npm - @mitre/hdf-converters - Versions diffs - 2.13.0 → 3.0.0 - Mend

@mitre/hdf-converters 2.13.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (934) hide show

package/lib/src/cyclonedx-sbom-mapper.js DELETED Viewed

@@ -1,523 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CycloneDXSBOMMapper = exports.CycloneDXSBOMResults = void 0;
-const inspecjs_1 = require("inspecjs");
-const lodash_1 = __importDefault(require("lodash"));
-const package_json_1 = require("../package.json");
-const base_converter_1 = require("./base-converter");
-const CweNistMapping_1 = require("./mappings/CweNistMapping");
-const global_1 = require("./utils/global");
-const cvssMethods = ['CVSSv2', 'CVSSv3', 'CVSSv31', 'CVSSv4'];
-const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
-const DEFAULT_NIST_TAG = ['SI-2', 'RA-5'];
-const IMPACT_MAPPING = new Map([
-    ['critical', 1.0],
-    ['high', 0.7],
-    ['medium', 0.5],
-    ['low', 0.3],
-    ['info', 0.5],
-    ['none', 0.0],
-    ['unknown', 0.5]
-]);
-// Convert object type to string[] and prepend `CWE` if used directly for tag display
-function formatCWETags(input, addPrefix = true) {
-    return input && Array.isArray(input)
-        ? input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`))
-        : [];
-}
-// Convert gathered CWEs to corresponding NIST 800-53s
-function getNISTTags(input) {
-    return CWE_NIST_MAPPING.nistFilter(formatCWETags(input, false), DEFAULT_NIST_TAG);
-}
-// A single SBOM vulnerability can contain multiple security ratings
-// Find the max of any existing ratings and then pass to `impact`
-function maxImpact(ratings) {
-    return ratings
-        .map((rating) => rating.score &&
-        rating.method &&
-        cvssMethods.includes(rating.method) // cast required since .includes expects the parameter to be a subtype
-        ? // Prefer to use CVSS-based `score` field when possible
-            rating.score / 10
-        : // Else interpret it from `severity` field, defaulting to medium/0.5
-            (IMPACT_MAPPING.get(rating.severity?.toLowerCase() ?? '') ?? 0.5))
-        .reduce((maxValue, newValue) =>
-    // Find max of existing ratings
-    maxValue > newValue ? maxValue : newValue, 0);
-}
-// If the highest rating severity for a control is `info` or `unknown`, set the results to skipped and request a manual review
-function skipSeverityInfoOrUnknown(controls) {
-    if (controls) {
-        controls
-            // Filter to controls whose highest rating severity is either `info` or `unknown`
-            .filter((control) => {
-            const ratings = lodash_1.default.get(control, 'tags.ratings', '').split(/ - |, /);
-            return ((ratings.includes('info') || ratings.includes('unknown')) &&
-                !(ratings.includes('critical') ||
-                    ratings.includes('high') ||
-                    ratings.includes('medium') ||
-                    ratings.includes('low') ||
-                    ratings.includes('none')));
-        })
-            // For every result contained by that control, set the status to skipped and request a manual review
-            .map((control) => control.results.map((result) => {
-            result.status = inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
-            result.skip_message =
-                'Manual review required because a CycloneDX rating severity is set to `info` or `unknown`.';
-        }));
-    }
-    return controls;
-}
-class CycloneDXSBOMResults {
-    data;
-    withRaw;
-    constructor(sbomJson, withRaw = false) {
-        this.data = {
-            components: [],
-            vulnerabilities: [],
-            raw: JSON.parse(sbomJson)
-        };
-        this.withRaw = withRaw;
-        if (this.data.raw.components) {
-            // We know this is SBOM data
-            this.flattenComponents(this.data);
-            if (this.data.raw.vulnerabilities) {
-                // If this SBOM data has a vulnerabilities field, we can create an intermediary object
-                this.generateIntermediary(this.data);
-            }
-        }
-        else if (this.data.raw.vulnerabilities) {
-            // Back up in case we ingest VEX data instead
-            this.formatVEX(this.data);
-        }
-        else {
-            throw new Error('Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.');
-        }
-    }
-    // Flatten any arbitrarily nested components list
-    flattenComponents(data) {
-        // Pull components from raw data
-        data.components = lodash_1.default.cloneDeep(data.raw.components);
-        // Look through every component at the top level of the list
-        for (const component of data.components) {
-            // Identify if subcomponents exist
-            if (component.components) {
-                // If so, pull out the subcomponents and push them to end of top level component list for further flattening
-                data.components.push(...component.components);
-                delete component.components;
-            }
-        }
-    }
-    /*
-    Copy the indices of all components that are affected by a vulnerability and place them under that corresponding vulnerability
-    Also note in each component the IDs of the vulnerabilities that affect them
-    This allows for bidirectional traversal in SBOM view
-    Should result in the following general structure:
-    {
-      components: [
-        component: {
-          affectingVulnerabilities: [ // Added field
-            vulnID,
-            ...
