@mitre/hdf-converters 2.10.13 → 2.10.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +23 -21
- package/lib/index.d.ts +1 -0
- package/lib/index.js +1 -0
- package/lib/index.js.map +1 -1
- package/lib/package.json +2 -1
- package/lib/src/base-converter.d.ts +3 -3
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/cyclonedx-sbom-mapper.d.ts +37 -0
- package/lib/src/cyclonedx-sbom-mapper.js +431 -0
- package/lib/src/cyclonedx-sbom-mapper.js.map +1 -0
- package/lib/src/twistlock-mapper.js +3 -5
- package/lib/src/twistlock-mapper.js.map +1 -1
- package/lib/src/utils/fingerprinting.d.ts +1 -0
- package/lib/src/utils/fingerprinting.js +3 -1
- package/lib/src/utils/fingerprinting.js.map +1 -1
- package/lib/src/utils/global.d.ts +1 -0
- package/lib/src/utils/global.js +5 -1
- package/lib/src/utils/global.js.map +1 -1
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -5,32 +5,34 @@
|
|
|
5
5
|
OHDF Converters supplies several methods to convert various types of security tool data to and from the OHDF standard. OHDF Converters can be used in a variety of tools, and is currently well integrated with Heimdall itself, and the [SAF CLI](https://github.com/mitre/saf).
|
|
6
6
|
|
|
7
7
|
## Supported Formats
|
|
8
|
+
|
|
8
9
|
1. [**asff-mapper**] - AWS Security Finding Format JSON file, Prowler-derived AWS Security Finding Format results from concatenated JSON blobs, and Trivy-derived AWS Security Finding Format results from concatenated JSON blobs
|
|
9
10
|
2. [**aws-config-mapper**] - AWS Config
|
|
10
11
|
3. [**burpsuite-mapper**] - BurpSuite Pro XML file
|
|
11
12
|
4. [**caat-mapper**] - Compliance Assessment and Audit Tracking (CAAT) file
|
|
12
13
|
5. [**checklist-mapper**] - Checlist Mapper format
|
|
13
14
|
6. [**conveyor-mapper**] - Conveyor JSON file
|
|
14
|
-
7. [**
|
|
15
|
-
8. [**
|
|
16
|
-
9. [**
|
|
17
|
-
10. [**
|
|
18
|
-
11. [**
|
|
19
|
-
12. [**
|
|
20
|
-
13. [**
|
|
21
|
-
14. [**
|
|
22
|
-
15. [**
|
|
23
|
-
16. [**
|
|
24
|
-
17. [**
|
|
25
|
-
18. [**
|
|
26
|
-
19. [**
|
|
27
|
-
20. [**
|
|
28
|
-
21. [**
|
|
29
|
-
22. [**
|
|
30
|
-
23. [**
|
|
31
|
-
24. [**
|
|
32
|
-
25. [**
|
|
33
|
-
26. [**
|
|
15
|
+
7. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file
|
|
16
|
+
8. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format
|
|
17
|
+
9. [**fortify-mapper**] - Fortify results FVDL file
|
|
18
|
+
10. [**gosec-mapper**] - gosec results JSON file
|
|
19
|
+
11. [**ionchannel-mapper**] - SBOM data from Ion Channel
|
|
20
|
+
12. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
|
|
21
|
+
13. [**msft-secure-mapper**] - Microsoft Secure Score results file
|
|
22
|
+
14. [**nessus-mapper**] - Nessus XML results file
|
|
23
|
+
15. [**netsparker-mapper**] - Netsparker XML results file
|
|
24
|
+
16. [**nikto-mapper**] - Nikto results JSON file
|
|
25
|
+
17. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
|
|
26
|
+
18. [**sarif-mapper**] - SARIF JSON file
|
|
27
|
+
19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
|
|
28
|
+
20. [**snyk-mapper**] - Snyk results JSON file
|
|
29
|
+
21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
|
|
30
|
+
22. [**splunk-mapper**] - Splunk instance
|
|
31
|
+
23. [**trufflehog-mapper**] - Trufflehog results json file
|
|
32
|
+
24. [**twistlock-mapper**] - Twistlock CLI output file
|
|
33
|
+
25. [**veracode-mapper**] - Veracode Scan Results XML file
|
|
34
|
+
26. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
|
|
35
|
+
27. [**zap-mapper**] - OWASP ZAP results JSON
|
|
34
36
|
|
|
35
37
|
### NOTICE
|
|
36
38
|
|
|
@@ -48,4 +50,4 @@ This software was produced for the U. S. Government under Contract Number HHSM-5
|
|
|
48
50
|
|
|
49
51
|
No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.
|
|
50
52
|
|
|
51
|
-
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA
|
|
53
|
+
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.
|
package/lib/index.d.ts
CHANGED
|
@@ -30,6 +30,7 @@ export * from './src/netsparker-mapper';
|
|
|
30
30
|
export * from './src/nikto-mapper';
|
|
31
31
|
export * from './src/prisma-mapper';
|
|
32
32
|
export * from './src/sarif-mapper';
|
|
33
|
+
export * from './src/cyclonedx-sbom-mapper';
|
|
33
34
|
export * from './src/scoutsuite-mapper';
|
|
34
35
|
export * from './src/snyk-mapper';
|
|
35
36
|
export * from './src/sonarqube-mapper';
|
package/lib/index.js
CHANGED
|
@@ -60,6 +60,7 @@ __exportStar(require("./src/netsparker-mapper"), exports);
|
|
|
60
60
|
__exportStar(require("./src/nikto-mapper"), exports);
|
|
61
61
|
__exportStar(require("./src/prisma-mapper"), exports);
|
|
62
62
|
__exportStar(require("./src/sarif-mapper"), exports);
|
|
63
|
+
__exportStar(require("./src/cyclonedx-sbom-mapper"), exports);
|
|
63
64
|
__exportStar(require("./src/scoutsuite-mapper"), exports);
|
|
64
65
|
__exportStar(require("./src/snyk-mapper"), exports);
|
|
65
66
|
__exportStar(require("./src/sonarqube-mapper"), exports);
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6DAA0D;AAAlD,0GAAA,WAAW,OAAA;AACnB,0DAAwC;AACxC,yDAAuC;AACvC,oEAAkD;AAClD,mEAAiD;AACjD,8EAA4D;AAC5D,4EAA0D;AAC1D,qFAAmE;AACnE,qFAAmE;AACnE,qFAAmE;AACnE,yFAAuE;AACvE,uFAAqE;AACrE,wDAAsC;AACtC,yDAAuC;AACvC,uDAAqC;AACrC,qDAAmC;AACnC,0DAAwC;AACxC,0DAAwC;AACxC,4FAA4E;AAC5E,wFAAwE;AACxE,wFAAwE;AACxE,0GAA0F;AAC1F,4FAA4E;AAC5E,wFAAwE;AACxE,4FAA4E;AAC5E,sGAAsF;AACtF,iEAA+C;AAC/C,sDAAoC;AACpC,0DAAwC;AACxC,qDAAmC;AACnC,sDAAoC;AACpC,qDAAmC;AACnC,0DAAwC;AACxC,oDAAkC;AAClC,yDAAuC;AACvC,sDAAoC;AACpC,0DAAwC;AACxC,yDAAuC;AACvC,2DAAyC;AACzC,yDAAuC;AACvC,6DAA2C;AAC3C,wDAAsC;AACtC,6DAA2C;AAC3C,mDAAiC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6DAA0D;AAAlD,0GAAA,WAAW,OAAA;AACnB,0DAAwC;AACxC,yDAAuC;AACvC,oEAAkD;AAClD,mEAAiD;AACjD,8EAA4D;AAC5D,4EAA0D;AAC1D,qFAAmE;AACnE,qFAAmE;AACnE,qFAAmE;AACnE,yFAAuE;AACvE,uFAAqE;AACrE,wDAAsC;AACtC,yDAAuC;AACvC,uDAAqC;AACrC,qDAAmC;AACnC,0DAAwC;AACxC,0DAAwC;AACxC,4FAA4E;AAC5E,wFAAwE;AACxE,wFAAwE;AACxE,0GAA0F;AAC1F,4FAA4E;AAC5E,wFAAwE;AACxE,4FAA4E;AAC5E,sGAAsF;AACtF,iEAA+C;AAC/C,sDAAoC;AACpC,0DAAwC;AACxC,qDAAmC;AACnC,sDAAoC;AACpC,qDAAmC;AACnC,8DAA4C;AAC5C,0DAAwC;AACxC,oDAAkC;AAClC,yDAAuC;AACvC,sDAAoC;AACpC,0DAAwC;AACxC,yDAAuC;AACvC,2DAAyC;AACzC,yDAAuC;AACvC,6DAA2C;AAC3C,wDAAsC;AACtC,6DAA2C;AAC3C,mDAAiC"}
|
package/lib/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mitre/hdf-converters",
|
|
3
|
-
"version": "2.10.
