Top Level Namespace

Defined Under Namespace

Modules: HeimdallTools Classes: Control, Finding, SonarQubeApi, Thor

Constant Summary collapse

NA_STRING = 
''.freeze
NA_TAG = 
nil
NA_ARRAY = 
[].freeze
NA_HASH = 
{}.freeze
NA_FLOAT = 
0.0
PLATFORM_NAME = 
'Heimdall Tools'.freeze
RESOURCE_DIR = 
Pathname.new(__FILE__).join('../../data')
CWE_NIST_MAPPING_FILE = 
File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
DEFAULT_NIST_TAG = 
%w{SA-11 RA-5}.freeze
IMPACT_MAPPING = 
{
  danger: 0.7,
  warning: 0.5
}.freeze
SNYK_VERSION_REGEX = 
'v(\d+.)(\d+.)(\d+)'.freeze
NIKTO_NIST_MAPPING_FILE = 
File.join(RESOURCE_DIR, 'nikto-nist-mapping.csv')
NESSUS_PLUGINS_NIST_MAPPING_FILE = 
File.join(RESOURCE_DIR, 'nessus-plugins-nist-mapping.csv')
U_CCI_LIST = 
File.join(RESOURCE_DIR, 'U_CCI_List.xml')
DEFAULT_NIST_REV =

Nessus results file 800-53 refs does not contain Nist rev version. Using this default version in that case

'Rev_4'.freeze
NA_PLUGIN_OUTPUT = 
'This Nessus Plugin does not provide output message.'.freeze
NIST_REFERENCE_NAME = 
'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze
CWE_REGEX = 
'CWE-(\d*):'.freeze
MAPPING_FILES = 
{
  cwe: '../data/cwe-nist-mapping.csv'.freeze,
    owasp: '../data/owasp-nist-mapping.csv'.freeze
}.freeze
AWS_CONFIG_MAPPING_FILE = 
File.join(RESOURCE_DIR, 'aws-config-mapping.csv')
NOT_APPLICABLE_MSG = 
'No AWS resources found to evaluate complaince for this rule'.freeze
INSUFFICIENT_DATA_MSG = 
'Not enough data has been collectd to determine compliance yet.'.freeze
OWASP_NIST_MAPPING_FILE = 
File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
SCOUTSUITE_NIST_MAPPING_FILE = 
File.join(RESOURCE_DIR, 'scoutsuite-nist-mapping.csv')
INSPEC_INPUTS_MAPPING = 
{
  string: 'String',
  numeric: 'Numeric',
  regexp: 'Regexp',
  array: 'Array',
  hash: 'Hash',
  boolean: 'Boolean',
  any: 'Any'
}.freeze

Instance Method Summary collapse

Instance Method Details

#check_response(response) ⇒ Object 



23
24
25
 
# File 'lib/heimdall_tools/sonarqube_mapper.rb', line 23

def check_response(response)
  raise "API Error: #{response.response}\n#{response.body}" unless response.ok?
end

#xml_node_to_hash(node) ⇒ Object 



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/utilities/xml_to_hash.rb', line 3

def xml_node_to_hash(node)
  # If we are at the root of the document, start the hash
  if node.element?
    result_hash = {}
    if node.attributes != {}
      attributes = {}
      node.attributes.each_key do |key|
        attributes[node.attributes[key].name] = node.attributes[key].value
      end
    end
    if node.children.empty?
      attributes
    else
      node.children.each do |child|
        result = xml_node_to_hash(child)

        if child.name == 'text'
          unless child.next_sibling || child.previous_sibling
            return result unless attributes

            result_hash[child.name] = result
          end
        elsif result_hash[child.name]

          if result_hash[child.name].is_a?(Object::Array)
            result_hash[child.name] << result
          else
            result_hash[child.name] = [result_hash[child.name]] << result
          end
        else
          result_hash[child.name] = result
        end
      end
      if attributes
        # add code to remove non-data attributes e.g. xml schema, namespace here
        # if there is a collision then node content supersets attributes
        result_hash = attributes.merge(result_hash)
      end
      result_hash
    end
  else
    node.content.to_s
  end
end

#xml_to_hash(xml) ⇒ Object 



48
49
50
51
52
53
54
55
 
# File 'lib/utilities/xml_to_hash.rb', line 48

def xml_to_hash(xml)
  begin
    data = Nokogiri::XML(xml, &:strict)
  rescue Nokogiri::XML::SyntaxError => e
    puts "XML Parsing caught exception: #{e}"
  end
  { data.root.name => xml_node_to_hash(data.root) }
end