@mitre/hdf-converters 2.12.2 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -24
- package/lib/data/converters/csv2json.d.ts +1 -0
- package/lib/data/converters/csv2json.d.ts.map +1 -0
- package/lib/data/converters/csv2json.js +1 -1
- package/lib/data/converters/csv2json.js.map +1 -1
- package/lib/data/converters/xml2json.d.ts +1 -0
- package/lib/data/converters/xml2json.d.ts.map +1 -0
- package/lib/data/converters/xml2json.js +6 -25
- package/lib/data/converters/xml2json.js.map +1 -1
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.d.ts +2 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.d.ts.map +1 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.js +13 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.js.map +1 -0
- package/lib/index.d.ts +6 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +23 -8
- package/lib/index.js.map +1 -1
- package/lib/package.json +28 -45
- package/lib/src/anchore-grype-mapper.d.ts +1 -0
- package/lib/src/anchore-grype-mapper.d.ts.map +1 -0
- package/lib/src/anchore-grype-mapper.js +7 -1
- package/lib/src/anchore-grype-mapper.js.map +1 -1
- package/lib/src/asff-mapper/asff-mapper.d.ts +1 -0
- package/lib/src/asff-mapper/asff-mapper.d.ts.map +1 -0
- package/lib/src/asff-mapper/asff-mapper.js +276 -242
- package/lib/src/asff-mapper/asff-mapper.js.map +1 -1
- package/lib/src/asff-mapper/case-cms-inspec.d.ts +1 -0
- package/lib/src/asff-mapper/case-cms-inspec.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-cms-inspec.js +18 -9
- package/lib/src/asff-mapper/case-cms-inspec.js.map +1 -1
- package/lib/src/asff-mapper/case-firewall-manager.d.ts +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.js +18 -9
- package/lib/src/asff-mapper/case-firewall-manager.js.map +1 -1
- package/lib/src/asff-mapper/case-guardduty.d.ts +1 -0
- package/lib/src/asff-mapper/case-guardduty.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-guardduty.js +18 -9
- package/lib/src/asff-mapper/case-guardduty.js.map +1 -1
- package/lib/src/asff-mapper/case-inspector.d.ts +1 -0
- package/lib/src/asff-mapper/case-inspector.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-inspector.js +18 -9
- package/lib/src/asff-mapper/case-inspector.js.map +1 -1
- package/lib/src/asff-mapper/case-previously-hdf.d.ts +1 -0
- package/lib/src/asff-mapper/case-previously-hdf.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-previously-hdf.js +28 -15
- package/lib/src/asff-mapper/case-previously-hdf.js.map +1 -1
- package/lib/src/asff-mapper/case-prowler.d.ts +1 -0
- package/lib/src/asff-mapper/case-prowler.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-prowler.js +19 -9
- package/lib/src/asff-mapper/case-prowler.js.map +1 -1
- package/lib/src/asff-mapper/case-security-hub.d.ts +1 -0
- package/lib/src/asff-mapper/case-security-hub.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-security-hub.js +24 -9
- package/lib/src/asff-mapper/case-security-hub.js.map +1 -1
- package/lib/src/asff-mapper/case-trivy.d.ts +1 -0
- package/lib/src/asff-mapper/case-trivy.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-trivy.js +18 -9
- package/lib/src/asff-mapper/case-trivy.js.map +1 -1
- package/lib/src/aws-config-mapper.d.ts +1 -0
- package/lib/src/aws-config-mapper.d.ts.map +1 -0
- package/lib/src/aws-config-mapper.js +38 -22
- package/lib/src/aws-config-mapper.js.map +1 -1
- package/lib/src/base-converter.d.ts +2 -1
- package/lib/src/base-converter.d.ts.map +1 -0
- package/lib/src/base-converter.js +51 -33
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/burpsuite-mapper.d.ts +7 -0
- package/lib/src/burpsuite-mapper.d.ts.map +1 -0
- package/lib/src/burpsuite-mapper.js +115 -88
- package/lib/src/burpsuite-mapper.js.map +1 -1
- package/lib/src/checkov-mapper.d.ts +67 -0
- package/lib/src/checkov-mapper.d.ts.map +1 -0
- package/lib/src/checkov-mapper.js +240 -0
- package/lib/src/checkov-mapper.js.map +1 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts +17 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.js +59 -25
- package/lib/src/ckl-mapper/checklist-jsonix-converter.js.map +1 -1
- package/lib/src/ckl-mapper/checklist-mapper.d.ts +35 -0
- package/lib/src/ckl-mapper/checklist-mapper.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-mapper.js +264 -155
- package/lib/src/ckl-mapper/checklist-mapper.js.map +1 -1
- package/lib/src/ckl-mapper/checklist-metadata-utils.d.ts +1 -0
- package/lib/src/ckl-mapper/checklist-metadata-utils.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-metadata-utils.js +38 -16
- package/lib/src/ckl-mapper/checklist-metadata-utils.js.map +1 -1
- package/lib/src/ckl-mapper/checklistJsonix.d.ts +6 -0
- package/lib/src/ckl-mapper/checklistJsonix.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklistJsonix.js +8 -8
- package/lib/src/ckl-mapper/checklistJsonix.js.map +1 -1
- package/lib/src/ckl-mapper/jsonixMapping.d.ts +5 -0
- package/lib/src/ckl-mapper/jsonixMapping.d.ts.map +1 -0
- package/lib/src/ckl-mapper/jsonixMapping.js +4 -0
- package/lib/src/ckl-mapper/jsonixMapping.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js +110 -84
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/transformers.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.js +82 -55
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -1
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.js +65 -38
