class HeimdallTools::DBProtectMapper

Public Class Methods

new(xml, _name = nil) click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 15
def initialize(xml, _name = nil)
  dataset = xml_to_hash(xml)
  @entries = compile_findings(dataset['dataset'])
rescue StandardError => e
  raise "Invalid DBProtect XML file provided Exception: #{e};\nNote that XML must be of kind `Check Results Details`."
end

Public Instance Methods

to_hdf() click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 22
def to_hdf
  controls = []
  @entries.each do |entry|
    @item = {}
    @item['id']                 = entry['Check ID']
    @item['title']              = entry['Check']
    @item['desc']               = format_desc(entry)
    @item['impact']             = impact(entry['Risk DV'])
    @item['tags']               = {}
    @item['descriptions']       = []
    @item['refs']               = NA_ARRAY
    @item['source_location']    = NA_HASH
    @item['code']               = ''
    @item['results']            = finding(entry)

    controls << @item
  end
  controls = collapse_duplicates(controls)
  results = HeimdallDataFormat.new(profile_name: @entries.first['Policy'],
                                   version: '',
                                   title: @entries.first['Job Name'],
                                   summary: format_summary(@entries.first),
                                   controls: controls)
  results.to_hdf
end

Private Instance Methods

collapse_duplicates(controls) click to toggle source

DBProtect report could have multiple issue entries for multiple findings of same issue type. The meta data is identical across entries method collapse_duplicates return unique controls with applicable findings collapsed into it.

# File lib/heimdall_tools/dbprotect_mapper.rb, line 102
def collapse_duplicates(controls)
  unique_controls = []

  controls.map { |x| x['id'] }.uniq.each do |id|
    collapsed_results = controls.select { |x| x['id'].eql?(id) }.map { |x| x['results'] }
    unique_control = controls.find { |x| x['id'].eql?(id) }
    unique_control['results'] = collapsed_results.flatten
    unique_controls << unique_control
  end
  unique_controls
end
compile_findings(dataset) click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 50
def compile_findings(dataset)
  keys = dataset['metadata']['item'].map { |e| e['name'] }
  dataset['data']['row'].map { |e| keys.zip(e['value']).to_h }
end
finding(entry) click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 72
def finding(entry)
  finding = {}

  finding['code_desc'] = entry['Details']
  finding['run_time'] = 0.0
  finding['start_time'] = entry['Date']

  case entry['Result Status']
  when 'Fact'
    finding['status'] = 'skipped'
  when 'Failed'
    finding['status'] = 'failed'
    finding['backtrace'] = ['DB Protect Failed Check']
  when 'Finding'
    finding['status'] = 'failed'
  when 'Not A Finding'
    finding['status'] = 'passed'
  else
    finding['status'] = 'skipped'
  end
  [finding]
end
format_desc(entry) click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 55
def format_desc(entry)
  text = []
  text << "Task : #{entry['Task']}"
  text << "Check Category : #{entry['Check Category']}"
  text.join('; ')
end
format_summary(entry) click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 62
def format_summary(entry)
  text = []
  text << "Organization : #{entry['Organization']}"
  text << "Asset : #{entry['Check Asset']}"
  text << "Asset Type : #{entry['Asset Type']}"
  text << "IP Address, Port, Instance : #{entry['Asset Type']}"
  text << "IP Address, Port, Instance : #{entry['IP Address, Port, Instance']}"
  text.join("\n")
end
impact(severity) click to toggle source
# File lib/heimdall_tools/dbprotect_mapper.rb, line 95
def impact(severity)
  IMPACT_MAPPING[severity.to_sym]
end