-          ],
-          ...
-        },
-        ...
-      ],
-      vulnerabilities: [
-        vulnerability: {
-          affectedComponents: [       // Added field
-            componentIndex,
-            ...
-          ],
-          ...
-        },
-        ...
-      ],
-      ...
-    }
-    */
-    generateIntermediary(data) {
-        // Pull vulnerabilities from raw data
-        data.vulnerabilities = lodash_1.default.cloneDeep(data.raw.vulnerabilities);
-        for (const vulnerability of data.vulnerabilities) {
-            vulnerability.affectedComponents = [];
-            vulnerability.affectedComponents.push(...Array.from(data.components.entries())
-                // Find every component that is affected via listed bom-refs
-                .filter(([_index, component]) => vulnerability.affects
-                ?.map((id) => id.ref.toString())
-                .includes(component['bom-ref']))
-                // Add the index of that affected component to the corresponding vulnerability object
-                .map(([index, _component]) => index));
-            // Also record the ID of the vulnerability in the component for use in bidirectional traversal
-            for (const index of vulnerability.affectedComponents) {
-                if (!data.components[index].affectingVulnerabilities) {
-                    data.components[index].affectingVulnerabilities = [];
-                }
-                data.components[index].affectingVulnerabilities.push(lodash_1.default.get(vulnerability, 'bom-ref'));
-            }
-        }
-    }
-    // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF
-    // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM
-    formatVEX(data) {
-        // Pull vulnerabilities from raw data
-        data.vulnerabilities = [
-            ...lodash_1.default.cloneDeep(data.raw.vulnerabilities)
-        ];
-        for (const vulnerability of data.vulnerabilities) {
-            vulnerability.affectedComponents = vulnerability.affects?.map((id) => {
-                // Build a dummy component for each bom-ref identified as being affected by the vulnerability
-                const dummy = {
-                    name: `${id.ref}`,
-                    'bom-ref': `${id.ref}`,
-                    isDummy: true,
-                    type: 'application' // a type must be provided, and "application" is the default classification
-                };
-                // Add that component to the corresponding vulnerability object
-                data.components.push(dummy);
-                // Return the index of that dummy object
-                return data.components.length - 1;
-            });
-        }
-    }
-    toHdf() {
-        return new CycloneDXSBOMMapper(this.data, this.withRaw).toHdf();
-    }
-}
-exports.CycloneDXSBOMResults = CycloneDXSBOMResults;
-class CycloneDXSBOMMapper extends base_converter_1.BaseConverter {
-    withRaw;
-    // Pull any keys from a given index for the stored components listing
-    getComponentValueAtIndex(index, keys) {
-        return lodash_1.default.pick(this.data.components[index], keys);
-    }
-    mappings = {
-        platform: {
-            name: 'Heimdall Tools',
-            release: package_json_1.version
-        },
-        version: package_json_1.version,
-        statistics: {},
-        profiles: [
-            {
-                name: {
-                    path: 'raw.metadata.component',
-                    transformer: (input) => lodash_1.default.has(input, 'bom-ref')
-                        ? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}`
-                        : 'CycloneDX BOM Report'
-                },
-                title: {
-                    path: 'raw.metadata.component',
-                    transformer: (input) => {
-                        if (input.name) {
-                            const group = input.group ? `${input.group}/` : '';
-                            return `${group}${input.name} CycloneDX BOM Report`;
-                        }
-                        else {
-                            return 'CycloneDX BOM Report';
-                        }
-                    }
-                },
-                version: {
-                    path: 'raw.metadata.component.version',
-                    transformer: global_1.filterString
-                },
-                maintainer: {
-                    path: 'raw.metadata.component',
-                    transformer: (input) => {
-                        // Find organization of authors if possible
-                        const manufacturer = lodash_1.default.has(input, 'manufacturer')
-                            ? ` (${input.manufacturer.name})`
-                            : '';
-                        // Check through every single possible field which may hold ownership over this component
-                        if (lodash_1.default.has(input, 'authors')) {
-                            // Join list of component authors
-                            return input.authors
-                                .map((author) => `${author.name}${manufacturer}`)
-                                .join(', ');
-                        }
-                        else if (input.author) {
-                            // `author` is deprecated in v1.6 but may still appear
