RubyGems - heimdall_tools - Versions diffs - 1.3.41 → 1.3.46 - Mend

heimdall_tools 1.3.41 → 1.3.46

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +4 -4
data/README.md +51 -2
data/lib/data/aws-config-mapping.csv +107 -107
data/lib/data/scoutsuite-nist-mapping.csv +140 -0
data/lib/heimdall_tools.rb +2 -0
data/lib/heimdall_tools/aws_config_mapper.rb +35 -17
data/lib/heimdall_tools/burpsuite_mapper.rb +1 -2
data/lib/heimdall_tools/cli.rb +23 -11
data/lib/heimdall_tools/dbprotect_mapper.rb +5 -9
data/lib/heimdall_tools/fortify_mapper.rb +1 -2
data/lib/heimdall_tools/help/sarif_mapper.md +12 -0
data/lib/heimdall_tools/help/scoutsuite_mapper.md +7 -0
data/lib/heimdall_tools/jfrog_xray_mapper.rb +1 -2
data/lib/heimdall_tools/nessus_mapper.rb +3 -3
data/lib/heimdall_tools/netsparker_mapper.rb +9 -13
data/lib/heimdall_tools/nikto_mapper.rb +1 -2
data/lib/heimdall_tools/sarif_mapper.rb +198 -0
data/lib/heimdall_tools/scoutsuite_mapper.rb +180 -0
data/lib/heimdall_tools/snyk_mapper.rb +1 -2
data/lib/heimdall_tools/zap_mapper.rb +1 -4
metadata +10 -5

data/lib/heimdall_tools/scoutsuite_mapper.rb ADDED Viewed

@@ -0,0 +1,180 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+SCOUTSUITE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'scoutsuite-nist-mapping.csv')
+IMPACT_MAPPING = {
+  danger: 0.7,
+  warning: 0.5
+}.freeze
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
+INSPEC_INPUTS_MAPPING = {
+  string: 'String',
+  numeric: 'Numeric',
+  regexp: 'Regexp',
+  array: 'Array',
+  hash: 'Hash',
+  boolean: 'Boolean',
+  any: 'Any'
+}.freeze
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+module HeimdallTools
+  # currently only tested against an AWS based result, but ScoutSuite supports many other cloud providers such as Azure
+  class ScoutSuiteMapper
+    def initialize(scoutsuite_js)
+      begin
+        @scoutsuite_nist_mapping = parse_mapper
+      rescue StandardError => e
+        raise "Invalid Scout Suite to NIST mapping file:\nException: #{e}"
+      end
+      begin
+        @scoutsuite_json = scoutsuite_js.lines[1] # first line is `scoutsuite_results =\n` and second line is json
+        @report = JSON.parse(@scoutsuite_json)
+      rescue StandardError => e
+        raise "Invalid Scout Suite JavaScript file provided:\nException: #{e}"
+      end
+    end
+    def parse_mapper
+      csv_data = CSV.read(SCOUTSUITE_NIST_MAPPING_FILE, { encoding: 'UTF-8', headers: true, header_converters: :symbol })
+      csv_data.map(&:to_hash)
+    end
+    def create_attribute(name, value, required = nil, sensitive = nil, type = nil)
+      { name: name, options: { value: value, required: required, sensitive: sensitive, type: type }.compact }
+    end
+    def extract_scaninfo(report)
+      info = {}
+      begin
+        info['name'] = 'Scout Suite Multi-Cloud Security Auditing Tool'
+        info['version'] = report['last_run']['version']
+        info['title'] = "Scout Suite Report using #{report['last_run']['ruleset_name']} ruleset on #{report['provider_name']} with account #{report['account_id']}"
+        info['target_id'] = "#{report['last_run']['ruleset_name']} ruleset:#{report['provider_name']}:#{report['account_id']}"
+        info['summary'] = report['last_run']['ruleset_about']
+        info['attributes'] = [
+          create_attribute('account_id', report['account_id'], true, false, INSPEC_INPUTS_MAPPING[:string]),
+          create_attribute('environment', report['environment']),
+          create_attribute('ruleset', report['ruleset_name']),
+          # think at least these run_parameters are aws only
+          create_attribute('run_parameters_excluded_regions', report['last_run']['run_parameters']['excluded_regions'].join(', ')),
+          create_attribute('run_parameters_regions', report['last_run']['run_parameters']['regions'].join(', ')),
+          create_attribute('run_parameters_services', report['last_run']['run_parameters']['services'].join(', ')),
+          create_attribute('run_parameters_skipped_services', report['last_run']['run_parameters']['skipped_services'].join(', ')),
+          create_attribute('time', report['last_run']['time']),
+          create_attribute('partition', report['partition']), # think this is aws only
+          create_attribute('provider_code', report['provider_code']),
+          create_attribute('provider_name', report['provider_name']),
+        ]
+        info
+      rescue StandardError => e
+        raise "Error extracting report info from Scout Suite JS->JSON file:\nException: #{e}"
+      end
+    end
+    def nist_tag(rule)
+      entries = @scoutsuite_nist_mapping.select { |x| rule.eql?(x[:rule].to_s) && !x[:nistid].nil? }
+      tags = entries.map { |x| x[:nistid].split('|') }
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+    end
+    def impact(severity)
+      IMPACT_MAPPING[severity.to_sym]
+    end
+    def desc_tags(data, label)
+      { data: data || NA_STRING, label: label || NA_STRING }
+    end
+    def findings(details)
+      finding = {}
+      if (details['checked_items']).zero?
+        finding['status'] = 'skipped'
+        finding['skip_message'] = 'Skipped because no items were checked'
+      elsif (details['flagged_items']).zero?
+        finding['status'] = 'passed'
+        finding['message'] = "0 flagged items out of #{details['checked_items']} checked items"
+      else # there are checked items and things were flagged
+        finding['status'] = 'failed'
+        finding['message'] = "#{details['flagged_items']} flagged items out of #{details['checked_items']} checked items:\n#{details['items'].join("\n")}"
+      end
+      finding['code_desc'] = details['description']
+      finding['start_time'] = @report['last_run']['time']
+      [finding]
+    end
+    def compliance(arr)
+      str = 'Compliant with '
+      arr.map do |val|
+        info = "#{val['name']}, reference #{val['reference']}, version #{val['version']}"
+        str + info
+      end.join("\n")
+    end
+    def to_hdf
+      controls = []
+      @report['services'].each_key do |service|
+        @report['services'][service]['findings'].each_key do |finding|
+          printf("\rProcessing: %s", $spinner.next)
+          finding_id = finding
+          finding_details = @report['services'][service]['findings'][finding]
+          item = {}
+          item['id']                 = finding_id
+          item['title']              = finding_details['description']
+          item['tags']               = { nist: nist_tag(finding_id) }
+          item['impact']             = impact(finding_details['level'])
+          item['desc']               = finding_details['rationale']
+          item['descriptions']       = []
+          item['descriptions']       << desc_tags(finding_details['remediation'], 'fix') unless finding_details['remediation'].nil?
+          item['descriptions']       << desc_tags(finding_details['service'], 'service')
+          item['descriptions']       << desc_tags(finding_details['path'], 'path')
+          item['descriptions']       << desc_tags(finding_details['id_suffix'], 'id_suffix')
+          item['refs']               = []
+          item['refs']               += finding_details['references'].map { |link| { url: link } } unless finding_details['references'].nil? || finding_details['references'].empty?
+          item['refs']               << { ref: compliance(finding_details['compliance']) } unless finding_details['compliance'].nil?
+          item['source_location']    = NA_HASH
+          item['code']               = NA_STRING
+          item['results']            = findings(finding_details)
+          controls << item
+        end
+      end
+      scaninfo = extract_scaninfo(@report)
+      results = HeimdallDataFormat.new(profile_name: scaninfo['name'],
+                                       version: scaninfo['version'],
+                                       title: scaninfo['title'],
+                                       summary: scaninfo['summary'],
+                                       controls: controls,
+                                       target_id: scaninfo['target_id'],
+                                       attributes: scaninfo['attributes'])
+      results.to_hdf
+    end
+  end
+end

