npm - @cyclonedx/cdxgen - Versions diffs - 12.2.0 → 12.3.0 - Mend

@cyclonedx/cdxgen 12.2.0 → 12.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

package/README.md +242 -90
package/bin/audit.js +191 -0
package/bin/cdxgen.js +532 -168
package/bin/convert.js +99 -0
package/bin/evinse.js +23 -0
package/bin/repl.js +339 -8
package/bin/sign.js +8 -0
package/bin/validate.js +8 -0
package/bin/verify.js +8 -0
package/data/container-knowledge-index.json +125 -0
package/data/gtfobins-index.json +6296 -0
package/data/lolbas-index.json +150 -0
package/data/queries-darwin.json +63 -3
package/data/queries-win.json +45 -3
package/data/queries.json +74 -2
package/data/rules/chrome-extensions.yaml +240 -0
package/data/rules/ci-permissions.yaml +478 -18
package/data/rules/container-risk.yaml +270 -0
package/data/rules/obom-runtime.yaml +891 -0
package/data/rules/package-integrity.yaml +49 -0
package/data/spdx-export.schema.json +6794 -0
package/data/spdx-model-v3.0.1.jsonld +15999 -0
package/lib/audit/index.js +1924 -0
package/lib/audit/index.poku.js +1488 -0
package/lib/audit/progress.js +137 -0
package/lib/audit/progress.poku.js +188 -0
package/lib/audit/reporters.js +618 -0
package/lib/audit/scoring.js +310 -0
package/lib/audit/scoring.poku.js +341 -0
package/lib/audit/targets.js +260 -0
package/lib/audit/targets.poku.js +331 -0
package/lib/cli/index.js +276 -68
package/lib/cli/index.poku.js +368 -0
package/lib/helpers/analyzer.js +1052 -5
package/lib/helpers/analyzer.poku.js +301 -0
package/lib/helpers/annotationFormatter.js +49 -0
package/lib/helpers/annotationFormatter.poku.js +44 -0
package/lib/helpers/bomUtils.js +36 -0
package/lib/helpers/bomUtils.poku.js +51 -0
package/lib/helpers/caxa.js +2 -2
package/lib/helpers/chromextutils.js +1153 -0
package/lib/helpers/chromextutils.poku.js +493 -0
package/lib/helpers/ciParsers/githubActions.js +1632 -45
package/lib/helpers/ciParsers/githubActions.poku.js +853 -1
package/lib/helpers/containerRisk.js +186 -0
package/lib/helpers/containerRisk.poku.js +52 -0
package/lib/helpers/depsUtils.js +16 -0
package/lib/helpers/depsUtils.poku.js +58 -1
package/lib/helpers/display.js +245 -61
package/lib/helpers/display.poku.js +162 -2
package/lib/helpers/exportUtils.js +123 -0
package/lib/helpers/exportUtils.poku.js +60 -0
package/lib/helpers/formulationParsers.js +69 -0
package/lib/helpers/formulationParsers.poku.js +44 -0
package/lib/helpers/gtfobins.js +189 -0
package/lib/helpers/gtfobins.poku.js +49 -0
package/lib/helpers/lolbas.js +267 -0
package/lib/helpers/lolbas.poku.js +39 -0
package/lib/helpers/osqueryTransform.js +84 -0
package/lib/helpers/osqueryTransform.poku.js +49 -0
package/lib/helpers/provenanceUtils.js +193 -0
package/lib/helpers/provenanceUtils.poku.js +145 -0
package/lib/helpers/pylockutils.js +281 -0
package/lib/helpers/pylockutils.poku.js +48 -0
package/lib/helpers/registryProvenance.js +793 -0
package/lib/helpers/registryProvenance.poku.js +452 -0
package/lib/helpers/remote/dependency-track.js +84 -0
package/lib/helpers/remote/dependency-track.poku.js +119 -0
package/lib/helpers/source.js +1267 -0
package/lib/helpers/source.poku.js +771 -0
package/lib/helpers/spdxUtils.js +97 -0
package/lib/helpers/spdxUtils.poku.js +70 -0
