heimdall2 icon indicating copy to clipboard operation
heimdall2 copied to clipboard

Published 20 hours ago verified publisher icon mitre

Adding new ASFF mapper special casings

Open charleshu-8 opened this issue 2 years ago • 5 comments

Signed-off-by: charleshu-8 [email protected]

charleshu-8 avatar Jul 12 '22 16:07 charleshu-8

This pull request introduces 1 alert when merging c65b0fe67d2efc306690fefa496c45d9911c1a20 into c2e5ed31bf5eee551600894fbe379111c0f32f4a - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 12 '22 16:07 lgtm-com[bot]

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Jul 29 '22 15:07 sonarqubecloud[bot]

HANDOFF: Special cases should be fully implemented; need to check if appearance in Heimdall is satisfactory

charleshu-8 avatar Aug 05 '22 19:08 charleshu-8

This pull request has a conflict. Could you fix it @charleshu-8?

mergify[bot] avatar Sep 10 '22 03:09 mergify[bot]

This pull request has a conflict. Could you fix it @charleshu-8?

mergify[bot] avatar Sep 24 '22 00:09 mergify[bot]

Ignore the failing hdf converter tests - I need to update the sample results based off of the changes made here and potentially conflicts from the merge still.

Question: how do you want the inspec results to look @ejaronne? At the moment it matches ASFF's display, but do we potentially want to combine all the same v-number controls into the same control and have the findings become subtests instead?

Amndeep7 avatar Jan 06 '23 04:01 Amndeep7

Ignore the failing hdf converter tests - I need to update the sample results based off of the changes made here and potentially conflicts from the merge still.

Question: how do you want the inspec results to look @ejaronne? At the moment it matches ASFF's display, but do we potentially want to combine all the same v-number controls into the same control and have the findings become subtests instead?

For the Chef InSpec results, yes, group by original requirement number, note that each "subtest" is a separate ASFF finding such as:

"Id": "us-east-1/380079715235/i-0f97f85f3f9b8940d/V-79001-443",
"Id": "us-east-1/380079715235/i-0f97f85f3f9b8940d/V-79001-442",
"Id": "us-east-1/380079715235/i-0f97f85f3f9b8940d/V-79001-441",
"Id": "us-east-1/380079715235/i-0f97f85f3f9b8940d/V-79001-440",

Also, note that a getfindings pull may have a mix of more than one target, so each would create a separate HDF results file.

ejaronne avatar Jan 06 '23 15:01 ejaronne

@Amndeep7 do you need additional (sanitized) samples for these new casings?

ejaronne avatar Jan 06 '23 15:01 ejaronne

@ejaronne new samples would be appreciated. if you could concoct an example of a getfindings pull with multiple targets (but same underlying product, so like multiple inspecs or multiple inspectors), I'd appreciate that too.

Amndeep7 avatar Jan 06 '23 16:01 Amndeep7

@ejaronne please validate (using the heroku deployment, not the netlify deploy preview!) if the inspec results look good to you

Amndeep7 avatar Jan 09 '23 02:01 Amndeep7

For Chef-Inspec, it still needs to append the instance or Resources-Id to the filename json: image

ejaronne avatar Jan 10 '23 18:01 ejaronne

Latest commit addresses Eugene's concern

Amndeep7 avatar Jan 22 '23 07:01 Amndeep7

@em-c-rod this is good for review again. if you're available, we can walk through it monday morning so that way it can be merged in time?

Amndeep7 avatar Jan 22 '23 07:01 Amndeep7

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Jan 23 '23 18:01 sonarqubecloud[bot]