Class: HeimdallTools::NetsparkerMapper

Inherits:

Object

• Object
• HeimdallTools::NetsparkerMapper

Defined in:

lib/heimdall_tools/netsparker_mapper.rb

Instance Method Summary

• #initialize(xml, _name = nil) ⇒ NetsparkerMapper constructor

  A new instance of NetsparkerMapper.

• #to_hdf ⇒ Object

Constructor Details

#initialize(xml, _name = nil) ⇒ NetsparkerMapper

Returns a new instance of NetsparkerMapper.

# File 'lib/heimdall_tools/netsparker_mapper.rb', line 24

def initialize(xml, _name = nil)
  @cwe_nist_mapping = parse_mapper(CWE_NIST_MAPPING_FILE)
  @owasp_nist_mapping = parse_mapper(OWASP_NIST_MAPPING_FILE)
  data = xml_to_hash(xml)

  @vulnerabilities = data['netsparker-enterprise']['vulnerabilities']['vulnerability']
  @scan_info = data['netsparker-enterprise']['target']
rescue StandardError => e
  raise "Invalid Netsparker XML file provided Exception: #{e}"
end

Instance Method Details

#to_hdf ⇒ Object

# File 'lib/heimdall_tools/netsparker_mapper.rb', line 35

def to_hdf
  controls = []
  @vulnerabilities.each do |vulnerability|
    @item = {}
    @item['id']                 = vulnerability['LookupId'].to_s
    @item['title']              = vulnerability['name'].to_s
    @item['desc']               = format_control_desc(vulnerability)
    @item['impact']             = impact(vulnerability['severity'])
    @item['tags']               = {}
    @item['descriptions']       = []

    @item['descriptions']       <<  desc_tags(format_check_text(vulnerability), 'check')
    @item['descriptions']       <<  desc_tags(format_fix_text(vulnerability), 'fix')
    @item['refs']               = NA_ARRAY
    @item['source_location']    = NA_HASH
    @item['tags']['nist']       = nist_tag(vulnerability['classification'])
    @item['code']               = ''
    @item['results']            = finding(vulnerability)

    controls << @item
  end
  controls = collapse_duplicates(controls)
  results = HeimdallDataFormat.new(profile_name: 'Netsparker Enterprise Scan',
                                   title: "Netsparker Enterprise Scan ID: #{@scan_info['scan-id']} URL: #{@scan_info['url']}",
                                   summary: 'Netsparker Enterprise Scan',
                                   target_id: @scan_info['url'],
                                   controls: controls)
  results.to_hdf
end