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/html/embedded-assets.d.ts +4 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.js +8 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.js.map +1 -0
- package/lib/src/converters-from-hdf/html/html-types.d.ts +1 -0
- package/lib/src/converters-from-hdf/html/html-types.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/html-types.js +1 -0
- package/lib/src/converters-from-hdf/html/html-types.js.map +1 -1
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.d.ts +3 -2
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.js +151 -107
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts +1 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js +3 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js +29 -9
- package/lib/src/converters-from-hdf/reverse-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js +40 -16
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.js +33 -12
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.js.map +1 -1
- package/lib/src/conveyor-mapper.d.ts +1 -0
- package/lib/src/conveyor-mapper.d.ts.map +1 -0
- package/lib/src/conveyor-mapper.js +85 -40
- package/lib/src/conveyor-mapper.js.map +1 -1
- package/lib/src/cyclonedx-sbom-mapper.d.ts +1 -0
- package/lib/src/cyclonedx-sbom-mapper.d.ts.map +1 -0
- package/lib/src/cyclonedx-sbom-mapper.js +377 -309
- package/lib/src/cyclonedx-sbom-mapper.js.map +1 -1
- package/lib/src/dbprotect-mapper.d.ts +1 -0
- package/lib/src/dbprotect-mapper.d.ts.map +1 -0
- package/lib/src/dbprotect-mapper.js +74 -63
- package/lib/src/dbprotect-mapper.js.map +1 -1
- package/lib/src/dependency-track-mapper.d.ts +1 -0
- package/lib/src/dependency-track-mapper.d.ts.map +1 -0
- package/lib/src/dependency-track-mapper.js +144 -130
- package/lib/src/dependency-track-mapper.js.map +1 -1
- package/lib/src/fortify-mapper.d.ts +7 -0
- package/lib/src/fortify-mapper.d.ts.map +1 -0
- package/lib/src/fortify-mapper.js +118 -92
- package/lib/src/fortify-mapper.js.map +1 -1
- package/lib/src/gosec-mapper.d.ts +1 -0
- package/lib/src/gosec-mapper.d.ts.map +1 -0
- package/lib/src/gosec-mapper.js +90 -72
- package/lib/src/gosec-mapper.js.map +1 -1
- package/lib/src/ionchannel-mapper.d.ts +1 -0
- package/lib/src/ionchannel-mapper.d.ts.map +1 -0
- package/lib/src/ionchannel-mapper.js +130 -110
- package/lib/src/ionchannel-mapper.js.map +1 -1
- package/lib/src/jfrog-xray-mapper.d.ts +1 -0
- package/lib/src/jfrog-xray-mapper.d.ts.map +1 -0
- package/lib/src/jfrog-xray-mapper.js +92 -78
- package/lib/src/jfrog-xray-mapper.js.map +1 -1
- package/lib/src/jsonix-converter.d.ts +1 -0
- package/lib/src/jsonix-converter.d.ts.map +1 -0
- package/lib/src/jsonix-converter.js +1 -0
- package/lib/src/jsonix-converter.js.map +1 -1
- package/lib/src/jsonix-intermediate-converter.d.ts +1 -0
- package/lib/src/jsonix-intermediate-converter.d.ts.map +1 -0
- package/lib/src/jsonix-intermediate-converter.js.map +1 -1
- package/lib/src/mappings/AwsConfigMapping.d.ts +1 -0
- package/lib/src/mappings/AwsConfigMapping.d.ts.map +1 -0
- package/lib/src/mappings/AwsConfigMapping.js +19 -9
- package/lib/src/mappings/AwsConfigMapping.js.map +1 -1
- package/lib/src/mappings/AwsConfigMappingData.d.ts +1 -0
- package/lib/src/mappings/AwsConfigMappingData.d.ts.map +1 -0
- package/lib/src/mappings/AwsConfigMappingData.js.map +1 -1
- package/lib/src/mappings/CciNistMapping.d.ts +1 -0
- package/lib/src/mappings/CciNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMapping.js +6 -2
- package/lib/src/mappings/CciNistMapping.js.map +1 -1
- package/lib/src/mappings/CciNistMappingData.d.ts +1 -0
- package/lib/src/mappings/CciNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMappingData.js.map +1 -1
- package/lib/src/mappings/CciNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/CciNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMappingItem.js +2 -0
- package/lib/src/mappings/CciNistMappingItem.js.map +1 -1
- package/lib/src/mappings/CheckovToCciAndNistMappingData.d.ts +5 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.js +2695 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.js.map +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMapping.js +1 -0
- package/lib/src/mappings/CweNistMapping.js.map +1 -1
- package/lib/src/mappings/CweNistMappingData.d.ts +1 -0
- package/lib/src/mappings/CweNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMappingData.js.map +1 -1
- package/lib/src/mappings/CweNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/CweNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMappingItem.js +5 -0
- package/lib/src/mappings/CweNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +4 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NiktoNistMapping.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingData.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMappingData.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.js +4 -0
- package/lib/src/mappings/NiktoNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NistCciMappingData.d.ts +1 -0
- package/lib/src/mappings/NistCciMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NistCciMappingData.js.map +1 -1
- package/lib/src/mappings/OwaspNistMapping.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMapping.js +19 -8
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingData.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMappingData.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.js +5 -0
