@mitre/hdf-converters 2.12.2 → 2.13.0

package/lib/src/checkov-mapper.js

@@ -0,0 +1,240 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CheckovMapper = void 0;
+const inspecjs_1 = require("inspecjs");
+const _ = __importStar(require("lodash"));
+const package_json_1 = require("../package.json");
+const base_converter_1 = require("./base-converter");
+const CheckovToCciAndNistMappingData_1 = require("./mappings/CheckovToCciAndNistMappingData");
+const global_1 = require("./utils/global");
+// https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/severities.py
+// severity scale (score → HDF impact):
+//   CRITICAL: 5 → 1.0
+//   HIGH/IMPORTANT: 4 → 0.8
+//   MEDIUM/MODERATE: 3 → 0.6
+//   LOW: 2 → 0.4
+//   INFO: 1 → 0.2
+//   NONE: -999 → 0.0
+//   OFF: 999 -> MEDIUM
+//   null (no API Key) → MEDIUM
+// Severity is only populated when passing in an API key via --bc-api-key, otherwise it is null
+// Default to medium - treat null/unknown risk as moderate until a formal risk assessment is performed.
+const MEDIUM_SEVERITY = 0.6;
+const IMPACT_MAPPING = new Map([
+    ['critical', 1],
+    ['high', 0.8],
+    ['important', 0.8],
+    ['medium', MEDIUM_SEVERITY],
+    ['moderate', 0.6],
+    ['low', 0.4],
+    ['info', 0.2],
+    ['none', 0]
+]);
+function impactMapping(severity) {
+    if (_.isString(severity)) {
+        return IMPACT_MAPPING.get(severity.toLowerCase()) ?? MEDIUM_SEVERITY;
+    }
+    // Checkov native JSON default severity is null (no API key) → default to medium
+    return MEDIUM_SEVERITY;
+}
+function statusMapper(result) {
+    if (result === 'PASSED') {
+        return inspecjs_1.ExecJSON.ControlResultStatus.Passed;
+    }
+    else if (result === 'FAILED') {
+        return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
+    }
+    return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
+}
+function formatCodeDesc(check) {
+    const resource = `Resource: ${check.resource}`;
+    const fileLocation = `File: ${check.file_path}:${check.file_line_range[0]}-${check.file_line_range[1]}`;
+    const codeBlockInner = check.code_block.map(([line, code]) => `${line}: ${code}`).join('').trim();
+    const codeBlock = `<pre>${codeBlockInner}</pre>`;
+    return `${resource}\n${fileLocation}\n${check.code_block.length === 0 ? '' : codeBlock}`;
+}
+function formatCode(check) {
+    const unmapped = _.omit(check, ['check_id', 'check_name', 'check_result', 'file_path', 'file_line_range', 'resource', 'code_block', 'check_class', 'file_abs_path', 'repo_file_path', 'severity', 'guideline', 'description', 'short_description', 'vulnerability_details', 'fixed_definition']);
+    return JSON.stringify(unmapped, null, 2);
+}
+class CheckovMapper extends base_converter_1.BaseConverter {
+    withRaw;
+    mappings = {
+        platform: {
+            name: 'Heimdall Tools',
+            release: package_json_1.version
+        },
+        version: package_json_1.version,
+        statistics: {},
+        profiles: [
+            {
+                name: 'Checkov',
+                version: { path: 'summary.checkov_version' },
+                title: {
+                    path: 'check_type',
+                    transformer: (checkType) => `Bridgecrew (by Prisma Cloud) Checkov ${checkType} Security Scan`
+                },
+                supports: [],
+                attributes: [],
+                groups: [],
+                status: 'loaded',
+                controls: [
+                    {
+                        path: 'results.passed_checks',
+                        ...this.controlMapping()
+                    },
+                    {
+                        path: 'results.failed_checks',
+                        ...this.controlMapping()
+                    },
+                    {
+                        path: 'results.skipped_checks',
+                        ...this.controlMapping()
+                    },
+                    ...(this.data.results.parsing_errors.length === 0 ? [] : [{
+                            id: 'Parsing Errors',
+                            impact: MEDIUM_SEVERITY,
+                            refs: [],
+                            results: [{
+                                    path: 'results.parsing_errors',
+                                    code_desc: { transformer: (parsingError) => parsingError },
+                                    start_time: '',
+                                    status: 'error'
+                                }],
+                            source_location: {},
+                            tags: {}
+                        }])
+                ],
+                sha256: ''
+            }
+        ],
+        passthrough: {
+            transformer: (data) => {
+                return {
+                    auxiliary_data: [
+                        {
+                            name: 'Checkov',
+                            data: {
+                                summary: data.summary,
+                                url: data.url
+                            }
+                        }
+                    ],
+                    ...(0, global_1.conditionallyProvideAttribute)('raw', data, this.withRaw)
+                };
+            }
+        }
+    };
+    controlMapping() {
+        return {
