Merge pull request #50 from mitre/sonarqube_mapping

Added default NIST_ID tags of SA-11 and RA-5 to sonarqube_mapper
mitre · Feb 16, 2021 · 2b63d63 · 2b63d63
2 parents d0fc79c + a12435b
commit 2b63d63
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/lib/heimdall_tools/fortify_mapper.rb b/lib/heimdall_tools/fortify_mapper.rb
@@ -3,6 +3,7 @@
 require 'utilities/xml_to_hash'
 
 NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'.freeze
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
 
 module HeimdallTools
   class FortifyMapper
@@ -68,7 +69,7 @@ def nist_tag(rule)
       references = rule['References']['Reference']
       references = [references] unless references.is_a?(Array)
       tag = references.detect { |x| x['Author'].eql?(NIST_REFERENCE_NAME) }
-      tag.nil? ? 'unmapped' : tag['Title'].match(/[a-zA-Z][a-zA-Z]-\d{1,2}/)
+      tag.nil? ? DEFAULT_NIST_TAG : tag['Title'].match(/[a-zA-Z][a-zA-Z]-\d{1,2}/)
     end
 
     def impact(classid)

diff --git a/lib/heimdall_tools/sonarqube_mapper.rb b/lib/heimdall_tools/sonarqube_mapper.rb
@@ -5,6 +5,8 @@
 
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
+
 MAPPING_FILES = {
   cwe: File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv'),
   owasp: File.join(RESOURCE_DIR, 'owasp-nist-mapping.csv')
@@ -237,7 +239,7 @@ def get_nist_tags
       return [@mappings[tag_type][parsed_tag]].flatten.uniq
     end
 
-    ['unmapped'] # HDF expects this to be a list, but not an empty list even if there aren't results
+    DEFAULT_NIST_TAG # Entries with unmapped NIST tags are defaulted to NIST tags ‘SA-11, RA-5 Rev_4’
   end
 
   def hdf

diff --git a/lib/heimdall_tools/zap_mapper.rb b/lib/heimdall_tools/zap_mapper.rb
@@ -7,6 +7,7 @@
 RESOURCE_DIR = Pathname.new(__FILE__).join('../../data')
 
 CWE_NIST_MAPPING_FILE = File.join(RESOURCE_DIR, 'cwe-nist-mapping.csv')
+DEFAULT_NIST_TAG = ["SA-11", "RA-5"].freeze
 
 # rubocop:disable Metrics/AbcSize
 
@@ -66,7 +67,7 @@ def format_code_desc(code_desc)
     def nist_tag(cweid)
       entries = @cwe_nist_mapping.select { |x| x[:cweid].to_s.eql?(cweid.to_s) }
       tags = entries.map { |x| [x[:nistid], "Rev_#{x[:rev]}"] }
-      tags.empty? ? ['unmapped'] : tags.flatten.uniq
+      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
     end
 
     def impact(riskcode)