|
|
3
|
+
"version": "2.10.15",
|
|
4
4
|
"license": "Apache-2.0",
|
|
5
5
|
"description": "Converter util library used to transform various scan results into HDF format",
|
|
6
6
|
"files": [
|
|
@@ -26,6 +26,7 @@
|
|
|
26
26
|
},
|
|
27
27
|
"dependencies": {
|
|
28
28
|
"@aws-sdk/client-config-service": "^3.95.0",
|
|
29
|
+
"@cyclonedx/cyclonedx-library": "^6.11.0",
|
|
29
30
|
"@e965/xlsx": "^0.20.0",
|
|
30
31
|
"@mdi/js": "^7.0.96",
|
|
31
32
|
"@microsoft/microsoft-graph-types": "^2.40.0",
|
|
@@ -21,11 +21,11 @@ export declare function parseHtml(input: unknown): string;
|
|
|
21
21
|
export declare function parseXml(xml: string, additionalOptions?: Record<string, unknown>): Record<string, unknown>;
|
|
22
22
|
export declare function parseCsv(csv: string): unknown[];
|
|
23
23
|
export declare function impactMapping(mapping: Map<string, number>): (severity: unknown) => number;
|
|
24
|
-
export declare class BaseConverter {
|
|
25
|
-
data:
|
|
24
|
+
export declare class BaseConverter<D = Record<string, unknown>> {
|
|
25
|
+
data: D;
|
|
26
26
|
mappings?: MappedTransform<ExecJSON.Execution, ILookupPath>;
|
|
27
27
|
collapseResults: boolean;
|
|
28
|
-
constructor(data:
|
|
28
|
+
constructor(data: D, collapseResults?: boolean);
|
|
29
29
|
setMappings(mappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
30
30
|
toHdf(): ExecJSON.Execution;
|
|
31
31
|
objectMap<T extends Array<unknown>, V>(obj: T, fn: (v: ObjectEntryValue<T>) => V): {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-converter.js","sourceRoot":"","sources":["../../src/base-converter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAkC;AAClC,qDAA0C;AAC1C,wDAA0C;AAE1C,0CAA4B;AAC5B,0DAA6B;AAgC7B,SAAgB,YAAY,CAAC,IAAY,EAAE,SAAS,GAAG,QAAQ;IAC7D,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAHD,oCAGC;AAED,SAAgB,SAAS,CAAC,KAAc;IACtC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;QACrC,MAAM,CAAC,IAAY;YACjB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,EAAE,CAAC;KAChB;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3B,CAAC;AAZD,8BAYC;AAED,SAAgB,QAAQ,CACtB,GAAW,EACX,iBAA2C;IAE3C,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;QACvB,iBAAiB,EAAE,IAAI;QACvB,mBAAmB,EAAE,KAAK;QAC1B,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,IAAI;QACpB,GAAG,iBAAiB;KACrB,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,2BAAS,CAAC,OAAO,CAAC,CAAC;IACtC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAhBD,4BAgBC;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,mBAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAC,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;QACxB,MAAM,MAAM,CAAC,MAAM,CAAC;KACrB;IAED,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AARD,4BAQC;AAED,SAAgB,aAAa,CAC3B,OAA4B;IAE5B,OAAO,CAAC,QAAiB,EAAU,EAAE;QACnC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;SAC5D;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;AACJ,CAAC;AAVD,sCAUC;AAGD,SAAS,kBAAkB,CACzB,KAAe,EACf,GAAW,EACX,eAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,MAAM,QAAQ,GAAQ,EAAE,CAAC;IACzB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAO,EAAE,EAAE;QACxB,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE;gBAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBACjC,OAAO,EAAE,CAAC;aACX;iBAAM;gBACL,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CACrB,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,CACkB,CAAC;gBAC9B,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAC7C,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAC5B,CAAC;gBACF,IAAI,eAAe,EAAE;oBACnB,IACE,YAAY,CAAC,OAAO,CAClB,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAW,CAC9C,KAAK,CAAC,CAAC,EACR;wBACA,CAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CACd,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CACnD,CACF,CAAC;qBACH;iBACF;qBAAM;oBACL,CAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CAAC,CACrE,CAAC;iBACH;aACF;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAa,aAAa;IAKxB,YAAY,
|
|
1
|
+
{"version":3,"file":"base-converter.js","sourceRoot":"","sources":["../../src/base-converter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAkC;AAClC,qDAA0C;AAC1C,wDAA0C;AAE1C,0CAA4B;AAC5B,0DAA6B;AAgC7B,SAAgB,YAAY,CAAC,IAAY,EAAE,SAAS,GAAG,QAAQ;IAC7D,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAHD,oCAGC;AAED,SAAgB,SAAS,CAAC,KAAc;IACtC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;QACrC,MAAM,CAAC,IAAY;YACjB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,EAAE,CAAC;KAChB;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3B,CAAC;AAZD,8BAYC;AAED,SAAgB,QAAQ,CACtB,GAAW,EACX,iBAA2C;IAE3C,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;QACvB,iBAAiB,EAAE,IAAI;QACvB,mBAAmB,EAAE,KAAK;QAC1B,aAAa,EAAE,KAAK;QACpB,cAAc,EAAE,IAAI;QACpB,GAAG,iBAAiB;KACrB,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,2BAAS,CAAC,OAAO,CAAC,CAAC;IACtC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAhBD,4BAgBC;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,mBAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,EAAC,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;QACxB,MAAM,MAAM,CAAC,MAAM,CAAC;KACrB;IAED,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AARD,4BAQC;AAED,SAAgB,aAAa,CAC3B,OAA4B;IAE5B,OAAO,CAAC,QAAiB,EAAU,EAAE;QACnC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;SAC5D;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;AACJ,CAAC;AAVD,sCAUC;AAGD,SAAS,kBAAkB,CACzB,KAAe,EACf,GAAW,EACX,eAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,MAAM,QAAQ,GAAQ,EAAE,CAAC;IACzB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAO,EAAE,EAAE;QACxB,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE;gBAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBACjC,OAAO,EAAE,CAAC;aACX;iBAAM;gBACL,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CACrB,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,CACkB,CAAC;gBAC9B,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAC7C,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAC5B,CAAC;gBACF,IAAI,eAAe,EAAE;oBACnB,IACE,YAAY,CAAC,OAAO,CAClB,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAW,CAC9C,KAAK,CAAC,CAAC,EACR;wBACA,CAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CACd,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CACnD,CACF,CAAC;qBACH;iBACF;qBAAM;oBACL,CAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CAAC,CACrE,CAAC;iBACH;aACF;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAa,aAAa;IAKxB,YAAY,IAAO,EAAE,eAAe,GAAG,KAAK;QAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED,WAAW,CACT,QAA0D;QAE1D,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;SAC9C;aAAM;YACL,MAAM,CAAC,GAAG,IAAI,CAAC,eAAe,CAC5B,IAAI,CAAC,IAA+B,EACpC,IAAI,CAAC,QAAQ,CACd,CAAC;YACF,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7B,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YACzD,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC;SACV;IACH,CAAC;IAED,SAAS,CACP,GAAM,EACN,EAAiC;QAEjC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAwB,CAAC,CAAC,CAAC,CACjD,CAAC;IAC1B,CAAC;IACD,eAAe,CACb,IAA6B,EAC7B,MAAS;QAET,MAAM,iBAAiB,GACrB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAClB,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC;YAC7B,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAC1C,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAChC,IAAI,iBAAiB,EAAE;YACrB,OAAO,CAAC,CAAC,IAAI,CAAC,MAAgB,EAAE,cAAc,CAG7C,CAAC;SACH;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CACjD,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAA6B,CAAC,CACnD,CAAC;QACF,OAAO,MAAsC,CAAC;IAChD,CAAC;IAED,QAAQ,CACN,IAA6B,EAC7B,CAAe;QAEf,MAAM,cAAc,GAClB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;QACnE,IAAI,WAAW,GAAG,CAAC,GAAY,EAAE,EAAE,CAAC,GAAG,CAAC;QACxC,IAAI,cAAc,EAAE;YAClB,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAQ,CAAC;YAC7C,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAW,EAAE,aAAa,CAAM,CAAC;SAC7C;QAED,MAAM,gBAAgB,GACpB,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC;QAEvE,IAAI,aAAa,GAGF,CAAC,GAAY,EAAE,EAAE,CAAC,GAAG,CAAC;QACrC,IAAI,gBAAgB,EAAE;YACpB,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,CAAQ,CAAC;YACjD,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAW,EAAE,eAAe,CAAM,CAAC;SAC/C;QAED,MAAM,OAAO,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QAClD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,OAAO,EAAE;YACX,KAAK,GAAG,aAAa,CACnB,IAAI,CAAC,UAAU,CACb,IAAI,EACJ,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAiC,CACtC,EACZ,IAAI,CACL,CAAC;YACF,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAW,EAAE,MAAM,CAAM,CAAC;SACtC;QAED,IACE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACjB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACjB,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC;YAClB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EACf;YACA,OAAO,WAAW,CAAC,KAAK,CAAM,CAAC;SAChC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YACxB,OAAO,cAAc;gBACnB,CAAC,CAAE,WAAW,CAAC,KAAK,CAAS;gBAC7B,