@mitre/hdf-converters 2.10.2 → 2.10.5

package/lib/index.d.ts

@@ -2,6 +2,8 @@ export { ASFFResults } from './src/asff-mapper/asff-mapper';
 export * from './src/aws-config-mapper';
 export * from './src/burpsuite-mapper';
 export * from './src/ckl-mapper/checklist-mapper';
+export * from './src/ckl-mapper/checklistJsonix';
+export * from './src/ckl-mapper/checklist-jsonix-converter';
 export * from './src/converters-from-hdf/asff/reverse-asff-mapper';
 export * from './src/converters-from-hdf/caat/reverse-caat-mapper';
 export * from './src/converters-from-hdf/html/reverse-html-mapper';

package/lib/index.js

@@ -32,6 +32,8 @@ Object.defineProperty(exports, "ASFFResults", { enumerable: true, get: function
 __exportStar(require("./src/aws-config-mapper"), exports);
 __exportStar(require("./src/burpsuite-mapper"), exports);
 __exportStar(require("./src/ckl-mapper/checklist-mapper"), exports);
+__exportStar(require("./src/ckl-mapper/checklistJsonix"), exports);
+__exportStar(require("./src/ckl-mapper/checklist-jsonix-converter"), exports);
 __exportStar(require("./src/converters-from-hdf/asff/reverse-asff-mapper"), exports);
 __exportStar(require("./src/converters-from-hdf/caat/reverse-caat-mapper"), exports);
 __exportStar(require("./src/converters-from-hdf/html/reverse-html-mapper"), exports);

package/lib/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6DAA0D;AAAlD,0GAAA,WAAW,OAAA;AACnB,0DAAwC;AACxC,yDAAuC;AACvC,oEAAkD;AAClD,qFAAmE;AACnE,qFAAmE;AACnE,qFAAmE;AACnE,yFAAuE;AACvE,uFAAqE;AACrE,wDAAsC;AACtC,yDAAuC;AACvC,uDAAqC;AACrC,qDAAmC;AACnC,0DAAwC;AACxC,0DAAwC;AACxC,4FAA4E;AAC5E,wFAAwE;AACxE,wFAAwE;AACxE,0GAA0F;AAC1F,4FAA4E;AAC5E,wFAAwE;AACxE,4FAA4E;AAC5E,sGAAsF;AACtF,sDAAoC;AACpC,0DAAwC;AACxC,qDAAmC;AACnC,sDAAoC;AACpC,qDAAmC;AACnC,0DAAwC;AACxC,oDAAkC;AAClC,yDAAuC;AACvC,sDAAoC;AACpC,yDAAuC;AACvC,2DAAyC;AACzC,yDAAuC;AACvC,6DAA2C;AAC3C,wDAAsC;AACtC,6DAA2C;AAC3C,mDAAiC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6DAA0D;AAAlD,0GAAA,WAAW,OAAA;AACnB,0DAAwC;AACxC,yDAAuC;AACvC,oEAAkD;AAClD,mEAAiD;AACjD,8EAA4D;AAC5D,qFAAmE;AACnE,qFAAmE;AACnE,qFAAmE;AACnE,yFAAuE;AACvE,uFAAqE;AACrE,wDAAsC;AACtC,yDAAuC;AACvC,uDAAqC;AACrC,qDAAmC;AACnC,0DAAwC;AACxC,0DAAwC;AACxC,4FAA4E;AAC5E,wFAAwE;AACxE,wFAAwE;AACxE,0GAA0F;AAC1F,4FAA4E;AAC5E,wFAAwE;AACxE,4FAA4E;AAC5E,sGAAsF;AACtF,sDAAoC;AACpC,0DAAwC;AACxC,qDAAmC;AACnC,sDAAoC;AACpC,qDAAmC;AACnC,0DAAwC;AACxC,oDAAkC;AAClC,yDAAuC;AACvC,sDAAoC;AACpC,yDAAuC;AACvC,2DAAyC;AACzC,yDAAuC;AACvC,6DAA2C;AAC3C,wDAAsC;AACtC,6DAA2C;AAC3C,mDAAiC"}

package/lib/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@mitre/hdf-converters",
-    "version": "2.10.2",
+    "version": "2.10.5",
     "license": "Apache-2.0",
     "description": "Converter util library used to transform various scan results into HDF format",
     "files": [
@@ -49,9 +49,12 @@
         "mustache": "^4.2.0",
         "papaparse": "^5.3.1",
         "run-script-os": "^1.1.6",
+        "semver": "^7.6.0",
         "tailwindcss": "^3.3.3",
         "tw-elements": "^1.0.0-beta2",
         "winston": "^3.6.0",
+        "xml-formatter": "^3.6.2",
+        "xml-parser-xo": "^4.1.1",
         "xml2js": "^0.6.0",
         "yaml": "^2.1.1"
     },

package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts

@@ -1,9 +1,10 @@
-import { Asset, Checklist, Sidata, Stigdata, Vuln } from '../../types/checklistJsonix';
+import { ExecJSON } from 'inspecjs';
 import { JsonixIntermediateConverter } from '../jsonix-intermediate-converter';
+import { Asset, Assettype, Checklist, Role, Sidata, Stigdata, StigdatumElement, Techarea, Vuln } from './checklistJsonix';
 export type ChecklistObject = {
     asset: ChecklistAsset;
     stigs: ChecklistStig[];
-    jsonixData: Checklist;
+    jsonixData?: Checklist;
 };
 type ChecklistAsset = Asset;
 type ChecklistStig = {
@@ -29,7 +30,7 @@ export type ChecklistVuln = Omit<Vuln, 'stigdata' | 'status'> & {
     severity: Severity;
