@mitre/hdf-converters 2.12.6 → 3.0.0

package/dist/converters/nessus-to-hdf/typescript/converter.js

@@ -0,0 +1,329 @@
+import { parseXmlWithArrays } from '@mitre/hdf-utilities';
+import { getNessusNistControl, getCCINistMappings } from '@mitre/hdf-mappings';
+import { inputChecksum, limitArray, validateInputSize } from '../../../shared/typescript/converterutil.js';
+import { ResultStatus, Copyright as TargetType, createMinimalBaseline } from '@mitre/hdf-schema';
+import { version as converterVersion } from '@mitre/hdf-converters/package.json';
+// Severity to impact mapping from heimdall2
+const IMPACT_MAPPING = {
+    '4': 0.9, // Critical
+    '3': 0.7, // High
+    'i': 0.7,
+    '2': 0.5, // Medium
+    'ii': 0.5,
+    '1': 0.3, // Low
+    'iii': 0.3,
+    '0': 0.0, // Info
+};
+/**
+ * Strip HTML tags from a string
+ */
+function parseHtml(html) {
+    return html.replace(/<[^>]*>/g, '').trim();
+}
+/**
+ * Convert Nessus XML scan results to HDF format
+ */
+export async function convertNessusToHdf(nessusXml) {
+    validateInputSize(nessusXml, 'nessus');
+    // Calculate checksum of source scan data for integrity verification
+    const resultsChecksum = await inputChecksum(nessusXml);
+    const parsed = parseXmlWithArrays(nessusXml, ['preference', 'tag', 'ReportItem', 'ReportHost']);
+    const policyName = parsed.NessusClientData_v2.Policy.policyName;
+    const version = extractVersion(parsed);
+    // parseXmlWithArrays ensures ReportHost is always an array
+    const reportHosts = parsed.NessusClientData_v2.Report.ReportHost;
+    const { items: limitedHosts, truncated: truncatedHosts } = limitArray(reportHosts);
+    /* v8 ignore next -- truncation only triggers with >100K items */
+    if (truncatedHosts) {
+        // eslint-disable-next-line no-console
+        console.warn(`WARNING: Input truncated at ${limitedHosts.length} ReportHost items (original: ${reportHosts.length})`);
+    }
+    // Calculate start and end times from first and last host
+    const { startTime, duration } = calculateTiming(limitedHosts);
+    const baselines = [];
+    const components = [];
+    // Process each ReportHost
+    limitedHosts.forEach(host => {
+        const baseline = convertReportHostToBaseline(host, policyName, version, resultsChecksum);
+        baselines.push(baseline);
+        const target = convertReportHostToTarget(host);
+        components.push(target);
+    });
+    const tool = { name: 'Nessus' };
+    const result = {
+        baselines,
+        components,
+        statistics: {
+            duration,
+        },
+        generator: {
+            name: 'hdf-converters',
+            version: converterVersion,
+        },
+        tool,
+        timestamp: startTime,
+    };
+    return result;
+}
+function extractVersion(parsed) {
+    const prefs = parsed.NessusClientData_v2.Policy.Preferences?.ServerPreferences?.preference;
+    if (!prefs)
+        return '';
+    // parseXmlWithArrays ensures preference is always an array
+    const scVersion = prefs.find(p => p.name === 'sc_version');
+    return scVersion?.value || '';
+}
+function calculateTiming(hosts) {
+    if (hosts.length === 0) {
+        const now = new Date();
+        return { startTime: now, endTime: now, duration: 0 };
+    }
+    const firstHost = hosts[0];
+    const lastHost = hosts[hosts.length - 1];
+    const startTimeStr = getHostPropertyValue(firstHost, 'HOST_START');
+    const endTimeStr = getHostPropertyValue(lastHost, 'HOST_END') || getHostPropertyValue(lastHost, 'HOST_START');
+    const startTime = startTimeStr ? new Date(startTimeStr) : new Date();
+    const endTime = endTimeStr ? new Date(endTimeStr) : startTime;
+    const duration = (endTime.getTime() - startTime.getTime()) / 1000; // seconds
+    return { startTime, endTime, duration };
+}
+function getHostPropertyValue(host, name) {
+    const tags = host.HostProperties?.tag;
+    if (!tags)
+        return undefined;
+    // parseXmlWithArrays ensures tag is always an array
+    const tag = tags.find(t => t['name'] === name);
+    return tag?.['#text'];
+}
+function convertReportHostToBaseline(host, policyName, version, resultsChecksum) {
+    const items = host.ReportItem;
+    // parseXmlWithArrays ensures ReportItem is always an array
+    let requirements;
+    if (items) {
+        const { items: limitedItems, truncated: truncatedItems } = limitArray(items);
+        /* v8 ignore next -- truncation only triggers with >100K items */
+        if (truncatedItems) {
+            // eslint-disable-next-line no-console
+            console.warn(`WARNING: Input truncated at ${limitedItems.length} ReportItem items (original: ${items.length})`);
+        }
+        requirements = limitedItems.map(item => convertReportItemToRequirement(item, host));
+    }
+    else {
+        requirements = [];
+    }
+    return createMinimalBaseline(`Nessus ${policyName}`, requirements, {
+        title: `Nessus ${policyName}`,
+        version,
+        resultsChecksum,
+        status: 'loaded',
+        summary: `Nessus ${policyName}`,
+    });
+}
+function convertReportItemToRequirement(item, host) {
+    const isCompliance = !!item['compliance-reference'];
+    const id = isCompliance
+        ? parseComplianceRef(item['compliance-reference'], 'Vuln-ID')[0] || item['pluginID']
+        : item['pluginID'];
+    const title = isCompliance
+        ? (item['compliance-check-name'] || item['pluginName'])
+        : item['pluginName'];
+    const descriptions = buildDescriptions(item, isCompliance);
+    const impact = calculateImpact(item, isCompliance);
+    const tags = buildTags(item, isCompliance);
+    const refs = buildRefs(item);
+    const results = [buildResult(item, host, isCompliance)];
+    const code = JSON.stringify(item, null, 2);
+    return {
+        id,
+        title,
+        descriptions,
+        impact,
+        tags,
+        refs,
+        results,
+        code,
+    };
+}
+function buildDescriptions(item, isCompliance) {
+    const descriptions = [];
+    // Default description
+    if (isCompliance && item['compliance-info']) {
+        descriptions.push({
