heimdall_tools 1.3.35 → 1.3.36
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +16 -0
- data/lib/heimdall_tools.rb +1 -0
- data/lib/heimdall_tools/cli.rb +12 -0
- data/lib/heimdall_tools/dbprotect_mapper.rb +127 -0
- data/lib/heimdall_tools/help/dbprotect_mapper.md +5 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 34a80978c354919fb48f33582e9a6b4e2676eb884c1868e8d710daeb6c8bfb9f
|
|
4
|
+
data.tar.gz: 58a1f7cde61bf0ad07454fd3cc90448ad40385a9f9d8dd951f24901ccce7a79d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49faba0d70053387a28208efc837a3978bb100e44d65436e0c8f9f6d335d1d8639987b77b44607a2d195cbafaf4646e2e4b80894a8ebb06a7206a929e2a115d3
|
|
7
|
+
data.tar.gz: 42c71d905a92366eb864113d86de09997cf1043133049d6e16efbc34967a5af2d648d4cb31b6a92fb17874941be8c92f367abcad3d37c26bb8f6b4d46d600f56
|
data/README.md
CHANGED
|
@@ -13,6 +13,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
|
|
|
13
13
|
- **snyk_mapper** - commercial package vulnerability scanner
|
|
14
14
|
- **nikto_mapper** - open-source web server scanner
|
|
15
15
|
- **jfrog_xray_mapper** - package vulnerability scanner
|
|
16
|
+
- **dbprotect_mapper** - database vulnerability scanner
|
|
16
17
|
|
|
17
18
|
Ruby 2.4 or higher (check using "ruby -v")
|
|
18
19
|
|
|
@@ -197,6 +198,21 @@ FLAGS:
|
|
|
197
198
|
example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
|
|
198
199
|
```
|
|
199
200
|
|
|
201
|
+
## dbprotect_mapper
|
|
202
|
+
|
|
203
|
+
dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.
|
|
204
|
+
|
|
205
|
+
```
|
|
206
|
+
USAGE: heimdall_tools dbprotect_mapper [OPTIONS] -x <check_results_details_report_xml> -o <db_protect_hdf.json>
|
|
207
|
+
|
|
208
|
+
FLAGS:
|
|
209
|
+
-x <check_results_details_report_xml> : path to DBProtect report XML file.
|
|
210
|
+
-o --output <scan-results> : path to output scan-results json.
|
|
211
|
+
-V --verbose : verbose run [optional].
|
|
212
|
+
|
|
213
|
+
example: heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
|
|
214
|
+
```
|
|
215
|
+
|
|
200
216
|
## version
|
|
201
217
|
|
|
202
218
|
Prints out the gem version
|
data/lib/heimdall_tools.rb
CHANGED
data/lib/heimdall_tools/cli.rb
CHANGED
|
@@ -99,6 +99,18 @@ module HeimdallTools
|
|
|
99
99
|
puts "#{options[:output]}"
|
|
100
100
|
end
|
|
101
101
|
|
|
102
|
+
desc 'dbprotect_mapper', 'dbprotect_mapper translates dbprotect results xml to HDF format Json be viewed on Heimdall'
|
|
103
|
+
long_desc Help.text(:dbprotect_mapper)
|
|
104
|
+
option :xml, required: true, aliases: '-x'
|
|
105
|
+
option :output, required: true, aliases: '-o'
|
|
106
|
+
option :verbose, type: :boolean, aliases: '-V'
|
|
107
|
+
def dbprotect_mapper
|
|
108
|
+
hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
|
|
109
|
+
File.write(options[:output], hdf)
|
|
110
|
+
puts "\r\HDF Generated:\n"
|
|
111
|
+
puts "#{options[:output]}"
|
|
112
|
+
end
|
|
113
|
+
|
|
102
114
|
desc 'version', 'prints version'
|
|
103
115
|
def version
|
|
104
116
|
puts VERSION
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
require 'json'
|
|
2
|
+
require 'csv'
|
|
3
|
+
require 'heimdall_tools/hdf'
|
|
4
|
+
require 'utilities/xml_to_hash'
|
|
5
|
+
|
|
6
|
+
IMPACT_MAPPING = {
|
|
7
|
+
High: 0.7,
|
|
8
|
+
Medium: 0.5,
|
|
9
|
+
Low: 0.3,
|
|
10
|
+
Informational: 0.0
|
|
11
|
+
}.freeze
|
|
12
|
+
|
|
13
|
+
# rubocop:disable Metrics/AbcSize
|
|
14
|
+
|
|
15
|
+
module HeimdallTools
|
|
16
|
+
class DBProtectMapper
|
|
17
|
+
def initialize(xml, name=nil, verbose = false)
|
|
18
|
+
@verbose = verbose
|
|
19
|
+
|
|
20
|
+
begin
|
|
21
|
+
dataset = xml_to_hash(xml)
|
|
22
|
+
@entries = compile_findings(dataset['dataset'])
|
|
23
|
+
|
|
24
|
+
rescue StandardError => e
|
|
25
|
+
raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def to_hdf
|
|
31
|
+
controls = []
|
|
32
|
+
@entries.each do |entry|
|
|
33
|
+
@item = {}
|
|
34
|
+
@item['id'] = entry['Check ID']
|
|
35
|
+
@item['title'] = entry['Check']
|
|
36
|
+
@item['desc'] = format_desc(entry)
|
|
37
|
+
@item['impact'] = impact(entry['Risk DV'])
|
|
38
|
+
@item['tags'] = {}
|
|
39
|
+
@item['descriptions'] = []
|
|
40
|
+
@item['refs'] = NA_ARRAY
|
|
41
|
+
