@mitre/hdf-converters 2.10.17 → 2.10.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +29 -27
- package/lib/index.d.ts +12 -11
- package/lib/index.js +15 -14
- package/lib/index.js.map +1 -1
- package/lib/package.json +1 -1
- package/lib/src/neuvector-mapper.d.ts +13 -0
- package/lib/src/neuvector-mapper.js +171 -0
- package/lib/src/neuvector-mapper.js.map +1 -0
- package/lib/src/utils/fingerprinting.d.ts +1 -0
- package/lib/src/utils/fingerprinting.js +24 -14
- package/lib/src/utils/fingerprinting.js.map +1 -1
- package/lib/types/neuvector-types.d.ts +104 -0
- package/lib/types/neuvector-types.js +3 -0
- package/lib/types/neuvector-types.js.map +1 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -6,33 +6,35 @@ OHDF Converters supplies several methods to convert various types of security to
|
|
|
6
6
|
|
|
7
7
|
## Supported Formats
|
|
8
8
|
|
|
9
|
-
1. [**
|
|
10
|
-
2. [**
|
|
11
|
-
3. [**
|
|
12
|
-
4. [**
|
|
13
|
-
5. [**
|
|
14
|
-
6. [**
|
|
15
|
-
7. [**
|
|
16
|
-
8. [**
|
|
17
|
-
9. [**
|
|
18
|
-
10. [**
|
|
19
|
-
11. [**
|
|
20
|
-
12. [**
|
|
21
|
-
13. [**
|
|
22
|
-
14. [**
|
|
23
|
-
15. [**
|
|
24
|
-
16. [**
|
|
25
|
-
17. [**
|
|
26
|
-
18. [**
|
|
27
|
-
19. [**
|
|
28
|
-
20. [**
|
|
29
|
-
21. [**
|
|
30
|
-
22. [**
|
|
31
|
-
23. [**
|
|
32
|
-
24. [**
|
|
33
|
-
25. [**
|
|
34
|
-
26. [**
|
|
35
|
-
27. [**
|
|
9
|
+
1. [**anchore-grype-mapper**] - Anchore Grype container security scanning results file
|
|
10
|
+
2. [**asff-mapper**] - AWS Security Finding Format JSON file, Prowler-derived AWS Security Finding Format results from concatenated JSON blobs, and Trivy-derived AWS Security Finding Format results from concatenated JSON blobs
|
|
11
|
+
3. [**aws-config-mapper**] - AWS Config
|
|
12
|
+
4. [**burpsuite-mapper**] - BurpSuite Pro XML file
|
|
13
|
+
5. [**caat-mapper**] - Compliance Assessment and Audit Tracking (CAAT) file
|
|
14
|
+
6. [**checklist-mapper**] - Checlist Mapper format
|
|
15
|
+
7. [**conveyor-mapper**] - Conveyor JSON file
|
|
16
|
+
8. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file
|
|
17
|
+
9. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format
|
|
18
|
+
10. [**fortify-mapper**] - Fortify results FVDL file
|
|
19
|
+
11. [**gosec-mapper**] - gosec results JSON file
|
|
20
|
+
12. [**ionchannel-mapper**] - SBOM data from Ion Channel
|
|
21
|
+
13. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
|
|
22
|
+
14. [**msft-secure-mapper**] - Microsoft Secure Score results file
|
|
23
|
+
15. [**nessus-mapper**] - Nessus XML results file
|
|
24
|
+
16. [**netsparker-mapper**] - Netsparker XML results file
|
|
25
|
+
17. [**neuvector-mapper**] - NeuVector JSON results file
|
|
26
|
+
18. [**nikto-mapper**] - Nikto results JSON file
|
|
27
|
+
19. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
|
|
28
|
+
20. [**sarif-mapper**] - SARIF JSON file
|
|
29
|
+
21. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
|
|
30
|
+
22. [**snyk-mapper**] - Snyk results JSON file
|
|
31
|
+
23. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
|
|
32
|
+
24. [**splunk-mapper**] - Splunk instance
|
|
33
|
+
25. [**trufflehog-mapper**] - Trufflehog results json file
|
|
34
|
+
26. [**twistlock-mapper**] - Twistlock CLI output file
|
|
35
|
+
27. [**veracode-mapper**] - Veracode Scan Results XML file
|
|
36
|
+
28. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
|
|
37
|
+
29. [**zap-mapper**] - OWASP ZAP results JSON
|
|
36
38
|
|
|
37
39
|
### NOTICE
|
|
38
40
|
|
package/lib/index.d.ts
CHANGED
|
@@ -1,37 +1,38 @@
|
|
|
1
1
|
export { ASFFResults } from './src/asff-mapper/asff-mapper';
|
|
2
|
+
export * as AwsConfigMappingData from './src/mappings/AwsConfigMappingData';
|
|
3
|
+
export * as CciNistMappingData from './src/mappings/CciNistMappingData';
|
|
4
|
+
export * as CweNistMappingData from './src/mappings/CweNistMappingData';
|
|
5
|
+
export * as NessusPluginNistMappingData from './src/mappings/NessusPluginNistMappingData';
|
|
6
|
+
export * as NiktoNistMappingData from './src/mappings/NiktoNistMappingData';
|
|
7
|
+
export * as NistCciMappingData from './src/mappings/NistCciMappingData';
|
|
8
|
+
export * as OWaspNistMappingData from './src/mappings/OWaspNistMappingData';
|
|
9
|
+
export * as ScoutsuiteNistMappingData from './src/mappings/ScoutsuiteNistMappingData';
|
|
2
10
|
export * from './src/anchore-grype-mapper';
|
|
3
11
|
export * from './src/aws-config-mapper';
|
|
4
12
|
export * from './src/burpsuite-mapper';
|
|
5
|
-
export * from './src/ckl-mapper/checklist-mapper';
|
|
6
|
-
export * from './src/ckl-mapper/checklistJsonix';
|
|
7
13
|
