appeased rubocop

Author: Amndeep7

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2021-06-07 20:33:06 UTC using RuboCop version 1.16.0.
+# on 2021-08-05 04:56:46 UTC using RuboCop version 1.14.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -19,12 +19,6 @@ Lint/DuplicateBranch:
   Exclude:
     - 'lib/heimdall_tools/dbprotect_mapper.rb'
 
-# Offense count: 1
-# Configuration parameters: MaximumRangeSize.
-Lint/MissingCopEnableDirective:
-  Exclude:
-    - 'lib/heimdall_tools/nessus_mapper.rb'
-
 # Offense count: 1
 Lint/RequireParentheses:
   Exclude:
@@ -37,10 +31,10 @@ Lint/UnusedMethodArgument:
   Exclude:
     - 'lib/heimdall_tools/hdf.rb'
 
-# Offense count: 37
+# Offense count: 49
 # Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 124
+  Max: 165
 
 # Offense count: 5
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
@@ -53,17 +47,17 @@ Metrics/BlockLength:
 Metrics/BlockNesting:
   Max: 5
 
-# Offense count: 9
+# Offense count: 10
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ClassLength:
   Max: 175
 
-# Offense count: 10
+# Offense count: 13
 # Configuration parameters: IgnoredMethods.
 Metrics/CyclomaticComplexity:
-  Max: 17
+  Max: 30
 
-# Offense count: 40
+# Offense count: 44
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
 Metrics/MethodLength:
   Max: 56
@@ -73,10 +67,10 @@ Metrics/MethodLength:
 Metrics/ParameterLists:
   Max: 18
 
-# Offense count: 8
+# Offense count: 11
 # Configuration parameters: IgnoredMethods.
 Metrics/PerceivedComplexity:
-  Max: 17
+  Max: 30
 
 # Offense count: 3
 Naming/AccessorMethodName:
@@ -98,10 +92,11 @@ Naming/VariableName:
   Exclude:
     - 'lib/heimdall_tools/burpsuite_mapper.rb'
 
-# Offense count: 12
+# Offense count: 15
 # Configuration parameters: AllowedVariables.
 Style/GlobalVars:
   Exclude:
+    - 'lib/heimdall_tools/asff_mapper.rb'
     - 'lib/heimdall_tools/jfrog_xray_mapper.rb'
     - 'lib/heimdall_tools/nessus_mapper.rb'
     - 'lib/heimdall_tools/nikto_mapper.rb'

heimdall_tools.gemspec

@@ -28,8 +28,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'aws-sdk-securityhub', '~> 1'
   spec.add_runtime_dependency 'aws-sdk-configservice', '~> 1'
+  spec.add_runtime_dependency 'aws-sdk-securityhub', '~> 1'
   spec.add_runtime_dependency 'csv', '~> 3.1'
   spec.add_runtime_dependency 'git-lite-version-bump', '>= 0.17.2'
   spec.add_runtime_dependency 'htmlentities', '~> 4.3.4'

lib/heimdall_tools/asff_compatible_products/securityhub.rb

@@ -25,17 +25,15 @@ def self.supporting_docs(standards:)
       { controls: controls, aws_config_mapping: aws_config_mapping }
     end
 
-    def self.finding_id(finding, *, controls: nil, encode:, **)
+    def self.finding_id(finding, *, encode:, controls: nil, **)
       ret = if !controls.nil? && !(control = corresponding_control(controls, finding)).nil?
               control['ControlId']
+            elsif finding['ProductFields'].member?('ControlId') # check if aws
+              finding['ProductFields']['ControlId']
+            elsif finding['ProductFields'].member?('RuleId') # check if cis
+              finding['ProductFields']['RuleId']
             else
-              if finding['ProductFields'].member?('ControlId') # check if aws
-                finding['ProductFields']['ControlId']
-              elsif finding['ProductFields'].member?('RuleId') # check if cis
-                finding['ProductFields']['RuleId']
-              else
-                finding['GeneratorId'].split('/')[-1]
-              end
+              finding['GeneratorId'].split('/')[-1]
             end
       encode.call(ret)
     end
@@ -54,10 +52,11 @@ def self.finding_impact(finding, *, controls: nil, **)
 
     def self.finding_nist_tag(finding, *, aws_config_mapping:, **)
       return {} unless finding['ProductFields']['RelatedAWSResources:0/type'] == 'AWS::Config::ConfigRule'
+
       aws_config_mapping.select { |rule| finding['ProductFields']['RelatedAWSResources:0/name'].include? rule[:awsconfigrulename] }
     end
 