     groupTitle: string;
     ruleId: string;
-    ruleVersion: string;
+    ruleVer: string;
     ruleTitle: string;
     vulnDiscuss: string;
     iaControls: string;
@@ -37,7 +38,7 @@ export type ChecklistVuln = Omit<Vuln, 'stigdata' | 'status'> & {
     fixText: string;
     falsePositives: string;
     falseNegatives: string;
-    documentable: boolean;
+    documentable: string;
     mitigations: string;
     potentialImpact: string;
     thirdPartyTools: string;
@@ -65,8 +66,48 @@ export declare enum Severity {
     Low = "low",
     Medium = "medium"
 }
+export type ChecklistMetadata = {
+    marking: string;
+    hostname: string;
+    hostip: string;
+    hostmac: string;
+    hostfqdn: string;
+    targetcomment: string;
+    role: Role;
+    assettype: Assettype;
+    techarea: Techarea;
+    webordatabase: string;
+    webdbsite: string;
+    webdbinstance: string;
+    vulidmapping: 'id' | 'gid';
+    profiles: StigMetadata[];
+};
+export type StigMetadata = {
+    name: string;
+    title: string;
+    releasenumber: number;
+    version: number;
+    releasedate: string;
+    showCalendar: boolean;
+};
+export declare const EmptyChecklistObject: ChecklistObject;
+export declare function updateChecklistWithMetadata(file: ExecJSON.Execution): ChecklistObject;
 export declare class ChecklistJsonixConverter extends JsonixIntermediateConverter<Checklist, ChecklistObject> {
     getValueFromAttributeName<T extends Stigdata | Sidata>(data: T[], tag: string): string;
     toIntermediateObject(jsonixData: Checklist): ChecklistObject;
+    expandHeader(header: StigHeader): Sidata[];
+    expandVulns(checklistVuln: ChecklistVuln): StigdatumElement[];
+    createVulns(checklistVulns: ChecklistVuln[]): Vuln[];
+    fromIntermediateObject(intermediateObj: ChecklistObject): Checklist;
+    getStatus(results: ExecJSON.ControlResult[], impact: number): StatusMapping;
+    severityMap(impact: number): Severity;
+    getFindingDetails(results: ExecJSON.ControlResult[]): string;
+    matchNistToCcis(nistRefs: string[]): string[];
+    getComments(descriptions: ExecJSON.ControlDescription[]): string;
+    addHdfControlSpecificData(control: ExecJSON.Control): string;
+    addHdfProfileSpecificData(profile: ExecJSON.Profile): string;
+    controlsToVulns(profile: ExecJSON.Profile, stigRef: string, metadata?: ChecklistMetadata): ChecklistVuln[];
+    getReleaseInfo(releasenumber: number | undefined, releasedate: string | undefined): string | undefined;
+    hdfToIntermediateObject(hdf: ExecJSON.Execution): ChecklistObject;
 }
 export {};

package/lib/src/ckl-mapper/checklist-jsonix-converter.js

@@ -1,31 +1,16 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ChecklistJsonixConverter = exports.Severity = void 0;
-const _ = __importStar(require("lodash"));
+exports.ChecklistJsonixConverter = exports.updateChecklistWithMetadata = exports.EmptyChecklistObject = exports.Severity = void 0;
+const inspecjs_1 = require("inspecjs");
+const lodash_1 = __importDefault(require("lodash"));
 const jsonix_intermediate_converter_1 = require("../jsonix-intermediate-converter");
+const CciNistMapping_1 = require("../mappings/CciNistMapping");
+const global_1 = require("../utils/global");
+const checklistJsonix_1 = require("./checklistJsonix");
+const semver_1 = require("semver");
 var StatusMapping;
 (function (StatusMapping) {
     StatusMapping["NotAFinding"] = "Passed";
@@ -40,6 +25,102 @@ var Severity;
     Severity["Low"] = "low";
     Severity["Medium"] = "medium";
 })(Severity = exports.Severity || (exports.Severity = {}));
+exports.EmptyChecklistObject = {
+    asset: {
+        assettype: checklistJsonix_1.Assettype.Computing,
+        marking: 'CUI',
+        hostfqdn: null,
+        hostip: null,
+        hostmac: null,
+        hostname: null,
+        targetcomment: null,
+        role: checklistJsonix_1.Role.None,
