Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update sechub_parser.py #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update sechub_parser.py #3

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
190 changes: 97 additions & 93 deletions sechub_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this
# software and associated documentation files (the "Software"), to deal in the Software
# without restriction, including without limitation the rights to use, copy, modify,
# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

import json
import boto3
Expand All @@ -35,83 +35,87 @@
# open Trivy vuln report & parse out vuln info
with open('results.json') as json_file:
data = json.load(json_file)
if data[0]['Vulnerabilities'] is None:
print('No vulnerabilities')
else:
for p in data[0]['Vulnerabilities']:
cveId = str(p['VulnerabilityID'])
cveTitle = str(p['Title'])
cveDescription = str(p['Description'])
cveDescription = (cveDescription[:1021] + '..') if len(cveDescription) > 1021 else cveDescription
packageName = str(p['PkgName'])
installedVersion = str(p['InstalledVersion'])
fixedVersion = str(p['FixedVersion'])
trivySeverity = str(p['Severity'])
cveReference = str(p['References'][0])
# create ISO 8601 timestamp
iso8601Time = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc).isoformat()
# map Trivy severity to ASFF severity
if trivySeverity == 'LOW':
trivyProductSev = int(1)
trivyNormalizedSev = trivyProductSev * 10
elif trivySeverity == 'MEDIUM':
trivyProductSev = int(4)
trivyNormalizedSev = trivyProductSev * 10
elif trivySeverity == 'HIGH':
trivyProductSev = int(7)
trivyNormalizedSev = trivyProductSev * 10
elif trivySeverity == 'CRITICAL':
trivyProductSev = int(9)
trivyNormalizedSev = trivyProductSev * 10
else:
print('No vulnerability information found')
try:
response = securityhub.batch_import_findings(
Findings=[
{
'SchemaVersion': '2018-10-08',
'Id': containerName + ':' + containerTag + '/' + cveId,
'ProductArn': 'arn:aws:securityhub:' + awsRegion + ':' + ':product/aquasecurity/aquasecurity',
'GeneratorId': codebuildBuildArn,
'AwsAccountId': awsAccount,
'Types': [ 'Software and Configuration Checks/Vulnerabilities/CVE' ],
'CreatedAt': iso8601Time,
'UpdatedAt': iso8601Time,
'Severity': {
'Product': trivyProductSev,
'Normalized': trivyNormalizedSev
},
'Title': 'Trivy found a vulnerability to ' + cveId + ' in container ' + containerName,
'Description': cveDescription,
'Remediation': {
'Recommendation': {
'Text': 'More information on this vulnerability is provided in the hyperlink',
'Url': cveReference
Results = (list(data.keys())[4])
ResultValues = (data.get(Results))
if (ResultValues[0]['Vulnerabilities']) is None:
print('No vulnerabilities')
else:
for p in ResultValues[0]['Vulnerabilities']:
cveId = str(p['VulnerabilityID'])
cveTitle = str(p['Title'])
cveDescription = str(p['Description'])
cveDescription = (
cveDescription[:1021] + '..') if len(cveDescription) > 1021 else cveDescription
packageName = str(p['PkgName'])
installedVersion = str(p['InstalledVersion'])
fixedVersion = str(p['FixedVersion'])
trivySeverity = str(p['Severity'])
cveReference = str(p['References'][0])
# create ISO 8601 timestamp
iso8601Time = datetime.datetime.utcnow().replace(
tzinfo=datetime.timezone.utc).isoformat()
# map Trivy severity to ASFF severity
if trivySeverity == 'LOW':
trivyProductSev = int(1)
trivyNormalizedSev = trivyProductSev * 10
elif trivySeverity == 'MEDIUM':
trivyProductSev = int(4)
trivyNormalizedSev = trivyProductSev * 10
elif trivySeverity == 'HIGH':
trivyProductSev = int(7)
trivyNormalizedSev = trivyProductSev * 10
elif trivySeverity == 'CRITICAL':
trivyProductSev = int(9)
trivyNormalizedSev = trivyProductSev * 10
else:
print('No vulnerability information found')
try:
response = securityhub.batch_import_findings(
Findings=[
{
'SchemaVersion': '2018-10-08',
'Id': containerName + ':' + containerTag + '/' + cveId,
'ProductArn': 'arn:aws:securityhub:' + awsRegion + ':' + ':product/aquasecurity/aquasecurity',
'GeneratorId': codebuildBuildArn,
'AwsAccountId': awsAccount,
'Types': ['Software and Configuration Checks/Vulnerabilities/CVE'],
'CreatedAt': iso8601Time,
'UpdatedAt': iso8601Time,
'Severity': {
'Product': trivyProductSev,
'Normalized': trivyNormalizedSev
},
'Title': 'Trivy found a vulnerability to ' + cveId + ' in container ' + containerName,
'Description': cveDescription,
'Remediation': {
'Recommendation': {
'Text': 'More information on this vulnerability is provided in the hyperlink',
'Url': cveReference
}
},
'ProductFields': {'Product Name': 'Trivy'},
'Resources': [
{
'Type': 'Container',
'Id': containerName + ':' + containerTag,
'Partition': 'aws',
'Region': awsRegion,
'Details': {
'Container': {'ImageName': containerName + ':' + containerTag},
'Other': {
'CVE ID': cveId,
'CVE Title': cveTitle,
'Installed Package': packageName + ' ' + installedVersion,
'Patched Package': packageName + ' ' + fixedVersion
}
}
},
'ProductFields': { 'Product Name': 'Trivy' },
'Resources': [
{
'Type': 'Container',
'Id': containerName + ':' + containerTag,
'Partition': 'aws',
'Region': awsRegion,
'Details': {
'Container': { 'ImageName': containerName + ':' + containerTag },
'Other': {
'CVE ID': cveId,
'CVE Title': cveTitle,
'Installed Package': packageName + ' ' + installedVersion,
'Patched Package': packageName + ' ' + fixedVersion
}
}
},
],
'RecordState': 'ACTIVE'
}
]
)
print(response)
except Exception as e:
print(e)
raise
],
'RecordState': 'ACTIVE'
}
]
)
print(response)
except Exception as e:
print(e)
raise