heimdall_tools 1.3.47 → 1.3.48

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0c1758366de13bb1966a1ffeccbab60c7b1c2d91c221d5ee604dd2d4f1c96dcb
4
- data.tar.gz: 2ba1491cb04b569b216c966724b9b8e4f06430a3dc7913ce8bf5e0611ed6896a
3
+ metadata.gz: aa900ce8ff5cabccb6e138bb636a0c56972f1894431c9ce67f95bcb0811b1c91
4
+ data.tar.gz: 830006eea9df8dfe413e8d0e472d9b38794f41f92a3ec5c468b882b01d54b39b
5
5
  SHA512:
6
- metadata.gz: 38d66cf5d8653a1a859b7254b9b2ba05518ce5c750b73fb6e638b24fca08ea574aaf1e89bbf560f98fa5cdd7d56d49ca5dedf23b20845d56dd9ecb8c41210ce1
7
- data.tar.gz: b9db7f5c78640e37795493f36e2b119e4c15d5184d3b830e57bf92ad41709a0fa8345946e249afef7f1adb0ba02a89183c756ce8e81eeafb5cd766232518b197
6
+ metadata.gz: b304f53e1ffd55c28734ca094c2d4ccedb23123ca144bad0d06c80f5a29e5b6f143b48cce2dedec0467ae344c8bbc55bd93cf6ca53dae6d0d7486019e73dcbe1
7
+ data.tar.gz: 7096c8751c387912720ba51fe18f69c1a8568d98a4e9a1d7962a5693d7469049eb71d24878dc7a75d8af96de70211324a173b9f3eb87c6104b0e5f6df647cdcd
data/README.md CHANGED
@@ -5,32 +5,32 @@
5
5
 
6
6
  HeimdallTools supplies several methods to convert output from various tools to "Heimdall Data Format"(HDF) format to be viewable in Heimdall. The current converters are:
7
7
 
8
- - **sonarqube_mapper** - open-source static code analysis tool
9
- - **fortify_mapper** - commercial static code analysis tool
10
- - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
11
- - **burpsuite_mapper** - commercial dynamic analysis tool
12
- - **nessus_mapper** - commercial security scanner (supports compliance and vulnerability scans from Tenable.sc and Tenable.io)
13
- - **snyk_mapper** - commercial package vulnerability scanner
14
- - **nikto_mapper** - open-source web server scanner
15
- - **jfrog_xray_mapper** - package vulnerability scanner
16
- - **dbprotect_mapper** - database vulnerability scanner
17
- - **aws_config_mapper** - assess, audit, and evaluate AWS resources
18
- - **netsparker_mapper** - web application security scanner
19
- - **sarif_mapper** - static analysis results interchange format
20
- - **scoutsuite_mapper** - multi-cloud security auditing tool
8
+ 1. [**aws_config_mapper**](#aws_config_mapper) - assess, audit, and evaluate AWS resources
9
+ 1. [**burpsuite_mapper**](#burpsuite_mapper) - commercial dynamic analysis tool
10
+ 1. [**dbprotect_mapper**](#dbprotect_mapper) - database vulnerability scanner
11
+ 1. [**fortify_mapper**](#fortify_mapper) - commercial static code analysis tool
12
+ 1. [**jfrog_xray_mapper**](#jfrog_xray_mapper) - package vulnerability scanner
13
+ 1. [**nessus_mapper**](#nessus_mapper) - commercial security scanner (supports compliance and vulnerability scans from Tenable.sc and Tenable.io)
14
+ 1. [**netsparker_mapper**](#netsparker_mapper) - web application security scanner
15
+ 1. [**nikto_mapper**](#nikto_mapper) - open-source web server scanner
16
+ 1. [**sarif_mapper**](#sarif_mapper) - static analysis results interchange format
17
+ 1. [**scoutsuite_mapper**](#scoutsuite_mapper) - multi-cloud security auditing tool
18
+ 1. [**snyk_mapper**](#snyk_mapper) - commercial package vulnerability scanner
19
+ 1. [**sonarqube_mapper**](#sonarqube_mapper) - open-source static code analysis tool
20
+ 1. [**xccdf_results_mapper**](#xccdf_results_mapper) - extensible configuration checklist description results format
21
+ 1. [*scc_mapper](#xccdf_results_mapper) - scap compliance checker format
22
+ 1. [**zap_mapper**](#zap_mapper) - OWASP ZAP - open-source dynamic code analysis tool
21
23
 
