Class: HeimdallTools::ZapMapper

Inherits:
Object
  • Object
show all
Defined in:
lib/heimdall_tools/zap_mapper.rb

Instance Method Summary collapse

Constructor Details

#initialize(zap_json, name) ⇒ ZapMapper

Returns a new instance of ZapMapper.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 13

def initialize(zap_json, name)
  @zap_json = zap_json

  begin
    data = JSON.parse(zap_json, symbolize_names: true)

    unless data[:site].map { |x| x[:@name] }.include?(name)
      abort("Specified site name: #{name} is not defined in the JSON provided.")
    end

    site = data[:site].select { |x| x[:@name].eql?(name) }.first

    @cwe_nist_mapping = parse_mapper
    @zap_verison      = data[:@version]
    @timestamp        = data[:@generated]
    @name             = site[:@name]
    @host             = site[:@host]
    @port             = site[:@port]
    @ssl              = site[:@ssl]
    @alerts           = site[:alerts]
  rescue StandardError => e
    raise "Invalid ZAP results JSON file provided Exception: #{e}"
  end
end

Instance Method Details

#checktext(alert) ⇒ Object 



79
80
81
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 79

def checktext(alert)
  [alert[:solution], alert[:otherinfo], alert[:otherinfo]].join("\n")
end

#finding(instance) ⇒ Object 



46
47
48
49
50
51
52
53
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 46

def finding(instance)
  finding = {}
  finding['status'] = 'failed'
  finding['code_desc'] = format_code_desc(instance)
  finding['run_time'] = NA_FLOAT
  finding['start_time'] = @timestamp
  finding
end

#fix_duplicates(controls) ⇒ Object 



91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 91

def fix_duplicates(controls)
  control_ids = controls.map { |x| x['id'] }
  dup_ids = control_ids.select { |x| control_ids.count(x) > 1 }.uniq
  dup_ids.each do |dup_id|
    index = 1
    controls.select { |x| x['id'].eql?(dup_id) }.each do |control|
      control['id'] = "#{control['id']}.#{index}"
      index += 1
    end
  end
end

#format_code_desc(code_desc) ⇒ Object 



55
56
57
58
59
60
61
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 55

def format_code_desc(code_desc)
  desc = ''
  code_desc.each_key do |key|
    desc += "#{key.capitalize}: #{code_desc[key]}\n"
  end
  desc
end

#impact(riskcode) ⇒ Object 



69
70
71
72
73
74
75
76
77
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 69

def impact(riskcode)
  if riskcode.to_i.between?(0, 1)
    0.3
  elsif riskcode.to_i == 2
    0.5
  elsif riskcode.to_i >= 3
    0.7
  end
end

#nist_tag(cweid) ⇒ Object 



63
64
65
66
67
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 63

def nist_tag(cweid)
  entries = @cwe_nist_mapping.select { |x| x[:cweid].to_s.eql?(cweid.to_s) && !x[:nistid].nil? }
  tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
  tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
end

#parse_mapperObject 



83
84
85
86
87
88
89
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 83

def parse_mapper
  csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
                                               headers: true,
                                               header_converters: :symbol,
                                               converters: :all })
  csv_data.map(&:to_hash)
end

#process_instances(instances) ⇒ Object 



38
39
40
41
42
43
44
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 38

def process_instances(instances)
  findings = []
  instances.each do |instance|
    findings << finding(instance)
  end
  findings.uniq
end

#to_hdfObject 



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
# File 'lib/heimdall_tools/zap_mapper.rb', line 103

def to_hdf
  controls = []
  @alerts.each do |alert|
    @item = {}
    @item['id']                 = alert[:pluginid].to_s
    @item['title']              = alert[:name].to_s
    @item['desc']               = Nokogiri::HTML(alert[:desc]).text
    @item['impact']             = impact(alert[:riskcode])
    @item['tags']               = {}
    @item['descriptions']       = NA_ARRAY
    @item['refs']               = NA_ARRAY
    @item['source_location']    = NA_HASH
    @item['tags']['nist']       = nist_tag(alert[:cweid])
    @item['tags']['cweid']      = alert[:cweid].to_s
    @item['tags']['wascid']     = alert[:wascid].to_s
    @item['tags']['sourceid']   = alert[:sourceid].to_s
    @item['tags']['confidence'] = alert[:confidence].to_s
    @item['tags']['riskdesc']   = alert[:riskdesc].to_s
    @item['tags']['check']      = checktext(alert)
    @item['code']               = ''
    @item['results']            = process_instances(alert[:instances])

    controls << @item
  end
  fix_duplicates(controls)

  results = HeimdallDataFormat.new(profile_name: 'OWASP ZAP Scan',
                                   version: @zap_verison,
                                   title: "OWASP ZAP Scan of Host: #{@host}",
                                   summary: "OWASP ZAP Scan of Host: #{@host}",
                                   controls: controls)
  results.to_hdf
end