npm - @cyclonedx/cdxgen - Versions diffs - 12.3.2 → 12.4.0 - Mend

@cyclonedx/cdxgen 12.3.2 → 12.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

package/README.md +70 -22
package/bin/audit.js +21 -7
package/bin/cdxgen.js +238 -116
package/bin/convert.js +28 -13
package/bin/hbom.js +490 -0
package/bin/repl.js +580 -29
package/bin/validate.js +34 -4
package/bin/verify.js +40 -5
package/data/README.md +298 -25
package/data/component-tags.json +6 -0
package/data/crypto-oid.json +16 -0
package/data/predictive-audit-allowlist.json +11 -0
package/data/queries-darwin.json +12 -1
package/data/queries-win.json +7 -1
package/data/queries.json +39 -2
package/data/rules/ai-agent-governance.yaml +16 -0
package/data/rules/asar-archives.yaml +150 -0
package/data/rules/chrome-extensions.yaml +8 -0
package/data/rules/ci-permissions.yaml +171 -15
package/data/rules/container-risk.yaml +14 -7
package/data/rules/dependency-sources.yaml +76 -5
package/data/rules/hbom-compliance.yaml +325 -0
package/data/rules/hbom-performance.yaml +307 -0
package/data/rules/hbom-security.yaml +248 -0
package/data/rules/host-topology.yaml +165 -0
package/data/rules/mcp-servers.yaml +18 -3
package/data/rules/obom-runtime.yaml +907 -22
package/data/rules/package-integrity.yaml +36 -0
package/data/rules/rootfs-hardening.yaml +179 -0
package/data/rules/vscode-extensions.yaml +9 -0
package/lib/audit/index.js +209 -8
package/lib/audit/index.poku.js +332 -0
package/lib/audit/reporters.js +222 -0
package/lib/audit/targets.js +146 -1
package/lib/audit/targets.poku.js +186 -0
package/lib/cli/asar.poku.js +328 -0
package/lib/cli/index.js +647 -127
package/lib/cli/index.poku.js +1905 -187
package/lib/evinser/evinser.js +14 -9
package/lib/helpers/agentFormulationParser.js +6 -2
package/lib/helpers/agentFormulationParser.poku.js +42 -0
package/lib/helpers/analyzer.js +1444 -38
package/lib/helpers/analyzer.poku.js +409 -0
package/lib/helpers/analyzerScope.js +712 -0
package/lib/helpers/asarutils.js +1556 -0
package/lib/helpers/asarutils.poku.js +443 -0
package/lib/helpers/auditCategories.js +12 -0
package/lib/helpers/auditCategories.poku.js +32 -0
package/lib/helpers/cbomutils.js +271 -1
package/lib/helpers/cbomutils.poku.js +248 -5
package/lib/helpers/chromextutils.js +25 -3
package/lib/helpers/chromextutils.poku.js +68 -0
package/lib/helpers/ciParsers/githubActions.js +79 -0
package/lib/helpers/ciParsers/githubActions.poku.js +103 -0
package/lib/helpers/communityAiConfigParser.js +15 -5
package/lib/helpers/communityAiConfigParser.poku.js +71 -0
package/lib/helpers/depsUtils.js +5 -0
package/lib/helpers/depsUtils.poku.js +55 -0
package/lib/helpers/display.js +336 -23
package/lib/helpers/display.poku.js +179 -43
package/lib/helpers/evidenceUtils.js +58 -0
package/lib/helpers/evidenceUtils.poku.js +54 -0
package/lib/helpers/exportUtils.js +9 -0
package/lib/helpers/gtfobins.js +142 -8
package/lib/helpers/gtfobins.poku.js +24 -1
package/lib/helpers/hbom.js +710 -0
package/lib/helpers/hbom.poku.js +496 -0
package/lib/helpers/hbomAnalysis.js +268 -0
package/lib/helpers/hbomAnalysis.poku.js +249 -0
package/lib/helpers/hbomLoader.js +35 -0
package/lib/helpers/hostTopology.js +803 -0
package/lib/helpers/hostTopology.poku.js +363 -0
package/lib/helpers/inventoryStats.js +69 -0
package/lib/helpers/inventoryStats.poku.js +86 -0
package/lib/helpers/lolbas.js +19 -1
package/lib/helpers/lolbas.poku.js +23 -0
package/lib/helpers/mcpConfigParser.js +21 -5
package/lib/helpers/mcpConfigParser.poku.js +39 -2
package/lib/helpers/osqueryTransform.js +47 -0
package/lib/helpers/osqueryTransform.poku.js +47 -0
package/lib/helpers/plugins.js +349 -0
package/lib/helpers/plugins.poku.js +57 -0