+            key: 'id',
+            tags: {
+                cci: {
+                    path: 'check_id',
+                    transformer: (checkId) => {
+                        const mapping = CheckovToCciAndNistMappingData_1.data[checkId];
+                        return mapping ? mapping.cci : global_1.DEFAULT_STATIC_CODE_ANALYSIS_CCI_TAGS;
+                    }
+                },
+                nist: {
+                    path: 'check_id',
+                    transformer: (checkId) => {
+                        const mapping = CheckovToCciAndNistMappingData_1.data[checkId];
+                        return mapping ? mapping.nist : global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
+                    }
+                },
+                severity: { path: 'severity' },
+                checkov_id: { path: 'check_id' },
+                check_class: { path: 'check_class' },
+                resource: { path: 'resource' },
+            },
+            refs: [
+                {
+                    path: 'guideline',
+                    transformer: (guideline) => {
+                        if (_.isString(guideline) && guideline.length > 0) {
+                            return { url: guideline };
+                        }
+                        return {};
+                    }
+                }
+            ],
+            title: {
+                transformer: (check) => {
+                    const shortDescription = check.short_description ? `: ${check.short_description}` : '';
+                    return `${check.check_name}${shortDescription}`;
+                }
+            },
+            desc: { path: 'description' },
+            id: { transformer: (check) => `${check.check_id}\n${check.resource}` },
+            impact: { path: 'severity', transformer: impactMapping },
+            code: { transformer: formatCode },
+            source_location: {},
+            results: [
+                {
+                    status: { path: 'check_result.result', transformer: statusMapper },
+                    code_desc: { transformer: formatCodeDesc },
+                    message: {
+                        transformer: (check) => {
+                            const parts = Object.entries(_.omit(check.check_result, ['result'])).map(([key, value]) => `${_.startCase(key)}: ${(value === null || value === undefined || typeof value !== 'object') ? String(value) : JSON.stringify(value, null, 2)}`);
+                            parts.push(`Repo File Path: ${check.repo_file_path}`, `File Abs Path: ${check.file_abs_path}`);
+                            if (check.fixed_definition) {
+                                const fix = _.isString(check.fixed_definition) ? check.fixed_definition : JSON.stringify(check.fixed_definition, null, 2);
+                                parts.push(`Fixed Definition: ${fix}`);
+                            }
+                            if (check.fixed_definition) {
+                                const fix = _.isString(check.fixed_definition) ? check.fixed_definition : JSON.stringify(check.fixed_definition, null, 2);
+                                parts.push(`Fixed Definition: ${fix}`);
+                            }
+                            if (check.vulnerability_details) {
+                                const vulnDetails = JSON.stringify(check.vulnerability_details, null, 2);
+                                parts.push(`Vulnerability Details: ${vulnDetails}`);
+                            }
+                            return parts.join('\n');
+                        }
+                    },
+                    start_time: ""
+                }
+            ]
+        };
+    }
+    constructor(checkovJson, withRaw = false) {
+        super(JSON.parse(checkovJson));
+        this.withRaw = withRaw;
+    }
+}
+exports.CheckovMapper = CheckovMapper;
+//# sourceMappingURL=checkov-mapper.js.map

package/lib/src/checkov-mapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkov-mapper.js","sourceRoot":"","sources":["../../src/checkov-mapper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAkC;AAClC,0CAA4B;AAC5B,kDAAgE;AAChE,qDAA6E;AAC7E,8FAA8E;AAC9E,2CAIwB;AAgExB,4FAA4F;AAC5F,uCAAuC;AACvC,sBAAsB;AACtB,4BAA4B;AAC5B,6BAA6B;AAC7B,iBAAiB;AACjB,kBAAkB;AAClB,qBAAqB;AACrB,uBAAuB;AACvB,+BAA+B;AAC/B,+FAA+F;AAC/F,uGAAuG;AACvG,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,CAAC,CAAC;IACf,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,WAAW,EAAE,GAAG,CAAC;IAClB,CAAC,QAAQ,EAAE,eAAe,CAAC;IAC3B,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,MAAM,EAAE,CAAC,CAAC;CACZ,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,QAAkC;IACvD,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,eAAe,CAAC;IACvE,CAAC;IACD,gFAAgF;IAChF,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,YAAY,CAAC,MAAoC;IACxD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;IAC7C,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;IAC7C,CAAC;IACD,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,KAAmB;IACzC,MAAM,QAAQ,GAAG,aAAa,KAAK,CAAC,QAAQ,EAAE,CAAC;IAC/C,MAAM,YAAY,GAAG,SAAS,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC;IACxG,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClG,MAAM,SAAS,GAAG,QAAQ,cAAc,QAAQ,CAAC;IACjD,OAAO,GAAG,QAAQ,KAAK,YAAY,KAAK,KAAK,