From 6cd097e7b96c785059294c7f2bc7779ccfaecfd3 Mon Sep 17 00:00:00 2001 From: John Date: Wed, 10 Jun 2020 17:51:07 -0400 Subject: [PATCH 1/2] updated unmarked nist tags on sonarqube fortify and zap mapper --- lib/heimdall_tools/fortify_mapper.rb | 3 ++- lib/heimdall_tools/sonarqube_mapper.rb | 4 +++- lib/heimdall_tools/zap_mapper.rb | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/heimdall_tools/fortify_mapper.rb b/lib/heimdall_tools/fortify_mapper.rb index 1589c83..a36202f 100644 --- a/lib/heimdall_tools/fortify_mapper.rb +++ b/lib/heimdall_tools/fortify_mapper.rb @@ -3,6 +3,7 @@ require 'utilities/xml_to_hash' NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze +DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze module HeimdallTools class FortifyMapper @@ -68,7 +69,7 @@ def nist_tag(rule) references = rule['References']['Reference'] references = [references] unless references.is_a?(Array) tag = references.detect { |x| x['Author'].eql?(NIST_REFERENCE_NAME) } - tag.nil? ? 'unmapped' : tag['Title'].match(/[a-zA-Z][a-zA-Z]-\d{1,2}/) + tag.nil? ? DEFAULT_NIST_TAG : tag['Title'].match(/[a-zA-Z][a-zA-Z]-\d{1,2}/) end def impact(classid) diff --git a/lib/heimdall_tools/sonarqube_mapper.rb b/lib/heimdall_tools/sonarqube_mapper.rb index 6fe0c8a..bb5c355 100644 --- a/lib/heimdall_tools/sonarqube_mapper.rb +++ b/lib/heimdall_tools/sonarqube_mapper.rb @@ -5,6 +5,8 @@ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data') +DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze + MAPPING_FILES = { cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'), owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv') @@ -237,7 +239,7 @@ def get_nist_tags return [@mappings[tag_type][parsed_tag]].flatten.uniq end - ['unmapped'] # HDF expects this to be a list, but not an empty list even if there aren't results + DEFAULT_NIST_TAG # Entries with unmapped NIST tags are defaulted to NIST tags ‘SA-11, RA-5 Rev_4’ end def hdf diff --git a/lib/heimdall_tools/zap_mapper.rb b/lib/heimdall_tools/zap_mapper.rb index 7438b74..c608547 100644 --- a/lib/heimdall_tools/zap_mapper.rb +++ b/lib/heimdall_tools/zap_mapper.rb @@ -7,6 +7,7 @@ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data') CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv') +DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze # rubocop:disable Metrics/AbcSize @@ -66,7 +67,7 @@ def format_code_desc(code_desc) def nist_tag(cweid) entries = @cwe_nist_mapping.select { |x| x[:cweid].to_s.eql?(cweid.to_s) } tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] } - tags.empty? ? ['unmapped'] : tags.flatten.uniq + tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq end def impact(riskcode) From a12435bf06edfc483dcecb20449396636bfc5cf1 Mon Sep 17 00:00:00 2001 From: John Date: Tue, 7 Jul 2020 14:01:13 -0400 Subject: [PATCH 2/2] reset and cherry-picked commit --- lib/heimdall_tools/fortify_mapper.rb | 2 +- lib/heimdall_tools/sonarqube_mapper.rb | 2 +- lib/heimdall_tools/zap_mapper.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/heimdall_tools/fortify_mapper.rb b/lib/heimdall_tools/fortify_mapper.rb index a36202f..adb0e9a 100644 --- a/lib/heimdall_tools/fortify_mapper.rb +++ b/lib/heimdall_tools/fortify_mapper.rb @@ -3,7 +3,7 @@ require 'utilities/xml_to_hash' NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze -DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze +DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze module HeimdallTools class FortifyMapper diff --git a/lib/heimdall_tools/sonarqube_mapper.rb b/lib/heimdall_tools/sonarqube_mapper.rb index bb5c355..473a22b 100644 --- a/lib/heimdall_tools/sonarqube_mapper.rb +++ b/lib/heimdall_tools/sonarqube_mapper.rb @@ -5,7 +5,7 @@ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data') -DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze +DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze MAPPING_FILES = { cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'), diff --git a/lib/heimdall_tools/zap_mapper.rb b/lib/heimdall_tools/zap_mapper.rb index c608547..fee4c62 100644 --- a/lib/heimdall_tools/zap_mapper.rb +++ b/lib/heimdall_tools/zap_mapper.rb @@ -7,7 +7,7 @@ RESOURCE_DIR = Pathname.new(__FILE__).join('../../data') CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv') -DEFAULT_NIST_TAG = ["SA-11", "RA-5", "Rev_4"].freeze +DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze # rubocop:disable Metrics/AbcSize