export * from './src/ckl-mapper/checklist-jsonix-converter';
|
|
14
|
+
export * from './src/ckl-mapper/checklist-mapper';
|
|
8
15
|
export * from './src/ckl-mapper/checklist-metadata-utils';
|
|
16
|
+
export * from './src/ckl-mapper/checklistJsonix';
|
|
9
17
|
export * from './src/converters-from-hdf/asff/reverse-asff-mapper';
|
|
10
18
|
export * from './src/converters-from-hdf/caat/reverse-caat-mapper';
|
|
11
19
|
export * from './src/converters-from-hdf/html/reverse-html-mapper';
|
|
12
20
|
export * from './src/converters-from-hdf/splunk/reverse-splunk-mapper';
|
|
13
21
|
export * from './src/converters-from-hdf/xccdf/reverse-xccdf-mapper';
|
|
14
22
|
export * from './src/conveyor-mapper';
|
|
23
|
+
export * from './src/cyclonedx-sbom-mapper';
|
|
15
24
|
export * from './src/dbprotect-mapper';
|
|
16
25
|
export * from './src/fortify-mapper';
|
|
17
26
|
export * from './src/gosec-mapper';
|
|
18
27
|
export * from './src/ionchannel-mapper';
|
|
19
28
|
export * from './src/jfrog-xray-mapper';
|
|
20
|
-
export * as AwsConfigMappingData from './src/mappings/AwsConfigMappingData';
|
|
21
|
-
export * as CciNistMappingData from './src/mappings/CciNistMappingData';
|
|
22
|
-
export * as CweNistMappingData from './src/mappings/CweNistMappingData';
|
|
23
|
-
export * as NessusPluginNistMappingData from './src/mappings/NessusPluginNistMappingData';
|
|
24
|
-
export * as NiktoNistMappingData from './src/mappings/NiktoNistMappingData';
|
|
25
|
-
export * as NistCciMappingData from './src/mappings/NistCciMappingData';
|
|
26
|
-
export * as OWaspNistMappingData from './src/mappings/OWaspNistMappingData';
|
|
27
|
-
export * as ScoutsuiteNistMappingData from './src/mappings/ScoutsuiteNistMappingData';
|
|
28
29
|
export * from './src/msft-secure-score-mapper';
|
|
29
30
|
export * from './src/nessus-mapper';
|
|
30
31
|
export * from './src/netsparker-mapper';
|
|
32
|
+
export * from './src/neuvector-mapper';
|
|
31
33
|
export * from './src/nikto-mapper';
|
|
32
34
|
export * from './src/prisma-mapper';
|
|
33
35
|
export * from './src/sarif-mapper';
|
|
34
|
-
export * from './src/cyclonedx-sbom-mapper';
|
|
35
36
|
export * from './src/scoutsuite-mapper';
|
|
36
37
|
export * from './src/snyk-mapper';
|
|
37
38
|
export * from './src/sonarqube-mapper';
|
package/lib/index.js
CHANGED
|
@@ -15,9 +15,6 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
|
|
|
15
15
|
}) : function(o, v) {
|
|
16
16
|
o["default"] = v;
|
|
17
17
|
});
|
|
18
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
19
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
20
|
-
};
|
|
21
18
|
var __importStar = (this && this.__importStar) || function (mod) {
|
|
22
19
|
if (mod && mod.__esModule) return mod;
|
|
23
20
|
var result = {};
|
|
@@ -25,43 +22,47 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
25
22
|
__setModuleDefault(result, mod);
|
|
26
23
|
return result;
|
|
27
24
|
};
|
|
25
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
26
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
27
|
+
};
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
29
|
exports.ScoutsuiteNistMappingData = exports.OWaspNistMappingData = exports.NistCciMappingData = exports.NiktoNistMappingData = exports.NessusPluginNistMappingData = exports.CweNistMappingData = exports.CciNistMappingData = exports.AwsConfigMappingData = exports.ASFFResults = void 0;
|
|
30
30
|
var asff_mapper_1 = require("./src/asff-mapper/asff-mapper");
|
|
31
31
|
Object.defineProperty(exports, "ASFFResults", { enumerable: true, get: function () { return asff_mapper_1.ASFFResults; } });
|
|
32
|
+
exports.AwsConfigMappingData = __importStar(require("./src/mappings/AwsConfigMappingData"));
|
|
33
|
+
exports.CciNistMappingData = __importStar(require("./src/mappings/CciNistMappingData"));
|
|
34
|
+
exports.CweNistMappingData = __importStar(require("./src/mappings/CweNistMappingData"));
|
|
35
|
+
exports.NessusPluginNistMappingData = __importStar(require("./src/mappings/NessusPluginNistMappingData"));
|
|
36
|
+
exports.NiktoNistMappingData = __importStar(require("./src/mappings/NiktoNistMappingData"));
|
|
37
|
+
exports.NistCciMappingData = __importStar(require("./src/mappings/NistCciMappingData"));
|
|
38
|
+
exports.OWaspNistMappingData = __importStar(require("./src/mappings/OWaspNistMappingData"));
|
|
39
|
+
exports.ScoutsuiteNistMappingData = __importStar(require("./src/mappings/ScoutsuiteNistMappingData"));
|
|
32
40
|
__exportStar(require("./src/anchore-grype-mapper"), exports);
|
|
33
41
|
__exportStar(require("./src/aws-config-mapper"), exports);
|
|
34
42
|
