@mitre/hdf-converters 2.12.6 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -24
- package/lib/data/converters/csv2json.d.ts +1 -0
- package/lib/data/converters/csv2json.d.ts.map +1 -0
- package/lib/data/converters/csv2json.js +1 -1
- package/lib/data/converters/csv2json.js.map +1 -1
- package/lib/data/converters/xml2json.d.ts +1 -0
- package/lib/data/converters/xml2json.d.ts.map +1 -0
- package/lib/data/converters/xml2json.js +6 -25
- package/lib/data/converters/xml2json.js.map +1 -1
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.d.ts +2 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.d.ts.map +1 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.js +13 -0
- package/lib/data/reverse-html-mapper/convert-to-embedded-strings.js.map +1 -0
- package/lib/index.d.ts +6 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +23 -8
- package/lib/index.js.map +1 -1
- package/lib/package.json +19 -40
- package/lib/src/anchore-grype-mapper.d.ts +1 -0
- package/lib/src/anchore-grype-mapper.d.ts.map +1 -0
- package/lib/src/anchore-grype-mapper.js +7 -1
- package/lib/src/anchore-grype-mapper.js.map +1 -1
- package/lib/src/asff-mapper/asff-mapper.d.ts +1 -0
- package/lib/src/asff-mapper/asff-mapper.d.ts.map +1 -0
- package/lib/src/asff-mapper/asff-mapper.js +274 -237
- package/lib/src/asff-mapper/asff-mapper.js.map +1 -1
- package/lib/src/asff-mapper/case-cms-inspec.d.ts +1 -0
- package/lib/src/asff-mapper/case-cms-inspec.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-cms-inspec.js +18 -9
- package/lib/src/asff-mapper/case-cms-inspec.js.map +1 -1
- package/lib/src/asff-mapper/case-firewall-manager.d.ts +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.js +18 -9
- package/lib/src/asff-mapper/case-firewall-manager.js.map +1 -1
- package/lib/src/asff-mapper/case-guardduty.d.ts +1 -0
- package/lib/src/asff-mapper/case-guardduty.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-guardduty.js +18 -9
- package/lib/src/asff-mapper/case-guardduty.js.map +1 -1
- package/lib/src/asff-mapper/case-inspector.d.ts +1 -0
- package/lib/src/asff-mapper/case-inspector.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-inspector.js +18 -9
- package/lib/src/asff-mapper/case-inspector.js.map +1 -1
- package/lib/src/asff-mapper/case-previously-hdf.d.ts +1 -0
- package/lib/src/asff-mapper/case-previously-hdf.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-previously-hdf.js +21 -10
- package/lib/src/asff-mapper/case-previously-hdf.js.map +1 -1
- package/lib/src/asff-mapper/case-prowler.d.ts +1 -0
- package/lib/src/asff-mapper/case-prowler.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-prowler.js +19 -9
- package/lib/src/asff-mapper/case-prowler.js.map +1 -1
- package/lib/src/asff-mapper/case-security-hub.d.ts +1 -0
- package/lib/src/asff-mapper/case-security-hub.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-security-hub.js +24 -9
- package/lib/src/asff-mapper/case-security-hub.js.map +1 -1
- package/lib/src/asff-mapper/case-trivy.d.ts +1 -0
- package/lib/src/asff-mapper/case-trivy.d.ts.map +1 -0
- package/lib/src/asff-mapper/case-trivy.js +18 -9
- package/lib/src/asff-mapper/case-trivy.js.map +1 -1
- package/lib/src/aws-config-mapper.d.ts +1 -0
- package/lib/src/aws-config-mapper.d.ts.map +1 -0
- package/lib/src/aws-config-mapper.js +29 -7
- package/lib/src/aws-config-mapper.js.map +1 -1
- package/lib/src/base-converter.d.ts +2 -1
- package/lib/src/base-converter.d.ts.map +1 -0
- package/lib/src/base-converter.js +46 -26
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/burpsuite-mapper.d.ts +7 -0
- package/lib/src/burpsuite-mapper.d.ts.map +1 -0
- package/lib/src/burpsuite-mapper.js +115 -88
- package/lib/src/burpsuite-mapper.js.map +1 -1
- package/lib/src/checkov-mapper.d.ts +67 -0
- package/lib/src/checkov-mapper.d.ts.map +1 -0
- package/lib/src/checkov-mapper.js +240 -0
- package/lib/src/checkov-mapper.js.map +1 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts +17 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-jsonix-converter.js +38 -4
- package/lib/src/ckl-mapper/checklist-jsonix-converter.js.map +1 -1
- package/lib/src/ckl-mapper/checklist-mapper.d.ts +35 -0
- package/lib/src/ckl-mapper/checklist-mapper.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-mapper.js +262 -151
- package/lib/src/ckl-mapper/checklist-mapper.js.map +1 -1
- package/lib/src/ckl-mapper/checklist-metadata-utils.d.ts +1 -0
- package/lib/src/ckl-mapper/checklist-metadata-utils.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklist-metadata-utils.js +32 -15
- package/lib/src/ckl-mapper/checklist-metadata-utils.js.map +1 -1
- package/lib/src/ckl-mapper/checklistJsonix.d.ts +6 -0
- package/lib/src/ckl-mapper/checklistJsonix.d.ts.map +1 -0
- package/lib/src/ckl-mapper/checklistJsonix.js +8 -8
- package/lib/src/ckl-mapper/checklistJsonix.js.map +1 -1
- package/lib/src/ckl-mapper/jsonixMapping.d.ts +5 -0
- package/lib/src/ckl-mapper/jsonixMapping.d.ts.map +1 -0
- package/lib/src/ckl-mapper/jsonixMapping.js +4 -0
- package/lib/src/ckl-mapper/jsonixMapping.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js +1 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js +110 -84
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/transformers.d.ts +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.js +68 -38
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -1
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.js +54 -28
- package/lib/src/converters-from-hdf/caat/reverse-caat-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/html/embedded-assets.d.ts +4 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.js +8 -0
- package/lib/src/converters-from-hdf/html/embedded-assets.js.map +1 -0
