Merge pull request #136 from mitre/control-table-data-ingest-2_electr…

…ic_boogaloo

Control table data ingest 2 electric boogaloo

.github/workflows/control-table-data-ingestion.yml

@@ -0,0 +1,25 @@
+name: Control Table Data Ingestion
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  control-table-ingest:
+    runs-on: ubuntu-latest
+    name: Control table ingest
+    steps:
+      - name: Pull down this repo
+        uses: actions/checkout@v2
+      - name: Ingest and process data
+        uses: docker://mitre/saf-baseline-ingestion
+      - name: Commit processed data
+        run: |
+          git config --global user.name 'MITRE SAF'
+          git config --global user.email '[email protected]'
+          git add ./src/assets/data/baselineProfiles/
+          git add ./src/assets/data/baselines.json
+          git add ./src/assets/data/mitre-saf-control-mapping.json
+          git commit -s -m 'Automated ingestion of profiles' || true
+          git push "https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${GITHUB_REPOSITORY}.git" HEAD:master

package.json

@@ -42,7 +42,7 @@
     "babel-polyfill": "^6.26.0",
     "core-js": "^2.6.11",
     "css-vars-ponyfill": "^2.3.1",
-    "firebase": "7.15.4",
+    "firebase": "^7.22.1",
     "intersection-observer": "^0.10.0",
     "material-design-icons": "^3.0.1",
     "prismjs": "^1.21.0",