__exportStar(require("./src/burpsuite-mapper"), exports);
|
|
35
|
-
__exportStar(require("./src/ckl-mapper/checklist-mapper"), exports);
|
|
36
|
-
__exportStar(require("./src/ckl-mapper/checklistJsonix"), exports);
|
|
37
43
|
__exportStar(require("./src/ckl-mapper/checklist-jsonix-converter"), exports);
|
|
44
|
+
__exportStar(require("./src/ckl-mapper/checklist-mapper"), exports);
|
|
38
45
|
__exportStar(require("./src/ckl-mapper/checklist-metadata-utils"), exports);
|
|
46
|
+
__exportStar(require("./src/ckl-mapper/checklistJsonix"), exports);
|
|
39
47
|
__exportStar(require("./src/converters-from-hdf/asff/reverse-asff-mapper"), exports);
|
|
40
48
|
__exportStar(require("./src/converters-from-hdf/caat/reverse-caat-mapper"), exports);
|
|
41
49
|
__exportStar(require("./src/converters-from-hdf/html/reverse-html-mapper"), exports);
|
|
42
50
|
__exportStar(require("./src/converters-from-hdf/splunk/reverse-splunk-mapper"), exports);
|
|
43
51
|
__exportStar(require("./src/converters-from-hdf/xccdf/reverse-xccdf-mapper"), exports);
|
|
44
52
|
__exportStar(require("./src/conveyor-mapper"), exports);
|
|
53
|
+
__exportStar(require("./src/cyclonedx-sbom-mapper"), exports);
|
|
45
54
|
__exportStar(require("./src/dbprotect-mapper"), exports);
|
|
46
55
|
__exportStar(require("./src/fortify-mapper"), exports);
|
|
47
56
|
__exportStar(require("./src/gosec-mapper"), exports);
|
|
48
57
|
__exportStar(require("./src/ionchannel-mapper"), exports);
|
|
49
58
|
__exportStar(require("./src/jfrog-xray-mapper"), exports);
|
|
50
|
-
exports.AwsConfigMappingData = __importStar(require("./src/mappings/AwsConfigMappingData"));
|
|
51
|
-
exports.CciNistMappingData = __importStar(require("./src/mappings/CciNistMappingData"));
|
|
52
|
-
exports.CweNistMappingData = __importStar(require("./src/mappings/CweNistMappingData"));
|
|
53
|
-
exports.NessusPluginNistMappingData = __importStar(require("./src/mappings/NessusPluginNistMappingData"));
|
|
54
|
-
exports.NiktoNistMappingData = __importStar(require("./src/mappings/NiktoNistMappingData"));
|
|
55
|
-
exports.NistCciMappingData = __importStar(require("./src/mappings/NistCciMappingData"));
|
|
56
|
-
exports.OWaspNistMappingData = __importStar(require("./src/mappings/OWaspNistMappingData"));
|
|
57
|
-
exports.ScoutsuiteNistMappingData = __importStar(require("./src/mappings/ScoutsuiteNistMappingData"));
|
|
58
59
|
__exportStar(require("./src/msft-secure-score-mapper"), exports);
|
|
59
60
|
__exportStar(require("./src/nessus-mapper"), exports);
|
|
60
61
|
__exportStar(require("./src/netsparker-mapper"), exports);
|
|
62
|
+
__exportStar(require("./src/neuvector-mapper"), exports);
|
|
61
63
|
__exportStar(require("./src/nikto-mapper"), exports);
|
|
62
64
|
__exportStar(require("./src/prisma-mapper"), exports);
|
|
63
65
|
__exportStar(require("./src/sarif-mapper"), exports);
|
|
64
|
-
__exportStar(require("./src/cyclonedx-sbom-mapper"), exports);
|
|
65
66
|
__exportStar(require("./src/scoutsuite-mapper"), exports);
|
|
66
67
|
__exportStar(require("./src/snyk-mapper"), exports);
|
|
67
68
|
__exportStar(require("./src/sonarqube-mapper"), exports);
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6DAA0D;AAAlD,0GAAA,WAAW,OAAA;AACnB,6DAA2C;AAC3C,0DAAwC;AACxC,yDAAuC;AACvC,oEAAkD;AAClD,mEAAiD;AACjD,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6DAA0D;AAAlD,0GAAA,WAAW,OAAA;AACnB,4FAA4E;AAC5E,wFAAwE;AACxE,wFAAwE;AACxE,0GAA0F;AAC1F,4FAA4E;AAC5E,wFAAwE;AACxE,4FAA4E;AAC5E,sGAAsF;AACtF,6DAA2C;AAC3C,0DAAwC;AACxC,yDAAuC;AACvC,8EAA4D;AAC5D,oEAAkD;AAClD,4EAA0D;AAC1D,mEAAiD;AACjD,qFAAmE;AACnE,qFAAmE;AACnE,qFAAmE;AACnE,yFAAuE;AACvE,uFAAqE;AACrE,wDAAsC;AACtC,8DAA4C;AAC5C,yDAAuC;AACvC,uDAAqC;AACrC,qDAAmC;AACnC,0DAAwC;AACxC,0DAAwC;AACxC,iEAA+C;AAC/C,sDAAoC;AACpC,0DAAwC;AACxC,yDAAuC;AACvC,qDAAmC;AACnC,sDAAoC;AACpC,qDAAmC;AACnC,0DAAwC;AACxC,oDAAkC;AAClC,yDAAuC;AACvC,sDAAoC;AACpC,0DAAwC;AACxC,yDAAuC;AACvC,2DAAyC;AACzC,yDAAuC;AACvC,6DAA2C;AAC3C,wDAAsC;AACtC,6DAA2C;AAC3C,mDAAiC"}
|
package/lib/package.json
CHANGED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
import { NeuVectorScanJson, RESTScanModule } from '../types/neuvector-types';
|
|
4
|
+
export declare class NeuVectorMapper extends BaseConverter {
|
|
5
|
+
withRaw: boolean;
|
|
6
|
+
rawData: NeuVectorScanJson;
|
|
7
|
+
getModules: (moduleName: string) => RESTScanModule['source'] | undefined;
|
|
8
|
+
memoizedGetModules(): (moduleName: string) => RESTScanModule['source'] | undefined;
|
|
9
|
+
mappings: MappedTransform<ExecJSON.Execution & {
|
|
10
|
+
passthrough: unknown;
|
|
11
|
+
}, ILookupPath>;
|
|
12
|
+
constructor(exportJson: string, withRaw?: boolean);
|
|
13
