heimdall_tools 1.3.45 → 1.3.46

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87936a7488cf8da17690bb3c35d5138a2e9442d8d4c48b307307f4d44423b987
-  data.tar.gz: 28f172cc25391e697910bb1b2b79fea29c82956cbca953f1e7978080b4e1d646
+  metadata.gz: 24ad070383569e79ac08bbc0cae7a049a0f48cbc971d6d897ee2b5aa0989affe
+  data.tar.gz: 993a995384452cf8457b3545e3aaddae4b6f6165453f139b9c33b35e3357ed82
 SHA512:
-  metadata.gz: bf394cd989527e58e45755881a01ad5d91761201f0a054e5a92a69ae3ac9b943569ef400298d31afee4514b72f3f7b77212b8bcc189107e355c45e1c2758e41d
-  data.tar.gz: 54c1a3447b631b28c024f0bc77559834464bccc518463a2fee0313d7b19f6252db9d624058eda3118423178f736e080ccffa5601b2cc7ec2daa98332a90d1e8f
+  metadata.gz: 65e3d1c2566de4d114f75a0de1659cc895b65045718300559179d86f33d2b9dd9110ee8b106944d1ef764ca89efb5a40bd67891534c095e7b1c37dd709f9c4a9
+  data.tar.gz: 2841a54f0abca5d37f4051800f29a90a410bf9599addbfe538d603dae9f725e0c99229c6129fadaee0401cc65a8d5abbbd54ea76d9996d317c4bf1199c4a483a

data/README.md

@@ -9,13 +9,15 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **fortify_mapper** - commercial static code analysis tool
 - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
 - **burpsuite_mapper** - commercial dynamic analysis tool
-- **nessus_mapper** - commercial vulnerability scanner
+- **nessus_mapper** - commercial security scanner (supports compliance and vulnerability scans from Tenable.sc and Tenable.io)
 - **snyk_mapper** - commercial package vulnerability scanner
 - **nikto_mapper** - open-source web server scanner 
 - **jfrog_xray_mapper** - package vulnerability scanner
 - **dbprotect_mapper** - database vulnerability scanner
 - **aws_config_mapper** - assess, audit, and evaluate AWS resources
 - **netsparker_mapper** - web application security scanner
+- **sarif_mapper** - static analysis results interchange format
+- **scoutsuite_mapper** - multi-cloud security auditing tool
 
 ## Want to recommend a mapper for another tool? Please use these steps:
   1. Create an [issue](https://github.com/mitre/heimdall_tools/issues/new), and email saf@groups.mitre.org citing the issue link so we can help
@@ -151,7 +153,8 @@ example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_result
 
 ## nessus_mapper
 
-nessus_mapper translates a Nessus-exported XML results file into HDF format json to be viewable in Heimdall
+nessus_mapper translates a Nessus-exported XML results file into HDF format json to be viewable in Heimdall.
+Supports compliance and vulnerability scans from Tenable.sc and Tenable.io.
 
 Note: A separate HDF JSON file is generated for each host reported in the Nessus Report.
 
@@ -200,6 +203,22 @@ FLAGS:
 example: heimdall_tools nikto_mapper -j nikto_results.json -o nikto_results.json
 ```
 
+## scoutsuite_mapper
+
+scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatted JSON so as to be viewable on Heimdall
+
+Note: Currently this mapper only supports AWS.
+
+```
+USAGE: heimdall_tools scoutsuite_mapper -i <scoutsuite-results-js> -o <hdf-scan-results-json>
+
+FLAGS:
+    -i --input -j --javascript <scoutsuite-results-js> : path to Scout Suite results Javascript file.
+    -o --output <hdf-scan-results-json>                : path to output scan-results json.
+
+example: heimdall_tools scoutsuite_mapper -i scoutsuite_results.js -o scoutsuite_hdf.json
+```
+
 ## jfrog_xray_mapper
 
 jfrog_xray_mapper translates an JFrog Xray results JSON file into HDF format JSON to be viewable in Heimdall
@@ -267,6 +286,21 @@ FLAGS:
 example: heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json
 ```
 
