Skip to content

Commit

Permalink
Initial commit for dbprotect_mapper
Browse files Browse the repository at this point in the history
Signed-off-by: Rony Xavier <[email protected]>
  • Loading branch information
Rony Xavier committed Mar 1, 2021
1 parent 2b63d63 commit 8559478
Show file tree
Hide file tree
Showing 5 changed files with 161 additions and 0 deletions.
16 changes: 16 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ HeimdallTools supplies several methods to convert output from various tools to "
- **snyk_mapper** - commercial package vulnerability scanner
- **nikto_mapper** - open-source web server scanner
- **jfrog_xray_mapper** - package vulnerability scanner
- **dbprotect_mapper** - database vulnerability scanner

Ruby 2.4 or higher (check using "ruby -v")

Expand Down Expand Up @@ -197,6 +198,21 @@ FLAGS:
example: heimdall_tools jfrog_xray_mapper -j xray_results.json -o xray_results_hdf.json
```

## dbprotect_mapper

dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.

```
USAGE: heimdall_tools dbprotect_mapper [OPTIONS] -x <check_results_details_report_xml> -o <db_protect_hdf.json>
FLAGS:
-x <check_results_details_report_xml> : path to DBProtect report XML file.
-o --output <scan-results> : path to output scan-results json.
-V --verbose : verbose run [optional].
example: heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json
```

## version

Prints out the gem version
Expand Down
1 change: 1 addition & 0 deletions lib/heimdall_tools.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,5 @@ module HeimdallTools
autoload :SnykMapper, 'heimdall_tools/snyk_mapper'
autoload :NiktoMapper, 'heimdall_tools/nikto_mapper'
autoload :JfrogXrayMapper, 'heimdall_tools/jfrog_xray_mapper'
autoload :DBProtectMapper, 'heimdall_tools/dbprotect_mapper'
end
12 changes: 12 additions & 0 deletions lib/heimdall_tools/cli.rb
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,18 @@ def jfrog_xray_mapper
puts "#{options[:output]}"
end

desc 'dbprotect_mapper', 'dbprotect_mapper translates dbprotect results xml to HDF format Json be viewed on Heimdall'
long_desc Help.text(:dbprotect_mapper)
option :xml, required: true, aliases: '-x'
option :output, required: true, aliases: '-o'
option :verbose, type: :boolean, aliases: '-V'
def dbprotect_mapper
hdf = HeimdallTools::DBProtectMapper.new(File.read(options[:xml])).to_hdf
File.write(options[:output], hdf)
puts "\r\HDF Generated:\n"
puts "#{options[:output]}"
end

desc 'version', 'prints version'
def version
puts VERSION
Expand Down
127 changes: 127 additions & 0 deletions lib/heimdall_tools/dbprotect_mapper.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
require 'json'
require 'csv'
require 'heimdall_tools/hdf'
require 'utilities/xml_to_hash'

IMPACT_MAPPING = {
High: 0.7,
Medium: 0.5,
Low: 0.3,
Informational: 0.0
}.freeze

# rubocop:disable Metrics/AbcSize

module HeimdallTools
class DBProtectMapper
def initialize(xml, name=nil, verbose = false)
@verbose = verbose

begin
dataset = xml_to_hash(xml)
@entries = compile_findings(dataset['dataset'])

rescue StandardError => e
raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
end

end

def to_hdf
controls = []
@entries.each do |entry|
@item = {}
@item['id'] = entry['Check ID']
@item['title'] = entry['Check']
@item['desc'] = format_desc(entry)
@item['impact'] = impact(entry['Risk DV'])
@item['tags'] = {}
@item['descriptions'] = []
@item['refs'] = NA_ARRAY
@item['source_location'] = NA_HASH
@item['code'] = ''
@item['results'] = finding(entry)

controls << @item
end
controls = collapse_duplicates(controls)
results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
version: "",
title: @entries.first['Job Name'],
summary: format_summary(@entries.first),
controls: controls)
results.to_hdf
end

private

def compile_findings(dataset)
keys = dataset['metadata']['item'].map{ |e| e['name']}
findings = dataset['data']['row'].map { |e| Hash[keys.zip(e['value'])] }
findings
end

def format_desc(entry)
text = []
text << "Task : #{entry['Task']}"
text << "Check Category : #{entry['Check Category']}"
text.join("; ")
end

def format_summary(entry)
text = []
text << "Organization : #{entry['Organization']}"
text << "Asset : #{entry['Check Asset']}"
text << "Asset Type : #{entry['Asset Type']}"
text << "IP Address, Port, Instance : #{entry['Asset Type']}"
text << "IP Address, Port, Instance : #{entry['IP Address, Port, Instance']}"
text.join("\n")
end

def finding(entry)
finding = {}

finding['code_desc'] = entry['Details']
finding['run_time'] = 0.0
finding['start_time'] = entry['Date']

case entry['Result Status']
when 'Fact'
finding['status'] = 'skipped'
when 'Failed'
finding['status'] = 'failed'
finding['backtrace'] = ["DB Protect Failed Check"]
when 'Finding'
finding['status'] = 'failed'
when 'Not A Finding'
finding['status'] = 'passed'
when 'Skipped'
finding['status'] = 'skipped'
else
finding['status'] = 'skipped'
end
[finding]
end

def impact(severity)
IMPACT_MAPPING[severity.to_sym]
end

# DBProtect report could have multiple issue entries for multiple findings of same issue type.
# The meta data is identical across entries
# method collapse_duplicates return unique controls with applicable findings collapsed into it.
def collapse_duplicates(controls)
unique_controls = []

controls.map { |x| x['id'] }.uniq.each do |id|
collapsed_results = controls.select { |x| x['id'].eql?(id) }.map {|x| x['results']}
unique_control = controls.find { |x| x['id'].eql?(id) }
unique_control['results'] = collapsed_results.flatten
unique_controls << unique_control
end
unique_controls
end


end
end
5 changes: 5 additions & 0 deletions lib/heimdall_tools/help/dbprotect_mapper.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
dbprotect_mapper translates DBProtect report in `Check Results Details` format XML to HDF format JSON be viewed on Heimdall.

Examples:

heimdall_tools dbprotect_mapper -x check_results_details_report.xml -o db_protect_hdf.json

0 comments on commit 8559478

Please sign in to comment.