Class: HeimdallTools::SonarQubeMapper

Inherits:

Object

• Object
• HeimdallTools::SonarQubeMapper

Defined in:

lib/heimdall_tools/sonarqube_mapper.rb

Instance Method Summary

• #_get_controls ⇒ Object

  Build an array of Controls based on the SonarQube findings.

• #initialize(project_name, sonarqube_url, auth = nil) ⇒ SonarQubeMapper constructor

  Fetches the necessary data from the API and builds report.

• #load_nist_mappings ⇒ Object
• #to_hdf ⇒ Object

  Returns a report in HDF format.

Constructor Details

#initialize(project_name, sonarqube_url, auth = nil) ⇒ SonarQubeMapper

Fetches the necessary data from the API and builds report

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 114

def initialize(project_name, sonarqube_url, auth = nil)
  @project_name = project_name
  @api = SonarQubeApi.new(sonarqube_url, auth)

  @mappings = load_nist_mappings
  @findings = @api.query_issues(@project_name).map { |x| Finding.new(x, @api) }
  @controls = _get_controls
end

Instance Method Details

#_get_controls ⇒ Object

Build an array of Controls based on the SonarQube findings

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 124

def _get_controls
  control_key_to_findings_map = Hash.new { |h, k| h[k] = [] }
  @findings.each { |f| control_key_to_findings_map[f.control_key] << f }
  control_key_to_findings_map.map { |control_key, findings| Control.new(control_key, findings, @api, @mappings) }
end

#load_nist_mappings ⇒ Object

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 130

def load_nist_mappings
  mappings = {}
  MAPPING_FILES.each do |mapping_type, path|
    csv_data = CSV.read(path, { encoding: 'UTF-8',
                                        headers: true,
                                        header_converters: :symbol,
                                        converters: :all })
    mappings[mapping_type] = csv_data.reject { |row| row[:nistid].nil? }.map { |row|
      [row["#{mapping_type.to_s.downcase}id".to_sym].to_s, [row[:nistid], "Rev_#{row[:rev]}"]]
    }.to_h
  end
  mappings
end

#to_hdf ⇒ Object

Returns a report in HDF format

# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 145

def to_hdf
  results = HeimdallDataFormat.new(profile_name: 'SonarQube Scan',
                                   version: @api.query_version,
                                   title: "SonarQube Scan of Project: #{@project_name}",
                                   summary: "SonarQube Scan of Project: #{@project_name}",
                                   controls: @controls.map(&:hdf))
  results.to_hdf
end