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAY,CAAC,CAAC;SAC1C;QAED,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,EAAE;YAC1C,OAAO;gBACL,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;gBAChC,GAAI,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAE,IAAgB,CAAY;aAChC,CAAC;SACnC;QAED,IAAI,cAAc,EAAE;YAClB,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAE,IAAgB,CAGtB,CAAC;SAClC;QAED,OAAO,OAAO;YACZ,CAAC,CAAC,KAAK;YACP,CAAC,CAAE,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAGI,CAAC;IACxC,CAAC;IAED,WAAW,CACT,IAA6B,EAC7B,CAAyB;;QAEzB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,OAAO,EAAE,CAAC;SACX;QACD,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,KAAK,MAAM,UAAU,IAAI,CAAC,EAAE;YAC1B,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE;gBACjC,MAAM,gBAAgB,GAAG,MAAA,UAAU,CAAC,gBAAgB,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;oBACpB,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACxB,CAAC,CAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CAAqB;wBAC5D,CAAC,CAAC,OAAO,CAAC;gBACd,CAAC,CAAC,CAAC;gBACH,IAAI,MAAM,GAAa,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAM,CAAC,CAAC;gBAClD,IAAI,gBAAgB,KAAK,SAAS,EAAE;oBAClC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;wBACnC,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;4BACtD,CAAC;4BACD,IAAI,CAAC,IAAI;yBACV,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAQ,CAAC;qBACnE;iBACF;gBACD,aAAa,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;aAC/B;iBAAM;gBACL,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;gBAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC;gBAC3B,MAAM,gBAAgB,GAAG,MAAA,UAAU,CAAC,gBAAgB,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjE,MAAM,WAAW,GAAG,MAAA,UAAU,CAAC,WAAW,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvD,MAAM,aAAa,GAAG,MAAA,UAAU,CAAC,aAAa,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3D,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE;oBAC5B,IAAI,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBAC1C,IAAI,aAAa,KAAK,SAAS,EAAE;wBAC/B,OAAO,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;qBACxC;oBACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;wBAC1B,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,OAAgC,EAAE,EAAE;4BACnD,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE;gCACvD,MAAM;gCACN,aAAa;gCACb,kBAAkB;gCAClB,KAAK;gCACL,eAAe;6BAChB,CAAiB,CAAC;wBACrB,CAAC,CAAQ,CAAC;wBACV,IAAI,gBAAgB,KAAK,SAAS,EAAE;4BAClC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;gCACnC,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;oCACjD,CAAC;oCACD,IAAI,CAAC,IAAI;iCACV,CAAC,CAAC;6BACJ;iCAAM;gCACL,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAQ,CAAC;6BACzD;yBACF;wBACD,IAAI,GAAG,KAAK,SAAS,EAAE;4BACrB,CAAC,GAAG,kBAAkB,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;yBACtD;wBACD,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;qBAC1B;yBAAM;wBACL,IAAI,WAAW,KAAK,SAAS,EAAE;4BAC7B,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;yBAChC;wBACD,aAAa,CAAC,IAAI,CAAC,OAAY,CAAC,CAAC;qBAClC;iBACF;aACF;SACF;QAED,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,UAAU,CAAC,IAA6B,EAAE,IAAuB;QAC/D,IAAI,SAAS,GAAG,IAAI,CAAC;QAErB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YAC5B,SAAS,GAAG,CAAC,IAAI,CAAC,CAAC;SACpB;QAED,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAEnE,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE;YAEhB,OAAO,EAAE,CAAC;SACX;aAAM,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YAC5C,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SAC1D;aAAM;YACL,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;SAC5C;IACH,CAAC;IACD,OAAO,CAAC,IAA6B,EAAE,IAAuB;QAC5D,IAAI,SAAS,CAAC;QACd,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YAC5B,SAAS,GAAG,CAAC,IAAI,CAAC,CAAC;SACpB;aAAM;YACL,SAAS,GAAG,IAAI,CAAC;SAClB;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;YAC7B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;gBACtB,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aACrC;iBAAM;gBACL,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;aACvB;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAtPD,sCAsPC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
import { Vulnerability } from '@cyclonedx/cyclonedx-library/dist.d/models/vulnerability';
|
|
4
|
+
import { OptionalBomProperties, OptionalComponentProperties } from '@cyclonedx/cyclonedx-library/dist.d/models';
|
|
5
|
+
type IntermediaryComponent = Omit<OptionalComponentProperties, 'components'> & {
|
|
6
|
+
components?: IntermediaryComponent[];
|
|
7
|
+
affectingVulnerabilities?: string[];
|
|
8
|
+
name: string;
|
|
9
|
+
'bom-ref'?: string;
|
|
10
|
+
isDummy?: boolean;
|
|
11
|
+
};
|
|
12
|
+
type IntermediaryVulnerability = Vulnerability & {
|
|
13
|
+
affectedComponents?: number[];
|
|
14
|
+
};
|
|
15
|
+
type DataStorage = {
|
|
16
|
+
components: IntermediaryComponent[];
|
|
17
|
+
vulnerabilities: IntermediaryVulnerability[];
|
|
18
|
+
raw: OptionalBomProperties;
|
|
19
|
+
};
|
|
20
|
+
export declare class CycloneDXSBOMResults {
|
|
21
|
+
data: DataStorage;
|
|
22
|
+
withRaw: boolean;
|
|
23
|
+
constructor(sbomJson: string, withRaw?: boolean);
|
|
24
|
+
flattenComponents(data: DataStorage): void;
|
|
25
|
+
generateIntermediary(data: DataStorage): void;
|
|
26
|
+
formatVEX(data: DataStorage): void;
|
|
27
|
+
toHdf(): ExecJSON.Execution;
|
|
28
|
+
}
|
|
29
|
+
export declare class CycloneDXSBOMMapper extends BaseConverter<DataStorage> {
|
|
30
|
+
withRaw: boolean;
|
|
31
|
+
getComponentValueAtIndex(index: number, keys: string[]): Record<string, unknown>;
|
|
32
|
+
mappings: MappedTransform<ExecJSON.Execution & {
|
|
33
|
+
passthrough: unknown;
|
|
34
|
+
}, ILookupPath>;
|
|
35
|
+
constructor(exportJson: DataStorage, withRaw?: boolean);
|
|
36
|
+
}
|
|
37
|
+
export {};
|
|
@@ -0,0 +1,431 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.CycloneDXSBOMMapper = exports.CycloneDXSBOMResults = void 0;
|
|
7
|
+
const inspecjs_1 = require("inspecjs");
|
|
8
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
9
|
+
const package_json_1 = require("../package.json");
|
|
10
|
+
const base_converter_1 = require("./base-converter");
|
|
11
|
+
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
12
|
+
const global_1 = require("./utils/global");
|
|
13
|
+
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
|
|
14
|
+
const DEFAULT_NIST_TAG = ['SI-2', 'RA-5'];
|
|
15
|
+
const IMPACT_MAPPING = new Map([
|
|
16
|
+
['critical', 1.0],
|
|
17
|
+
['high', 0.7],
|
|
18
|
+
['medium', 0.5],
|
|
19
|
+
['low', 0.3],
|
|
20
|
+
['info', 0.5],
|
|
21
|
+
['none', 0.0],
|
|
22
|
+
['unknown', 0.5]
|
|
23
|
+
]);
|
|
24
|
+
function formatCWETags(input, addPrefix = true) {
|
|
25
|
+
return [...input].map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`));
|
|
26
|
+
}
|
|
27
|
+
function getNISTTags(input) {
|
|
28
|
+
return CWE_NIST_MAPPING.nistFilter(formatCWETags(input, false), DEFAULT_NIST_TAG);
|
|
29
|
+
}
|
|
30
|
+
function maxImpact(ratings) {
|
|
31
|
+
return [...ratings]
|
|
32
|
+
.map((rating) => rating.score && lodash_1.default.get(rating, 'method') === 'CVSSv31'
|
|
33
|
+
?
|
|
34
|
+
rating.score / 10
|
|
35
|
+
:
|
|
36
|
+
IMPACT_MAPPING.get(rating.severity.toLowerCase()))
|
|
37
|
+
.reduce((maxValue, newValue) => maxValue > newValue ? maxValue : newValue, 0);
|
|
38
|
+
}
|
|
39
|
+
function skipSeverityInfoOrUnknown(controls) {
|
|
40
|
+
if (controls) {
|
|
41
|
+
controls
|
|
42
|
+
.filter((control) => {
|
|
43
|
+
const ratings = lodash_1.default.get(control, 'tags.ratings', '').split(/ - |, /);
|
|
44
|
+
return ((ratings.includes('info') || ratings.includes('unknown')) &&
|
|
45
|
+
!(ratings.includes('critical') ||
|
|
46
|
+
ratings.includes('high') ||
|
|
47
|
+
ratings.includes('medium') ||
|
|
48
|
+
ratings.includes('low') ||
|
|
49
|
+
ratings.includes('none')));
|
|
50
|
+
})
|
|
51
|
+
.map((control) => control.results.map((result) => {
|
|
52
|
+
result.status = inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
53
|
+
result.skip_message =
|
|
54
|
+
'Manual review required because a CycloneDX rating severity is set to `info` or `unknown`.';
|
|
55
|
+
}));
|
|
56
|
+
}
|
|
57
|
+
return controls;
|
|
58
|
+
}
|
|
59
|
+
class CycloneDXSBOMResults {
|
|
60
|
+
constructor(sbomJson, withRaw = false) {
|
|
61
|
+
this.data = {
|
|
62
|
+
components: [],
|
|
63
|
+
vulnerabilities: [],
|
|
64
|
+
raw: JSON.parse(sbomJson)
|
|
65
|
+
};
|
|
66
|
+
this.withRaw = withRaw;
|
|
67
|
+
if (this.data.raw.components) {
|
|
68
|
+
this.flattenComponents(this.data);
|
|
69
|
+
if (this.data.raw.vulnerabilities) {
|
|
70
|
+
this.generateIntermediary(this.data);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
else if (this.data.raw.vulnerabilities) {
|
|
74
|
+
this.formatVEX(this.data);
|
|
75
|
+
}
|
|
76
|
+
else {
|
|
77
|
+
throw new Error('Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.');
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