22
24
  ## Want to recommend a mapper for another tool? Please use these steps:
23
- 1. Create an [issue](https://github.com/mitre/heimdall_tools/issues/new), and email saf@groups.mitre.org citing the issue link so we can help
24
- 2. Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
25
- 3. Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements. (see https://saf.mitre.org/#/normalize)
26
- 4. Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10:
27
- https://github.com/mitre/heimdall_tools/tree/master/lib/data
28
- https://github.com/mitre/heimdall_tools/blob/master/lib/data/cwe-nist-mapping.csv
29
- https://github.com/mitre/heimdall_tools/blob/master/lib/data/owasp-nist-mapping.csv
30
- 5. If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
31
- 6. We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
32
- 7. Finally, We'll provide final peer review and support merging your pull request.
33
- We appreciate your contributions, but we're here to help!
25
+
26
+ 1. Create an [issue](https://github.com/mitre/heimdall_tools/issues/new), and email saf@groups.mitre.org citing the issue link so we can help
27
+ 2. Provide a sample output, preferably the most detailed the tool can provide, and also preferably in a machine-readable format, such as xml, json, or csv - whichever is natively available. If it is sensitive we'll work that in #3. (If it's an API only, we'll also just talk about it in #3)
28
+ 3. Let's arrange a time to take a close look at the data it provides to get an idea of all it has to offer. We'll suggest an initial mapping of the HDF core elements.
29
+ 4. Note: if the tool doesn't provide a NIST SP 800-53 reference, we've worked on mappings to other references such as CWE or OWASP Top 10.
30
+ 5. If the tool doesn't provide something for #4, or another core element such as impact, we'll help you identify a custom mapping approach.
31
+ 6. We'll help you decide how to preserve any other information (non-core elements) the tool provides to ensure that all of the original tool's intent comes through for the user when the data is viewed in Heimdall.
32
+ 7. Finally, We'll provide final peer review and support merging your pull request.
33
+ We appreciate your contributions, but we're here to help!
34
34
 
35
35
  ## How to Install Heimdall Tools:
36
36
 
@@ -66,7 +66,7 @@ Verify the installed version number:
66
66
 
67
67
  ### Installation on Ubuntu-based systems
68
68
 
69
- <https://github.com/rvm/ubuntu_rvm>
69
+
70
70
 
71
71
  # Installation of Heimdall Tools:
72
72
 
@@ -79,77 +79,82 @@ For detailed help on any command, run `heimdall_tools help [COMMAND]`. Help can
79
79
 
80
80
  For Docker usage, replace the `heimdall_tools` command with the correct Docker command below for your operating system:
81
81
 
82
- - **On Linux and Mac:** `docker run -it -v$(pwd):/share mitre/heimdall_tools`
83
- - **On Windows CMD:** `docker run -it -v%cd%:/share mitre/heimdall_tools`
82
+ - **On Linux and Mac:** `docker run -it -v$(pwd):/share mitre/heimdall_tools`
83
+ - **On Windows CMD:** `docker run -it -v%cd%:/share mitre/heimdall_tools`
84
84
 
85
85
  Note that all of the above Docker commands will mount your current directory on the Docker container. Ensure that you have navigated to the directory you intend to convert files in before executing the command.
86
86
 
87
- ## sonarqube_mapper
87
+ ## aws_config_mapper
88
88
 
89
- sonarqube_mapper pulls SonarQube results, for the specified project, from the API and outputs in HDF format Json to be viewed on Heimdall
89
+ aws_config_mapper pulls Ruby AWS SDK data to translate AWS Config Rule results into HDF format json to be viewable in Heimdall
90
90
 
91
- ```
92
- USAGE: heimdall_tools sonarqube_mapper [OPTIONS] -n <project-name> -u <api-url> -o <scan-results.json>
91
+ ### AWS Config Rule Mapping:
93
92
 
94
- FLAGS:
95
- -n --name <project-key> : Project Key of the project in SonarQube
96
- -u --api_url <api-url> : url of the SonarQube Server API. Typically ends with /api.
97
- --auth <credentials> : username:password or token [optional].
98
- -o --output <scan-results> : path to output scan-results json.
99
- -V --verbose : verbose run [optional].
93
+ The mapping of AWS Config Rules to 800-53 Controls was sourced from [this link](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_4.html).
100
94
 
101
- example:
95
+ ### Authentication with AWS:
102
96
 
103
- heimdall_tools sonarqube_mapper -n sonar_project_key -u http://sonar:9000/api -o scan_results.json
97
+ [Developer Guide for configuring Ruby AWS SDK for authentication](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html)
104
98
 
105
- heimdall_tools sonarqube_mapper -n sonar_project_key -u http://sonar:9000/api --auth admin:admin -o scan_results.json
106
- ```
99
+ USAGE: heimdall_tools aws_config_mapper [OPTIONS] -o
107
100
 
108
- ## fortify_mapper
101
+ FLAGS:
102
+ -o --output : path to output scan-results json.
103
+ -V --verbose : verbose run [optional].
109
104
 
110
- fortify_mapper translates an Fortify results FVDL file into HDF format json to be viewable in Heimdall
105
+ example: heimdall_tools aws_config_mapper -o aws_config_results_hdf.json
111
106
 
112
- ```
113
- USAGE: heimdall_tools fortify_mapper [OPTIONS] -f <fortify-fvdl> -o <scan-results.json>
107
+ ## burpsuite_mapper
114
108
 
115
- FLAGS:
116
- -f --fvdl <fortify-fvdl> : path to Fortify Scan FVDL file.
117
- -o --output <scan-results> : path to output scan-results json.
118
- -V --verbose : verbose run [optional].
109
+ burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
119
110
 
120
- example: heimdall_tools fortify_mapper -f audit.fvdl -o scan_results.json
121
- ```
111
+ USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x -o
122
112
 