+## sarif_mapper
+
+sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall
+
+```
+USAGE: heimdall_tools sarif_mapper [OPTIONS] -j <sarif-results-json> -o <hdf-scan-results.json>
+
+FLAGS:
+    -j <sarif_results_json>          : path to SARIF results JSON file.
+    -o --output_prefix <prefix>      : path to output scan-results json.
+    -V --verbose                     : verbose run [optional].
+
+example: heimdall_tools sarif_mapper -j sarif_results.json -o sarif_results_hdf.json
+```
+
 ## version  
 
 Prints out the gem version

data/lib/data/scoutsuite-nist-mapping.csv

@@ -0,0 +1,140 @@
+rule,nistid
+acm-certificate-with-close-expiration-date,SC-12
+acm-certificate-with-transparency-logging-disabled,SC-12
+cloudformation-stack-with-role,AC-6
+cloudtrail-duplicated-global-services-logging,AU-6
+cloudtrail-no-cloudwatch-integration,AU-12|SI-4(2)
+cloudtrail-no-data-logging,AU-12
+cloudtrail-no-encryption-with-kms,AU-6
+cloudtrail-no-global-services-logging,AU-12
+cloudtrail-no-log-file-validation,AU-6
+cloudtrail-no-logging,AU-12
+cloudtrail-not-configured,AU-12
+cloudwatch-alarm-without-actions,AU-12
+config-recorder-not-configured,CM-8|CM-8(2)|CM-8(6)
+ec2-ami-public,AC-3
+ec2-default-security-group-in-use,AC-3(3)
+ec2-default-security-group-with-rules,AC-3(3)
+ec2-ebs-snapshot-not-encrypted,SC-28
+ec2-ebs-snapshot-public,AC-3
+ec2-ebs-volume-not-encrypted,SC-28
+ec2-instance-in-security-group,CM-7(1)
+ec2-instance-type,CM-2
+ec2-instance-types,CM-2
+ec2-instance-with-public-ip,AC-3
+ec2-instance-with-user-data-secrets,AC-3
+ec2-security-group-opens-all-ports,CM-7(1)
+ec2-security-group-opens-all-ports-to-all,CM-7(1)
+ec2-security-group-opens-all-ports-to-self,CM-7(1)
+ec2-security-group-opens-icmp-to-all,CM-7(1)
+ec2-security-group-opens-known-port-to-all,CM-7(1)
+ec2-security-group-opens-plaintext-port,CM-7(1)
+ec2-security-group-opens-port-range,CM-7(1)
+ec2-security-group-opens-port-to-all,CM-7(1)
+ec2-security-group-whitelists-aws,CM-7(1)
+ec2-security-group-whitelists-aws-ip-from-banned-region,CM-7(1)
+ec2-security-group-whitelists-non-elastic-ips,CM-7(1)
+ec2-security-group-whitelists-unknown-aws,CM-7(1)
+ec2-security-group-whitelists-unknown-cidrs,CM-7(1)
+ec2-unused-security-group,CM-7(1)
+elb-listener-allowing-cleartext,SC-8
+elb-no-access-logs,AU-12
+elb-older-ssl-policy,SC-8
+elbv2-http-request-smuggling,SC-8
+elbv2-listener-allowing-cleartext,SC-8
+elbv2-no-access-logs,AU-12
+elbv2-no-deletion-protection,SI-7
+elbv2-older-ssl-policy,SC-8
+iam-assume-role-lacks-external-id-and-mfa,AC-17
+iam-assume-role-no-mfa,AC-6
+iam-assume-role-policy-allows-all,AC-6
+iam-ec2-role-without-instances,AC-6
+iam-group-with-inline-policies,AC-6
+iam-group-with-no-users,AC-6
+iam-human-user-with-policies,AC-6
+iam-inline-policy-allows-non-sts-action,AC-6
+iam-inline-policy-allows-NotActions,AC-6
+iam-inline-policy-for-role,AC-6
+iam-managed-policy-allows-full-privileges,AC-6
+iam-managed-policy-allows-non-sts-action,AC-6
+iam-managed-policy-allows-NotActions,AC-6
+iam-managed-policy-for-role,AC-6
+iam-managed-policy-no-attachments,AC-6