+            label: 'default',
+            data: parseHtml(item['compliance-info']),
+        });
+    }
+    else {
+        // Non-compliance: create description from metadata
+        const parts = [
+            `Plugin Family: ${item['pluginFamily']}`,
+            `Port: ${item['port']}`,
+            `Protocol: ${item['protocol']}`,
+        ];
+        descriptions.push({
+            label: 'default',
+            data: parts.join('; ') + ';',
+        });
+    }
+    // Fix/solution description
+    const solution = isCompliance ? item['compliance-solution'] : item.solution;
+    if (solution && solution !== 'n/a') {
+        descriptions.push({
+            label: 'fix',
+            data: parseHtml(solution),
+        });
+    }
+    else if (solution === 'n/a') {
+        descriptions.push({
+            label: 'fix',
+            data: 'n/a',
+        });
+    }
+    return descriptions;
+}
+function calculateImpact(item, isCompliance) {
+    if (isCompliance && item['compliance-reference']) {
+        const cat = parseComplianceRef(item['compliance-reference'], 'CAT')[0];
+        const catKey = cat?.toLowerCase();
+        return catKey ? (IMPACT_MAPPING[catKey] ?? 0.5) : 0.5;
+    }
+    return IMPACT_MAPPING[item['severity']] ?? 0.0;
+}
+function buildTags(item, isCompliance) {
+    const tags = {
+        rid: isCompliance
+            ? parseComplianceRef(item['compliance-reference'], 'Rule-ID').join(',')
+            : item['pluginID'],
+    };
+    // NIST tags
+    if (isCompliance && item['compliance-reference']) {
+        const cciTags = parseComplianceRef(item['compliance-reference'], 'CCI');
+        tags.cci = cciTags;
+        // Map CCI IDs to NIST controls using hdf-mappings
+        // Pattern: Extract source IDs → Map each ID → Flatten results → Deduplicate
+        const mappedControls = cciTags.flatMap(cci => getCCINistMappings(cci) ?? []);
+        tags.nist = [...new Set(mappedControls)];
+    }
+    else {
+        const nistControls = getNessusNistControl(item['pluginFamily'], item['pluginID']);
+        tags.nist = nistControls ? nistControls.split('|') : [];
+    }
+    // STIG ID for compliance
+    if (isCompliance && item['compliance-reference']) {
+        const stigId = parseComplianceRef(item['compliance-reference'], 'STIG-ID').join(',');
+        if (stigId) {
+            tags.stig_id = stigId;
+        }
+    }
+    // Additional Nessus metadata tags
+    if (item.risk_factor)
+        tags.risk_factor = item.risk_factor;
+    if (item.plugin_type)
+        tags.plugin_type = item.plugin_type;
+    if (item.plugin_publication_date)
+        tags.plugin_publication_date = item.plugin_publication_date;
+    if (item.fname)
+        tags.fname = item.fname;
+    if (item.cvss3_base_score)
+        tags.cvss3_base_score = item.cvss3_base_score;
+    if (item.cvss_base_score)
+        tags.cvss_base_score = item.cvss_base_score;
+    return tags;
+}
+function buildRefs(item) {
+    const refs = [];
+    if (item.see_also) {
+        refs.push({ url: item.see_also });
+    }
+    return refs.length > 0 ? refs : undefined;
+}
+function buildResult(item, host, isCompliance) {
+    const status = getStatus(item, isCompliance);
+    const codeDesc = getCodeDesc(item);
+    const message = item.plugin_output || item['compliance-actual-value'];
+    const startTimeStr = getHostPropertyValue(host, 'HOST_START');
+    const startTime = startTimeStr ? new Date(startTimeStr) : new Date();
+    return {
+        status,
+        codeDesc,
+        message: message || undefined,
+        startTime,
+    };
+}
+function getStatus(item, isCompliance) {
+    if (isCompliance && item['compliance-result']) {
+        const result = item['compliance-result'];
+        switch (result) {
+            case 'PASSED':
+                return ResultStatus.Passed;
+            case 'WARNING':
+                return ResultStatus.NotApplicable; // Heimdall2 maps WARNING to skipped
+            case 'ERROR':
+                return ResultStatus.Error;
+            default:
+                return ResultStatus.Failed;
+        }
+    }
+    // Non-compliance items are always failed (informational findings)
+    return ResultStatus.Failed;
+}
+function getCodeDesc(item) {
+    const desc = item.description || item.plugin_output || 'This Nessus Plugin does not provide output message.';
+    return parseHtml(desc);
+}
+function parseComplianceRef(ref, key) {
+    const matches = ref.split(',').filter(element => element.startsWith(key));
+    return matches.map(element => element.split('|')[1] || '');
+}
+function convertReportHostToTarget(host) {
+    const hostName = host['name'];
+    // Extract host properties into a lookup map
+    const hostProps = {};
+    const tags = host.HostProperties?.tag;
+    if (tags) {
+        // parseXmlWithArrays ensures tag is always an array
+        tags.forEach(tag => {
+            const name = tag['name'];
+            const value = tag['#text'];
+            if (name && value) {
+                hostProps[name] = value;
+            }
+        });
+    }
+    const target = {
+        name: hostName,
+        type: TargetType.Host,
+    };
+    // Map host properties to typed Component fields
+    if (isFQDN(hostName)) {
+        target.fqdn = hostName;
+    }
+    const hostIp = hostProps['host-ip'];
+    if (hostIp) {
+        target.ipAddress = hostIp;
+    }
+    else if (isIPAddress(hostName)) {
+        target.ipAddress = hostName;
+    }
+    if (hostProps['operating-system']) {
+        target.osName = hostProps['operating-system'];
+    }
+    if (hostProps['os']) {
+        target.osVersion = hostProps['os'];
+    }
+    if (hostProps['mac-address']) {
+        target.macAddress = hostProps['mac-address'].split('\n')[0];
+    }
+    if (hostProps['host-fqdn']) {
+        target.fqdn = hostProps['host-fqdn'];
+    }
+    target.labels = {};
+    return target;
+}
+function isFQDN(s) {
+    return s.includes('.') && !/^\d+\.\d+\.\d+\.\d+$/.test(s);
+}
+function isIPAddress(s) {
+    return /^\d+\.\d+\.\d+\.\d+$/.test(s) || s.includes(':');
+}
+//# sourceMappingURL=converter.js.map