|
+
}
|
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.NeuVectorMapper = void 0;
|
|
7
|
+
const inspecjs_1 = require("inspecjs");
|
|
8
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
9
|
+
const package_json_1 = require("../package.json");
|
|
10
|
+
const base_converter_1 = require("./base-converter");
|
|
11
|
+
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
12
|
+
const global_1 = require("./utils/global");
|
|
13
|
+
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
|
|
14
|
+
function cweTags(description) {
|
|
15
|
+
var _a;
|
|
16
|
+
const regex = /CWE-\d{3}/g;
|
|
17
|
+
return (_a = description.match(regex)) !== null && _a !== void 0 ? _a : undefined;
|
|
18
|
+
}
|
|
19
|
+
function nistTags(cweTags) {
|
|
20
|
+
var _a;
|
|
21
|
+
const identifiers = (_a = cweTags === null || cweTags === void 0 ? void 0 : cweTags.map((tag) => tag.slice(-3))) !== null && _a !== void 0 ? _a : [];
|
|
22
|
+
return CWE_NIST_MAPPING.nistFilter(identifiers, global_1.DEFAULT_UPDATE_REMEDIATION_NIST_TAGS);
|
|
23
|
+
}
|
|
24
|
+
function cveIdMatches(cveName) {
|
|
25
|
+
return (cve) => cve.name === cveName;
|
|
26
|
+
}
|
|
27
|
+
class NeuVectorMapper extends base_converter_1.BaseConverter {
|
|
28
|
+
memoizedGetModules() {
|
|
29
|
+
const cache = {};
|
|
30
|
+
return (moduleName) => {
|
|
31
|
+
var _a, _b;
|
|
32
|
+
if (Object.prototype.hasOwnProperty.call(cache, moduleName)) {
|
|
33
|
+
return cache[moduleName];
|
|
34
|
+
}
|
|
35
|
+
cache[moduleName] = (_b = (_a = this.data.report.modules) === null || _a === void 0 ? void 0 : _a.find((value) => value.name === moduleName)) === null || _b === void 0 ? void 0 : _b.source;
|
|
36
|
+
return cache[moduleName];
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
constructor(exportJson, withRaw = false) {
|
|
40
|
+
const rawParams = JSON.parse(exportJson);
|
|
41
|
+
super(rawParams);
|
|
42
|
+
this.mappings = {
|
|
43
|
+
platform: {
|
|
44
|
+
name: 'Heimdall Tools',
|
|
45
|
+
release: package_json_1.version
|
|
46
|
+
},
|
|
47
|
+
version: package_json_1.version,
|
|
48
|
+
statistics: {},
|
|
49
|
+
profiles: [
|
|
50
|
+
{
|
|
51
|
+
name: 'NeuVector Scan',
|
|
52
|
+
title: {
|
|
53
|
+
path: 'report',
|
|
54
|
+
transformer: (data) => `${data.registry}/${data.repository}:${data.tag} - Digest: ${data.digest} - Image ID: ${data.image_id}`
|
|
55
|
+
},
|
|
56
|
+
supports: [],
|
|
57
|
+
attributes: [],
|
|
58
|
+
groups: [],
|
|
59
|
+
status: 'loaded',
|
|
60
|
+
controls: [
|
|
61
|
+
{
|
|
62
|
+
path: 'report.vulnerabilities',
|
|
63
|
+
key: 'id',
|
|
64
|
+
tags: {
|
|
65
|
+
cves: { path: 'cves' },
|
|
66
|
+
cpes: { path: 'cpes' },
|
|
67
|
+
cwe: {
|
|
68
|
+
path: 'description',
|
|
69
|
+
transformer: cweTags
|
|
70
|
+
},
|
|
71
|
+
nist: {
|
|
72
|
+
path: 'description',
|
|
73
|
+
transformer: (description) => nistTags(cweTags(description))
|
|
74
|
+
},
|
|
75
|
+
score: { path: 'score' },
|
|
76
|
+
vectors: { path: 'vectors' },
|
|
77
|
+
vectors_v3: { path: 'vectors_v3' },
|
|
78
|
+
score_v3: { path: 'score_v3' },
|
|
79
|
+
severity: { path: 'severity' },
|
|
80
|
+
source: {
|
|
81
|
+
path: 'package_name',
|
|
82
|
+
transformer: (packageName) => this.getModules(packageName)
|
|
83
|
+
},
|
|
84
|
+
status: {
|
|
85
|
+
path: 'name',
|
|
86
|
+
transformer: (name) => {
|
|
87
|
+
var _a, _b, _c, _d;
|
|
88
|
+
return (_d = (_c = (_b = (_a = this.rawData.report.modules) === null || _a === void 0 ? void 0 : _a.find((module) => { var _a; return (_a = module.cves) === null || _a === void 0 ? void 0 : _a.find(cveIdMatches(name)); })) === null || _b === void 0 ? void 0 : _b.cves) === null || _c === void 0 ? void 0 : _c.find(cveIdMatches(name))) === null || _d === void 0 ? void 0 : _d.status;
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
feed_rating: { path: 'feed_rating' },
|
|
92
|
+
link: { path: 'link' },
|
|
93
|
+
published_timestamp: { path: 'published_timestamp' },
|
|
94
|
+
last_modified_timestamp: { path: 'last_modified_timestamp' },
|
|
95
|
+
in_base_image: { path: 'in_base_image' },
|
|
96
|
+
tags: {
|
|
97
|
+
path: 'tags',
|
|
98
|
+
transformer: (tags) => JSON.stringify(tags, null, 2)
|
|
99
|
+
},
|
|
100
|
+
envs: {
|
|
101
|
+
path: '$.report.envs',
|
|
102
|
+
transformer: (envs) => envs ? envs.join('\n') : undefined
|
|
103
|
+
},
|
|
104
|
+
cmds: {
|
|
105
|
+
path: '$.report.cmds',
|
|
106
|
+
transformer: (cmds) => cmds ? cmds.join('\n') : undefined
|
|
107
|
+
}
|
|
108
|
+
},
|
|
109
|
+
refs: [],
|
|
110
|
+
source_location: { ref: { path: 'file_name' } },
|
|
111
|
+
title: {
|
|
112
|
+