+iam-no-support-role,IR-7
+iam-password-policy-expiration-threshold,AC-2
+iam-password-policy-minimum-length,AC-2
+iam-password-policy-no-expiration,AC-2
+iam-password-policy-no-lowercase-required,AC-2
+iam-password-policy-no-number-required,AC-2
+iam-password-policy-no-symbol-required,AC-2
+iam-password-policy-no-uppercase-required,AC-2
+iam-password-policy-reuse-enabled,IA-5(1)
+iam-role-with-inline-policies,AC-6
+iam-root-account-no-hardware-mfa,IA-2(1)
+iam-root-account-no-mfa,IA-2(1)
+iam-root-account-used-recently,AC-6(9)
+iam-root-account-with-active-certs,AC-6(9)
+iam-root-account-with-active-keys,AC-6(9)
+iam-service-user-with-password,AC-2
+iam-unused-credentials-not-disabled,AC-2
+iam-user-no-key-rotation,AC-2
+iam-user-not-in-category-group,AC-2
+iam-user-not-in-common-group,AC-2
+iam-user-unused-access-key-initial-setup,AC-2
+iam-user-with-multiple-access-keys,IA-2
+iam-user-without-mfa,IA-2(1)
+iam-user-with-password-and-key,IA-2
+iam-user-with-policies,AC-2
+kms-cmk-rotation-disabled,SC-12
+logs-no-alarm-aws-configuration-changes,CM-8|CM-8(2)|CM-8(6)
+logs-no-alarm-cloudtrail-configuration-changes,AU-6
+logs-no-alarm-cmk-deletion,AC-2
+logs-no-alarm-console-authentication-failures,AC-2
+logs-no-alarm-iam-policy-changes,AC-2
+logs-no-alarm-nacl-changes,CM-6(2)
+logs-no-alarm-network-gateways-changes,AU-12|CM-6(2)
+logs-no-alarm-root-usage,AU-2
+logs-no-alarm-route-table-changes,AU-12|CM-6(2)
+logs-no-alarm-s3-policy-changes,AC-6|AU-12
+logs-no-alarm-security-group-changes,AC-2(4)
+logs-no-alarm-signin-without-mfa,AC-2
+logs-no-alarm-unauthorized-api-calls,AU-6|SI-4(2)
+logs-no-alarm-vpc-changes,CM-6(1)
+rds-instance-backup-disabled,CP-9
+rds-instance-ca-certificate-deprecated,SC-12
+rds-instance-no-minor-upgrade,SI-2
+rds-instance-short-backup-retention-period,CP-9
+rds-instance-single-az,CP-7
+rds-instance-storage-not-encrypted,SC-28
+rds-postgres-instance-with-invalid-certificate,SC-12
+rds-security-group-allows-all,CM-7(1)
+rds-snapshot-public,SC-28
+redshift-cluster-database-not-encrypted,SC-28
+redshift-cluster-no-version-upgrade,SI-2
+redshift-cluster-publicly-accessible,AC-3
+redshift-parameter-group-logging-disabled,AU-12
+redshift-parameter-group-ssl-not-required,SC-8
+redshift-security-group-whitelists-all,CM-7(1)
+route53-domain-no-autorenew,SC-2
+route53-domain-no-transferlock,SC-2
+route53-domain-transferlock-not-authorized,SC-2
+s3-bucket-allowing-cleartext,SC-28
+s3-bucket-no-default-encryption,SC-28
+s3-bucket-no-logging,AU-2|AU-12
+s3-bucket-no-mfa-delete,SI-7
+s3-bucket-no-versioning,SI-7
+s3-bucket-world-acl,AC-3(3)
+s3-bucket-world-policy-arg,AC-3(3)
+s3-bucket-world-policy-star,AC-3(3)
+ses-identity-dkim-not-enabled,SC-23
+ses-identity-dkim-not-verified,SC-23
+ses-identity-world-policy,AC-6
+sns-topic-world-policy,AC-6
+sqs-queue-world-policy,AC-6
+vpc-custom-network-acls-allow-all,SC-7
+vpc-default-network-acls-allow-all,SC-7
+vpc-network-acl-not-used,SC-7
+vpc-routing-tables-with-peering,AC-3(3)
+vpc-subnet-with-bad-acls,SC-7
+vpc-subnet-with-default-acls,SC-7
+vpc-subnet-without-flow-log,AU-12