-                            return `${input.author}${manufacturer}`;
-                        }
-                        else {
-                            return undefined;
-                        }
-                    }
-                },
-                summary: {
-                    path: 'raw.metadata.component.description',
-                    transformer: global_1.filterString
-                },
-                copyright: {
-                    path: 'raw.metadata.component.copyright',
-                    transformer: global_1.filterString
-                },
-                license: {
-                    path: 'raw.metadata.component',
-                    transformer: (input) => {
-                        if (!input.licenses) {
-                            return undefined;
-                        }
-                        // Certain license reports only provide the license name in the `name` field
-                        // Check there first and then default to `id`
-                        return input.licenses
-                            ?.map((license) => license?.license?.name
-                            ? license.license.name
-                            : license?.license?.id)
-                            .filter((identifier) => identifier)
-                            .join(', ');
-                    }
-                },
-                supports: [],
-                attributes: [],
-                groups: [],
-                status: 'loaded',
-                controls: [
-                    {
-                        path: 'vulnerabilities',
-                        key: 'id',
-                        tags: {
-                            nist: {
-                                path: 'cwes',
-                                transformer: getNISTTags
-                            },
-                            cci: {
-                                path: 'cwes',
-                                transformer: (input) => (0, global_1.getCCIsForNISTTags)(getNISTTags(input))
-                            },
-                            cwe: { path: 'cwes', transformer: formatCWETags },
-                            'bom-ref': {
-                                path: 'bom-ref',
-                                transformer: global_1.filterString
-                            },
-                            ratings: {
-                                path: 'ratings',
-                                transformer: (input) => input
-                                    ? [...input]
-                                        .map((rating) => {
-                                        const ratingSource = rating.source?.name
-                                            ? `${rating.source?.name} - `
-                                            : 'Unidentified Source - ';
-                                        return `${ratingSource}${rating.severity}`;
-                                    })
-                                        .join(', ')
-                                    : undefined
-                            },
-                            created: {
-                                path: 'created',
-                                transformer: global_1.filterString
-                            },
-                            published: {
-                                path: 'published',
-                                transformer: global_1.filterString
-                            },
-                            updated: {
-                                path: 'updated',
-                                transformer: global_1.filterString
-                            },
-                            // Workflow items will not affect `impact`
-                            rejected: {
-                                path: 'rejected',
-                                transformer: global_1.filterString
-                            },
-                            credits: {
-                                path: 'credits',
-                                transformer: (input) => input
-                                    ? `${input.individuals
-                                        ?.map((individual) => individual.name)
-                                        .filter((name) => name)
-                                        .join(', ')}`
-                                    : undefined
-                            },
-                            tools: {
-                                path: 'tools',
-                                transformer: (input) => {
-                                    if (!input) {
-                                        return undefined;
-                                    }
-                                    if (Array.isArray(input)) {
-                                        return input
-                                            .map((tool) => tool.name)
-                                            .filter((name) => name)
-                                            .join(', ');
-                                    }
-                                    return [
-                                        ...(input.components?.map((component) => component.name) ??
-                                            []),
-                                        ...(input.services?.map((component) => component.name) ??