+        targetkey: null,
+        techarea: checklistJsonix_1.Techarea.Empty,
+        webdbinstance: null,
+        webdbsite: null,
+        webordatabase: null
+    },
+    stigs: [
+        {
+            header: {
+                version: '',
+                classification: 'UNCLASSIFIED',
+                stigid: '',
+                description: '',
+                filename: '',
+                title: '',
+                uuid: ''
+            },
+            vulns: [
+                {
+                    status: StatusMapping.Not_Reviewed,
+                    vulnNum: '',
+                    severity: Severity.Low,
+                    groupTitle: '',
+                    ruleId: '',
+                    ruleVer: '',
+                    ruleTitle: '',
+                    vulnDiscuss: '',
+                    iaControls: '',
+                    checkContent: '',
+                    fixText: '',
+                    falsePositives: '',
+                    falseNegatives: '',
+                    documentable: 'false',
+                    mitigations: '',
+                    potentialImpact: '',
+                    thirdPartyTools: '',
+                    mitigationControl: '',
+                    responsibility: '',
+                    securityOverrideGuidance: '',
+                    checkContentRef: '',
+                    weight: '',
+                    class: 'Unclass',
+                    stigRef: '',
+                    targetKey: '',
+                    stigUuid: '',
+                    legacyId: '',
+                    cciRef: '',
+                    comments: null,
+                    findingdetails: null,
+                    severityjustification: null,
+                    severityoverride: checklistJsonix_1.Severityoverride.Empty
+                }
+            ]
+        }
+    ]
+};
+function updateChecklistWithMetadata(file) {
+    const metadata = lodash_1.default.get(file, 'passthrough.metadata');
+    const checklist = lodash_1.default.get(file, 'passthrough.checklist');
+    checklist.asset.assettype = metadata.assettype;
+    checklist.asset.marking = metadata.marking;
+    checklist.asset.hostfqdn = metadata.hostfqdn;
+    checklist.asset.hostip = metadata.hostip;
+    checklist.asset.hostname = metadata.hostname;
+    checklist.asset.hostmac = metadata.hostmac;
+    checklist.asset.targetcomment = metadata.targetcomment;
+    checklist.asset.role = metadata.role;
+    checklist.asset.techarea = metadata.techarea;
+    checklist.asset.webordatabase = [true, 'true'].includes(metadata.webordatabase);
+    checklist.asset.webdbsite = metadata.webdbsite;
+    checklist.asset.webdbinstance = metadata.webdbinstance;
+    for (const stig of checklist.stigs) {
+        for (const profile of metadata.profiles) {
+            if (stig.header.title === profile.name) {
+                stig.header.title = profile.title || profile.name;
+                stig.header.version = profile.version.toString();
+                stig.header.releaseinfo = `Release: ${profile.releasenumber} Benchmark Date: ${profile.releasedate}`;
+                for (const vuln of stig.vulns) {
+                    vuln.stigRef = `${stig.header.title} :: Version ${stig.header.version}, ${stig.header.releaseinfo}`;
+                }
+            }
+        }
+    }
+    return checklist;
+}
+exports.updateChecklistWithMetadata = updateChecklistWithMetadata;
 class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixIntermediateConverter {
     getValueFromAttributeName(data, tag) {
         let keyName = 'vulnattribute';
@@ -49,30 +130,30 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
             dataName = 'siddata';
         }
         const results = data.filter((attribute) => {
-            return _.get(attribute, keyName) == tag;
+            return lodash_1.default.get(attribute, keyName) == tag;
         });