- package/lib/src/converters-from-hdf/html/html-types.d.ts +1 -0
- package/lib/src/converters-from-hdf/html/html-types.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/html-types.js +1 -0
- package/lib/src/converters-from-hdf/html/html-types.js.map +1 -1
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.d.ts +3 -2
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.js +151 -107
- package/lib/src/converters-from-hdf/html/reverse-html-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts +1 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js +3 -0
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js +29 -9
- package/lib/src/converters-from-hdf/reverse-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js +39 -14
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.d.ts +1 -0
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.d.ts.map +1 -0
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.js +32 -10
- package/lib/src/converters-from-hdf/xccdf/reverse-xccdf-mapper.js.map +1 -1
- package/lib/src/conveyor-mapper.d.ts +1 -0
- package/lib/src/conveyor-mapper.d.ts.map +1 -0
- package/lib/src/conveyor-mapper.js +85 -40
- package/lib/src/conveyor-mapper.js.map +1 -1
- package/lib/src/cyclonedx-sbom-mapper.d.ts +1 -0
- package/lib/src/cyclonedx-sbom-mapper.d.ts.map +1 -0
- package/lib/src/cyclonedx-sbom-mapper.js +368 -294
- package/lib/src/cyclonedx-sbom-mapper.js.map +1 -1
- package/lib/src/dbprotect-mapper.d.ts +1 -0
- package/lib/src/dbprotect-mapper.d.ts.map +1 -0
- package/lib/src/dbprotect-mapper.js +74 -63
- package/lib/src/dbprotect-mapper.js.map +1 -1
- package/lib/src/dependency-track-mapper.d.ts +1 -0
- package/lib/src/dependency-track-mapper.d.ts.map +1 -0
- package/lib/src/dependency-track-mapper.js +144 -130
- package/lib/src/dependency-track-mapper.js.map +1 -1
- package/lib/src/fortify-mapper.d.ts +7 -0
- package/lib/src/fortify-mapper.d.ts.map +1 -0
- package/lib/src/fortify-mapper.js +118 -92
- package/lib/src/fortify-mapper.js.map +1 -1
- package/lib/src/gosec-mapper.d.ts +1 -0
- package/lib/src/gosec-mapper.d.ts.map +1 -0
- package/lib/src/gosec-mapper.js +90 -72
- package/lib/src/gosec-mapper.js.map +1 -1
- package/lib/src/ionchannel-mapper.d.ts +1 -0
- package/lib/src/ionchannel-mapper.d.ts.map +1 -0
- package/lib/src/ionchannel-mapper.js +130 -110
- package/lib/src/ionchannel-mapper.js.map +1 -1
- package/lib/src/jfrog-xray-mapper.d.ts +1 -0
- package/lib/src/jfrog-xray-mapper.d.ts.map +1 -0
- package/lib/src/jfrog-xray-mapper.js +92 -78
- package/lib/src/jfrog-xray-mapper.js.map +1 -1
- package/lib/src/jsonix-converter.d.ts +1 -0
- package/lib/src/jsonix-converter.d.ts.map +1 -0
- package/lib/src/jsonix-converter.js +1 -0
- package/lib/src/jsonix-converter.js.map +1 -1
- package/lib/src/jsonix-intermediate-converter.d.ts +1 -0
- package/lib/src/jsonix-intermediate-converter.d.ts.map +1 -0
- package/lib/src/jsonix-intermediate-converter.js.map +1 -1
- package/lib/src/mappings/AwsConfigMapping.d.ts +1 -0
- package/lib/src/mappings/AwsConfigMapping.d.ts.map +1 -0
- package/lib/src/mappings/AwsConfigMapping.js +19 -9
- package/lib/src/mappings/AwsConfigMapping.js.map +1 -1
- package/lib/src/mappings/AwsConfigMappingData.d.ts +1 -0
- package/lib/src/mappings/AwsConfigMappingData.d.ts.map +1 -0
- package/lib/src/mappings/AwsConfigMappingData.js.map +1 -1
- package/lib/src/mappings/CciNistMapping.d.ts +1 -0
- package/lib/src/mappings/CciNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMapping.js +4 -0
- package/lib/src/mappings/CciNistMapping.js.map +1 -1
- package/lib/src/mappings/CciNistMappingData.d.ts +1 -0
- package/lib/src/mappings/CciNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMappingData.js.map +1 -1
- package/lib/src/mappings/CciNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/CciNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/CciNistMappingItem.js +2 -0
- package/lib/src/mappings/CciNistMappingItem.js.map +1 -1
- package/lib/src/mappings/CheckovToCciAndNistMappingData.d.ts +5 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.js +2695 -0
- package/lib/src/mappings/CheckovToCciAndNistMappingData.js.map +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMapping.js +1 -0
- package/lib/src/mappings/CweNistMapping.js.map +1 -1
- package/lib/src/mappings/CweNistMappingData.d.ts +1 -0
- package/lib/src/mappings/CweNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMappingData.js.map +1 -1
- package/lib/src/mappings/CweNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/CweNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/CweNistMappingItem.js +5 -0
- package/lib/src/mappings/CweNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +4 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NiktoNistMapping.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingData.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMappingData.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.js +4 -0
- package/lib/src/mappings/NiktoNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NistCciMappingData.d.ts +1 -0
- package/lib/src/mappings/NistCciMappingData.d.ts.map +1 -0
- package/lib/src/mappings/NistCciMappingData.js.map +1 -1
- package/lib/src/mappings/OwaspNistMapping.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMapping.js +18 -7
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingData.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMappingData.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.js +5 -0
- package/lib/src/mappings/OwaspNistMappingItem.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js +2 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js.map +1 -1