data/lib/heimdall_tools.rb

@@ -16,4 +16,6 @@ module HeimdallTools
   autoload :DBProtectMapper, 'heimdall_tools/dbprotect_mapper'
   autoload :AwsConfigMapper, 'heimdall_tools/aws_config_mapper'
   autoload :NetsparkerMapper, 'heimdall_tools/netsparker_mapper'
+  autoload :SarifMapper, 'heimdall_tools/sarif_mapper'
+  autoload :ScoutSuiteMapper, 'heimdall_tools/scoutsuite_mapper'
 end

data/lib/heimdall_tools/aws_config_mapper.rb

@@ -57,10 +57,10 @@ module HeimdallTools
 
       results = HeimdallDataFormat.new(
         profile_name: 'AWS Config',
-         title: 'AWS Config',
-         summary: 'AWS Config',
-         controls: controls,
-         statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION },
+        title: 'AWS Config',
+        summary: 'AWS Config',
+        controls: controls,
+        statistics: { aws_config_sdk_version: Aws::ConfigService::GEM_VERSION },
       )
       results.to_hdf
     end

data/lib/heimdall_tools/cli.rb

@@ -123,6 +123,29 @@ module HeimdallTools
       puts options[:output].to_s
     end
 
+    desc 'sarif_mapper', 'sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall'
+    long_desc Help.text(:sarif_mapper)
+    option :json, required: true, aliases: '-j'
+    option :output, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def sarif_mapper
+      hdf = HeimdallTools::SarifMapper.new(File.read(options[:json])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\r\HDF Generated:\n"
+      puts options[:output].to_s
+    end
+
+    desc 'scoutsuite_mapper', 'scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatted JSON so as to be viewable on Heimdall'
+    long_desc Help.text(:scoutsuite_mapper)
+    option :javascript, required: true, banner: 'SCOUTSUITE-RESULTS-JS', aliases: ['-i', '--input', '-j']
+    option :output, required: true, banner: 'HDF-SCAN-RESULTS-JSON', aliases: '-o'
+    def scoutsuite_mapper
+      hdf = HeimdallTools::ScoutSuiteMapper.new(File.read(options[:javascript])).to_hdf
+      File.write(options[:output], hdf)
+      puts "\rHDF Generated:\n"
+      puts options[:output].to_s
+    end
+
     desc 'version', 'prints version'
     def version
       puts VERSION

data/lib/heimdall_tools/help/sarif_mapper.md

@@ -0,0 +1,12 @@
+  sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall
+
+SARIF level to HDF impact Mapping:
+  SARIF level error -> HDF impact 0.7
+  SARIF level warning -> HDF impact 0.5
+  SARIF level note -> HDF impact 0.3
+  SARIF level none -> HDF impact 0.1
+  SARIF level not provided -> HDF impact 0.1 as default
+
+Examples:
+
+  heimdall_tools sarif_mapper [OPTIONS] -j <sarif-results-json> -o <hdf-scan-results.json>