-                                            [])
-                                    ].join(', ');
-                                }
-                            },
-                            // Workflow items will not affect `impact`
-                            'analysis.state': {
-                                path: 'analysis.state',
-                                transformer: global_1.filterString
-                            },
-                            'analysis.justification': {
-                                path: 'analysis.justification',
-                                transformer: global_1.filterString
-                            },
-                            'analysis.response': {
-                                path: 'analysis.response',
-                                transformer: (input) => input && input.length > 0 ? input.join(', ') : undefined
-                            },
-                            'analysis.detail': {
-                                path: 'analysis.detail',
-                                transformer: global_1.filterString
-                            },
-                            'analysis.firstIssued': {
-                                path: 'analysis.firstIssued',
-                                transformer: global_1.filterString
-                            },
-                            'analysis.lastUpdated': {
-                                path: 'analysis.lastUpdated',
-                                transformer: global_1.filterString
-                            }
-                        },
-                        descriptions: {
-                            transformer: (input) => {
-                                const recommendation = input.recommendation
-                                    ? `Recommendation: ${input.recommendation}`
-                                    : '';
-                                // Workaround not defined by types? Use lodash for now until proper type is implemented
-                                const workaround = lodash_1.default.has(input, 'workaround')
-                                    ? `Workaround: ${input.workaround}`
-                                    : '';
-                                return [
-                                    recommendation || workaround
-                                        ? {
-                                            data: `${recommendation}\n\n${workaround}`.trim(),
-                                            label: 'fix'
-                                        }
-                                        : undefined,
-                                    lodash_1.default.has(input, 'proofOfConcept')
-                                        ? {
-                                            data: `Proof of concept: ${JSON.stringify(lodash_1.default.get(input, 'proofOfConcept'), null, 2)}`,
-                                            label: 'check'
-                                        }
-                                        : undefined
-                                ].filter((subdescription) => subdescription);
-                            }
-                        },
-                        refs: [
-                            {
-                                transformer: (input) => {
-                                    const searchFor = ['source', 'references', 'advisories'];
-                                    const ref = searchFor
-                                        .filter((key) => input.hasOwnProperty(key))
-                                        .map((key) => lodash_1.default.pick(input, key));
-                                    return { ref: ref };
-                                }
-                            }
-                        ],
-                        source_location: {},
-                        title: {
-                            // Give description as title if possible
-                            transformer: (input) => input.description ? `${input.description}` : `${input.id}`
-                        },
-                        id: { path: 'id' },
-                        desc: {
-                            transformer: (input) => {
-                                const description = input.description
-                                    ? `Description: ${input.description}`
-                                    : '';
-                                const detail = input.detail ? `Detail: ${input.detail}` : '';
-                                return (0, global_1.filterString)(`${description}\n\n${detail}`.trim());
-                            }
-                        },
-                        impact: {
-                            transformer: (input) => maxImpact(input.ratings ?? [])
-                        },
-                        code: {
-                            transformer: (vulnerability) => JSON.stringify(lodash_1.default.omit(vulnerability, 'affectedComponents'), null, 2)
-                        },
-                        arrayTransformer: skipSeverityInfoOrUnknown,
-                        results: [
-                            {
-                                path: 'affectedComponents',
-                                status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
-                                code_desc: {