- package/lib/src/mappings/OwaspNistMappingItem.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js +2 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js.map +1 -1
- package/lib/src/msft-secure-score-mapper.d.ts +1 -0
- package/lib/src/msft-secure-score-mapper.d.ts.map +1 -0
- package/lib/src/msft-secure-score-mapper.js +202 -185
- package/lib/src/msft-secure-score-mapper.js.map +1 -1
- package/lib/src/nessus-mapper.d.ts +2 -1
- package/lib/src/nessus-mapper.d.ts.map +1 -0
- package/lib/src/nessus-mapper.js +122 -105
- package/lib/src/nessus-mapper.js.map +1 -1
- package/lib/src/netsparker-mapper.d.ts +7 -0
- package/lib/src/netsparker-mapper.d.ts.map +1 -0
- package/lib/src/netsparker-mapper.js +34 -9
- package/lib/src/netsparker-mapper.js.map +1 -1
- package/lib/src/neuvector-mapper.d.ts +1 -0
- package/lib/src/neuvector-mapper.d.ts.map +1 -0
- package/lib/src/neuvector-mapper.js +123 -124
- package/lib/src/neuvector-mapper.js.map +1 -1
- package/lib/src/nikto-mapper.d.ts +1 -0
- package/lib/src/nikto-mapper.d.ts.map +1 -0
- package/lib/src/nikto-mapper.js +85 -74
- package/lib/src/nikto-mapper.js.map +1 -1
- package/lib/src/prisma-mapper.d.ts +1 -0
- package/lib/src/prisma-mapper.d.ts.map +1 -0
- package/lib/src/prisma-mapper.js +138 -128
- package/lib/src/prisma-mapper.js.map +1 -1
- package/lib/src/sarif-mapper.d.ts +1 -0
- package/lib/src/sarif-mapper.d.ts.map +1 -0
- package/lib/src/sarif-mapper.js +116 -105
- package/lib/src/sarif-mapper.js.map +1 -1
- package/lib/src/scoutsuite-mapper.d.ts +1 -0
- package/lib/src/scoutsuite-mapper.d.ts.map +1 -0
- package/lib/src/scoutsuite-mapper.js +174 -163
- package/lib/src/scoutsuite-mapper.js.map +1 -1
- package/lib/src/snyk-mapper.d.ts +1 -0
- package/lib/src/snyk-mapper.d.ts.map +1 -0
- package/lib/src/snyk-mapper.js +112 -100
- package/lib/src/snyk-mapper.js.map +1 -1
- package/lib/src/sonarqube-mapper.d.ts +18 -5
- package/lib/src/sonarqube-mapper.d.ts.map +1 -0
- package/lib/src/sonarqube-mapper.js +526 -278
- package/lib/src/sonarqube-mapper.js.map +1 -1
- package/lib/src/splunk-mapper.d.ts +3 -2
- package/lib/src/splunk-mapper.d.ts.map +1 -0
- package/lib/src/splunk-mapper.js +72 -16
- package/lib/src/splunk-mapper.js.map +1 -1
- package/lib/src/trufflehog-mapper.d.ts +1 -0
- package/lib/src/trufflehog-mapper.d.ts.map +1 -0
- package/lib/src/trufflehog-mapper.js +72 -69
- package/lib/src/trufflehog-mapper.js.map +1 -1
- package/lib/src/twistlock-mapper.d.ts +1 -0
- package/lib/src/twistlock-mapper.d.ts.map +1 -0
- package/lib/src/twistlock-mapper.js +140 -126
- package/lib/src/twistlock-mapper.js.map +1 -1
- package/lib/src/utils/CCI_List.d.ts +1 -0
- package/lib/src/utils/CCI_List.d.ts.map +1 -0
- package/lib/src/utils/CCI_List.js.map +1 -1
- package/lib/src/utils/attestations.d.ts +1 -0
- package/lib/src/utils/attestations.d.ts.map +1 -0
- package/lib/src/utils/attestations.js +28 -13
- package/lib/src/utils/attestations.js.map +1 -1
- package/lib/src/utils/compliance.d.ts +1 -0
- package/lib/src/utils/compliance.d.ts.map +1 -0
- package/lib/src/utils/compliance.js +11 -3
- package/lib/src/utils/compliance.js.map +1 -1
- package/lib/src/utils/fingerprinting.d.ts +2 -0
- package/lib/src/utils/fingerprinting.d.ts.map +1 -0
- package/lib/src/utils/fingerprinting.js +28 -11
- package/lib/src/utils/fingerprinting.js.map +1 -1
- package/lib/src/utils/global.d.ts +3 -1
- package/lib/src/utils/global.d.ts.map +1 -0
- package/lib/src/utils/global.js +35 -17
- package/lib/src/utils/global.js.map +1 -1
- package/lib/src/utils/parseJson.d.ts +1 -0
- package/lib/src/utils/parseJson.d.ts.map +1 -0
- package/lib/src/utils/parseJson.js +7 -3
- package/lib/src/utils/parseJson.js.map +1 -1
- package/lib/src/utils/result.d.ts +1 -0
- package/lib/src/utils/result.d.ts.map +1 -0
- package/lib/src/utils/result.js.map +1 -1
- package/lib/src/utils/splunk-tools.d.ts +2 -1
- package/lib/src/utils/splunk-tools.d.ts.map +1 -0
- package/lib/src/utils/splunk-tools.js +52 -32
- package/lib/src/utils/splunk-tools.js.map +1 -1
- package/lib/src/veracode-mapper.d.ts +1 -0
- package/lib/src/veracode-mapper.d.ts.map +1 -0
- package/lib/src/veracode-mapper.js +50 -7
- package/lib/src/veracode-mapper.js.map +1 -1
- package/lib/src/xccdf-results-mapper.d.ts +7 -0
- package/lib/src/xccdf-results-mapper.d.ts.map +1 -0
- package/lib/src/xccdf-results-mapper.js +336 -301
- package/lib/src/xccdf-results-mapper.js.map +1 -1
- package/lib/src/zap-mapper.d.ts +8 -0
- package/lib/src/zap-mapper.d.ts.map +1 -0
- package/lib/src/zap-mapper.js +119 -90
- package/lib/src/zap-mapper.js.map +1 -1
- package/lib/tsconfig.build.tsbuildinfo +1 -0
- package/lib/types/neuvector-types.d.ts +1 -0
- package/lib/types/neuvector-types.d.ts.map +1 -0
- package/lib/types/neuvector-types.js +80 -0
- package/lib/types/neuvector-types.js.map +1 -1
- package/lib/types/splunk-config-types.d.ts +1 -0
- package/lib/types/splunk-config-types.d.ts.map +1 -0
- package/lib/types/splunk-config-types.js.map +1 -1
- package/lib/types/splunk-control-types.d.ts +1 -0
- package/lib/types/splunk-control-types.d.ts.map +1 -0
- package/lib/types/splunk-control-types.js.map +1 -1
- package/lib/types/splunk-profile-types.d.ts +1 -0
- package/lib/types/splunk-profile-types.d.ts.map +1 -0
- package/lib/types/splunk-profile-types.js.map +1 -1
- package/lib/types/splunk-report-types.d.ts +1 -0
- package/lib/types/splunk-report-types.d.ts.map +1 -0
- package/lib/types/splunk-report-types.js.map +1 -1