- package/lib/src/msft-secure-score-mapper.d.ts +1 -0
- package/lib/src/msft-secure-score-mapper.d.ts.map +1 -0
- package/lib/src/msft-secure-score-mapper.js +202 -185
- package/lib/src/msft-secure-score-mapper.js.map +1 -1
- package/lib/src/nessus-mapper.d.ts +2 -1
- package/lib/src/nessus-mapper.d.ts.map +1 -0
- package/lib/src/nessus-mapper.js +122 -105
- package/lib/src/nessus-mapper.js.map +1 -1
- package/lib/src/netsparker-mapper.d.ts +7 -0
- package/lib/src/netsparker-mapper.d.ts.map +1 -0
- package/lib/src/netsparker-mapper.js +34 -9
- package/lib/src/netsparker-mapper.js.map +1 -1
- package/lib/src/neuvector-mapper.d.ts +1 -0
- package/lib/src/neuvector-mapper.d.ts.map +1 -0
- package/lib/src/neuvector-mapper.js +120 -117
- package/lib/src/neuvector-mapper.js.map +1 -1
- package/lib/src/nikto-mapper.d.ts +1 -0
- package/lib/src/nikto-mapper.d.ts.map +1 -0
- package/lib/src/nikto-mapper.js +85 -74
- package/lib/src/nikto-mapper.js.map +1 -1
- package/lib/src/prisma-mapper.d.ts +1 -0
- package/lib/src/prisma-mapper.d.ts.map +1 -0
- package/lib/src/prisma-mapper.js +138 -128
- package/lib/src/prisma-mapper.js.map +1 -1
- package/lib/src/sarif-mapper.d.ts +1 -0
- package/lib/src/sarif-mapper.d.ts.map +1 -0
- package/lib/src/sarif-mapper.js +116 -105
- package/lib/src/sarif-mapper.js.map +1 -1
- package/lib/src/scoutsuite-mapper.d.ts +1 -0
- package/lib/src/scoutsuite-mapper.d.ts.map +1 -0
- package/lib/src/scoutsuite-mapper.js +174 -163
- package/lib/src/scoutsuite-mapper.js.map +1 -1
- package/lib/src/snyk-mapper.d.ts +1 -0
- package/lib/src/snyk-mapper.d.ts.map +1 -0
- package/lib/src/snyk-mapper.js +112 -100
- package/lib/src/snyk-mapper.js.map +1 -1
- package/lib/src/sonarqube-mapper.d.ts +18 -5
- package/lib/src/sonarqube-mapper.d.ts.map +1 -0
- package/lib/src/sonarqube-mapper.js +525 -271
- package/lib/src/sonarqube-mapper.js.map +1 -1
- package/lib/src/splunk-mapper.d.ts +3 -2
- package/lib/src/splunk-mapper.d.ts.map +1 -0
- package/lib/src/splunk-mapper.js +69 -12
- package/lib/src/splunk-mapper.js.map +1 -1
- package/lib/src/trufflehog-mapper.d.ts +1 -0
- package/lib/src/trufflehog-mapper.d.ts.map +1 -0
- package/lib/src/trufflehog-mapper.js +72 -69
- package/lib/src/trufflehog-mapper.js.map +1 -1
- package/lib/src/twistlock-mapper.d.ts +1 -0
- package/lib/src/twistlock-mapper.d.ts.map +1 -0
- package/lib/src/twistlock-mapper.js +140 -126
- package/lib/src/twistlock-mapper.js.map +1 -1
- package/lib/src/utils/CCI_List.d.ts +1 -0
- package/lib/src/utils/CCI_List.d.ts.map +1 -0
- package/lib/src/utils/CCI_List.js.map +1 -1
- package/lib/src/utils/attestations.d.ts +1 -0
- package/lib/src/utils/attestations.d.ts.map +1 -0
- package/lib/src/utils/attestations.js +28 -13
- package/lib/src/utils/attestations.js.map +1 -1
- package/lib/src/utils/compliance.d.ts +1 -0
- package/lib/src/utils/compliance.d.ts.map +1 -0
- package/lib/src/utils/compliance.js +11 -3
- package/lib/src/utils/compliance.js.map +1 -1
- package/lib/src/utils/fingerprinting.d.ts +2 -0
- package/lib/src/utils/fingerprinting.d.ts.map +1 -0
- package/lib/src/utils/fingerprinting.js +28 -11
- package/lib/src/utils/fingerprinting.js.map +1 -1
- package/lib/src/utils/global.d.ts +3 -1
- package/lib/src/utils/global.d.ts.map +1 -0
- package/lib/src/utils/global.js +34 -15
- package/lib/src/utils/global.js.map +1 -1
- package/lib/src/utils/parseJson.d.ts +1 -0
- package/lib/src/utils/parseJson.d.ts.map +1 -0
- package/lib/src/utils/parseJson.js +7 -3
- package/lib/src/utils/parseJson.js.map +1 -1
- package/lib/src/utils/result.d.ts +1 -0
- package/lib/src/utils/result.d.ts.map +1 -0
- package/lib/src/utils/result.js.map +1 -1
- package/lib/src/utils/splunk-tools.d.ts +2 -1
- package/lib/src/utils/splunk-tools.d.ts.map +1 -0
- package/lib/src/utils/splunk-tools.js +52 -31
- package/lib/src/utils/splunk-tools.js.map +1 -1
- package/lib/src/veracode-mapper.d.ts +1 -0
- package/lib/src/veracode-mapper.d.ts.map +1 -0
- package/lib/src/veracode-mapper.js +50 -7
- package/lib/src/veracode-mapper.js.map +1 -1
- package/lib/src/xccdf-results-mapper.d.ts +7 -0
- package/lib/src/xccdf-results-mapper.d.ts.map +1 -0
- package/lib/src/xccdf-results-mapper.js +336 -301
- package/lib/src/xccdf-results-mapper.js.map +1 -1
- package/lib/src/zap-mapper.d.ts +8 -0
- package/lib/src/zap-mapper.d.ts.map +1 -0
- package/lib/src/zap-mapper.js +119 -90
- package/lib/src/zap-mapper.js.map +1 -1
- package/lib/tsconfig.build.tsbuildinfo +1 -0
- package/lib/types/neuvector-types.d.ts +1 -0
- package/lib/types/neuvector-types.d.ts.map +1 -0
- package/lib/types/neuvector-types.js +80 -0
- package/lib/types/neuvector-types.js.map +1 -1
- package/lib/types/splunk-config-types.d.ts +1 -0
- package/lib/types/splunk-config-types.d.ts.map +1 -0
- package/lib/types/splunk-config-types.js.map +1 -1
- package/lib/types/splunk-control-types.d.ts +1 -0
- package/lib/types/splunk-control-types.d.ts.map +1 -0
- package/lib/types/splunk-control-types.js.map +1 -1
- package/lib/types/splunk-profile-types.d.ts +1 -0
- package/lib/types/splunk-profile-types.d.ts.map +1 -0
- package/lib/types/splunk-profile-types.js.map +1 -1
- package/lib/types/splunk-report-types.d.ts +1 -0
- package/lib/types/splunk-report-types.d.ts.map +1 -0
- package/lib/types/splunk-report-types.js.map +1 -1
- package/package.json +19 -40
- package/lib/data/converters/csv2json.ts +0 -36
- package/lib/data/converters/xml2json.ts +0 -57
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
// ASFF (AWS Security Finding Format) is intended as being another data exchange format to be used in displaying data within AWS SecurityHub - in this regard, it is analogous to HDF and Heimdall.