package/dist/converters/nessus-to-hdf/typescript/converter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"converter.js","sourceRoot":"","sources":["../../../../converters/nessus-to-hdf/typescript/converter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC/E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,6CAA6C,CAAC;AAY3G,OAAO,EAAE,YAAY,EAAE,SAAS,IAAI,UAAU,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACjG,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAgEjF,4CAA4C;AAC5C,MAAM,cAAc,GAA2B;IAC7C,GAAG,EAAE,GAAG,EAAI,WAAW;IACvB,GAAG,EAAE,GAAG,EAAI,OAAO;IACnB,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG,EAAI,SAAS;IACrB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,GAAG,EAAI,MAAM;IAClB,KAAK,EAAE,GAAG;IACV,GAAG,EAAE,GAAG,EAAI,OAAO;CACpB,CAAC;AAEF;;GAEG;AACH,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,SAAiB;IACxD,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACvC,oEAAoE;IACpE,MAAM,eAAe,GAAa,MAAM,aAAa,CAAC,SAAS,CAAC,CAAC;IAEjE,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,EAAE,CAAC,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAyB,CAAC;IAExH,MAAM,UAAU,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC;IAChE,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACvC,2DAA2D;IAC3D,MAAM,WAAW,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,UAA0B,CAAC;IAEjF,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;IACnF,iEAAiE;IACjE,IAAI,cAAc,EAAE,CAAC;QACnB,sCAAsC;QACtC,OAAO,CAAC,IAAI,CAAC,+BAA+B,YAAY,CAAC,MAAM,gCAAgC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IACxH,CAAC;IAED,yDAAyD;IACzD,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAE9D,MAAM,SAAS,GAAwB,EAAE,CAAC;IAC1C,MAAM,UAAU,GAAgB,EAAE,CAAC;IAEnC,0BAA0B;IAC1B,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;QAC1B,MAAM,QAAQ,GAAG,2BAA2B,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;QACzF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEzB,MAAM,MAAM,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/C,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,GAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAEtC,MAAM,MAAM,GAAe;QACzB,SAAS;QACT,UAAU;QACV,UAAU,EAAE;YACV,QAAQ;SACT;QACD,SAAS,EAAE;YACT,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,gBAAgB;SAC1B;QACD,IAAI;QACJ,SAAS,EAAE,SAAS;KACrB,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,MAAiB;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,WAAW,EAAE,iBAAiB,EAAE,UAAU,CAAC;IAC3F,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,2DAA2D;IAC3D,MAAM,SAAS,GAAI,KAAgD,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;IACvG,OAAO,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC;AAChC,CAAC;AAED,SAAS,eAAe,CAAC,KAAmB;IAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IAE1C,MAAM,YAAY,GAAG,oBAAoB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACnE,MAAM,UAAU,GAAG,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,oBAAoB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE9G,MAAM,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IACrE,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9D,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;IAE7E,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAC1C,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAgB,EAAE,IAAY;IAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC;IACtC,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAE5B,oDAAoD;IACpD,MAAM,GAAG,GAAI,IAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC;IACtE,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,2BAA2B,CAClC,IAAgB,EAChB,UAAkB,EAClB,OAAe,EACf,eAAyB;IAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC;IAC9B,2DAA2D;IAC3D,IAAI,YAAoC,CAAC;IACzC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,UAAU,CAAC,KAAqB,CAAC,CAAC;QAC7F,iEAAiE;QACjE,IAAI,cAAc,EAAE,CAAC;YACnB,sCAAsC;YACxC,OAAO,CAAC,IAAI,CAAC,+BAA+B,YAAY,CAAC,MAAM,gCAAiC,KAAsB,CAAC,MAAM,GAAG,CAAC,CAAC;QAClI,CAAC;QACD,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,8BAA8B,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IACtF,CAAC;SAAM,CAAC;QACN,YAAY,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,OAAO,qBAAqB,CAAC,UAAU,UAAU,EAAE,EAAE,YAAY,EAAE;QACjE,KAAK,EAAE,UAAU,UAAU,EAAE;QAC7B,OAAO;QACP,eAAe;QACf,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,UAAU,UAAU,EAAE;KAChC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,8BAA8B,CAAC,IAAgB,EAAE,IAAgB;IACxE,MAAM,YAAY,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,YAAY;QACrB,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAE,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC;QACrF,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAErB,MAAM,KAAK,GAAG,YAAY;QACxB,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEvB,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC7B,MAAM,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAE3C,OAAO;QACL,EAAE;QACF,KAAK;QACL,YAAY;QACZ,MAAM;QACN,IAAI;QACJ,IAAI;QACJ,OAAO;QACP,IAAI;KACL,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAgB,EAAE,YAAqB;IAChE,MAAM,YAAY,GAAkB,EAAE,CAAC;IAEvC,sBAAsB;IACtB,IAAI,YAAY,IAAI,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC5C,YAAY,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;SACzC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,mDAAmD;QACnD,MAAM,KAAK,GAAG;YACZ,kBAAkB,IAAI,CAAC,cAAc,CAAC,EAAE;YACxC,SAAS,IAAI,CAAC,MAAM,CAAC,EAAE;YACvB,aAAa,IAAI,CAAC,UAAU,CAAC,EAAE;SAChC,CAAC;QACF,YAAY,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;IAC5E,IAAI,QAAQ,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;QACnC,YAAY,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC;SAC1B,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC9B,YAAY,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB,EAAE,YAAqB;IAC9D,IAAI,YAAY,IAAI,IAAI,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,GAAG,EAAE,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACxD,CAAC;IAED,OAAO,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,GAAG,CAAC;AACjD,CAAC;AAED,SAAS,SAAS,CAAC,IAAgB,EAAE,YAAqB;IACxD,MAAM,IAAI,GAA4B;QACpC,GAAG,EAAE,YAAY;YACf,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAE,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YACxE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;KACrB,CAAC;IAEF,YAAY;IACZ,IAAI,YAAY,IAAI,IAAI,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACjD,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC,CAAC;QACxE,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC;QACnB,kDAAkD;QAClD,4EAA4E;QAC5E,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,yBAAyB;IACzB,IAAI,YAAY,IAAI,IAAI,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrF,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACxB,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,WAAW;QAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC1D,IAAI,IAAI,CAAC,WAAW;QAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC1D,IAAI,IAAI,CAAC,uBAAuB;QAAE,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,uBAAuB,CAAC;IAC9F,IAAI,IAAI,CAAC,KAAK;QAAE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACxC,IAAI,IAAI,CAAC,gBAAgB;QAAE,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IACzE,IAAI,IAAI,CAAC,eAAe;QAAE,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;IAEtE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAC,IAAgB;IACjC,MAAM,IAAI,GAAgB,EAAE,CAAC;IAE7B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,SAAS,WAAW,CAAC,IAAgB,EAAE,IAAgB,EAAE,YAAqB;IAC5E,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACtE,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAErE,OAAO;QACL,MAAM;QACN,QAAQ;QACR,OAAO,EAAE,OAAO,IAAI,SAAS;QAC7B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,IAAgB,EAAE,YAAqB;IACxD,IAAI,YAAY,IAAI,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACzC,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,QAAQ;gBACX,OAAO,YAAY,CAAC,MAAM,CAAC;YAC7B,KAAK,SAAS;gBACZ,OAAO,YAAY,CAAC,aAAa,CAAC,CAAC,oCAAoC;YACzE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,KAAK,CAAC;YAC5B;gBACE,OAAO,YAAY,CAAC,MAAM,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,OAAO,YAAY,CAAC,MAAM,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAAC,IAAgB;IACnC,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,aAAa,IAAI,qDAAqD,CAAC;IAC7G,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW,EAAE,GAAW;IAClD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1E,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,yBAAyB,CAAC,IAAgB;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAE9B,4CAA4C;IAC5C,MAAM,SAAS,GAA2B,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC;IACtC,IAAI,IAAI,EAAE,CAAC;QACT,oDAAoD;QACnD,IAA0B,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;YACxC,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;YACzB,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;YAC3B,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;gBAClB,SAAS,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAc;QACxB,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,UAAU,CAAC,IAAI;KACtB,CAAC;IAEF,gDAAgD;IAChD,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,GAAG,QAAQ,CAAC;IACzB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC;IAC5B,CAAC;SAAM,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC9B,CAAC;IAED,IAAI,SAAS,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,UAAU,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;IAEnB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC3D,CAAC"}