package/lib/helpers/propertySanitizer.js +121 -0
package/lib/helpers/protobom.js +156 -45
package/lib/helpers/protobom.poku.js +140 -5
package/lib/helpers/remote/dependency-track.js +36 -3
package/lib/helpers/remote/dependency-track.poku.js +44 -0
package/lib/helpers/source.js +24 -0
package/lib/helpers/source.poku.js +32 -0
package/lib/helpers/utils.js +2454 -198
package/lib/helpers/utils.poku.js +1798 -74
package/lib/managers/binary.e2e.poku.js +367 -0
package/lib/managers/binary.js +2306 -350
package/lib/managers/binary.poku.js +1700 -1
package/lib/managers/docker.js +441 -95
package/lib/managers/docker.poku.js +1479 -14
package/lib/server/server.js +2 -24
package/lib/server/server.poku.js +36 -1
package/lib/stages/postgen/annotator.js +38 -0
package/lib/stages/postgen/annotator.poku.js +107 -1
package/lib/stages/postgen/auditBom.js +121 -18
package/lib/stages/postgen/auditBom.poku.js +2967 -990
package/lib/stages/postgen/hostTopologyAudit.poku.js +186 -0
package/lib/stages/postgen/postgen.js +192 -1
package/lib/stages/postgen/postgen.poku.js +321 -0
package/lib/stages/postgen/ruleEngine.js +116 -0
package/lib/stages/pregen/envAudit.js +14 -3
package/package.json +24 -21
package/types/bin/hbom.d.ts +3 -0
package/types/bin/hbom.d.ts.map +1 -0
package/types/bin/repl.d.ts.map +1 -1
package/types/lib/audit/index.d.ts +44 -0
package/types/lib/audit/index.d.ts.map +1 -1
package/types/lib/audit/reporters.d.ts +16 -0
package/types/lib/audit/reporters.d.ts.map +1 -1
package/types/lib/audit/targets.d.ts.map +1 -1
package/types/lib/cli/index.d.ts +16 -0
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/evinser/evinser.d.ts +4 -0
package/types/lib/evinser/evinser.d.ts.map +1 -1
package/types/lib/helpers/agentFormulationParser.d.ts.map +1 -1
package/types/lib/helpers/analyzer.d.ts +33 -0
package/types/lib/helpers/analyzer.d.ts.map +1 -1
package/types/lib/helpers/analyzerScope.d.ts +11 -0
package/types/lib/helpers/analyzerScope.d.ts.map +1 -0
package/types/lib/helpers/asarutils.d.ts +34 -0
package/types/lib/helpers/asarutils.d.ts.map +1 -0
package/types/lib/helpers/auditCategories.d.ts +5 -0
package/types/lib/helpers/auditCategories.d.ts.map +1 -1
package/types/lib/helpers/cbomutils.d.ts +3 -2
package/types/lib/helpers/cbomutils.d.ts.map +1 -1
package/types/lib/helpers/chromextutils.d.ts.map +1 -1
package/types/lib/helpers/ciParsers/githubActions.d.ts.map +1 -1
package/types/lib/helpers/communityAiConfigParser.d.ts.map +1 -1
package/types/lib/helpers/depsUtils.d.ts.map +1 -1
package/types/lib/helpers/display.d.ts +1 -0
package/types/lib/helpers/display.d.ts.map +1 -1
package/types/lib/helpers/evidenceUtils.d.ts +8 -0
package/types/lib/helpers/evidenceUtils.d.ts.map +1 -0
package/types/lib/helpers/exportUtils.d.ts.map +1 -1
package/types/lib/helpers/gtfobins.d.ts +8 -0
package/types/lib/helpers/gtfobins.d.ts.map +1 -1
package/types/lib/helpers/hbom.d.ts +49 -0
package/types/lib/helpers/hbom.d.ts.map +1 -0
package/types/lib/helpers/hbomAnalysis.d.ts +62 -0
package/types/lib/helpers/hbomAnalysis.d.ts.map +1 -0
package/types/lib/helpers/hbomLoader.d.ts +7 -0
package/types/lib/helpers/hbomLoader.d.ts.map +1 -0
package/types/lib/helpers/hostTopology.d.ts +12 -0
package/types/lib/helpers/hostTopology.d.ts.map +1 -0
package/types/lib/helpers/inventoryStats.d.ts +11 -0
package/types/lib/helpers/inventoryStats.d.ts.map +1 -0
package/types/lib/helpers/lolbas.d.ts.map +1 -1
package/types/lib/helpers/mcpConfigParser.d.ts +1 -1
package/types/lib/helpers/mcpConfigParser.d.ts.map +1 -1
package/types/lib/helpers/osqueryTransform.d.ts +3 -0
package/types/lib/helpers/osqueryTransform.d.ts.map +1 -1
package/types/lib/helpers/plugins.d.ts +58 -0