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;AAC3F,CAAC;AAED,SAAS,UAAU,CAAC,KAAmB;IACrC,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEjS,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC3C,CAAC;AAGD,MAAa,aAAc,SAAQ,8BAA4B;IAC7D,OAAO,CAAU;IAEjB,QAAQ,GAGJ;QACF,QAAQ,EAAE;YACR,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,sBAAoB;SAC9B;QACD,OAAO,EAAE,sBAAoB;QAC7B,UAAU,EAAE,EAAE;QACd,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,EAAC,IAAI,EAAE,yBAAyB,EAAC;gBAC1C,KAAK,EAAE;oBACL,IAAI,EAAE,YAAY;oBAClB,WAAW,EAAE,CAAC,SAAS,EAAU,EAAE,CAAC,wCAAwC,SAAS,gBAAgB;iBACtG;gBACD,QAAQ,EAAE,EAAE;gBACZ,UAAU,EAAE,EAAE;gBACd,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,uBAAuB;wBAC7B,GAAG,IAAI,CAAC,cAAc,EAAE;qBACzB;oBACD;wBACE,IAAI,EAAE,uBAAuB;wBAC7B,GAAG,IAAI,CAAC,cAAc,EAAE;qBACzB;oBACD;wBACE,IAAI,EAAE,wBAAwB;wBAC9B,GAAG,IAAI,CAAC,cAAc,EAAE;qBACzB;oBACD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;4BACxD,EAAE,EAAE,gBAAgB;4BACpB,MAAM,EAAE,eAAe;4BACvB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE,CAAC;oCACR,IAAI,EAAE,wBAAwB;oCAC9B,SAAS,EAAE,EAAC,WAAW,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,EAAC;oCACxD,UAAU,EAAE,EAAE;oCACd,MAAM,EAAE,OAAO;iCAChB,CAAC;4BACF,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;yBACuD,CAAC,CAAC;iBACpE;gBACD,MAAM,EAAE,EAAE;aACX;SACF;QACD,WAAW,EAAE;YACX,WAAW,EAAE,CACX,IAAmB,EACM,EAAE;gBAC3B,OAAO;oBACL,cAAc,EAAE;wBACd;4BACE,IAAI,EAAE,SAAS;4BACf,IAAI,EAAE;gCACJ,OAAO,EAAE,IAAI,CAAC,OAAO;gCACrB,GAAG,EAAE,IAAI,CAAC,GAAG;6BACd;yBACF;qBACF;oBACD,GAAG,IAAA,sCAA6B,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC;iBAC5D,CAAC;YACJ,CAAC;SACF;KACF,CAAC;IAEJ,cAAc;QAIZ,OAAO;YACL,GAAG,EAAE,IAAI;YACT,IAAI,EAAE;gBACJ,GAAG,EAAE;oBACH,IAAI,EAAE,UAAU;oBAChB,WAAW,EAAE,CAAC,OAAiC,EAAY,EAAE;wBAC3D,MAAM,OAAO,GAAG,qCAAW,CAAC,OAAO,CAAC,CAAC;wBACrC,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,8CAAqC,CAAC;oBACvE,CAAC;iBACF;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,UAAU;oBAChB,WAAW,EAAE,CAAC,OAAiC,EAAY,EAAE;wBAC3D,MAAM,OAAO,GAAG,qCAAW,CAAC,OAAO,CAAC,CAAC;wBACrC,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,+CAAsC,CAAC;oBACzE,CAAC;iBACF;gBACD,QAAQ,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;gBAC5B,UAAU,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;gBAC9B,WAAW,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;gBAClC,QAAQ,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;aAC7B;YACD,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,WAAW;oBACjB,WAAW,EAAE,CAAC,SAAS,EAAE,EAAE;wBACzB,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAClD,OAAO,EAAC,GAAG,EAAE,SAAS,EAAC,CAAC;wBAC1B,CAAC;wBACD,OAAO,EAAE,CAAC;oBACZ,CAAC;iBACF;aACF;YACD,KAAK,EAAE;gBACL,WAAW,EAAE,CAAC,KAAmB,EAAU,EAAE;oBAC3C,MAAM,gBAAgB,GAAG,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvF,OAAO,GAAG,KAAK,CAAC,UAAU,GAAG,gBAAgB,EAAE,CAAC;gBAClD,CAAC;aACF;YACD,IAAI,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;YAC3B,EAAE,EAAE,EAAC,WAAW,EAAE,CAAC,KAAmB,EAAU,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,EAAE,EAAC;YAC1F,MAAM,EAAE,EAAC,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAC;YACtD,IAAI,EAAE,EAAC,WAAW,EAAE,UAAU,EAAC;YAC/B,eAAe,EAAE,EAAE;YACnB,OAAO,EAAE;gBACP;oBACE,MAAM,EAAE,EAAC,IAAI,EAAE,qBAAqB,EAAE,WAAW,EAAE,YAAY,EAAC;oBAChE,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oBACxC,OAAO,EAAE;wBACP,WAAW,EAAE,CAAC,KAAmB,EAAU,EAAE;4BAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;4BAC5O,KAAK,CAAC,IAAI,CACR,mBAAmB,KAAK,CAAC,cAAc,EAAE,EACzC,kBAAkB,KAAK,CAAC,aAAa,EAAE,CACxC,CAAC;4BACF,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;gCAC3B,MAAM,GAAG,GAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gCAClI,KAAK,CAAC,IAAI,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;4BACzC,CAAC;4BACD,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;gCAC3B,MAAM,GAAG,GAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gCAClI,KAAK,CAAC,IAAI,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;4BACzC,CAAC;4BACD,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC;gCAChC,MAAM,WAAW,GAAW,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gCACjF,KAAK,CAAC,IAAI,CAAC,0BAA0B,WAAW,EAAE,CAAC,CAAC;4BACtD,CAAC;4BACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAC1B,CAAC;qBACF;oBACD,UAAU,EAAE,EAAE;iBACf;aACF;SACF,CAAC;IACJ,CAAC;IAEC,YAAY,WAAmB,EAAE,OAAO,GAAG,KAAK;QAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAkB,CAAC,CAAC;QAChD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AA/JD,sCA+JC","sourcesContent":["import {ExecJSON} from 'inspecjs';\nimport * as _ from 'lodash';\nimport {version as HeimdallToolsVersion} from '../package.json';\nimport {BaseConverter, ILookupPath, MappedTransform} from './base-converter';\nimport {data as MappingData} from './mappings/CheckovToCciAndNistMappingData';\nimport {\n  conditionallyProvideAttribute,\n  DEFAULT_STATIC_CODE_ANALYSIS_CCI_TAGS,\n  DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS\n} from './utils/global';\n\ntype CheckovCheckResult = {\n  result: 'PASSED' | 'FAILED' | 'SKIPPED' | 'UNKNOWN';\n  evaluated_keys: string[];\n  [property: string]: unknown;\n};\n\ntype CheckovCheck = {\n  // Always present, never null\n  check_id: string;\n  check_name: string;\n  check_result: CheckovCheckResult;\n  file_path: string;\n  file_line_range: number[];\n  resource: string;\n  code_block: Array<[number, string]>;\n  check_class: string;\n  file_abs_path: string;\n  repo_file_path: string;\n  definition_context_file_path: string;\n  details: string[];\n  // Always present but can be null\n  severity: string | null;\n  guideline: string | null;\n  bc_check_id: string | null;\n  resource_address: string | null;\n  entity_tags: Record<string, string> | null;\n  caller_file_path: string | null;\n  caller_file_line_range: number[] | null;\n  description: string | null;\n  benchmarks: Record<string, unknown> | null;\n  bc_category: string | null;\n  short_description: string | null;\n  vulnerability_details: Record<string, unknown> | null;\n  check_len: number | null;\n  connected_node: Record<string, unknown> | null;\n  evaluations: Record<string, unknown> | null;\n  fixed_definition: string | null;\n  // Catch-all for remaining optional fields\n  [property: string]: unknown;\n};\n\ntype CheckovSummary = {\n  passed: number;\n  failed: number;\n  skipped: number;\n  parsing_errors: number;\n  resource_count: number;\n  checkov_version: string;\n};\n\ntype CheckovReport = {\n  check_type: string;\n  results: {\n    passed_checks: CheckovCheck[];\n    failed_checks: CheckovCheck[];\n    skipped_checks: CheckovCheck[];\n    parsing_errors: string[];\n  };\n  summary: CheckovSummary;\n  url: string;\n};\n\n// https://github.com/bridgecrewio/checkov/blob/main/checkov/common/bridgecrew/severities.py\n// severity scale (score → HDF impact):\n//   CRITICAL: 5 → 1.0\n//   HIGH/IMPORTANT: 4 → 0.8\n//   MEDIUM/MODERATE: 3 → 0.6\n//   LOW: 2 → 0.4\n//   INFO: 1 → 0.2\n//   NONE: -999 → 0.0\n//   OFF: 999 -> MEDIUM\n//   null (no API Key) → MEDIUM\n// Severity is only populated when passing in an API key via --bc-api-key, otherwise it is null\n// Default to medium - treat null/unknown risk as moderate until a formal risk assessment is performed.\nconst MEDIUM_SEVERITY = 0.6;\nconst IMPACT_MAPPING: Map<string, number> = new Map([\n  ['critical', 1],\n  ['high', 0.8],\n  ['important', 0.8],\n  ['medium', MEDIUM_SEVERITY],\n  ['moderate', 0.6],\n  ['low', 0.4],\n  ['info', 0.2],\n  ['none', 0]\n]);\n\nfunction impactMapping(severity: CheckovCheck['severity']): number {\n  if (_.isString(severity)) {\n    return IMPACT_MAPPING.get(severity.toLowerCase()) ?? MEDIUM_SEVERITY;\n  }\n  // Checkov native JSON default severity is null (no API key) → default to medium\n  return MEDIUM_SEVERITY;\n}\n\nfunction statusMapper(result: CheckovCheckResult['result']): ExecJSON.ControlResultStatus {\n  if (result === 'PASSED') {\n    return ExecJSON.ControlResultStatus.Passed;\n  } else if (result === 'FAILED') {\n    return ExecJSON.ControlResultStatus.Failed;\n  }\n  return ExecJSON.ControlResultStatus.Skipped;\n}\n\nfunction formatCodeDesc(check: CheckovCheck): string {\n  const resource = `Resource: ${check.resource}`;\n  const fileLocation = `File: ${check.file_path}:${check.file_line_range[0]}-${check.file_line_range[1]}`;\n  const codeBlockInner = check.code_block.map(([line, code]) => `${line}: ${code}`).join('').trim();\n  const codeBlock = `<pre>${codeBlockInner}</pre>`;\n  return `${resource}\\n${fileLocation}\\n${check.code_block.length === 0 ? '' : codeBlock}`;\n}\n\nfunction formatCode(check: CheckovCheck): string {\n  const unmapped = _.omit(check, ['check_id', 'check_name', 'check_result', 'file_path', 'file_line_range', 'resource', 'code_block', 'check_class', 'file_abs_path', 'repo_file_path', 'severity', 'guideline', 'description', 'short_description', 'vulnerability_details', 'fixed_definition']);\n\n  return JSON.stringify(unmapped, null, 2);\n}\n\n\nexport class CheckovMapper extends BaseConverter<CheckovReport> {\n  withRaw: boolean;\n\n  mappings: MappedTransform<\n    ExecJSON.Execution & {passthrough: unknown},\n    ILookupPath\n  > = {\n    platform: {\n      name: 'Heimdall Tools',\n      release: HeimdallToolsVersion\n    },\n    version: HeimdallToolsVersion,\n    statistics: {},\n    profiles: [\n      {\n        name: 'Checkov',\n        version: {path: 'summary.checkov_version'},\n        title: {\n          path: 'check_type',\n          transformer: (checkType): string => `Bridgecrew (by Prisma Cloud) Checkov ${checkType} Security Scan`\n        },\n        supports: [],\n        attributes: [],\n        groups: [],\n        status: 'loaded',\n        controls: [\n          {\n            path: 'results.passed_checks',\n            ...this.controlMapping()\n          },\n          {\n            path: 'results.failed_checks',\n            ...this.controlMapping()\n          },\n          {\n            path: 'results.skipped_checks',\n            ...this.controlMapping()\n          },\n          ...