package/dist/converters/nessus-to-hdf/typescript/fingerprint.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Nessus format fingerprint.
+ *
+ * Detects Nessus XML files by checking for <NessusClientData_v2> root element.
+ */
+import { type ConverterFingerprint } from '../../../shared/typescript/registry.js';
+export declare const nessusFingerprint: ConverterFingerprint;
+export declare function register(): void;
+//# sourceMappingURL=fingerprint.d.ts.map

package/dist/converters/nessus-to-hdf/typescript/fingerprint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fingerprint.d.ts","sourceRoot":"","sources":["../../../../converters/nessus-to-hdf/typescript/fingerprint.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAuC,KAAK,oBAAoB,EAAE,MAAM,wCAAwC,CAAC;AAGxH,eAAO,MAAM,iBAAiB,EAAE,oBAiB/B,CAAC;AAEF,wBAAgB,QAAQ,IAAI,IAAI,CAG/B"}

package/dist/converters/nessus-to-hdf/typescript/fingerprint.js

@@ -0,0 +1,34 @@
+/**
+ * Nessus format fingerprint.
+ *
+ * Detects Nessus XML files by checking for <NessusClientData_v2> root element.
+ */
+import { registerFingerprint, getFingerprint } from '../../../shared/typescript/registry.js';
+import { extractXmlRootElement } from '../../../shared/typescript/xml-utils.js';
+export const nessusFingerprint = {
+    id: 'nessus-to-hdf',
+    label: 'Nessus',
+    direction: 'ingest',
+    inputFamily: 'xml',
+    outputType: 'results',
+    fingerprint: (input) => {
+        if (typeof input !== 'string')
+            return 0;
+        const root = extractXmlRootElement(input);
+        if (!root)
+            return 0;
+        return root === 'NessusClientData_v2' ? 1.0 : 0;
+    },
+    detectVersion: (input) => {
+        if (typeof input !== 'string')
+            return '';
+        const root = extractXmlRootElement(input);
+        return root === 'NessusClientData_v2' ? '2' : '';
+    },
+};
+export function register() {
+    if (getFingerprint('nessus-to-hdf'))
+        return;
+    registerFingerprint(nessusFingerprint);
+}
+//# sourceMappingURL=fingerprint.js.map

package/dist/converters/nessus-to-hdf/typescript/fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fingerprint.js","sourceRoot":"","sources":["../../../../converters/nessus-to-hdf/typescript/fingerprint.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAA6B,MAAM,wCAAwC,CAAC;AACxH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAEhF,MAAM,CAAC,MAAM,iBAAiB,GAAyB;IACrD,EAAE,EAAE,eAAe;IACnB,KAAK,EAAE,QAAQ;IACf,SAAS,EAAE,QAAQ;IACnB,WAAW,EAAE,KAAK;IAClB,UAAU,EAAE,SAAS;IACrB,WAAW,EAAE,CAAC,KAAc,EAAU,EAAE;QACtC,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI;YAAE,OAAO,CAAC,CAAC;QACpB,OAAO,IAAI,KAAK,qBAAqB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,aAAa,EAAE,CAAC,KAAc,EAAU,EAAE;QACxC,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,IAAI,KAAK,qBAAqB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACnD,CAAC;CACF,CAAC;AAEF,MAAM,UAAU,QAAQ;IACtB,IAAI,cAAc,CAAC,eAAe,CAAC;QAAE,OAAO;IAC5C,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;AACzC,CAAC"}

package/dist/converters/nessus-to-hdf/typescript/index.d.ts

@@ -0,0 +1,2 @@
+export { convertNessusToHdf } from './converter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/converters/nessus-to-hdf/typescript/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../converters/nessus-to-hdf/typescript/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/converters/nessus-to-hdf/typescript/index.js

