functions/ConvertFrom-JFrogToCodeDX.ps1
|
<#
.SYNOPSIS Converts a JFrog XRay JSON report to a Code DX report for importing results. .DESCRIPTION Used to convert a JFrog XRay JSON report file to a Code Dx XML format so it can be imported. .EXAMPLE ConvertFrom-JFrogToCodeDX [scan_file_to_process] [output_directory] #> Function ConvertFrom-JFrogToCodeDX { [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$SourceScanFilepath, [Parameter(Mandatory=$true)] [string]$OutputDir ) #Setup variables $CDate = Get-Date -format "yyyy-MM-dd-HHmmss" $OutputFilePath = $OutputDir.Trim("""") + "\JF2CDX-" + $CDate + ".xml" # Enable for Debugging # #$SourceScanFilepath = "JFrog.json" #$OutputFilePath = "C:\Users\aacuna\Documents\repos\powershell\Code DX\JF2CDX-" + $CDate + ".xml" $SourceScanFile = $SourceScanFilepath.Trim("""") $ToolName = "JFrog" $NativeIDName = "JFrog ID" $NativeID $cwe $description $locationFile $locationLine $reportDate #Setup Code DX output doc [xml]$doc = New-Object System.Xml.XmlDocument $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null) $updateXML= $doc.AppendChild($dec) $reportComment = "JFrog to Code DX - Generated $CDate" $updateXML= $doc.AppendChild($doc.CreateComment($reportComment)) $root = $doc.CreateNode("element","report",$null) #read source file and create custom PSO $SourceScanData = Get-Content -Raw -Encoding UTF8 -Path $SourceScanFile | ConvertFrom-Json #pull report date attributes and reformat for Code DX file $reportDate = $CDate.Substring(0,10) #Set Root attributes $root.SetAttribute("date",$reportDate) $root.SetAttribute("tool",$ToolName) #create findings Element $fds = $doc.CreateNode("element","findings",$null) #Get parent array of results $Results = $SourceScanData.data $Results | ForEach-Object{ #Create Code DX elements $fd = $doc.CreateNode("element","finding",$null) $id = $doc.CreateNode("element","native-id",$null) $cwe = $doc.CreateNode("element","cwe",$null) $desc = $doc.CreateNode("element","description",$null) $tl = $doc.CreateNode("element","tool",$null) $loc = $doc.CreateNode("element","location",$null) $md = $doc.CreateNode("element","metadata",$null) #Set finding "fd" attributes $fd.SetAttribute("severity", $_.severity.ToLower()) $fd.SetAttribute("type","Component Analysis") #$fd.SetAttribute("status", "new") #Set Native ID attributes $id.SetAttribute("name",$NativeIDName) $id.SetAttribute("value", $_.id) #Set CWE attributes $cwe.SetAttribute("id","937") #Set Tool attributes $tl.SetAttribute("name",$ToolName) $tl.SetAttribute("category","Security") $tl.SetAttribute("code", "Vulnerable Component") #Split Component information to get group, name, and version info $arrComp = $_.source_comp_id.Split(":") $compGroup = $arrComp[1].Substring(2) $compArtifactName = $arrComp[2] $compVersion = $arrComp[3] #build location node and attributes $loc.SetAttribute("type","logical") $loc.SetAttribute("path", $_.component) #Add Component Name element to Metadata $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Component Name") $e.InnerText = $compArtifactName $updateXML= $md.AppendChild($e) #Add Component Version element to Metadata $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Component Version") $e.InnerText = $compVersion $updateXML= $md.AppendChild($e) #Add Component Group element to Metadata $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Component Group ID") $e.InnerText = $compGroup $updateXML= $md.AppendChild($e) #collect Vulnerable Versions List $arrVVersion = $_.component_versions.vulnerable_versions $VersionList = $null $arrVVersion | ForEach-Object { If($VersionList.length -gt 0){ $VersionList = $VersionList + " , " + $_ } Else{ $VersionList = $_ } } #Add Vulnerable Version List element to Metadata $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Vulnerable Versions") $e.InnerText = $VersionList $updateXML= $md.AppendChild($e) #collect Fixed Versions List $arrVVersion = $_.component_versions.fixed_versions $VersionList = $null $arrVVersion | ForEach-Object { If($VersionList.length -gt 0){ $VersionList = $VersionList + " , " + $_ } Else{ $VersionList = $_ } } #Add Fixed Version List element to Metadata $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Fixed Versions") $e.InnerText = $VersionList $updateXML= $md.AppendChild($e) #Build Description info $resDesc = "Summary: " + $_.summary + "`n`nDescription: " + $_.component_versions.more_details.description #Set description attributes $desc.SetAttribute("format", "plain-text") $desc.InnerText = $resDesc #Capture CVEs node $arrCVEs = $_.component_versions.more_details.cves <# #Build CVE List Nodes $cves = $doc.CreateNode("element","cves",$null) $cves | ForEach-Object{ $cve = $doc.CreateNode("element","cve",$null) $cveArr = $_."Vulnerability Name".split("-") $cve.SetAttribute("sequence-number",$cveArr[2]) $cve.SetAttribute("year",$cveArr[1]) $updateXML= $cves.AppendChild($cve) $updateXML= $fd.AppendChild($cves) } #> #append remaining children to finding $updateXML= $fd.AppendChild($id) $updateXML= $fd.AppendChild($cwe) $updateXML= $fd.AppendChild($tl) $updateXML= $fd.AppendChild($loc) $updateXML= $fd.AppendChild($desc) $updateXML= $fd.AppendChild($md) #append finding to findings $updateXML= $fds.AppendChild($fd) } $updateXML= $root.AppendChild($fds) $updateXML= $doc.AppendChild($root) | Out-Null Write-Host "Outputing file to: $OutputFilePath" $doc.Save($OutputFilePath) } |