|
|
3
|
+
// Like in every scenario where there is an open specification, people interpret the intent of each of the attributes in slightly different ways. Consequently, while many products provide 'ASFF' output, providing a mapper back to HDF can be complicated.
|
|
2
4
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
5
|
if (k2 === undefined) k2 = k;
|
|
4
6
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
@@ -15,15 +17,26 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
|
|
|
15
17
|
}) : function(o, v) {
|
|
16
18
|
o["default"] = v;
|
|
17
19
|
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
};
|
|
20
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
21
|
+
var ownKeys = function(o) {
|
|
22
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
23
|
+
var ar = [];
|
|
24
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
25
|
+
return ar;
|
|
26
|
+
};
|
|
27
|
+
return ownKeys(o);
|
|
28
|
+
};
|
|
29
|
+
return function (mod) {
|
|
30
|
+
if (mod && mod.__esModule) return mod;
|
|
31
|
+
var result = {};
|
|
32
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
33
|
+
__setModuleDefault(result, mod);
|
|
34
|
+
return result;
|
|
35
|
+
};
|
|
36
|
+
})();
|
|
25
37
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.ASFFResults = exports.ASFFMapper = exports.
|
|
38
|
+
exports.ASFFResults = exports.ASFFMapper = exports.SpecialCasing = void 0;
|
|
39
|
+
exports.consolidate = consolidate;
|
|
27
40
|
const compare_versions_1 = require("compare-versions");
|
|
28
41
|
const html_entities_1 = require("html-entities");
|
|
29
42
|
const inspecjs_1 = require("inspecjs");
|
|
@@ -48,6 +61,7 @@ const IMPACT_MAPPING = new Map([
|
|
|
48
61
|
]);
|
|
49
62
|
const SEVERITY_LABEL = 'Severity.Label';
|
|
50
63
|
const COMPLIANCE_STATUS = 'Compliance.Status';
|
|
64
|
+
// Sometimes certain ASFF file types require massaging in order to generate good HDF files. These are the supported special cases and a catchall 'Default'. 'Default' files and non-special cased methods for otherwise special cased files do the pre-defined default behaviors when generating the HDF file.
|
|
51
65
|
var SpecialCasing;
|
|
52
66
|
(function (SpecialCasing) {
|
|
53
67
|
SpecialCasing["CMSInSpec"] = "CMS Chef InSpec";
|
|
@@ -59,7 +73,8 @@ var SpecialCasing;
|
|
|
59
73
|
SpecialCasing["Trivy"] = "Aqua Trivy";
|
|
60
74
|
SpecialCasing["PreviouslyHDF"] = "MITRE SAF HDF2ASFF";
|
|
61
75
|
SpecialCasing["Default"] = "Default";
|
|
62
|
-
})(SpecialCasing
|
|
76
|
+
})(SpecialCasing || (exports.SpecialCasing = SpecialCasing = {}));
|
|
77
|
+
// typically you can just look at the ProductArn field to get information on the product type but we also support some custom formats/products that require alternative means of identification
|
|
63
78
|
function whichSpecialCase(finding) {
|
|
64
79
|
const productArn = _.get(finding, 'ProductArn');
|
|
65
80
|
if (_.get(finding, 'ProductName') === 'Default' &&
|
|
@@ -73,11 +88,12 @@ function whichSpecialCase(finding) {
|
|
|
73
88
|
return SpecialCasing.GuardDuty;
|
|
74
89
|
}
|
|
75
90
|
else if (_.some(_.get(finding, 'FindingProviderFields.Types'), (type) => {
|
|
91
|
+
// 'type' should look like "MITRE/SAF/2.6.29-hdf2asff"
|
|
76
92
|
if (!_.startsWith(type, 'MITRE/SAF/')) {
|
|
77
93
|
return false;
|
|
78
94
|
}
|
|
79
95
|
const version = type.split('/').pop()?.split('-')[0] ?? '';
|
|
80
|
-
return (0, compare_versions_1.validate)(version) && (0, compare_versions_1.compare)(version, '2.6.20', '>');
|
|
96
|
+
return (0, compare_versions_1.validate)(version) && (0, compare_versions_1.compare)(version, '2.6.20', '>'); // older versions aren't supported by the 'PreviouslyHDF' specialcasing and instead use the default casing
|
|
81
97
|
})) {
|
|
82
98
|
return SpecialCasing.PreviouslyHDF;
|
|
83
99
|
}
|
|
@@ -107,6 +123,7 @@ const SPECIAL_CASE_MAPPING = new Map([
|
|
|
107
123
|
[SpecialCasing.SecurityHub, (0, case_security_hub_1.getSecurityHub)()],
|
|
108
124
|
[SpecialCasing.Trivy, (0, case_trivy_1.getTrivy)()]
|
|
109
125
|
]);
|
|
126
|
+
// If a special casing has a function override, then do the override, otherwise return the default value. This is how the 'massaging' described above is implemented.