flattenComponents(data) {
|
|
81
|
+
data.components = [
|
|
82
|
+
...lodash_1.default.cloneDeep(data.raw.components)
|
|
83
|
+
];
|
|
84
|
+
for (const component of data.components) {
|
|
85
|
+
if (component.components) {
|
|
86
|
+
data.components.push(...component.components);
|
|
87
|
+
delete component.components;
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
generateIntermediary(data) {
|
|
92
|
+
data.vulnerabilities = [
|
|
93
|
+
...lodash_1.default.cloneDeep(data.raw.vulnerabilities)
|
|
94
|
+
];
|
|
95
|
+
for (const vulnerability of data.vulnerabilities) {
|
|
96
|
+
vulnerability.affectedComponents = [];
|
|
97
|
+
vulnerability.affectedComponents.push(...Array.from(data.components.entries())
|
|
98
|
+
.filter(([_index, component]) => [...vulnerability.affects]
|
|
99
|
+
.map((id) => id.ref.toString())
|
|
100
|
+
.includes(component['bom-ref']))
|
|
101
|
+
.map(([index, _component]) => index));
|
|
102
|
+
for (const index of vulnerability.affectedComponents) {
|
|
103
|
+
if (!data.components[index].affectingVulnerabilities) {
|
|
104
|
+
data.components[index].affectingVulnerabilities = [];
|
|
105
|
+
}
|
|
106
|
+
data.components[index].affectingVulnerabilities.push(lodash_1.default.get(vulnerability, 'bom-ref'));
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
formatVEX(data) {
|
|
111
|
+
data.vulnerabilities = [
|
|
112
|
+
...lodash_1.default.cloneDeep(data.raw.vulnerabilities)
|
|
113
|
+
];
|
|
114
|
+
for (const vulnerability of data.vulnerabilities) {
|
|
115
|
+
vulnerability.affectedComponents = [...vulnerability.affects].map((id) => {
|
|
116
|
+
const dummy = {
|
|
117
|
+
name: `${id.ref}`,
|
|
118
|
+
'bom-ref': `${id.ref}`,
|
|
119
|
+
isDummy: true
|
|
120
|
+
};
|
|
121
|
+
data.components.push(dummy);
|
|
122
|
+
return data.components.length - 1;
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
toHdf() {
|
|
127
|
+
return new CycloneDXSBOMMapper(this.data, this.withRaw).toHdf();
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
exports.CycloneDXSBOMResults = CycloneDXSBOMResults;
|
|
131
|
+
class CycloneDXSBOMMapper extends base_converter_1.BaseConverter {
|
|
132
|
+
getComponentValueAtIndex(index, keys) {
|
|
133
|
+
return lodash_1.default.pick(this.data.components[index], keys);
|
|
134
|
+
}
|
|
135
|
+
constructor(exportJson, withRaw = false) {
|
|
136
|
+
super(exportJson, true);
|
|
137
|
+
this.mappings = {
|
|
138
|
+
platform: {
|
|
139
|
+
name: 'Heimdall Tools',
|
|
140
|
+
release: package_json_1.version
|
|
141
|
+
},
|
|
142
|
+
version: package_json_1.version,
|
|
143
|
+
statistics: {},
|
|
144
|
+
profiles: [
|
|
145
|
+
{
|
|
146
|
+
name: {
|
|
147
|
+
path: 'raw.metadata.component',
|
|
148
|
+
transformer: (input) => lodash_1.default.has(input, 'bom-ref')
|
|
149
|
+
? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}`
|
|
150
|
+
: 'CycloneDX BOM Report'
|
|
151
|
+
},
|
|
152
|
+
title: {
|
|
153
|
+
path: 'raw.metadata.component',
|
|
154
|
+
transformer: (input) => {
|
|
155
|
+
if (input.name) {
|
|
156
|
+
const group = input.group ? `${input.group}/` : '';
|
|
157
|
+
return `${group}${input.name} CycloneDX BOM Report`;
|
|
158
|
+
}
|
|
159
|
+
else {
|
|
160
|
+
return 'CycloneDX BOM Report';
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
},
|
|
164
|
+
version: {
|
|
165
|
+
path: 'raw.metadata.component.version',
|
|
166
|
+
transformer: global_1.filterString
|
|
167
|
+
},
|
|
168
|
+
maintainer: {
|
|
169
|
+
path: 'raw.metadata.component',
|
|
170
|
+
transformer: (input) => {
|
|
171
|
+
const manufacturer = lodash_1.default.has(input, 'manufacturer')
|
|
172
|
+
? ` (${input.manufacturer.name})`
|
|
173
|
+
: '';
|
|
174
|
+
if (lodash_1.default.has(input, 'authors')) {
|
|
175
|
+
return input.authors
|
|
176
|
+
.map((author) => `${author.name}${manufacturer}`)
|
|
177
|
+
.join(', ');
|
|
178
|
+
}
|
|
179
|
+
else if (input.author) {
|
|
180
|
+
return `${input.author}${manufacturer}`;
|
|
181
|
+
}
|
|
182
|
+
else {
|
|
183
|
+
return undefined;
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
},
|
|
187
|
+
summary: {
|
|
188
|
+
path: 'raw.metadata.component.description',
|
|
189
|
+
transformer: global_1.filterString
|
|
190
|
+
},
|
|
191
|
+
copyright: {
|
|
192
|
+
path: 'raw.metadata.component.copyright',
|
|
193
|
+
transformer: global_1.filterString
|
|
194
|
+
},
|
|
195
|
+
license: {
|
|
196
|
+
path: 'raw.metadata.component',
|
|
197
|
+
transformer: (input) => {
|
|
198
|
+
if (input.licenses) {
|
|
199
|
+
return [...input.licenses]
|
|
200
|
+
.map((license) => lodash_1.default.has(license, 'license.name')
|
|
201
|
+
? lodash_1.default.get(license, 'license.name')
|
|
202
|
+
: lodash_1.default.get(license, 'license.id'))
|
|
203
|
+
.join(', ');
|
|
204
|
+
}
|
|
205
|
+
return undefined;
|
|
206
|
+
}
|
|
207
|
+
},
|
|
208
|
+
supports: [],
|
|
209
|
+
attributes: [],
|
|
210
|
+
groups: [],
|
|
211
|
+
status: 'loaded',
|
|
212
|
+
controls: [
|
|
213
|
+
{
|
|
214
|
+
path: 'vulnerabilities',
|
|
215
|
+
key: 'id',
|
|
216
|
+
tags: {
|
|
217
|
+
nist: {
|
|
218
|
+
path: 'cwes',
|
|
219
|
+
transformer: getNISTTags
|
|
220
|
+
},
|
|
221
|
+
cci: {
|
|
222
|
+
path: 'cwes',
|
|
223
|
+
transformer: (input) => (0, global_1.getCCIsForNISTTags)(getNISTTags(input))
|
|
224
|
+
},
|
|
225
|
+
cwe: { path: 'cwes', transformer: formatCWETags },
|
|
226
|
+
'bom-ref': {
|
|
227
|
+
path: 'bom-ref',
|
|
228
|
+
transformer: global_1.filterString
|
|
229
|
+
},
|
|
230
|
+
ratings: {
|
|
231
|
+
path: 'ratings',
|
|
232
|
+
transformer: (input) => input
|
|
233
|
+
? [...input]
|
|
234
|
+
.map((rating) => {
|
|
235
|
+
const ratingSource = rating.source.name
|
|
236
|
+
? `${rating.source.name} - `
|
|
237
|
+
: 'Unidentified Source - ';
|
|
238
|
+
return `${ratingSource}${rating.severity}`;
|
|
239
|
+
})
|
|
240
|
+
.join(', ')
|
|
241
|
+
: undefined
|
|
242
|
+
},
|
|
243
|
+
created: {
|
|
244
|
+
path: 'created',
|
|
245
|
+
transformer: global_1.filterString
|
|
246
|
+
},
|
|
247
|
+
published: {
|
|
248
|
+
path: 'published',
|
|
249
|
+
transformer: global_1.filterString
|
|
250
|
+
},
|
|
251
|
+
updated: {
|
|
252
|
+
path: 'updated',
|
|
253
|
+
transformer: global_1.filterString
|
|
254
|
+
},
|
|
255
|
+
rejected: {
|
|
256
|
+
path: 'rejected',
|
|
257
|
+
transformer: global_1.filterString
|
|
258
|
+
},
|
|
259
|
+
credits: {
|
|
260
|
+
path: 'credits',
|
|
261
|
+
transformer: (input) => input
|
|
262
|
+
? `${[...input.individuals].map((individual) => individual.name).join(', ')}`
|
|
263
|
+
: undefined
|
|
264
|
+
},
|
|
265
|
+
tools: {
|
|
266
|
+
path: 'tools',
|
|
267
|
+
transformer: (input) => input
|
|
268
|
+
? [...input].map((tool) => tool.name).join(', ')
|
|
269
|
+
: undefined
|
|
270
|
+
},
|
|
271
|
+
'analysis.state': {
|
|
272
|
+
path: 'analysis.state',
|
|
273
|
+
transformer: global_1.filterString
|
|
274
|
+
},
|
|
275
|
+
'analysis.justification': {
|
|
276
|
+
path: 'analysis.justification',
|
|
277
|
+
transformer: global_1.filterString
|
|
278
|
+
},
|
|
279
|
+
'analysis.response': {
|
|
280
|
+
path: 'analysis.response',
|
|
281
|
+
transformer: (input) => input && [...input].length > 0
|
|
282
|
+
? [...input].join(', ')
|
|
283
|
+
: undefined
|
|
284
|
+
},
|
|
285
|
+
'analysis.detail': {
|
|
286
|
+
path: 'analysis.detail',
|
|
287
|
+
transformer: global_1.filterString
|
|
288
|
+
},
|
|
289
|
+
'analysis.firstIssued': {
|
|
290
|
+
path: 'analysis.firstIssued',
|
|
291
|
+
transformer: global_1.filterString
|
|
292
|
+
},
|
|
293
|
+
'analysis.lastUpdated': {
|
|
294
|
+
path: 'analysis.lastUpdated',
|
|
295
|
+
transformer: global_1.filterString
|
|
296
|
+
}
|
|
297
|
+
},
|
|
298
|
+
descriptions: {
|
|
299
|
+
transformer: (input) => {
|
|
300
|
+
const recommendation = input.recommendation
|
|
301
|
+
? `Recommendation: ${input.recommendation}`
|
|
302
|
+
: '';
|
|
303
|
+
const workaround = lodash_1.default.has(input, 'workaround')
|
|
304
|
+
? `Workaround: ${input.workaround}`
|
|
305
|
+
: '';
|
|
306
|
+
return [
|
|
307
|
+
recommendation || workaround
|
|
308
|
+
? {
|
|
309
|
+
data: `${recommendation}\n\n${workaround}`.trim(),
|
|
310
|
+
label: 'fix'
|
|
311
|
+
}
|
|
312
|
+
: undefined,
|
|
313
|
+
lodash_1.default.has(input, 'proofOfConcept')
|
|
314
|
+
? {
|
|
315
|
+
data: `Proof of concept: ${JSON.stringify(lodash_1.default.get(input, 'proofOfConcept'), null, 2)}`,
|
|
316
|
+
label: 'check'
|
|
317
|
+
}
|
|
318
|
+
: undefined
|
|
319
|
+
].filter((subdescription) => subdescription);
|
|
320
|
+
}
|
|
321
|
+
},
|
|
322
|
+
refs: [
|
|
323
|
+
{
|
|
324
|
+
transformer: (input) => {
|
|
325
|
+
const searchFor = ['source', 'references', 'advisories'];
|
|
326
|
+
const ref = searchFor
|
|
327
|
+
.filter((key) => input.hasOwnProperty(key))
|
|
328
|
+
.map((key) => lodash_1.default.pick(input, key));
|
|
329
|
+
return { ref: ref };
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
