Skip to content

Commit

Permalink
Merge pull request #469 from mitre/prisma2hdf
Browse files Browse the repository at this point in the history 
Added prisma2hdf command
  • Loading branch information
@Rlin232
Rlin232 authored Jun 22, 2022
2 parents 1033fd8 + e584bdc commit 4807873
Show file tree
Hide file tree
Showing 20 changed files with 3,423 additions and 1 deletion.
36 changes: 36 additions & 0 deletions src/commands/convert/prisma2hdf.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
import {Command, Flags} from '@oclif/core'
import fs from 'fs'
import {PrismaMapper as Mapper} from '@mitre/hdf-converters'
import path from 'path'
import _ from 'lodash'

export default class Prisma2HDF extends Command {
static usage = 'convert prisma2hdf -i, --input=CSV -o, --output=OUTPUT'

static description = 'Translate a Prisma Cloud Scan Report CSV file into Heimdall Data Format JSON files'

static examples = ['saf convert prisma2hdf -i prismacloud-report.csv -o output-hdf-name.json']

static flags = {
help: Flags.help({char: 'h'}),
input: Flags.string({char: 'i', required: true}),
output: Flags.string({char: 'o', required: true}),
}

async run() {
const {flags} = await this.parse(Prisma2HDF)

const converter = new Mapper(
fs.readFileSync(flags.input, {encoding: 'utf8'}),
)
const results = converter.toHdf()

fs.mkdirSync(flags.output)
_.forOwn(results, result => {
fs.writeFileSync(
path.join(flags.output, `${_.get(result, 'platform.target_id')}.json`),
JSON.stringify(result),
)
})
}
}
26 changes: 26 additions & 0 deletions test/commands/convert/prisma2hdf.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import {expect, test} from '@oclif/test'
import * as tmp from 'tmp'
import path from 'path'
import fs from 'fs'
import {omitHDFChangingFields} from '../utils'

describe('Test prisma', () => {
const tmpobj = tmp.dirSync({unsafeCleanup: true})

test
.stdout()
.command(['convert prisma2hdf', '-i', path.resolve('./test/sample_data/prisma/sample_input_report/prismacloud_sample.csv'), '-o', `${tmpobj.name}/prismatest`])
.it('hdf-converter output test', () => {
const test1 = JSON.parse(fs.readFileSync(`${tmpobj.name}/prismatest/localhost.json`, 'utf8'))
const test2 = JSON.parse(fs.readFileSync(`${tmpobj.name}/prismatest/my-fake-host-1.somewhere.cloud.json`, 'utf8'))
const test3 = JSON.parse(fs.readFileSync(`${tmpobj.name}/prismatest/my-fake-host-2.somewhere.cloud.json`, 'utf8'))

const sample1 = JSON.parse(fs.readFileSync(path.resolve('test/sample_data/prisma/localhost.json'), 'utf8'))
const sample2 = JSON.parse(fs.readFileSync(path.resolve('test/sample_data/prisma/my-fake-host-1.somewhere.cloud.json'), 'utf8'))
const sample3 = JSON.parse(fs.readFileSync(path.resolve('test/sample_data/prisma/my-fake-host-2.somewhere.cloud.json'), 'utf8'))

expect(omitHDFChangingFields(test1)).to.eql(omitHDFChangingFields(sample1))
expect(omitHDFChangingFields(test2)).to.eql(omitHDFChangingFields(sample2))
expect(omitHDFChangingFields(test3)).to.eql(omitHDFChangingFields(sample3))
})
})
2 changes: 1 addition & 1 deletion test/sample_data/jfrog_xray/jfrog-hdf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,4 +487,4 @@
"sha256": "51aced4880a3fca3fcadaba501d782f9aeb572e114b5361d9c5cf2f990e41427"
}
]
}
}
312 changes: 312 additions & 0 deletions test/sample_data/prisma/localhost.json
View file

Large diffs are not rendered by default.

241 changes: 241 additions & 0 deletions test/sample_data/prisma/my-fake-host-1.somewhere.cloud.json
View file

Large diffs are not rendered by default.