-        return results.map((result) => _.get(result, dataName)).join('; ');
+        return results.map((result) => lodash_1.default.get(result, dataName)).join('; ');
     }
     toIntermediateObject(jsonixData) {
         const asset = {
-            role: _.get(jsonixData, 'value.asset.role'),
-            assettype: _.get(jsonixData, 'value.asset.assettype'),
-            hostname: _.get(jsonixData, 'value.asset.hostname'),
-            hostip: _.get(jsonixData, 'value.asset.hostip'),
-            hostmac: _.get(jsonixData, 'value.asset.hostmac'),
-            hostfqdn: _.get(jsonixData, 'value.asset.hostfqdn'),
-            marking: _.get(jsonixData, 'value.asset.marking'),
-            targetcomment: _.get(jsonixData, 'value.asset.targetcomment'),
-            techarea: _.get(jsonixData, 'value.asset.techarea'),
-            targetkey: _.get(jsonixData, 'value.asset.targetkey'),
-            webordatabase: _.get(jsonixData, 'value.asset.webordatabase'),
-            webdbsite: _.get(jsonixData, 'value.asset.webdbsite'),
-            webdbinstance: _.get(jsonixData, 'value.asset.webdbinstance')
+            role: lodash_1.default.get(jsonixData, 'value.asset.role'),
+            assettype: lodash_1.default.get(jsonixData, 'value.asset.assettype'),
+            hostname: lodash_1.default.get(jsonixData, 'value.asset.hostname'),
+            hostip: lodash_1.default.get(jsonixData, 'value.asset.hostip'),
+            hostmac: lodash_1.default.get(jsonixData, 'value.asset.hostmac'),
+            hostfqdn: lodash_1.default.get(jsonixData, 'value.asset.hostfqdn'),
+            marking: lodash_1.default.get(jsonixData, 'value.asset.marking'),
+            targetcomment: lodash_1.default.get(jsonixData, 'value.asset.targetcomment'),
+            techarea: lodash_1.default.get(jsonixData, 'value.asset.techarea'),
+            targetkey: lodash_1.default.get(jsonixData, 'value.asset.targetkey'),
+            webordatabase: [true, 'true'].includes(lodash_1.default.get(jsonixData, 'value.asset.webordatabase', false)),
+            webdbsite: lodash_1.default.get(jsonixData, 'value.asset.webdbsite'),
+            webdbinstance: lodash_1.default.get(jsonixData, 'value.asset.webdbinstance')
         };
-        const rawStigs = _.get(jsonixData, 'value.stigs.istig');
+        const rawStigs = lodash_1.default.get(jsonixData, 'value.stigs.istig');
         const stigs = [];
         for (const stig of rawStigs) {
-            const stigInfo = _.get(stig, 'stiginfo.sidata');
+            const stigInfo = lodash_1.default.get(stig, 'stiginfo.sidata');
             const header = {
                 version: this.getValueFromAttributeName(stigInfo, 'version'),
                 classification: this.getValueFromAttributeName(stigInfo, 'classification'),
@@ -87,20 +168,20 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
                 source: this.getValueFromAttributeName(stigInfo, 'source')
             };
             const checklistVulns = [];
-            const vulns = _.get(stig, 'vuln');
+            const vulns = lodash_1.default.get(stig, 'vuln');
             for (const vuln of vulns) {
-                const stigdata = _.get(vuln, 'stigdata');
+                const stigdata = lodash_1.default.get(vuln, 'stigdata');
                 const checklistVuln = {
-                    status: StatusMapping[_.get(vuln, 'status')],
-                    findingdetails: _.get(vuln, 'findingdetails'),
-                    comments: _.get(vuln, 'comments'),
-                    severityoverride: _.get(vuln, 'severityoverride'),
-                    severityjustification: _.get(vuln, 'severityjustification'),
+                    status: StatusMapping[lodash_1.default.get(vuln, 'status')],
+                    findingdetails: lodash_1.default.get(vuln, 'findingdetails'),
+                    comments: lodash_1.default.get(vuln, 'comments'),