transformer: (data) => `NeuVector found a vulnerability to ${data.name} in ${data.package_name}/${data.package_version}.`
|
|
113
|
+
},
|
|
114
|
+
id: {
|
|
115
|
+
transformer: (data) => `${data.name}/${data.package_name}/${data.package_version}`
|
|
116
|
+
},
|
|
117
|
+
desc: { path: 'description' },
|
|
118
|
+
impact: {
|
|
119
|
+
transformer: (data) => data.score_v3 / 10
|
|
120
|
+
},
|
|
121
|
+
results: [
|
|
122
|
+
{
|
|
123
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
124
|
+
code_desc: '',
|
|
125
|
+
message: {
|
|
126
|
+
transformer: (data) => {
|
|
127
|
+
const { package_name, package_version, fixed_version } = data;
|
|
128
|
+
if (!fixed_version) {
|
|
129
|
+
return `Vulnerable package ${package_name} is at version ${package_version}. No fixed version available.`;
|
|
130
|
+
}
|
|
131
|
+
return `Vulnerable package ${package_name} is at version ${package_version}. Update to fixed version ${fixed_version}.`;
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
start_time: ''
|
|
135
|
+
}
|
|
136
|
+
]
|
|
137
|
+
}
|
|
138
|
+
],
|
|
139
|
+
sha256: ''
|
|
140
|
+
}
|
|
141
|
+
],
|
|
142
|
+
passthrough: {
|
|
143
|
+
transformer: (data) => {
|
|
144
|
+
return {
|
|
145
|
+
auxiliary_data: [
|
|
146
|
+
{
|
|
147
|
+
name: 'NeuVector',
|
|
148
|
+
data: lodash_1.default.omit([
|
|
149
|
+
'reports.vulnerabilities',
|
|
150
|
+
'reports.cmds',
|
|
151
|
+
'reports.envs',
|
|
152
|
+
'reports.registry',
|
|
153
|
+
'reports.repository',
|
|
154
|
+
'reports.tag',
|
|
155
|
+
'reports.digest',
|
|
156
|
+
'reports.image_id'
|
|
157
|
+
])
|
|
158
|
+
}
|
|
159
|
+
],
|
|
160
|
+
...(this.withRaw && { raw: data })
|
|
161
|
+
};
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
};
|
|
165
|
+
this.withRaw = withRaw;
|
|
166
|
+
this.rawData = rawParams;
|
|
167
|
+
this.getModules = this.memoizedGetModules();
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
exports.NeuVectorMapper = NeuVectorMapper;
|
|
171
|
+
//# sourceMappingURL=neuvector-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"neuvector-mapper.js","sourceRoot":"","sources":["../../src/neuvector-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAA6E;AAC7E,8DAAyD;AACzD,2CAAoE;AASpE,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAE9C,SAAS,OAAO,CAAC,WAAmB;;IAClC,MAAM,KAAK,GAAG,YAAY,CAAC;IAC3B,OAAO,MAAA,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,mCAAI,SAAS,CAAC;AAC/C,CAAC;AAED,SAAS,QAAQ,CAAC,OAA6B;;IAC7C,MAAM,WAAW,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAC;IACvE,OAAO,gBAAgB,CAAC,UAAU,CAChC,WAAW,EACX,6CAAoC,CACrC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,OAAe;IACnC,OAAO,CAAC,GAAkB,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC;AACtD,CAAC;AAED,MAAa,eAAgB,SAAQ,8BAAa;IAKhD,kBAAkB;QAGhB,MAAM,KAAK,GAAyD,EAAE,CAAC;QAEvE,OAAO,CAAC,UAAkB,EAAE,EAAE;;YAC5B,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE;gBAC3D,OAAO,KAAK,CAAC,UAAU,CAAC,CAAC;aAC1B;YACD,KAAK,CAAC,UAAU,CAAC,GAAG,MAAA,MAAC,IAAI,CAAC,IAA0B,CAAC,MAAM,CAAC,OAAO,0CAAE,IAAI,CACvE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU,CACrC,0CAAE,MAAM,CAAC;YACV,OAAO,KAAK,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC,CAAC;IACJ,CAAC;IAyID,YAAY,UAAkB,EAAE,OAAO,GAAG,KAAK;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACzC,KAAK,CAAC,SAAS,CAAC,CAAC;QAzInB,aAAQ,GAGJ;YACF,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;aAC9B;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,gBAAgB;oBACtB,KAAK,EAAE;wBACL,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,CAAC,IAAwB,EAAE,EAAE,CACxC,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,cAAc,IAAI,CAAC,MAAM,gBAAgB,IAAI,CAAC,QAAQ,EAAE;qBAC1G;oBACD,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,wBAAwB;4BAC9B,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,IAAI,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;gCACpB,IAAI,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;gCACpB,GAAG,EAAE;oCACH,IAAI,EAAE,aAAa;oCACnB,WAAW,EAAE,OAAO;iCACrB;gCACD,IAAI,EAAE;oCACJ,IAAI,EAAE,aAAa;oCACnB,WAAW,EAAE,CAAC,WAAmB,EAAE,EAAE,CACnC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;iCACjC;gCACD,KAAK,EAAE,EAAC,IAAI,EAAE,OAAO,EAAC;gCACtB,OAAO,EAAE,EAAC,IAAI,EAAE,SAAS,EAAC;gCAC1B,UAAU,EAAE,EAAC,IAAI,EAAE,YAAY,EAAC;gCAChC,QAAQ,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;gCAC5B,QAAQ,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;gCAC5B,MAAM,EAAE;oCACN,IAAI,EAAE,cAAc;oCACpB,WAAW,EAAE,CAAC,WAAmB,EAAE,EAAE,CACnC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;iCAC/B;gCACD,MAAM,EAAE;oCACN,IAAI,EAAE,MAAM;oCACZ,WAAW,EAAE,CAAC,IAAY,EAAE,EAAE;;wCAC5B,OAAA,MAAA,MAAA,MAAA,MAAA,