(this.data.results.parsing_errors.length === 0 ? [] : [{\n            id: 'Parsing Errors',\n            impact: MEDIUM_SEVERITY,\n            refs: [],\n            results: [{\n              path: 'results.parsing_errors',\n              code_desc: {transformer: (parsingError) => parsingError},\n              start_time: '',\n              status: 'error'\n            }],\n            source_location: {},\n            tags: {}\n          } as MappedTransform<ExecJSON.Control & ILookupPath, ILookupPath>])\n        ],\n        sha256: ''\n      }\n    ],\n    passthrough: {\n      transformer: (\n        data: CheckovReport\n      ): Record<string, unknown> => {\n        return {\n          auxiliary_data: [\n            {\n              name: 'Checkov',\n              data: {\n                summary: data.summary,\n                url: data.url\n              }\n            }\n          ],\n          ...conditionallyProvideAttribute('raw', data, this.withRaw)\n        };\n      }\n    }\n  };\n\ncontrolMapping(): MappedTransform<\n  ExecJSON.Control & ILookupPath,\n  ILookupPath\n> {\n  return {\n    key: 'id',\n    tags: {\n      cci: {\n        path: 'check_id',\n        transformer: (checkId: CheckovCheck['check_id']): string[] => {\n          const mapping = MappingData[checkId];\n          return mapping ? mapping.cci : DEFAULT_STATIC_CODE_ANALYSIS_CCI_TAGS;\n        }\n      },\n      nist: {\n        path: 'check_id',\n        transformer: (checkId: CheckovCheck['check_id']): string[] => {\n          const mapping = MappingData[checkId];\n          return mapping ? mapping.nist : DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;\n        }\n      },\n      severity: {path: 'severity'},\n      checkov_id: {path: 'check_id'},\n      check_class: {path: 'check_class'},\n      resource: {path: 'resource'},\n    },\n    refs: [\n      {\n        path: 'guideline',\n        transformer: (guideline) => {\n          if (_.isString(guideline) && guideline.length > 0) {\n            return {url: guideline};\n          }\n          return {};\n        }\n      }\n    ],\n    title: {\n      transformer: (check: CheckovCheck): string => {\n        const shortDescription = check.short_description ? `: ${check.short_description}` : '';\n        return `${check.check_name}${shortDescription}`;\n      }\n    },\n    desc: {path: 'description'},\n    id: {transformer: (check: CheckovCheck): string => `${check.check_id}\\n${check.resource}`},\n    impact: {path: 'severity', transformer: impactMapping},\n    code: {transformer: formatCode},\n    source_location: {},\n    results: [\n      {\n        status: {path: 'check_result.result', transformer: statusMapper},\n        code_desc: {transformer: formatCodeDesc},\n        message: {\n          transformer: (check: CheckovCheck): string => {\n            const parts = Object.entries(_.omit(check.check_result, ['result'])).map(([key, value]) => `${_.startCase(key)}: ${(value === null || value === undefined || typeof value !== 'object') ? String(value) : JSON.stringify(value, null, 2)}`);\n            parts.push(\n              `Repo File Path: ${check.repo_file_path}`,\n              `File Abs Path: ${check.file_abs_path}`\n            );\n            if (check.fixed_definition) {\n              const fix: string = _.isString(check.fixed_definition) ? check.fixed_definition : JSON.stringify(check.fixed_definition, null, 2);\n              parts.push(`Fixed Definition: ${fix}`);\n            }\n            if (check.fixed_definition) {\n              const fix: string = _.isString(check.fixed_definition) ? check.fixed_definition : JSON.stringify(check.fixed_definition, null, 2);\n              parts.push(`Fixed Definition: ${fix}`);\n            }\n            if (check.vulnerability_details) {\n              const vulnDetails: string = JSON.stringify(check.vulnerability_details, null, 2);\n              parts.push(`Vulnerability Details: ${vulnDetails}`);\n            }\n            return parts.join('\\n');\n          }\n        },\n        start_time: \"\"\n      }\n    ]\n  };\n}\n\n  constructor(checkovJson: string, withRaw = false) {\n    super(JSON.parse(checkovJson) as CheckovReport);\n    this.withRaw = withRaw;\n  }\n}\n"]}

package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts

@@ -92,8 +92,16 @@ export type StigMetadata = {
 };
 export declare const EmptyChecklistObject: ChecklistObject;
 export declare function updateChecklistWithMetadata(file: ExecJSON.Execution): ChecklistObject;
+/**
+ * Checklist jsonix converter
+ */
 export declare class ChecklistJsonixConverter extends JsonixIntermediateConverter<Checklist, ChecklistObject> {
     getValueFromAttributeName<T extends Stigdata | Sidata>(data: T[], tag: string): string;
+    /**
+     * Creates checklist object for mapping to HDF
+     * @param jsonixData - ChecklistJSONIX object
+     * @returns - newChecklistObject
+     */
     toIntermediateObject(jsonixData: Checklist): ChecklistObject;
     expandHeader(header: StigHeader): Sidata[];
     expandVulns(checklistVuln: ChecklistVuln): StigdatumElement[];
@@ -109,6 +117,15 @@ export declare class ChecklistJsonixConverter extends JsonixIntermediateConverte
     addHdfProfileSpecificData(profile: ExecJSON.Profile): string;
     controlsToVulns(profile: ExecJSON.Profile, stigRef: string, metadata?: ChecklistMetadata): ChecklistVuln[];
     getReleaseInfo(releasenumber: number | undefined, releasedate: string | undefined): string | undefined;
+    /**
+     * Converts an HDF (Heimdall Data Format) execution object to a ChecklistObject.
+     * This function assumes the HDF does not have a 'passthrough.checklist' object,
+     * and therefore would also not have checklist-specific control.tags
+     *
+     * @param hdf - The HDF execution object to convert.
+     * @returns {ChecklistObject} The converted ChecklistObject.