src/assets/data/baselineProfiles/aws-s3-baseline.json

@@ -0,0 +1,107 @@
+{
+  "platform": {
+    "name": "aws",
+    "release": "aws-sdk-v2.11.88"
+  },
+  "profiles": [
+    {
+      "name": "aws-inspec-demo",
+      "version": "0.2",
+      "sha256": "7455ecf92b5c85c9ee3c6e3c63464d67cfcafda72e0d6188c710657415a0522e",
+      "title": "AWS Inspec Demo",
+      "maintainer": "aaronlippold,ronyxavier",
+      "summary": "Test-suite for best-practice aws hardening for functionality Demo",
+      "license": "Apache 2 license",
+      "copyright": "aaronlippold",
+      "copyright_email": "[email protected]",
+      "supports": [],
+      "attributes": [],
+      "groups": [
+        {
+          "id": "controls/aws_s3_bucket.rb",
+          "controls": [
+            "s3-buckets-no-public-access"
+          ]
+        },
+        {
+          "id": "controls/aws_s3_bucket_objects.rb",
+          "controls": [
+            "s3-objects-no-public-access"
+          ]
+        }
+      ],
+      "controls": [
+        {
+          "id": "s3-buckets-no-public-access",
+          "title": "Ensure there are no publicly accessible S3 buckets",
+          "desc": "Ensure there are no publicly accessible S3 buckets",
+          "impact": 0.7,
+          "refs": [],
+          "tags": {
+            "nist": [
+              "AC-6",
+              "Rev_4"
+            ],
+            "severity": "high",
+            "check": "Review your AWS console and note if any S3 buckets are set to\n                'Public'. If any buckets are listed as 'Public', then this is\n                a finding.",
+            "fix": "Log into your AWS console and select the S3 buckets section. Select\n              the buckets found in your review. Select the permisssions tab for\n              the bucket and remove the Public access permission."
+          },
+          "code": "control \"s3-buckets-no-public-access\" do\n  impact 0.7\n  title \"Ensure there are no publicly accessible S3 buckets\"\n  desc \"Ensure there are no publicly accessible S3 buckets\"\n\n  tag \"nist\": [\"AC-6\", \"Rev_4\"]\n  tag \"severity\": \"high\"\n\n  tag \"check\": \"Review your AWS console and note if any S3 buckets are set to\n                'Public'. If any buckets are listed as 'Public', then this is\n                a finding.\"\n\n  tag \"fix\": \"Log into your AWS console and select the S3 buckets section. Select\n              the buckets found in your review. Select the permisssions tab for\n              the bucket and remove the Public access permission.\"\n\n  aws_s3_buckets.bucket_names.each do |bucket|\n    describe aws_s3_bucket(bucket) do\n      it { should_not be_public }\n    end\n  end\n\n  if aws_s3_buckets.bucket_names.empty?\n    impact 0.0\n    desc \"This control is Non Applicable since no S3 buckets were found.\"\n  end\n\nend\n",
+          "source_location": {
+            "line": 1,
+            "ref": "./controls/aws_s3_bucket.rb"
+          },
+          "results": [
+            {
+              "status": "passed",
+              "code_desc": "S3 Bucket aws-s3-baseline-bucket-1 should not be public",
+              "run_time": 0.09968,
+              "start_time": "2018-07-16T15:13:00-04:00"
+            },
+            {
+              "status": "failed",
+              "code_desc": "S3 Bucket aws-s3-baseline-bucket-2 should not be public",
+              "run_time": 0.080283,
+              "start_time": "2018-07-16T15:13:00-04:00",
+              "message": "expected `S3 Bucket aws-s3-baseline-bucket-2.public?` to return false, got true"
+            }
+          ]
+        },
+        {
+          "id": "s3-objects-no-public-access",
+          "title": "Ensure there are no publicly accessible S3 objects",
+          "desc": "Ensure there are no publicly accessible S3 objects",
+          "impact": 0.7,
+          "refs": [],
+          "tags": {
+            "nist": [
+              "AC-6",
+              "Rev_4"
+            ],
+            "severity": "high",
+            "check": "Review your AWS console and note if any S3 bucket objects are set to\n                'Public'. If any objects are listed as 'Public', then this is\n                a finding.",
+            "fix": "Log into your AWS console and select the S3 buckets section. Select\n              the buckets found in your review. For each object in the bucket\n              select the permissions tab for the object and remove\n              the Public Access permission."
+          },
+          "code": "control \"s3-objects-no-public-access\" do\n  impact 0.7\n  title \"Ensure there are no publicly accessible S3 objects\"\n  desc \"Ensure there are no publicly accessible S3 objects\"\n  tag \"nist\": [\"AC-6\", \"Rev_4\"]\n  tag \"severity\": \"high\"\n\n  tag \"check\": \"Review your AWS console and note if any S3 bucket objects are set to\n                'Public'. If any objects are listed as 'Public', then this is\n                a finding.\"\n\n  tag \"fix\": \"Log into your AWS console and select the S3 buckets section. Select\n              the buckets found in your review. For each object in the bucket\n              select the permissions tab for the object and remove\n              the Public Access permission.\"\n\n  # keeping track of public objects in this array is the `public_objects` necessary for \n  # appropriate reporting otherwise, in the case when no public objects are found in the\n  # buckets, the test would end without any reporting.\n\n  if aws_s3_buckets.bucket_names.empty?\n    impact 0.0\n    desc \"This control is Non Applicable since no S3 buckets were found.\"\n  else\n\n    public_objects = []\n\n    aws_s3_buckets.bucket_names.each do |bucket|\n      aws_s3_bucket_objects(bucket).keys.each do |key|\n\n        if aws_s3_bucket_object(bucket_name: bucket, key: key).public?\n            public_objects << key\n\n          # following code will all the report public objects as fail.\n          describe aws_s3_bucket_object(bucket_name: bucket, key: key) do\n            it { should_not be_public } \n          end\n\n        end\n      end\n    end\n\n\n    describe \"Number of public objects in S3 Buckets\" do\n      subject { public_objects.length }\n      it { should be_zero }  \n    end if public_objects.empty?\n  end\n\nend\n",
+          "source_location": {
+            "line": 2,
+            "ref": "./controls/aws_s3_bucket_objects.rb"
+          },
+          "results": [
+            {
+              "status": "failed",
+              "code_desc": "s3://aws-s3-baseline-bucket-1/indexq3.html should not be public",
+              "run_time": 0.05142,
+              "start_time": "2018-07-16T15:13:00-04:00",
+              "message": "expected `s3://aws-s3-baseline-bucket-1/indexq3.html.public?` to return false, got true"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "statistics": {
+    "duration": 0.233153
+  },
+  "version": "2.2.35"
+}

