@cyclonedx/cdxgen 12.2.1 → 12.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +239 -90
- package/bin/audit.js +191 -0
- package/bin/cdxgen.js +513 -167
- package/bin/convert.js +99 -0
- package/bin/evinse.js +23 -0
- package/bin/repl.js +339 -8
- package/bin/sign.js +8 -0
- package/bin/validate.js +8 -0
- package/bin/verify.js +8 -0
- package/data/container-knowledge-index.json +125 -0
- package/data/gtfobins-index.json +6296 -0
- package/data/lolbas-index.json +150 -0
- package/data/queries-darwin.json +63 -3
- package/data/queries-win.json +45 -3
- package/data/queries.json +74 -2
- package/data/rules/chrome-extensions.yaml +240 -0
- package/data/rules/ci-permissions.yaml +478 -18
- package/data/rules/container-risk.yaml +270 -0
- package/data/rules/obom-runtime.yaml +891 -0
- package/data/rules/package-integrity.yaml +49 -0
- package/data/spdx-export.schema.json +6794 -0
- package/data/spdx-model-v3.0.1.jsonld +15999 -0
- package/lib/audit/index.js +1924 -0
- package/lib/audit/index.poku.js +1488 -0
- package/lib/audit/progress.js +137 -0
- package/lib/audit/progress.poku.js +188 -0
- package/lib/audit/reporters.js +618 -0
- package/lib/audit/scoring.js +310 -0
- package/lib/audit/scoring.poku.js +341 -0
- package/lib/audit/targets.js +260 -0
- package/lib/audit/targets.poku.js +331 -0
- package/lib/cli/index.js +154 -11
- package/lib/cli/index.poku.js +251 -0
- package/lib/helpers/analyzer.js +446 -2
- package/lib/helpers/analyzer.poku.js +72 -1
- package/lib/helpers/annotationFormatter.js +49 -0
- package/lib/helpers/annotationFormatter.poku.js +44 -0
- package/lib/helpers/bomUtils.js +36 -0
- package/lib/helpers/bomUtils.poku.js +51 -0
- package/lib/helpers/caxa.js +2 -2
- package/lib/helpers/chromextutils.js +1153 -0
- package/lib/helpers/chromextutils.poku.js +493 -0
- package/lib/helpers/ciParsers/githubActions.js +1632 -45
- package/lib/helpers/ciParsers/githubActions.poku.js +853 -1
- package/lib/helpers/containerRisk.js +186 -0
- package/lib/helpers/containerRisk.poku.js +52 -0
- package/lib/helpers/display.js +241 -59
- package/lib/helpers/display.poku.js +162 -2
- package/lib/helpers/exportUtils.js +123 -0
- package/lib/helpers/exportUtils.poku.js +60 -0
- package/lib/helpers/formulationParsers.js +69 -0
- package/lib/helpers/formulationParsers.poku.js +44 -0
- package/lib/helpers/gtfobins.js +189 -0
- package/lib/helpers/gtfobins.poku.js +49 -0
- package/lib/helpers/lolbas.js +267 -0
- package/lib/helpers/lolbas.poku.js +39 -0
- package/lib/helpers/osqueryTransform.js +84 -0
- package/lib/helpers/osqueryTransform.poku.js +49 -0
- package/lib/helpers/provenanceUtils.js +193 -0
- package/lib/helpers/provenanceUtils.poku.js +145 -0
- package/lib/helpers/pylockutils.js +281 -0
- package/lib/helpers/pylockutils.poku.js +48 -0
- package/lib/helpers/registryProvenance.js +793 -0
- package/lib/helpers/registryProvenance.poku.js +452 -0
- package/lib/helpers/source.js +1267 -0
- package/lib/helpers/source.poku.js +771 -0
- package/lib/helpers/spdxUtils.js +97 -0
- package/lib/helpers/spdxUtils.poku.js +70 -0
- package/lib/helpers/unicodeScan.js +147 -0
- package/lib/helpers/unicodeScan.poku.js +45 -0
- package/lib/helpers/utils.js +700 -128
- package/lib/helpers/utils.poku.js +877 -80
- package/lib/managers/binary.js +29 -5
- package/lib/managers/docker.js +179 -52