],
|
|
333
|
+
source_location: {},
|
|
334
|
+
title: {
|
|
335
|
+
transformer: (input) => input.description ? `${input.description}` : `${input.id}`
|
|
336
|
+
},
|
|
337
|
+
id: { path: 'id' },
|
|
338
|
+
desc: {
|
|
339
|
+
transformer: (input) => {
|
|
340
|
+
const description = input.description
|
|
341
|
+
? `Description: ${input.description}`
|
|
342
|
+
: '';
|
|
343
|
+
const detail = input.detail ? `Detail: ${input.detail}` : '';
|
|
344
|
+
return (0, global_1.filterString)(`${description}\n\n${detail}`.trim());
|
|
345
|
+
}
|
|
346
|
+
},
|
|
347
|
+
impact: {
|
|
348
|
+
transformer: (input) => maxImpact(input.ratings)
|
|
349
|
+
},
|
|
350
|
+
code: {
|
|
351
|
+
transformer: (vulnerability) => JSON.stringify(lodash_1.default.omit(vulnerability, 'affectedComponents'), null, 2)
|
|
352
|
+
},
|
|
353
|
+
arrayTransformer: skipSeverityInfoOrUnknown,
|
|
354
|
+
results: [
|
|
355
|
+
{
|
|
356
|
+
path: 'affectedComponents',
|
|
357
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
358
|
+
code_desc: {
|
|
359
|
+
transformer: (index) => {
|
|
360
|
+
const selectComponentValues = this.getComponentValueAtIndex(index, ['group', 'version', 'name']);
|
|
361
|
+
const group = lodash_1.default.has(selectComponentValues, 'group')
|
|
362
|
+
? `${selectComponentValues.group}/`
|
|
363
|
+
: '';
|
|
364
|
+
const version = lodash_1.default.has(selectComponentValues, 'version')
|
|
365
|
+
? `@${selectComponentValues.version}`
|
|
366
|
+
: '';
|
|
367
|
+
return `Component ${group}${lodash_1.default.get(selectComponentValues, 'name')}${version} is vulnerable`;
|
|
368
|
+
}
|
|
369
|
+
},
|
|
370
|
+
message: {
|
|
371
|
+
transformer: (index) => {
|
|
372
|
+
const selectComponentValues = this.getComponentValueAtIndex(index, [
|
|
373
|
+
'type',
|
|
374
|
+
'mime-type',
|
|
375
|
+
'bom-ref',
|
|
376
|
+
'supplier',
|
|
377
|
+
'manufacturer',
|
|
378
|
+
'authors',
|
|
379
|
+
'author',
|
|
380
|
+
'publisher',
|
|
381
|
+
'group',
|
|
382
|
+
'name',
|
|
383
|
+
'version',
|
|
384
|
+
'description',
|
|
385
|
+
'licenses',
|
|
386
|
+
'copyright'
|
|
387
|
+
]);
|
|
388
|
+
const msg = Object.keys(selectComponentValues)
|
|
389
|
+
.map((key) => {
|
|
390
|
+
return Array.isArray(selectComponentValues[key])
|
|
391
|
+
? `\n\n- ${lodash_1.default.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`
|
|
392
|
+
: `\n\n- ${lodash_1.default.capitalize(key)}: ${selectComponentValues[key]}`;
|
|
393
|
+
})
|
|
394
|
+
.join('');
|
|
395
|
+
return `-Component Summary-${msg}`;
|
|
396
|
+
}
|
|
397
|
+
},
|
|
398
|
+
start_time: ''
|
|
399
|
+
}
|
|
400
|
+
]
|
|
401
|
+
}
|
|
402
|
+
],
|
|
403
|
+
sha256: ''
|
|
404
|
+
}
|
|
405
|
+
],
|
|
406
|
+
passthrough: {
|
|
407
|
+
transformer: (input) => {
|
|
408
|
+
const components = input.components.filter((component) => !component.isDummy);
|
|
409
|
+
return {
|
|
410
|
+
auxiliary_data: [
|
|
411
|
+
{
|
|
412
|
+
name: 'SBOM',
|
|
413
|
+
components: components.length ? components : undefined,
|
|
414
|
+
dependencies: lodash_1.default.get(input, 'raw.dependencies'),
|
|
415
|
+
data: lodash_1.default.omit(input.raw, [
|
|
416
|
+
'components',
|
|
417
|
+
'vulnerabilities',
|
|
418
|
+
'dependencies'
|
|
419
|
+
])
|
|
420
|
+
}
|
|
421
|
+
],
|
|
422
|
+
...(this.withRaw && { raw: input.raw })
|
|
423
|
+
};
|
|
424
|
+
}
|
|
425
|
+
}
|
|
426
|
+
};
|
|
427
|
+
this.withRaw = withRaw;
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
exports.CycloneDXSBOMMapper = CycloneDXSBOMMapper;
|
|
431
|
+
//# sourceMappingURL=cyclonedx-sbom-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cyclonedx-sbom-mapper.js","sourceRoot":"","sources":["../../src/cyclonedx-sbom-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAA6E;AAC7E,8DAAyD;AACzD,2CAAgE;AAuChE,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC1C,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,SAAS,EAAE,GAAG,CAAC;CACjB,CAAC,CAAC;AAGH,SAAS,aAAa,CAAC,KAAoB,EAAE,SAAS,GAAG,IAAI;IAC3D,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC;AACxE,CAAC;AAGD,SAAS,WAAW,CAAC,KAAoB;IACvC,OAAO,gBAAgB,CAAC,UAAU,CAChC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,EAC3B,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAID,SAAS,SAAS,CAAC,OAAyB;IAC1C,OAAO,CAAC,GAAG,OAAO,CAAC;SAChB,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACd,MAAM,CAAC,KAAK,IAAI,gBAAC,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,SAAS;QACnD,CAAC;YACC,MAAM,CAAC,KAAK,GAAG,EAAE;QACnB,CAAC;YACE,cAAc,CAAC,GAAG,CAChB,MAAM,CAAC,QAAqB,CAAC,WAAW,EAAE,CACjC,CACjB;SACA,MAAM,CACL,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE,CAErB,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAC3C,CAAC,CACF,CAAC;AACN,CAAC;AAGD,SAAS,yBAAyB,CAAC,QAAmB;IACpD,IAAI,QAAQ,EAAE;QACX,QAA+B;aAE7B,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;YAClB,MAAM,OAAO,GAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE,CAAY,CAAC,KAAK,CAClE,QAAQ,CACT,CAAC;YACF,OAAO,CACL,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC,CACC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;oBACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC1B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CACzB,CACF,CAAC;QACJ,CAAC,CAAC;aAED,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CACf,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAC7B,MAAM,CAAC,MAAM,GAAG,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACrD,MAAM,CAAC,YAAY;gBACjB,2FAA2F,CAAC;QAChG,CAAC,CAAC,CACH,CAAC;KACL;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAa,oBAAoB;IAG/B,YAAY,QAAgB,EAAE,OAAO,GAAG,KAAK;QAC3C,IAAI,CAAC,IAAI,GAAG;YACV,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,EAAE;YACnB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;SAC1B,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE;YAE5B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE;gBAEjC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aACtC;SACF;aAAM,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE;YAExC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SAC3B;aAAM;YACL,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;IACH,CAAC;IAGD,iBAAiB,CAAC,IAAiB;QAEjC,IAAI,CAAC,UAAU,GAAG;YAChB,GAAI,gBAAC,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAyB;SACvB,CAAC;QAGxC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE;YAEvC,IAAI,SAAS,CAAC,UAAU,EAAE;gBAExB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;gBAC9C,OAAO,SAAS,CAAC,UAAU,CAAC;aAC7B;SACF;IACH,CAAC;IAgCD,oBAAoB,CAAC,IAAiB;QAEpC,IAAI,CAAC,eAAe,GAAG;YACrB,GAAI,gBAAC,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAA6B;SAC5B,CAAC;QAE5C,KAAK,MAAM,aAAa,IAAI,IAAI,CAAC,eAAe,EAAE;YAChD,aAAa,CAAC,kBAAkB,GAAG,EAAE,CAAC;YAEtC,aAAa,CAAC,kBAAkB,CAAC,IAAI,CACnC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;iBAErC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE,EAAE,CAC9B,CAAC,GAAG,aAAa,CAAC,OAAO,CAAC;iBACvB,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;iBAC9B,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAW,CAAC,CAC5C;iBAEA,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CACvC,CAAC;YAGF,KAAK,MAAM,KAAK,IAAI,aAAa,CAAC,kBAAkB,EAAE;gBACpD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,wBAAwB,EAAE;oBACpD,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,wBAAwB,GAAG,EAAE,CAAC;iBACtD;gBACA,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,wBAAqC,CAAC,IAAI,CAChE,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAsB,CACrD,CAAC;aACH;SACF;IACH,CAAC;IAID,SAAS,CAAC,IAAiB;QAEzB,IAAI,CAAC,eAAe,GAAG;YACrB,GAAI,gBAAC,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAA6B;SAC5B,CAAC;QAE5C,KAAK,MAAM,aAAa,IAAI,IAAI,CAAC,eAAe,EAAE;YAChD,aAAa,CAAC,kBAAkB,GAAG,CAAC,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,GAAG,CAC/D,CAAC,EAAE,EAAE,EAAE;gBAEL,MAAM,KAAK,GAA0B;oBACnC,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;oBACjB,SAAS,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;oBACtB,OAAO,EAAE,IAAI;iBACd,CAAC;gBAEF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAE5B,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;YACpC,CAAC,CACF,CAAC;SACH;IACH,CAAC;IAED,KAAK;QACH,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;IAClE,CAAC;CACF;AA1ID,oDA0IC;AAED,MAAa,mBAAoB,SAAQ,8BAA0B;IAIjE,wBAAwB,CACtB,KAAa,EACb,IAAc;QAEd,OAAO,gBAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;IACnD,CAAC;IAiVD,YAAY,UAAuB,EAAE,OAAO,GAAG,KAAK;QAClD,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAhV1B,aAAQ,GAGJ;YACF,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;aAC9B;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE;wBACJ,IAAI,EAAE,wBAAwB;wBAC9B,WAAW,EAAE,CAAC,KAAgB,EAAU,EAAE,CACxC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC;4BACrB,CAAC,CAAC,yBAAyB,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,SAAS,CAAC,EAAE;4BAC3D,CAAC,CAAC,sBAAsB;qBAC7B;oBACD,KAAK,EAAE;wBACL,IAAI,EAAE,wBAAwB;wBAC9B,WAAW,EAAE,CAAC,KAAgB,EAAU,EAAE;4BACxC,IAAI,KAAK,CAAC,IAAI,EAAE;gCACd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