+                    severityoverride: lodash_1.default.get(vuln, 'severityoverride'),
+                    severityjustification: lodash_1.default.get(vuln, 'severityjustification'),
                     vulnNum: this.getValueFromAttributeName(stigdata, 'Vuln_Num'),
                     severity: this.getValueFromAttributeName(stigdata, 'Severity'),
                     groupTitle: this.getValueFromAttributeName(stigdata, 'Group_Title'),
                     ruleId: this.getValueFromAttributeName(stigdata, 'Rule_ID'),
-                    ruleVersion: this.getValueFromAttributeName(stigdata, 'Rule_Ver'),
+                    ruleVer: this.getValueFromAttributeName(stigdata, 'Rule_Ver'),
                     ruleTitle: this.getValueFromAttributeName(stigdata, 'Rule_Title'),
                     vulnDiscuss: this.getValueFromAttributeName(stigdata, 'Vuln_Discuss'),
                     iaControls: this.getValueFromAttributeName(stigdata, 'IA_Controls'),
@@ -138,6 +219,308 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
         };
         return checklistObject;
     }
+    expandHeader(header) {
+        const sidata = [];
+        for (const [name, data] of Object.entries(header)) {
+            if (data) {
+                sidata.push({
+                    sidname: name,
+                    siddata: data
+                });
+            }
+            else {
+                sidata.push({ sidname: name });
+            }
+        }
+        return sidata;
+    }
+    expandVulns(checklistVuln) {
+        var _a;
+        const separateElementNames = ['CciRef', 'IAControls', 'LegacyID'];
+        const stigdata = [];
+        for (const [attributeName, data] of Object.entries(checklistVuln)) {
+            const keyFoundInVulnattribute = Object.keys(checklistJsonix_1.Vulnattribute).find((key) => key.toLowerCase() === attributeName.toLowerCase());
+            if (keyFoundInVulnattribute) {
+                if (separateElementNames.includes(keyFoundInVulnattribute)) {
+                    const dataStrings = (_a = data === null || data === void 0 ? void 0 : data.toString().split(/[,|;]/)) !== null && _a !== void 0 ? _a : [];
+                    for (const dataString of dataStrings) {
+                        stigdata.push({
+                            vulnattribute: checklistJsonix_1.Vulnattribute[keyFoundInVulnattribute],
+                            attributedata: dataString.trim()
+                        });
+                    }
+                    continue;
+                }
+                stigdata.push({
+                    vulnattribute: checklistJsonix_1.Vulnattribute[keyFoundInVulnattribute],
+                    attributedata: data
+                });
+            }
+        }
+        return stigdata;
+    }
+    createVulns(checklistVulns) {
+        const vulns = [];
+        for (const checklistVuln of checklistVulns) {
+            const stigdata = this.expandVulns(checklistVuln);
+            const vuln = {
+                comments: checklistVuln.comments,
+                findingdetails: checklistVuln.findingdetails,
+                severityjustification: checklistVuln.severityjustification,
+                severityoverride: checklistVuln.severityoverride,
+                status: Object.keys(StatusMapping)[Object.values(StatusMapping).indexOf(checklistVuln.status)],
+                stigdata: stigdata
+            };
+            vulns.push(vuln);
+        }
+        return vulns;
+    }
+    fromIntermediateObject(intermediateObj) {
+        const name = {
+            localPart: checklistJsonix_1.LocalPartEnum.Checklist
+        };
+        const istigs = [];
+        for (const stig of intermediateObj.stigs) {
+            const istig = {
+                stiginfo: {
+                    sidata: this.expandHeader(stig.header)
+                },
+                vuln: this.createVulns(stig.vulns)