- package/lib/managers/docker.poku.js +327 -28
- package/lib/managers/oci.js +107 -23
- package/lib/managers/oci.poku.js +132 -0
- package/lib/server/openapi.yaml +17 -0
- package/lib/server/server.js +225 -336
- package/lib/server/server.poku.js +16 -10
- package/lib/stages/postgen/annotator.js +7 -0
- package/lib/stages/postgen/annotator.poku.js +40 -0
- package/lib/stages/postgen/auditBom.js +19 -3
- package/lib/stages/postgen/auditBom.poku.js +1729 -67
- package/lib/stages/postgen/postgen.js +40 -0
- package/lib/stages/postgen/postgen.poku.js +47 -0
- package/lib/stages/postgen/ruleEngine.js +80 -2
- package/lib/stages/postgen/spdxConverter.js +796 -0
- package/lib/stages/postgen/spdxConverter.poku.js +341 -0
- package/lib/validator/bomValidator.js +232 -0
- package/lib/validator/bomValidator.poku.js +70 -0
- package/lib/validator/complianceRules.js +70 -7
- package/lib/validator/complianceRules.poku.js +30 -0
- package/lib/validator/reporters/annotations.js +2 -2
- package/lib/validator/reporters/console.js +11 -0
- package/lib/validator/reporters.poku.js +13 -0
- package/package.json +10 -7
- package/types/bin/audit.d.ts +3 -0
- package/types/bin/audit.d.ts.map +1 -0
- package/types/bin/convert.d.ts +3 -0
- package/types/bin/convert.d.ts.map +1 -0
- package/types/bin/repl.d.ts.map +1 -1
- package/types/lib/audit/index.d.ts +115 -0
- package/types/lib/audit/index.d.ts.map +1 -0
- package/types/lib/audit/progress.d.ts +27 -0
- package/types/lib/audit/progress.d.ts.map +1 -0
- package/types/lib/audit/reporters.d.ts +35 -0
- package/types/lib/audit/reporters.d.ts.map +1 -0
- package/types/lib/audit/scoring.d.ts +35 -0
- package/types/lib/audit/scoring.d.ts.map +1 -0
- package/types/lib/audit/targets.d.ts +63 -0
- package/types/lib/audit/targets.d.ts.map +1 -0
- package/types/lib/cli/index.d.ts +8 -0
- package/types/lib/cli/index.d.ts.map +1 -1
- package/types/lib/helpers/analyzer.d.ts +13 -0
- package/types/lib/helpers/analyzer.d.ts.map +1 -1
- package/types/lib/helpers/annotationFormatter.d.ts +23 -0
- package/types/lib/helpers/annotationFormatter.d.ts.map +1 -0
- package/types/lib/helpers/bomUtils.d.ts +5 -0
- package/types/lib/helpers/bomUtils.d.ts.map +1 -0
- package/types/lib/helpers/chromextutils.d.ts +97 -0
- package/types/lib/helpers/chromextutils.d.ts.map +1 -0
- package/types/lib/helpers/ciParsers/githubActions.d.ts +3 -8
- package/types/lib/helpers/ciParsers/githubActions.d.ts.map +1 -1
- package/types/lib/helpers/containerRisk.d.ts +17 -0
- package/types/lib/helpers/containerRisk.d.ts.map +1 -0
- package/types/lib/helpers/display.d.ts +4 -1
- package/types/lib/helpers/display.d.ts.map +1 -1
- package/types/lib/helpers/exportUtils.d.ts +40 -0
- package/types/lib/helpers/exportUtils.d.ts.map +1 -0
- package/types/lib/helpers/formulationParsers.d.ts.map +1 -1
- package/types/lib/helpers/gtfobins.d.ts +17 -0
- package/types/lib/helpers/gtfobins.d.ts.map +1 -0
- package/types/lib/helpers/lolbas.d.ts +16 -0
- package/types/lib/helpers/lolbas.d.ts.map +1 -0
- package/types/lib/helpers/osqueryTransform.d.ts +7 -0
- package/types/lib/helpers/osqueryTransform.d.ts.map +1 -0
- package/types/lib/helpers/provenanceUtils.d.ts +90 -0
- package/types/lib/helpers/provenanceUtils.d.ts.map +1 -0
- package/types/lib/helpers/pylockutils.d.ts +51 -0
- package/types/lib/helpers/pylockutils.d.ts.map +1 -0