package/types/lib/helpers/plugins.d.ts.map +1 -0
package/types/lib/helpers/propertySanitizer.d.ts +3 -0
package/types/lib/helpers/propertySanitizer.d.ts.map +1 -0
package/types/lib/helpers/protobom.d.ts +3 -4
package/types/lib/helpers/protobom.d.ts.map +1 -1
package/types/lib/helpers/remote/dependency-track.d.ts +10 -3
package/types/lib/helpers/remote/dependency-track.d.ts.map +1 -1
package/types/lib/helpers/source.d.ts.map +1 -1
package/types/lib/helpers/utils.d.ts +74 -8
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts +5 -0
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/managers/docker.d.ts +3 -0
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/server/server.d.ts +2 -0
package/types/lib/server/server.d.ts.map +1 -1
package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
package/types/lib/stages/postgen/auditBom.d.ts +26 -1
package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts +2 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
package/types/lib/stages/pregen/envAudit.d.ts.map +1 -1
package/data/spdx-model-v3.0.1.jsonld +0 -15999

package/lib/helpers/hostTopology.poku.js ADDED Viewed

@@ -0,0 +1,363 @@
+import { assert, describe, it } from "poku";
+import {
+  applyHostInventoryTopology,
+  getHostViewSummary,
+  isMergedHostViewBom,
+  mergeHostInventoryBoms,
+} from "./hostTopology.js";
+function makeProperty(name, value) {
+  return { name, value };
+}
+function makeHbomComponent(name, hardwareClass, properties = []) {
+  return {
+    type: "device",
+    name,
+    properties: [
+      makeProperty("cdx:hbom:hardwareClass", hardwareClass),
+      ...properties,
+    ],
+  };
+}
+function makeOsqueryComponent(
+  name,
+  queryCategory,
+  properties = [],
+  extra = {},
+) {
+  return {
+    type: extra.type || "data",
+    name,
+    version: extra.version || "",
+    "bom-ref": extra.bomRef || `osquery:${queryCategory}:${name}`,
+    properties: [
+      makeProperty("cdx:osquery:category", queryCategory),
+      ...properties,
+    ],
+  };
+}
+describe("host topology helpers", () => {
+  it("adds strict HBOM topology dependencies for standalone hardware BOMs", () => {
+    const bomJson = applyHostInventoryTopology({
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      metadata: {
+        component: {
+          name: "host-a",
+          type: "device",
+          properties: [
+            makeProperty("cdx:hbom:platform", "linux"),
+            makeProperty("cdx:hbom:architecture", "amd64"),
+          ],
+        },
+      },
+      components: [
+        makeHbomComponent("wlp2s0", "network-interface", [
+          makeProperty("cdx:hbom:driver", "iwlwifi"),
+        ]),
+        makeHbomComponent("CT1000P3PSSD8", "storage"),
+      ],
+      dependencies: [],
+    });
+    assert.ok(bomJson.metadata.component["bom-ref"]);
+    assert.ok(bomJson.components.every((component) => component["bom-ref"]));
+    assert.strictEqual(getHostViewSummary(bomJson).mode, "hbom-topology");
+    assert.strictEqual(getHostViewSummary(bomJson).runtimeAnchorCount, 0);
+    assert.strictEqual(
+      bomJson.dependencies.find(
+        (dependency) =>
+          dependency.ref === bomJson.metadata.component["bom-ref"],
+      )?.dependsOn?.length,
+      2,
+    );
+  });
+  it("merges OBOM runtime data and links hardware to runtime components without guesswork", () => {
+    const hbomJson = {
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      metadata: {
+        component: {
+          name: "host-b",
+          type: "device",
+          properties: [
+            makeProperty("cdx:hbom:platform", "linux"),
+            makeProperty("cdx:hbom:architecture", "amd64"),
+            makeProperty("cdx:hbom:secureBootDbSha1", "db-cert-1"),
