codedx

1.9.5

functions/ConvertFrom-AquaSecToCodeDx.ps1

#Converts a Aqua Security Container Scanner CSV report to a Code Dx report for importing results.

Function ConvertFrom-AquaSecToCodeDx
{
    [cmdletbinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$SourceScanFilepath,
        [Parameter(Mandatory=$true)]
        [string]$OutputDir
    )
    
    #Setup variables
    $CDate = Get-Date -format "yyyy-MM-dd-HHmmss"
    $OutputFilePath = $OutputDir.Trim("""") + "\AS2CDX-" + $CDate + ".xml"
    
    # Enable for Debugging
    #
    #$SourceScanFilepath = "aquasec_sample.csv"
    #$OutputFilePath = "C:\Users\aacuna\Documents\repos\powershell\Code Dx\AS2CDX-" + $CDate + ".xml"
    
    $SourceScanFile = $SourceScanFilepath.Trim("""")
    $ToolName = "Aqua Security"
    $cve
    $loctype
    $description
    $locationFile
    $locationLine
    $reportDate
    $mdtags = @("Registry","Image Name","Image Digest","Installed Version","Vulnerability Name","Publish Date","Referenced By","Vendor CVSS v2 Severity","Vendor CVSS v2 Score","Vendor CVSS v2 Vectors","Vendor URL","NVD CVSS v2 Severity","NVD CVSS v2 Score","NVD CVSS v2 Vectors","NVD URL","Fix Version","Solution","Qualys IDs","Applied By","Applied On","Reverted By","Reverted On","Enforced By","Enforced On","vShield Status","Acknowledged Date","Base Image Vulnerability","Base Image Name","Aqua score","First Found on Image","Last Image Scan")

    #Setup Code Dx output doc
    [xml]$doc = New-Object System.Xml.XmlDocument
    $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null)
    $updateXML= $doc.AppendChild($dec)
    $reportComment = "Aqua Security to Code Dx - Generated $CDate"
    $updateXML= $doc.AppendChild($doc.CreateComment($reportComment))
    $root = $doc.CreateNode("element","report",$null)
    
    #read source file and create custom PSO
    $SourceScanData = Get-Content -Raw -Path $SourceScanFile | ConvertFrom-CSV

    #pull report date attributes and reformat for Code Dx file
    $reportDate = $SourceScanData[0]."Last Image Scan"

    #Set Root attributes
    $root.SetAttribute("date",$reportDate)
    $root.SetAttribute("tool",$ToolName)

    #create findings Element
    $fds = $doc.CreateNode("element","findings",$null)

    #Get parent array of results
    $Results = $SourceScanData

    #drill into each vulnerability
    $Results | ForEach-Object{
    
            #Create Code Dx elements
            $fd = $doc.CreateNode("element","finding",$null)
            $desc = $doc.CreateNode("element","description",$null)
            $tl = $doc.CreateNode("element","tool",$null)
            $loc = $doc.CreateNode("element","location",$null)
            $md = $doc.CreateNode("element","metadata",$null)
            $h = $doc.CreateNode("element","host",$null)
            $hn = $doc.CreateNode("element","hostname",$null)
            #$cwe = $doc.CreateNode("element","cwe",$null)
            
            #Set Custom Tool Code
            $code = $_."Vulnerability Name"
            $code = $code

            $resDesc = $_.Description

            #Set finding severity value
            If ($_."Aqua severity" -eq "negligible"){
                    $sev = "info"
                }
            Else
                {
                    $sev = $_."Aqua severity".ToLower()
                }

            #Set finding "fd" attributes
            $fd.SetAttribute("severity", $sev)
            $fd.SetAttribute("type","Container Analysis")
            If ($_.vulnerabilities.falsePositive){
                    $fd.SetAttribute("status", "false-positive")
                } else {
                    $fd.SetAttribute("status", "new")
            }

            #Set CWE attributes
            #$cwe.SetAttribute("id", "937")

            #Set Tool attributes
            $tl.SetAttribute("name",$ToolName)
            $tl.SetAttribute("category","Security")
            $tl.SetAttribute("code", $code)

            #determine location type
            If ($_."Resource Type" -eq "package"){
                $loctype = "logical"
                }
            Else
                {
                    $loctype = $_."Resource Type".ToLower()
                }

            #build location node and attributes
            $loc.SetAttribute("type",$loctype)
            $loc.SetAttribute("path", $_.Resource)

            #Set description attributes
            $desc.SetAttribute("format", "plain-text")
            $desc.InnerText = $resDesc

            #Create Host Element
            $hn.InnerText = $_."Image Name"

            $updateXML= $h.AppendChild($hn)
            $updateXML= $fd.AppendChild($h)

            #Determine and set CVE attributes, if needed
            If($_."Vulnerability Name".substring(0,3) -ceq "CVE"){
                $cves = $doc.CreateNode("element","cves",$null)
                $cve = $doc.CreateNode("element","cve",$null)
                $cveArr = $_."Vulnerability Name".split("-")
                $cve.SetAttribute("sequence-number",$cveArr[2])
                $cve.SetAttribute("year",$cveArr[1])
                $updateXML= $cves.AppendChild($cve)
                $updateXML= $fd.AppendChild($cves)
            }

            #Capture current vuln object for use later
            $vo = $_

            #Build the Metadata Node
            $mdtags | forEach {
                $e = $doc.CreateNode("element","value",$null)
                $e.SetAttribute("key",$_)
                $e.InnerText = $vo.$_
                $updateXML= $md.AppendChild($e)
            }

            #append remaining children to finding
            $updateXML= $fd.AppendChild($tl)
            $updateXML= $fd.AppendChild($loc)
            $updateXML= $fd.AppendChild($desc)
            $updateXML= $fd.AppendChild($md)

            #append finding to findings
            $updateXML= $fds.AppendChild($fd)
        }

    $updateXML= $root.AppendChild($fds)
    $updateXML= $doc.AppendChild($root) | Out-Null
    Write-Host "Outputing file to: $OutputFilePath"
    $doc.Save($OutputFilePath)
}