data/lib/heimdall_tools/snyk_mapper.rb CHANGED Viewed

@@ -29,9 +29,8 @@ end
 module HeimdallTools
   class SnykMapper
-    def initialize(synk_json, _name = nil, verbose = false)
+    def initialize(synk_json, _name = nil)
       @synk_json = synk_json
-      @verbose = verbose
       begin
         @cwe_nist_mapping = parse_mapper

data/lib/heimdall_tools/zap_mapper.rb CHANGED Viewed

@@ -8,13 +8,10 @@ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
 DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
-# rubocop:disable Metrics/AbcSize
 module HeimdallTools
   class ZapMapper
-    def initialize(zap_json, name, verbose = false)
+    def initialize(zap_json, name)
       @zap_json = zap_json
-      @verbose = verbose
       begin
         data = JSON.parse(zap_json, symbolize_names: true)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.41
+  version: 1.3.46
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-29 00:00:00.000000000 Z
+date: 2021-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-configservice
@@ -88,14 +88,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.9
+        version: '1.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.9
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
@@ -214,6 +214,7 @@ files:
 - lib/data/nessus-plugins-nist-mapping.csv
 - lib/data/nikto-nist-mapping.csv
 - lib/data/owasp-nist-mapping.csv
+- lib/data/scoutsuite-nist-mapping.csv
 - lib/heimdall_tools.rb
 - lib/heimdall_tools/aws_config_mapper.rb
 - lib/heimdall_tools/burpsuite_mapper.rb
@@ -231,6 +232,8 @@ files:
 - lib/heimdall_tools/help/nessus_mapper.md
 - lib/heimdall_tools/help/netsparker_mapper.md
 - lib/heimdall_tools/help/nikto_mapper.md
+- lib/heimdall_tools/help/sarif_mapper.md
+- lib/heimdall_tools/help/scoutsuite_mapper.md
 - lib/heimdall_tools/help/snyk_mapper.md
 - lib/heimdall_tools/help/sonarqube_mapper.md
 - lib/heimdall_tools/help/zap_mapper.md
@@ -238,6 +241,8 @@ files:
 - lib/heimdall_tools/nessus_mapper.rb
 - lib/heimdall_tools/netsparker_mapper.rb
 - lib/heimdall_tools/nikto_mapper.rb
+- lib/heimdall_tools/sarif_mapper.rb
+- lib/heimdall_tools/scoutsuite_mapper.rb
 - lib/heimdall_tools/snyk_mapper.rb
 - lib/heimdall_tools/sonarqube_mapper.rb
 - lib/heimdall_tools/version.rb
@@ -262,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key:
 specification_version: 4
 summary: Convert Forify, Openzap and Sonarqube results to HDF