heimdall2
heimdall2 copied to clipboard
mitre
XCCDF Mapper with RHEL 7 SCAP Scan Input
@jrwhite17
XCCDF Issue - supporting files.zip
I realize that Heimdall Tools is being re-written in TS, but I figured it was worth documenting this issue because we have a use case that is currently blocked by the Ruby implementation and could possibly be present in the TS version as well.
The basic use case is:
- use the SCAP Compliance Checker tool to scan resources
- export those scans to XCCDF
- translate the scans to HDF
- upload those scans to Heimdall
We are currently blocked at step 2 of that workflow. I have run the SCAP Compliance Checker against an example RHEL7 VM with the U_RHEL_7_V3R4_STIG_SCAP_1-2_Benchmark.xml (attached in ZIP) and exported that from the SCAP tool in XCCDF format. When I run that XML file (example-rhel7-SCAP-scan.xml - attached in ZIP) through the XCCDF mapper on the master branch, I get the following error:
In my local testing I ended up revising the to_hdf method to the below code snippet and was able to produce the example-rhel7-SCAP-scan.json file (included in ZIP). It seems like the to_hdf method just needs to be more flexible around fields that might not exist in the XCCDF file.
def to_hdf
controls = []
@groups.each_with_index do |group, i|
@item = {}
@item['id'] = group['Rule']['id'].split('.').last.split('_').drop(2).first.split('r').first.split('S')[1]
@item['title'] = group['Rule']['title'].to_s
@item['desc'] = group['Rule']['description'].to_s.split('Satisfies').first
@item['descriptions'] = []
@item['descriptions'] << desc_tags(group['Rule']['description'], 'default')
@item['descriptions'] << desc_tags('NA', 'rationale')
@item['descriptions'] << desc_tags(group['Rule']['check']['check-content-ref']['name'], 'check')
@item['descriptions'] << desc_tags(group['Rule']['fixtext']['text'], 'fix')
@item['impact'] = get_impact(group['Rule']['severity'])
@item['refs'] = NA_ARRAY
@item['tags'] = {}
@item['tags']['severity'] = nil
@item['tags']['gtitle'] = group['title']
@item['tags']['satisfies'] = satisfies_parse(group['Rule']['description'])
@item['tags']['gid'] = group['Rule']['id'].split('.').last.split('_').drop(2).first.split('r').first
ident = group['Rule']['ident']
ident = [ident] if ident.is_a? Hash
@item['tags']['legacy_id'] = ident[2]['text'] if ident[2]
@item['tags']['rid'] = ident[1]['text'] if ident[1]
@item['tags']['stig_id'] = @benchmarks['id']
@item['tags']['fix_id'] = group['Rule']['fix']['id']
cci = parse_refs(ident)
@item['tags']['cci'] = cci if cci
@item['tags']['nist'] = cci_nist_tag(@item['tags']['cci']) if @item['tags']['cci']
@item['code'] = NA_STRING
@item['source_location'] = NA_HASH
# results were in another location and using the top block "Benchmark" as a starting point caused odd issues. This works for now for the results.
@item['results'] = finding(@results, i)
controls << @item
end
controls = collapse_duplicates(controls)
results = HeimdallDataFormat.new(profile_name: @benchmarks['id'],
version: @benchmarks['style'],
duration: NA_FLOAT,
title: @benchmarks['title'],
maintainer: @benchmarks['reference']['publisher'],
summary: @benchmarks['description'],
license: @benchmarks['notice']['id'],
copyright: @benchmarks['metadata']['creator'],
copyright_email: '[email protected]',
controls: controls)
results.to_hdf
end
Fixed by https://github.com/mitre/heimdall2/pull/2551
Update: I was able to test the TS version of the xccdf_results_mapper and hit an error with the same test XCCDF file.
Probably a blocker for https://github.com/mitre/heimdall2/issues/343
If this fails, then it should be added as another sample to test against
@aaronlippold it might have been fixed when I did that pr for xxcdf2hdf but I have not tested yet so can't promise