functions/ConvertFrom-InsightAppSecToCodeDx.ps1
|
#Converts a Rapid7 Insight AppSec CSV report to a Code Dx report for importing results. Function ConvertFrom-InsightAppSecToCodeDx { [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$SourceScanFilepath, [Parameter(Mandatory=$true)] [string]$OutputDir ) #Setup variables $CDate = Get-Date -format "yyyy-MM-dd-HHmmss" #$OutputFilePath = $OutputDir.Trim("""") + "\IAS2CDX-" + $CDate + ".xml" # Enable for Debugging # #$SourceScanFilepath = "C:\Users\aacuna\Code Dx Inc\Code Dx - Documents\Sales Engineering\Technology Partners\Rapid7 InsightAppSec\Vulnerabilities.csv" #$OutputFilePath = "C:\Users\aacuna\Code Dx Inc\Code Dx - Documents\Sales Engineering\Technology Partners\Rapid7 InsightAppSec\IAS2CDX-" + $CDate + ".xml" $SourceScanFile = $SourceScanFilepath.Trim("""") $ToolName = "Rapid7 InsightAppSec" $cve $loctype $description $locationFile $locationLine $reportDate $mdtags = @("app_name","app_description","app_uuid","scanType", "parentScanUuid","variances_size","attackType","firstDiscovered","firstDiscoveredScan_appId", "firstDiscoveredScan_crawlOnly","firstDiscoveredScan_createTime","firstDiscoveredScan_endTime", "firstDiscoveredScan_engineUuid","firstDiscoveredScan_failureReason","firstDiscoveredScan_highestSeverity", "firstDiscoveredScan_parentScanUuid","firstDiscoveredScan_scanConfig_appUuid", "firstDiscoveredScan_scanConfig_attackTemplateUuid","firstDiscoveredScan_scanConfig_description", "firstDiscoveredScan_scanConfig_lastScanTime","firstDiscoveredScan_scanConfig_name", "firstDiscoveredScan_scanConfig_uuid","firstDiscoveredScan_scanType","firstDiscoveredScan_scheduleUuid", "firstDiscoveredScan_startTime","firstDiscoveredScan_status","firstDiscoveredScan_uuid", "firstDiscoveredScan_vulnCount","lastDiscoveredScan_appId","lastDiscoveredScan_crawlOnly", "lastDiscoveredScan_createTime","lastDiscoveredScan_endTime","lastDiscoveredScan_engineUuid", "lastDiscoveredScan_failureReason","lastDiscoveredScan_highestSeverity","lastDiscoveredScan_parentScanUuid", "lastDiscoveredScan_scanConfig_appUuid","lastDiscoveredScan_scanConfig_attackTemplateUuid", "lastDiscoveredScan_scanConfig_description","lastDiscoveredScan_scanConfig_lastScanTime", "lastDiscoveredScan_scanConfig_name","lastDiscoveredScan_scanConfig_uuid","lastDiscoveredScan_scanType", "lastDiscoveredScan_scheduleUuid","lastDiscoveredScan_startTime","lastDiscoveredScan_status", "lastDiscoveredScan_uuid","lastDiscoveredScan_vulnCount","newlyDiscovered","scans_size") #Setup Code Dx output doc [xml]$doc = New-Object System.Xml.XmlDocument $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null) $updateXML= $doc.AppendChild($dec) $reportComment = "Rapid7 InsightAppSec to Code Dx - Generated $CDate" $updateXML= $doc.AppendChild($doc.CreateComment($reportComment)) $root = $doc.CreateNode("element","report",$null) #read source file and create custom PSO $SourceScanData = Get-Content -Raw -Path $SourceScanFile | ConvertFrom-CSV #pull report date attributes and reformat for Code Dx file $reportDate = $SourceScanData[0]."lastDiscovered" #Set Root attributes $root.SetAttribute("date",$reportDate) $root.SetAttribute("tool",$ToolName) #create findings Element $fds = $doc.CreateNode("element","findings",$null) #Get parent array of results $Results = $SourceScanData #drill into each vulnerability $Results | ForEach-Object{ #Create Code Dx elements $fd = $doc.CreateNode("element","finding",$null) $desc = $doc.CreateNode("element","description",$null) $tl = $doc.CreateNode("element","tool",$null) $loc = $doc.CreateNode("element","location",$null) $md = $doc.CreateNode("element","metadata",$null) $nid = $doc.CreateNode("element","native-id",$null) $vars = $doc.CreateNode("element","variants",$null) $var = $doc.CreateNode("element","variant",$null) $req = $doc.CreateNode("element","http-request",$null) #Set Custom Tool Code $nid.SetAttribute("name", "uuid") $nid.SetAttribute("value", $_.uuid) #Set Native ID $nativeID = $_."Vulnerability Name" $code = $code #Set finding severity value $sev = switch ($_."severity"){ "SAFE" {"info"} "INFORMATIONAL" {"low"} "LOW" {"medium"} "MEDIUM" {"high"} "HIGH" {"critical"} default {"unspecified"} } #Set finding attributes # use "status" when it becomes available. $fd.SetAttribute("severity", $sev) $fd.SetAttribute("type","dynamic") If ($_.vulnerabilities.falsePositive){ $fd.SetAttribute("status", "false-positive") } else { $fd.SetAttribute("status", "new") } #Set Tool attributes $tl.SetAttribute("name",$ToolName) $tl.SetAttribute("category","Security") $tl.SetAttribute("code", $_."attackType") #parse url path for location $path = $_."rootCause_url" $path = $path.substring(61) #build location node and attributes $loc.SetAttribute("type","url") $loc.SetAttribute("path", $path) #build request and response variants and add to variant parent element $req.SetAttribute("method",$_."rootCause_method") $req.SetAttribute("path",$path) $req.SetAttribute("query",$_."rootCause_parameter") $updateXML = $var.AppendChild($req) $updateXML = $vars.AppendChild($var) $updateXMl = $loc.AppendChild($vars) #Set description attributes $desc.SetAttribute("format", "plain-text") $desc.InnerText = $_."moduleName" #Capture current vuln object for use later $vo = $_ #Build the Metadata Node $mdtags | ForEach-Object { $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key",$_) $e.InnerText = $vo.$_ $updateXML= $md.AppendChild($e) } #append remaining children to finding $updateXML= $fd.AppendChild($tl) $updateXML= $fd.AppendChild($loc) $updateXML= $fd.AppendChild($desc) $updateXML= $fd.AppendChild($md) #append finding to findings $updateXML= $fds.AppendChild($fd) } $updateXML= $root.AppendChild($fds) $updateXML= $doc.AppendChild($root) | Out-Null Write-Host "Outputing file to: $OutputFilePath" $doc.Save($OutputFilePath) } |