+          ],
+        },
+      },
+      components: [
+        makeHbomComponent("enp1s0", "network-interface", [
+          makeProperty("cdx:hbom:driver", "r8169"),
+          makeProperty("cdx:hbom:speedMbps", "100"),
+        ]),
+        makeHbomComponent("CT1000P3PSSD8", "storage", [
+          makeProperty("cdx:hbom:deviceNode", "/dev/nvme0n1"),
+          makeProperty("cdx:hbom:mountPoint", "/home"),
+        ]),
+      ],
+      dependencies: [],
+      properties: [],
+    };
+    const obomData = {
+      parentComponent: {
+        type: "operating-system",
+        name: "Ubuntu",
+        version: "24.04",
+        "bom-ref": "pkg:generic/ubuntu@24.04",
+      },
+      bomJson: {
+        bomFormat: "CycloneDX",
+        specVersion: "1.7",
+        metadata: {
+          tools: {
+            components: [
+              {
+                type: "application",
+                name: "osquery",
+                version: "5.12.0",
+                "bom-ref": "pkg:generic/osquery@5.12.0",
+              },
+            ],
+          },
+        },
+        components: [
+          makeOsqueryComponent("192.168.1.23", "interface_addresses", [
+            makeProperty("interface", "enp1s0"),
+            makeProperty("address", "192.168.1.23"),
+          ]),
+          makeOsqueryComponent("r8169", "kernel_modules", [], {
+            type: "data",
+          }),
+          makeOsqueryComponent("iwlwifi", "kernel_modules", [], {
+            type: "data",
+          }),
+          makeOsqueryComponent("/home", "mount_hardening", [
+            makeProperty("device", "/dev/nvme0n1"),
+            makeProperty("path", "/home"),
+            makeProperty("flags", "rw,nosuid,nodev"),
+          ]),
+          makeOsqueryComponent("nvme-home", "logical_drives", [
+            makeProperty("device_id", "/dev/nvme0n1"),
+            makeProperty("description", "home"),
+          ]),
+          makeOsqueryComponent("db-cert", "secureboot_certificates", [
+            makeProperty("sha1", "db-cert-1"),
+            makeProperty("subject", "CN=Platform DB"),
+          ]),
+        ],
+        dependencies: [
+          {
+            ref: "pkg:generic/ubuntu@24.04",
+            dependsOn: [
+              "osquery:interface_addresses:192.168.1.23",
+              "osquery:kernel_modules:r8169",
+            ],
+          },
+        ],
+      },
+    };
+    const mergedBomJson = mergeHostInventoryBoms(hbomJson, obomData);
+    const networkComponent = mergedBomJson.components.find(
+      (component) => component.name === "enp1s0",
+    );
+    const networkDependency = mergedBomJson.dependencies.find(
+      (dependency) => dependency.ref === networkComponent["bom-ref"],
+    );
+    const storageComponent = mergedBomJson.components.find(
+      (component) => component.name === "CT1000P3PSSD8",
+    );
+    const storageDependency = mergedBomJson.dependencies.find(
+      (dependency) => dependency.ref === storageComponent["bom-ref"],
+    );
+    const hostDependency = mergedBomJson.dependencies.find(
+      (dependency) =>
+        dependency.ref === mergedBomJson.metadata.component["bom-ref"],
+    );
+    const summary = getHostViewSummary(mergedBomJson);
+    assert.strictEqual(isMergedHostViewBom(mergedBomJson), true);
+    assert.ok(networkComponent["bom-ref"]);
+    assert.ok(networkDependency);
+    assert.deepStrictEqual(networkDependency.dependsOn, [
+      "osquery:interface_addresses:192.168.1.23",
+      "osquery:kernel_modules:r8169",
+    ]);
+    assert.deepStrictEqual(storageDependency.dependsOn, [
+      "osquery:logical_drives:nvme-home",
+      "osquery:mount_hardening:/home",