123
- ## zap_mapper
113
+ FLAGS:
114
+ -x : path to BurpSuitePro exported XML results file.
115
+ -o --output : path to output scan-results json.
116
+ -V --verbose : verbose run [optional].
124
117
 
125
- zap_mapper translates OWASP ZAP results Json to HDF format Json be viewed on Heimdall
118
+ example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
126
119
 
127
- ```
128
- USAGE: heimdall_tools zap_mapper [OPTIONS] -j <zap-json> -n <site-name> -o <scan-results.json>
120
+ ## dbprotect_mapper
129
121
 
130
- FLAGS:
131
- -j --json <zap-json> : path to OWASP ZAP results JSON file.
132
- -n --name <site-name> : URL of the site being evaluated.
133
- -o --output <scan-results> : path to output scan-results json.
134
- -V --verbose : verbose run [optional].
122
+ dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.
135
123
 
136
- example: heimdall_tools zap_mapper -j zap_results.json -n site_name -o scan_results.json
137
- ```
124
+ USAGE: heimdall_tools dbprotect_mapper [OPTIONS] -x -o
138
125
 
139
- ## burpsuite_mapper
126
+ FLAGS:
127
+ -x : path to DBProtect report XML file.
128
+ -o --output : path to output scan-results json.
129
+ -V --verbose : verbose run [optional].
140
130
 
141
- burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
131
+ example: heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
132
+
133
+ ## fortify_mapper
134
+
135
+ fortify_mapper translates an Fortify results FVDL file into HDF format json to be viewable in Heimdall
142
136
 
143
- ```
144
- USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
137
+ USAGE: heimdall_tools fortify_mapper [OPTIONS] -f -o
145
138
 
146
- FLAGS:
147
- -x <burpsuite_xml> : path to BurpSuitePro exported XML results file.
148
- -o --output <scan-results> : path to output scan-results json.
149
- -V --verbose : verbose run [optional].
139
+ FLAGS:
140
+ -f --fvdl : path to Fortify Scan FVDL file.
141
+ -o --output : path to output scan-results json.
142
+ -V --verbose : verbose run [optional].
150
143
 
151
- example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
152
- ```
144
+ example: heimdall_tools fortify_mapper -f audit.fvdl -o scan_results.json
145
+
146
+ ## jfrog_xray_mapper
147
+
148
+ jfrog_xray_mapper translates an JFrog Xray results JSON file into HDF format JSON to be viewable in Heimdall
149
+
150
+ USAGE: heimdall_tools jfrog_xray_mapper [OPTIONS] -j -o
151
+
152
+ FLAGS:
153
+ -j : path to xray results JSON file.
154
+ -o --output : path to output scan-results json.
155
+ -V --verbose : verbose run [optional].
156
+
157
+ example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
153
158
 
154
159
  ## nessus_mapper
155
160
 
@@ -158,50 +163,57 @@ Supports compliance and vulnerability scans from Tenable.sc and Tenable.io.
158
163
 
159
164
  Note: A separate HDF JSON file is generated for each host reported in the Nessus Report.
160
165
 
161
- ```
162
- USAGE: heimdall_tools nessus_mapper [OPTIONS] -x <nessus-results-xml> -o <hdf-file-prefix>
166
+ USAGE: heimdall_tools nessus_mapper [OPTIONS] -x -o
163
167
 
164
- FLAGS:
165
- -x <nessus-results-xml> : path to Nessus-exported XML results file.
166
- -o --output_prefix <prefix> : path to output scan-results json.
167
- -V --verbose : verbose run [optional].
168
+ FLAGS:
169
+ -x : path to Nessus-exported XML results file.
170
+ -o --output_prefix : path to output scan-results json.
171
+ -V --verbose : verbose run [optional].
168
172
 
169
- example: heimdall_tools nessus_mapper -x nessus-results.xml -o test-env
170
- ```
173
+ example: heimdall_tools nessus_mapper -x nessus-results.xml -o test-env
171
174
 
172
- ## snyk_mapper
175
+ ## netsparker_mapper
173
176
 
174
- snyk_mapper translates an Snyk results JSON file into HDF format json to be viewable in Heimdall
175
-
176
- Note: A separate HDF JSON is generated for each project reported in the Snyk Report.
177
+ netsparker_mapper translates an Netsparker XML results file into HDF format JSON to be viewable in Heimdall.
177
178
 
178
- ```
179
- USAGE: heimdall_tools snyk_mapper [OPTIONS] -x <snyk-results-json> -o <hdf-file-prefix>
179
+ The current iteration only works with Netsparker Enterprise Vulnerabilities Scan.
180
180
 
181
- FLAGS:
182
- -j <snyk_results_jsonl> : path to Snyk results JSON file.
183
- -o --output_prefix <prefix> : path to output scan-results json.
184
- -V --verbose : verbose run [optional].
181
+ USAGE: heimdall_tools netsparker_mapper [OPTIONS] -x -o
185
182
 
186
- example: heimdall_tools snyk_mapper -j snyk_results.json -o output-file-prefix
187
- ```
183
+ FLAGS:
184
+ -x : path to netsparker results XML file.
185
+ -o --output : path to output scan-results json.
186
+ -V --verbose : verbose run [optional].
187
+
188
+ example: heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json
188
189
 
