, [row[:nistid], "Rev_#{row[:rev]}"]]
137
- }]
137
+ mappings[mapping_type] = csv_data.reject { |row| row[:nistid].nil? }.map { |row|
138
+ [row["#{mapping_type.to_s.downcase}id".to_sym].to_s, [row[:nistid], "Rev_#{row[:rev]}"]]
139
+ }.to_h
138
140
  end
139
141
  mappings
140
142
  end
141
143
 
142
144
  # Returns a report in HDF format
143
145
  def to_hdf
144
- results = HeimdallDataFormat.new(profile_name: "SonarQube Scan",
146
+ results = HeimdallDataFormat.new(profile_name: 'SonarQube Scan',
145
147
  version: @api.query_version,
146
148
  title: "SonarQube Scan of Project: #{@project_name}",
147
149
  summary: "SonarQube Scan of Project: #{@project_name}",
@@ -156,7 +158,7 @@ class Control
156
158
  # OWASP is stated specifically, ex owasp-a1
157
159
  #
158
160
  # SonarQube is inconsistent with tags (ex some cwe rules don't have cwe number in desc,) as noted below
159
- TAG_DATA = {} # NOTE: We count on Ruby to preserve order for TAG_DATA
161
+ TAG_DATA = {}.freeze # NOTE: We count on Ruby to preserve order for TAG_DATA
160
162
  TAG_DATA[:cwe] = {
161
163
  # Some rules with cwe tag don't have cwe number in description!
162
164
  # Currently only squid:S2658, but it has OWASP tag so we can use that.
@@ -206,8 +208,8 @@ class Control
206
208
  reg = Regexp.new(tag_data[:regex], Regexp::IGNORECASE)
207
209
  parsed_tags += @data['htmlDesc'].scan(reg).map(&:first)
208
210
 
209
- if parsed_tags.empty? and not KNOWN_BAD_RULES.include? @key
210
- puts "Error: Rule #{@key}: No regex matches for #{tag_type} tag." if parsed_tags.empty?
211
+ if parsed_tags.empty? and not KNOWN_BAD_RULES.include? @key && parsed_tags.empty?
212
+ puts "Error: Rule #{@key}: No regex matches for #{tag_type} tag."
211
213
  end
212
214
  else
213
215
  # If the tag type doesn't have a regex, it is specific enough to be mapped directly
@@ -239,11 +241,11 @@ class Control
239
241
  return [@mappings[tag_type][parsed_tag]].flatten.uniq
240
242
  end
241
243
 
242
- DEFAULT_NIST_TAG # Entries with unmapped NIST tags are defaulted to NIST tags ‘SA-11, RA-5 Rev_4’
244
+ DEFAULT_NIST_TAG # Entries with unmapped NIST tags fall back to defaults
243
245
  end
244
246
 
245
247
  def hdf
246
- # Note: Structure is based on fortify -> HDF converter output
248
+ # NOTE: Structure is based on fortify -> HDF converter output
247
249
  {
248
250
  title: @data['name'],
249
251
  desc: @data['htmlDesc'],
@@ -256,7 +258,7 @@ class Control
256
258
  id: @key,
257
259
  descriptions: NA_ARRAY,
258
260
  refs: NA_ARRAY,
259
- source_location: NA_HASH,
261
+ source_location: NA_HASH
260
262
  }
261
263
  end
262
264
  end
@@ -284,10 +286,10 @@ class Finding
284
286
 
285
287
  snip_html = "StartLine: #{snip_start}, EndLine: #{snip_end}<br>Code:<pre>#{snip}</pre>"
286
288
  {
287
- status: 'failed',
289
+ status: 'failed',
288
290
  code_desc: "Path:#{component}:#{vuln_start}:#{vuln_end} #{snip_html}",
289
291
  run_time: NA_FLOAT,
290
- start_time: Time.now.strftime("%a,%d %b %Y %X")
292
+ start_time: Time.now.strftime('%a,%d %b %Y %X')
291
293
  }
292
294
  end
293
295
  end
@@ -3,11 +3,10 @@ require 'nokogiri'
3
3
  require 'csv'
4
4
  require 'heimdall_tools/hdf'
5
5
 
6
-
7
6
  RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
8
7
 
9
8
  CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
10
- DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
9
+ DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
11
10
 
12
11
  # rubocop:disable Metrics/AbcSize
13
12
 
@@ -58,7 +57,7 @@ module HeimdallTools
58
57
 
59
58
  def format_code_desc(code_desc)
60
59
  desc = ''
61
- code_desc.keys.each do |key|
60
+ code_desc.each_key do |key|
62
61
  desc += "#{key.capitalize}: #{code_desc[key]}\n"
63
62
  end
64
63
  desc
@@ -98,7 +97,7 @@ module HeimdallTools
98
97
  dup_ids.each do |dup_id|
99
98
  index = 1
100
99
  controls.select { |x| x['id'].eql?(dup_id) }.each do |control|
101
- control['id'] = control['id'] + '.' + index.to_s
100
+ control['id'] = "#{control['id']}.#{index}"
102
101
  index += 1
103
102
  end
104
103
  end
@@ -6,11 +6,13 @@ def xml_node_to_hash(node)
6
6
  result_hash = {}
7
7
  if node.attributes != {}
8
8
  attributes = {}
9
- node.attributes.keys.each do |key|
9
+ node.attributes.each_key do |key|
10
10
  attributes[node.attributes[key].name] = node.attributes[key].value
11
11
  end
12
12
  end
13
- if !node.children.empty?
13
+ if node.children.empty?
14
+ attributes
15
+ else
14
16
  node.children.each do |child|
15
17
  result = xml_node_to_hash(child)
16
18
 
