class HeimdallTools::BurpSuiteMapper
Public Class Methods
new(burps_xml, _name = nil)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 23 def initialize(burps_xml, _name = nil) @burps_xml = burps_xml begin @cwe_nist_mapping = parse_mapper data = xml_to_hash(burps_xml) @issues = data['issues']['issue'] @burpVersion = data['issues']['burpVersion'] @timestamp = data['issues']['exportTime'] rescue StandardError => e raise "Invalid Burpsuite XML file provided Exception: #{e}" end end
Public Instance Methods
collapse_duplicates(controls)
click to toggle source
Burpsuite report could have multiple issue entries for multiple findings of same issue type. The meta data is identical across entries method collapse_duplicates
return unique controls with applicable findings collapsed into it.
# File lib/heimdall_tools/burpsuite_mapper.rb, line 90 def collapse_duplicates(controls) unique_controls = [] controls.map { |x| x['id'] }.uniq.each do |id| collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] } unique_control = controls.find { |x| x['id'].eql?(id) } unique_control['results'] = collapsed_results.flatten unique_controls << unique_control end unique_controls end
finding(issue)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 42 def finding(issue) finding = {} finding['status'] = 'failed' finding['code_desc'] = format_code_desc(issue) finding['run_time'] = NA_FLOAT finding['start_time'] = @timestamp [finding] end
format_code_desc(issue)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 51 def format_code_desc(issue) desc = '' desc += "Host: ip: #{issue['host']['ip']}, url: #{issue['host']['text']}\n" desc += "Location: #{parse_html(issue['location'])}\n" desc += "issueDetail: #{parse_html(issue['issueDetail'])}\n" unless issue['issueDetail'].nil? desc += "confidence: #{issue['confidence']}\n" unless issue['confidence'].nil? desc end
impact(severity)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 71 def impact(severity) IMPACT_MAPPING[severity.to_sym] end
nist_tag(cweid)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 60 def nist_tag(cweid) entries = @cwe_nist_mapping.select { |x| cweid.include?(x[:cweid].to_s) && !x[:nistid].nil? } tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] } tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq end
parse_cwe(text)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 66 def parse_cwe(text) reg = Regexp.new(CWE_REGEX, Regexp::IGNORECASE) text.scan(reg).map(&:first) end
parse_html(block)
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 38 def parse_html(block) Nokogiri::HTML(block['#cdata-section']).text.to_s.strip unless block.nil? end
parse_mapper()
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 75 def parse_mapper csv_data = CSV.read(CWE_NIST_MAPPING_FILE, { encoding: 'UTF-8', headers: true, header_converters: :symbol, converters: :all }) csv_data.map(&:to_hash) end
to_hdf()
click to toggle source
# File lib/heimdall_tools/burpsuite_mapper.rb, line 102 def to_hdf controls = [] @issues.each do |issue| @item = {} @item['id'] = issue['type'].to_s @item['title'] = parse_html(issue['name']) @item['desc'] = parse_html(issue['issueBackground']) @item['impact'] = impact(issue['severity']) @item['tags'] = {} @item['descriptions'] = [] @item['descriptions'] << desc_tags(parse_html(issue['issueBackground']), 'check') @item['descriptions'] << desc_tags(parse_html(issue['remediationBackground']), 'fix') @item['refs'] = NA_ARRAY @item['source_location'] = NA_HASH @item['tags']['nist'] = nist_tag(parse_cwe(parse_html(issue['vulnerabilityClassifications']))) @item['tags']['cweid'] = parse_html(issue['vulnerabilityClassifications']) @item['tags']['confidence'] = issue['confidence'].to_s @item['code'] = '' @item['results'] = finding(issue) controls << @item end controls = collapse_duplicates(controls) results = HeimdallDataFormat.new(profile_name: 'BurpSuite Pro Scan', version: @burpVersion, title: 'BurpSuite Pro Scan', summary: 'BurpSuite Pro Scan', controls: controls) results.to_hdf end