class HeimdallTools::BurpSuiteMapper

Public Class Methods

new(burps_xml, _name = nil) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 23
def initialize(burps_xml, _name = nil)
  @burps_xml = burps_xml

  begin
    @cwe_nist_mapping = parse_mapper
    data = xml_to_hash(burps_xml)

    @issues = data['issues']['issue']
    @burpVersion = data['issues']['burpVersion']
    @timestamp = data['issues']['exportTime']
  rescue StandardError => e
    raise "Invalid Burpsuite XML file provided Exception: #{e}"
  end
end

Public Instance Methods

collapse_duplicates(controls) click to toggle source

Burpsuite report could have multiple issue entries for multiple findings of same issue type. The meta data is identical across entries method collapse_duplicates return unique controls with applicable findings collapsed into it.

# File lib/heimdall_tools/burpsuite_mapper.rb, line 90
def collapse_duplicates(controls)
  unique_controls = []

  controls.map { |x| x['id'] }.uniq.each do |id|
    collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
    unique_control = controls.find { |x| x['id'].eql?(id) }
    unique_control['results'] = collapsed_results.flatten
    unique_controls << unique_control
  end
  unique_controls
end
desc_tags(data, label) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 83
def desc_tags(data, label)
  { data: data || NA_STRING, label: label || NA_STRING }
end
finding(issue) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 42
def finding(issue)
  finding = {}
  finding['status'] = 'failed'
  finding['code_desc'] = format_code_desc(issue)
  finding['run_time'] = NA_FLOAT
  finding['start_time'] = @timestamp
  [finding]
end
format_code_desc(issue) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 51
def format_code_desc(issue)
  desc = ''
  desc += "Host: ip: #{issue['host']['ip']}, url: #{issue['host']['text']}\n"
  desc += "Location: #{parse_html(issue['location'])}\n"
  desc += "issueDetail: #{parse_html(issue['issueDetail'])}\n" unless issue['issueDetail'].nil?
  desc += "confidence: #{issue['confidence']}\n" unless issue['confidence'].nil?
  desc
end
impact(severity) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 71
def impact(severity)
  IMPACT_MAPPING[severity.to_sym]
end
nist_tag(cweid) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 60
def nist_tag(cweid)
  entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? }
  tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
  tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
end
parse_cwe(text) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 66
def parse_cwe(text)
  reg = Regexp.new(CWE_REGEX, Regexp::IGNORECASE)
  text.scan(reg).map(&:first)
end
parse_html(block) click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 38
def parse_html(block)
  Nokogiri::HTML(block['#cdata-section']).text.to_s.strip unless block.nil?
end
parse_mapper() click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 75
def parse_mapper
  csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8',
                                               headers: true,
                                               header_converters: :symbol,
                                               converters: :all })
  csv_data.map(&:to_hash)
end
to_hdf() click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 102
def to_hdf
  controls = []
  @issues.each do |issue|
    @item = {}
    @item['id']                 = issue['type'].to_s
    @item['title']              = parse_html(issue['name'])
    @item['desc']               = parse_html(issue['issueBackground'])
    @item['impact']             = impact(issue['severity'])
    @item['tags']               = {}
    @item['descriptions']       = []
    @item['descriptions']       <<  desc_tags(parse_html(issue['issueBackground']), 'check')
    @item['descriptions']       <<  desc_tags(parse_html(issue['remediationBackground']), 'fix')
    @item['refs']               = NA_ARRAY
    @item['source_location']    = NA_HASH
    @item['tags']['nist']       = nist_tag(parse_cwe(parse_html(issue['vulnerabilityClassifications'])))
    @item['tags']['cweid']      = parse_html(issue['vulnerabilityClassifications'])
    @item['tags']['confidence'] = issue['confidence'].to_s
    @item['code']               = ''
    @item['results']            = finding(issue)

    controls << @item
  end
  controls = collapse_duplicates(controls)
  results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan',
                                   version: @burpVersion,
                                   title: 'BurpSuite Pro Scan',
                                   summary: 'BurpSuite Pro Scan',
                                   controls: controls)
  results.to_hdf
end