package/lib/helpers/table.js +384 -0
package/lib/helpers/table.poku.js +186 -0
package/lib/helpers/unicodeScan.js +147 -0
package/lib/helpers/unicodeScan.poku.js +45 -0
package/lib/helpers/utils.js +882 -136
package/lib/helpers/utils.poku.js +995 -91
package/lib/managers/binary.js +29 -5
package/lib/managers/docker.js +179 -52
package/lib/managers/docker.poku.js +327 -28
package/lib/managers/oci.js +107 -23
package/lib/managers/oci.poku.js +132 -0
package/lib/server/openapi.yaml +50 -0
package/lib/server/server.js +228 -331
package/lib/server/server.poku.js +220 -5
package/lib/stages/postgen/annotator.js +7 -0
package/lib/stages/postgen/annotator.poku.js +40 -0
package/lib/stages/postgen/auditBom.js +20 -5
package/lib/stages/postgen/auditBom.poku.js +1729 -67
package/lib/stages/postgen/postgen.js +40 -0
package/lib/stages/postgen/postgen.poku.js +47 -0
package/lib/stages/postgen/ruleEngine.js +80 -2
package/lib/stages/postgen/spdxConverter.js +796 -0
package/lib/stages/postgen/spdxConverter.poku.js +341 -0
package/lib/validator/bomValidator.js +232 -0
package/lib/validator/bomValidator.poku.js +70 -0
package/lib/validator/complianceRules.js +70 -7
package/lib/validator/complianceRules.poku.js +30 -0
package/lib/validator/reporters/annotations.js +2 -2
package/lib/validator/reporters/console.js +13 -2
package/lib/validator/reporters.poku.js +13 -0
package/package.json +10 -8
package/types/bin/audit.d.ts +3 -0
package/types/bin/audit.d.ts.map +1 -0
package/types/bin/convert.d.ts +3 -0
package/types/bin/convert.d.ts.map +1 -0
package/types/bin/repl.d.ts.map +1 -1
package/types/lib/audit/index.d.ts +115 -0
package/types/lib/audit/index.d.ts.map +1 -0
package/types/lib/audit/progress.d.ts +27 -0
package/types/lib/audit/progress.d.ts.map +1 -0
package/types/lib/audit/reporters.d.ts +35 -0
package/types/lib/audit/reporters.d.ts.map +1 -0
package/types/lib/audit/scoring.d.ts +35 -0
package/types/lib/audit/scoring.d.ts.map +1 -0
package/types/lib/audit/targets.d.ts +63 -0
package/types/lib/audit/targets.d.ts.map +1 -0
package/types/lib/cli/index.d.ts +8 -0
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/helpers/analyzer.d.ts +13 -0
package/types/lib/helpers/analyzer.d.ts.map +1 -1
package/types/lib/helpers/annotationFormatter.d.ts +23 -0
package/types/lib/helpers/annotationFormatter.d.ts.map +1 -0
package/types/lib/helpers/bomUtils.d.ts +5 -0
package/types/lib/helpers/bomUtils.d.ts.map +1 -0
package/types/lib/helpers/chromextutils.d.ts +97 -0
package/types/lib/helpers/chromextutils.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/githubActions.d.ts +3 -8
package/types/lib/helpers/ciParsers/githubActions.d.ts.map +1 -1
package/types/lib/helpers/containerRisk.d.ts +17 -0
package/types/lib/helpers/containerRisk.d.ts.map +1 -0
package/types/lib/helpers/depsUtils.d.ts.map +1 -1
package/types/lib/helpers/display.d.ts +4 -1
package/types/lib/helpers/display.d.ts.map +1 -1
package/types/lib/helpers/exportUtils.d.ts +40 -0
package/types/lib/helpers/exportUtils.d.ts.map +1 -0
package/types/lib/helpers/formulationParsers.d.ts.map +1 -1
package/types/lib/helpers/gtfobins.d.ts +17 -0
package/types/lib/helpers/gtfobins.d.ts.map +1 -0
package/types/lib/helpers/lolbas.d.ts +16 -0