-                                    transformer: (index) => {
-                                        const selectComponentValues = this.getComponentValueAtIndex(index, ['group', 'version', 'name']);
-                                        const group = lodash_1.default.has(selectComponentValues, 'group')
-                                            ? `${selectComponentValues.group}/`
-                                            : '';
-                                        const version = lodash_1.default.has(selectComponentValues, 'version')
-                                            ? `@${selectComponentValues.version}`
-                                            : '';
-                                        return `Component ${group}${lodash_1.default.get(selectComponentValues, 'name')}${version} is vulnerable`;
-                                    }
-                                },
-                                message: {
-                                    transformer: (index) => {
-                                        // Selectively pick out fields to display; full components are listed in full component structure
-                                        const selectComponentValues = this.getComponentValueAtIndex(index, [
-                                            'type',
-                                            'mime-type',
-                                            'bom-ref',
-                                            'supplier',
-                                            'manufacturer',
-                                            'authors', // Replaces `author` in v1.6
-                                            'author', // Deprecated in v1.6
-                                            'publisher',
-                                            'group',
-                                            'name',
-                                            'version',
-                                            'description',
-                                            'licenses',
-                                            'copyright'
-                                        ]);
-                                        const msg = Object.keys(selectComponentValues)
-                                            .map((key) => {
-                                            return Array.isArray(selectComponentValues[key])
-                                                ? `\n\n- ${lodash_1.default.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`
-                                                : `\n\n- ${lodash_1.default.capitalize(key)}: ${selectComponentValues[key]}`;
-                                        })
-                                            .join('');
-                                        return `-Component Summary-${msg}`;
-                                    }
-                                },
-                                start_time: ''
-                            }
-                        ]
-                    }
-                ],
-                sha256: ''
-            }
-        ],
-        passthrough: {
-            transformer: (input) => {
-                // VEX files will generate dummy components for control results
-                // Filter them out for the proper components listing
-                const components = input.components.filter((component) => !component.isDummy);
-                return {
-                    auxiliary_data: [
-                        {
-                            name: 'SBOM',
-                            components: components.length ? components : undefined,
-                            dependencies: lodash_1.default.get(input, 'raw.dependencies'),
-                            data: lodash_1.default.omit(input.raw, [
-                                'components',
-                                'vulnerabilities',
-                                'dependencies'
-                            ])
-                        }
-                    ],
-                    ...(this.withRaw && { raw: input.raw })
-                };
-            }
-        }
-    };
-    constructor(exportJson, withRaw = false) {
-        super(exportJson, true);
-        this.withRaw = withRaw;
-    }
-}
-exports.CycloneDXSBOMMapper = CycloneDXSBOMMapper;
-//# sourceMappingURL=cyclonedx-sbom-mapper.js.map

package/lib/src/cyclonedx-sbom-mapper.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"cyclonedx-sbom-mapper.js","sourceRoot":"","sources":["../../src/cyclonedx-sbom-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAA6E;AAC7E,8DAAyD;AACzD,2CAAgE;AAoBhE,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAU,CAAC;AA2BvE,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC1C,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,SAAS,EAAE,GAAG,CAAC;CACjB,CAAC,CAAC;AAEH,qFAAqF;AACrF,SAAS,aAAa,CACpB,KAEiE,EACjE,SAAS,GAAG,IAAI;IAEhB,OAAO,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAClC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED,sDAAsD;AACtD,SAAS,WAAW,CAClB,KAEiE;IAEjE,OAAO,gBAAgB,CAAC,UAAU,CAChC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,EAC3B,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,iEAAiE;AACjE,SAAS,SAAS,CAAC,OAAwC;IACzD,OAAO,OAAO;SACX,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACd,MAAM,CAAC,KAAK;QACZ,MAAM,CAAC,MAAM;QACb,