189
190
  ## nikto_mapper
190
191
 
191
192
  nikto_mapper translates an Nikto results JSON file into HDF format JSON to be viewable in Heimdall
192
-
193
+
193
194
  Note: Current this mapper only support single target Nikto Scans.
194
195
 
195
- ```
196
- USAGE: heimdall_tools nikto_mapper [OPTIONS] -x <nikto-results-json> -o <hdf-scan-results.json>
196
+ USAGE: heimdall_tools nikto_mapper [OPTIONS] -x -o
197
+
198
+ FLAGS:
199
+ -j : path to Nikto results JSON file.
200
+ -o --output_prefix : path to output scan-results json.
201
+ -V --verbose : verbose run [optional].
202
+
203
+ example: heimdall_tools nikto_mapper -j nikto_results.json -o nikto_results.json
197
204
 
198
- FLAGS:
199
- -j <nikto_results_json> : path to Nikto results JSON file.
200
- -o --output_prefix <prefix> : path to output scan-results json.
201
- -V --verbose : verbose run [optional].
205
+ ## sarif_mapper
206
+
207
+ sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall
208
+
209
+ USAGE: heimdall_tools sarif_mapper [OPTIONS] -j -o
210
+
211
+ FLAGS:
212
+ -j : path to SARIF results JSON file.
213
+ -o --output_prefix : path to output scan-results json.
214
+ -V --verbose : verbose run [optional].
202
215
 
203
- example: heimdall_tools nikto_mapper -j nikto_results.json -o nikto_results.json
204
- ```
216
+ example: heimdall_tools sarif_mapper -j sarif_results.json -o sarif_results_hdf.json
205
217
 
206
218
  ## scoutsuite_mapper
207
219
 
@@ -209,105 +221,81 @@ scoutsuite_mapper translates Scout Suite results from Javascript to HDF-formatte
209
221
 
210
222
  Note: Currently this mapper only supports AWS.
211
223
 
212
- ```
213
- USAGE: heimdall_tools scoutsuite_mapper -i <scoutsuite-results-js> -o <hdf-scan-results-json>
224
+ USAGE: heimdall_tools scoutsuite_mapper -i -o
214
225
 
215
- FLAGS:
216
- -i --input -j --javascript <scoutsuite-results-js> : path to Scout Suite results Javascript file.
217
- -o --output <hdf-scan-results-json> : path to output scan-results json.
226
+ FLAGS:
227
+ -i --input -j --javascript : path to Scout Suite results Javascript file.
228
+ -o --output : path to output scan-results json.
218
229
 
219
- example: heimdall_tools scoutsuite_mapper -i scoutsuite_results.js -o scoutsuite_hdf.json
220
- ```
230
+ example: heimdall_tools scoutsuite_mapper -i scoutsuite_results.js -o scoutsuite_hdf.json
221
231
 
222
- ## jfrog_xray_mapper
232
+ ## snyk_mapper
223
233
 
224
- jfrog_xray_mapper translates an JFrog Xray results JSON file into HDF format JSON to be viewable in Heimdall
225
-
226
- ```
227
- USAGE: heimdall_tools jfrog_xray_mapper [OPTIONS] -j <xray-results-json> -o <hdf-scan-results.json>
234
+ snyk_mapper translates an Snyk results JSON file into HDF format json to be viewable in Heimdall
228
235
 
229
- FLAGS:
230
- -j <xray_results_json> : path to xray results JSON file.
231
- -o --output <scan-results> : path to output scan-results json.
232
- -V --verbose : verbose run [optional].
236
+ Note: A separate HDF JSON is generated for each project reported in the Snyk Report.
233
237
 
234
- example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
235
- ```
238
+ USAGE: heimdall_tools snyk_mapper [OPTIONS] -x -o
236
239
 
237
- ## dbprotect_mapper
240
+ FLAGS:
241
+ -j : path to Snyk results JSON file.
242
+ -o --output_prefix : path to output scan-results json.
243
+ -V --verbose : verbose run [optional].
238
244
 
239
- dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.
240
-
241
- ```
242
- USAGE: heimdall_tools dbprotect_mapper [OPTIONS] -x <check_results_details_report_xml> -o <db_protect_hdf.json>
245
+ example: heimdall_tools snyk_mapper -j snyk_results.json -o output-file-prefix
243
246
 
244
- FLAGS:
245
- -x <check_results_details_report_xml> : path to DBProtect report XML file.
246
- -o --output <scan-results> : path to output scan-results json.
247
- -V --verbose : verbose run [optional].
247
+ ## sonarqube_mapper
248
248
 
249
- example: heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
250
- ```
249
+ sonarqube_mapper pulls SonarQube results, for the specified project, from the API and outputs in HDF format Json to be viewed on Heimdall
251
250
 