+     */
     hdfToIntermediateObject(hdf: ExecJSON.Execution): ChecklistObject;
 }
 export {};
+//# sourceMappingURL=checklist-jsonix-converter.d.ts.map

package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checklist-jsonix-converter.d.ts","sourceRoot":"","sources":["../../../src/ckl-mapper/checklist-jsonix-converter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,QAAQ,EAAC,MAAM,UAAU,CAAC;AAElC,OAAO,EAAC,2BAA2B,EAAC,MAAM,kCAAkC,CAAC;AAG7E,OAAO,EACL,KAAK,EACL,SAAS,EACT,SAAS,EAIT,IAAI,EAEJ,MAAM,EAGN,QAAQ,EACR,gBAAgB,EAChB,QAAQ,EACR,IAAI,EAEL,MAAM,mBAAmB,CAAC;AAI3B,MAAM,MAAM,eAAe,GAAG;IAC5B,KAAK,EAAE,cAAc,CAAC;IACtB,KAAK,EAAE,aAAa,EAAE,CAAC;IACvB,UAAU,CAAC,EAAE,SAAS,CAAC;CACxB,CAAC;AAEF,KAAK,cAAc,GAAG,KAAK,CAAC;AAE5B,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,UAAU,CAAC;IACnB,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB,CAAC;AAEF,KAAK,UAAU,GAAG;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EACV,cAAc,GACd,qCAAqC,GACrC,KAAK,CAAC;IACV,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAGF,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,QAAQ,CAAC,GAAG;IAC9D,MAAM,EAAE,aAAa,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,wBAAwB,EAAE,MAAM,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,SAAS,GAAG,MAAM,GAAG,KAAK,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,aAAK,aAAa;IAChB,WAAW,WAAW;IACtB,IAAI,WAAW;IACf,cAAc,mBAAmB;IACjC,YAAY,iBAAiB;CAC9B;AAUD,oBAAY,QAAQ;IAClB,KAAK,KAAK;IACV,IAAI,SAAS;IACb,GAAG,QAAQ;IACX,MAAM,WAAW;CAClB;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,IAAI,GAAG,KAAK,CAAC;IAC3B,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;CACvB,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,eAiElC,CAAC;AAEF,wBAAgB,2BAA2B,CACzC,IAAI,EAAE,QAAQ,CAAC,SAAS,GACvB,eAAe,CAsCjB;AAED;;GAEG;AACH,qBAAa,wBAAyB,SAAQ,2BAA2B,CACvE,SAAS,EACT,eAAe,CAChB;IACC,yBAAyB,CAAC,CAAC,SAAS,QAAQ,GAAG,MAAM,EACnD,IAAI,EAAE,CAAC,EAAE,EACT,GAAG,EAAE,MAAM,GACV,MAAM;IAaT;;;;OAIG;IACH,oBAAoB,CAAC,UAAU,EAAE,SAAS,GAAG,eAAe;IA0M5D,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE;IAe1C,WAAW,CAAC,aAAa,EAAE,aAAa,GAAG,gBAAgB,EAAE;IAiC7D,WAAW,CAAC,cAAc,EAAE,aAAa,EAAE,GAAG,IAAI,EAAE;IAmBpD,sBAAsB,CAAC,eAAe,EAAE,eAAe,GAAG,SAAS;IA6BnE,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,aAAa;IAe3E,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,GAAG,QAAQ;IA2BjE,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,aAAa,EAAE,GAAG,MAAM;IAkB5D,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IAQ7C,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,kBAAkB,EAAE,GAAG,MAAM;IAqBhE,yBAAyB,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,GAAG,MAAM;IAiD5D,aAAa,CACX,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,GACjC,MAAM,GAAG,SAAS;IAOrB,yBAAyB,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,GAAG,MAAM;IAsB5D,eAAe,CACb,OAAO,EAAE,QAAQ,CAAC,OAAO,EACzB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,iBAAiB,GAC3B,aAAa,EAAE;IA6ElB,cAAc,CACZ,aAAa,EAAE,MAAM,GAAG,SAAS,EACjC,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,MAAM,GAAG,SAAS;IAYrB;;;;;;;OAOG;IACH,uBAAuB,CAAC,GAAG,EAAE,QAAQ,CAAC,SAAS,GAAG,eAAe;CA8ElE"}

package/lib/src/ckl-mapper/checklist-jsonix-converter.js

@@ -3,7 +3,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ChecklistJsonixConverter = exports.updateChecklistWithMetadata = exports.EmptyChecklistObject = exports.Severity = void 0;
+exports.ChecklistJsonixConverter = exports.EmptyChecklistObject = exports.Severity = void 0;
+exports.updateChecklistWithMetadata = updateChecklistWithMetadata;
 const inspecjs_1 = require("inspecjs");
 const lodash_1 = __importDefault(require("lodash"));
 const jsonix_intermediate_converter_1 = require("../jsonix-intermediate-converter");
@@ -12,6 +13,7 @@ const global_1 = require("../utils/global");
 const checklistJsonix_1 = require("./checklistJsonix");
 const semver_1 = require("semver");
 const checklist_metadata_utils_1 = require("./checklist-metadata-utils");
+// Status mapping for going to and from checklist
 var StatusMapping;
 (function (StatusMapping) {
     StatusMapping["NotAFinding"] = "Passed";
@@ -32,7 +34,7 @@ var Severity;
     Severity["High"] = "high";
     Severity["Low"] = "low";
     Severity["Medium"] = "medium";
-})(Severity = exports.Severity || (exports.Severity = {}));
+})(Severity || (exports.Severity = Severity = {}));
 exports.EmptyChecklistObject = {
     asset: {
         assettype: checklistJsonix_1.Assettype.Computing,
@@ -128,7 +130,9 @@ function updateChecklistWithMetadata(file) {
     }
     return checklist;
 }
-exports.updateChecklistWithMetadata = updateChecklistWithMetadata;
+/**
+ * Checklist jsonix converter
+ */
 class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixIntermediateConverter {
     getValueFromAttributeName(data, tag) {
         let keyName = 'vulnattribute';
@@ -142,6 +146,11 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
         });
         return results.map((result) => lodash_1.default.get(result, dataName)).join('; ');
     }
+    /**
+     * Creates checklist object for mapping to HDF
+     * @param jsonixData - ChecklistJSONIX object
+     * @returns - newChecklistObject
+     */
     toIntermediateObject(jsonixData) {
         const asset = {
             role: lodash_1.default.get(jsonixData, 'value.asset.role'),
@@ -243,14 +252,13 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
         return sidata;
     }
     expandVulns(checklistVuln) {
-        var _a;
         const separateElementNames = ['CciRef', 'IAControls', 'LegacyID'];
         const stigdata = [];
         for (const [attributeName, data] of Object.entries(checklistVuln)) {
             const keyFoundInVulnattribute = Object.keys(checklistJsonix_1.Vulnattribute).find((key) => key.toLowerCase() === attributeName.toLowerCase());
             if (keyFoundInVulnattribute) {
                 if (separateElementNames.includes(keyFoundInVulnattribute)) {
-                    const dataStrings = (_a = data === null || data === void 0 ? void 0 : data.toString().split(/[,|;]/)) !== null && _a !== void 0 ? _a : [];
+                    const dataStrings = data?.toString().split(/[,|;]/) ?? [];
