OpenFISMA System Inventory: Import Plugin for Nmap

Josh Boyd

joshua.boyd@endeavorsystems.com

July 15, 2010

c© (c) 2009 Endeavor Systems, Inc., http://open�sma.org/content/license

1 Functional Speci�cation

1.1 Background

The Nmap import plugin takes an Nmap XML �le and creates appropriate assets andproducts in OpenFISMA.

1.2 Links

Vendor Website1

1.3 XML Format

Field Description Example

host Container for scanned host <host>...</host>status Status of scanned host <status state="down"

reason="no-response"/>address IP of scanned host <address addr="192.168.0.1"

addrtype="ipv4" />port Port information of scanned host <port protocol="tcp"

portid="21">...</port>state State of port <state state="open" reason="syn-ack"

reason_ttl="0"/>service Service information for port <service name="ssh" product="OpenSSH"

version="5.1p1 Debian 5ubuntu1"

extrainfo="protocol 2.0" ostype="Linux"i

method="probed" conf="10" />

1

2. TECHNICAL SPECIFICATION 2

Physical Name Logical Name Mapping Rule

asset Asset Check to see if a corresponding asset already

exists by comparing the Network, IP Address,

and Port of this asset to all existing assets. If

the asset exists, then do not modify it and do

not create a new one.

asset.networkId Network Speci�ed by user immediately before uploading

the �le.

asset.addressIp Asset IP Address Parse the IP Address from the �le <address>attribute.

asset.addressPort Asset Port Parse the port from the �le <port> attibute.

asset.createdTs Creation Timestamp System date

asset.source Source Constant: `SCAN'

product Product Check to see if a corresponding product already

exists by comparing the vendor, name, version

of the product to all existing products. If the

product exists, then do not modify it and do

not create a new one.

product.name Name Parse the name from the �le <service> at-

tribute, using product + version if available,

and name if not.

product.version Version Parse the version from the �le's <version> at-

tribute, if available.

1.4 Mapping Rules

2 Technical Speci�cation

OFJ-62

2.1 Classes

• What classes will be added, modi�ed, deleted or involved?

� Fisma_Import_Factory

� Fisma_Import_Abstract

� Fisma_Import_Nmap

2.2 Test cases

User stories

1. If the user does not select a �le to import from, the plugin should return an errormessage.

1http://nmap.org/2http://jira.open�sma.org/browse/OFJ-6

2. TECHNICAL SPECIFICATION 3

2. If the user uploads a �le in an invalid format to import from, the plugin should returnan error message.

3. If the user uploads a valid �le, the plugin should import and return a success message.

4. If the user uploads a valid �le which has assets or products that already exist in thedatabase, the duplicates will be suppressed.

5. If the user does not select a system to import into, the plugin should return an errormessage.

6. If the user does not select a network to import into, the plugin should return an errormessage.

7. If the user does not have the appropriate permissions to import assets or products,the plugin should return an error message.