252
- ## aws_config_mapper
251
+ USAGE: heimdall_tools sonarqube_mapper [OPTIONS] -n -u -o
253
252
 
254
- aws_config_mapper pulls Ruby AWS SDK data to translate AWS Config Rule results into HDF format json to be viewable in Heimdall
253
+ FLAGS:
254
+ -n --name : Project Key of the project in SonarQube
255
+ -u --api_url : url of the SonarQube Server API. Typically ends with /api.
256
+ --auth : username:password or token [optional].
257
+ -o --output : path to output scan-results json.
258
+ -V --verbose : verbose run [optional].
255
259
 
256
- ### AWS Config Rule Mapping:
257
- The mapping of AWS Config Rules to 800-53 Controls was sourced from [this link](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_4.html).
258
-
259
- ### Authentication with AWS:
260
- [Developer Guide for configuring Ruby AWS SDK for authentication](https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html)
261
-
262
- ```
263
- USAGE: heimdall_tools aws_config_mapper [OPTIONS] -o <hdf-scan-results.json>
260
+ example:
264
261
 
265
- FLAGS:
266
- -o --output <scan-results> : path to output scan-results json.
267
- -V --verbose : verbose run [optional].
262
+ heimdall_tools sonarqube_mapper -n sonar_project_key -u http://sonar:9000/api -o scan_results.json
268
263
 
269
- example: heimdall_tools aws_config_mapper -o aws_config_results_hdf.json
270
- ```
264
+ heimdall_tools sonarqube_mapper -n sonar_project_key -u http://sonar:9000/api --auth admin:admin -o scan_results.json
271
265
 
272
- ## netsparker_mapper
266
+ ## xccdf_results_mapper
273
267
 
274
- netsparker_mapper translates an Netsparker XML results file into HDF format JSON to be viewable in Heimdall.
268
+ Note: SCC outputs scan results in XCCDF-Results format.
275
269
 
276
- The current iteration only works with Netsparker Enterprise Vulnerabilities Scan.
270
+ xccdf_results_mapper translates an XCCDF_Results XML scan into HDF format json to be viewable in Heimdall.
277
271
 
278
- ```
279
- USAGE: heimdall_tools netsparker_mapper [OPTIONS] -x <netsparker_results_xml> -o <hdf-scan-results.json>
272
+ USAGE: heimdall_tools xccdf_results_mapper [OPTIONS] -x -o
280
273
 
281
- FLAGS:
282
- -x <netsparker_results_xml> : path to netsparker results XML file.
283
- -o --output <scan-results> : path to output scan-results json.
284
- -V --verbose : verbose run [optional].
274
+ FLAGS:
275
+ -x : path to XCCDF-Results XML file.
276
+ -o --output : path to output scan-results json.
285
277
 
286
- example: heimdall_tools netsparker_mapper -x netsparker_results.xml -o netsparker_hdf.json
287
- ```
278
+ example: heimdall_tools xccdf_results_mapper -x xccdf_results.xml -o scan_results.json
288
279
 
289
- ## sarif_mapper
280
+ ## zap_mapper
290
281
 
291
- sarif_mapper translates a SARIF JSON file into HDF format JSON to be viewable in Heimdall
282
+ zap_mapper translates OWASP ZAP results Json to HDF format Json be viewed on Heimdall
292
283
 
293
- ```
294
- USAGE: heimdall_tools sarif_mapper [OPTIONS] -j <sarif-results-json> -o <hdf-scan-results.json>
284
+ USAGE: heimdall_tools zap_mapper [OPTIONS] -j -n -o
295
285
 
296
- FLAGS:
297
- -j <sarif_results_json> : path to SARIF results JSON file.
298
- -o --output_prefix <prefix> : path to output scan-results json.
299
- -V --verbose : verbose run [optional].
286
+ FLAGS:
287
+ -j --json : path to OWASP ZAP results JSON file.
288
+ -n --name : URL of the site being evaluated.
289
+ -o --output : path to output scan-results json.
290
+ -V --verbose : verbose run [optional].
300
291
 
301
- example: heimdall_tools sarif_mapper -j sarif_results.json -o sarif_results_hdf.json
302
- ```
292
+ example: heimdall_tools zap_mapper -j zap_results.json -n site_name -o scan_results.json
303
293
 
304
- ## version
294
+ ## version
305
295
 
306
296
  Prints out the gem version
307
297
 
308
- ```
309
- USAGE: heimdall_tools version
310
- ```
298
+ USAGE: heimdall_tools version
311
299
 