data/lib/heimdall_tools/help/scoutsuite_mapper.md

@@ -0,0 +1,7 @@
+  scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatted JSON so as to be viewable on Heimdall
+
+  Note: Currently this mapper only supports AWS.
+
+Examples:
+
+  heimdall_tools scoutsuite_mapper -i <scoutsuite-results-js> -o <hdf-scan-results-json>

data/lib/heimdall_tools/sarif_mapper.rb

@@ -0,0 +1,198 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+
+IMPACT_MAPPING = {
+  error: 0.7,
+  warning: 0.5,
+  note: 0.3,
+  none: 0.0
+}.freeze
+
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
+
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+
+module HeimdallTools
+  class SarifMapper
+    def initialize(sarif_json, _name = nil, verbose = false)
+      @sarif_json = sarif_json
+      @verbose = verbose
+      begin
+        @cwe_nist_mapping = parse_mapper
+        @sarif_log = JSON.parse(@sarif_json)
+      rescue StandardError => e
+        raise "Invalid SARIF JSON file provided\n\nException: #{e}"
+      end
+    end
+
+    def extract_scaninfo(sarif_log)
+      info = {}
+      begin
+        info['policy'] = 'SARIF'
+        info['version'] = sarif_log['version']
+        info['projectName'] = 'Static Analysis Results Interchange Format'
+        info['summary'] = NA_STRING
+        info
+      rescue StandardError => e
+        raise "Error extracting project info from SARIF JSON file provided Exception: #{e}"
+      end
+    end
+
+    def finding(result)
+      finding = {}
+      finding['status'] = 'failed'
+      finding['code_desc'] = ''
+      if get_location(result)['uri']
+        finding['code_desc'] += " URL : #{get_location(result)['uri']}"
+      end
+      if get_location(result)['start_line']
+        finding['code_desc'] += " LINE : #{get_location(result)['start_line']}"
+      end
+      if get_location(result)['start_column']
+        finding['code_desc'] += " COLUMN : #{get_location(result)['start_column']}"
+      end
+      finding['code_desc'].strip!
+      finding['run_time'] = NA_FLOAT
+      finding['start_time'] = NA_STRING
+      finding
+    end
+
+    def add_nist_tag_from_cwe(cweid, taxonomy_name, tags_node)
+      entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? }
+      tags = entries.map { |x| x[:nistid] }
+      result_tags = tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+      if result_tags.count.positive?
+        if !tags_node
+          tags_node = {}
+        end
+        if !tags_node.key?(taxonomy_name)
+          tags_node[taxonomy_name] = []
+        end
+        result_tags.each do |t|
+          tags_node[taxonomy_name] |= [t]
+        end
+      end
+      tags_node
+    end
+
+    def get_location(result)
+      location_info = {}
+      location_info['uri'] = result.dig('locations', 0, 'physicalLocation', 'artifactLocation', 'uri')
+      location_info['start_line'] = result.dig('locations', 0, 'physicalLocation', 'region', 'startLine')
+      location_info['start_column'] = result.dig('locations', 0, 'physicalLocation', 'region', 'startColumn')
+      location_info
+    end
+
+    def get_rule_info(run, result, rule_id)
+      finding = {}
+      driver = run.dig('tool', 'driver')
+      finding['driver_name'] = driver['name']
+      finding['driver_version'] = driver['version']
+      rules = driver['rules']
+      if rules
+        rule = rules.find { |x| x['id'].eql?(rule_id) }
+        if rule
+          finding['rule_name'] = rule&.[]('name')
+          finding['rule_short_description'] = rule&.[]('shortDescription')&.[]('text')
+          finding['rule_tags'] = get_tags(rule)
+          finding['rule_name'] = rule&.[]('messageStrings')&.[]('default')&.[]('text') unless finding['rule_name']
+        end
+      end
+      finding['rule_name'] = result&.[]('message')&.[]('text') unless finding['rule_name']
+      finding
+    end
+
+    def get_tags(rule)
+      result = {}
+      Array(rule&.[]('relationships')).each do |relationship|
+        taxonomy_name = relationship['target']['toolComponent']['name'].downcase
+        taxonomy_id = relationship['target']['id']
+        if !result.key?(taxonomy_name)
+          result[taxonomy_name] = []
+        end
+        result[taxonomy_name] |= [taxonomy_id]
+      end
+      result
+    end
+
+    def parse_identifiers(rule_tags, ref)
+      # Extracting id number from reference style CWE-297
+      rule_tags[ref.downcase].map { |e| e.downcase.split("#{ref.downcase}-")[1] }
+    rescue StandardError
+      []
+    end
+
+    def impact(severity)
+      severity_mapping = IMPACT_MAPPING[severity.to_sym]
+      severity_mapping.nil? ? 0.1 : severity_mapping
+    end
+
+    def parse_mapper
+      csv_data = CSV.read(CWE_NIST_MAPPING_FILE, **{ encoding: 'UTF-8',
+                                                   headers: true,
+                                                   header_converters: :symbol,
+                                                   converters: :all })
+      csv_data.map(&:to_hash)
+    end
+
+    def desc_tags(data, label)
+      { data: data || NA_STRING, label: label || NA_STRING }
+    end
+
+    def process_item(run, result, controls)
+      printf("\rProcessing: %s", $spinner.next)
+      control = controls.find { |x| x['id'].eql?(result['ruleId']) }
+
+      if control
+        control['results'] << finding(result)
+      else
+        rule_info = get_rule_info(run, result, result['ruleId'])
+        item = {}
+        item['tags']               = rule_info['rule_tags']
+        item['descriptions']       = []
+        item['refs']               = NA_ARRAY
+        item['source_location']    = { ref: get_location(result)['uri'], line: get_location(result)['start_line'] }
+        item['descriptions']       = NA_ARRAY
+        item['title']              = rule_info['rule_name'].to_s
+        item['id']                 = result['ruleId'].to_s
+        item['desc']               = rule_info['rule_short_description'].to_s
+        item['impact']             = impact(result['level'].to_s)
+        item['code']               = NA_STRING
+        item['results']            = [finding(result)]
+        item['tags']               = add_nist_tag_from_cwe(parse_identifiers(rule_info['rule_tags'], 'CWE'), 'nist', item['tags'])
+        controls << item
+      end
+    end
+
+    def to_hdf
+      controls = []
+      @sarif_log['runs'].each do |run|
+        run['results'].each do |result|
+          process_item(run, result, controls)
+        end
+      end
+
+      scaninfo = extract_scaninfo(@sarif_log)
+      results = HeimdallDataFormat.new(profile_name: scaninfo['policy'],
+                                       version: scaninfo['version'],
+                                       title: scaninfo['projectName'],
+                                       summary: scaninfo['summary'],
+                                       controls: controls,
+                                       target_id: scaninfo['projectName'])
+      results.to_hdf
+    end
+  end
+end