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,0CACvB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,WAAC,OAAA,MAAA,MAAM,CAAC,IAAI,0CAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAA,EAAA,CAAC,0CACvD,IAAI,0CAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,0CAAE,MAAM,CAAA;qCAAA;iCAC7C;gCACD,WAAW,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;gCAClC,IAAI,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;gCACpB,mBAAmB,EAAE,EAAC,IAAI,EAAE,qBAAqB,EAAC;gCAClD,uBAAuB,EAAE,EAAC,IAAI,EAAE,yBAAyB,EAAC;gCAC1D,aAAa,EAAE,EAAC,IAAI,EAAE,eAAe,EAAC;gCACtC,IAAI,EAAE;oCACJ,IAAI,EAAE,MAAM;oCACZ,WAAW,EAAE,CAAC,IAAc,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;iCAC/D;gCACD,IAAI,EAAE;oCACJ,IAAI,EAAE,eAAe;oCACrB,WAAW,EAAE,CAAC,IAAe,EAAE,EAAE,CAC/B,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;iCACrC;gCACD,IAAI,EAAE;oCACJ,IAAI,EAAE,eAAe;oCACrB,WAAW,EAAE,CAAC,IAAe,EAAE,EAAE,CAC/B,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;iCACrC;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAC,GAAG,EAAE,EAAC,IAAI,EAAE,WAAW,EAAC,EAAC;4BAC3C,KAAK,EAAE;gCACL,WAAW,EAAE,CAAC,IAAuB,EAAE,EAAE,CACvC,sCAAsC,IAAI,CAAC,IAAI,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,eAAe,GAAG;6BACrG;4BACD,EAAE,EAAE;gCACF,WAAW,EAAE,CAAC,IAAuB,EAAE,EAAE,CACvC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,eAAe,EAAE;6BAC9D;4BACD,IAAI,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;4BAC3B,MAAM,EAAE;gCACN,WAAW,EAAE,CAAC,IAAuB,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE;6BAC7D;4BACD,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAE;oCACb,OAAO,EAAE;wCACP,WAAW,EAAE,CAAC,IAAuB,EAAE,EAAE;4CACvC,MAAM,EAAC,YAAY,EAAE,eAAe,EAAE,aAAa,EAAC,GAAG,IAAI,CAAC;4CAC5D,IAAI,CAAC,aAAa,EAAE;gDAClB,OAAO,sBAAsB,YAAY,kBAAkB,eAAe,+BAA+B,CAAC;6CAC3G;4CACD,OAAO,sBAAsB,YAAY,kBAAkB,eAAe,6BAA6B,aAAa,GAAG,CAAC;wCAC1H,CAAC;qCACF;oCACD,UAAU,EAAE,EAAE;iCACf;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;YACD,WAAW,EAAE;gBACX,WAAW,EAAE,CACX,IAAuB,EAC8B,EAAE;oBACvD,OAAO;wBACL,cAAc,EAAE;4BACd;gCACE,IAAI,EAAE,WAAW;gCACjB,IAAI,EAAE,gBAAC,CAAC,IAAI,CAAC;oCACX,yBAAyB;oCACzB,cAAc;oCACd,cAAc;oCACd,kBAAkB;oCAClB,oBAAoB;oCACpB,aAAa;oCACb,gBAAgB;oCAChB,kBAAkB;iCACnB,CAAC;6BACH;yBACF;wBACD,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAC,GAAG,EAAE,IAAI,EAAC,CAAC;qBACjC,CAAC;gBACJ,CAAC;aACF;SACF,CAAC;QAIA,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC9C,CAAC;CACF;AAnKD,0CAmKC"}
|
|
@@ -45,6 +45,7 @@ var INPUT_TYPES;
|
|
|
45
45
|
INPUT_TYPES["TWISTLOCK"] = "twistlock";
|
|
46
46
|
INPUT_TYPES["ZAP"] = "zap";
|
|
47
47
|
INPUT_TYPES["NESSUS"] = "nessus";
|
|
48
|
+
INPUT_TYPES["NEUVECTOR"] = "neuvector";
|
|
48
49
|
INPUT_TYPES["XCCDF"] = "xccdf";
|
|
49
50
|
INPUT_TYPES["NETSPARKER"] = "netsparker";
|
|
50
51
|
INPUT_TYPES["SCOUTSUITE"] = "scoutsuite";
|
|
@@ -56,7 +57,17 @@ var INPUT_TYPES;
|
|
|
56
57
|
const fileTypeFingerprints = {
|
|
57
58
|
[INPUT_TYPES.ASFF]: ['Findings', 'AwsAccountId', 'ProductArn'],
|
|
58
59
|
[INPUT_TYPES.CONVEYOR]: ['api_error_message', 'api_response'],
|
|
60
|
+
[INPUT_TYPES.CYCLONEDX_SBOM]: ['bomFormat', 'metadata', 'specVersion'],
|
|
59
61
|
[INPUT_TYPES.FORTIFY]: ['FVDL', 'FVDL.EngineData.EngineVersion', 'FVDL.UUID'],
|
|
62
|
+
[INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'],
|
|
63
|
+
[INPUT_TYPES.GRYPE]: [
|
|
64
|
+
'matches.vulnerability',
|
|
65
|
+
'matches.relatedVulnerabilities',
|
|
66
|
+
'matches.matchDetails',
|
|
67
|
+
'matches.artifact',
|
|
68
|
+
'distro',
|
|
69
|
+
'descriptor'
|
|
70
|
+
],
|
|
60
71
|
[INPUT_TYPES.IONCHANNEL]: [
|
|
61
72
|
'analysis_id',
|
|
62
73
|
'team_id',
|
|
@@ -65,6 +76,15 @@ const fileTypeFingerprints = {
|
|
|
65
76
|
],
|
|
66
77
|
[INPUT_TYPES.JFROG]: ['total_count', 'data'],
|
|
67
78
|
[INPUT_TYPES.MSFT_SEC_SCORE]: ['secureScore', 'profiles'],
|
|
79
|
+
[INPUT_TYPES.NEUVECTOR]: [
|
|
80
|
+
'report.base_os',
|
|
81
|
+
'report.cvedb_create_time',
|
|
82
|
+
'report.cvedb_version',
|
|
83
|
+
'report.modules',
|
|
84
|
+
'report.repository',
|
|
85
|
+
'report.signature_data',
|
|
86
|
+
'report.vulnerabilities'
|
|
87
|
+
],
|
|
68
88
|
[INPUT_TYPES.NIKTO]: ['banner', 'host', 'ip', 'port', 'vulnerabilities'],
|
|
69
89
|
[INPUT_TYPES.SARIF]: ['$schema', 'version', 'runs'],
|
|
70
90
|
[INPUT_TYPES.SNYK]: [
|
|
@@ -92,24 +112,14 @@ const fileTypeFingerprints = {
|
|
|
92
112
|
[INPUT_TYPES.ZAP]: ['@generated', '@version', 'site'],
|
|
93
113
|
[INPUT_TYPES.BURP]: [],
|
|
94
114
|
[INPUT_TYPES.CHECKLIST]: [],
|
|
95
|
-
[INPUT_TYPES.NESSUS]: [],
|
|
96
|
-
[INPUT_TYPES.PRISMA]: [],
|
|
97
115
|
[INPUT_TYPES.DB_PROTECT]: [],
|
|
98
|
-
[INPUT_TYPES.
