-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #469 from mitre/prisma2hdf
Added prisma2hdf command
- Loading branch information
Showing
20 changed files
with
3,423 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import {Command, Flags} from '@oclif/core' | ||
import fs from 'fs' | ||
import {PrismaMapper as Mapper} from '@mitre/hdf-converters' | ||
import path from 'path' | ||
import _ from 'lodash' | ||
|
||
export default class Prisma2HDF extends Command { | ||
static usage = 'convert prisma2hdf -i, --input=CSV -o, --output=OUTPUT' | ||
|
||
static description = 'Translate a Prisma Cloud Scan Report CSV file into Heimdall Data Format JSON files' | ||
|
||
static examples = ['saf convert prisma2hdf -i prismacloud-report.csv -o output-hdf-name.json'] | ||
|
||
static flags = { | ||
help: Flags.help({char: 'h'}), | ||
input: Flags.string({char: 'i', required: true}), | ||
output: Flags.string({char: 'o', required: true}), | ||
} | ||
|
||
async run() { | ||
const {flags} = await this.parse(Prisma2HDF) | ||
|
||
const converter = new Mapper( | ||
fs.readFileSync(flags.input, {encoding: 'utf8'}), | ||
) | ||
const results = converter.toHdf() | ||
|
||
fs.mkdirSync(flags.output) | ||
_.forOwn(results, result => { | ||
fs.writeFileSync( | ||
path.join(flags.output, `${_.get(result, 'platform.target_id')}.json`), | ||
JSON.stringify(result), | ||
) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
import {expect, test} from '@oclif/test' | ||
import * as tmp from 'tmp' | ||
import path from 'path' | ||
import fs from 'fs' | ||
import {omitHDFChangingFields} from '../utils' | ||
|
||
describe('Test prisma', () => { | ||
const tmpobj = tmp.dirSync({unsafeCleanup: true}) | ||
|
||
test | ||
.stdout() | ||
.command(['convert prisma2hdf', '-i', path.resolve('./test/sample_data/prisma/sample_input_report/prismacloud_sample.csv'), '-o', `${tmpobj.name}/prismatest`]) | ||
.it('hdf-converter output test', () => { | ||
const test1 = JSON.parse(fs.readFileSync(`${tmpobj.name}/prismatest/localhost.json`, 'utf8')) | ||
const test2 = JSON.parse(fs.readFileSync(`${tmpobj.name}/prismatest/my-fake-host-1.somewhere.cloud.json`, 'utf8')) | ||
const test3 = JSON.parse(fs.readFileSync(`${tmpobj.name}/prismatest/my-fake-host-2.somewhere.cloud.json`, 'utf8')) | ||
|
||
const sample1 = JSON.parse(fs.readFileSync(path.resolve('test/sample_data/prisma/localhost.json'), 'utf8')) | ||
const sample2 = JSON.parse(fs.readFileSync(path.resolve('test/sample_data/prisma/my-fake-host-1.somewhere.cloud.json'), 'utf8')) | ||
const sample3 = JSON.parse(fs.readFileSync(path.resolve('test/sample_data/prisma/my-fake-host-2.somewhere.cloud.json'), 'utf8')) | ||
|
||
expect(omitHDFChangingFields(test1)).to.eql(omitHDFChangingFields(sample1)) | ||
expect(omitHDFChangingFields(test2)).to.eql(omitHDFChangingFields(sample2)) | ||
expect(omitHDFChangingFields(test3)).to.eql(omitHDFChangingFields(sample3)) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -487,4 +487,4 @@ | |
"sha256": "51aced4880a3fca3fcadaba501d782f9aeb572e114b5361d9c5cf2f990e41427" | ||
} | ||
] | ||
} | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
241 changes: 241 additions & 0 deletions
241
test/sample_data/prisma/my-fake-host-1.somewhere.cloud.json
Large diffs are not rendered by default.
Oops, something went wrong.