                     for (const dataString of dataStrings) {
                         stigdata.push({
                             vulnattribute: checklistJsonix_1.Vulnattribute[keyFoundInVulnattribute],
@@ -329,16 +337,22 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
         }
     }
     severityMap(impact, severityTag) {
-        switch (severityTag === null || severityTag === void 0 ? void 0 : severityTag.toLowerCase()) {
+        // test if this control has a valid severity tag
+        // and map it to a checklist severity level
+        // note: some mappers can produce non-lowercase severity tags
+        switch (severityTag?.toLowerCase()) {
             case 'none':
+            // if none, it will be added to Checklist's thirdPartyTools section
             case 'low':
                 return Severity.Low;
             case 'medium':
                 return Severity.Medium;
             case 'high':
             case 'critical':
+                // if critical, it will be added to Checklist's thirdPartyTools section
                 return Severity.High;
         }
+        // if no valid severity tag, compute severity based on impact
         if (impact < 0.4) {
             return Severity.Low;
         }
@@ -397,15 +411,20 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
         return results;
     }
     addHdfControlSpecificData(control) {
-        var _a;
         const hdfSpecificData = {};
         const impact = control.impact;
         const severityTag = lodash_1.default.get(control.tags, 'severity', null);
         const severityOverrideTag = lodash_1.default.get(control.tags, 'severityoverride', null);
+        // if severity or severity override don't fit into low, medium, high
+        // denote them in the control specific data
         if (severityTag === 'none' || severityTag === 'critical')
             hdfSpecificData['severity'] = severityTag;
         if (severityOverrideTag === 'none' || severityOverrideTag === 'critical')
             hdfSpecificData['severityoverride'] = severityOverrideTag;
+        // if impact does not align with what would be computed from the checklist
+        // store it in the hdfSpecificData
+        // also, if it needs to be represented with none or critical, it has
+        // to be stored in the hdfSpecificData
         const computedImpact = this.computeImpact(severityTag, severityOverrideTag);
         if (((computedImpact !== undefined && computedImpact !== impact) ||
             impact < 0.1 ||
@@ -413,13 +432,16 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
             impact !== 0.0) {
             hdfSpecificData['impact'] = control.impact;
         }
+        // if there is no severity tag, severity is aligned to impact
+        // this must be represented in hdfSpecificData when impact needs to
+        // map to severity none or critical
         if (severityTag === null) {
             if (impact < 0.1)
                 hdfSpecificData['severity'] = 'none';
             else if (impact >= 0.9)
                 hdfSpecificData['severity'] = 'critical';
         }
-        if ((_a = control.code) === null || _a === void 0 ? void 0 : _a.startsWith('control')) {
+        if (control.code?.startsWith('control')) {
             hdfSpecificData['code'] = control.code;
         }
         const hdfDataExist = Object.keys(hdfSpecificData).length !== 0;
@@ -427,12 +449,12 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
             ? JSON.stringify({ hdfSpecificData: hdfSpecificData }, null, 2)
             : '';
     }
+    // computes what the impact would be based on the given tags
     computeImpact(severityTag, severityOverrideTag) {
-        var _a;
         let computedSeverity = severityTag;
         if (severityOverrideTag)
             computedSeverity = severityOverrideTag;
-        computedSeverity = (_a = computedSeverity === null || computedSeverity === void 0 ? void 0 : computedSeverity.toLowerCase()) !== null && _a !== void 0 ? _a : null;
+        computedSeverity = computedSeverity?.toLowerCase() ?? null;
         if (computedSeverity)
             return IMPACT_MAPPING.get(computedSeverity);
     }
@@ -457,24 +479,27 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
         return hdfDataExist ? JSON.stringify({ hdfSpecificData }) : '';
     }
     controlsToVulns(profile, stigRef, metadata) {
-        var _a, _b, _c, _d, _e, _f, _g, _h;
         const vulns = [];
         for (const control of profile.controls) {
             const defaultId = lodash_1.default.get(control, 'id', '');
             const vuln = {
                 status: this.getStatus(control.results, control.impact),
-                vulnNum: (metadata === null || metadata === void 0 ? void 0 : metadata.vulidmapping) === 'gid'
+                vulnNum: metadata?.vulidmapping === 'gid'
                     ? lodash_1.default.get(control.tags, 'gid', defaultId)
                     : defaultId,
                 severity: this.severityMap(control.impact, lodash_1.default.get(control.tags, 'severity', Severity.Empty)),
                 groupTitle: lodash_1.default.get(control.tags, 'gtitle', defaultId),
                 ruleId: lodash_1.default.get(control.tags, 'rid', defaultId),
                 ruleVer: lodash_1.default.get(control.tags, 'stig_id', defaultId),
-                ruleTitle: (_a = control.title) !== null && _a !== void 0 ? _a : '',
-                vulnDiscuss: (_b = control.desc) !== null && _b !== void 0 ? _b : '',
+                ruleTitle: control.title ?? '',
+                vulnDiscuss: control.desc ?? '',
                 iaControls: lodash_1.default.get(control.tags, 'IA_Controls', ''),
-                checkContent: (_d = (_c = lodash_1.default.get(control.tags, 'check')) !== null && _c !== void 0 ? _c : (0, global_1.getDescription)(control.descriptions, 'check')) !== null && _d !== void 0 ? _d : '',
-                fixText: (_f = (_e = lodash_1.default.get(control.tags, 'fix')) !== null && _e !== void 0 ? _e : (0, global_1.getDescription)(control.descriptions, 'fix')) !== null && _f !== void 0 ? _f : '',
+                checkContent: lodash_1.default.get(control.tags, 'check') ??