src/assets/data/baselineProfiles/inspec-gcp-cis-benchmark.json

@@ -0,0 +1,28 @@
+{
+  "platform": {
+    "name": "null",
+    "release": "0"
+  },
+  "profiles": [
+    {
+      "name": "",
+      "version": "0",
+      "sha256": ".",
+      "title": "Null",
+      "maintainer": ".",
+      "summary": ".",
+      "license": "Apache-2.0",
+      "copyright": ".",
+      "copyright_email": ".",
+      "supports": [],
+      "attributes": [],
+      "groups": [],
+      "controls": [],
+      "status": "loaded"
+    }
+  ],
+  "statistics": {
+    "duration": 10
+  },
+  "version": "Z.0"
+}

src/assets/data/baselineProfiles/inspec-gcp-pci-profile.json

@@ -0,0 +1,28 @@
+{
+  "platform": {
+    "name": "null",
+    "release": "0"
+  },
+  "profiles": [
+    {
+      "name": "",
+      "version": "0",
+      "sha256": ".",
+      "title": "Null",
+      "maintainer": ".",
+      "summary": ".",
+      "license": "Apache-2.0",
+      "copyright": ".",
+      "copyright_email": ".",
+      "supports": [],
+      "attributes": [],
+      "groups": [],
+      "controls": [],
+      "status": "loaded"
+    }
+  ],
+  "statistics": {
+    "duration": 10
+  },
+  "version": "Z.0"
+}

src/assets/data/baselines.json

@@ -187,28 +187,32 @@
       "longName": "AWS S3",
       "link": "https://github.com/mitre/aws-s3-baseline",
       "svg": "inspec-blue-back-border",
-      "category": ["Cloud Service Providers"]
+      "category": ["Cloud Service Providers"],
+      "gitHash": "0"
     },
     {
       "shortName": "AWS RDS CIS",
       "longName": "AWS RDS Infrastructure CIS",
       "link": "https://github.com/mitre/aws-rds-infrastructure-cis-baseline",
       "svg": "inspec-blue-back-border",
-      "category": ["Cloud Service Providers"]
+      "category": ["Cloud Service Providers"],
+      "gitHash": "0"
     },
     {
       "shortName": "GCP PCI-DSS 3.2.1",
       "longName": "Google Cloud Platform PCI-DSS 3.2.1",
       "link": "https://github.com/GoogleCloudPlatform/inspec-gcp-pci-profile",
       "svg": "inspec-blue-back-border",
-      "category": ["Cloud Service Providers"]
+      "category": ["Cloud Service Providers"],
+      "gitHash": "0"
     },
     {
       "shortName": "GCP CIS Benchmark",
       "longName": "Google Cloud Platform CIS Benchmark",
       "link": "https://github.com/GoogleCloudPlatform/inspec-gcp-cis-benchmark",
       "svg": "inspec-blue-back-border",
-      "category": ["Cloud Service Providers"]
+      "category": ["Cloud Service Providers"],
+      "gitHash": "0"
     },
     {
       "shortName": "DRAFT: VMWare ESXI 6.7 STIG",
@@ -294,5 +298,16 @@
       "svg": "inspec-blue-back-border",
       "category": ["Web Servers"]
     }
-  ]
+  ],
+  "extras": {
+    "csv": [
+      {
+        "shortName": "Heimdall_tools",
+        "longName": "CWE tool data mapped by Heimdall_tools",
+        "link": "https://github.com/mitre/heimdall_tools",
+        "path": "Heimdall_tools/lib/data/cwe-nist-mapping.csv",
+        "column": "NIST-ID"
+      }
+    ]
+  }
 }