211 changes: 211 additions & 0 deletions test/sample_data/prisma/my-fake-host-10.somewhere.cloud.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,211 @@
{
"platform": {
"name": "Heimdall Tools",
"release": "2.6.16",
"target_id": "my-fake-host-10.somewhere.cloud"
},
"version": "2.6.16",
"statistics": {
"duration": null
},
"profiles": [
{
"name": "Palo Alto Prisma Cloud Tool",
"version": "",
"title": "Prisma Cloud Scan Report",
"maintainer": null,
"summary": "",
"license": null,
"copyright": null,
"copyright_email": null,
"supports": [],
"attributes": [],
"depends": [],
"groups": [],
"status": "loaded",
"controls": [
{
"desc": "(CIS_Linux_2.0.0 - 1.4.1) Ensure permissions on bootloader config are configured",
"tags": {
"nist": [
"SA-11",
"RA-5"
],
"cve": "",
"cvss": ""
},
"descriptions": [],
"refs": [
{
"url": ""
}
],
"source_location": "my-fake-host-10.somewhere.cloud",
"id": "6141-redhat-RHEL7-high",
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-linux",
"impact": 0.7,
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"\",\n \"Compliance ID\": \"6141\",\n \"Type\": \"linux\",\n \"Severity\": \"high\",\n \"Packages\": \"\",\n \"Source Package\": \"\",\n \"Package Version\": \"\",\n \"Package License\": \"\",\n \"CVSS\": \"0.00\",\n \"Fix Status\": \"\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"(CIS_Linux_2.0.0 - 1.4.1) Ensure permissions on bootloader config are configured\",\n \"Cause\": \"File permissions not configured properly, expected: 600, actual: 644. Full path: /boot/grub2/grub.cfg\",\n \"Published\": \"\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Configuration check for redhat-RHEL7\n\n(CIS_Linux_2.0.0 - 1.4.1) Ensure permissions on bootloader config are configured",
"message": "Cause: File permissions not configured properly, expected: 600, actual: 644. Full path: /boot/grub2/grub.cfg",
"start_time": ""
}
]
},
{
"desc": "(CIS_Linux_2.0.0 - 1.4.3) Ensure authentication required for single user mode",
"tags": {
"nist": [
"SA-11",
"RA-5"
],
"cve": "",
"cvss": ""
},
"descriptions": [],
"refs": [
{
"url": ""
}
],
"source_location": "my-fake-host-10.somewhere.cloud",
"id": "6143-redhat-RHEL7-critical",
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-linux",
"impact": 1,
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"\",\n \"Compliance ID\": \"6143\",\n \"Type\": \"linux\",\n \"Severity\": \"critical\",\n \"Packages\": \"\",\n \"Source Package\": \"\",\n \"Package Version\": \"\",\n \"Package License\": \"\",\n \"CVSS\": \"0.00\",\n \"Fix Status\": \"\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"(CIS_Linux_2.0.0 - 1.4.3) Ensure authentication required for single user mode\",\n \"Cause\": \"Password should be set for user \\\"root\\\". File: /etc/shadow\",\n \"Published\": \"\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Configuration check for redhat-RHEL7\n\n(CIS_Linux_2.0.0 - 1.4.3) Ensure authentication required for single user mode",
"message": "Cause: Password should be set for user \"root\". File: /etc/shadow",
"start_time": ""
}
]
},
{
"desc": "JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \\\"--output-format jp2\\\" is used.",
"tags": {
"nist": [
"SI-2",
"RA-5"
],
"cve": "CVE-2018-20622",
"cvss": ""
},
"descriptions": [],
"refs": [
{
"url": "http://somewhere.cloud/security/cve/CVE-2018-20622"
}
],
"source_location": "my-fake-host-10.somewhere.cloud",
"id": "46-CVE-2018-20622",
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image",
"impact": 0.3,
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2018-20622\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"low\",\n \"Packages\": \"jasper-libs\",\n \"Source Package\": \"\",\n \"Package Version\": \"1.900.1-33.el7\",\n \"Package License\": \"JasPer\",\n \"CVSS\": \"3.30\",\n \"Fix Status\": \"will not fix\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \\\\\\\"--output-format jp2\\\\\\\" is used.\",\n \"Cause\": \"\",\n \"Published\": \"2018-12-31 00:00:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/security/cve/CVE-2018-20622\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Version check of package: jasper-libs\n\nJasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \\\"--output-format jp2\\\" is used.",
"message": "Fix Status: will not fix",
"start_time": "2018-12-31 00:00:00.000"
}
]
},
{
"desc": "DOCUMENTATION: A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.",