+            };
+            istigs.push(istig);
+        }
+        const value = {
+            asset: {
+                ...intermediateObj.asset
+            },
+            stigs: {
+                istig: istigs
+            }
+        };
+        const checklist = {
+            name: name,
+            value: value
+        };
+        return checklist;
+    }
+    getStatus(results, impact) {
+        const statuses = results.map((result) => {
+            return result.status;
+        });
+        if (impact === 0) {
+            return StatusMapping.Not_Applicable;
+        }
+        else if (statuses.includes(inspecjs_1.ExecJSON.ControlResultStatus.Failed)) {
+            return StatusMapping.Open;
+        }
+        else if (statuses.includes(inspecjs_1.ExecJSON.ControlResultStatus.Passed)) {
+            return StatusMapping.NotAFinding;
+        }
+        else {
+            return StatusMapping.Not_Reviewed;
+        }
+    }
+    severityMap(impact) {
+        if (impact < 0.4) {
+            return Severity.Low;
+        }
+        else if (impact < 0.7) {
+            return Severity.Medium;
+        }
+        else {
+            return Severity.High;
+        }
+    }
+    getFindingDetails(results) {
+        if (typeof results === 'undefined') {
+            return '';
+        }
+        else {
+            return results
+                .map((result) => {
+                if (result.message) {
+                    return `${result.status} :: TEST ${result.code_desc} :: MESSAGE ${result.message}`;
+                }
+                else if (result.skip_message) {
+                    return `${result.status} :: TEST ${result.code_desc} :: SKIP_MESSAGE ${result.skip_message}`;
+                }
+                else {
+                    return `${result.status} :: TEST ${result.code_desc}`;
+                }
+            })
+                .join('\n--------------------------------\n');
+        }
+    }
+    matchNistToCcis(nistRefs) {
+        if (!nistRefs) {
+            return [''];
+        }
+        const CCI_NIST_TWO_WAY_MAPPER = new CciNistMapping_1.CciNistTwoWayMapper();
+        return CCI_NIST_TWO_WAY_MAPPER.cciFilter(nistRefs, ['']);
+    }
+    getComments(descriptions) {
+        let results = '';
+        const caveat = (0, global_1.getDescription)(descriptions, 'caveat');
+        const justification = (0, global_1.getDescription)(descriptions, 'justification');
+        const rationale = (0, global_1.getDescription)(descriptions, 'rationale');
+        const comments = (0, global_1.getDescription)(descriptions, 'comments');
+        if (caveat) {
+            results += `CAVEAT :: ${caveat}\n`;
+        }
+        if (justification) {
+            results += `JUSTIFICATION :: ${justification}\n`;
+        }
+        if (rationale) {
+            results += `RATIONALE :: ${rationale}\n`;
+        }
+        if (comments) {
+            results += `COMMENTS :: ${comments}`;
+        }
+        return results;
+    }
+    addHdfControlSpecificData(control) {
+        var _a;
+        const hdfSpecificData = {};
+        const checklistImpactNumbers = [0.7, 0.5, 0.3, 0];
+        if (!checklistImpactNumbers.includes(control.impact)) {
+            hdfSpecificData['impact'] = control.impact;
+        }
+        if ((_a = control.code) === null || _a === void 0 ? void 0 : _a.startsWith('control')) {
+            hdfSpecificData['code'] = control.code;
+        }
+        const hdfDataExist = Object.keys(hdfSpecificData).length !== 0;
+        return hdfDataExist
+            ? JSON.stringify({ hdfSpecificData: hdfSpecificData }, null, 2)
+            : '';
+    }
+    addHdfProfileSpecificData(profile) {
+        const hdfSpecificData = {};
+        if (profile.attributes.length) {
+            hdfSpecificData['attributes'] = profile.attributes;
+        }