|
|
110
127
|
function externalProductHandler(context, product, data, func, defaultVal) {
|
|
111
128
|
if (product !== SpecialCasing.Default &&
|
|
112
129
|
_.has(SPECIAL_CASE_MAPPING.get(product), func)) {
|
|
@@ -128,6 +145,7 @@ function externalProductHandler(context, product, data, func, defaultVal) {
|
|
|
128
145
|
}
|
|
129
146
|
}
|
|
130
147
|
}
|
|
148
|
+
// helper function to take all the controls that have the same id and turn them into results/subtests within an overarching control
|
|
131
149
|
function handleIdGroup(context, idGroup) {
|
|
132
150
|
const [id, data] = idGroup;
|
|
133
151
|
const group = data.map((d) => d[0]);
|
|
@@ -160,7 +178,8 @@ function handleIdGroup(context, idGroup) {
|
|
|
160
178
|
.filter((element, index, arr) => element &&
|
|
161
179
|
element.data !== '' &&
|
|
162
180
|
index ===
|
|
163
|
-
arr.findIndex((e) => e !== null && e !== undefined && e.data === element.data)
|
|
181
|
+
arr.findIndex((e) => e !== null && e !== undefined && e.data === element.data) // https://stackoverflow.com/a/36744732/645647
|
|
182
|
+
),
|
|
164
183
|
refs: group
|
|
165
184
|
.map((d) => d.refs)
|
|
166
185
|
.flat()
|
|
@@ -184,7 +203,10 @@ function handleIdGroup(context, idGroup) {
|
|
|
184
203
|
results: group.map((d) => d.results).flat()
|
|
185
204
|
};
|
|
186
205
|
}
|
|
206
|
+
// consolidate the array of controls which were generated 1:1 with findings in order to have subfindings/results
|
|
207
|
+
// the way it does this is to group by HDF id which by default is the ASFF GeneratorId field
|
|
187
208
|
function consolidate(context, input, file) {
|
|
209
|
+
// Group Sub-findings by HDF ID
|
|
188
210
|
const allFindings = _.get(file, 'Findings');
|
|
189
211
|
if (input.length !== allFindings.length) {
|
|
190
212
|
throw new Error('The number of generated controls should be the same as the number of findings while consolidating.');
|
|
@@ -195,7 +217,7 @@ function consolidate(context, input, file) {
|
|
|
195
217
|
});
|
|
196
218
|
return Object.entries(idGroups || {}).map((idGroup) => handleIdGroup(context, idGroup));
|
|
197
219
|
}
|
|
198
|
-
|
|
220
|
+
// the schema specifies that the file should be `{ "Findings": [... findings array ...] }` but sometimes only the array or even a single finding is provided so this function corrects for those cases
|
|
199
221
|
function wrapWithFindingsObject(output) {
|
|
200
222
|
if (!_.has(output, 'Findings')) {
|
|
201
223
|
if (Array.isArray(output)) {
|
|
@@ -207,6 +229,7 @@ function wrapWithFindingsObject(output) {
|
|
|
207
229
|
}
|
|
208
230
|
return output;
|
|
209
231
|
}
|
|
232
|
+
// some applications (like Prowler) give us new line seperated JSON objects (see JSON Lines or ndjson) but we need regular JSON
|
|
210
233
|
function fixFileInput(asffJson) {
|
|
211
234
|
let output = {};
|
|
212
235
|
try {
|
|
@@ -222,275 +245,289 @@ function fixFileInput(asffJson) {
|
|
|
222
245
|
return wrapWithFindingsObject(output);
|
|
223
246
|
}
|
|
224
247
|
class ASFFMapper extends base_converter_1.BaseConverter {
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
}
|
|
240
|
-
}
|
|
241
|
-
setMappings() {
|
|
242
|
-
this.mappings = externalProductHandler(this, whichSpecialCase(_.get(this.data, 'Findings[0]')), this, 'mapping', this.defaultMappings);
|
|
243
|
-
}
|
|
244
|
-
constructor(asff, supportingDocs, meta = undefined) {
|
|
245
|
-
super(asff);
|
|
246
|
-
this.defaultMappings = {
|
|
247
|
-
platform: {
|
|
248
|
-
name: 'Heimdall Tools',
|
|
249
|
-
release: package_json_1.version,
|
|
250
|
-
target_id: {
|
|
251
|
-
transformer: (record) => {
|
|
252
|
-
const productInfo = _.get(record, 'Findings[0].ProductArn')
|
|
253
|
-
.split(':')
|
|
254
|
-
.slice(-1)[0]
|
|
255
|
-
.split('/');
|
|
256
|
-
const defaultTargetId = `${productInfo[1]} - ${productInfo[2]}`;
|
|
257
|
-
return externalProductHandler(this, whichSpecialCase(_.get(record, 'Findings[0]')), [_.get(record, 'Findings[0]'), record.Findings], 'productName', (0, html_entities_1.encode)(defaultTargetId));
|
|
258
|
-
}
|
|
248
|
+
meta;
|
|
249
|
+
supportingDocs;
|
|
250
|
+
defaultMappings = {
|
|
251
|
+
platform: {
|
|
252
|
+
name: 'Heimdall Tools',
|
|
253
|
+
release: package_json_1.version,
|
|
254
|
+
target_id: {
|
|
255
|
+
transformer: (record) => {
|
|
256
|
+
const productInfo = _.get(record, 'Findings[0].ProductArn')
|
|
257
|
+
.split(':')
|
|
258
|
+
.slice(-1)[0]
|
|
259
|
+
.split('/');
|
|
260
|
+
const defaultTargetId = `${productInfo[1]} - ${productInfo[2]}`;
|
|
261
|
+
return externalProductHandler(this, whichSpecialCase(_.get(record, 'Findings[0]')), [_.get(record, 'Findings[0]'), record.Findings], 'productName', (0, html_entities_1.encode)(defaultTargetId));
|
|
259
262
|
}
|
|
260
|
-
}
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
}
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
}
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
263
|
+
}
|
|
264
|
+
},
|
|
265
|
+
version: package_json_1.version,
|
|
266
|
+
statistics: {
|
|
267
|
+
duration: null
|
|
268
|
+
},
|
|
269
|
+
profiles: [
|
|
270
|
+
{
|
|
271
|
+
name: {
|
|
272
|
+
transformer: () => {
|
|
273
|
+
return this.meta?.name || 'AWS Security Finding Format';
|
|
274
|
+
}
|
|
275
|
+
},
|
|
276
|
+
version: '',
|
|
277
|
+
title: {
|
|
278
|
+
transformer: () => {
|
|
279
|
+
return _.get(this.meta, 'title') || 'ASFF Findings';
|
|
280
|
+
}
|
|
281
|
+
},
|
|
282
|
+
maintainer: null,
|
|
283
|
+
summary: '',
|
|
284
|
+
license: null,
|
|
285
|
+
copyright: null,
|
|
286
|
+
copyright_email: null,
|
|
287
|
+
supports: [],
|
|
288
|
+
attributes: [],
|
|
289
|
+
depends: [],
|
|
290
|
+
groups: [],
|
|
291
|
+
status: 'loaded',
|
|
292
|
+
controls: [
|
|
293
|
+
{
|
|
294
|
+
path: 'Findings',
|
|
295
|
+
key: 'id',
|
|
296
|
+
arrayTransformer: consolidate.bind(this, this),
|
|
297
|
+
id: {
|
|
298
|
+
transformer: (finding) => externalProductHandler(this, whichSpecialCase(finding), finding, 'findingId', (0, html_entities_1.encode)(_.get(finding, 'GeneratorId')))
|
|
299
|
+
},
|
|
300
|
+
title: {
|
|
301
|
+
transformer: (finding) => externalProductHandler(this, whichSpecialCase(finding), finding, 'findingTitle', (0, html_entities_1.encode)(_.get(finding, 'Title')))
|
|
302
|
+
},
|
|
303
|
+
desc: {
|
|
304
|
+
transformer: (finding) => externalProductHandler(this, whichSpecialCase(finding), finding, 'findingDescription', (0, html_entities_1.encode)(_.get(finding, 'Description')))
|
|
305
|
+
},
|
|
306
|
+
impact: {
|
|
307
|
+
transformer: (finding) => {
|
|
308
|
+
// There can be findings listed that are intentionally ignored due to the underlying control being superseded by a control from a different standard
|
|
309
|
+
let impact;
|
|
310
|
+
if (_.get(finding, 'Workflow.Status') === 'SUPPRESSED') {
|
|
311
|
+
impact = 'INFORMATIONAL';
|
|
312
|
+
}
|
|
313
|
+
else {
|
|
314
|
+
// Severity is required, but can be either 'label' or 'normalized' internally with 'label' being preferred. other values can be in here too such as the original severity rating.