312
300
  # Development
313
301
 
@@ -315,26 +303,26 @@ USAGE: heimdall_tools version
315
303
 
316
304
  ### A complete PR should include 7 core elements:
317
305
 
318
- - A signed PR ( aka `git commit -a -s` )
319
- - Code for the new functionality
320
- - Updates to the CLI
321
- - New unit tests for the functionality
322
- - Updates to the docs and examples in `README.md` and `./docs/*`
323
- - (if needed) Example / Template files ( `metadata.yml`,`example.yml`, etc )
324
- - Scripts / Scaffolding code for the Example / Template files ( `generate_map` is an example )
325
- - Example Output of the new functionality if it produces an artifact
306
+ - A signed PR ( aka `git commit -a -s` )
307
+ - Code for the new functionality
308
+ - Updates to the CLI
309
+ - New unit tests for the functionality
310
+ - Updates to the docs and examples in `README.md` and `./docs/*`
311
+ - (if needed) Example / Template files ( `metadata.yml`,`example.yml`, etc )
312
+ - Scripts / Scaffolding code for the Example / Template files ( `generate_map` is an example )
313
+ - Example Output of the new functionality if it produces an artifact
326
314
 
327
315
  ### Overview of our PR process
328
316
 
329
- 1. open an issue on the main inspec_tools website noting the issues your PR will address
330
- 2. fork the repo
331
- 3. checkout your repo
332
- 4. cd to the repo
333
- 5. git co -b `<your_branch>`
334
- 6. bundle install
335
- 7. `hack as you will`
336
- 8. test via rake
337
- 9. ensure unit tests still function and add unit tests for your new feature
317
+ 1. open an issue on the main inspec_tools website noting the issues your PR will address
318
+ 2. fork the repo
319
+ 3. checkout your repo
320
+ 4. cd to the repo
321
+ 5. git co -b ``
322
+ 6. bundle install
323
+ 7. `hack as you will`
324
+ 8. test via rake
325
+ 9. ensure unit tests still function and add unit tests for your new feature
338
326
  10. add new docs to the `README.md` and to `./docs/examples`
339
327
  11. update the CLI as needed and add in `usage` example
340
328
  12. (if needed) create and document any example or templates
@@ -342,18 +330,18 @@ USAGE: heimdall_tools version
342
330
  14. (opt) gem build inspec_tools.gemspec
343
331
  15. (opt) gem install inspec_tools
344
332
  16. (opt) test via the installed gem
345
- 17. git commit -a -s `<your_branch>`
333
+ 17. git commit -a -s ``
346
334
  18. Open a PRs aginst the MITRE inspec_tools repo
347
335
 
348
336
  # Publishing a Release
349
337
 
350
338
  If you are a maintainer, it is very easy to cut a release of this gem:
351
339
 
352
- 1. Click on "Releases" and there should be a draft pending.
353
- 2. Make sure the Tag version and Release title match!
354
- 3. Add any additional notes can be added in the Description box.
355
- 4. Click "Publish release".
356
- 5. Release notes will be posted and a new gem will be pushed to Rubygems & Github Packages with the version you specified on step 2.
340
+ 1. Click on "Releases" and there should be a draft pending.
341
+ 2. Make sure the Tag version and Release title match!
342
+ 3. Add any additional notes can be added in the Description box.
343
+ 4. Click "Publish release".
344
+ 5. Release notes will be posted and a new gem will be pushed to Rubygems & Github Packages with the version you specified on step 2.
357
345
 
358
346
  # Testing
359
347
 
@@ -367,8 +355,8 @@ To release a new version, update the version number in `version.rb` according to
367
355
 
368
356
  ### Authors
369
357
 
370
- - Author:: Rony Xavier [rx294](https://github.com/rx294)
371
- - Author:: Dan Mirsky [mirskiy](https://github.com/mirskiy)
358
+ - Author:: Rony Xavier [rx294](https://github.com/rx294)
359
+ - Author:: Dan Mirsky [mirskiy](https://github.com/mirskiy)
372
360
 
373
361
  ### NOTICE
374
362
 
@@ -18,4 +18,5 @@ module HeimdallTools
18
18
  autoload :NetsparkerMapper, 'heimdall_tools/netsparker_mapper'
19
19
  autoload :SarifMapper, 'heimdall_tools/sarif_mapper'
20
20
  autoload :ScoutSuiteMapper, 'heimdall_tools/scoutsuite_mapper'
21
+ autoload :XCCDFResultsMapper, 'heimdall_tools/xccdf_results_mapper'
21
22
  end
@@ -41,6 +41,15 @@ module HeimdallTools
41
41
  File.write(options[:output], hdf)
42
42
  end
43
43
 
44
+ desc 'xccdf_results_mapper', 'xccdf_results_mapper translates SCAP client XCCDF-Results XML report to HDF format Json be viewed on Heimdall'
45
+ long_desc Help.text(:xccdf_results_mapper)
46
+ option :xml, required: true, aliases: '-x'
47
+ option :output, required: true, aliases: '-o'
48
+ def xccdf_results_mapper
49
+ hdf = HeimdallTools::XCCDFResultsMapper.new(File.read(options[:xml])).to_hdf
50
+ File.write(options[:output], hdf)
51
+ end
52
+
44
53
  desc 'nessus_mapper', 'nessus_mapper translates nessus xml report to HDF format Json be viewed on Heimdall'
45
54
  long_desc Help.text(:nessus_mapper)
46
55
  option :xml, required: true, aliases: '-x'
@@ -55,6 +55,7 @@ module HeimdallTools
55
55
  findings.uniq
56
56
  end
57
57
 