+    ]);
+    assert.ok(
+      hostDependency.dependsOn.includes(
+        "osquery:secureboot_certificates:db-cert",
+      ),
+    );
+    assert.strictEqual(
+      networkComponent.properties.find(
+        (property) =>
+          property.name === "cdx:hostview:interface_addresses:count",
+      )?.value,
+      "1",
+    );
+    assert.strictEqual(
+      networkComponent.properties.find(
+        (property) => property.name === "cdx:hostview:kernel_modules:count",
+      )?.value,
+      "1",
+    );
+    assert.strictEqual(
+      storageComponent.properties.find(
+        (property) => property.name === "cdx:hostview:mount_hardening:count",
+      )?.value,
+      "1",
+    );
+    assert.strictEqual(
+      storageComponent.properties.find(
+        (property) => property.name === "cdx:hostview:runtime-storage:count",
+      )?.value,
+      "1",
+    );
+    assert.strictEqual(
+      mergedBomJson.metadata.component.properties.find(
+        (property) =>
+          property.name === "cdx:hostview:secureboot_certificates:count",
+      )?.value,
+      "1",
+    );
+    assert.strictEqual(summary.mode, "hbom-obom-merged");
+    assert.strictEqual(summary.runtimeAnchorCount, 1);
+    assert.strictEqual(summary.runtimeComponentCount, 6);
+    assert.strictEqual(summary.topologyLinkCount, 5);
+    assert.deepStrictEqual(summary.linkedRuntimeCategories, [
+      "interface_addresses",
+      "kernel_modules",
+      "mount_hardening",
+      "runtime-storage",
+      "secureboot_certificates",
+    ]);
+  });
+  it("links host trust metadata to secure boot certificates only when exact identifiers match", () => {
+    const mergedBomJson = mergeHostInventoryBoms(
+      {
+        bomFormat: "CycloneDX",
+        specVersion: "1.7",
+        metadata: {
+          component: {
+            name: "host-trust",
+            type: "device",
+            properties: [
+              makeProperty("cdx:hbom:platform", "linux"),
+              makeProperty(
+                "cdx:hbom:secureBootSubjectKeyId",
+                "trust-anchor-42",
+              ),
+            ],
+          },
+        },
+        components: [],
+        dependencies: [],
+        properties: [],
+      },
+      {
+        bomJson: {
+          bomFormat: "CycloneDX",
+          specVersion: "1.7",
+          metadata: {},
+          components: [
+            makeOsqueryComponent("db-anchor", "secureboot_certificates", [
+              makeProperty("subject_key_id", "trust-anchor-42"),
+              makeProperty("issuer", "CN=Firmware CA"),
+            ]),
+          ],
+          dependencies: [],
+          properties: [],
+        },
+      },
+    );
+    const hostDependency = mergedBomJson.dependencies.find(
+      (dependency) =>
+        dependency.ref === mergedBomJson.metadata.component["bom-ref"],
+    );
+    const summary = getHostViewSummary(mergedBomJson);
+    assert.ok(hostDependency);
+    assert.deepStrictEqual(hostDependency.dependsOn, [
+      "osquery:secureboot_certificates:db-anchor",
+    ]);
+    assert.strictEqual(
+      mergedBomJson.metadata.component.properties.find(
+        (property) =>
+          property.name === "cdx:hostview:secureboot_certificates:count",
+      )?.value,
+      "1",
+    );
+    assert.ok(
+      summary.linkedRuntimeCategories.includes("secureboot_certificates"),
+    );
+    assert.strictEqual(summary.topologyLinkCount, 1);
+  });
+  it("does not create runtime links when there is no exact identifier match", () => {
+    const hbomJson = {
+      bomFormat: "CycloneDX",
+      specVersion: "1.7",
+      metadata: {
+        component: {
+          name: "host-c",