- package/package.json +29 -46
- package/lib/data/converters/csv2json.ts +0 -36
- package/lib/data/converters/xml2json.ts +0 -57
|
@@ -22,31 +22,36 @@ const IMPACT_MAPPING = new Map([
|
|
|
22
22
|
['none', 0.0],
|
|
23
23
|
['unknown', 0.5]
|
|
24
24
|
]);
|
|
25
|
+
// Convert object type to string[] and prepend `CWE` if used directly for tag display
|
|
25
26
|
function formatCWETags(input, addPrefix = true) {
|
|
26
27
|
return input && Array.isArray(input)
|
|
27
28
|
? input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`))
|
|
28
29
|
: [];
|
|
29
30
|
}
|
|
31
|
+
// Convert gathered CWEs to corresponding NIST 800-53s
|
|
30
32
|
function getNISTTags(input) {
|
|
31
33
|
return CWE_NIST_MAPPING.nistFilter(formatCWETags(input, false), DEFAULT_NIST_TAG);
|
|
32
34
|
}
|
|
35
|
+
// A single SBOM vulnerability can contain multiple security ratings
|
|
36
|
+
// Find the max of any existing ratings and then pass to `impact`
|
|
33
37
|
function maxImpact(ratings) {
|
|
34
38
|
return ratings
|
|
35
|
-
.map((rating) =>
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
.reduce((maxValue, newValue) => maxValue > newValue ? maxValue : newValue, 0);
|
|
39
|
+
.map((rating) => rating.score &&
|
|
40
|
+
rating.method &&
|
|
41
|
+
cvssMethods.includes(rating.method) // cast required since .includes expects the parameter to be a subtype
|
|
42
|
+
? // Prefer to use CVSS-based `score` field when possible
|
|
43
|
+
rating.score / 10
|
|
44
|
+
: // Else interpret it from `severity` field, defaulting to medium/0.5
|
|
45
|
+
(IMPACT_MAPPING.get(rating.severity?.toLowerCase() ?? '') ?? 0.5))
|
|
46
|
+
.reduce((maxValue, newValue) =>
|
|
47
|
+
// Find max of existing ratings
|
|
48
|
+
maxValue > newValue ? maxValue : newValue, 0);
|
|
46
49
|
}
|
|
50
|
+
// If the highest rating severity for a control is `info` or `unknown`, set the results to skipped and request a manual review
|
|
47
51
|
function skipSeverityInfoOrUnknown(controls) {
|
|
48
52
|
if (controls) {
|
|
49
53
|
controls
|
|
54
|
+
// Filter to controls whose highest rating severity is either `info` or `unknown`
|
|
50
55
|
.filter((control) => {
|
|
51
56
|
const ratings = lodash_1.default.get(control, 'tags.ratings', '').split(/ - |, /);
|
|
52
57
|
return ((ratings.includes('info') || ratings.includes('unknown')) &&
|
|
@@ -56,6 +61,7 @@ function skipSeverityInfoOrUnknown(controls) {
|
|
|
56
61
|
ratings.includes('low') ||
|
|
57
62
|
ratings.includes('none')));
|
|
58
63
|
})
|
|
64
|
+
// For every result contained by that control, set the status to skipped and request a manual review
|
|
59
65
|
.map((control) => control.results.map((result) => {
|
|
60
66
|
result.status = inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
61
67
|
result.skip_message =
|
|
@@ -65,6 +71,8 @@ function skipSeverityInfoOrUnknown(controls) {
|
|
|
65
71
|
return controls;
|
|
66
72
|
}
|
|
67
73
|
class CycloneDXSBOMResults {
|
|
74
|
+
data;
|
|
75
|
+
withRaw;
|
|
68
76
|
constructor(sbomJson, withRaw = false) {
|
|
69
77
|
this.data = {
|
|
70
78
|
components: [],
|
|
@@ -73,37 +81,78 @@ class CycloneDXSBOMResults {
|
|
|
73
81
|
};
|
|
74
82
|
this.withRaw = withRaw;
|
|
75
83
|
if (this.data.raw.components) {
|
|
84
|
+
// We know this is SBOM data
|
|
76
85
|
this.flattenComponents(this.data);
|
|
77
86
|
if (this.data.raw.vulnerabilities) {
|
|
87
|
+
// If this SBOM data has a vulnerabilities field, we can create an intermediary object
|
|
78
88
|
this.generateIntermediary(this.data);
|
|
79
89
|
}
|
|
80
90
|
}
|
|
81
91
|
else if (this.data.raw.vulnerabilities) {
|
|
92
|
+
// Back up in case we ingest VEX data instead
|
|
82
93
|
this.formatVEX(this.data);
|
|
83
94
|
}
|
|
84
95
|
else {
|
|
85
96
|
throw new Error('Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.');
|
|
86
97
|
}
|
|
87
98
|
}
|
|
99
|
+
// Flatten any arbitrarily nested components list
|
|
88
100
|
flattenComponents(data) {
|
|
101
|
+
// Pull components from raw data
|
|
89
102
|
data.components = lodash_1.default.cloneDeep(data.raw.components);
|
|
103
|
+
// Look through every component at the top level of the list
|
|
90
104
|
for (const component of data.components) {
|
|
105
|
+
// Identify if subcomponents exist
|
|
91
106
|
if (component.components) {
|
|
107
|
+
// If so, pull out the subcomponents and push them to end of top level component list for further flattening
|
|
92
108
|
data.components.push(...component.components);
|
|
93
109
|
delete component.components;
|
|
94
110
|
}
|
|
95
111
|
}
|
|
96
112
|
}
|
|
113
|
+
/*
|
|
114
|
+
Copy the indices of all components that are affected by a vulnerability and place them under that corresponding vulnerability
|
|
115
|
+
Also note in each component the IDs of the vulnerabilities that affect them
|
|
116
|
+
This allows for bidirectional traversal in SBOM view
|
|
117
|
+
|
|
118
|
+
Should result in the following general structure:
|
|
119
|
+
{
|
|
120
|
+
components: [
|
|
121
|
+
component: {
|
|
122
|
+
affectingVulnerabilities: [ // Added field
|
|
123
|
+
vulnID,
|
|
124
|
+
...
|
|
125
|
+
],
|
|
126
|
+
...
|
|
127
|
+
},
|
|
128
|
+
...
|
|
129
|
+
],
|
|
130
|
+
vulnerabilities: [
|
|
131
|
+
vulnerability: {
|
|
132
|
+
affectedComponents: [ // Added field
|
|
133
|
+
componentIndex,
|
|
134
|
+
...
|
|
135
|
+
],
|
|
136
|
+
...
|
|
137
|
+
},
|
|
138
|
+
...
|
|
139
|
+
],
|
|
140
|
+
...
