Class: HeimdallTools::SnykMapper
- Inherits:
-
Object
- Object
- HeimdallTools::SnykMapper
- Defined in:
- lib/heimdall_tools/snyk_mapper.rb
Instance Method Summary collapse
-
#collapse_duplicates(controls) ⇒ Object
Snyk report could have multiple vulnerability entries for multiple findings of same issue type.
- #desc_tags(data, label) ⇒ Object
- #extract_scaninfo(project) ⇒ Object
- #finding(vulnerability) ⇒ Object
- #impact(severity) ⇒ Object
-
#initialize(synk_json, _name = nil) ⇒ SnykMapper
constructor
A new instance of SnykMapper.
- #nist_tag(cweid) ⇒ Object
- #parse_identifiers(vulnerability, ref) ⇒ Object
- #parse_mapper ⇒ Object
- #to_hdf ⇒ Object
Constructor Details
#initialize(synk_json, _name = nil) ⇒ SnykMapper
Returns a new instance of SnykMapper.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 32 def initialize(synk_json, _name = nil) @synk_json = synk_json begin @cwe_nist_mapping = parse_mapper @projects = JSON.parse(synk_json) # Cover single and multi-project scan use cases. unless @projects.is_a?(Array) @projects = [@projects] end rescue StandardError => e raise "Invalid Snyk JSON file provided Exception: #{e}" end end |
Instance Method Details
#collapse_duplicates(controls) ⇒ Object
Snyk report could have multiple vulnerability entries for multiple findings of same issue type. The meta data is identical across entries method collapse_duplicates return unique controls with applicable findings collapsed into it.
106 107 108 109 110 111 112 113 114 115 116 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 106 def collapse_duplicates(controls) unique_controls = [] controls.map { |x| x['id'] }.uniq.each do |id| collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] } unique_control = controls.find { |x| x['id'].eql?(id) } unique_control['results'] = collapsed_results.flatten unique_controls << unique_control end unique_controls end |
#desc_tags(data, label) ⇒ Object
99 100 101 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 99 def (data, label) { data: data || NA_STRING, label: label || NA_STRING } end |
#extract_scaninfo(project) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 48 def extract_scaninfo(project) info = {} begin info['policy'] = project['policy'] reg = Regexp.new(SNYK_VERSION_REGEX, Regexp::IGNORECASE) info['version'] = info['policy'].scan(reg).join info['projectName'] = project['projectName'] info['summary'] = project['summary'] info rescue StandardError => e raise "Error extracting project info from Synk JSON file provided Exception: #{e}" end end |
#finding(vulnerability) ⇒ Object
63 64 65 66 67 68 69 70 71 72 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 63 def finding(vulnerability) finding = {} finding['status'] = 'failed' finding['code_desc'] = "From : [ #{vulnerability['from'].join(' , ')} ]" finding['run_time'] = NA_FLOAT # Snyk results does not profile scan timestamp; using current time to satisfy HDF format finding['start_time'] = NA_STRING [finding] end |
#impact(severity) ⇒ Object
87 88 89 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 87 def impact(severity) IMPACT_MAPPING[severity.to_sym] end |
#nist_tag(cweid) ⇒ Object
74 75 76 77 78 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 74 def nist_tag(cweid) entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? } = entries.map { |x| x[:nistid] } .empty? ? DEFAULT_NIST_TAG : .flatten.uniq end |
#parse_identifiers(vulnerability, ref) ⇒ Object
80 81 82 83 84 85 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 80 def parse_identifiers(vulnerability, ref) # Extracting id number from reference style CWE-297 vulnerability['identifiers'][ref].map { |e| e.split("#{ref}-")[1] } rescue StandardError [] end |
#parse_mapper ⇒ Object
91 92 93 94 95 96 97 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 91 def parse_mapper csv_data = CSV.read(CWE_NIST_MAPPING_FILE, **{ encoding: 'UTF-8', headers: true, header_converters: :symbol, converters: :all }) csv_data.map(&:to_hash) end |
#to_hdf ⇒ Object
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
# File 'lib/heimdall_tools/snyk_mapper.rb', line 118 def to_hdf project_results = {} @projects.each do |project| controls = [] project['vulnerabilities'].each do |vulnerability| printf("\rProcessing: %s", $spinner.next) item = {} item['tags'] = {} item['descriptions'] = [] item['refs'] = NA_ARRAY item['source_location'] = NA_HASH item['descriptions'] = NA_ARRAY item['title'] = vulnerability['title'].to_s item['id'] = vulnerability['id'].to_s item['desc'] = vulnerability['description'].to_s item['impact'] = impact(vulnerability['severity']) item['code'] = '' item['results'] = finding(vulnerability) item['tags']['nist'] = nist_tag(parse_identifiers(vulnerability, 'CWE')) item['tags']['cweid'] = parse_identifiers(vulnerability, 'CWE') item['tags']['cveid'] = parse_identifiers(vulnerability, 'CVE') item['tags']['ghsaid'] = parse_identifiers(vulnerability, 'GHSA') controls << item end controls = collapse_duplicates(controls) scaninfo = extract_scaninfo(project) results = HeimdallDataFormat.new(profile_name: scaninfo['policy'], version: scaninfo['version'], title: "Snyk Project: #{scaninfo['projectName']}", summary: "Snyk Summary: #{scaninfo['summary']}", controls: controls, target_id: scaninfo['projectName']) project_results[scaninfo['projectName']] = results.to_hdf end project_results end |