data/lib/heimdall_tools/scoutsuite_mapper.rb

@@ -0,0 +1,180 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+SCOUTSUITE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'scoutsuite-nist-mapping.csv')
+
+IMPACT_MAPPING = {
+  danger: 0.7,
+  warning: 0.5
+}.freeze
+
+DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
+
+INSPEC_INPUTS_MAPPING = {
+  string: 'String',
+  numeric: 'Numeric',
+  regexp: 'Regexp',
+  array: 'Array',
+  hash: 'Hash',
+  boolean: 'Boolean',
+  any: 'Any'
+}.freeze
+
+# Loading spinner sign
+$spinner = Enumerator.new do |e|
+  loop do
+    e.yield '|'
+    e.yield '/'
+    e.yield '-'
+    e.yield '\\'
+  end
+end
+
+module HeimdallTools
+  # currently only tested against an AWS based result, but ScoutSuite supports many other cloud providers such as Azure
+  class ScoutSuiteMapper
+    def initialize(scoutsuite_js)
+      begin
+        @scoutsuite_nist_mapping = parse_mapper
+      rescue StandardError => e
+        raise "Invalid Scout Suite to NIST mapping file:\nException: #{e}"
+      end
+
+      begin
+        @scoutsuite_json = scoutsuite_js.lines[1] # first line is `scoutsuite_results =\n` and second line is json
+        @report = JSON.parse(@scoutsuite_json)
+      rescue StandardError => e
+        raise "Invalid Scout Suite JavaScript file provided:\nException: #{e}"
+      end
+    end
+
+    def parse_mapper
+      csv_data = CSV.read(SCOUTSUITE_NIST_MAPPING_FILE, { encoding: 'UTF-8', headers: true, header_converters: :symbol })
+      csv_data.map(&:to_hash)
+    end
+
+    def create_attribute(name, value, required = nil, sensitive = nil, type = nil)
+      { name: name, options: { value: value, required: required, sensitive: sensitive, type: type }.compact }
+    end
+
+    def extract_scaninfo(report)
+      info = {}
+      begin
+        info['name'] = 'Scout Suite Multi-Cloud Security Auditing Tool'
+        info['version'] = report['last_run']['version']
+        info['title'] = "Scout Suite Report using #{report['last_run']['ruleset_name']} ruleset on #{report['provider_name']} with account #{report['account_id']}"
+        info['target_id'] = "#{report['last_run']['ruleset_name']} ruleset:#{report['provider_name']}:#{report['account_id']}"
+        info['summary'] = report['last_run']['ruleset_about']
+        info['attributes'] = [
+          create_attribute('account_id', report['account_id'], true, false, INSPEC_INPUTS_MAPPING[:string]),
+          create_attribute('environment', report['environment']),
+          create_attribute('ruleset', report['ruleset_name']),
+          # think at least these run_parameters are aws only
+          create_attribute('run_parameters_excluded_regions', report['last_run']['run_parameters']['excluded_regions'].join(', ')),
+          create_attribute('run_parameters_regions', report['last_run']['run_parameters']['regions'].join(', ')),
+          create_attribute('run_parameters_services', report['last_run']['run_parameters']['services'].join(', ')),
+          create_attribute('run_parameters_skipped_services', report['last_run']['run_parameters']['skipped_services'].join(', ')),
+          create_attribute('time', report['last_run']['time']),
+          create_attribute('partition', report['partition']), # think this is aws only
+          create_attribute('provider_code', report['provider_code']),
+          create_attribute('provider_name', report['provider_name']),
+        ]
+
+        info
+      rescue StandardError => e
+        raise "Error extracting report info from Scout Suite JS->JSON file:\nException: #{e}"
+      end
+    end
+
+    def nist_tag(rule)
