heimdall_tools 1.3.23 → 1.3.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87c18b112ab38b1f06c4e7e85041c5c4d388d974c8ce256fdf928dbc4e2ecdf5
-  data.tar.gz: f7fcefb5bc73c34fa17039cc2b40a068fbf754a8a7b9a07e35c4d6ad1dace8eb
+  metadata.gz: 5d1e11d1521f5cb405e5900b4e799001c7351dc584b42e99ccf2d5fb0a84c361
+  data.tar.gz: e68d4a5e7b90f4f1158c08d0c305f95f2d8fa57d3cae075879ec4a494b576202
 SHA512:
-  metadata.gz: 983087a23a15d02b927b43e07ab5fa84451aa6d09bf6feba0acdbd3c24d2710374d2fde2e8b140650bdb1dcf90a5490a651c1672d0f8b4b2a05abc688136e041
-  data.tar.gz: 717f833a3901385a7d15869f019c1ccacb2a9cdf9c9f4107e08b574620164596fcfcb00a050c7c4e3b9aed2aa6ff749e93fd095d3767e9d25dfbed5a8927ce91
+  metadata.gz: 4e14d8c4ad154009ff553d751b86d9d81b6de04169988ddc7ac2ac0d1f3bd1b43b9ce8dcbb2e18b7bb6c5720a3c4d300e14bad6b151d96242417586be304a0ac
+  data.tar.gz: 9347a1672c14849d11538b72e60aa6aa4b4ee56aaecb6e9e387869be8e88197b499b4b358c29cf2d6389992721ba05e61bd2262b01ab4f78be072a6da2e07c16

data/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## [Unreleased](https://github.com/mitre/heimdall_tools/tree/HEAD)
+
+[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23...HEAD)
+
+**Implemented enhancements:**
+
+- Converter: Burp Suite Pro [\#28](https://github.com/mitre/heimdall_tools/issues/28)
+
+**Fixed bugs:**
+
+- \[Bug\] Import mapping csvs by relative path  [\#41](https://github.com/mitre/heimdall_tools/issues/41)
+
+**Merged pull requests:**
+
+- Update to pull data csvs by relative path [\#42](https://github.com/mitre/heimdall_tools/pull/42) ([rx294](https://github.com/rx294))
+- Burpsuite mapper [\#40](https://github.com/mitre/heimdall_tools/pull/40) ([rx294](https://github.com/rx294))
+
+## [v1.3.23](https://github.com/mitre/heimdall_tools/tree/v1.3.23) (2020-03-31)
+
+[Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre5...v1.3.23)
+
 ## [v1.3.23.pre5](https://github.com/mitre/heimdall_tools/tree/v1.3.23.pre5) (2020-03-31)
 
 [Full Changelog](https://github.com/mitre/heimdall_tools/compare/v1.3.23.pre4...v1.3.23.pre5)

data/README.md

@@ -1,7 +1,6 @@
 # Heimdall Tools
 
 ![Overall Status](https://github.com/mitre/heimdall_tools/workflows/heimdall_tools/badge.svg)
-
 ![Heimdall Tools Build](https://github.com/mitre/heimdall_tools/workflows/Build%20and%20release%20gem/badge.svg)
 
 HeimdallTools supplies several methods to convert output from various tools to "Heimdall Data Format"(HDF) format to be viewable in Heimdall. The current converters are:
@@ -9,8 +8,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
 - **sonarqube_mapper** - open-source static code analysis tool
 - **fortify_mapper** - commercial static code analysis tool
 - **zap_mapper** - OWASP ZAP - open-source dynamic code analysis tool
-
-# Prerequisites
+- **burpsuite_mapper** - commercial dynamic analysis tool
 
 Ruby 2.4 or higher (check using "ruby -v")
 