+                    (0, global_1.getDescription)(control.descriptions, 'check') ??
+                    '',
+                fixText: lodash_1.default.get(control.tags, 'fix') ??
+                    (0, global_1.getDescription)(control.descriptions, 'fix') ??
+                    '',
                 falsePositives: lodash_1.default.get(control.tags, 'False_Positives', ''),
                 falseNegatives: lodash_1.default.get(control.tags, 'False_Negatives', ''),
                 documentable: 'false',
@@ -485,15 +510,16 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
                 responsibility: lodash_1.default.get(control.tags, 'Responsibility', ''),
                 securityOverrideGuidance: lodash_1.default.get(control.tags, 'Security_Override_Guidance', ''),
                 checkContentRef: 'M',
-                weight: lodash_1.default.get(control.tags, 'weight', '10.0'),
+                weight: lodash_1.default.get(control.tags, 'weight', '10.0'), // default found on checklists saved from stigviewer has always been 10.0
                 class: 'Unclass',
                 stigRef,
                 targetKey: '',
                 stigUuid: '',
                 legacyId: lodash_1.default.get(control.tags, 'Legacy_ID'),
-                cciRef: (_g = lodash_1.default.get(control.tags, 'cci')) !== null && _g !== void 0 ? _g : this.matchNistToCcis(lodash_1.default.get(control.tags, 'nist')),
+                cciRef: lodash_1.default.get(control.tags, 'cci') ??
+                    this.matchNistToCcis(lodash_1.default.get(control.tags, 'nist')),
                 comments: this.getComments(control.descriptions),
-                findingdetails: (_h = this.getFindingDetails(control.results)) !== null && _h !== void 0 ? _h : '',
+                findingdetails: this.getFindingDetails(control.results) ?? '',
                 severityjustification: lodash_1.default.get(control.tags, 'severityjustification', checklistJsonix_1.Severityoverride.Empty),
                 severityoverride: lodash_1.default.get(control.tags, 'severityoverride', checklistJsonix_1.Severityoverride.Empty)
             };
@@ -515,19 +541,27 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
             return undefined;
         }
     }
+    /**
+     * Converts an HDF (Heimdall Data Format) execution object to a ChecklistObject.
+     * This function assumes the HDF does not have a 'passthrough.checklist' object,
+     * and therefore would also not have checklist-specific control.tags
+     *
+     * @param hdf - The HDF execution object to convert.
+     * @returns {ChecklistObject} The converted ChecklistObject.
+     */
     hdfToIntermediateObject(hdf) {
-        var _a, _b;
         const stigs = [];
         const metadata = lodash_1.default.get(hdf, 'passthrough.metadata');
         for (const profile of hdf.profiles) {
-            if ((_a = profile.depends) === null || _a === void 0 ? void 0 : _a.length) {
+            // if profile is overlay or parent profile, skip
+            if (profile.depends?.length) {
                 continue;
             }
-            const profileMetadata = metadata === null || metadata === void 0 ? void 0 : metadata.profiles.find((p) => p.name === profile.name);
+            const profileMetadata = metadata?.profiles.find((p) => p.name === profile.name);
             (0, checklist_metadata_utils_1.throwIfInvalidProfileMetadata)(profileMetadata);
             const version = (0, semver_1.coerce)(profile.version);
             const header = {
-                version: lodash_1.default.get(profileMetadata, 'version', (_b = version === null || version === void 0 ? void 0 : version.major) !== null && _b !== void 0 ? _b : 0).toString(),
+                version: lodash_1.default.get(profileMetadata, 'version', version?.major ?? 0).toString(),
                 classification: 'UNCLASSIFIED',
                 customname: this.addHdfProfileSpecificData(profile),
                 stigid: profile.name,
@@ -535,8 +569,8 @@ class ChecklistJsonixConverter extends jsonix_intermediate_converter_1.JsonixInt
                     (profile.summary && profile.description ? '\n' : '') +
                     (profile.description || ''),
                 filename: '',
-                releaseinfo: this.getReleaseInfo((profileMetadata === null || profileMetadata === void 0 ? void 0 : profileMetadata.releasenumber) || (version === null || version === void 0 ? void 0 : version.minor) || 0, profileMetadata === null || profileMetadata === void 0 ? void 0 : profileMetadata.releasedate),
-                title: (profileMetadata === null || profileMetadata === void 0 ? void 0 : profileMetadata.title) || profile.title || profile.name,
+                releaseinfo: this.getReleaseInfo(profileMetadata?.releasenumber || version?.minor || 0, profileMetadata?.releasedate),
+                title: profileMetadata?.title || profile.title || profile.name,
                 uuid: '',
                 notice: profile.license || '',
                 source: 'STIG.DOD.MIL'