+          type: "device",
+          properties: [makeProperty("cdx:hbom:platform", "linux")],
+        },
+      },
+      components: [
+        makeHbomComponent("enp1s0", "network-interface", [
+          makeProperty("cdx:hbom:driver", "r8169"),
+        ]),
+      ],
+      dependencies: [],
+      properties: [],
+    };
+    const obomData = {
+      bomJson: {
+        metadata: {},
+        components: [
+          makeOsqueryComponent("192.168.1.24", "interface_addresses", [
+            makeProperty("interface", "eth9"),
+          ]),
+          makeOsqueryComponent("iwlwifi", "kernel_modules"),
+        ],
+        dependencies: [],
+        properties: [],
+      },
+    };
+    const mergedBomJson = mergeHostInventoryBoms(hbomJson, obomData);
+    const networkComponent = mergedBomJson.components.find(
+      (component) => component.name === "enp1s0",
+    );
+    const summary = getHostViewSummary(mergedBomJson);
+    assert.strictEqual(
+      mergedBomJson.dependencies.some(
+        (dependency) => dependency.ref === networkComponent["bom-ref"],
+      ),
+      false,
+    );
+    assert.strictEqual(
+      networkComponent.properties.some((property) =>
+        property.name.startsWith("cdx:hostview:"),
+      ),
+      false,
+    );
+    assert.strictEqual(summary.topologyLinkCount, 0);
+    assert.strictEqual(summary.linkedHardwareComponentCount, 0);
+  });
+});

package/lib/helpers/inventoryStats.js ADDED Viewed

@@ -0,0 +1,69 @@
+function toProperties(propertiesOrObject) {
+  if (Array.isArray(propertiesOrObject)) {
+    return propertiesOrObject;
+  }
+  if (Array.isArray(propertiesOrObject?.properties)) {
+    return propertiesOrObject.properties;
+  }
+  return [];
+}
+export function getPropertyValue(propertiesOrObject, propertyName) {
+  return toProperties(propertiesOrObject).find(
+    (property) => property?.name === propertyName,
+  )?.value;
+}
+function hasPropertyValue(propertiesOrObject, propertyName, valuePredicate) {
+  const propertyValue = getPropertyValue(propertiesOrObject, propertyName);
+  if (typeof valuePredicate === "function") {
+    return valuePredicate(propertyValue);
+  }
+  return propertyValue === valuePredicate;
+}
+function isFileComponent(component) {
+  return component?.type === "file";
+}
+function isCryptographicAssetComponent(component) {
+  return component?.type === "cryptographic-asset";
+}
+export function getUnpackagedExecutableComponents(components = []) {
+  return (components || []).filter(
+    (component) =>
+      isFileComponent(component) &&
+      hasPropertyValue(component, "internal:is_executable", "true"),
+  );
+}
+export function getUnpackagedSharedLibraryComponents(components = []) {
+  return (components || []).filter(
+    (component) =>
+      isFileComponent(component) &&
+      hasPropertyValue(component, "internal:is_shared_library", "true"),
+  );
+}
+export function getSourceDerivedCryptoComponents(components = []) {
+  return (components || []).filter(
+    (component) =>
+      isCryptographicAssetComponent(component) &&
+      hasPropertyValue(component, "cdx:crypto:sourceType", (propertyValue) =>
+        propertyValue?.startsWith("js-ast:"),
+      ),
+  );
+}
+export function getContainerFileInventoryStats(components = []) {
+  const unpackagedExecutables = getUnpackagedExecutableComponents(components);
+  const unpackagedSharedLibraries =
+    getUnpackagedSharedLibraryComponents(components);
+  return {
+    unpackagedExecutables,
+    unpackagedSharedLibraries,
+    unpackagedExecutableCount: unpackagedExecutables.length,
+    unpackagedSharedLibraryCount: unpackagedSharedLibraries.length,
+  };
+}

package/lib/helpers/inventoryStats.poku.js ADDED Viewed

