More Practice
6/17/24About 2 min
The following are some practice source data sets to create mappers with.
Before you begin, recall the steps we took previously to develop our GoSec and DBProtect mappers:
- Examine and break down the security data format. Remember to ask yourself the following questions while analyzing the fields of your security data:
What is the purpose of this field?
What is this field recording (i.e., metadata, requirements, requirement testing)?
- Correlate your security data to the OHDF schema. Focus on correlating fields from order of obvious to less obvious.
Empty OHDF Schema
{
platform: {
name,
release,
target_id
},
version,
statistics: {
duration
},
profiles: [
{
name,
version,
sha256,
title,
maintainer,
summary,
license,
copyright,
copyright_email,
supports,
attributes,
groups,
controls: [
{
id,
title,
desc,
descriptions,
impact,
refs,
tags,
code,
source_location,
results: [
{
status,
code_desc,
message,
run_time,
start_time
}
]
},
],
status
},
],
passthrough: {
auxiliary_data: [
{
name,
data
},
],
raw
}
}- Implement your mapping using the tools and resources provided in the previous section.
JFrog Xray
Source Data
{
"total_count": 1,
"data": [
{
"id": "",
"severity": "High",
"summary": "Acorn regexp.js Regular Expression Validation UTF-16 Surrogate Handling Infinite Loop DoS",
"issue_type": "security",
"provider": "JFrog",
"component": "acorn",
"source_id": "npm://acorn",
"source_comp_id": "npm://acorn:5.7.3",
"component_versions": {
"id": "acorn",
"vulnerable_versions": [
"5.5.0 ≤ Version < 5.7.4",
"6.0.0 ≤ Version < 6.4.1",
"7.0.0",
"7.1.0"
],
"fixed_versions": ["5.7.4", "6.4.1", "7.1.1"],
"more_details": {
"cves": [
{
"cvss_v2": "7.1/AV:N/AC:M/Au:N/C:N/I:N/A:C",
"cvss_v3": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"description": "Acorn contains an infinite loop condition in regexp.js that is triggered when handling UTF_16 surrogates while validating regular expressions. This may allow a context-dependent attacker to hang a process using the library.",
"provider": "JFrog"
}
},
"edited": "2020-11-03T19:30:42-05:00"
}
]
}Twistlock
Source Data
{
"results": [
{
"id": "sha256:b1c0237ebd29860066656372da10d8d7da33b34715986f74b3d5a7e4ba060d1b",
"name": "registry.io/test:1a7a431a105aa04632f5f5fbe8f753bd245add0a",
"distro": "Red Hat Enterprise Linux release 8.6 (Ootpa)",
"distroRelease": "RHEL8",
"digest": "sha256:c0274cb1e0c6e92d2ccc1e23bd19b7dddedbaa2da26861c225d4ad6cec5047f4",
"collections": ["All", "TEST-COLLECTION"],
"packages": [
{
"type": "os",
"name": "nss-util",
"version": "3.67.0-7.el8_5",
"licenses": ["MPLv2.0"]
}
],
"applications": [
{
"name": ".net-core",
"version": "5.0.17",
"path": "/usr/lib64/dotnet/dotnet"
}
],
"complianceDistribution": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"total": 0
},
"complianceScanPassed": true,
"vulnerabilities": [
{
"id": "CVE-2021-43529",
"status": "affected",
"cvss": 9.8,
"description": "DOCUMENTATION: A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability. STATEMENT: The issue is not limited to TLS. Any applications that use NSS certificate verification are vulnerable; S/MIME is impacted as well. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client. Firefox is not vulnerable to this flaw as it uses the mozilla::pkix for certificate verification. Thunderbird is affected when parsing email with the S/MIME signature. Thunderbird on Red Hat Enterprise Linux 8.4 and later does not need to be updated since it uses the system NSS library, but earlier Red Hat Enterprise Linux 8 extended life streams will need to update Thunderbird as well as NSS. MITIGATION: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affec",
"severity": "critical",
"packageName": "nss-util",
"packageVersion": "3.67.0-7.el8_5",
"link": "https://access.redhat.com/security/cve/CVE-2021-43529",
"riskFactors": [
"Remote execution",
"Attack complexity: low",
"Attack vector: network",
"Critical severity",
"Recent vulnerability"
],
"impactedVersions": ["*"],
"publishedDate": "2021-12-01T00:00:00Z",
"discoveredDate": "2022-05-18T12:24:22Z",
"layerTime": "2022-05-16T23:12:25Z"
}
],
"vulnerabilityDistribution": {
"critical": 1,
"high": 0,
"medium": 0,
"low": 0,
"total": 1
},
"vulnerabilityScanPassed": true,
"history": [
{
"created": "2022-05-16T23:12:02Z",
"instruction": "ARG GOPROXY=http://nexus-repository-manager.nexus-repository-manager.svc.cluster.local:8081/repository/goproxy/ HTTP_PROXY=http://localhost:3128 http_proxy=http://localhost:3128"
}
],
"scanTime": "2022-05-18T12:24:32.855444532Z",
"scanID": "6284e580d9600f8d0db159e2"
}
],
"consoleURL": "https://twistlock.test.net/#!/monitor/vulnerabilities/images/ci?search=sha256%3Ab1c0237ebd29860066656372da10d8d7da33b34715986f74b3d5a7e4ba060d1b"
}