gCACnD,OAAO,GAAG,KAAK,GAAG,KAAK,CAAC,IAAI,uBAAuB,CAAC;6BACrD;iCAAM;gCACL,OAAO,sBAAsB,CAAC;6BAC/B;wBACH,CAAC;qBACF;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,gCAAgC;wBACtC,WAAW,EAAE,qBAAY;qBAC1B;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,wBAAwB;wBAC9B,WAAW,EAAE,CAAC,KAAgB,EAAsB,EAAE;4BAEpD,MAAM,YAAY,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,cAAc,CAAC;gCAC/C,CAAC,CAAC,KAAM,KAAK,CAAC,YAAwC,CAAC,IAAI,GAAG;gCAC9D,CAAC,CAAC,EAAE,CAAC;4BAEP,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE;gCAE3B,OAAQ,KAAK,CAAC,OAAqC;qCAChD,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC;qCAChD,IAAI,CAAC,IAAI,CAAC,CAAC;6BACf;iCAAM,IAAI,KAAK,CAAC,MAAM,EAAE;gCAEvB,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,YAAY,EAAE,CAAC;6BACzC;iCAAM;gCACL,OAAO,SAAS,CAAC;6BAClB;wBACH,CAAC;qBACF;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,oCAAoC;wBAC1C,WAAW,EAAE,qBAAY;qBAC1B;oBACD,SAAS,EAAE;wBACT,IAAI,EAAE,kCAAkC;wBACxC,WAAW,EAAE,qBAAY;qBAC1B;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,wBAAwB;wBAC9B,WAAW,EAAE,CAAC,KAAgB,EAAsB,EAAE;4BACpD,IAAI,KAAK,CAAC,QAAQ,EAAE;gCAGlB,OAAO,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC;qCACvB,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CACf,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC;oCAC5B,CAAC,CAAC,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC;oCAChC,CAAC,CAAC,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CACjC;qCACA,IAAI,CAAC,IAAI,CAAC,CAAC;6BACf;4BAED,OAAO,SAAS,CAAC;wBACnB,CAAC;qBACF;oBACD,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,iBAAiB;4BACvB,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,MAAM;oCACZ,WAAW,EAAE,WAAW;iCACzB;gCACD,GAAG,EAAE;oCACH,IAAI,EAAE,MAAM;oCACZ,WAAW,EAAE,CAAC,KAAoB,EAAY,EAAE,CAC9C,IAAA,2BAAkB,EAAC,WAAW,CAAC,KAAK,CAAC,CAAC;iCACzC;gCACD,GAAG,EAAE,EAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAC;gCAC/C,SAAS,EAAE;oCACT,IAAI,EAAE,SAAS;oCACf,WAAW,EAAE,qBAAY;iCAC1B;gCACD,OAAO,EAAE;oCACP,IAAI,EAAE,SAAS;oCACf,WAAW,EAAE,CAAC,KAAuB,EAAsB,EAAE,CAC3D,KAAK;wCACH,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;6CACP,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;4CACd,MAAM,YAAY,GAAI,MAAM,CAAC,MAAiB,CAAC,IAAI;gDACjD,CAAC,CAAC,GAAI,MAAM,CAAC,MAAiB,CAAC,IAAI,KAAK;gDACxC,CAAC,CAAC,wBAAwB,CAAC;4CAC7B,OAAO,GAAG,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;wCAC7C,CAAC,CAAC;6CACD,IAAI,CAAC,IAAI,CAAC;wCACf,CAAC,CAAC,SAAS;iCAChB;gCACD,OAAO,EAAE;oCACP,IAAI,EAAE,SAAS;oCACf,WAAW,EAAE,qBAAY;iCAC1B;gCACD,SAAS,EAAE;oCACT,IAAI,EAAE,WAAW;oCACjB,WAAW,EAAE,qBAAY;iCAC1B;gCACD,OAAO,EAAE;oCACP,IAAI,EAAE,SAAS;oCACf,WAAW,EAAE,qBAAY;iCAC1B;gCAED,QAAQ,EAAE;oCACR,IAAI,EAAE,UAAU;oCAChB,WAAW,EAAE,qBAAY;iCAC1B;gCACD,OAAO,EAAE;oCACP,IAAI,EAAE,SAAS;oCACf,WAAW,EAAE,CAAC,KAAc,EAAsB,EAAE,CAClD,KAAK;wCACH,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;wCAC7E,CAAC,CAAC,SAAS;iCAChB;gCACD,KAAK,EAAE;oCACL,IAAI,EAAE,OAAO;oCACb,WAAW,EAAE,CAAC,KAAqB,EAAsB,EAAE,CACzD,KAAK;wCACH,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;wCAChD,CAAC,CAAC,SAAS;iCAChB;gCAED,gBAAgB,EAAE;oCAChB,IAAI,EAAE,gBAAgB;oCACtB,WAAW,EAAE,qBAAY;iCAC1B;gCACD,wBAAwB,EAAE;oCACxB,IAAI,EAAE,wBAAwB;oCAC9B,WAAW,EAAE,qBAAY;iCAC1B;gCACD,mBAAmB,EAAE;oCACnB,IAAI,EAAE,mBAAmB;oCACzB,WAAW,EAAE,CACX,KAAiC,EACb,EAAE,CACtB,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC;wCAC5B,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;wCACvB,CAAC,CAAC,SAAS;iCAChB;gCACD,iBAAiB,EAAE;oCACjB,IAAI,EAAE,iBAAiB;oCACvB,WAAW,EAAE,qBAAY;iCAC1B;gCACD,sBAAsB,EAAE;oCACtB,IAAI,EAAE,sBAAsB;oCAC5B,WAAW,EAAE,qBAAY;iCAC1B;gCACD,sBAAsB,EAAE;oCACtB,IAAI,EAAE,sBAAsB;oCAC5B,WAAW,EAAE,qBAAY;iCAC1B;6BACF;4BACD,YAAY,EAAE;gCACZ,WAAW,EAAE,CAAC,KAAoB,EAAE,EAAE;oCACpC,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc;wCACzC,CAAC,CAAC,mBAAmB,KAAK,CAAC,cAAc,EAAE;wCAC3C,CAAC,CAAC,EAAE,CAAC;oCAEP,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC;wCAC3C,CAAC,CAAC,eAAe,KAAK,CAAC,UAAU,EAAE;wCACnC,CAAC,CAAC,EAAE,CAAC;oCACP,OAAO;wCACL,cAAc,IAAI,UAAU;4CAC1B,CAAC,CAAC;gDACE,IAAI,EAAE,GAAG,cAAc,OAAO,UAAU,EAAE,CAAC,IAAI,EAAE;gDACjD,KAAK,EAAE,KAAK;6CACb;4CACH,CAAC,CAAC,SAAS;wCACb,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;4CAC5B,CAAC,CAAC;gDACE,IAAI,EAAE,qBAAqB,IAAI,CAAC,SAAS,CACvC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAC9B,IAAI,EACJ,CAAC,CACF,EAAE;gDACH,KAAK,EAAE,OAAO;6CACf;4CACH,CAAC,CAAC,SAAS;qCACd,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC;gCAC/C,CAAC;6BAC0C;4BAC7C,IAAI,EAAE;gCACJ;oCACE,WAAW,EAAE,CACX,KAA8B,EACL,EAAE;wCAC3B,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;wCACzD,MAAM,GAAG,GAAG,SAAS;6CAClB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;6CAC1C,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,gBAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;wCACpC,OAAO,EAAC,GAAG,EAAE,GAAG,EAAC,CAAC;oCACpB,CAAC;iCACF;6BACF;4BACD,eAAe,EAAE,EAAE;4BACnB,KAAK,EAAE;gCAEL,WAAW,EAAE,CAAC,KAAoB,EAAU,EAAE,CAC5C,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,EAAE,EAAE;6BAC7D;4BACD,EAAE,EAAE,EAAC,IAAI,EAAE,IAAI,EAAC;4BAChB,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,KAAoB,EAAsB,EAAE;oCACxD,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW;wCACnC,CAAC,CAAC,gBAAgB,KAAK,CAAC,WAAW,EAAE;wCACrC,CAAC,CAAC,EAAE,CAAC;oCACP,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oCAC7D,OAAO,IAAA,qBAAY,EAAC,GAAG,WAAW,OAAO,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;gCAC5D,CAAC;6BACF;4BACD,MAAM,EAAE;gCACN,WAAW,EAAE,CAAC,KAAoB,EAAU,EAAE,CAC5C,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC;6BAC3B;4BACD,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,aAAsC,EAAU,EAAE,CAC9D,IAAI,CAAC,SAAS,CACZ,gBAAC,CAAC,IAAI,CAAC,aAAa,EAAE,oBAAoB,CAAC,EAC3C,IAAI,EACJ,CAAC,CACF;6BACJ;4BACD,gBAAgB,EAAE,yBAAyB;4BAC3C,OAAO,EAAE;gCACP;oCACE,IAAI,EAAE,oBAAoB;oCAC1B,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE;wCACT,WAAW,EAAE,CAAC,KAAa,EAAU,EAAE;4CACrC,MAAM,qBAAqB,GAAG,IAAI,CAAC,wBAAwB,CACzD,KAAK,EACL,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAC7B,CAAC;4CACF,MAAM,KAAK,GAAG,gBAAC,CAAC,GAAG,CAAC,qBAAqB,EAAE,OAAO,CAAC;gDACjD,CAAC,CAAC,GAAG,qBAAqB,CAAC,KAAK,GAAG;gDACnC,CAAC,CAAC,EAAE,CAAC;4CACP,MAAM,OAAO,GAAG,gBAAC,CAAC,GAAG,CAAC,qBAAqB,EAAE,SAAS,CAAC;gDACrD,CAAC,CAAC,IAAI,qBAAqB,CAAC,OAAO,EAAE;gDACrC,CAAC,CAAC,EAAE,CAAC;4CACP,OAAO,aAAa,KAAK,GAAG,gBAAC,CAAC,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,GAAG,OAAO,gBAAgB,CAAC;wCAC7F,CAAC;qCACF;oCACD,OAAO,EAAE;wCACP,WAAW,EAAE,CAAC,KAAa,EAAU,EAAE;4CAErC,MAAM,qBAAqB,GAAG,IAAI,CAAC,wBAAwB,CACzD,KAAK,EACL;gDACE,MAAM;gDACN,WAAW;gDACX,SAAS;gDACT,UAAU;gDACV,cAAc;gDACd,SAAS;gDACT,QAAQ;gDACR,WAAW;gDACX,OAAO;gDACP,MAAM;gDACN,SAAS;gDACT,aAAa;gDACb,UAAU;gDACV,WAAW;6CACZ,CACF,CAAC;4CACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC;iDAC3C,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;gDACX,OAAO,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;oDAC9C,CAAC,CAAC,SAAS,gBAAC,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;oDACtF,CAAC,CAAC,SAAS,gBAAC,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;4CAClE,CAAC,CAAC;iDACD,IAAI,CAAC,EAAE,CAAC,CAAC;4CACZ,OAAO,sBAAsB,GAAG,EAAE,CAAC;wCACrC,CAAC;qCACF;oCACD,UAAU,EAAE,EAAE;iCACf;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;YACD,WAAW,EAAE;gBACX,WAAW,EAAE,CAAC,KAAkB,EAA2B,EAAE;oBAG3D,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CACxC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,OAAO,CAClC,CAAC;oBACF,OAAO;wBACL,cAAc,EAAE;4BACd;gCACE,IAAI,EAAE,MAAM;gCACZ,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;gCACtD,YAAY,EAAE,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,kBAAkB,CAAC;gCAC9C,IAAI,EAAE,gBAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;oCACtB,YAAY;oCACZ,iBAAiB;oCACjB,cAAc;iCACf,CAAC;6BACH;yBACF;wBACD,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAC,GAAG,EAAE,KAAK,CAAC,GAAG,EAAC,CAAC;qBACtC,CAAC;gBACJ,CAAC;aACF;SACF,CAAC;QAGA,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AA9VD,kDA8VC"}
|
|
@@ -41,11 +41,11 @@ class TwistlockResults {
|
|
|
41
41
|
constructor(twistlockJson, withRaw = false) {
|
|
42
42
|
this.data = JSON.parse(twistlockJson);
|
|
43
43
|
this.withRaw = withRaw;
|
|
44
|
-
}
|
|
45
|
-
toHdf() {
|
|
46
44
|
if (!_.has(this.data, 'results')) {
|
|
47
45
|
this.data = { results: [this.data] };
|
|
48
46
|
}
|
|
47
|
+
}
|
|
48
|
+
toHdf() {
|
|
49
49
|
return new TwistlockMapper(this.data, this.withRaw).toHdf();
|
|
50
50
|
}
|
|
51
51
|
}
|
|
@@ -115,9 +115,7 @@ class TwistlockMapper extends base_converter_1.BaseConverter {
|
|
|
115
115
|
transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
|
|
116
116
|
},
|
|
117
117
|
code: {
|
|
118
|
-
transformer: (vulnerability) =>
|
|
119
|
-
return JSON.stringify(vulnerability, null, 2);
|
|
120
|
-
}
|
|
118
|
+
transformer: (vulnerability) => JSON.stringify(vulnerability, null, 2)
|
|
121
119
|
},
|
|
122
120
|
results: [
|
|
123
121
|