|
|
141
|
+
}
|
|
142
|
+
*/
|
|
97
143
|
generateIntermediary(data) {
|
|
144
|
+
// Pull vulnerabilities from raw data
|
|
98
145
|
data.vulnerabilities = lodash_1.default.cloneDeep(data.raw.vulnerabilities);
|
|
99
146
|
for (const vulnerability of data.vulnerabilities) {
|
|
100
147
|
vulnerability.affectedComponents = [];
|
|
101
148
|
vulnerability.affectedComponents.push(...Array.from(data.components.entries())
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
149
|
+
// Find every component that is affected via listed bom-refs
|
|
150
|
+
.filter(([_index, component]) => vulnerability.affects
|
|
151
|
+
?.map((id) => id.ref.toString())
|
|
152
|
+
.includes(component['bom-ref']))
|
|
153
|
+
// Add the index of that affected component to the corresponding vulnerability object
|
|
106
154
|
.map(([index, _component]) => index));
|
|
155
|
+
// Also record the ID of the vulnerability in the component for use in bidirectional traversal
|
|
107
156
|
for (const index of vulnerability.affectedComponents) {
|
|
108
157
|
if (!data.components[index].affectingVulnerabilities) {
|
|
109
158
|
data.components[index].affectingVulnerabilities = [];
|
|
@@ -112,20 +161,25 @@ class CycloneDXSBOMResults {
|
|
|
112
161
|
}
|
|
113
162
|
}
|
|
114
163
|
}
|
|
164
|
+
// VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF
|
|
165
|
+
// Fix that by adding a temporary result that refers the vulnerability back to its associated BOM
|
|
115
166
|
formatVEX(data) {
|
|
116
|
-
|
|
167
|
+
// Pull vulnerabilities from raw data
|
|
117
168
|
data.vulnerabilities = [
|
|
118
169
|
...lodash_1.default.cloneDeep(data.raw.vulnerabilities)
|
|
119
170
|
];
|
|
120
171
|
for (const vulnerability of data.vulnerabilities) {
|
|
121
|
-
vulnerability.affectedComponents =
|
|
172
|
+
vulnerability.affectedComponents = vulnerability.affects?.map((id) => {
|
|
173
|
+
// Build a dummy component for each bom-ref identified as being affected by the vulnerability
|
|
122
174
|
const dummy = {
|
|
123
175
|
name: `${id.ref}`,
|
|
124
176
|
'bom-ref': `${id.ref}`,
|
|
125
177
|
isDummy: true,
|
|
126
|
-
type: 'application'
|
|
178
|
+
type: 'application' // a type must be provided, and "application" is the default classification
|
|
127
179
|
};
|
|
180
|
+
// Add that component to the corresponding vulnerability object
|
|
128
181
|
data.components.push(dummy);
|
|
182
|
+
// Return the index of that dummy object
|
|
129
183
|
return data.components.length - 1;
|
|
130
184
|
});
|
|
131
185
|
}
|
|
@@ -136,318 +190,332 @@ class CycloneDXSBOMResults {
|
|
|
136
190
|
}
|
|
137
191
|
exports.CycloneDXSBOMResults = CycloneDXSBOMResults;
|
|
138
192
|
class CycloneDXSBOMMapper extends base_converter_1.BaseConverter {
|
|
193
|
+
withRaw;
|
|
194
|
+
// Pull any keys from a given index for the stored components listing
|
|
139
195
|
getComponentValueAtIndex(index, keys) {
|
|
140
196
|
return lodash_1.default.pick(this.data.components[index], keys);
|
|
141
197
|
}
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
const group = input.group ? `${input.group}/` : '';
|
|
164
|
-
return `${group}${input.name} CycloneDX BOM Report`;
|
|
165
|
-
}
|
|
166
|
-
else {
|
|
167
|
-
return 'CycloneDX BOM Report';
|
|
168
|
-
}
|
|
198
|
+
mappings = {
|
|
199
|
+
platform: {
|
|
200
|
+
name: 'Heimdall Tools',
|
|
201
|
+
release: package_json_1.version
|
|
202
|
+
},
|
|
203
|
+
version: package_json_1.version,
|
|
204
|
+
statistics: {},
|
|
205
|
+
profiles: [
|
|
206
|
+
{
|
|
207
|
+
name: {
|
|
208
|
+
path: 'raw.metadata.component',
|
|
209
|
+
transformer: (input) => lodash_1.default.has(input, 'bom-ref')
|
|
210
|
+
? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}`
|
|
211
|
+
: 'CycloneDX BOM Report'
|
|
212
|
+
},
|
|
213
|
+
title: {
|
|
214
|
+
path: 'raw.metadata.component',
|
|
215
|
+
transformer: (input) => {
|
|
216
|
+
if (input.name) {
|
|
217
|
+
const group = input.group ? `${input.group}/` : '';
|
|
218
|
+
return `${group}${input.name} CycloneDX BOM Report`;
|
|
169
219
|
}
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
path: 'raw.metadata.component.version',
|
|
173
|
-
transformer: global_1.filterString
|
|
174
|
-
},
|
|
175
|
-
maintainer: {
|
|
176
|
-
path: 'raw.metadata.component',
|
|
177
|
-
transformer: (input) => {
|
|
178
|
-
const manufacturer = lodash_1.default.has(input, 'manufacturer')
|
|
179
|
-
? ` (${input.manufacturer.name})`
|
|
180
|
-
: '';
|
|
181
|
-
if (lodash_1.default.has(input, 'authors')) {
|
|
182
|
-
return input.authors
|
|
183
|
-
.map((author) => `${author.name}${manufacturer}`)
|
|
184
|
-
.join(', ');
|
|
185
|
-
}
|
|
186
|
-
else if (input.author) {
|
|
187
|
-
return `${input.author}${manufacturer}`;
|
|
188
|
-
}
|
|
189
|
-
else {
|
|
190
|
-
return undefined;
|
|
191
|
-
}
|
|
220
|
+
else {
|
|
221
|
+
return 'CycloneDX BOM Report';
|
|
192
222
|
}
|
|
193
|
-
}
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
return
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
? license.license.name
|
|
213
|
-
: (_b = license === null || license === void 0 ? void 0 : license.license) === null || _b === void 0 ? void 0 : _b.id;
|
|
214
|
-
}).filter((identifier) => identifier).join(', ');
|
|
223
|
+
}
|
|
224
|
+
},
|
|
225
|
+
version: {
|
|
226
|
+
path: 'raw.metadata.component.version',
|
|
227
|
+
transformer: global_1.filterString
|
|
228
|
+
},
|
|
229
|
+
maintainer: {
|
|
230
|
+
path: 'raw.metadata.component',
|
|
231
|
+
transformer: (input) => {
|
|
232
|
+
// Find organization of authors if possible
|
|
233
|
+
const manufacturer = lodash_1.default.has(input, 'manufacturer')
|
|
234
|
+
? ` (${input.manufacturer.name})`