@@ -107,7 +105,22 @@ FLAGS:
 example: heimdall_tools zap_mapper -j zap_results.json -n site_name -o scan_results.json
 ```
 
-## version
+## burpsuite_mapper
+
+burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
+
+```
+USAGE: heimdall_tools burpsuite_mapper [OPTIONS] -x <burpsuite-xml> -o <scan-results.json>
+
+FLAGS:
+    -x --json <zap-json>             : path to BurpSuitePro exported XML results file.
+    -o --output <scan-results>       : path to output scan-results json.
+    -V --verbose                     : verbose run [optional].
+
+example: heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json
+```
+
+## version  
 
 Prints out the gem version
 

data/lib/heimdall_tools.rb

@@ -8,4 +8,5 @@ module HeimdallTools
   autoload :FortifyMapper, 'heimdall_tools/fortify_mapper'
   autoload :ZapMapper, 'heimdall_tools/zap_mapper'
   autoload :SonarQubeMapper, 'heimdall_tools/sonarqube_mapper'
+  autoload :BurpSuiteMapper, 'heimdall_tools/burpsuite_mapper'
 end

data/lib/heimdall_tools/burpsuite_mapper.rb

@@ -0,0 +1,138 @@
+require 'json'
+require 'csv'
+require 'heimdall_tools/hdf'
+require 'utilities/xml_to_hash'
+
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+
+IMPACT_MAPPING = {
+  High: 0.7,
+  Medium: 0.5,
+  Low: 0.3,
+  Information: 0.3
+}.freeze
+
+CWE_REGEX = 'CWE-(\d*):'.freeze
+
+DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze
+
+# rubocop:disable Metrics/AbcSize
+
+module HeimdallTools
+  class BurpSuiteMapper
+    def initialize(burps_xml, name=nil, verbose = false)
+      @burps_xml = burps_xml
+      @verbose = verbose
+
+      begin
+        @cwe_nist_mapping = parse_mapper
+        data = xml_to_hash(burps_xml)
+
+        @issues = data['issues']['issue']
+        @burpVersion = data['issues']['burpVersion']
+        @timestamp = data['issues']['exportTime']
+
+      rescue StandardError => e
+        raise "Invalid Burpsuite XML file provided Exception: #{e}"
+      end
+
+    end
+
+    def parse_html(block)
+      Nokogiri::HTML(block['#cdata-section']).text.to_s.strip unless block.nil?
+    end
+
+    def finding(issue)
+      finding = {}
+      finding['status'] = 'failed'
+      finding['code_desc'] = format_code_desc(issue)
+      finding['run_time'] = NA_FLOAT
+      finding['start_time'] = @timestamp
+      [finding]
+    end
+
+    def format_code_desc(issue)
+      desc = ''
+      desc += "Host: ip: #{issue['host']['ip']}, url: #{issue['host']['text']}\n"
+      desc += "Location: #{parse_html(issue['location'])}\n"
+      desc += "issueDetail: #{parse_html(issue['issueDetail'])}\n" unless issue['issueDetail'].nil?
+      desc += "confidence: #{issue['confidence']}\n" unless issue['confidence'].nil?
+      desc
+    end
+
+    def nist_tag(cweid)
+      entries = @cwe_nist_mapping.select { |x| cweid.include? x[:cweid].to_s }
+      tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+    end
+
+    def parse_cwe(text)
+      reg = Regexp.new(CWE_REGEX, Regexp::IGNORECASE)
+      text.scan(reg).map(&:first)
+    end
+
+    def impact(severity)
+      IMPACT_MAPPING[severity.to_sym]
+    end
+
+    def parse_mapper
+      csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
+                                                   headers: true,
+                                                   header_converters: :symbol,
+                                                   converters: :all })
+      csv_data.map(&:to_hash)
+    end
+
+    def desc_tags(data, label)
+      { "data": data || NA_STRING, "label": label || NA_STRING }
+    end
+
+    # Burpsuite report could have multiple issue entries for multiple findings of same issue type.
+    # The meta data is identical across entries 
+    # method collapse_duplicates return unique controls with applicable findings collapsed into it.
+    def collapse_duplicates(controls)
+      unique_controls = []
+
+      controls.map { |x| x['id'] }.uniq.each do |id|
+        collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
+        unique_control = controls.find { |x| x['id'].eql?(id) }
+        unique_control['results'] = collapsed_results.flatten
+        unique_controls << unique_control
+      end
+      unique_controls
+    end
+
+    def to_hdf
+      controls = []