@@ -0,0 +1,2 @@
+export { convertNessusToHdf } from './converter.js';
+//# sourceMappingURL=index.js.map

package/dist/converters/nessus-to-hdf/typescript/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../converters/nessus-to-hdf/typescript/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/converters/netsparker-to-hdf/typescript/converter.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Converts Netsparker/Invicti XML scan results to HDF format.
+ * Handles both <netsparker-enterprise> and <invicti-enterprise> root elements.
+ *
+ * @param input - Netsparker/Invicti XML string
+ * @returns HDF JSON string
+ */
+export declare function convertNetsparkerToHdf(input: string): Promise<string>;
+//# sourceMappingURL=converter.d.ts.map

package/dist/converters/netsparker-to-hdf/typescript/converter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"converter.d.ts","sourceRoot":"","sources":["../../../../converters/netsparker-to-hdf/typescript/converter.ts"],"names":[],"mappings":"AAgRA;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8D3E"}

package/dist/converters/netsparker-to-hdf/typescript/converter.js

@@ -0,0 +1,211 @@
+import { parseXmlWithArrays } from '@mitre/hdf-utilities';
+import { nistToCci, DEFAULT_STATIC_ANALYSIS_NIST_TAGS, getOwaspNistControl, getCweNistControl, } from '@mitre/hdf-mappings';
+import { inputChecksum, buildNistCciTags, limitArray, stripHTML, validateInputSize, buildHdfResults, } from '../../../shared/typescript/converterutil.js';
+import { ResultStatus, Copyright, createMinimalBaseline, } from '@mitre/hdf-schema';
+// --- Severity to impact mapping ---
+const IMPACT_MAPPING = {
+    'critical': 1.0,
+    'high': 0.7,
+    'medium': 0.5,
+    'low': 0.3,
+    'best_practice': 0.0,
+    'information': 0.0,
+};
+function getImpact(severity) {
+    return IMPACT_MAPPING[severity.toLowerCase()] ?? 0.5;
+}
+// --- Format helpers ---
+function formatCodeDesc(request) {
+    const parts = [];
+    parts.push(`http-request : ${request?.content ?? ''}`);
+    parts.push(`method : ${request?.method ?? ''}`);
+    return parts.join('\n');
+}
+function formatMessage(response) {
+    const parts = [];
+    parts.push(`http-response : ${response?.content ?? ''}`);
+    parts.push(`duration : ${response?.duration ?? ''}`);
+    parts.push(`status-code  : ${response?.['status-code'] ?? ''}`);
+    return parts.join('\n');
+}
+function formatControlDesc(vuln) {
+    const parts = [];
+    if (vuln.description) {
+        parts.push(stripHTML(vuln.description));
+    }
+    if (vuln['exploitation-skills']) {
+        parts.push(`Exploitation-skills: ${vuln['exploitation-skills']}`);
+    }
+    const cweVal = vuln.classification?.cwe ?? '';
+    const owaspVal = vuln.classification?.owasp ?? '';
+    if (cweVal || owaspVal) {
+        parts.push(`Classification: cwe=>${cweVal}, owasp=>${owaspVal}`);
+    }
+    if (vuln.impact) {
+        parts.push(`Impact: ${stripHTML(vuln.impact)}`);
+    }
+    if (vuln.FirstSeenDate) {
+        parts.push(`FirstSeenDate: ${vuln.FirstSeenDate}`);
+    }
+    if (vuln.LastSeenDate) {
+        parts.push(`LastSeenDate: ${vuln.LastSeenDate}`);
+    }
+    if (vuln.certainty) {
+        parts.push(`Certainty: ${vuln.certainty}`);
+    }
+    if (vuln.type) {
+        parts.push(`Type: ${vuln.type}`);
+    }
+    if (vuln.confirmed) {
+        parts.push(`Confirmed: ${vuln.confirmed}`);
+    }
+    return parts.join('\n');
+}
+/**
+ * Performs dual NIST mapping from both CWE and OWASP IDs.
+ * Returns a deduplicated sorted list of NIST controls, falling back to
+ * DEFAULT_STATIC_ANALYSIS_NIST_TAGS if no mappings are found.
+ */
+function mapNISTFromCWEAndOWASP(cweID, owaspID) {
+    const controls = new Set();
+    // CWE -> NIST
+    if (cweID) {
+        const numericId = parseInt(cweID, 10);
+        if (!isNaN(numericId)) {
+            const nistControl = getCweNistControl(numericId);
+            if (nistControl) {
+                controls.add(nistControl);
+            }
+        }
+    }
+    // OWASP -> NIST
+    if (owaspID) {
+        const nistControl = getOwaspNistControl(owaspID);
+        if (nistControl) {
+            controls.add(nistControl);
+        }
+    }
+    return controls.size > 0
+        ? [...controls].sort()
+        : [...DEFAULT_STATIC_ANALYSIS_NIST_TAGS];
+}
+/**
+ * Builds a single EvaluatedRequirement from a vulnerability.
+ */
+function buildRequirement(vuln, initiated) {
+    const cweID = vuln.classification?.cwe ?? '';
