Class: HeimdallTools::ZapMapper

Inherits:
Object
  • Object
show all
Defined in:
lib/heimdall_tools/zap_mapper.rb

Instance Method Summary collapse

Constructor Details

#initialize(zap_json, name) ⇒ ZapMapper

Returns a new instance of ZapMapper.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 15

def initialize(zap_json, name)
  @zap_json = zap_json

  begin
    data = JSON.parse(zap_json, symbolize_names: true)

    unless data[:site].map { |x| x[:@name] }.include?(name)
      abort("Specified site name: #{name} is not defined in the JSON provided.")
    end

    site = data[:site].select { |x| x[:@name].eql?(name) }.first

    @cwe_nist_mapping = parse_mapper
    @zap_verison      = data[:@version]
    @timestamp        = data[:@generated]
    @name             = site[:@name]
    @host             = site[:@host]
    @port             = site[:@port]
    @ssl              = site[:@ssl]
    @alerts           = site[:alerts]
  rescue StandardError => e
    raise "Invalid ZAP results JSON file provided Exception: #{e}"
  end
end

Instance Method Details

#checktext(alert) ⇒ Object 



81
82
83
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 81

def checktext(alert)
  [alert[:solution], alert[:otherinfo], alert[:otherinfo]].join("\n")
end

#finding(instance) ⇒ Object 



48
49
50
51
52
53
54
55
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 48

def finding(instance)
  finding = {}
  finding['status'] = 'failed'
  finding['code_desc'] = format_code_desc(instance)
  finding['run_time'] = NA_FLOAT
  finding['start_time'] = @timestamp
  finding
end

#fix_duplicates(controls) ⇒ Object 



93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 93

def fix_duplicates(controls)
  control_ids = controls.map { |x| x['id'] }
  dup_ids = control_ids.select { |x| control_ids.count(x) > 1 }.uniq
  dup_ids.each do |dup_id|
    index = 1
    controls.select { |x| x['id'].eql?(dup_id) }.each do |control|
      control['id'] = "#{control['id']}.#{index}"
      index += 1
    end
  end
end

#format_code_desc(code_desc) ⇒ Object 



57
58
59
60
61
62
63
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 57

def format_code_desc(code_desc)
  desc = ''
  code_desc.each_key do |key|
    desc += "#{key.capitalize}: #{code_desc[key]}\n"
  end
  desc
end

#impact(riskcode) ⇒ Object 



71
72
73
74
75
76
77
78
79
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 71

def impact(riskcode)
  if riskcode.to_i.between?(0, 1)
    0.3
  elsif riskcode.to_i == 2
    0.5
  elsif riskcode.to_i >= 3
    0.7
  end
end

#nist_tag(cweid) ⇒ Object 



65
66
67
68
69
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 65

def nist_tag(cweid)
  entries = @cwe_nist_mapping.select { |x| x[:cweid].to_s.eql?(cweid.to_s) && !x[:nistid].nil? }
  tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
  tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
end

#parse_mapperObject 



85
86
87
88
89
90
91
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 85

def parse_mapper
  csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
                                               headers: true,
                                               header_converters: :symbol,
                                               converters: :all })
  csv_data.map(&:to_hash)
end

#process_instances(instances) ⇒ Object 



40
41
42
43
44
45
46
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 40

def process_instances(instances)
  findings = []
  instances.each do |instance|
    findings << finding(instance)
  end
  findings.uniq
end

#to_hdfObject 



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 105

def to_hdf
  controls = []
  @alerts.each do |alert|
    @item = {}
    @item['id']                 = alert[:pluginid].to_s
    @item['title']              = alert[:name].to_s
    @item['desc']               = Nokogiri::HTML(alert[:desc]).text
    @item['impact']             = impact(alert[:riskcode])
    @item['tags']               = {}
    @item['descriptions']       = NA_ARRAY
    @item['refs']               = NA_ARRAY
    @item['source_location']    = NA_HASH
    @item['tags']['nist']       = nist_tag(alert[:cweid])
    @item['tags']['cweid']      = alert[:cweid].to_s
    @item['tags']['wascid']     = alert[:wascid].to_s
    @item['tags']['sourceid']   = alert[:sourceid].to_s
    @item['tags']['confidence'] = alert[:confidence].to_s
    @item['tags']['riskdesc']   = alert[:riskdesc].to_s
    @item['tags']['check']      = checktext(alert)
    @item['code']               = ''
    @item['results']            = process_instances(alert[:instances])

    controls << @item
  end
  fix_duplicates(controls)

  results = HeimdallDataFormat.new(profile_name: 'OWASP ZAP Scan',
                                   version: @zap_verison,
                                   title: "OWASP ZAP Scan of Host: #{@host}",
                                   summary: "OWASP ZAP Scan of Host: #{@host}",
                                   controls: controls)
  results.to_hdf
end