+      @issues.each do |issue|
+        @item = {}
+        @item['id']                 = issue['type'].to_s
+        @item['title']              = parse_html(issue['name'])
+        @item['desc']               = parse_html(issue['issueBackground'])
+        @item['impact']             = impact(issue['severity'])
+        @item['tags']               = {}
+        @item['descriptions']       = []
+        @item['descriptions']       <<  desc_tags(parse_html(issue['issueBackground']), 'check')
+        @item['descriptions']       <<  desc_tags(parse_html(issue['remediationBackground']), 'fix')
+        @item['refs']               = NA_ARRAY
+        @item['source_location']    = NA_HASH
+        @item['tags']['nist']       = nist_tag(parse_cwe(parse_html(issue['vulnerabilityClassifications'])))
+        @item['tags']['cweid']      = parse_html(issue['vulnerabilityClassifications'])
+        @item['tags']['confidence'] = issue['confidence'].to_s
+        @item['code']               = ''
+        @item['results']            = finding(issue)
+
+        controls << @item
+      end
+      controls = collapse_duplicates(controls)
+      results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
+                                       version: @burpVersion,
+                                       title: "BurpSuite Pro Scan",
+                                       summary: "BurpSuite Pro Scan",
+                                       controls: controls)
+      results.to_hdf
+    end
+  end
+end

data/lib/heimdall_tools/cli.rb

@@ -35,6 +35,16 @@ module HeimdallTools
       File.write(options[:output], hdf)
     end
 
+    desc 'burpsuite_mapper', 'burpsuite_mapper translates Burpsuite xml report to HDF format Json be viewed on Heimdall'
+    long_desc Help.text(:burpsuite_mapper)
+    option :xml, required: true, aliases: '-x'
+    option :output, required: true, aliases: '-o'
+    option :verbose, type: :boolean, aliases: '-V'
+    def burpsuite_mapper
+      hdf = HeimdallTools::BurpSuiteMapper.new(File.read(options[:xml])).to_hdf
+      File.write(options[:output], hdf)
+    end
+
     desc 'version', 'prints version'
     def version
       puts VERSION

data/lib/heimdall_tools/hdf.rb

@@ -2,6 +2,7 @@ require 'json'
 require 'heimdall_tools/version'
 require 'openssl'
 
+NA_STRING = "".freeze
 NA_TAG = nil.freeze
 NA_ARRAY = [].freeze
 NA_HASH = {}.freeze

data/lib/heimdall_tools/help/burpsuite_mapper.md

@@ -0,0 +1,5 @@
+  burpsuite_mapper translates an BurpSuite Pro exported XML results file into HDF format json to be viewable in Heimdall
+  
+Examples:
+
+  heimdall_tools burpsuite_mapper -x burpsuite_results.xml -o scan_results.json

data/lib/heimdall_tools/sonarqube_mapper.rb

@@ -3,9 +3,11 @@ require 'json'
 require 'csv'
 require 'heimdall_tools/hdf'
 
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
 MAPPING_FILES = {
-  cwe: './lib/data/cwe-nist-mapping.csv'.freeze,
-  owasp: './lib/data/owasp-nist-mapping.csv'.freeze
+  cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
+  owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
 }.freeze
 
 IMPACT_MAPPING = {

data/lib/heimdall_tools/zap_mapper.rb

@@ -4,7 +4,9 @@ require 'csv'
 require 'heimdall_tools/hdf'
 
 
-CWE_NIST_MAPPING_FILE = './lib/data/cwe-nist-mapping.csv'.freeze
+RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
+
+CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
 
 # rubocop:disable Metrics/AbcSize
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdall_tools
 version: !ruby/object:Gem::Version
-  version: 1.3.23
+  version: 1.3.24
 platform: ruby
 authors:
 - Robert Thew
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-31 00:00:00.000000000 Z
+date: 2020-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -213,11 +213,13 @@ files:
 - lib/data/gitkeep
 - lib/data/owasp-nist-mapping.csv
 - lib/heimdall_tools.rb
+- lib/heimdall_tools/burpsuite_mapper.rb
 - lib/heimdall_tools/cli.rb
 - lib/heimdall_tools/command.rb
 - lib/heimdall_tools/fortify_mapper.rb
 - lib/heimdall_tools/hdf.rb
 - lib/heimdall_tools/help.rb
+- lib/heimdall_tools/help/burpsuite_mapper.md
 - lib/heimdall_tools/help/fortify_mapper.md
 - lib/heimdall_tools/help/sonarqube_mapper.md
 - lib/heimdall_tools/help/zap_mapper.md