|
|
116
|
+
[INPUT_TYPES.NESSUS]: [],
|
|
99
117
|
[INPUT_TYPES.NETSPARKER]: [],
|
|
118
|
+
[INPUT_TYPES.PRISMA]: [],
|
|
100
119
|
[INPUT_TYPES.SCOUTSUITE]: [],
|
|
101
|
-
[INPUT_TYPES.NOT_FOUND]: [],
|
|
102
120
|
[INPUT_TYPES.VERACODE]: [],
|
|
103
|
-
[INPUT_TYPES.
|
|
104
|
-
[INPUT_TYPES.
|
|
105
|
-
[INPUT_TYPES.GRYPE]: [
|
|
106
|
-
'matches.vulnerability',
|
|
107
|
-
'matches.relatedVulnerabilities',
|
|
108
|
-
'matches.matchDetails',
|
|
109
|
-
'matches.artifact',
|
|
110
|
-
'distro',
|
|
111
|
-
'descriptor'
|
|
112
|
-
]
|
|
121
|
+
[INPUT_TYPES.XCCDF]: [],
|
|
122
|
+
[INPUT_TYPES.NOT_FOUND]: []
|
|
113
123
|
};
|
|
114
124
|
function fingerprint(guessOptions) {
|
|
115
125
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fingerprinting.js","sourceRoot":"","sources":["../../../src/utils/fingerprinting.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA4B;AAE5B,IAAY,
|
|
1
|
+
{"version":3,"file":"fingerprinting.js","sourceRoot":"","sources":["../../../src/utils/fingerprinting.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0CAA4B;AAE5B,IAAY,WA2BX;AA3BD,WAAY,WAAW;IACrB,4BAAa,CAAA;IACb,4BAAa,CAAA;IACb,sCAAuB,CAAA;IACvB,oCAAqB,CAAA;IACrB,kCAAmB,CAAA;IACnB,8BAAe,CAAA;IACf,8BAAe,CAAA;IACf,wCAAyB,CAAA;IACzB,8BAAe,CAAA;IACf,mDAAoC,CAAA;IACpC,8BAAe,CAAA;IACf,8BAAe,CAAA;IACf,gDAAiC,CAAA;IACjC,4BAAa,CAAA;IACb,wCAAyB,CAAA;IACzB,sCAAuB,CAAA;IACvB,0BAAW,CAAA;IACX,gCAAiB,CAAA;IACjB,sCAAuB,CAAA;IACvB,8BAAe,CAAA;IACf,wCAAyB,CAAA;IACzB,wCAAyB,CAAA;IACzB,uCAAwB,CAAA;IACxB,gCAAiB,CAAA;IACjB,oCAAqB,CAAA;IACrB,6BAAc,CAAA;AAChB,CAAC,EA3BW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QA2BtB;AAGD,MAAM,oBAAoB,GAAkC;IAC1D,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,YAAY,CAAC;IAC9D,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,mBAAmB,EAAE,cAAc,CAAC;IAC7D,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,aAAa,CAAC;IACtE,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,+BAA+B,EAAE,WAAW,CAAC;IAC7E,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,EAAE,QAAQ,CAAC;IAChD,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE;QACnB,uBAAuB;QACvB,gCAAgC;QAChC,sBAAsB;QACtB,kBAAkB;QAClB,QAAQ;QACR,YAAY;KACb;IACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;QACxB,aAAa;QACb,SAAS;QACT,QAAQ;QACR,cAAc;KACf;IACD,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,CAAC;IAC5C,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;IACzD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;QACvB,gBAAgB;QAChB,0BAA0B;QAC1B,sBAAsB;QACtB,gBAAgB;QAChB,mBAAmB;QACnB,uBAAuB;QACvB,wBAAwB;KACzB;IACD,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,CAAC;IACxE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;IACnD,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE;QAClB,aAAa;QACb,QAAQ;QACR,SAAS;QACT,iBAAiB;QACjB,gCAAgC;KACjC;IACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;QACxB,YAAY;QACZ,cAAc;QACd,cAAc;QACd,aAAa;KACd;IACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;QACvB,mCAAmC;QACnC,sCAAsC;QACtC,wBAAwB;QACxB,mBAAmB;QACnB,UAAU;QACV,wBAAwB;QACxB,2BAA2B;KAC5B;IACD,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC;IAErD,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE;IACtB,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE;IAC3B,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE;IAC5B,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE;IACxB,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE;IAC5B,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE;IACxB,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,EAAE;IAC5B,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE;IAC1B,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE;IACvB,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE;CAC5B,CAAC;AAEF,SAAgB,WAAW,CAAC,YAG3B;IACC,IAAI;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAE1D,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAC/D,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACP,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;gBACxD,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;gBACnD,CAAC,CAAC,EAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,EAAC;gBACpE,CAAC,CAAC;oBACE,GAAG,CAAC;oBACJ,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM;iBAC3D,CAAC;QACR,CAAC,CAC4C,CAAC;QAChD,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,aAAa,CAAC,KAAK,KAAK,CAAC,EAAE;YAC7B,OAAO,MAAM,CAAC;SACf;KACF;IAAC,MAAM;QACN,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAExD,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;YAC3D,OAAO,WAAW,CAAC,MAAM,CAAC;SAC3B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,sBAAsB,CAAC;YAC/C,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAC3D;YACA,OAAO,WAAW,CAAC,KAAK,CAAC;SAC1B