+      entries = @scoutsuite_nist_mapping.select { |x| rule.eql?(x[:rule].to_s) && !x[:nistid].nil? }
+      tags = entries.map { |x| x[:nistid].split('|') }
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+    end
+
+    def impact(severity)
+      IMPACT_MAPPING[severity.to_sym]
+    end
+
+    def desc_tags(data, label)
+      { data: data || NA_STRING, label: label || NA_STRING }
+    end
+
+    def findings(details)
+      finding = {}
+      if (details['checked_items']).zero?
+        finding['status'] = 'skipped'
+        finding['skip_message'] = 'Skipped because no items were checked'
+      elsif (details['flagged_items']).zero?
+        finding['status'] = 'passed'
+        finding['message'] = "0 flagged items out of #{details['checked_items']} checked items"
+      else # there are checked items and things were flagged
+        finding['status'] = 'failed'
+        finding['message'] = "#{details['flagged_items']} flagged items out of #{details['checked_items']} checked items:\n#{details['items'].join("\n")}"
+      end
+      finding['code_desc'] = details['description']
+      finding['start_time'] = @report['last_run']['time']
+      [finding]
+    end
+
+    def compliance(arr)
+      str = 'Compliant with '
+      arr.map do |val|
+        info = "#{val['name']}, reference #{val['reference']}, version #{val['version']}"
+        str + info
+      end.join("\n")
+    end
+
+    def to_hdf
+      controls = []
+      @report['services'].each_key do |service|
+        @report['services'][service]['findings'].each_key do |finding|
+          printf("\rProcessing: %s", $spinner.next)
+
+          finding_id = finding
+          finding_details = @report['services'][service]['findings'][finding]
+
+          item = {}
+          item['id']                 = finding_id
+          item['title']              = finding_details['description']
+
+          item['tags']               = { nist: nist_tag(finding_id) }
+
+          item['impact']             = impact(finding_details['level'])
+
+          item['desc']               = finding_details['rationale']
+
+          item['descriptions']       = []
+          item['descriptions']       << desc_tags(finding_details['remediation'], 'fix') unless finding_details['remediation'].nil?
+          item['descriptions']       << desc_tags(finding_details['service'], 'service')
+          item['descriptions']       << desc_tags(finding_details['path'], 'path')
+          item['descriptions']       << desc_tags(finding_details['id_suffix'], 'id_suffix')
+
+          item['refs']               = []
+          item['refs']               += finding_details['references'].map { |link| { url: link } } unless finding_details['references'].nil? || finding_details['references'].empty?
+          item['refs']               << { ref: compliance(finding_details['compliance']) } unless finding_details['compliance'].nil?
+
+          item['source_location']    = NA_HASH
+          item['code']               = NA_STRING
+
+          item['results']            = findings(finding_details)
+
+          controls << item
+        end
+      end
+
+      scaninfo = extract_scaninfo(@report)
+      results = HeimdallDataFormat.new(profile_name: scaninfo['name'],
+                                       version: scaninfo['version'],
+                                       title: scaninfo['title'],
+                                       summary: scaninfo['summary'],
+                                       controls: controls,
+                                       target_id: scaninfo['target_id'],
+                                       attributes: scaninfo['attributes'])
+      results.to_hdf
+    end
+  end
+end