- package/types/lib/helpers/registryProvenance.d.ts +17 -0
- package/types/lib/helpers/registryProvenance.d.ts.map +1 -0
- package/types/lib/helpers/source.d.ts +141 -0
- package/types/lib/helpers/source.d.ts.map +1 -0
- package/types/lib/helpers/spdxUtils.d.ts +2 -0
- package/types/lib/helpers/spdxUtils.d.ts.map +1 -0
- package/types/lib/helpers/unicodeScan.d.ts +46 -0
- package/types/lib/helpers/unicodeScan.d.ts.map +1 -0
- package/types/lib/helpers/utils.d.ts +29 -11
- package/types/lib/helpers/utils.d.ts.map +1 -1
- package/types/lib/managers/binary.d.ts.map +1 -1
- package/types/lib/managers/docker.d.ts.map +1 -1
- package/types/lib/managers/oci.d.ts.map +1 -1
- package/types/lib/server/server.d.ts +0 -36
- package/types/lib/server/server.d.ts.map +1 -1
- package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
- package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
- package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
- package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
- package/types/lib/stages/postgen/spdxConverter.d.ts +11 -0
- package/types/lib/stages/postgen/spdxConverter.d.ts.map +1 -0
- package/types/lib/validator/bomValidator.d.ts +1 -0
- package/types/lib/validator/bomValidator.d.ts.map +1 -1
- package/types/lib/validator/complianceRules.d.ts.map +1 -1
- package/types/lib/validator/reporters/console.d.ts.map +1 -1
- package/types/bin/dependencies.d.ts +0 -3
- package/types/bin/dependencies.d.ts.map +0 -1
- package/types/bin/licenses.d.ts +0 -3
- package/types/bin/licenses.d.ts.map +0 -1
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
{
|
|
2
|
+
"entries": {
|
|
3
|
+
"cdk": {
|
|
4
|
+
"attackTactics": ["TA0003", "TA0004", "TA0006", "TA0007", "TA0008"],
|
|
5
|
+
"attackTechniques": ["T1552.007", "T1609", "T1611", "T1613"],
|
|
6
|
+
"offenseTools": ["cdk"],
|
|
7
|
+
"riskTags": [
|
|
8
|
+
"container-escape",
|
|
9
|
+
"credential-access",
|
|
10
|
+
"k8s-cluster-pivot",
|
|
11
|
+
"offensive-toolkit"
|
|
12
|
+
],
|
|
13
|
+
"sourceKeys": ["attack-containers", "cdk"]
|
|
14
|
+
},
|
|
15
|
+
"ctr": {
|
|
16
|
+
"attackTactics": ["TA0004", "TA0008"],
|
|
17
|
+
"attackTechniques": ["T1611"],
|
|
18
|
+
"offenseTools": ["cdk"],
|
|
19
|
+
"riskTags": ["container-escape", "runtime-control"],
|
|
20
|
+
"sourceKeys": ["attack-containers", "cdk"]
|
|
21
|
+
},
|
|
22
|
+
"curl": {
|
|
23
|
+
"attackTactics": ["TA0010", "TA0011"],
|
|
24
|
+
"attackTechniques": ["T1041", "T1105"],
|
|
25
|
+
"offenseTools": ["cdk", "deepce"],
|
|
26
|
+
"riskTags": ["data-exfiltration", "payload-delivery"],
|
|
27
|
+
"sourceKeys": ["cdk", "deepce"]
|
|
28
|
+
},
|
|
29
|
+
"deepce": {
|
|
30
|
+
"attackTactics": ["TA0004", "TA0006", "TA0007", "TA0008"],
|
|
31
|
+
"attackTechniques": ["T1552.007", "T1611", "T1613"],
|
|
32
|
+
"offenseTools": ["deepce"],
|
|
33
|
+
"riskTags": [
|
|
34
|
+
"container-escape",
|
|
35
|
+
"credential-access",
|
|
36
|
+
"offensive-toolkit"
|
|
37
|
+
],
|
|
38
|
+
"sourceKeys": ["attack-containers", "deepce"]
|
|
39
|
+
},
|
|
40
|
+
"docker": {
|
|
41
|
+
"attackTactics": ["TA0004", "TA0008"],
|
|
42
|
+
"attackTechniques": ["T1611"],
|
|
43
|
+
"offenseTools": ["cdk", "deepce"],
|
|
44
|
+
"riskTags": ["container-escape", "runtime-socket"],
|
|
45
|
+
"sourceKeys": ["attack-containers", "cdk", "deepce"]
|
|
46
|
+
},
|
|
47
|
+
"kubectl": {
|
|
48
|