@@ -0,0 +1,86 @@
+import { assert, describe, it } from "poku";
+import {
+  getContainerFileInventoryStats,
+  getPropertyValue,
+  getSourceDerivedCryptoComponents,
+  getUnpackagedExecutableComponents,
+  getUnpackagedSharedLibraryComponents,
+} from "./inventoryStats.js";
+describe("inventoryStats helpers", () => {
+  const components = [
+    {
+      type: "file",
+      name: "demo",
+      properties: [{ name: "internal:is_executable", value: "true" }],
+    },
+    {
+      type: "file",
+      name: "libdemo.so",
+      properties: [{ name: "internal:is_shared_library", value: "true" }],
+    },
+    {
+      type: "file",
+      name: "README.md",
+      properties: [{ name: "internal:is_executable", value: "false" }],
+    },
+    {
+      type: "cryptographic-asset",
+      name: "sha-512",
+      properties: [
+        { name: "cdx:crypto:sourceType", value: "js-ast:node:crypto" },
+      ],
+    },
+    {
+      type: "cryptographic-asset",
+      name: "cert.pem",
+      properties: [{ name: "cdx:crypto:sourceType", value: "certificate" }],
+    },
+  ];
+  it("getPropertyValue() reads properties from arrays and component objects", () => {
+    assert.strictEqual(
+      getPropertyValue(components[0], "internal:is_executable"),
+      "true",
+    );
+    assert.strictEqual(
+      getPropertyValue(components[0].properties, "internal:is_executable"),
+      "true",
+    );
+    assert.strictEqual(getPropertyValue({}, "missing"), undefined);
+  });
+  it("filters unpackaged executable and shared-library file components", () => {
+    assert.deepStrictEqual(
+      getUnpackagedExecutableComponents(components).map(
+        (component) => component.name,
+      ),
+      ["demo"],
+    );
+    assert.deepStrictEqual(
+      getUnpackagedSharedLibraryComponents(components).map(
+        (component) => component.name,
+      ),
+      ["libdemo.so"],
+    );
+  });
+  it("filters source-derived crypto components", () => {
+    assert.deepStrictEqual(
+      getSourceDerivedCryptoComponents(components).map(
+        (component) => component.name,
+      ),
+      ["sha-512"],
+    );
+  });
+  it("summarizes unpackaged container file inventory counts", () => {
+    assert.deepStrictEqual(getContainerFileInventoryStats(components), {
+      unpackagedExecutables: [components[0]],
+      unpackagedSharedLibraries: [components[1]],
+      unpackagedExecutableCount: 1,
+      unpackagedSharedLibraryCount: 1,
+    });
+  });
+});

package/lib/helpers/lolbas.js CHANGED Viewed

@@ -42,6 +42,22 @@ const MATCH_FIELDS = [
   "program",
   "source",
 ];
+const CATEGORY_MATCH_FIELDS = {
+  appcompat_shims: ["executable", "path", "sdb_path"],
+  listening_ports: ["cmdline", "name", "path"],
+  process_open_handles_snapshot: ["cmdline", "name", "path"],
+  processes: ["cmdline", "name", "path"],
+  scheduled_tasks: ["action"],
+  services_snapshot: ["module_path", "path"],
+  startup_items: ["path"],
+  windows_run_keys: ["description", "name"],
+  wmi_cli_event_consumers: ["command_line_template", "command_line", "name"],
+  wmi_cli_event_consumers_snapshot: [
+    "command_line_template",
+    "command_line",
+    "name",
+  ],
+};
 const STANDALONE_COMMAND_PATTERN =
   /\b(bitsadmin|certutil|cmd|cmdkey|cmstp|cscript|ftp|installutil|msbuild|mshta|msiexec|odbcconf|powershell|pwsh|regsvr32|rundll32|wmic|wscript)\b/gi;
 const WINDOWS_EXECUTABLE_PATTERN =
@@ -173,7 +189,9 @@ export function getLolbasMetadata(candidate) {
  */
 export function createLolbasProperties(queryCategory, row) {
   const matches = new Map();
-  for (const field of MATCH_FIELDS) {
+  const matchFieldsForCategory =
+    CATEGORY_MATCH_FIELDS[queryCategory] || MATCH_FIELDS;