+        if (profile.copyright) {
+            hdfSpecificData['copyright'] = profile.copyright;
+        }
+        if (profile.copyright_email) {
+            hdfSpecificData['copyright_email'] = profile.copyright_email;
+        }
+        if (profile.maintainer) {
+            hdfSpecificData['maintainer'] = profile.maintainer;
+        }
+        if (profile.version) {
+            hdfSpecificData['version'] = profile.version;
+        }
+        const hdfDataExist = Object.keys(hdfSpecificData).length !== 0;
+        return hdfDataExist ? JSON.stringify({ hdfSpecificData }) : '';
+    }
+    controlsToVulns(profile, stigRef, metadata) {
+        var _a, _b, _c, _d, _e, _f, _g, _h;
+        const vulns = [];
+        for (const control of profile.controls) {
+            const defaultId = lodash_1.default.get(control, 'id', '');
+            const vuln = {
+                status: this.getStatus(control.results, control.impact),
+                vulnNum: (metadata === null || metadata === void 0 ? void 0 : metadata.vulidmapping) === 'gid'
+                    ? lodash_1.default.get(control.tags, 'gid', defaultId)
+                    : defaultId,
+                severity: this.severityMap(control.impact),
+                groupTitle: lodash_1.default.get(control.tags, 'gtitle', defaultId),
+                ruleId: lodash_1.default.get(control.tags, 'rid', defaultId),
+                ruleVer: lodash_1.default.get(control.tags, 'stig_id', defaultId),
+                ruleTitle: (_a = control.title) !== null && _a !== void 0 ? _a : '',
+                vulnDiscuss: (_b = control.desc) !== null && _b !== void 0 ? _b : '',
+                iaControls: lodash_1.default.get(control.tags, 'IA_Controls', ''),
+                checkContent: (_d = (_c = lodash_1.default.get(control.tags, 'check')) !== null && _c !== void 0 ? _c : (0, global_1.getDescription)(control.descriptions, 'check')) !== null && _d !== void 0 ? _d : '',
+                fixText: (_f = (_e = lodash_1.default.get(control.tags, 'fix')) !== null && _e !== void 0 ? _e : (0, global_1.getDescription)(control.descriptions, 'fix')) !== null && _f !== void 0 ? _f : '',
+                falsePositives: lodash_1.default.get(control.tags, 'False_Positives', ''),
+                falseNegatives: lodash_1.default.get(control.tags, 'False_Negatives', ''),
+                documentable: 'false',
+                mitigations: lodash_1.default.get(control.tags, 'Mitigations', ''),
+                potentialImpact: lodash_1.default.get(control.tags, 'Potential_Impact', ''),
+                thirdPartyTools: this.addHdfControlSpecificData(control),
+                mitigationControl: lodash_1.default.get(control.tags, 'Mitigation_Control', ''),
+                responsibility: lodash_1.default.get(control.tags, 'Responsibility', ''),
+                securityOverrideGuidance: lodash_1.default.get(control.tags, 'Security_Override_Guidance', ''),
+                checkContentRef: 'M',
+                weight: lodash_1.default.get(control.tags, 'weight', '10.0'),
+                class: 'Unclass',
+                stigRef,
+                targetKey: '',
+                stigUuid: '',
+                legacyId: lodash_1.default.get(control.tags, 'Legacy_ID'),
+                cciRef: (_g = lodash_1.default.get(control.tags, 'cci')) !== null && _g !== void 0 ? _g : this.matchNistToCcis(lodash_1.default.get(control.tags, 'nist')),
+                comments: this.getComments(control.descriptions),
+                findingdetails: (_h = this.getFindingDetails(control.results)) !== null && _h !== void 0 ? _h : '',
+                severityjustification: '',
+                severityoverride: checklistJsonix_1.Severityoverride.Empty
+            };
+            vulns.push(vuln);
+        }
+        return vulns;
+    }
+    getReleaseInfo(releasenumber, releasedate) {
+        if (releasenumber && releasedate) {