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC;YACrD,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAClD;YACA,OAAO,WAAW,CAAC,UAAU,CAAC;SAC/B;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;YAChE,OAAO,WAAW,CAAC,OAAO,CAAC;SAC5B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;YAClD,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EACnD;YACA,OAAO,WAAW,CAAC,IAAI,CAAC;SACzB;aAAM,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE;YACjE,OAAO,WAAW,CAAC,IAAI,CAAC;SACzB;aAAM,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE;YACjE,OAAO,WAAW,CAAC,UAAU,CAAC;SAC/B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAC1C;YACA,OAAO,WAAW,CAAC,UAAU,CAAC;SAC/B;aAAM,IACL,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;YAClC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;YACvC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC9B,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAClC;YACA,OAAO,WAAW,CAAC,MAAM,CAAC;SAC3B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC5C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAClD;YACA,OAAO,WAAW,CAAC,QAAQ,CAAC;SAC7B;aAAM,IACL,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAC/C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC3C,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAC/C;YACA,OAAO,WAAW,CAAC,SAAS,CAAC;SAC9B;KACF;IACD,OAAO,WAAW,CAAC,SAAS,CAAC;AAC/B,CAAC;AA/ED,kCA+EC"}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
export type RESTVulnerability = {
|
|
2
|
+
name: string;
|
|
3
|
+
score: number;
|
|
4
|
+
severity: string;
|
|
5
|
+
vectors: string;
|
|
6
|
+
description: string;
|
|
7
|
+
file_name: string;
|
|
8
|
+
package_name: string;
|
|
9
|
+
package_version: string;
|
|
10
|
+
fixed_version: string;
|
|
11
|
+
link: string;
|
|
12
|
+
score_v3: number;
|
|
13
|
+
vectors_v3: string;
|
|
14
|
+
published_timestamp: number;
|
|
15
|
+
last_modified_timestamp: number;
|
|
16
|
+
cpes?: string[];
|
|
17
|
+
cves?: string[];
|
|
18
|
+
feed_rating: string;
|
|
19
|
+
in_base_image?: boolean;
|
|
20
|
+
tags?: string[];
|
|
21
|
+
};
|
|
22
|
+
export type RESTScanModule = {
|
|
23
|
+
name: string;
|
|
24
|
+
file: string;
|
|
25
|
+
version: string;
|
|
26
|
+
source: string;
|
|
27
|
+
cves?: RESTModuleCve[];
|
|
28
|
+
cpes?: string[];
|
|
29
|
+
};
|
|
30
|
+
export type RESTModuleCve = {
|
|
31
|
+
name: string;
|
|
32
|
+
status: string;
|
|
33
|
+
};
|
|
34
|
+
type RESTBenchItem = {
|
|
35
|
+
level: string;
|
|
36
|
+
evidence?: string;
|
|
37
|
+
location?: string;
|
|
38
|
+
message: string[];
|
|
39
|
+
group?: string;
|
|
40
|
+
} & RESTBenchCheck;
|
|
41
|
+
type RESTBenchCheck = {
|
|
42
|
+
test_number: string;
|
|
43
|
+
category: string;
|
|
44
|
+
type: string;
|
|
45
|
+
profile: string;
|
|
46
|
+
scored: boolean;
|
|
47
|
+
automated: boolean;
|
|
48
|
+
description: string;
|
|
49
|
+
remediation: string;
|
|
50
|
+
tags?: string[];
|
|
51
|
+
tags_v2?: Record<string, unknown>;
|
|
52
|
+
};
|
|
53
|
+
type RESTScanSecret = {
|
|
54
|
+
type: string;
|
|
55
|
+
evidence: string;
|
|
56
|
+
path: string;
|
|
57
|
+
suggestion: string;
|
|
58
|
+
};
|
|
59
|
+
type RESTScanSetIdPerm = {
|
|
60
|
+
type: string;
|
|
61
|
+
evidence: string;
|
|
62
|
+
path: string;
|
|
63
|
+
};
|
|
64
|
+
type RESTScanSignatureInfo = {
|
|
65
|
+
verifiers?: string[];
|
|
66
|
+
verification_timestamp: string;
|
|
67
|
+
};
|
|
68
|
+
type RESTScanReport = {
|
|
69
|
+
vulnerabilities: RESTVulnerability[];
|
|
70
|
+
modules?: RESTScanModule[];
|
|
71
|
+
checks?: RESTBenchItem[];
|
|
72
|
+
secrets?: RESTScanSecret[];
|
|
73
|
+
setid_perms?: RESTScanSetIdPerm[];
|
|
74
|
+
envs?: string[];
|
|
75
|
+
labels?: Record<string, string>;
|
|
76
|
+
cmds?: string[];
|
|
77
|
+
signature_data?: RESTScanSignatureInfo;
|
|
78
|
+
};
|
|
79
|
+
export type RESTScanRepoReport = {
|
|
80
|
+
verdict?: string;
|
|
81
|
+
image_id: string;
|
|
82
|
+
registry: string;
|
|
83
|
+
repository: string;
|
|
84
|
+
tag: string;
|
|
85
|
+
digest: string;
|
|
86
|
+
size: number;
|
|
87
|
+
author: string;
|
|
88
|
+
base_os: string;
|
|
89
|
+
created_at: string;
|
|
90
|
+
cvedb_version: string;
|
|
91
|
+
cvedb_create_time: string;
|
|
92
|
+
layers: RESTScanLayer[];
|
|
93
|
+
} & RESTScanReport;
|
|
94
|
+
type RESTScanLayer = {
|
|
95
|
+
digest: string;
|
|
96
|
+
cmds: string;
|
|
97
|
+
vulnerabilities: RESTVulnerability[];
|
|
98
|
+
size: number;
|
|
99
|
+
};
|
|
100
|
+
export type NeuVectorScanJson = {
|
|
101
|
+
report: RESTScanRepoReport;
|
|
102
|
+
error_message: string;
|
|
103
|
+
};
|
|
104
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"neuvector-types.js","sourceRoot":"","sources":["../../types/neuvector-types.ts"],"names":[],"mappings":""}
|