class Dependagrab::FileWriter

For writing output in to a file in a json format format is aligned to ThreadFix(denimgroup.atlassian.net/wiki/spaces/TDOC/pages/496009270/ThreadFix+File+Format)

Attributes

output_file[RW]

Destination to write file

Public Class Methods

new(output_file) click to toggle source
# File lib/dependagrab/file_writer.rb, line 12
def initialize(output_file)
  @output_file = output_file
end

Public Instance Methods

write!(result) click to toggle source
# File lib/dependagrab/file_writer.rb, line 16
def write!(result)
  scan = scan_meta_data

  result.each do |alert|
    scan[:findings].append(
      parse_threadfix_finding(alert)
    )
  end

  File.open(output_file, "w") do |f|
    f.write(scan.to_json)
  end

  output_file
end

Private Instance Methods

parse_threadfix_finding(alert) click to toggle source

Converts an alert into a ThreadFix finding format

# File lib/dependagrab/file_writer.rb, line 48
def parse_threadfix_finding(alert)
  {
    nativeId: alert[:id],
    severity: alert[:severity].gsub("MODERATE", "MEDIUM"),
    nativeSeverity: alert[:severity].gsub("MODERATE", "MEDIUM"),
    summary: alert[:summary],
    cvsScore: alert[:cvss].to_s,
    description: alert[:description],
    dependencyDetails: {
      library: alert[:package_name],
      description: alert[:description],
      reference: alert[:ghsa_id],
      referenceLink: alert[:permalink],
      version: alert[:vulnerable_version_range],
      issueType: "VULNERABILITY",
    },
  }.tap do |finding|
    # Only add CWE when present
    if alert[:cwe]
      finding[:mappings] = [
        {
          mappingType: "CWE",
          value: alert[:cwe][4..],
        }
      ]
    end

  end
end
scan_meta_data() click to toggle source
# File lib/dependagrab/file_writer.rb, line 35
def scan_meta_data
  {
    id: SecureRandom.uuid,
    created: Time.now.strftime('%Y-%m-%dT%H:%M:%SZ'),
    exported: Time.now.strftime('%Y-%m-%dT%H:%M:%SZ'),
    source: "DependAGrab",
    collectionType: "DEPENDENCY",
    findings: [],
  }
end