-    def self.finding_title(finding, *, controls: nil, encode:, **)
+    def self.finding_title(finding, *, encode:, controls: nil, **)
       ret = if !controls.nil? && !(control = corresponding_control(controls, finding)).nil?
               control['Title']
             else

lib/heimdall_tools/asff_mapper.rb

@@ -6,7 +6,6 @@
 require 'heimdall_tools/asff_compatible_products/prowler'
 require 'heimdall_tools/asff_compatible_products/securityhub'
 
-
 module HeimdallTools
   DEFAULT_NIST_TAG = %w{SA-11 RA-5}.freeze
 
@@ -40,19 +39,19 @@ class ASFFMapper
     }.freeze
 
     PRODUCT_ARN_MAPPING = {
-      /arn:.+:securityhub:.+:.*:product\/aws\/firewall-manager/ => FirewallManager,
-      /arn:.+:securityhub:.+:.*:product\/aws\/securityhub/ => SecurityHub,
-      /arn:.+:securityhub:.+:.*:product\/prowler\/prowler/ => Prowler
+      %r{arn:.+:securityhub:.+:.*:product/aws/firewall-manager} => FirewallManager,
+      %r{arn:.+:securityhub:.+:.*:product/aws/securityhub} => SecurityHub,
+      %r{arn:.+:securityhub:.+:.*:product/prowler/prowler} => Prowler
     }.freeze
 
     def initialize(asff_json, securityhub_standards_json_array: nil, meta: nil)
       @meta = meta
 
       @supporting_docs = {}
-      @supporting_docs[SecurityHub] = SecurityHub.supporting_docs({standards: securityhub_standards_json_array})
+      @supporting_docs[SecurityHub] = SecurityHub.supporting_docs({ standards: securityhub_standards_json_array })
 
       begin
-        asff_required_keys = %w(AwsAccountId CreatedAt Description GeneratorId Id ProductArn Resources SchemaVersion Severity Title Types UpdatedAt)
+        asff_required_keys = %w{AwsAccountId CreatedAt Description GeneratorId Id ProductArn Resources SchemaVersion Severity Title Types UpdatedAt}
         @report = JSON.parse(asff_json)
         if @report.length == 1 && @report.member?('Findings') && @report['Findings'].each { |finding| asff_required_keys.difference(finding.keys).none? }.all?
           # ideal case that is spec compliant
@@ -61,7 +60,7 @@ def initialize(asff_json, securityhub_standards_json_array: nil, meta: nil)
           # individual finding so have to add wrapping array
           @report = { 'Findings' => [@report] }
         else
-          raise "Not a findings file nor an individual finding"
+          raise 'Not a findings file nor an individual finding'
         end
       rescue StandardError => e
         raise "Invalid ASFF file provided:\nException: #{e}"
@@ -79,12 +78,10 @@ def external_product_handler(product, data, func, default)
         keywords = { encode: method(:encode) }
         keywords = keywords.merge(@supporting_docs[PRODUCT_ARN_MAPPING[arn || product]]) if @supporting_docs.member?(PRODUCT_ARN_MAPPING[arn || product])
         PRODUCT_ARN_MAPPING[arn || product].send(func, data, **keywords)
+      elsif default.is_a? Proc
+        default.call
       else
-        if default.is_a? Proc
-          default.call
-        else
-          default
-        end
+        default
       end
     end
 