|
|
315
|
+
const defaultFunc = () => _.get(finding, SEVERITY_LABEL)
|
|
316
|
+
? _.get(finding, SEVERITY_LABEL)
|
|
317
|
+
: _.get(finding, 'Severity.Normalized') /
|
|
318
|
+
100.0;
|
|
319
|
+
impact = externalProductHandler(this, whichSpecialCase(finding), finding, 'findingImpact', defaultFunc);
|
|
320
|
+
}
|
|
321
|
+
return typeof impact === 'string'
|
|
322
|
+
? IMPACT_MAPPING.get(impact) || 0
|
|
323
|
+
: impact;
|
|
324
|
+
}
|
|
325
|
+
},
|
|
326
|
+
tags: {
|
|
327
|
+
transformer: (finding) => externalProductHandler(this, whichSpecialCase(finding), finding, 'findingTags', {}),
|
|
328
|
+
cci: {
|
|
303
329
|
transformer: (finding) => {
|
|
304
|
-
|
|
305
|
-
if (
|
|
306
|
-
|
|
330
|
+
const tags = externalProductHandler(this, whichSpecialCase(finding), finding, 'findingNistTag', []);
|
|
331
|
+
if (tags.length === 0) {
|
|
332
|
+
return (0, global_1.getCCIsForNISTTags)(global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS);
|
|
307
333
|
}
|
|
308
334
|
else {
|
|
309
|
-
|
|
310
|
-
? _.get(finding, SEVERITY_LABEL)
|
|
311
|
-
: _.get(finding, 'Severity.Normalized') /
|
|
312
|
-
100.0;
|
|
313
|
-
impact = externalProductHandler(this, whichSpecialCase(finding), finding, 'findingImpact', defaultFunc);
|
|
335
|
+
return (0, global_1.getCCIsForNISTTags)(tags);
|
|
314
336
|
}
|
|
315
|
-
return typeof impact === 'string'
|
|
316
|
-
? IMPACT_MAPPING.get(impact) || 0
|
|
317
|
-
: impact;
|
|
318
337
|
}
|
|
319
338
|
},
|
|
320
|
-
|
|
321
|
-
transformer: (finding) =>
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
if (tags.length === 0) {
|
|
326
|
-
return (0, global_1.getCCIsForNISTTags)(global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS);
|
|
327
|
-
}
|
|
328
|
-
else {
|
|
329
|
-
return (0, global_1.getCCIsForNISTTags)(tags);
|
|
330
|
-
}
|
|
339
|
+
nist: {
|
|
340
|
+
transformer: (finding) => {
|
|
341
|
+
const tags = externalProductHandler(this, whichSpecialCase(finding), finding, 'findingNistTag', []);
|
|
342
|
+
if (tags.length === 0) {
|
|
343
|
+
return global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
|
|
331
344
|
}
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
transformer: (finding) => {
|
|
335
|
-
const tags = externalProductHandler(this, whichSpecialCase(finding), finding, 'findingNistTag', []);
|
|
336
|
-
if (tags.length === 0) {
|
|
337
|
-
return global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
|
|
338
|
-
}
|
|
339
|
-
else {
|
|
340
|
-
return tags;
|
|
341
|
-
}
|
|
345
|
+
else {
|
|
346
|
+
return tags;
|
|
342
347
|
}
|
|
343
348
|
}
|
|
344
|
-
}
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
if (_.has(input, 'Url')) {
|
|
355
|
-
data.push(_.get(input, 'Url'));
|
|
356
|
-
}
|
|
357
|
-
return data.join('\n');
|
|
349
|
+
}
|
|
350
|
+
},
|
|
351
|
+
descriptions: [
|
|
352
|
+
{
|
|
353
|
+
data: {
|
|
354
|
+
path: 'Remediation.Recommendation',
|
|
355
|
+
transformer: (input) => {
|
|
356
|
+
const data = [];
|
|
357
|
+
if (_.has(input, 'Text')) {
|
|
358
|
+
data.push(_.get(input, 'Text'));
|
|
358
359
|
}
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
refs: [
|
|
364
|
-
{
|
|
365
|
-
transformer: (finding) => {
|
|
366
|
-
return {
|
|
367
|
-
...(_.has(finding, 'SourceUrl') && {
|
|
368
|
-
url: _.get(finding, 'SourceUrl')
|
|
369
|
-
})
|
|
370
|
-
};
|
|
360
|
+
if (_.has(input, 'Url')) {
|
|
361
|
+
data.push(_.get(input, 'Url'));
|
|
362
|
+
}
|
|
363
|
+
return data.join('\n');
|
|
371
364
|
}
|
|
365
|
+
},
|
|
366
|
+
label: 'fix'
|
|
367
|
+
}
|
|
368
|
+
],
|
|
369
|
+
refs: [
|
|
370
|
+
{
|
|
371
|
+
transformer: (finding) => {
|
|
372
|
+
return {
|
|
373
|
+
...(_.has(finding, 'SourceUrl') && {
|
|
374
|
+
url: _.get(finding, 'SourceUrl')
|
|
375
|
+
})
|
|
376
|
+
};
|
|
372
377
|
}
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
const defaultFunc = () => {
|
|
381
|
-
if (_.has(finding, COMPLIANCE_STATUS)) {
|
|
382
|
-
switch (_.get(finding, COMPLIANCE_STATUS)) {
|
|
383
|
-
case 'PASSED':
|
|
384
|
-
return inspecjs_1.ExecJSON.ControlResultStatus.Passed;
|
|
385
|
-
case 'WARNING':
|
|
386
|
-
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
387
|
-
case 'FAILED':
|
|
388
|
-
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
389
|
-
case 'NOT_AVAILABLE':
|
|
390
|
-
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
391
|
-
default:
|
|
392
|
-
return inspecjs_1.ExecJSON.ControlResultStatus.Error;
|
|
393
|
-
}
|
|
394
|
-
}
|
|
395
|