package/types/lib/helpers/lolbas.d.ts.map +1 -0
package/types/lib/helpers/osqueryTransform.d.ts +7 -0
package/types/lib/helpers/osqueryTransform.d.ts.map +1 -0
package/types/lib/helpers/provenanceUtils.d.ts +90 -0
package/types/lib/helpers/provenanceUtils.d.ts.map +1 -0
package/types/lib/helpers/pylockutils.d.ts +51 -0
package/types/lib/helpers/pylockutils.d.ts.map +1 -0
package/types/lib/helpers/registryProvenance.d.ts +17 -0
package/types/lib/helpers/registryProvenance.d.ts.map +1 -0
package/types/lib/helpers/remote/dependency-track.d.ts +16 -0
package/types/lib/helpers/remote/dependency-track.d.ts.map +1 -0
package/types/lib/helpers/source.d.ts +141 -0
package/types/lib/helpers/source.d.ts.map +1 -0
package/types/lib/helpers/spdxUtils.d.ts +2 -0
package/types/lib/helpers/spdxUtils.d.ts.map +1 -0
package/types/lib/helpers/table.d.ts +6 -0
package/types/lib/helpers/table.d.ts.map +1 -0
package/types/lib/helpers/unicodeScan.d.ts +46 -0
package/types/lib/helpers/unicodeScan.d.ts.map +1 -0
package/types/lib/helpers/utils.d.ts +30 -11
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/managers/oci.d.ts.map +1 -1
package/types/lib/server/server.d.ts +0 -35
package/types/lib/server/server.d.ts.map +1 -1
package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
package/types/lib/stages/postgen/spdxConverter.d.ts +11 -0
package/types/lib/stages/postgen/spdxConverter.d.ts.map +1 -0
package/types/lib/validator/bomValidator.d.ts +1 -0
package/types/lib/validator/bomValidator.d.ts.map +1 -1
package/types/lib/validator/complianceRules.d.ts.map +1 -1
package/types/lib/validator/reporters/console.d.ts.map +1 -1
package/types/bin/dependencies.d.ts +0 -3
package/types/bin/dependencies.d.ts.map +0 -1
package/types/bin/licenses.d.ts +0 -3
package/types/bin/licenses.d.ts.map +0 -1

package/data/container-knowledge-index.json ADDED Viewed

@@ -0,0 +1,125 @@
+{
+  "entries": {
+    "cdk": {
+      "attackTactics": ["TA0003", "TA0004", "TA0006", "TA0007", "TA0008"],
+      "attackTechniques": ["T1552.007", "T1609", "T1611", "T1613"],
+      "offenseTools": ["cdk"],
+      "riskTags": [
+        "container-escape",
+        "credential-access",
+        "k8s-cluster-pivot",
+        "offensive-toolkit"
+      ],
+      "sourceKeys": ["attack-containers", "cdk"]
+    },
+    "ctr": {
+      "attackTactics": ["TA0004", "TA0008"],
+      "attackTechniques": ["T1611"],
+      "offenseTools": ["cdk"],
+      "riskTags": ["container-escape", "runtime-control"],
+      "sourceKeys": ["attack-containers", "cdk"]
+    },
+    "curl": {
+      "attackTactics": ["TA0010", "TA0011"],
+      "attackTechniques": ["T1041", "T1105"],
+      "offenseTools": ["cdk", "deepce"],
+      "riskTags": ["data-exfiltration", "payload-delivery"],
+      "sourceKeys": ["cdk", "deepce"]
+    },
+    "deepce": {
+      "attackTactics": ["TA0004", "TA0006", "TA0007", "TA0008"],
+      "attackTechniques": ["T1552.007", "T1611", "T1613"],
+      "offenseTools": ["deepce"],
+      "riskTags": [
+        "container-escape",
+        "credential-access",
+        "offensive-toolkit"
+      ],
+      "sourceKeys": ["attack-containers", "deepce"]
+    },
+    "docker": {
+      "attackTactics": ["TA0004", "TA0008"],