+    const owaspID = vuln.classification?.owasp ?? '';
+    const nist = mapNISTFromCWEAndOWASP(cweID, owaspID);
+    const cciTags = nistToCci(nist);
+    const extras = {};
+    if (cweID) {
+        extras.cweid = cweID;
+    }
+    if (owaspID) {
+        extras.owasp = owaspID;
+    }
+    const tags = buildNistCciTags(nist, cciTags, Object.keys(extras).length > 0 ? extras : undefined);
+    // Default description
+    const defaultDesc = formatControlDesc(vuln);
+    const descriptions = [
+        { label: 'default', data: defaultDesc || vuln.name || '' },
+    ];
+    // Check description
+    const checkParts = [];
+    if (vuln['exploitation-skills']) {
+        checkParts.push(`Exploitation-skills: ${vuln['exploitation-skills']}`);
+    }
+    if (vuln['proof-of-concept']) {
+        checkParts.push(`Proof-of-concept: ${stripHTML(vuln['proof-of-concept'])}`);
+    }
+    if (checkParts.length > 0) {
+        descriptions.push({ label: 'check', data: stripHTML(checkParts.join('\n')) });
+    }
+    // Fix description
+    const fixParts = [];
+    if (vuln['remedial-actions']) {
+        fixParts.push(`Remedial-actions: ${stripHTML(vuln['remedial-actions'])}`);
+    }
+    if (vuln['remedial-procedure']) {
+        fixParts.push(`Remedial-procedure: ${stripHTML(vuln['remedial-procedure'])}`);
+    }
+    if (vuln['remedy-references']) {
+        fixParts.push(`Remedy-references: ${stripHTML(vuln['remedy-references'])}`);
+    }
+    if (fixParts.length > 0) {
+        descriptions.push({ label: 'fix', data: fixParts.join('\n') });
+    }
+    // Result
+    const codeDesc = formatCodeDesc(vuln['http-request']);
+    const message = formatMessage(vuln['http-response']);
+    const startTime = initiated ? new Date(initiated) : new Date('0001-01-01T00:00:00Z');
+    const results = [{
+            status: ResultStatus.Failed,
+            codeDesc,
+            message,
+            startTime,
+        }];
+    const impact = getImpact(vuln.severity ?? '');
+    return {
+        id: vuln.LookupId ?? '',
+        title: vuln.name ?? undefined,
+        impact,
+        tags,
+        descriptions,
+        results,
+    };
+}
+/**
+ * Converts Netsparker/Invicti XML scan results to HDF format.
+ * Handles both <netsparker-enterprise> and <invicti-enterprise> root elements.
+ *
+ * @param input - Netsparker/Invicti XML string
+ * @returns HDF JSON string
+ */
+export async function convertNetsparkerToHdf(input) {
+    if (!input || input.trim().length === 0) {
+        throw new Error('netsparker: empty input');
+    }
+    validateInputSize(input, 'netsparker');
+    const resultsChecksum = await inputChecksum(input);
+    // Parse XML — ensure vulnerability is always treated as array
+    const parsed = parseXmlWithArrays(input, ['vulnerability']);
+    // Detect root element
+    const isInvicti = !!parsed['invicti-enterprise'];
+    const data = parsed['invicti-enterprise'] ?? parsed['netsparker-enterprise'] ?? {};
+    if (!data.vulnerabilities && !data.target) {
+        throw new Error('netsparker: invalid XML — missing expected root element');
+    }
+    const toolName = isInvicti ? 'Invicti' : 'Netsparker';
+    const vulns = data.vulnerabilities?.vulnerability ?? [];
+    const target = data.target ?? {};
+    const initiated = target.initiated ?? '';
+    const { items: limitedVulns, truncated } = limitArray(vulns);
+    /* v8 ignore next -- truncation only triggers with >100K items */
+    if (truncated) {
+        // eslint-disable-next-line no-console
+        console.warn(`WARNING: Input truncated at ${limitedVulns.length} vulnerability items (original: ${vulns.length})`);
+    }
+    // Build one requirement per vulnerability
+    const requirements = limitedVulns.map(vuln => buildRequirement(vuln, initiated));
+    const title = `${toolName} Enterprise Scan ID: ${target['scan-id'] ?? ''} URL: ${target.url ?? ''}`;
+    const baseline = createMinimalBaseline('Netsparker Scan', requirements, {
+        resultsChecksum,
+        title,
+    });
+    const targetName = target.url ?? 'Unknown';
+    return buildHdfResults({
+        generatorName: 'netsparker-to-hdf',
+        converterVersion: '1.0.0',
+        toolName,
+        toolFormat: 'XML',
+        baselines: [baseline],
+        components: [
+            {
+                name: targetName,
+                type: Copyright.Application,
+            },
+        ],
+    });
+}
+//# sourceMappingURL=converter.js.map