data/lib/heimdall_tools/zap_mapper.rb

@@ -8,8 +8,6 @@ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
 DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
-# rubocop:disable Metrics/AbcSize
-
 module HeimdallTools
   class ZapMapper
     def initialize(zap_json, name)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.45
+  version: 1.3.46
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-01 00:00:00.000000000 Z
+date: 2021-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-configservice
@@ -214,6 +214,7 @@ files:
 - lib/data/nessus-plugins-nist-mapping.csv
 - lib/data/nikto-nist-mapping.csv
 - lib/data/owasp-nist-mapping.csv
+- lib/data/scoutsuite-nist-mapping.csv
 - lib/heimdall_tools.rb
 - lib/heimdall_tools/aws_config_mapper.rb
 - lib/heimdall_tools/burpsuite_mapper.rb
@@ -231,6 +232,8 @@ files:
 - lib/heimdall_tools/help/nessus_mapper.md
 - lib/heimdall_tools/help/netsparker_mapper.md
 - lib/heimdall_tools/help/nikto_mapper.md
+- lib/heimdall_tools/help/sarif_mapper.md
+- lib/heimdall_tools/help/scoutsuite_mapper.md
 - lib/heimdall_tools/help/snyk_mapper.md
 - lib/heimdall_tools/help/sonarqube_mapper.md
 - lib/heimdall_tools/help/zap_mapper.md
@@ -238,6 +241,8 @@ files:
 - lib/heimdall_tools/nessus_mapper.rb
 - lib/heimdall_tools/netsparker_mapper.rb
 - lib/heimdall_tools/nikto_mapper.rb
+- lib/heimdall_tools/sarif_mapper.rb
+- lib/heimdall_tools/scoutsuite_mapper.rb
 - lib/heimdall_tools/snyk_mapper.rb
 - lib/heimdall_tools/sonarqube_mapper.rb
 - lib/heimdall_tools/version.rb