-
else {
|
|
396
|
-
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
397
|
-
}
|
|
398
|
-
};
|
|
399
|
-
return externalProductHandler(this, whichSpecialCase(finding), finding, 'subfindingsStatus', defaultFunc);
|
|
400
|
-
}
|
|
401
|
-
},
|
|
402
|
-
code_desc: {
|
|
403
|
-
transformer: (finding) => {
|
|
404
|
-
let output = externalProductHandler(this, whichSpecialCase(finding), finding, 'subfindingsCodeDesc', '');
|
|
405
|
-
if (output) {
|
|
406
|
-
output += '; ';
|
|
407
|
-
}
|
|
408
|
-
const resources = _.get(finding, 'Resources')
|
|
409
|
-
.map((resource) => {
|
|
410
|
-
let hash = `Type: ${(0, html_entities_1.encode)(_.get(resource, 'Type'))}, Id: ${(0, html_entities_1.encode)(_.get(resource, 'Id'))}`;
|
|
411
|
-
if (_.has(resource, 'Partition')) {
|
|
412
|
-
hash += `, Partition: ${(0, html_entities_1.encode)(_.get(resource, 'Partition'))}`;
|
|
413
|
-
}
|
|
414
|
-
if (_.has(resource, 'Region')) {
|
|
415
|
-
hash += `, Region: ${(0, html_entities_1.encode)(_.get(resource, 'Region'))}`;
|
|
416
|
-
}
|
|
417
|
-
return hash;
|
|
418
|
-
})
|
|
419
|
-
.join(', ');
|
|
420
|
-
output += `Resources: [${resources}]`;
|
|
421
|
-
return output;
|
|
422
|
-
}
|
|
423
|
-
},
|
|
378
|
+
}
|
|
379
|
+
],
|
|
380
|
+
source_location: {},
|
|
381
|
+
code: '',
|
|
382
|
+
results: [
|
|
383
|
+
{
|
|
384
|
+
status: {
|
|
424
385
|
transformer: (finding) => {
|
|
425
|
-
const
|
|
426
|
-
|
|
427
|
-
const statusReason = this.statusReason(finding);
|
|
386
|
+
const defaultFunc = () => {
|
|
387
|
+
if (_.has(finding, COMPLIANCE_STATUS)) {
|
|
428
388
|
switch (_.get(finding, COMPLIANCE_STATUS)) {
|
|
429
|
-
case undefined:
|
|
430
|
-
return undefined;
|
|
431
389
|
case 'PASSED':
|
|
432
|
-
return
|
|
390
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Passed;
|
|
433
391
|
case 'WARNING':
|
|
434
|
-
return
|
|
392
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
435
393
|
case 'FAILED':
|
|
436
|
-
return
|
|
394
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
437
395
|
case 'NOT_AVAILABLE':
|
|
438
|
-
|
|
396
|
+
// primary meaning is that the check could not be performed due to a service outage or API error, but it's also overloaded to mean NOT_APPLICABLE so technically 'skipped' or 'error' could be applicable, but AWS seems to do the equivalent of skipped
|
|
397
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
439
398
|
default:
|
|
440
|
-
|
|
399
|
+
// not a valid value for the status enum
|
|
400
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Error;
|
|
441
401
|
}
|
|
442
|
-
}
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
402
|
+
}
|
|
403
|
+
else {
|
|
404
|
+
// if no compliance status is provided which is a weird but possible case, then fail
|
|
405
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
406
|
+
}
|
|
407
|
+
};
|
|
408
|
+
return externalProductHandler(this, whichSpecialCase(finding), finding, 'subfindingsStatus', defaultFunc);
|
|
409
|
+
}
|
|
410
|
+
},
|
|
411
|
+
code_desc: {
|
|
412
|
+
transformer: (finding) => {
|
|
413
|
+
let output = externalProductHandler(this, whichSpecialCase(finding), finding, 'subfindingsCodeDesc', '');
|
|
414
|
+
if (output) {
|
|
415
|
+
output += '; ';
|
|
416
|
+
}
|
|
417
|
+
const resources = _.get(finding, 'Resources')
|
|
418
|
+
.map((resource) => {
|
|
419
|
+
let hash = `Type: ${(0, html_entities_1.encode)(_.get(resource, 'Type'))}, Id: ${(0, html_entities_1.encode)(_.get(resource, 'Id'))}`;
|
|
420
|
+
if (_.has(resource, 'Partition')) {
|
|
421
|
+
hash += `, Partition: ${(0, html_entities_1.encode)(_.get(resource, 'Partition'))}`;
|
|
422
|
+
}
|
|
423
|
+
if (_.has(resource, 'Region')) {
|
|
424
|
+
hash += `, Region: ${(0, html_entities_1.encode)(_.get(resource, 'Region'))}`;
|
|
425
|
+
}
|
|
426
|
+
return hash;
|
|
427
|
+
})
|
|
428
|
+
.join(', ');
|
|
429
|
+
output += `Resources: [${resources}]`;
|
|
430
|
+
return output;
|
|
431
|
+
}
|
|
432
|
+
},
|
|
433
|
+
transformer: (finding) => {
|
|
434
|
+
const message = (() => {
|
|
435
|
+
const defaultFunc = () => {
|
|
446
436
|
const statusReason = this.statusReason(finding);
|
|
447
437
|
switch (_.get(finding, COMPLIANCE_STATUS)) {
|
|
448
|
-
case undefined:
|
|
449
|
-
return statusReason;
|
|
450
|
-
case 'PASSED':
|
|
438
|
+
case undefined: // Possible for Compliance.Status to not be there, in which case it's a skip_message
|
|
451
439
|
return undefined;
|
|
452
|
-
case '
|
|
440
|
+
case 'PASSED':