+            return `Release: ${releasenumber} Benchmark Date: ${releasedate}`;
+        }
+        else if (releasenumber) {
+            return `Release: ${releasenumber}`;
+        }
+        else if (releasedate) {
+            return `Benchmark Date: ${releasedate}`;
+        }
+        else {
+            return undefined;
+        }
+    }
+    hdfToIntermediateObject(hdf) {
+        var _a, _b;
+        const stigs = [];
+        const metadata = lodash_1.default.get(hdf, 'passthrough.metadata');
+        for (const profile of hdf.profiles) {
+            if ((_a = profile.depends) === null || _a === void 0 ? void 0 : _a.length) {
+                continue;
+            }
+            const profileMetadata = metadata === null || metadata === void 0 ? void 0 : metadata.profiles.find((p) => p.name === profile.name);
+            const version = (0, semver_1.coerce)(profile.version);
+            const header = {
+                version: lodash_1.default.get(profileMetadata, 'version', (_b = version === null || version === void 0 ? void 0 : version.major) !== null && _b !== void 0 ? _b : 0).toString(),
+                classification: 'UNCLASSIFIED',
+                customname: this.addHdfProfileSpecificData(profile),
+                stigid: profile.name,
+                description: (profile.summary || '') +
+                    (profile.summary && profile.description ? '\n' : '') +
+                    (profile.description || ''),
+                filename: '',
+                releaseinfo: this.getReleaseInfo((profileMetadata === null || profileMetadata === void 0 ? void 0 : profileMetadata.releasenumber) || (version === null || version === void 0 ? void 0 : version.minor) || 0, profileMetadata === null || profileMetadata === void 0 ? void 0 : profileMetadata.releasedate),
+                title: (profileMetadata === null || profileMetadata === void 0 ? void 0 : profileMetadata.title) || profile.title || profile.name,
+                uuid: '',
+                notice: profile.license || '',
+                source: 'STIG.DOD.MIL'
+            };
+            const stigRef = `${header.title} :: Version ${header.version}${header.releaseinfo ? ', ' + header.releaseinfo : ''}`;
+            const vulns = this.controlsToVulns(profile, stigRef, metadata);
+            stigs.push({ header, vulns });
+        }
+        const checklistObject = {
+            asset: {
+                assettype: lodash_1.default.get(hdf, 'passthrough.metadata.assettype', checklistJsonix_1.Assettype.Computing),
+                hostfqdn: lodash_1.default.get(hdf, 'passthrough.metadata.hostfqdn', ''),
+                hostip: lodash_1.default.get(hdf, 'passthrough.metadata.hostip', ''),
+                hostmac: lodash_1.default.get(hdf, 'passthrough.metadata.hostmac', ''),
+                hostname: lodash_1.default.get(hdf, 'passthrough.metadata.hostname', ''),
+                marking: lodash_1.default.get(hdf, 'passthrough.metadata.marking', 'CUI'),
+                role: lodash_1.default.get(hdf, 'passthrough.metadata.role', checklistJsonix_1.Role.None),
+                targetcomment: lodash_1.default.get(hdf, 'passthrough.metadata.targetcomment', ''),
+                targetkey: '',
+                techarea: lodash_1.default.get(hdf, 'passthrough.metadata.techarea', checklistJsonix_1.Techarea.Empty),
+                webdbinstance: lodash_1.default.get(hdf, 'passthrough.metadata.webdbinstance', ''),
+                webdbsite: lodash_1.default.get(hdf, 'passthrough.metadata.webdbsite', ''),
+                webordatabase: [true, 'true'].includes(lodash_1.default.get(hdf, 'passthrough.metadata.webordatabase', false))
+            },
+            stigs: stigs
+        };
+        return checklistObject;
+    }
 }
 exports.ChecklistJsonixConverter = ChecklistJsonixConverter;
 //# sourceMappingURL=checklist-jsonix-converter.js.map