+  for (const field of matchFieldsForCategory) {
     const fieldValue = row?.[field];
     if (!fieldValue) {
       continue;

package/lib/helpers/lolbas.poku.js CHANGED Viewed

@@ -36,4 +36,27 @@ describe("lolbas helpers", () => {
     assert.ok(propertyMap["cdx:lolbas:attackTechniques"].includes("T1059.001"));
     assert.ok(propertyMap["cdx:lolbas:matchFields"].includes("description"));
   });
+  it("ignores benign Windows service descriptions that only mention LOLBAS tools", () => {
+    const properties = createLolbasProperties("services_snapshot", {
+      description:
+        "This service can be queried via Powershell and configured with winrm.cmd.",
+      display_name: "Windows Remote Management",
+      module_path: "C:\\Windows\\System32\\WsmSvc.dll",
+      path: "C:\\Windows\\System32\\svchost.exe -k NetworkService -p",
+    });
+    assert.deepStrictEqual(properties, []);
+  });
+  it("keeps Windows service path matches when the executable field itself is LOLBAS", () => {
+    const properties = createLolbasProperties("services_snapshot", {
+      path: "C:\\Users\\Public\\evil\\powershell.exe -enc AAAA",
+    });
+    const propertyMap = Object.fromEntries(
+      properties.map((property) => [property.name, property.value]),
+    );
+    assert.strictEqual(propertyMap["cdx:lolbas:matched"], "true");
+    assert.ok(propertyMap["cdx:lolbas:names"].includes("powershell.exe"));
+    assert.ok(propertyMap["cdx:lolbas:matchFields"].includes("path"));
+  });
 });

package/lib/helpers/mcpConfigParser.js CHANGED Viewed

@@ -9,6 +9,10 @@ import {
   providerNamesForText,
   sanitizeMcpRefToken,
 } from "./mcpDiscovery.js";
+import {
+  sanitizeBomPropertyValue,
+  sanitizeBomUrl,
+} from "./propertySanitizer.js";
 import { scanTextForHiddenUnicode } from "./unicodeScan.js";
 const MCP_CONFIG_PATTERNS = [
@@ -40,13 +44,22 @@ const SECRET_FIELD_NAME_PATTERN =
 const ENV_REFERENCE_PATTERN = /(?:\$\{?[A-Z0-9_]+\}?|%[A-Z0-9_]+%)/u;
 function addUniqueProperty(properties, name, value) {
-  if (value === undefined || value === null || value === "") {
+  const sanitizedValue = sanitizeBomPropertyValue(name, value);
+  if (
+    sanitizedValue === undefined ||
+    sanitizedValue === null ||
+    sanitizedValue === ""
+  ) {
     return;
   }
-  if (properties.some((prop) => prop.name === name && prop.value === value)) {
+  if (
+    properties.some(
+      (prop) => prop.name === name && prop.value === String(sanitizedValue),
+    )
+  ) {
     return;
   }
-  properties.push({ name, value: String(value) });
+  properties.push({ name, value: String(sanitizedValue) });
 }
 function normalizeFilePath(filePath) {
@@ -380,6 +393,9 @@ function createServiceFromConfig(
   const command = normalized.command;
   const args = normalized.args;
   const endpoints = extractEndpoints(serverConfig);
+  const sanitizedEndpoints = endpoints.map((endpoint) =>
+    sanitizeBomUrl(endpoint),
+  );
   const transport = inferTransport(serverConfig, endpoints);
   const authHints = authHintsFromValue(serverConfig);
   const authPosture = authPostureForConfig(serverConfig, endpoints, authHints);
@@ -396,7 +412,7 @@ function createServiceFromConfig(
     JSON.stringify({
       args,
       command,
-      endpoints,
+      endpoints: sanitizedEndpoints,
       env: serverConfig?.env || serverConfig?.environment || {},
     }),
   );
@@ -534,7 +550,7 @@ function createServiceFromConfig(
   return {
     "bom-ref": `urn:service:mcp:${sanitizeMcpRefToken(serviceName)}:${sanitizeMcpRefToken(version)}`,
     authenticated,
-    endpoints,
+    endpoints: sanitizedEndpoints,
     group: "mcp",
     name: serviceName,
     properties,