|
|
453
441
|
return statusReason;
|
|
454
|
-
case '
|
|
442
|
+
case 'WARNING':
|
|
455
443
|
return undefined;
|
|
456
|
-
case '
|
|
444
|
+
case 'FAILED':
|
|
457
445
|
return statusReason;
|
|
458
|
-
|
|
446
|
+
case 'NOT_AVAILABLE':
|
|
459
447
|
return undefined;
|
|
448
|
+
default:
|
|
449
|
+
return statusReason;
|
|
460
450
|
}
|
|
461
|
-
})();
|
|
462
|
-
return {
|
|
463
|
-
...(message !== undefined && { message }),
|
|
464
|
-
...(skipMessage !== undefined && {
|
|
465
|
-
skip_message: skipMessage
|
|
466
|
-
})
|
|
467
451
|
};
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
452
|
+
return externalProductHandler(this, whichSpecialCase(finding), finding, 'subfindingsMessage', defaultFunc);
|
|
453
|
+
})();
|
|
454
|
+
const skipMessage = (() => {
|
|
455
|
+
const statusReason = this.statusReason(finding);
|
|
456
|
+
switch (_.get(finding, COMPLIANCE_STATUS)) {
|
|
457
|
+
case undefined: // Possible for Compliance.Status to not be there, in which case it's a skip_message
|
|
458
|
+
return statusReason;
|
|
459
|
+
case 'PASSED':
|
|
460
|
+
return undefined;
|
|
461
|
+
case 'WARNING':
|
|
462
|
+
return statusReason;
|
|
463
|
+
case 'FAILED':
|
|
464
|
+
return undefined;
|
|
465
|
+
case 'NOT_AVAILABLE':
|
|
466
|
+
// primary meaning is that the check could not be performed due to a service outage or API error, but it's also overloaded to mean NOT_APPLICABLE so technically 'skipped' or 'error' could be applicable, but AWS seems to do the equivalent of skipped
|
|
467
|
+
return statusReason;
|
|
468
|
+
default:
|
|
469
|
+
return undefined;
|
|
470
|
+
}
|
|
471
|
+
})();
|
|
472
|
+
return {
|
|
473
|
+
...(message !== undefined && { message }),
|
|
474
|
+
...(skipMessage !== undefined && {
|
|
475
|
+
skip_message: skipMessage
|
|
476
|
+
})
|
|
477
|
+
};
|
|
478
|
+
},
|
|
479
|
+
start_time: {
|
|
480
|
+
transformer: (finding) => _.get(finding, 'LastObservedAt') ||
|
|
481
|
+
_.get(finding, 'UpdatedAt')
|
|
473
482
|
}
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
483
|
+
}
|
|
484
|
+
]
|
|
485
|
+
}
|
|
486
|
+
],
|
|
487
|
+
sha256: ''
|
|
488
|
+
}
|
|
489
|
+
]
|
|
490
|
+
};
|
|
491
|
+
statusReason(finding) {
|
|
492
|
+
const statusReasons = _.get(finding, 'Compliance.StatusReasons');
|
|
493
|
+
if (statusReasons !== undefined &&
|
|
494
|
+
statusReasons !== null &&
|
|
495
|
+
_.isArray(statusReasons)) {
|
|
496
|
+
return statusReasons
|
|
497
|
+
.map((reason) => Object.entries(reason || {}).map(([key, value]) => {
|
|
498
|
+
return `${(0, html_entities_1.encode)(key)}: ${(0, html_entities_1.encode)(value)}`;
|
|
499
|
+
}))
|
|
500
|
+
.flat()
|
|
501
|
+
.join('\n');
|
|
502
|
+
}
|
|
503
|
+
else {
|
|
504
|
+
return undefined;
|
|
505
|
+
}
|
|
506
|
+
}
|
|
507
|
+
setMappings() {
|
|
508
|
+
this.mappings = externalProductHandler(this, whichSpecialCase(_.get(this.data, 'Findings[0]')), this, 'mapping', this.defaultMappings);
|
|
509
|
+
}
|
|
510
|
+
constructor(asff, supportingDocs, meta = undefined) {
|
|
511
|
+
super(asff);
|
|
481
512
|
this.meta = meta;
|
|
482
513
|
this.supportingDocs = supportingDocs;
|
|
483
514
|
this.setMappings();
|
|
484
515
|
}
|
|
485
516
|
}
|
|
486
517
|
exports.ASFFMapper = ASFFMapper;
|
|
518
|
+
// sometimes there is a need to change certain meta level information such as the profile name to make it clearer that the original ASFF file came from an external tool instead of SecHub
|
|
519
|
+
// some special cases can take in additional files aside from findings, ex. the guidelines which contain correct severity information
|
|
487
520
|
class ASFFResults {
|
|
521
|
+
data;
|
|
522
|
+
meta;
|
|
523
|
+
supportingDocs;
|
|
488
524
|
constructor(asffJson, securityhubStandardsJsonArray = undefined, meta = undefined) {
|
|
489
525
|
this.meta = meta;
|
|
490
526
|
this.supportingDocs = new Map();
|
|
491
527
|
this.supportingDocs.set(SpecialCasing.SecurityHub, _.get(SPECIAL_CASE_MAPPING.get(SpecialCasing.SecurityHub), 'securityhubSupportingDocs', (standards) => {
|
|
492
528
|
throw new Error(`supportingDocs function should've been defined: ${standards}`);
|
|
493
529
|
})(securityhubStandardsJsonArray));
|
|
530
|
+
// split input findings via product, each of which will get their own resultant HDF file
|
|
494
531
|
const findings = _.get(fixFileInput(asffJson), 'Findings');
|
|
495
532
|
this.data = _.groupBy(findings, (finding) => {
|
|
496
533
|
const productInfo = _.get(finding, 'ProductArn')
|