@item['source_location'] = NA_HASH
|
|
42
|
+
@item['code'] = ''
|
|
43
|
+
@item['results'] = finding(entry)
|
|
44
|
+
|
|
45
|
+
controls << @item
|
|
46
|
+
end
|
|
47
|
+
controls = collapse_duplicates(controls)
|
|
48
|
+
results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
|
|
49
|
+
version: "",
|
|
50
|
+
title: @entries.first['Job Name'],
|
|
51
|
+
summary: format_summary(@entries.first),
|
|
52
|
+
controls: controls)
|
|
53
|
+
results.to_hdf
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
private
|
|
57
|
+
|
|
58
|
+
def compile_findings(dataset)
|
|
59
|
+
keys = dataset['metadata']['item'].map{ |e| e['name']}
|
|
60
|
+
findings = dataset['data']['row'].map { |e| Hash[keys.zip(e['value'])] }
|
|
61
|
+
findings
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def format_desc(entry)
|
|
65
|
+
text = []
|
|
66
|
+
text << "Task : #{entry['Task']}"
|
|
67
|
+
text << "Check Category : #{entry['Check Category']}"
|
|
68
|
+
text.join("; ")
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def format_summary(entry)
|
|
72
|
+
text = []
|
|
73
|
+
text << "Organization : #{entry['Organization']}"
|
|
74
|
+
text << "Asset : #{entry['Check Asset']}"
|
|
75
|
+
text << "Asset Type : #{entry['Asset Type']}"
|
|
76
|
+
text << "IP Address, Port, Instance : #{entry['Asset Type']}"
|
|
77
|
+
text << "IP Address, Port, Instance : #{entry['IP Address, Port, Instance']}"
|
|
78
|
+
text.join("\n")
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def finding(entry)
|
|
82
|
+
finding = {}
|
|
83
|
+
|
|
84
|
+
finding['code_desc'] = entry['Details']
|
|
85
|
+
finding['run_time'] = 0.0
|
|
86
|
+
finding['start_time'] = entry['Date']
|
|
87
|
+
|
|
88
|
+
case entry['Result Status']
|
|
89
|
+
when 'Fact'
|
|
90
|
+
finding['status'] = 'skipped'
|
|
91
|
+
when 'Failed'
|
|
92
|
+
finding['status'] = 'failed'
|
|
93
|
+
finding['backtrace'] = ["DB Protect Failed Check"]
|
|
94
|
+
when 'Finding'
|
|
95
|
+
finding['status'] = 'failed'
|
|
96
|
+
when 'Not A Finding'
|
|
97
|
+
finding['status'] = 'passed'
|
|
98
|
+
when 'Skipped'
|
|
99
|
+
finding['status'] = 'skipped'
|
|
100
|
+
else
|
|
101
|
+
finding['status'] = 'skipped'
|
|
102
|
+
end
|
|
103
|
+
[finding]
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def impact(severity)
|
|
107
|
+
IMPACT_MAPPING[severity.to_sym]
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
# DBProtect report could have multiple issue entries for multiple findings of same issue type.
|
|
111
|
+
# The meta data is identical across entries
|
|
112
|
+
# method collapse_duplicates return unique controls with applicable findings collapsed into it.
|
|
113
|
+
def collapse_duplicates(controls)
|
|
114
|
+
unique_controls = []
|
|
115
|
+
|
|
116
|
+
controls.map { |x| x['id'] }.uniq.each do |id|
|
|
117
|
+
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
|
|
118
|
+
unique_control = controls.find { |x| x['id'].eql?(id) }
|
|
119
|
+
unique_control['results'] = collapsed_results.flatten
|
|
120
|
+
unique_controls << unique_control
|
|
121
|
+
end
|
|
122
|
+
unique_controls
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
|
|
126
|
+
end
|
|
127
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heimdall_tools
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.36
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Robert Thew
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2021-
|
|
13
|
+
date: 2021-03-01 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: nokogiri
|
|
@@ -189,10 +189,12 @@ files:
|
|
|
189
189
|
- lib/heimdall_tools/burpsuite_mapper.rb
|
|
190
190
|
- lib/heimdall_tools/cli.rb
|
|
191
191
|
- lib/heimdall_tools/command.rb
|
|
192
|
+
- lib/heimdall_tools/dbprotect_mapper.rb
|
|
192
193
|
- lib/heimdall_tools/fortify_mapper.rb
|
|
193
194
|
- lib/heimdall_tools/hdf.rb
|
|
194
195
|
- lib/heimdall_tools/help.rb
|
|
195
196
|
- lib/heimdall_tools/help/burpsuite_mapper.md
|
|
197
|
+
- lib/heimdall_tools/help/dbprotect_mapper.md
|
|
196
198
|
- lib/heimdall_tools/help/fortify_mapper.md
|
|
197
199
|
- lib/heimdall_tools/help/jfrog_xray_mapper.md
|
|
198
200
|
- lib/heimdall_tools/help/nessus_mapper.md
|