58
+ # rubocop:disable Layout/LineEndStringConcatenationIndentation
58
59
  def snippet(snippetid)
59
60
  snippet = @snippets.select { |x| x['id'].eql?(snippetid) }.first
60
61
  "\nPath: #{snippet['File']}\n" \
@@ -62,6 +63,7 @@ module HeimdallTools
62
63
  "EndLine: #{snippet['EndLine']}\n" \
63
64
  "Code:\n#{snippet['Text']['#cdata-section'].strip}" \
64
65
  end
66
+ # rubocop:enable Layout/LineEndStringConcatenationIndentation
65
67
 
66
68
  def nist_tag(rule)
67
69
  references = rule['References']['Reference']
@@ -25,8 +25,6 @@ DEFAULT_NIST_REV = 'Rev_4'.freeze
25
25
 
26
26
  NA_PLUGIN_OUTPUT = 'This Nessus Plugin does not provide output message.'.freeze
27
27
 
28
- # rubocop:disable Metrics/AbcSize
29
-
30
28
  # Loading spinner sign
31
29
  $spinner = Enumerator.new do |e|
32
30
  loop do
@@ -158,7 +158,11 @@ class Control
158
158
  # OWASP is stated specifically, ex owasp-a1
159
159
  #
160
160
  # SonarQube is inconsistent with tags (ex some cwe rules don't have cwe number in desc,) as noted below
161
- TAG_DATA = {}.freeze # NOTE: We count on Ruby to preserve order for TAG_DATA
161
+
162
+ # rubocop:disable Style/MutableConstant
163
+ TAG_DATA = {} # NOTE: We count on Ruby to preserve order for TAG_DATA
164
+ # rubocop:enable Style/MutableConstant
165
+
162
166
  TAG_DATA[:cwe] = {
163
167
  # Some rules with cwe tag don't have cwe number in description!
164
168
  # Currently only squid:S2658, but it has OWASP tag so we can use that.
@@ -0,0 +1,161 @@
1
+ require 'json'
2
+ require 'csv'
3
+ require 'heimdall_tools/hdf'
4
+ require 'utilities/xml_to_hash'
5
+ require 'nokogiri'
6
+
7
+ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
8
+
9
+ # XCCDF mapping for converting SCAP client (SCC or OpenSCAP) outputs to HDF
10
+ # SCC output from the RHEL7 Lockdown image was used for testing
11
+
12
+ U_CCI_LIST = File.join(RESOURCE_DIR, 'U_CCI_List.xml')
13
+
14
+ IMPACT_MAPPING = {
15
+ critical: 0.9,
16
+ high: 0.7,
17
+ medium: 0.5,
18
+ low: 0.3,
19
+ na: 0.0
20
+ }.freeze
21
+
22
+ # severity maps to high, medium, low with weights all being 10.0 from the xml
23
+ # it doesn't really look like SCAP or SCC cares about that value, just if its high, med, or low
24
+
25
+ CWE_REGEX = 'CWE-(\d*):'.freeze
26
+ CCI_REGEX = 'CCI-(\d*)'.freeze
27
+
28
+ DEFAULT_NIST_TAG = %w{SA-11 RA-5 Rev_4}.freeze
29
+
30
+ module HeimdallTools
31
+ class XCCDFResultsMapper
32
+ def initialize(scap_xml, _name = nil)
33
+ @scap_xml = scap_xml
34
+ read_cci_xml
35
+ begin
36
+ data = xml_to_hash(scap_xml)
37
+ @results = data['Benchmark']['TestResult']
38
+ @benchmarks = data['Benchmark']
39
+ @groups = data['Benchmark']['Group']
40
+ rescue StandardError => e
41
+ raise "Invalid SCAP Client XCCDF output XML file provided Exception: #{e}"
42
+ end
43
+ end
44
+
45
+ # change for pass/fail based on output Benchmark.rule
46
+ # Pass/Fail are the only two options included in the output file
47
+ def finding(issue, count)
48
+ finding = {}
49
+ finding['status'] = issue['rule-result'][count]['result'].to_s
50
+ if finding['status'] == 'pass'
51
+ finding['status'] = 'passed'
52
+ end
53
+ if finding['status'] == 'fail'
54
+ finding['status'] = 'failed'
55
+ end
56
+ finding['code_desc'] = NA_STRING
57
+ finding['run_time'] = NA_FLOAT
58
+ finding['start_time'] = issue['start-time']
59
+ finding['message'] = NA_STRING
60
+ finding['resource_class'] = NA_STRING
61
+ [finding]
62
+ end
63
+
64
+ def read_cci_xml
65
+ @cci_xml = Nokogiri::XML(File.open(U_CCI_LIST))
66
+ @cci_xml.remove_namespaces!
67
+ rescue StandardError => e
68
+ puts "Exception: #{e.message}"
69
+ end
70
+
71
+ def cci_nist_tag(cci_refs)
72
+ nist_tags = []
73
+ cci_refs.each do |cci_ref|
74
+ item_node = @cci_xml.xpath("//cci_list/cci_items/cci_item[@id='#{cci_ref}']")[0] unless @cci_xml.nil?
75
+ unless item_node.nil?
76
+ nist_ref = item_node.xpath('./references/reference[not(@version <= preceding-sibling::reference/@version) and not(@version <=following-sibling::reference/@version)]/@index').text
77
+ end
78
+ nist_tags << nist_ref
79
+ end
80