+      "attackTechniques": ["T1611"],
+      "offenseTools": ["cdk", "deepce"],
+      "riskTags": ["container-escape", "runtime-socket"],
+      "sourceKeys": ["attack-containers", "cdk", "deepce"]
+    },
+    "kubectl": {
+      "attackTactics": ["TA0006", "TA0007", "TA0008"],
+      "attackTechniques": ["T1552.007", "T1609", "T1613"],
+      "offenseTools": ["cdk", "peirates"],
+      "riskTags": [
+        "credential-access",
+        "k8s-cluster-pivot",
+        "serviceaccount-access"
+      ],
+      "sourceKeys": ["attack-containers", "cdk", "peirates"]
+    },
+    "nc": {
+      "attackTactics": ["TA0008", "TA0011"],
+      "attackTechniques": ["T1041", "T1105"],
+      "offenseTools": ["cdk", "deepce"],
+      "riskTags": ["payload-delivery", "remote-shell"],
+      "sourceKeys": ["cdk", "deepce"]
+    },
+    "nsenter": {
+      "attackTactics": ["TA0004", "TA0008"],
+      "attackTechniques": ["T1611"],
+      "offenseTools": ["cdk", "deepce"],
+      "riskTags": ["container-escape", "namespace-escape"],
+      "seccompBlockedSyscalls": ["ptrace", "setns", "unshare"],
+      "seccompProfile": "docker-default",
+      "sourceKeys": ["attack-containers", "cdk", "deepce", "docker-seccomp"]
+    },
+    "peirates": {
+      "attackTactics": ["TA0003", "TA0006", "TA0007", "TA0008"],
+      "attackTechniques": ["T1552.007", "T1609", "T1613"],
+      "offenseTools": ["peirates"],
+      "riskTags": [
+        "credential-access",
+        "k8s-cluster-pivot",
+        "offensive-toolkit"
+      ],
+      "sourceKeys": ["attack-containers", "peirates"]
+    },
+    "runc": {
+      "attackTactics": ["TA0004", "TA0008"],
+      "attackTechniques": ["T1611"],
+      "offenseTools": ["cdk"],
+      "riskTags": ["container-escape", "runtime-control"],
+      "seccompBlockedSyscalls": ["open_by_handle_at", "setns"],
+      "seccompProfile": "docker-default",
+      "sourceKeys": ["attack-containers", "cdk", "docker-seccomp"]
+    },
+    "socat": {
+      "attackTactics": ["TA0008", "TA0011"],
+      "attackTechniques": ["T1041", "T1105"],
+      "offenseTools": ["cdk", "deepce"],
+      "riskTags": ["payload-delivery", "remote-shell"],
+      "sourceKeys": ["cdk", "deepce"]
+    },
+    "unshare": {
+      "attackTactics": ["TA0004", "TA0008"],
+      "attackTechniques": ["T1611"],
+      "offenseTools": ["cdk"],
+      "riskTags": ["container-escape", "namespace-escape"],
+      "seccompBlockedSyscalls": ["clone", "unshare"],
+      "seccompProfile": "docker-default",
+      "sourceKeys": ["attack-containers", "cdk", "docker-seccomp"]
+    },
+    "wget": {
+      "attackTactics": ["TA0010", "TA0011"],
+      "attackTechniques": ["T1041", "T1105"],
+      "offenseTools": ["cdk", "deepce"],
+      "riskTags": ["data-exfiltration", "payload-delivery"],
+      "sourceKeys": ["cdk", "deepce"]
+    }
+  },
+  "sources": {
+    "attack-containers": "https://attack.mitre.org/matrices/enterprise/containers/",
+    "cdk": "https://github.com/cdk-team/CDK",
+    "deepce": "https://github.com/stealthcopter/deepce",
+    "docker-seccomp": "https://docs.docker.com/engine/security/seccomp/",
+    "peirates": "https://github.com/inguardians/peirates"
+  }
+}