+
"attackTactics": ["TA0006", "TA0007", "TA0008"],
|
|
49
|
+
"attackTechniques": ["T1552.007", "T1609", "T1613"],
|
|
50
|
+
"offenseTools": ["cdk", "peirates"],
|
|
51
|
+
"riskTags": [
|
|
52
|
+
"credential-access",
|
|
53
|
+
"k8s-cluster-pivot",
|
|
54
|
+
"serviceaccount-access"
|
|
55
|
+
],
|
|
56
|
+
"sourceKeys": ["attack-containers", "cdk", "peirates"]
|
|
57
|
+
},
|
|
58
|
+
"nc": {
|
|
59
|
+
"attackTactics": ["TA0008", "TA0011"],
|
|
60
|
+
"attackTechniques": ["T1041", "T1105"],
|
|
61
|
+
"offenseTools": ["cdk", "deepce"],
|
|
62
|
+
"riskTags": ["payload-delivery", "remote-shell"],
|
|
63
|
+
"sourceKeys": ["cdk", "deepce"]
|
|
64
|
+
},
|
|
65
|
+
"nsenter": {
|
|
66
|
+
"attackTactics": ["TA0004", "TA0008"],
|
|
67
|
+
"attackTechniques": ["T1611"],
|
|
68
|
+
"offenseTools": ["cdk", "deepce"],
|
|
69
|
+
"riskTags": ["container-escape", "namespace-escape"],
|
|
70
|
+
"seccompBlockedSyscalls": ["ptrace", "setns", "unshare"],
|
|
71
|
+
"seccompProfile": "docker-default",
|
|
72
|
+
"sourceKeys": ["attack-containers", "cdk", "deepce", "docker-seccomp"]
|
|
73
|
+
},
|
|
74
|
+
"peirates": {
|
|
75
|
+
"attackTactics": ["TA0003", "TA0006", "TA0007", "TA0008"],
|
|
76
|
+
"attackTechniques": ["T1552.007", "T1609", "T1613"],
|
|
77
|
+
"offenseTools": ["peirates"],
|
|
78
|
+
"riskTags": [
|
|
79
|
+
"credential-access",
|
|
80
|
+
"k8s-cluster-pivot",
|
|
81
|
+
"offensive-toolkit"
|
|
82
|
+
],
|
|
83
|
+
"sourceKeys": ["attack-containers", "peirates"]
|
|
84
|
+
},
|
|
85
|
+
"runc": {
|
|
86
|
+
"attackTactics": ["TA0004", "TA0008"],
|
|
87
|
+
"attackTechniques": ["T1611"],
|
|
88
|
+
"offenseTools": ["cdk"],
|
|
89
|
+
"riskTags": ["container-escape", "runtime-control"],
|
|
90
|
+
"seccompBlockedSyscalls": ["open_by_handle_at", "setns"],
|
|
91
|
+
"seccompProfile": "docker-default",
|
|
92
|
+
"sourceKeys": ["attack-containers", "cdk", "docker-seccomp"]
|
|
93
|
+
},
|
|
94
|
+
"socat": {
|
|
95
|
+
"attackTactics": ["TA0008", "TA0011"],
|
|
96
|
+
"attackTechniques": ["T1041", "T1105"],
|
|
97
|
+
"offenseTools": ["cdk", "deepce"],
|
|
98
|
+
"riskTags": ["payload-delivery", "remote-shell"],
|
|
99
|
+
"sourceKeys": ["cdk", "deepce"]
|
|
100
|
+
},
|
|
101
|
+
"unshare": {
|
|
102
|
+
"attackTactics": ["TA0004", "TA0008"],
|
|
103
|
+
"attackTechniques": ["T1611"],
|
|
104
|
+
"offenseTools": ["cdk"],
|
|
105
|
+
"riskTags": ["container-escape", "namespace-escape"],
|
|
106
|
+
"seccompBlockedSyscalls": ["clone", "unshare"],
|
|
107
|
+
"seccompProfile": "docker-default",
|
|
108
|
+
"sourceKeys": ["attack-containers", "cdk", "docker-seccomp"]
|
|
109
|
+
},
|
|
110
|
+
"wget": {
|
|
111
|
+
"attackTactics": ["TA0010", "TA0011"],
|
|
112
|
+
"attackTechniques": ["T1041", "T1105"],
|
|
113
|
+
"offenseTools": ["cdk", "deepce"],
|
|
114
|
+
"riskTags": ["data-exfiltration", "payload-delivery"],
|
|
115
|
+
"sourceKeys": ["cdk", "deepce"]
|
|
116
|
+
}
|
|
117
|
+
},
|
|
118
|
+
"sources": {
|
|
119
|
+
"attack-containers": "https://attack.mitre.org/matrices/enterprise/containers/",
|
|
120
|
+
"cdk": "https://github.com/cdk-team/CDK",
|
|
121
|
+
"deepce": "https://github.com/stealthcopter/deepce",
|
|
122
|
+
"docker-seccomp": "https://docs.docker.com/engine/security/seccomp/",
|
|
123
|
+
"peirates": "https://github.com/inguardians/peirates"
|
|
124
|
+
}
|
|
125
|
+
}
|