{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"twistlock-mapper.js","sourceRoot":"","sources":["../../src/twistlock-mapper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAkC;AAClC,0CAA4B;AAC5B,kDAAgE;AAChE,qDAK0B;AAC1B,2CAGwB;AAExB,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,WAAW,EAAE,GAAG,CAAC;IAClB,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,KAAK,EAAE,GAAG,CAAC;CACb,CAAC,CAAC;AAEH,MAAa,gBAAgB;IAG3B,YAAY,aAAqB,EAAE,OAAO,GAAG,KAAK;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"twistlock-mapper.js","sourceRoot":"","sources":["../../src/twistlock-mapper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAkC;AAClC,0CAA4B;AAC5B,kDAAgE;AAChE,qDAK0B;AAC1B,2CAGwB;AAExB,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,WAAW,EAAE,GAAG,CAAC;IAClB,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,KAAK,EAAE,GAAG,CAAC;CACb,CAAC,CAAC;AAEH,MAAa,gBAAgB;IAG3B,YAAY,aAAqB,EAAE,OAAO,GAAG,KAAK;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAGvB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE;YAChC,IAAI,CAAC,IAAI,GAAG,EAAC,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAC,CAAC;SACpC;IACH,CAAC;IAED,KAAK;QACH,OAAO,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;IAC9D,CAAC;CACF;AAhBD,4CAgBC;AAED,MAAa,eAAgB,SAAQ,8BAAa;IAuIhD,YAAY,aAAsC,EAAE,OAAO,GAAG,KAAK;QACjE,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QArI7B,aAAQ,GAGJ;YACF,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAC,IAAI,EAAE,CAAC,iBAAiB,EAAE,uBAAuB,CAAC,EAAC;aAChE;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,gBAAgB;oBACtB,KAAK,EAAE;wBACL,WAAW,EAAE,CAAC,IAA6B,EAAU,EAAE;4BACrD,IAAI,UAAU,GAAY,KAAK,CAAC;4BAChC,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE;gCAC9B,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;6BACzC;4BACD,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE;gCAC7B,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;6BACxC;4BACD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;gCAC3C,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC;gCACxB,CAAC,CAAC,UAAU,CAAC;4BACf,OAAO,sBAAsB,WAAW,EAAE,CAAC;wBAC7C,CAAC;qBACF;oBACD,OAAO,EAAE;wBACP,WAAW,EAAE,CAAC,IAA6B,EAAU,EAAE;4BACrD,MAAM,kBAAkB,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,2BAA2B,CAAC;gCACjE,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CACf,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,iCAAiC,CAAC,CAC/C,EAAE;gCACL,CAAC,CAAC,KAAK,CAAC;4BACV,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC;gCAC3D,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,8BAA8B,CAAC,CAAC,EAAE;gCAClE,CAAC,CAAC,KAAK,CAAC;4BACV,OAAO,kCAAkC,kBAAkB,wCAAwC,eAAe,EAAE,CAAC;wBACvH,CAAC;qBACF;oBACD,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,iBAAiB;4BACvB,GAAG,EAAE,IAAI;4BACT,aAAa,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;4BAC7D,IAAI,EAAE;gCACJ,IAAI,EAAE,6CAAoC;gCAC1C,GAAG,EAAE,IAAA,2BAAkB,EAAC,6CAAoC,CAAC;gCAC7D,KAAK,EAAE,EAAC,IAAI,EAAE,IAAI,EAAC;6BACpB;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,KAAK,EAAE,EAAC,IAAI,EAAE,IAAI,EAAC;4BACnB,EAAE,EAAE,EAAC,IAAI,EAAE,IAAI,EAAC;4BAChB,IAAI,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;4BAC3B,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,aAAsC,EAAU,EAAE,CAC9D,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;6BACzC;4BACD,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE;wCACT,WAAW,EAAE,CAAC,IAA6B,EAAU,EAAE;4CACrD,MAAM,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC;gDAC5C,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,EAAE;gDACjD,CAAC,CAAC,KAAK,CAAC;4CACV,MAAM,gBAAgB,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC;gDACtD,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,EAAE;gDACtD,CAAC,CAAC,KAAK,CAAC;4CACV,OAAO,WAAW,WAAW,gEAAgE,gBAAgB,EAAE,CAAC;wCAClH,CAAC;qCACF;oCACD,OAAO,EAAE;wCACP,WAAW,EAAE,CAAC,IAA6B,EAAU,EAAE;4CACrD,MAAM,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC;gDAC5C,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,EAAE;gDACjD,CAAC,CAAC,KAAK,CAAC;4CACV,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,gBAAgB,CAAC;gDAClD,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC,EAAE;gDACpD,CAAC,CAAC,KAAK,CAAC;4CACV,OAAO,8BAA8B,WAAW,iCAAiC,cAAc,OAAO,WAAW,EAAE,CAAC;wCACtH,CAAC;qCACF;oCACD,UAAU,EAAE,EAAC,IAAI,EAAE,gBAAgB,EAAC;iCACrC;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;YACD,WAAW,EAAE;gBACX,WAAW,EAAE,CAAC,IAA6B,EAA2B,EAAE;oBACtE,IAAI,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;oBACzC,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;wBAC9B,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,MAA+B,EAAE,EAAE,CAChE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE;4BACb,MAAM;4BACN,aAAa;4BACb,wBAAwB;4BACxB,iBAAiB;4BACjB,2BAA2B;yBAC5B,CAAC,CACH,CAAC;qBACH;oBACD,OAAO;wBACL,cAAc,EAAE;4BACd;gCACE,IAAI,EAAE,WAAW;gCACjB,IAAI,EAAE;oCACJ,OAAO,EAAE,WAAW;oCACpB,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC;iCACtC;6BACF;yBACF;wBACD,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAC,GAAG,EAAE,IAAI,EAAC,CAAC;qBACjC,CAAC;gBACJ,CAAC;aACF;SACF,CAAC;QAGA,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AA3ID,0CA2IC"}
|
|
@@ -38,6 +38,7 @@ var INPUT_TYPES;
|
|
|
38
38
|
INPUT_TYPES["MSFT_SEC_SCORE"] = "msft_secure_score";
|
|
39
39
|
INPUT_TYPES["NIKTO"] = "nikto";
|
|
40
40
|
INPUT_TYPES["SARIF"] = "sarif";
|
|
41
|
+
INPUT_TYPES["CYCLONEDX_SBOM"] = "cyclonedx_sbom";
|
|
41
42
|
INPUT_TYPES["SNYK"] = "snyk";
|
|
42
43
|
INPUT_TYPES["TRUFFLEHOG"] = "trufflehog";
|
|
43
44
|
INPUT_TYPES["TWISTLOCK"] = "twistlock";
|
|
@@ -98,7 +99,8 @@ const fileTypeFingerprints = {
|
|
|
98
99
|
[INPUT_TYPES.SCOUTSUITE]: [],
|
|
99
100
|
[INPUT_TYPES.NOT_FOUND]: [],
|
|
100
101
|
[INPUT_TYPES.VERACODE]: [],
|
|
101
|
-
[INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues']
|
|
102
|
+
[INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'],
|
|
103
|
+
[INPUT_TYPES.CYCLONEDX_SBOM]: ['bomFormat', 'metadata', 'specVersion']
|
|
102
104
|
};
|
|
103
105
|
function fingerprint(guessOptions) {
|
|
104
106
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fingerprinting.js","sourceRoot":"","sources":["../../../src/utils/fingerprinting.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA4B;AAE5B,IAAY,
|
|
1
|
+
{"version":3,"file":"fingerprinting.js","sourceRoot":"","sources":["../../../src/utils/fingerprinting.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA4B;AAE5B,IAAY,WAyBX;AAzBD,WAAY,WAAW;IACrB,4BAAa,CAAA;IACb,4BAAa,CAAA;IACb,sCAAuB,CAAA;IACvB,oCAAqB,CAAA;IACrB,kCAAmB,CAAA;IACnB,8BAAe,CAAA;IACf,wCAAyB,CAAA;IACzB,8BAAe,CAAA;IACf,mDAAoC,CAAA;IACpC,8BAAe,CAAA;IACf,8BAAe,CAAA;IACf,gDAAiC,CAAA;IACjC,4BAAa,CAAA;IACb,wCAAyB,CAAA;IACzB,sCAAuB,CAAA;IACvB,0BAAW,CAAA;IACX,gCAAiB,CAAA;IACjB,8BAAe,CAAA;IACf,wCAAyB,CAAA;IACzB,wCAAyB,CAAA;IACzB,uCAAwB,CAAA;IACxB,gCAAiB,CAAA;IACjB,oCAAqB,CAAA;IACrB,6BAAc,CAAA;AAChB,CAAC,EAzBW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAyBtB;AAGD,MAAM,oBAAoB,GAAkC;IAC1D,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,YAAY,CAAC;IAC9D,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,mBAAmB,EAAE,cAAc,CAAC;IAC7D,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,+BAA+B,EAAE,WAAW,CAAC;IAC7E,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;QACxB,aAAa;QACb,SAAS;QACT,QAAQ;QACR,cAAc;KACf;IACD,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,CAAC;IAC5C,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;IACzD,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,CAAC;IACxE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;IACnD,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE;QAClB,aAAa;QACb,QAAQ;QACR,SAAS;QACT,iBAAiB;QACjB,gCAAgC;KACjC;IACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;QACxB,YAAY;QACZ,cAAc;QACd,cAAc;QACd,aAAa;KACd;IACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;QACvB,mCAAmC;QACnC,sCAAsC;QACtC,wBAAwB;QACxB,mBAAmB;QACnB,UAAU;QACV,wBAAwB;QACxB,2BAA2B;KAC5B;IACD,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC;IAErD,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE;IACtB,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE;IAC3B,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE;IACxB,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE;IACxB,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE;IAC5B,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE;IACvB,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE;IAC5B,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE;IAC5B,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE;IAC3B,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE;IAC1B,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,EAAE,QAAQ,CAAC;IAChD,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,aAAa,CAAC;CACvE,CAAC;AAEF,SAAgB,WAAW,CAAC,YAG3B;IACC,IAAI;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAE1D,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAC/D,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACP,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;gBACxD,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;gBACnD,CAAC,CAAC,EAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,EAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC;oBACJ,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;iBAC3D,CAAC;QACR,CAAC,CAC4C,CAAC;QAChD,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,aAAa,CAAC,KAAK,KAAK,CAAC,EAAE;YAC7B,OAAO,MAAM,CAAC;SACf;KACF;IAAC,MAAM;QACN,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAExD,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;YAC3D,OAAO,WAAW,CAAC,MAAM,CAAC;SAC3B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC;YAC/C,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAC3D;YACA,OAAO,WAAW,CAAC,KAAK,CAAC;SAC1B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC;YACrD,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAClD;YACA,OAAO,WAAW,CAAC,UAAU,CAAC;SAC/B;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;YAChE,OAAO,WAAW,CAAC,OAAO,CAAC;SAC5B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAClD,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EACnD;YACA,OAAO,WAAW,CAAC,IAAI,CAAC;SACzB;aAAM,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE;YACjE,OAAO,WAAW,CAAC,IAAI,CAAC;SACzB;aAAM,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE;YACjE,OAAO,WAAW,CAAC,UAAU,CAAC;SAC/B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAC1C;YACA,OAAO,WAAW,CAAC,UAAU,CAAC;SAC/B;aAAM,IACL,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YAClC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;YACvC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC9B,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAClC;YACA,OAAO,WAAW,CAAC,MAAM,CAAC;SAC3B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAClD;YACA,OAAO,WAAW,CAAC,QAAQ,CAAC;SAC7B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC/C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC3C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAC/C;YACA,OAAO,WAAW,CAAC,SAAS,CAAC;SAC9B;KACF;IACD,OAAO,WAAW,CAAC,SAAS,CAAC;AAC/B,CAAC;AA/ED,kCA+EC"}
|
|
@@ -11,3 +11,4 @@ export declare function getDescription(descriptions: {
|
|
|
11
11
|
export declare function getCCIsForNISTTags(nistTags: string[]): string[];
|
|
12
12
|
export declare function conditionallyProvideAttribute(attributeName: string, attribute: unknown, condition: boolean): Record<string, unknown> | undefined;
|
|
13
13
|
export declare function ensureContextualizedEvaluation(data: ExecJSON.Execution | ContextualizedEvaluation): ContextualizedEvaluation;
|
|
14
|
+
export declare function filterString(input: string): string | undefined;
|
package/lib/src/utils/global.js
CHANGED
|
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.ensureContextualizedEvaluation = exports.conditionallyProvideAttribute = exports.getCCIsForNISTTags = exports.getDescription = exports.createWinstonLogger = exports.FROM_ASFF_TYPES_SLASH_REPLACEMENT = exports.DEFAULT_INFORMATION_SYSTEM_COMPONENT_MANAGEMENT_NIST_TAGS = exports.DEFAULT_UPDATE_REMEDIATION_NIST_TAGS = exports.DEFAULT_STATIC_CODE_ANALYSIS_CCI_TAGS = exports.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS = void 0;
|
|
26
|
+
exports.filterString = exports.ensureContextualizedEvaluation = exports.conditionallyProvideAttribute = exports.getCCIsForNISTTags = exports.getDescription = exports.createWinstonLogger = exports.FROM_ASFF_TYPES_SLASH_REPLACEMENT = exports.DEFAULT_INFORMATION_SYSTEM_COMPONENT_MANAGEMENT_NIST_TAGS = exports.DEFAULT_UPDATE_REMEDIATION_NIST_TAGS = exports.DEFAULT_STATIC_CODE_ANALYSIS_CCI_TAGS = exports.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS = void 0;
|
|
27
27
|
const inspecjs_1 = require("inspecjs");
|
|
28
28
|
const _ = __importStar(require("lodash"));
|
|
29
29
|
const winston_1 = require("winston");
|
|
@@ -86,4 +86,8 @@ function ensureContextualizedEvaluation(data) {
|
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
exports.ensureContextualizedEvaluation = ensureContextualizedEvaluation;
|
|
89
|
+
function filterString(input) {
|
|
90
|
+
return input || undefined;
|
|
91
|
+
}
|
|
92
|
+
exports.filterString = filterString;
|
|
89
93
|
//# sourceMappingURL=global.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"global.js","sourceRoot":"","sources":["../../../src/utils/global.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAIkB;AAClB,0CAA4B;AAC5B,qCAAyD;AACzD,uEAA0E;AAI7D,QAAA,sCAAsC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAE3D,QAAA,qCAAqC,GAChD,8CAAsC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,yBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;AAIlE,QAAA,oCAAoC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAGxD,QAAA,yDAAyD,GAAG;IACvE,MAAM;CACP,CAAC;AAGW,QAAA,iCAAiC,GAAG,eAAe,CAAC;AAEjE,SAAgB,mBAAmB,CAAC,UAAkB,EAAE,KAAK,GAAG,OAAO;IACrE,OAAO,IAAA,sBAAY,EAAC;QAClB,UAAU,EAAE,CAAC,IAAI,oBAAU,CAAC,OAAO,EAAE,CAAC;QACtC,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,gBAAM,CAAC,OAAO,CACpB,gBAAM,CAAC,SAAS,CAAC;YACf,MAAM,EAAE,wBAAwB;SACjC,CAAC,EACF,gBAAM,CAAC,MAAM,CACX,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,CAChE,CACF;KACF,CAAC,CAAC;AACL,CAAC;AAbD,kDAaC;AAGD,SAAgB,cAAc,CAC5B,YAIiC,EACjC,GAAW;;IAEX,IAAI,KAAyB,CAAC;IAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;QAC/B,KAAK,GAAG,MAAA,YAAY,CAAC,IAAI,CACvB,CAAC,WAAwC,EAAE,EAAE,CAC3C,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,GAAG,CAC1C,0CAAE,IAAI,CAAC;KACT;SAAM;QACL,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;KAClC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAnBD,wCAmBC;AAED,SAAgB,kBAAkB,CAAC,QAAkB;IACnD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,IACE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YACtB,OAAO,CAAC,MAAM,GAAG,CAAC;YAClB,OAAO,CAAC,CAAC,CAAC,IAAI,yBAAkB,EAChC;YACA,OAAO,CAAC,IAAI,CAAC,GAAG,yBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACjD;KACF;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAbD,gDAaC;AAGD,SAAgB,6BAA6B,CAC3C,aAAqB,EACrB,SAAkB,EAClB,SAAkB;IAElB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,SAAS,CAAC;KAClB;IACD,OAAO,EAAC,CAAC,aAAa,CAAC,EAAE,SAAS,EAAC,CAAC;AACtC,CAAC;AATD,sEASC;AAED,SAAgB,8BAA8B,CAC5C,IAAmD;IAEnD,IAAI,UAAU,IAAI,IAAI,EAAE;QACtB,OAAO,IAAI,CAAC;KACb;SAAM;QACL,OAAO,IAAA,kCAAuB,EAAC,IAAI,CAAC,CAAC;KACtC;AACH,CAAC;AARD,wEAQC"}
|
|
1
|
+
{"version":3,"file":"global.js","sourceRoot":"","sources":["../../../src/utils/global.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAIkB;AAClB,0CAA4B;AAC5B,qCAAyD;AACzD,uEAA0E;AAI7D,QAAA,sCAAsC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAE3D,QAAA,qCAAqC,GAChD,8CAAsC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,yBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;AAIlE,QAAA,oCAAoC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAGxD,QAAA,yDAAyD,GAAG;IACvE,MAAM;CACP,CAAC;AAGW,QAAA,iCAAiC,GAAG,eAAe,CAAC;AAEjE,SAAgB,mBAAmB,CAAC,UAAkB,EAAE,KAAK,GAAG,OAAO;IACrE,OAAO,IAAA,sBAAY,EAAC;QAClB,UAAU,EAAE,CAAC,IAAI,oBAAU,CAAC,OAAO,EAAE,CAAC;QACtC,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,gBAAM,CAAC,OAAO,CACpB,gBAAM,CAAC,SAAS,CAAC;YACf,MAAM,EAAE,wBAAwB;SACjC,CAAC,EACF,gBAAM,CAAC,MAAM,CACX,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,CAChE,CACF;KACF,CAAC,CAAC;AACL,CAAC;AAbD,kDAaC;AAGD,SAAgB,cAAc,CAC5B,YAIiC,EACjC,GAAW;;IAEX,IAAI,KAAyB,CAAC;IAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;QAC/B,KAAK,GAAG,MAAA,YAAY,CAAC,IAAI,CACvB,CAAC,WAAwC,EAAE,EAAE,CAC3C,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,GAAG,CAC1C,0CAAE,IAAI,CAAC;KACT;SAAM;QACL,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;KAClC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAnBD,wCAmBC;AAED,SAAgB,kBAAkB,CAAC,QAAkB;IACnD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;QAC9B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/C,IACE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YACtB,OAAO,CAAC,MAAM,GAAG,CAAC;YAClB,OAAO,CAAC,CAAC,CAAC,IAAI,yBAAkB,EAChC;YACA,OAAO,CAAC,IAAI,CAAC,GAAG,yBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACjD;KACF;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAbD,gDAaC;AAGD,SAAgB,6BAA6B,CAC3C,aAAqB,EACrB,SAAkB,EAClB,SAAkB;IAElB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,SAAS,CAAC;KAClB;IACD,OAAO,EAAC,CAAC,aAAa,CAAC,EAAE,SAAS,EAAC,CAAC;AACtC,CAAC;AATD,sEASC;AAED,SAAgB,8BAA8B,CAC5C,IAAmD;IAEnD,IAAI,UAAU,IAAI,IAAI,EAAE;QACtB,OAAO,IAAI,CAAC;KACb;SAAM;QACL,OAAO,IAAA,kCAAuB,EAAC,IAAI,CAAC,CAAC;KACtC;AACH,CAAC;AARD,wEAQC;AAGD,SAAgB,YAAY,CAAC,KAAa;IACxC,OAAO,KAAK,IAAI,SAAS,CAAC;AAC5B,CAAC;AAFD,oCAEC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mitre/hdf-converters",
|
|
3
|
-
"version": "2.10.
|
|
3
|
+
"version": "2.10.15",
|
|
4
4
|
"license": "Apache-2.0",
|
|
5
5
|
"description": "Converter util library used to transform various scan results into HDF format",
|
|
6
6
|
"files": [
|
|
@@ -26,6 +26,7 @@
|
|
|
26
26
|
},
|
|
27
27
|
"dependencies": {
|
|
28
28
|
"@aws-sdk/client-config-service": "^3.95.0",
|
|
29
|
+
"@cyclonedx/cyclonedx-library": "^6.11.0",
|
|
29
30
|
"@e965/xlsx": "^0.20.0",
|
|
30
31
|
"@mdi/js": "^7.0.96",
|
|
31
32
|
"@microsoft/microsoft-graph-types": "^2.40.0",
|