"tags": {
"nist": [
"SI-2",
"RA-5"
],
"cve": "CVE-2021-3467",
"cvss": ""
},
"descriptions": [],
"refs": [
{
"url": "http://somewhere.cloud/security/cve/CVE-2021-3467"
}
],
"source_location": "my-fake-host-10.somewhere.cloud",
"id": "46-CVE-2021-3467",
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image",
"impact": 0.5,
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2021-3467\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"moderate\",\n \"Packages\": \"jasper-libs\",\n \"Source Package\": \"\",\n \"Package Version\": \"1.900.1-33.el7\",\n \"Package License\": \"JasPer\",\n \"CVSS\": \"5.50\",\n \"Fix Status\": \"will not fix\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"DOCUMENTATION: A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.\",\n \"Cause\": \"\",\n \"Published\": \"2021-03-02 00:00:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/security/cve/CVE-2021-3467\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Version check of package: jasper-libs\n\nDOCUMENTATION: A NULL pointer dereference flaw was found in Jasper in the way it handled component references in the CDEF box in the JP2 image format decoder. This flaw allows a specially crafted JP2 image file to cause an application using the Jasper library to crash when opened. The highest threat from this vulnerability is system availability.",
"message": "Fix Status: will not fix",
"start_time": "2021-03-02 00:00:00.000"
}
]
},
{
"desc": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.",
"tags": {
"nist": [
"SI-2",
"RA-5"
],
"cve": "CVE-2017-15118",
"cvss": ""
},
"descriptions": [],
"refs": [
{
"url": "http://somewhere.cloud/security/cve/CVE-2017-15118"
}
],
"source_location": "my-fake-host-10.somewhere.cloud",
"id": "46-CVE-2017-15118",
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image",
"impact": 0.9,
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2017-15118\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"important\",\n \"Packages\": \"qemu-guest-agent\",\n \"Source Package\": \"\",\n \"Package Version\": \"2.12.0-3.el7\",\n \"Package License\": \"GPLv2\",\n \"CVSS\": \"8.30\",\n \"Fix Status\": \"affected\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.\",\n \"Cause\": \"\",\n \"Published\": \"2018-07-27 21:29:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/security/cve/CVE-2017-15118\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Version check of package: qemu-guest-agent\n\nA stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.",
"message": "Fix Status: affected",
"start_time": "2018-07-27 21:29:00.000"
}
]
},
{
"desc": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix username map script regression introduced with CVE-2020-25717 (BZ#2046173)",
"tags": {
"nist": [
"SI-2",
"RA-5"
],
"cve": "CVE-2021-44142",
"cvss": ""
},
"descriptions": [],
"refs": [
{
"url": "http://somewhere.cloud/errata/RHSA-2022:0328"
}
],
"source_location": "my-fake-host-10.somewhere.cloud",
"id": "46-CVE-2021-44142",
"title": "my-fake-host-10.somewhere.cloud-redhat-RHEL7-image",
"impact": 1,
"code": "{\n \"Hostname\": \"my-fake-host-10.somewhere.cloud\",\n \"Distro\": \"redhat-RHEL7\",\n \"CVE ID\": \"CVE-2021-44142\",\n \"Compliance ID\": \"46\",\n \"Type\": \"image\",\n \"Severity\": \"critical\",\n \"Packages\": \"samba-common-libs\",\n \"Source Package\": \"\",\n \"Package Version\": \"4.10.16-17.el7_9\",\n \"Package License\": \"GPLv3+ and LGPLv3+\",\n \"CVSS\": \"9.90\",\n \"Fix Status\": \"fixed in 4.10.16-18.el7_9\",\n \"Vulnerability Tags\": \"\",\n \"Description\": \"Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix username map script regression introduced with CVE-2020-25717 (BZ#2046173)\",\n \"Cause\": \"\",\n \"Published\": \"2022-01-31 00:00:00.000\",\n \"Services\": \"\",\n \"Cluster\": \"\",\n \"Vulnerability Link\": \"http://somewhere.cloud/errata/RHSA-2022:0328\"\n}",
"results": [
{
"status": "failed",
"code_desc": "Version check of package: samba-common-libs\n\nSamba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fix username map script regression introduced with CVE-2020-25717 (BZ#2046173)",
"message": "Fix Status: fixed in 4.10.16-18.el7_9",
"start_time": "2022-01-31 00:00:00.000"
}
]
}
],
"sha256": "240695d8cf83c388d6dee3d9ff7923762315a8064eb7e9ae08cedfadf88bc274"
}
]
}
Loading

0 comments on commit 4807873

Please sign in to comment.