|
|
235
|
+
: '';
|
|
236
|
+
// Check through every single possible field which may hold ownership over this component
|
|
237
|
+
if (lodash_1.default.has(input, 'authors')) {
|
|
238
|
+
// Join list of component authors
|
|
239
|
+
return input.authors
|
|
240
|
+
.map((author) => `${author.name}${manufacturer}`)
|
|
241
|
+
.join(', ');
|
|
215
242
|
}
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
.map((tool) => tool.name)
|
|
288
|
-
.filter((name) => name)
|
|
289
|
-
.join(', ');
|
|
290
|
-
}
|
|
291
|
-
return [
|
|
292
|
-
...((_b = (_a = input.components) === null || _a === void 0 ? void 0 : _a.map((component) => component.name)) !== null && _b !== void 0 ? _b : []),
|
|
293
|
-
...((_d = (_c = input.services) === null || _c === void 0 ? void 0 : _c.map((component) => component.name)) !== null && _d !== void 0 ? _d : [])
|
|
294
|
-
].join(', ');
|
|
295
|
-
}
|
|
296
|
-
},
|
|
297
|
-
'analysis.state': {
|
|
298
|
-
path: 'analysis.state',
|
|
299
|
-
transformer: global_1.filterString
|
|
300
|
-
},
|
|
301
|
-
'analysis.justification': {
|
|
302
|
-
path: 'analysis.justification',
|
|
303
|
-
transformer: global_1.filterString
|
|
304
|
-
},
|
|
305
|
-
'analysis.response': {
|
|
306
|
-
path: 'analysis.response',
|
|
307
|
-
transformer: (input) => input && input.length > 0 ? input.join(', ') : undefined
|
|
308
|
-
},
|
|
309
|
-
'analysis.detail': {
|
|
310
|
-
path: 'analysis.detail',
|
|
311
|
-
transformer: global_1.filterString
|
|
312
|
-
},
|
|
313
|
-
'analysis.firstIssued': {
|
|
314
|
-
path: 'analysis.firstIssued',
|
|
315
|
-
transformer: global_1.filterString
|
|
316
|
-
},
|
|
317
|
-
'analysis.lastUpdated': {
|
|
318
|
-
path: 'analysis.lastUpdated',
|
|
319
|
-
transformer: global_1.filterString
|
|
320
|
-
}
|
|
243
|
+
else if (input.author) {
|
|
244
|
+
// `author` is deprecated in v1.6 but may still appear
|
|
245
|
+
return `${input.author}${manufacturer}`;
|
|
246
|
+
}
|
|
247
|
+
else {
|
|
248
|
+
return undefined;
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
},
|
|
252
|
+
summary: {
|
|
253
|
+
path: 'raw.metadata.component.description',
|
|
254
|
+
transformer: global_1.filterString
|
|
255
|
+
},
|
|
256
|
+
copyright: {
|
|
257
|
+
path: 'raw.metadata.component.copyright',
|
|
258
|
+
transformer: global_1.filterString
|
|
259
|
+
},
|
|
260
|
+
license: {
|
|
261
|
+
path: 'raw.metadata.component',
|
|
262
|
+
transformer: (input) => {
|
|
263
|
+
if (!input.licenses) {
|
|
264
|
+
return undefined;
|
|
265
|
+
}
|
|
266
|
+
// Certain license reports only provide the license name in the `name` field
|
|
267
|
+
// Check there first and then default to `id`
|
|
268
|
+
return input.licenses
|
|
269
|
+
?.map((license) => license?.license?.name
|
|
270
|
+
? license.license.name
|
|
271
|
+
: license?.license?.id)
|
|
272
|
+
.filter((identifier) => identifier)
|
|
273
|
+
.join(', ');
|
|
274
|
+
}
|
|
275
|
+
},
|
|
276
|
+
supports: [],
|
|
277
|
+
attributes: [],
|
|
278
|
+
groups: [],
|
|
279
|
+
status: 'loaded',
|
|
280
|
+
controls: [
|
|
281
|
+
{
|
|
282
|
+
path: 'vulnerabilities',
|
|
283
|
+
key: 'id',
|
|
284
|
+
tags: {
|
|
285
|
+
nist: {
|
|
286
|
+
path: 'cwes',
|
|
287
|
+
transformer: getNISTTags
|
|
288
|
+
},
|
|
289
|
+
cci: {
|
|
290
|
+
path: 'cwes',
|
|
291
|
+
transformer: (input) => (0, global_1.getCCIsForNISTTags)(getNISTTags(input))
|
|
292
|
+
},
|
|
293
|
+
cwe: { path: 'cwes', transformer: formatCWETags },
|
|
294
|
+
'bom-ref': {
|
|
295
|
+
path: 'bom-ref',
|
|
296
|
+
transformer: global_1.filterString
|
|
297
|
+
},
|
|
298
|
+
ratings: {
|
|
299
|
+
path: 'ratings',
|
|
300
|
+
transformer: (input) => input
|
|
301
|
+
? [...input]
|
|
302
|
+
.map((rating) => {
|
|
303
|
+
const ratingSource = rating.source?.name
|
|
304
|
+
? `${rating.source?.name} - `
|
|
305
|
+
: 'Unidentified Source - ';
|
|
306
|
+
return `${ratingSource}${rating.severity}`;
|
|
307
|
+
})
|
|
308
|
+
.join(', ')
|
|
309
|
+
: undefined
|
|
310
|
+
},
|
|
311
|
+
created: {
|
|
312
|
+
path: 'created',
|
|
313
|
+
transformer: global_1.filterString
|
|
321
314
|
},
|
|
322
|
-
|
|
315
|
+
published: {
|
|
316
|
+
path: 'published',
|
|
317
|
+
transformer: global_1.filterString
|
|
318
|
+
},
|
|
319
|
+
updated: {
|
|
320
|
+
path: 'updated',
|
|
321
|
+
transformer: global_1.filterString
|
|
322
|
+
},
|
|
323
|
+
// Workflow items will not affect `impact`
|
|
324
|
+
rejected: {
|
|
325
|
+
path: 'rejected',
|
|
326
|
+
transformer: global_1.filterString
|
|
327
|
+
},
|
|
328
|
+
credits: {
|
|
329
|
+
path: 'credits',
|
|
330
|
+
transformer: (input) => input
|
|
331
|
+
? `${input.individuals
|
|
332
|
+
?.map((individual) => individual.name)
|
|
333
|
+
.filter((name) => name)
|
|
334
|
+
.join(', ')}`
|
|
335
|
+
: undefined
|
|
336
|
+
},
|
|
337
|
+
tools: {
|
|
338
|
+
path: 'tools',
|
|
323
339
|
transformer: (input) => {
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
340
|
+
if (!input) {
|
|
341
|
+
return undefined;
|
|
342
|
+
}
|
|
343
|
+
if (Array.isArray(input)) {
|
|
344
|
+
return input
|
|
345
|
+
.map((tool) => tool.name)
|
|
346
|
+
.filter((name) => name)
|
|
347
|
+
.join(', ');
|
|
348
|
+
}
|
|
330
349
|
return [
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
: undefined,
|
|
337
|
-
lodash_1.default.has(input, 'proofOfConcept')
|
|
338
|
-
? {
|
|
339
|
-
data: `Proof of concept: ${JSON.stringify(lodash_1.default.get(input, 'proofOfConcept'), null, 2)}`,
|
|
340
|
-
label: 'check'
|
|
341
|
-
}
|
|
342
|
-
: undefined
|
|
343
|
-
].filter((subdescription) => subdescription);
|
|
350
|
+
...(input.components?.map((component) => component.name) ??
