Anchore Grype Mapper

apps/frontend/src/store/report_intake.ts

@@ -7,6 +7,7 @@ import Store from '@/store/store';
 import {Tag} from '@/types/models';
 import {readFileAsync} from '@/utilities/async_util';
 import {
+  AnchoreGrypeMapper,
   ASFFResults as ASFFResultsMapper,
   BurpSuiteMapper,
   ChecklistResults,

libs/hdf-converters/index.ts

@@ -1,4 +1,5 @@
 export {ASFFResults} from './src/asff-mapper/asff-mapper';
+export * from './src/anchore-grype-mapper';
 export * from './src/aws-config-mapper';
 export * from './src/burpsuite-mapper';
 export * from './src/ckl-mapper/checklist-mapper';

libs/hdf-converters/sample_jsons/anchore_grype_mapper/anchore_grype_example_hdf.json

@@ -0,0 +1,221 @@
+{
+    platform: {
+      name,
+      release,
+      target_id
+    },
+    version,
+    statistics: {
+      duration
+    },
+    profiles: [
+      {
+        "name": "anchore - grype",
+        version,
+        sha256,
+        "title": "anchore grype matches",
+        maintainer,
+        "summary":
+        license,
+        copyright,
+        copyright_email,
+        supports,
+        attributes,
+        groups,
+        controls: [
+          {
+            "id": "Grype/CVE-2021-36159", //vulnerability -> id
+            "title": "Grype found a vulnerability to CVE-2021-36159", //vulnerability -> id
+            "desc": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.", //related vulnerabilities -> description
+            "descriptions": [
+              "fix": {
+                "versions": [
+                 "2.10.7-r0"
+                ],
+                "state": "fixed"
+               } //make more readable. 
+
+               cvss : "
+               {
+       "source": "[email protected]",
+       "type": "Primary",
+       "version": "2.0",
+       "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
+       "metrics": {
+        "baseScore": 6.4,
+        "exploitabilityScore": 10,
+        "impactScore": 4.9
+       },
+       "vendorMetadata": {}
+      },
+      {
+       "source": "[email protected]",
+       "type": "Primary",
+       "version": "3.1",
+       "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+       "metrics": {
+        "baseScore": 9.1,
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+       },
+       "vendorMetadata": {}
+      }"
+
+            ],
+            "impact": 0.9, //vulnerability -> severtiy (use map to convert severity to impact)
+            "refs": [
+                "https://www.cve.org/CVERecord?id=CVE-2021-36159",
+                "https://nvd.nist.gov/vuln/detail/CVE-2021-36159",
+                "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch",
+                "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749",
+                "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E",
+                "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E",
+                "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E",
+                "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
+                //vulnberability -> datasource, relatedVulnerabilities -> datasource, relatedVulnberabilities -> urls
+            ],
+            "tags": {
+                "nist": [
+                    "SA-11",
+                    "RA-5"
+                ],
+                "cveid": [
+                   "CVE-2021-36159" //vulnberability -> id 
+                ] 
+
+            },
+            code, //everything from vulnerability to relatedvulnerability 
+            "source_location": 
+            results: [
+              {
+                status: "failed"
+                code_desc: "source": {
+  "type": "image",
+  "target": {
+   "userInput": "cloudwatch_to_s3:latest",
+                "{
+     "type": "exact-indirect-match",
+     "matcher": "apk-matcher",
+     "searchedBy": {
+      "distro": {
+       "type": "alpine",
+       "version": "3.11.3"
+      },
+      "namespace": "alpine:distro:alpine:3.11",
+      "package": {
+       "name": "apk-tools",
+       "version": "2.10.4-r3"
+      }
+     },
+     "found": {
+      "versionConstraint": "< 2.10.7-r0 (apk)",
+      "vulnerabilityID": "CVE-2021-36159"
+     }
+    },
+    {
+     "type": "exact-direct-match",
+     "matcher": "apk-matcher",
+     "searchedBy": {
+      "distro": {
+       "type": "alpine",
+       "version": "3.11.3"
+      },
+      "namespace": "alpine:distro:alpine:3.11",
+      "package": {
+       "name": "apk-tools",
+       "version": "2.10.4-r3"
+      }
+     },
+     "found": {
+      "versionConstraint": "< 2.10.7-r0 (apk)",
+      "vulnerabilityID": "CVE-2021-36159"
+     }
+    }", 
+                "message": ""artifact": {
+                "id": "1acb8fe52f3da542",
+                "name": "apk-tools",
+                "version": "2.10.4-r3",
+                "type": "apk",
+                "locations": [
+                {
+                  "path": "/lib/apk/db/installed",
+                  "layerID": "sha256:ccad0a45fab58237077eb38a0356a11b62854af2b99830dc1426bf04fa879b5b"
+                }
+                ],
+                "language": "",
+                "licenses": [
+                "GPL2"
+                ],
+                "cpes": [
+                "cpe:2.3:a:apk-tools:apk-tools:2.10.4-r3:*:*:*:*:*:*:*",
+                "cpe:2.3:a:apk-tools:apk_tools:2.10.4-r3:*:*:*:*:*:*:*",
+                "cpe:2.3:a:apk_tools:apk-tools:2.10.4-r3:*:*:*:*:*:*:*",
+                "cpe:2.3:a:apk_tools:apk_tools:2.10.4-r3:*:*:*:*:*:*:*",
+                "cpe:2.3:a:apk:apk-tools:2.10.4-r3:*:*:*:*:*:*:*",
+                "cpe:2.3:a:apk:apk_tools:2.10.4-r3:*:*:*:*:*:*:*"
+                ],
+                "purl": "pkg:apk/alpine/[email protected]?arch=aarch64&distro=alpine-3.11.3",
+                "upstreams": [
+                {
+                  "name": "apk-tools"
+                }
+                ],
+                "metadataType": "ApkMetadata",
+                "metadata": {
+                "files": [
+                  {
+                  "path": "/etc"
+                  },
+                  {
+                  "path": "/etc/apk"
+                  },
+                  {
+                  "path": "/etc/apk/keys"
+                  },
+                  {
+                  "path": "/etc/apk/protected_paths.d"
+                  },
+                  {
+                  "path": "/sbin"
+                  },
+                  {
+                  "path": "/sbin/apk"
+                  },
+                  {
+                  "path": "/usr"
+                  },
+                  {
+                  "path": "/var"
+                  },
+                  {
+                  "path": "/var/lib"
+                  },
+                  {
+                  "path": "/var/lib/apk"
+                  },
+                  {
+                  "path": "/var/cache"
+                  },
+                  {
+                  "path": "/var/cache/misc"
+                  }
+                ]
+                }
+              }
+              } ", //matchDetails -> type, matcher
+                run_time,
+                start_time
+              }
+            ]
+          },
+        ],
+        status
+      },
+    ],
+    passthrough: {
+      auxiliary_data: [
+
+      ],
+      raw
+    }
+  }