@@ -36,9 +38,7 @@ def xml_node_to_hash(node)
36
38
  # if there is a collision then node content supersets attributes
37
39
  result_hash = attributes.merge(result_hash)
38
40
  end
39
- return result_hash
40
- else
41
- return attributes
41
+ result_hash
42
42
  end
43
43
  else
44
44
  node.content.to_s
@@ -47,7 +47,7 @@ end
47
47
 
48
48
  def xml_to_hash(xml)
49
49
  begin
50
- data = Nokogiri::XML(xml) { |config| config.strict }
50
+ data = Nokogiri::XML(xml, &:strict)
51
51
  rescue Nokogiri::XML::SyntaxError => e
52
52
  puts "XML Parsing caught exception: #{e}"
53
53
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.40
4
+ version: 1.3.41
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2021-03-16 00:00:00.000000000 Z
13
+ date: 2021-03-29 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: aws-sdk-configservice
@@ -27,75 +27,75 @@ dependencies:
27
27
  - !ruby/object:Gem::Version
28
28
  version: '1'
29
29
  - !ruby/object:Gem::Dependency
30
- name: nokogiri
30
+ name: csv
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
33
  - - "~>"
34
34
  - !ruby/object:Gem::Version
35
- version: 1.10.9
35
+ version: '3.1'
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
40
  - - "~>"
41
41
  - !ruby/object:Gem::Version
42
- version: 1.10.9
42
+ version: '3.1'
43
43
  - !ruby/object:Gem::Dependency
44
- name: thor
44
+ name: git-lite-version-bump
45
45
  requirement: !ruby/object:Gem::Requirement
46
46
  requirements:
47
- - - "~>"
47
+ - - ">="
48
48
  - !ruby/object:Gem::Version
49
- version: '0.19'
49
+ version: 0.17.2
50
50
  type: :runtime
51
51
  prerelease: false
52
52
  version_requirements: !ruby/object:Gem::Requirement
53
53
  requirements:
54
- - - "~>"
54
+ - - ">="
55
55
  - !ruby/object:Gem::Version
56
- version: '0.19'
56
+ version: 0.17.2
57
57
  - !ruby/object:Gem::Dependency
58
- name: json
58
+ name: httparty
59
59
  requirement: !ruby/object:Gem::Requirement
60
60
  requirements:
61
61
  - - "~>"
62
62
  - !ruby/object:Gem::Version
63
- version: '2.3'
63
+ version: 0.18.0
64
64
  type: :runtime
65
65
  prerelease: false
66
66
  version_requirements: !ruby/object:Gem::Requirement
67
67
  requirements:
68
68
  - - "~>"
69
69
  - !ruby/object:Gem::Version
70
- version: '2.3'
70
+ version: 0.18.0
71
71
  - !ruby/object:Gem::Dependency
72
- name: csv
72
+ name: json
73
73
  requirement: !ruby/object:Gem::Requirement
74
74
  requirements:
75
75
  - - "~>"
76
76
  - !ruby/object:Gem::Version
77
- version: '3.1'
77
+ version: '2.3'
78
78
  type: :runtime
79
79
  prerelease: false
80
80
  version_requirements: !ruby/object:Gem::Requirement
81
81
  requirements:
82
82
  - - "~>"
83
83
  - !ruby/object:Gem::Version
84
- version: '3.1'
84
+ version: '2.3'
85
85
  - !ruby/object:Gem::Dependency
86
- name: httparty
86
+ name: nokogiri
87
87
  requirement: !ruby/object:Gem::Requirement
88
88
  requirements:
89
89
  - - "~>"
90
90
  - !ruby/object:Gem::Version
91
- version: 0.18.0
91
+ version: 1.10.9
92
92
  type: :runtime
93
93
  prerelease: false
94
94
  version_requirements: !ruby/object:Gem::Requirement
95
95
  requirements:
96
96
  - - "~>"
97
97
  - !ruby/object:Gem::Version
98
- version: 0.18.0
98
+ version: 1.10.9
99
99
  - !ruby/object:Gem::Dependency
100
100
  name: openssl
101
101
  requirement: !ruby/object:Gem::Requirement
@@ -111,19 +111,19 @@ dependencies:
111
111
  - !ruby/object:Gem::Version
112
112
  version: '2.1'
113
113
  - !ruby/object:Gem::Dependency
114
- name: git-lite-version-bump
114
+ name: thor
115
115
  requirement: !ruby/object:Gem::Requirement
116
116
  requirements:
117
- - - ">="
117
+ - - "~>"
118
118
  - !ruby/object:Gem::Version
119
- version: 0.17.2
119
+ version: '0.19'
120
120
  type: :runtime
121
121
  prerelease: false
122
122
  version_requirements: !ruby/object:Gem::Requirement
123
123
  requirements:
124
- - - ">="
124
+ - - "~>"
125
125
  - !ruby/object:Gem::Version
126
- version: 0.17.2
126
+ version: '0.19'
127
127
  - !ruby/object:Gem::Dependency
128
128
  name: bundler
129
129
  requirement: !ruby/object:Gem::Requirement
@@ -180,6 +180,20 @@ dependencies:
180
180
  - - ">="
181
181
  - !ruby/object:Gem::Version
182
182
  version: '0'
183
+ - !ruby/object:Gem::Dependency
184
+ name: rubocop
185
+ requirement: !ruby/object:Gem::Requirement
186
+ requirements:
187
+ - - "~>"
188
+ - !ruby/object:Gem::Version
189
+ version: '1.11'
190
+ type: :development
191
+ prerelease: false
192
+ version_requirements: !ruby/object:Gem::Requirement
193
+ requirements:
194
+ - - "~>"
195
+ - !ruby/object:Gem::Version
196
+ version: '1.11'
183
197
  description: Converter utils that can be included as a gem or used from the command
184
198
  line
185
199
  email: