heimdall_tools 1.3.41 → 1.3.46

data/lib/heimdall_tools.rb

@@ -16,4 +16,6 @@ module HeimdallTools
   autoload :DBProtectMapper, 'heimdall_tools/dbprotect_mapper'
   autoload :AwsConfigMapper, 'heimdall_tools/aws_config_mapper'
   autoload :NetsparkerMapper, 'heimdall_tools/netsparker_mapper'
+  autoload :SarifMapper, 'heimdall_tools/sarif_mapper'
+  autoload :ScoutSuiteMapper, 'heimdall_tools/scoutsuite_mapper'
 end

data/lib/heimdall_tools/aws_config_mapper.rb

@@ -18,11 +18,14 @@ INSUFFICIENT_DATA_MSG = 'Not enough data has been collectd to determine complian
 #
 module HeimdallTools
   class AwsConfigMapper
-    def initialize(custom_mapping, verbose = false)
-      @verbose = verbose
+    def initialize(custom_mapping, endpoint = nil)
       @default_mapping = get_rule_mapping(AWS_CONFIG_MAPPING_FILE)
       @custom_mapping = custom_mapping.nil? ? {} : get_rule_mapping(custom_mapping)
-      @client = Aws::ConfigService::Client.new
+      if endpoint.nil?
+        @client = Aws::ConfigService::Client.new
+      else
+        @client = Aws::ConfigService::Client.new(endpoint: endpoint)
+      end
       @issues = get_all_config_rules
     end
 
@@ -34,8 +37,8 @@ module HeimdallTools
     def to_hdf
       controls = @issues.map do |issue|
         @item = {}
-        @item['id']              = issue[:config_rule_name]
-        @item['title']           = issue[:config_rule_name]
+        @item['id']              = issue[:config_rule_id]
+        @item['title']           = "#{get_account_id(issue[:config_rule_arn])} - #{issue[:config_rule_name]}"
         @item['desc']            = issue[:description]
         @item['impact']          = 0.5
         @item['tags']            = hdf_tags(issue)
@@ -51,18 +54,33 @@ module HeimdallTools
           @item
         end
       end
+
       results = HeimdallDataFormat.new(
         profile_name: 'AWS Config',
-         title: 'AWS Config',
-         summary: 'AWS Config',
-         controls: controls,
-         statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION },
+        title: 'AWS Config',
+        summary: 'AWS Config',
+        controls: controls,
+        statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION },
       )
       results.to_hdf
     end
 
     private
 
+    ##
+    # Gets the account ID from a config rule ARN
+    #
+    # https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    # https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
+    #
+    # Params:
+    # - arn: The ARN of the config rule
+    #
+    # Returns: The account ID portion of the ARN
+    def get_account_id(arn)
+      /:(\d{12}):config-rule/.match(arn)&.captures&.first || 'no-account-id'
+    end
+
     ##
     # Read in a config rule -> 800-53 control mapping CSV.
     #
@@ -71,7 +89,7 @@ module HeimdallTools
     #
     # Returns: A mapped version of the csv in the format { rule_name: row, ... }
     def get_rule_mapping(path)
-      CSV.read(path, headers: true).map { |row| [row[0], row] }.to_h
+      CSV.read(path, headers: true).map { |row| [row['AwsConfigRuleSourceIdentifier'], row] }.to_h
     end
 
     ##
@@ -238,18 +256,17 @@ module HeimdallTools
     def hdf_tags(config_rule)
       result = {}
 
-      @default_mapping
-      @custom_mapping
+      source_identifier = config_rule.dig(:source, :source_identifier)
 
       # NIST tag
       result['nist'] = []
-      default_mapping_match = @default_mapping[config_rule[:config_rule_name]]
+      default_mapping_match = @default_mapping[source_identifier]
 
-      result['nist'] += default_mapping_match[1].split('|') unless default_mapping_match.nil?
+      result['nist'] += default_mapping_match['NIST-ID'].split('|') unless default_mapping_match.nil?
 
-      custom_mapping_match = @custom_mapping[config_rule[:config_rule_name]]
+      custom_mapping_match = @custom_mapping[source_identifier]
 
-      result['nist'] += custom_mapping_match[1].split('|').map { |name| "#{name} (user provided)" } unless custom_mapping_match.nil?
+      result['nist'] += custom_mapping_match['NIST-ID'].split('|').map { |name| "#{name} (user provided)" } unless custom_mapping_match.nil?
 
       result['nist'] = ['unmapped'] if result['nist'].empty?
 
@@ -260,7 +277,8 @@ module HeimdallTools
       # If no input parameters, then provide an empty JSON array to the JSON
       # parser because passing nil to JSON.parse throws an exception.
       params = (JSON.parse(config_rule[:input_parameters] || '[]').map { |key, value| "#{key}: #{value}" }).join('<br/>')
-      check_text = config_rule[:config_rule_arn] || ''
+      check_text = "ARN: #{config_rule[:config_rule_arn] || 'N/A'}"
+      check_text += "<br/>Source Identifier: #{config_rule.dig(:source, :source_identifier) || 'N/A'}"
       check_text += "<br/>#{params}" unless params.empty?
       check_text
     end

data/lib/heimdall_tools/burpsuite_mapper.rb

@@ -20,9 +20,8 @@ DEFAULT_NIST_TAG = %w{SA-11 RA-5 Rev_4}.freeze
 
 module HeimdallTools
   class BurpSuiteMapper
-    def initialize(burps_xml, _name = nil, verbose = false)
+    def initialize(burps_xml, _name = nil)
       @burps_xml = burps_xml
-      @verbose = verbose
 
       begin
         @cwe_nist_mapping = parse_mapper

data/lib/heimdall_tools/cli.rb

@@ -6,7 +6,6 @@ module HeimdallTools
     long_desc Help.text(:fortify_mapper)
     option :fvdl, required: true, aliases: '-f'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def fortify_mapper
       hdf = HeimdallTools::FortifyMapper.new(File.read(options[:fvdl])).to_hdf
       File.write(options[:output], hdf)
@@ -17,7 +16,6 @@ module HeimdallTools
     option :json, required: true, aliases: '-j'
     option :name, required: true, aliases: '-n'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def zap_mapper
       hdf = HeimdallTools::ZapMapper.new(File.read(options[:json]), options[:name]).to_hdf
       File.write(options[:output], hdf)
@@ -29,7 +27,6 @@ module HeimdallTools
     option :api_url, required: true, aliases: '-u'
     option :auth, type: :string, required: false
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def sonarqube_mapper
       hdf = HeimdallTools::SonarQubeMapper.new(options[:name], options[:api_url], options[:auth]).to_hdf
       File.write(options[:output], hdf)
@@ -39,7 +36,6 @@ module HeimdallTools
     long_desc Help.text(:burpsuite_mapper)
     option :xml, required: true, aliases: '-x'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def burpsuite_mapper
       hdf = HeimdallTools::BurpSuiteMapper.new(File.read(options[:xml])).to_hdf
       File.write(options[:output], hdf)
@@ -49,7 +45,6 @@ module HeimdallTools
     long_desc Help.text(:nessus_mapper)
     option :xml, required: true, aliases: '-x'
     option :output_prefix, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def nessus_mapper
       hdfs = HeimdallTools::NessusMapper.new(File.read(options[:xml])).to_hdf
 
@@ -64,7 +59,6 @@ module HeimdallTools
     long_desc Help.text(:snyk_mapper)
     option :json, required: true, aliases: '-j'
     option :output_prefix, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def snyk_mapper
       hdfs = HeimdallTools::SnykMapper.new(File.read(options[:json]), options[:name]).to_hdf
       puts "\r\HDF Generated:\n"
@@ -78,7 +72,6 @@ module HeimdallTools
     long_desc Help.text(:nikto_mapper)
     option :json, required: true, aliases: '-j'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def nikto_mapper
       hdf = HeimdallTools::NiktoMapper.new(File.read(options[:json])).to_hdf
       File.write(options[:output], hdf)
@@ -90,7 +83,6 @@ module HeimdallTools
     long_desc Help.text(:jfrog_xray_mapper)
     option :json, required: true, aliases: '-j'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def jfrog_xray_mapper
       hdf = HeimdallTools::JfrogXrayMapper.new(File.read(options[:json])).to_hdf
       File.write(options[:output], hdf)
@@ -102,7 +94,6 @@ module HeimdallTools
     long_desc Help.text(:dbprotect_mapper)
     option :xml, required: true, aliases: '-x'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def dbprotect_mapper
       hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
       File.write(options[:output], hdf)
@@ -114,7 +105,6 @@ module HeimdallTools
     long_desc Help.text(:aws_config_mapper)
     # option :custom_mapping, required: false, aliases: '-m'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def aws_config_mapper
       hdf = HeimdallTools::AwsConfigMapper.new(options[:custom_mapping]).to_hdf
       File.write(options[:output], hdf)
@@ -126,7 +116,6 @@ module HeimdallTools
     long_desc Help.text(:netsparker_mapper)
     option :xml, required: true, aliases: '-x'
     option :output, required: true, aliases: '-o'
-    option :verbose, type: :boolean, aliases: '-V'
     def netsparker_mapper
       hdf = HeimdallTools::NetsparkerMapper.new(File.read(options[:xml])).to_hdf
       File.write(options[:output], hdf)
@@ -134,6 +123,29 @@ module HeimdallTools
       puts options[:output].to_s
     end
 
+    desc 'sarif_mapper', 'sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall'
+    long_desc Help.text(:sarif_mapper)
+    option :json, required: true, aliases: '-j'
+    option :output, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def sarif_mapper
+      hdf = HeimdallTools::SarifMapper.new(File.read(options[:json])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\r\HDF Generated:\n"
+      puts options[:output].to_s
+    end
+
+    desc 'scoutsuite_mapper', 'scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatted JSON so as to be viewable on Heimdall'
+    long_desc Help.text(:scoutsuite_mapper)
+    option :javascript, required: true, banner: 'SCOUTSUITE-RESULTS-JS', aliases: ['-i', '--input', '-j']
+    option :output, required: true, banner: 'HDF-SCAN-RESULTS-JSON', aliases: '-o'
+    def scoutsuite_mapper
+      hdf = HeimdallTools::ScoutSuiteMapper.new(File.read(options[:javascript])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\rHDF Generated:\n"
+      puts options[:output].to_s
+    end
+
     desc 'version', 'prints version'
     def version
       puts VERSION

data/lib/heimdall_tools/dbprotect_mapper.rb

@@ -12,15 +12,11 @@ IMPACT_MAPPING = {
 
 module HeimdallTools
   class DBProtectMapper
-    def initialize(xml, _name = nil, verbose = false)
-      @verbose = verbose
-
-      begin
-        dataset = xml_to_hash(xml)
-        @entries = compile_findings(dataset['dataset'])
-      rescue StandardError => e
-        raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
-      end
+    def initialize(xml, _name = nil)
+      dataset = xml_to_hash(xml)
+      @entries = compile_findings(dataset['dataset'])
+    rescue StandardError => e
+      raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
     end
 
     def to_hdf

data/lib/heimdall_tools/fortify_mapper.rb

@@ -7,9 +7,8 @@ DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 module HeimdallTools
   class FortifyMapper
-    def initialize(fvdl, verbose = false)
+    def initialize(fvdl)
       @fvdl = fvdl
-      @verbose = verbose
 
       begin
         data = xml_to_hash(fvdl)

data/lib/heimdall_tools/help/sarif_mapper.md

@@ -0,0 +1,12 @@
+  sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall
+
+SARIF level to HDF impact Mapping:
+  SARIF level error -> HDF impact 0.7
+  SARIF level warning -> HDF impact 0.5
+  SARIF level note -> HDF impact 0.3
+  SARIF level none -> HDF impact 0.1
+  SARIF level not provided -> HDF impact 0.1 as default
+
+Examples:
+
+  heimdall_tools sarif_mapper [OPTIONS] -j <sarif-results-json> -o <hdf-scan-results.json>

data/lib/heimdall_tools/help/scoutsuite_mapper.md

@@ -0,0 +1,7 @@
+  scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatted JSON so as to be viewable on Heimdall
+
+  Note: Currently this mapper only supports AWS.
+
+Examples:
+
+  heimdall_tools scoutsuite_mapper -i <scoutsuite-results-js> -o <hdf-scan-results-json>

data/lib/heimdall_tools/jfrog_xray_mapper.rb

@@ -27,9 +27,8 @@ end
 
 module HeimdallTools
   class JfrogXrayMapper
-    def initialize(xray_json, _name = nil, verbose = false)
+    def initialize(xray_json, _name = nil)
       @xray_json = xray_json
-      @verbose = verbose
 
       begin
         @cwe_nist_mapping = parse_mapper

data/lib/heimdall_tools/nessus_mapper.rb

@@ -39,9 +39,8 @@ end
 
 module HeimdallTools
   class NessusMapper
-    def initialize(nessus_xml, verbose = false)
+    def initialize(nessus_xml)
       @nessus_xml = nessus_xml
-      @verbose = verbose
       read_cci_xml
       begin
         @cwe_nist_mapping = parse_mapper
@@ -72,7 +71,8 @@ module HeimdallTools
       info = {}
 
       info['policyName'] = policy['policyName']
-      info['version'] = policy['Preferences']['ServerPreferences']['preference'].select { |x| x['name'].eql? 'sc_version' }.first['value']
+      scanner_version = policy['Preferences']['ServerPreferences']['preference'].select { |x| x['name'].eql? 'sc_version' }
+      info['version'] = scanner_version.empty? ? NA_STRING : scanner_version.first['value']
       info
     rescue StandardError => e
       raise "Invalid Nessus XML file provided Exception: #{e}"

data/lib/heimdall_tools/netsparker_mapper.rb

@@ -21,19 +21,15 @@ DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
 module HeimdallTools
   class NetsparkerMapper
-    def initialize(xml, _name = nil, verbose = false)
-      @verbose = verbose
-
-      begin
-        @cwe_nist_mapping = parse_mapper(CWE_NIST_MAPPING_FILE)
-        @owasp_nist_mapping = parse_mapper(OWASP_NIST_MAPPING_FILE)
-        data = xml_to_hash(xml)
-
-        @vulnerabilities = data['netsparker-enterprise']['vulnerabilities']['vulnerability']
-        @scan_info = data['netsparker-enterprise']['target']
-      rescue StandardError => e
-        raise "Invalid Netsparker XML file provided Exception: #{e}"
-      end
+    def initialize(xml, _name = nil)
+      @cwe_nist_mapping = parse_mapper(CWE_NIST_MAPPING_FILE)
+      @owasp_nist_mapping = parse_mapper(OWASP_NIST_MAPPING_FILE)
+      data = xml_to_hash(xml)
+
+      @vulnerabilities = data['netsparker-enterprise']['vulnerabilities']['vulnerability']
+      @scan_info = data['netsparker-enterprise']['target']
+    rescue StandardError => e
+      raise "Invalid Netsparker XML file provided Exception: #{e}"
     end
 
     def to_hdf

data/lib/heimdall_tools/nikto_mapper.rb

@@ -26,9 +26,8 @@ end
 
 module HeimdallTools
   class NiktoMapper
-    def initialize(nikto_json, _name = nil, verbose = false)
+    def initialize(nikto_json, _name = nil)
       @nikto_json = nikto_json
-      @verbose = verbose
 
       begin
         @nikto_nist_mapping = parse_mapper

data/lib/heimdall_tools/sarif_mapper.rb

@@ -0,0 +1,198 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+
+IMPACT_MAPPING = {
+  error: 0.7,
+  warning: 0.5,
+  note: 0.3,
+  none: 0.0
+}.freeze
+
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
+
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+
+module HeimdallTools
+  class SarifMapper
+    def initialize(sarif_json, _name = nil, verbose = false)
+      @sarif_json = sarif_json
+      @verbose = verbose
+      begin
+        @cwe_nist_mapping = parse_mapper
+        @sarif_log = JSON.parse(@sarif_json)
+      rescue StandardError => e
+        raise "Invalid SARIF JSON file provided\n\nException: #{e}"
+      end
+    end
+
+    def extract_scaninfo(sarif_log)
+      info = {}
+      begin
+        info['policy'] = 'SARIF'
+        info['version'] = sarif_log['version']
+        info['projectName'] = 'Static Analysis Results Interchange Format'
+        info['summary'] = NA_STRING
+        info
+      rescue StandardError => e
+        raise "Error extracting project info from SARIF JSON file provided Exception: #{e}"
+      end
+    end
+
+    def finding(result)
+      finding = {}
+      finding['status'] = 'failed'
+      finding['code_desc'] = ''
+      if get_location(result)['uri']
+        finding['code_desc'] += " URL : #{get_location(result)['uri']}"
+      end
+      if get_location(result)['start_line']
+        finding['code_desc'] += " LINE : #{get_location(result)['start_line']}"
+      end
+      if get_location(result)['start_column']
+        finding['code_desc'] += " COLUMN : #{get_location(result)['start_column']}"
+      end
+      finding['code_desc'].strip!
+      finding['run_time'] = NA_FLOAT
+      finding['start_time'] = NA_STRING
+      finding
+    end
+
+    def add_nist_tag_from_cwe(cweid, taxonomy_name, tags_node)
+      entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? }
+      tags = entries.map { |x| x[:nistid] }
+      result_tags = tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+      if result_tags.count.positive?
+        if !tags_node
+          tags_node = {}
+        end
+        if !tags_node.key?(taxonomy_name)
+          tags_node[taxonomy_name] = []
+        end
+        result_tags.each do |t|
+          tags_node[taxonomy_name] |= [t]
+        end
+      end
+      tags_node
+    end
+
+    def get_location(result)
+      location_info = {}
+      location_info['uri'] = result.dig('locations', 0, 'physicalLocation', 'artifactLocation', 'uri')
+      location_info['start_line'] = result.dig('locations', 0, 'physicalLocation', 'region', 'startLine')
+      location_info['start_column'] = result.dig('locations', 0, 'physicalLocation', 'region', 'startColumn')
+      location_info
+    end
+
+    def get_rule_info(run, result, rule_id)
+      finding = {}
+      driver = run.dig('tool', 'driver')
+      finding['driver_name'] = driver['name']
+      finding['driver_version'] = driver['version']
+      rules = driver['rules']
+      if rules
+        rule = rules.find { |x| x['id'].eql?(rule_id) }
+        if rule
+          finding['rule_name'] = rule&.[]('name')
+          finding['rule_short_description'] = rule&.[]('shortDescription')&.[]('text')
+          finding['rule_tags'] = get_tags(rule)
+          finding['rule_name'] = rule&.[]('messageStrings')&.[]('default')&.[]('text') unless finding['rule_name']
+        end
+      end
+      finding['rule_name'] = result&.[]('message')&.[]('text') unless finding['rule_name']
+      finding
+    end
+
+    def get_tags(rule)
+      result = {}
+      Array(rule&.[]('relationships')).each do |relationship|
+        taxonomy_name = relationship['target']['toolComponent']['name'].downcase
+        taxonomy_id = relationship['target']['id']
+        if !result.key?(taxonomy_name)
+          result[taxonomy_name] = []
+        end
+        result[taxonomy_name] |= [taxonomy_id]
+      end
+      result
+    end
+
+    def parse_identifiers(rule_tags, ref)
+      # Extracting id number from reference style CWE-297
+      rule_tags[ref.downcase].map { |e| e.downcase.split("#{ref.downcase}-")[1] }
+    rescue StandardError
+      []
+    end
+
+    def impact(severity)
+      severity_mapping = IMPACT_MAPPING[severity.to_sym]
+      severity_mapping.nil? ? 0.1 : severity_mapping
+    end
+
+    def parse_mapper
+      csv_data = CSV.read(CWE_NIST_MAPPING_FILE, **{ encoding: 'UTF-8',
+                                                   headers: true,
+                                                   header_converters: :symbol,
+                                                   converters: :all })
+      csv_data.map(&:to_hash)
+    end
+
+    def desc_tags(data, label)
+      { data: data || NA_STRING, label: label || NA_STRING }
+    end
+
+    def process_item(run, result, controls)
+      printf("\rProcessing: %s", $spinner.next)
+      control = controls.find { |x| x['id'].eql?(result['ruleId']) }
+
+      if control
+        control['results'] << finding(result)
+      else
+        rule_info = get_rule_info(run, result, result['ruleId'])
+        item = {}
+        item['tags']               = rule_info['rule_tags']
+        item['descriptions']       = []
+        item['refs']               = NA_ARRAY
+        item['source_location']    = { ref: get_location(result)['uri'], line: get_location(result)['start_line'] }
+        item['descriptions']       = NA_ARRAY
+        item['title']              = rule_info['rule_name'].to_s
+        item['id']                 = result['ruleId'].to_s
+        item['desc']               = rule_info['rule_short_description'].to_s
+        item['impact']             = impact(result['level'].to_s)
+        item['code']               = NA_STRING
+        item['results']            = [finding(result)]
+        item['tags']               = add_nist_tag_from_cwe(parse_identifiers(rule_info['rule_tags'], 'CWE'), 'nist', item['tags'])
+        controls << item
+      end
+    end
+
+    def to_hdf
+      controls = []
+      @sarif_log['runs'].each do |run|
+        run['results'].each do |result|
+          process_item(run, result, controls)
+        end
+      end
+
+      scaninfo = extract_scaninfo(@sarif_log)
+      results = HeimdallDataFormat.new(profile_name: scaninfo['policy'],
+                                       version: scaninfo['version'],
+                                       title: scaninfo['projectName'],
+                                       summary: scaninfo['summary'],
+                                       controls: controls,
+                                       target_id: scaninfo['projectName'])
+      results.to_hdf
+    end
+  end
+end