211 changes: 211 additions & 0 deletions
211
test/sample_data/prisma/my-fake-host-10.somewhere.cloud.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,211 @@ | ||
{ | ||
"platform": { | ||
"name": "Heimdall Tools", | ||
"release": "2.6.16", | ||
"target_id": "my-fake-host-10.somewhere.cloud" | ||
}, | ||
"version": "2.6.16", | ||
"statistics": { | ||
"duration": null | ||
}, | ||
"profiles": [ | ||
{ | ||
"name": "Palo Alto Prisma Cloud Tool", | ||
"version": "", | ||
"title": "Prisma Cloud Scan Report", | ||
"maintainer": null, | ||
"summary": "", | ||
"license": null, | ||
"copyright": null, | ||
"copyright_email": null, | ||
"supports": [], | ||
"attributes": [], | ||
"depends": [], | ||
"groups": [], | ||
"status": "loaded", | ||
"controls": [ | ||
{ | ||
"desc": "(CIS_Linux_2.0.0 - 1.4.1) Ensure permissions on bootloader config are configured", | ||
"tags": { | ||
"nist": [ | ||
"SA-11", | ||
"RA-5" | ||
], | ||
"cve": "", | ||
"cvss": "" | ||
}, | ||
"descriptions": [], | ||
"refs": [ | ||
{ | ||
"url": "" | ||
} | ||
], | ||
"source_location": "my-fake-host-10.somewhere.cloud", | ||
"id": "6141-redhat-RHEL7-high", | ||
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-linux", | ||
"impact": 0.7, | ||
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"\",\n \"Compliance ID\": \"6141\",\n \"Type\": \"linux\",\n \"Severity\": \"high\",\n \"Packages\": \"\",\n \"Source Package\": \"\",\n \"Package Version\": \"\",\n \"Package License\": \"\",\n \"CVSS\": \"0.00\",\n \"Fix Status\": \"\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"(CIS_Linux_2.0.0 - 1.4.1) Ensure permissions on bootloader config are configured\",\n \"Cause\": \"File permissions not configured properly, expected: 600, actual: 644. Full path: /boot/grub2/grub.cfg\",\n \"Published\": \"\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"\"\n}", | ||
"results": [ | ||
{ | ||
"status": "failed", | ||
"code_desc": "Configuration check for redhat-RHEL7\n\n(CIS_Linux_2.0.0 - 1.4.1) Ensure permissions on bootloader config are configured", | ||
"message": "Cause: File permissions not configured properly, expected: 600, actual: 644. Full path: /boot/grub2/grub.cfg", | ||
"start_time": "" | ||
} | ||
] | ||
}, | ||
{ | ||
"desc": "(CIS_Linux_2.0.0 - 1.4.3) Ensure authentication required for single user mode", | ||
"tags": { | ||
"nist": [ | ||
"SA-11", | ||
"RA-5" | ||
], | ||
"cve": "", | ||
"cvss": "" | ||
}, | ||
"descriptions": [], | ||
"refs": [ | ||
{ | ||
"url": "" | ||
} | ||
], | ||
"source_location": "my-fake-host-10.somewhere.cloud", | ||
"id": "6143-redhat-RHEL7-critical", | ||
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-linux", | ||
"impact": 1, | ||
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"\",\n \"Compliance ID\": \"6143\",\n \"Type\": \"linux\",\n \"Severity\": \"critical\",\n \"Packages\": \"\",\n \"Source Package\": \"\",\n \"Package Version\": \"\",\n \"Package License\": \"\",\n \"CVSS\": \"0.00\",\n \"Fix Status\": \"\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"(CIS_Linux_2.0.0 - 1.4.3) Ensure authentication required for single user mode\",\n \"Cause\": \"Password should be set for user \\\"root\\\". File: /etc/shadow\",\n \"Published\": \"\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"\"\n}", | ||
"results": [ | ||
{ | ||
"status": "failed", | ||
"code_desc": "Configuration check for redhat-RHEL7\n\n(CIS_Linux_2.0.0 - 1.4.3) Ensure authentication required for single user mode", | ||
"message": "Cause: Password should be set for user \"root\". File: /etc/shadow", | ||
"start_time": "" | ||
} | ||
] | ||
}, | ||
{ | ||
"desc": "JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \\\"--output-format jp2\\\" is used.", | ||
"tags": { | ||
"nist": [ | ||
"SI-2", | ||
"RA-5" | ||
], | ||
"cve": "CVE-2018-20622", | ||
"cvss": "" | ||
}, | ||
"descriptions": [], | ||
"refs": [ | ||
{ | ||
"url": "http://somewhere.cloud/security/cve/CVE-2018-20622" | ||
} | ||
], | ||
"source_location": "my-fake-host-10.somewhere.cloud", | ||
"id": "46-CVE-2018-20622", | ||
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image", | ||
"impact": 0.3, | ||
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2018-20622\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"low\",\n \"Packages\": \"jasper-libs\",\n \"Source Package\": \"\",\n \"Package Version\": \"1.900.1-33.el7\",\n \"Package License\": \"JasPer\",\n \"CVSS\": \"3.30\",\n \"Fix Status\": \"will not fix\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \\\\\\\"--output-format jp2\\\\\\\" is used.\",\n \"Cause\": \"\",\n \"Published\": \"2018-12-31 00:00:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/security/cve/CVE-2018-20622\"\n}", | ||
"results": [ | ||