|
|
351
|
+
[]),
|
|
352
|
+
...(input.services?.map((component) => component.name) ??
|
|
353
|
+
[])
|
|
354
|
+
].join(', ');
|
|
344
355
|
}
|
|
345
356
|
},
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
const ref = searchFor
|
|
351
|
-
.filter((key) => input.hasOwnProperty(key))
|
|
352
|
-
.map((key) => lodash_1.default.pick(input, key));
|
|
353
|
-
return { ref: ref };
|
|
354
|
-
}
|
|
355
|
-
}
|
|
356
|
-
],
|
|
357
|
-
source_location: {},
|
|
358
|
-
title: {
|
|
359
|
-
transformer: (input) => input.description ? `${input.description}` : `${input.id}`
|
|
357
|
+
// Workflow items will not affect `impact`
|
|
358
|
+
'analysis.state': {
|
|
359
|
+
path: 'analysis.state',
|
|
360
|
+
transformer: global_1.filterString
|
|
360
361
|
},
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
transformer:
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
return (0, global_1.filterString)(`${description}\n\n${detail}`.trim());
|
|
369
|
-
}
|
|
362
|
+
'analysis.justification': {
|
|
363
|
+
path: 'analysis.justification',
|
|
364
|
+
transformer: global_1.filterString
|
|
365
|
+
},
|
|
366
|
+
'analysis.response': {
|
|
367
|
+
path: 'analysis.response',
|
|
368
|
+
transformer: (input) => input && input.length > 0 ? input.join(', ') : undefined
|
|
370
369
|
},
|
|
371
|
-
|
|
372
|
-
|
|
370
|
+
'analysis.detail': {
|
|
371
|
+
path: 'analysis.detail',
|
|
372
|
+
transformer: global_1.filterString
|
|
373
373
|
},
|
|
374
|
-
|
|
375
|
-
|
|
374
|
+
'analysis.firstIssued': {
|
|
375
|
+
path: 'analysis.firstIssued',
|
|
376
|
+
transformer: global_1.filterString
|
|
376
377
|
},
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
378
|
+
'analysis.lastUpdated': {
|
|
379
|
+
path: 'analysis.lastUpdated',
|
|
380
|
+
transformer: global_1.filterString
|
|
381
|
+
}
|
|
382
|
+
},
|
|
383
|
+
descriptions: {
|
|
384
|
+
transformer: (input) => {
|
|
385
|
+
const recommendation = input.recommendation
|
|
386
|
+
? `Recommendation: ${input.recommendation}`
|
|
387
|
+
: '';
|
|
388
|
+
// Workaround not defined by types? Use lodash for now until proper type is implemented
|
|
389
|
+
const workaround = lodash_1.default.has(input, 'workaround')
|
|
390
|
+
? `Workaround: ${input.workaround}`
|
|
391
|
+
: '';
|
|
392
|
+
return [
|
|
393
|
+
recommendation || workaround
|
|
394
|
+
? {
|
|
395
|
+
data: `${recommendation}\n\n${workaround}`.trim(),
|
|
396
|
+
label: 'fix'
|
|
392
397
|
}
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
'mime-type',
|
|
399
|
-
'bom-ref',
|
|
400
|
-
'supplier',
|
|
401
|
-
'manufacturer',
|
|
402
|
-
'authors',
|
|
403
|
-
'author',
|
|
404
|
-
'publisher',
|
|
405
|
-
'group',
|
|
406
|
-
'name',
|
|
407
|
-
'version',
|
|
408
|
-
'description',
|
|
409
|
-
'licenses',
|
|
410
|
-
'copyright'
|
|
411
|
-
]);
|
|
412
|
-
const msg = Object.keys(selectComponentValues)
|
|
413
|
-
.map((key) => {
|
|
414
|
-
return Array.isArray(selectComponentValues[key])
|
|
415
|
-
? `\n\n- ${lodash_1.default.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`
|
|
416
|
-
: `\n\n- ${lodash_1.default.capitalize(key)}: ${selectComponentValues[key]}`;
|
|
417
|
-
})
|
|
418
|
-
.join('');
|
|
419
|
-
return `-Component Summary-${msg}`;
|
|
398
|
+
: undefined,
|
|
399
|
+
lodash_1.default.has(input, 'proofOfConcept')
|
|
400
|
+
? {
|
|
401
|
+
data: `Proof of concept: ${JSON.stringify(lodash_1.default.get(input, 'proofOfConcept'), null, 2)}`,
|
|
402
|
+
label: 'check'
|
|
420
403
|
}
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
],
|
|
427
|
-
sha256: ''
|
|
428
|
-
}
|
|
429
|
-
],
|
|
430
|
-
passthrough: {
|
|
431
|
-
transformer: (input) => {
|
|
432
|
-
const components = input.components.filter((component) => !component.isDummy);
|
|
433
|
-
return {
|
|
434
|
-
auxiliary_data: [
|
|
404
|
+
: undefined
|
|
405
|
+
].filter((subdescription) => subdescription);
|
|
406
|
+
}
|
|
407
|
+
},
|
|
408
|
+
refs: [
|
|
435
409
|
{
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
])
|
|
410
|
+
transformer: (input) => {
|
|
411
|
+
const searchFor = ['source', 'references', 'advisories'];
|
|
412
|
+
const ref = searchFor
|
|
