fixed nist tags to properly be in the compatible product

Signed-off-by: Amndeep Singh Mann <[email protected]>

Author: Amndeep7

lib/heimdall_tools/asff_compatible_products/securityhub.rb

@@ -53,7 +53,17 @@ def self.finding_impact(finding, *, controls: nil, **)
     def self.finding_nist_tag(finding, *, aws_config_mapping:, **)
       return {} unless finding['ProductFields']['RelatedAWSResources:0/type'] == 'AWS::Config::ConfigRule'
 
-      aws_config_mapping.select { |rule| finding['ProductFields']['RelatedAWSResources:0/name'].include? rule[:awsconfigrulename] }
+      entries = aws_config_mapping.select { |rule| finding['ProductFields']['RelatedAWSResources:0/name'].include? rule[:awsconfigrulename] }
+      entries.map do |rule|
+        tags_joined = rule[:nistid].split('|') # subheadings are joined together in the csv file
+        tags_joined.map do |tag|
+          if (i = tag.index('(')).nil?
+            tag
+          else
+            tag[i..].scan(/\(.+?\)/).map { |subheading| "#{tag[0..i-1]}#{subheading}" }
+          end
+        end
+      end.flatten.uniq
     end
 
     def self.finding_title(finding, *, encode:, controls: nil, **)

lib/heimdall_tools/asff_mapper.rb

@@ -89,9 +89,8 @@ def external_product_handler(product, data, func, default)
     end
 
     def nist_tag(finding)
-      entries = external_product_handler(finding['ProductArn'], finding, :finding_nist_tag, {})
-      tags = entries.map { |rule| rule[:nistid].split('|') }
-      tags.empty? ? DEFAULT_NIST_TAG : tags.flatten.uniq
+      tags = external_product_handler(finding['ProductArn'], finding, :finding_nist_tag, {})
+      tags.empty? ? DEFAULT_NIST_TAG : tags
     end
 
     def impact(finding)