{ | ||
"status": "failed", | ||
"code_desc": "Version check of package: jasper-libs\n\nJasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \\\"--output-format jp2\\\" is used.", | ||
"message": "Fix Status: will not fix", | ||
"start_time": "2018-12-31 00:00:00.000" | ||
} | ||
] | ||
}, | ||
{ | ||
"desc": "DOCUMENTATION: A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.", | ||
"tags": { | ||
"nist": [ | ||
"SI-2", | ||
"RA-5" | ||
], | ||
"cve": "CVE-2021-3467", | ||
"cvss": "" | ||
}, | ||
"descriptions": [], | ||
"refs": [ | ||
{ | ||
"url": "http://somewhere.cloud/security/cve/CVE-2021-3467" | ||
} | ||
], | ||
"source_location": "my-fake-host-10.somewhere.cloud", | ||
"id": "46-CVE-2021-3467", | ||
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image", | ||
"impact": 0.5, | ||
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2021-3467\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"moderate\",\n \"Packages\": \"jasper-libs\",\n \"Source Package\": \"\",\n \"Package Version\": \"1.900.1-33.el7\",\n \"Package License\": \"JasPer\",\n \"CVSS\": \"5.50\",\n \"Fix Status\": \"will not fix\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"DOCUMENTATION: A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.\",\n \"Cause\": \"\",\n \"Published\": \"2021-03-02 00:00:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/security/cve/CVE-2021-3467\"\n}", | ||
"results": [ | ||
{ | ||
"status": "failed", | ||
"code_desc": "Version check of package: jasper-libs\n\nDOCUMENTATION: A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.", | ||
"message": "Fix Status: will not fix", | ||
"start_time": "2021-03-02 00:00:00.000" | ||
} | ||
] | ||
}, | ||
{ | ||
"desc": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.", | ||
"tags": { | ||
"nist": [ | ||
"SI-2", | ||
"RA-5" | ||
], | ||
"cve": "CVE-2017-15118", | ||
"cvss": "" | ||
}, | ||
"descriptions": [], | ||
"refs": [ | ||
{ | ||
"url": "http://somewhere.cloud/security/cve/CVE-2017-15118" | ||
} | ||
], | ||
"source_location": "my-fake-host-10.somewhere.cloud", | ||
"id": "46-CVE-2017-15118", | ||
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image", | ||
"impact": 0.9, | ||
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2017-15118\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"important\",\n \"Packages\": \"qemu-guest-agent\",\n \"Source Package\": \"\",\n \"Package Version\": \"2.12.0-3.el7\",\n \"Package License\": \"GPLv2\",\n \"CVSS\": \"8.30\",\n \"Fix Status\": \"affected\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.\",\n \"Cause\": \"\",\n \"Published\": \"2018-07-27 21:29:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/security/cve/CVE-2017-15118\"\n}", | ||
"results": [ | ||
{ | ||
"status": "failed", | ||
"code_desc": "Version check of package: qemu-guest-agent\n\nA stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.", | ||
"message": "Fix Status: affected", | ||
"start_time": "2018-07-27 21:29:00.000" | ||
} | ||
] | ||
}, | ||
{ | ||
"desc": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix username map script regression introduced with CVE-2020-25717 (BZ#2046173)", | ||
"tags": { | ||
"nist": [ | ||
"SI-2", | ||
"RA-5" | ||
], | ||
"cve": "CVE-2021-44142", | ||
"cvss": "" | ||
}, | ||
"descriptions": [], | ||
"refs": [ | ||
{ | ||
"url": "http://somewhere.cloud/errata/RHSA-2022:0328" | ||
} | ||
], | ||
"source_location": "my-fake-host-10.somewhere.cloud", | ||
"id": "46-CVE-2021-44142", | ||
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image", | ||
"impact": 1, | ||
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2021-44142\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"critical\",\n \"Packages\": \"samba-common-libs\",\n \"Source Package\": \"\",\n \"Package Version\": \"4.10.16-17.el7_9\",\n \"Package License\": \"GPLv3+ and LGPLv3+\",\n \"CVSS\": \"9.90\",\n \"Fix Status\": \"fixed in 4.10.16-18.el7_9\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix username map script regression introduced with CVE-2020-25717 (BZ#2046173)\",\n \"Cause\": \"\",\n \"Published\": \"2022-01-31 00:00:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/errata/RHSA-2022:0328\"\n}", | ||
"results": [ | ||
{ | ||
"status": "failed", | ||
"code_desc": "Version check of package: samba-common-libs\n\nSamba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix username map script regression introduced with CVE-2020-25717 (BZ#2046173)", | ||
"message": "Fix Status: fixed in 4.10.16-18.el7_9", | ||
"start_time": "2022-01-31 00:00:00.000" | ||
} | ||
] | ||
} | ||
], | ||
"sha256": "240695d8cf83c388d6dee3d9ff7923762315a8064eb7e9ae08cedfadf88bc274" | ||
} | ||
] | ||
} |
Oops, something went wrong.