@@ -100,7 +97,7 @@ def impact(finding)
         imp = :INFORMATIONAL
       else
         # severity is required, but can be either 'label' or 'normalized' internally with 'label' being preferred.  other values can be in here too such as the original severity rating.
-        default = Proc.new { finding['Severity'].key?('Label') ? finding['Severity']['Label'].to_sym : finding['Severity']['Normalized']/100.0 }
+        default = proc { finding['Severity'].key?('Label') ? finding['Severity']['Label'].to_sym : finding['Severity']['Normalized']/100.0 }
         imp = external_product_handler(finding['ProductArn'], finding, :finding_impact, default)
       end
       imp.is_a?(Symbol) ? IMPACT_MAPPING[imp] : imp
@@ -140,7 +137,7 @@ def subfindings(finding)
 
       subfinding['code_desc'] = external_product_handler(finding['ProductArn'], finding, :subfindings_code_desc, '')
       subfinding['code_desc'] += '; ' unless subfinding['code_desc'].empty?
-      subfinding['code_desc'] += "Resources: [#{finding['Resources'].map { |r| "Type: #{encode(r['Type'])}, Id: #{encode(r['Id'])}#{', Partition: ' + encode(r['Partition']) if r.key?('Partition')}#{', Region: ' + encode(r['Region']) if r.key?('Region')}" }.join(', ') }]"
+      subfinding['code_desc'] += "Resources: [#{finding['Resources'].map { |r| "Type: #{encode(r['Type'])}, Id: #{encode(r['Id'])}#{", Partition: #{encode(r['Partition'])}" if r.key?('Partition')}#{", Region: #{encode(r['Region'])}" if r.key?('Region')}" }.join(', ')}]"
 
       subfinding['start_time'] = finding.key?('LastObservedAt') ? finding['LastObservedAt'] : finding['UpdatedAt']
 
@@ -167,7 +164,7 @@ def to_hdf
         item['desc'] = encode(finding['Description'])
 
         item['descriptions'] = []
-        item['descriptions'] << desc_tags(finding['Remediation']['Recommendation'].map { |k,v| encode(v) }.join("\n"), 'fix') if finding.key?('Remediation') && finding['Remediation'].key?('Recommendation')
+        item['descriptions'] << desc_tags(finding['Remediation']['Recommendation'].map { |_k, v| encode(v) }.join("\n"), 'fix') if finding.key?('Remediation') && finding['Remediation'].key?('Recommendation')
 
         item['refs'] = []
         item['refs'] << { url: finding['SourceUrl'] } if finding.key?('SourceUrl')
@@ -203,7 +200,7 @@ def to_hdf
           # add product name to id if any ids are the same across products
           item['id'] = product_groups.filter { |pg| pg != product }.values.any? { |ig| ig.keys.include?(id) } ? "[#{product_name}] #{id}" : id
 
-          item['title'] = "#{product_name}: #{group.map { |d| d['title'] }.uniq.join(";")}"
+          item['title'] = "#{product_name}: #{group.map { |d| d['title'] }.uniq.join(';')}"
 
           item['tags'] = { nist: group.map { |d| d['tags'][:nist] }.flatten.uniq }
 
@@ -216,16 +213,16 @@ def to_hdf
           item['refs'] = group.map { |d| d['refs'] }.flatten.compact.reject(&:empty?).uniq
 
           item['source_location'] = NA_HASH
-          item['code'] = JSON.pretty_generate({ "Findings": findings })
+          item['code'] = JSON.pretty_generate({ Findings: findings })
 
           item['results'] = group.map { |d| d['results'] }.flatten.uniq
 
           controls << item
         end
       end
 
-      results = HeimdallDataFormat.new(profile_name: @meta && @meta.key?('name') ? @meta['name'] : 'AWS Security Finding Format',
-                                       title: @meta && @meta.key?('title') ? @meta['title'] : "ASFF findings",
+      results = HeimdallDataFormat.new(profile_name: @meta&.key?('name') ? @meta['name'] : 'AWS Security Finding Format',
+                                       title: @meta&.key?('title') ? @meta['title'] : 'ASFF findings',
                                        controls: controls)
       results.to_hdf
     end

lib/heimdall_tools/fortify_mapper.rb

@@ -55,15 +55,13 @@ def primaries(classid)
       findings.uniq
     end
 
-    # rubocop:disable Layout/LineEndStringConcatenationIndentation
     def snippet(snippetid)
       snippet = @snippets.select { |x| x['id'].eql?(snippetid) }.first
       "\nPath: #{snippet['File']}\n" \
       "StartLine: #{snippet['StartLine']}, " \
       "EndLine: #{snippet['EndLine']}\n" \
       "Code:\n#{snippet['Text']['#cdata-section'].strip}" \
     end
-    # rubocop:enable Layout/LineEndStringConcatenationIndentation
 
     def nist_tag(rule)
       references = rule['References']['Reference']