package/dist/converters/netsparker-to-hdf/typescript/converter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"converter.js","sourceRoot":"","sources":["../../../../converters/netsparker-to-hdf/typescript/converter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EACL,SAAS,EACT,iCAAiC,EACjC,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,eAAe,GAChB,MAAM,6CAA6C,CAAC;AAQrD,OAAO,EACL,YAAY,EACZ,SAAS,EACT,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAmE3B,qCAAqC;AAErC,MAAM,cAAc,GAA2B;IAC7C,UAAU,EAAE,GAAG;IACf,MAAM,EAAE,GAAG;IACX,QAAQ,EAAE,GAAG;IACb,KAAK,EAAE,GAAG;IACV,eAAe,EAAE,GAAG;IACpB,aAAa,EAAE,GAAG;CACnB,CAAC;AAEF,SAAS,SAAS,CAAC,QAAgB;IACjC,OAAO,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,GAAG,CAAC;AACvD,CAAC;AAED,yBAAyB;AAEzB,SAAS,cAAc,CAAC,OAA0C;IAChE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,OAAO,EAAE,OAAO,IAAI,EAAE,EAAE,CAAC,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC,CAAC;IAChD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,QAA4C;IACjE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,mBAAmB,QAAQ,EAAE,OAAO,IAAI,EAAE,EAAE,CAAC,CAAC;IACzD,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,EAAE,QAAQ,IAAI,EAAE,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,kBAAkB,QAAQ,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAChE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAoB;IAC7C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,wBAAwB,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,IAAI,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC;IAClD,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,YAAY,QAAQ,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,sBAAsB,CAAC,KAAa,EAAE,OAAe;IAC5D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,cAAc;IACd,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,WAAW,EAAE,CAAC;gBAChB,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,GAAG,CAAC;QACtB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,EAAE;QACtB,CAAC,CAAC,CAAC,GAAG,iCAAiC,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,IAAoB,EACpB,SAAiB;IAEjB,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,IAAI,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,EAAE,KAAK,IAAI,EAAE,CAAC;IAEjD,MAAM,IAAI,GAAG,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAEhC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAElG,sBAAsB;IACtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAkB;QAClC,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,EAAE;KAC3D,CAAC;IAEF,oBAAoB;IACpB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAChC,UAAU,CAAC,IAAI,CAAC,wBAAwB,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC7B,UAAU,CAAC,IAAI,CAAC,qBAAqB,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,kBAAkB;IAClB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC,qBAAqB,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC,uBAAuB,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,SAAS;IACT,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IAErD,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAErF,MAAM,OAAO,GAAwB,CAAC;YACpC,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,QAAQ;YACR,OAAO;YACP,SAAS;SACV,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAE9C,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE;QACvB,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,SAAS;QAC7B,MAAM;QACN,IAAI;QACJ,YAAY;QACZ,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAAa;IACxD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,iBAAiB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAEvC,MAAM,eAAe,GAAa,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;IAE7D,8DAA8D;IAC9D,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,EAAE,CAAC,eAAe,CAAC,CAA6B,CAAC;IAExF,sBAAsB;IACtB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACjD,MAAM,IAAI,GAAyB,MAAM,CAAC,oBAAoB,CAAC,IAAI,MAAM,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;IAEzG,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IACtD,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,EAAE,aAAa,IAAI,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;IAEzC,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAC7D,iEAAiE;IACjE,IAAI,SAAS,EAAE,CAAC;QACd,sCAAsC;QACtC,OAAO,CAAC,IAAI,CAAC,+BAA+B,YAAY,CAAC,MAAM,mCAAmC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IACrH,CAAC;IAED,0CAA0C;IAC1C,MAAM,YAAY,GAA2B,YAAY,CAAC,GAAG,CAC3D,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAC1C,CAAC;IAEF,MAAM,KAAK,GAAG,GAAG,QAAQ,wBAAwB,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,MAAM,CAAC,GAAG,IAAI,EAAE,EAAE,CAAC;IAEpG,MAAM,QAAQ,GAAsB,qBAAqB,CACvD,iBAAiB,EACjB,YAAY,EACZ;QACE,eAAe;QACf,KAAK;KACN,CACmB,CAAC;IAEvB,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IAE3C,OAAO,eAAe,CAAC;QACrB,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,OAAO;QACzB,QAAQ;QACR,UAAU,EAAE,KAAK;QACjB,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,UAAU,EAAE;YACV;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,SAAS,CAAC,WAAW;aAC5B;SACF;KACF,CAAC,CAAC;AACL,CAAC"}