+ nist_tags
81
+ end
82
+
83
+ def get_impact(severity)
84
+ IMPACT_MAPPING[severity.to_sym]
85
+ end
86
+
87
+ def parse_refs(refs)
88
+ refs.map { |ref| ref['text'] if ref['text'].match?(CCI_REGEX) }.reject!(&:nil?)
89
+ end
90
+
91
+ # Clean up output by removing the Satsifies block and the end of the description
92
+ def satisfies_parse(satisf)
93
+ temp_satisf = satisf.match('Satisfies: ([^;]*)<\/VulnDiscussion>')
94
+ return temp_satisf[1].split(',') unless temp_satisf.nil?
95
+
96
+ NA_ARRAY
97
+ end
98
+
99
+ def desc_tags(data, label)
100
+ { data: data || NA_STRING, label: label || NA_STRING }
101
+ end
102
+
103
+ def collapse_duplicates(controls)
104
+ unique_controls = []
105
+
106
+ controls.map { |x| x['id'] }.uniq.each do |id|
107
+ collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
108
+ unique_control = controls.find { |x| x['id'].eql?(id) }
109
+ unique_control['results'] = collapsed_results.flatten
110
+ unique_controls << unique_control
111
+ end
112
+ unique_controls
113
+ end
114
+
115
+ def to_hdf
116
+ controls = []
117
+ @groups.each_with_index do |group, i|
118
+ @item = {}
119
+ @item['id'] = group['Rule']['id'].split('.').last.split('_').drop(2).first.split('r').first.split('S')[1]
120
+ @item['title'] = group['Rule']['title'].to_s
121
+ @item['desc'] = group['Rule']['description'].to_s.split('Satisfies').first
122
+ @item['descriptions'] = []
123
+ @item['descriptions'] << desc_tags(group['Rule']['description'], 'default')
124
+ @item['descriptions'] << desc_tags('NA', 'rationale')
125
+ @item['descriptions'] << desc_tags(group['Rule']['check']['check-content-ref']['name'], 'check')
126
+ @item['descriptions'] << desc_tags(group['Rule']['fixtext']['text'], 'fix')
127
+ @item['impact'] = get_impact(group['Rule']['severity'])
128
+ @item['refs'] = NA_ARRAY
129
+ @item['tags'] = {}
130
+ @item['tags']['severity'] = nil
131
+ @item['tags']['gtitle'] = group['title']
132
+ @item['tags']['satisfies'] = satisfies_parse(group['Rule']['description'])
133
+ @item['tags']['gid'] = group['Rule']['id'].split('.').last.split('_').drop(2).first.split('r').first
134
+ @item['tags']['legacy_id'] = group['Rule']['ident'][2]['text']
135
+ @item['tags']['rid'] = group['Rule']['ident'][1]['text']
136
+ @item['tags']['stig_id'] = @benchmarks['id']
137
+ @item['tags']['fix_id'] = group['Rule']['fix']['id']
138
+ @item['tags']['cci'] = parse_refs(group['Rule']['ident'])
139
+ @item['tags']['nist'] = cci_nist_tag(@item['tags']['cci'])
140
+ @item['code'] = NA_STRING
141
+ @item['source_location'] = NA_HASH
142
+ # results were in another location and using the top block "Benchmark" as a starting point caused odd issues. This works for now for the results.
143
+ @item['results'] = finding(@results, i)
144
+ controls << @item
145
+ end
146
+
147
+ controls = collapse_duplicates(controls)
148
+ results = HeimdallDataFormat.new(profile_name: @benchmarks['id'],
149
+ version: @benchmarks['style'],
150
+ duration: NA_FLOAT,
151
+ title: @benchmarks['title'],
152
+ maintainer: @benchmarks['reference']['publisher'],
153
+ summary: @benchmarks['description'],
154
+ license: @benchmarks['notice']['id'],
155
+ copyright: @benchmarks['metadata']['creator'],
156
+ copyright_email: 'disa.stig_spt@mail.mil',
157
+ controls: controls)
158
+ results.to_hdf
159
+ end
160
+ end
161
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: heimdall_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.47
4
+ version: 1.3.48
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robert Thew
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2021-06-08 00:00:00.000000000 Z
13
+ date: 2021-06-29 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: aws-sdk-configservice
@@ -246,6 +246,7 @@ files:
246
246
  - lib/heimdall_tools/snyk_mapper.rb
247
247
  - lib/heimdall_tools/sonarqube_mapper.rb
248
248
  - lib/heimdall_tools/version.rb
249
+ - lib/heimdall_tools/xccdf_results_mapper.rb
249
250
  - lib/heimdall_tools/zap_mapper.rb
250
251
  - lib/utilities/xml_to_hash.rb
251
252
  homepage: https://github.com/mitre/heimdall_tools