11require 'json'
2+ require 'set'
3+
24require 'htmlentities'
35
46require 'heimdall_tools/hdf'
@@ -29,6 +31,7 @@ module HeimdallTools
2931 end
3032 end
3133
34+ # todo: use hash.dig and safe navigation operator throughout
3235 class ASFFMapper
3336 IMPACT_MAPPING = {
3437 CRITICAL : 0.9 ,
@@ -53,10 +56,10 @@ def initialize(asff_json, securityhub_standards_json_array: nil, meta: nil)
5356 begin
5457 asff_required_keys = %w{ AwsAccountId CreatedAt Description GeneratorId Id ProductArn Resources SchemaVersion Severity Title Types UpdatedAt }
5558 @report = JSON . parse ( asff_json )
56- if @report . length == 1 && @report . member? ( 'Findings' ) && @report [ 'Findings' ] . each { |finding | asff_required_keys . difference ( finding . keys ) . none? } . all?
59+ if @report . length == 1 && @report . member? ( 'Findings' ) && @report [ 'Findings' ] . each { |finding | asff_required_keys . to_set . difference ( finding . keys . to_set ) . none? } . all?
5760 # ideal case that is spec compliant
5861 # might need to ensure that the file is utf-8 encoded and remove a BOM if one exists
59- elsif asff_required_keys . difference ( @report . keys ) . none?
62+ elsif asff_required_keys . to_set . difference ( @report . keys . to_set ) . none?
6063 # individual finding so have to add wrapping array
6164 @report = { 'Findings' => [ @report ] }
6265 else
@@ -127,11 +130,11 @@ def subfindings(finding)
127130 subfinding [ 'status' ] = 'skipped'
128131 subfinding [ 'message' ] = statusreason if statusreason
129132 else
130- subfinding [ 'status' ] = 'no_status'
133+ subfinding [ 'status' ] = 'error' # not a valid value for the status enum
131134 subfinding [ 'message' ] = statusreason if statusreason
132135 end
133136 else
134- subfinding [ 'status' ] = 'no_status'
137+ subfinding [ 'status' ] = 'skipped' # if no compliance status is provided which is a weird but possible case, then skip
135138 subfinding [ 'message' ] = statusreason if statusreason
136139 end
137140
0 commit comments