413
|
+
.filter((key) => input.hasOwnProperty(key))
|
|
414
|
+
.map((key) => lodash_1.default.pick(input, key));
|
|
415
|
+
return { ref: ref };
|
|
416
|
+
}
|
|
444
417
|
}
|
|
445
418
|
],
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
419
|
+
source_location: {},
|
|
420
|
+
title: {
|
|
421
|
+
// Give description as title if possible
|
|
422
|
+
transformer: (input) => input.description ? `${input.description}` : `${input.id}`
|
|
423
|
+
},
|
|
424
|
+
id: { path: 'id' },
|
|
425
|
+
desc: {
|
|
426
|
+
transformer: (input) => {
|
|
427
|
+
const description = input.description
|
|
428
|
+
? `Description: ${input.description}`
|
|
429
|
+
: '';
|
|
430
|
+
const detail = input.detail ? `Detail: ${input.detail}` : '';
|
|
431
|
+
return (0, global_1.filterString)(`${description}\n\n${detail}`.trim());
|
|
432
|
+
}
|
|
433
|
+
},
|
|
434
|
+
impact: {
|
|
435
|
+
transformer: (input) => maxImpact(input.ratings ?? [])
|
|
436
|
+
},
|
|
437
|
+
code: {
|
|
438
|
+
transformer: (vulnerability) => JSON.stringify(lodash_1.default.omit(vulnerability, 'affectedComponents'), null, 2)
|
|
439
|
+
},
|
|
440
|
+
arrayTransformer: skipSeverityInfoOrUnknown,
|
|
441
|
+
results: [
|
|
442
|
+
{
|
|
443
|
+
path: 'affectedComponents',
|
|
444
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
445
|
+
code_desc: {
|
|
446
|
+
transformer: (index) => {
|
|
447
|
+
const selectComponentValues = this.getComponentValueAtIndex(index, ['group', 'version', 'name']);
|
|
448
|
+
const group = lodash_1.default.has(selectComponentValues, 'group')
|
|
449
|
+
? `${selectComponentValues.group}/`
|
|
450
|
+
: '';
|
|
451
|
+
const version = lodash_1.default.has(selectComponentValues, 'version')
|
|
452
|
+
? `@${selectComponentValues.version}`
|
|
453
|
+
: '';
|
|
454
|
+
return `Component ${group}${lodash_1.default.get(selectComponentValues, 'name')}${version} is vulnerable`;
|
|
455
|
+
}
|
|
456
|
+
},
|
|
457
|
+
message: {
|
|
458
|
+
transformer: (index) => {
|
|
459
|
+
// Selectively pick out fields to display; full components are listed in full component structure
|
|
460
|
+
const selectComponentValues = this.getComponentValueAtIndex(index, [
|
|
461
|
+
'type',
|
|
462
|
+
'mime-type',
|
|
463
|
+
'bom-ref',
|
|
464
|
+
'supplier',
|
|
465
|
+
'manufacturer',
|
|
466
|
+
'authors', // Replaces `author` in v1.6
|
|
467
|
+
'author', // Deprecated in v1.6
|
|
468
|
+
'publisher',
|
|
469
|
+
'group',
|
|
470
|
+
'name',
|
|
471
|
+
'version',
|
|
472
|
+
'description',
|
|
473
|
+
'licenses',
|
|
474
|
+
'copyright'
|
|
475
|
+
]);
|
|
476
|
+
const msg = Object.keys(selectComponentValues)
|
|
477
|
+
.map((key) => {
|
|
478
|
+
return Array.isArray(selectComponentValues[key])
|
|
479
|
+
? `\n\n- ${lodash_1.default.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`
|
|
480
|
+
: `\n\n- ${lodash_1.default.capitalize(key)}: ${selectComponentValues[key]}`;
|
|
481
|
+
})
|
|
482
|
+
.join('');
|
|
483
|
+
return `-Component Summary-${msg}`;
|
|
484
|
+
}
|
|
485
|
+
},
|
|
486
|
+
start_time: ''
|
|
487
|
+
}
|
|
488
|
+
]
|
|
489
|
+
}
|
|
490
|
+
],
|
|
491
|
+
sha256: ''
|
|
449
492
|
}
|
|
450
|
-
|
|
493
|
+
],
|
|
494
|
+
passthrough: {
|
|
495
|
+
transformer: (input) => {
|
|
496
|
+
// VEX files will generate dummy components for control results
|
|
497
|
+
// Filter them out for the proper components listing
|
|
498
|
+
const components = input.components.filter((component) => !component.isDummy);
|
|
499
|
+
return {
|
|
500
|
+
auxiliary_data: [
|
|
501
|
+
{
|
|
502
|
+
name: 'SBOM',
|
|
503
|
+
components: components.length ? components : undefined,
|
|
504
|
+
dependencies: lodash_1.default.get(input, 'raw.dependencies'),
|
|
505
|
+
data: lodash_1.default.omit(input.raw, [
|
|
506
|
+
'components',
|
|
507
|
+
'vulnerabilities',
|
|
508
|
+
'dependencies'
|
|
509
|
+
])
|
|
510
|
+
}
|
|
511
|
+
],
|
|
512
|
+
...(this.withRaw && { raw: input.raw })
|
|
513
|
+
};
|
|
514
|
+
}
|
|
515
|
+
}
|
|
516
|
+
};
|
|
517
|
+
constructor(exportJson, withRaw = false) {
|
|
518
|
+
super(exportJson, true);
|
|
451
519
|
this.withRaw = withRaw;
|
|
452
520
|
}
|
|
453
521
|
}
|