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAwB,CAAC,CAAC,sEAAsE;QAC1H,CAAC,CAAC,uDAAuD;YACvD,MAAM,CAAC,KAAK,GAAG,EAAE;QACnB,CAAC,CAAC,oEAAoE;YACpE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,CACtE;SACA,MAAM,CACL,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE;IACrB,+BAA+B;IAC/B,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAC3C,CAAC,CACF,CAAC;AACN,CAAC;AAED,8HAA8H;AAC9H,SAAS,yBAAyB,CAAC,QAAmB;IACpD,IAAI,QAAQ,EAAE,CAAC;QACZ,QAA+B;YAC9B,iFAAiF;aAChF,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;YAClB,MAAM,OAAO,GAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,EAAE,CAAY,CAAC,KAAK,CAClE,QAAQ,CACT,CAAC;YACF,OAAO,CACL,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACzD,CAAC,CACC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;oBACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBAC1B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CACzB,CACF,CAAC;QACJ,CAAC,CAAC;YACF,oGAAoG;aACnG,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CACf,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAC7B,MAAM,CAAC,MAAM,GAAG,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;YACrD,MAAM,CAAC,YAAY;gBACjB,2FAA2F,CAAC;QAChG,CAAC,CAAC,CACH,CAAC;IACN,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAa,oBAAoB;IAC/B,IAAI,CAAc;IAClB,OAAO,CAAU;IACjB,YAAY,QAAgB,EAAE,OAAO,GAAG,KAAK;QAC3C,IAAI,CAAC,IAAI,GAAG;YACV,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,EAAE;YACnB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;SAC1B,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;YAC7B,4BAA4B;YAC5B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;gBAClC,sFAAsF;gBACtF,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;YACzC,6CAA6C;YAC7C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,iBAAiB,CAAC,IAAiB;QACjC,gCAAgC;QAChC,IAAI,CAAC,UAAU,GAAG,gBAAC,CAAC,SAAS,CAC3B,IAAI,CAAC,GAAG,CAAC,UAAU,CACO,CAAC;QAE7B,4DAA4D;QAC5D,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,kCAAkC;YAClC,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzB,4GAA4G;gBAC5G,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;gBAC9C,OAAO,SAAS,CAAC,UAAU,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MA6BE;IACF,oBAAoB,CAAC,IAAiB;QACpC,qCAAqC;QACrC,IAAI,CAAC,eAAe,GAAG,gBAAC,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,CAAC,eAAe,CACM,CAAC;QAEjC,KAAK,MAAM,aAAa,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACjD,aAAa,CAAC,kBAAkB,GAAG,EAAE,CAAC;YAEtC,aAAa,CAAC,kBAAkB,CAAC,IAAI,CACnC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACtC,4DAA4D;iBAC3D,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE,EAAE,CAC9B,aAAa,CAAC,OAAO;gBACnB,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;iBAC/B,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAW,CAAC,CAC5C;gBACD,qFAAqF;iBACpF,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CACvC,CAAC;YAEF,8FAA8F;YAC9F,KAAK,MAAM,KAAK,IAAI,aAAa,CAAC,kBAAkB,EAAE,CAAC;gBACrD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,wBAAwB,EAAE,CAAC;oBACrD,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,wBAAwB,GAAG,EAAE,CAAC;gBACvD,CAAC;gBACA,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,wBAAqC,CAAC,IAAI,CAChE,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAsB,CACrD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,8GAA8G;IAC9G,iGAAiG;IACjG,SAAS,CAAC,IAAiB;QACzB,qCAAqC;QACrC,IAAI,CAAC,eAAe,GAAG;YACrB,GAAI,gBAAC,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAEoB;SACnB,CAAC;QAE5C,KAAK,MAAM,aAAa,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACjD,aAAa,CAAC,kBAAkB,GAAG,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;gBACnE,6FAA6F;gBAC7F,MAAM,KAAK,GAA0B;oBACnC,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;oBACjB,SAAS,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;oBACtB,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,aAAa,CAAC,2EAA2E;iBAChG,CAAC;gBACF,+DAA+D;gBAC/D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC5B,wCAAwC;gBACxC,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK;QACH,OAAO,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;IAClE,CAAC;CACF;AA3ID,oDA2IC;AAED,MAAa,mBAAoB,SAAQ,8BAA0B;IACjE,OAAO,CAAU;IAEjB,qEAAqE;IACrE,wBAAwB,CACtB,KAAa,EACb,IAAc;QAEd,OAAO,gBAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;IACnD,CAAC;IAED,QAAQ,GAGJ;QACF,QAAQ,EAAE;YACR,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,sBAAoB;SAC9B;QACD,OAAO,EAAE,sBAAoB;QAC7B,UAAU,EAAE,EAAE;QACd,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE;oBACJ,IAAI,EAAE,wBAAwB;oBAC9B,WAAW,EAAE,CAAC,KAAuC,EAAU,EAAE,CAC/D,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC;wBACrB,CAAC,CAAC,yBAAyB,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,SAAS,CAAC,EAAE;wBAC3D,CAAC,CAAC,sBAAsB;iBAC7B;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,wBAAwB;oBAC9B,WAAW,EAAE,CAAC,KAAuC,EAAU,EAAE;wBAC/D,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;4BACf,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;4BACnD,OAAO,GAAG,KAAK,GAAG,KAAK,CAAC,IAAI,uBAAuB,CAAC;wBACtD,CAAC;6BAAM,CAAC;4BACN,OAAO,sBAAsB,CAAC;wBAChC,CAAC;oBACH,CAAC;iBACF;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,gCAAgC;oBACtC,WAAW,EAAE,qBAAY;iBAC1B;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,wBAAwB;oBAC9B,WAAW,EAAE,CACX,KAAuC,EACnB,EAAE;wBACtB,2CAA2C;wBAC3C,MAAM,YAAY,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,cAAc,CAAC;4BAC/C,CAAC,CAAC,KAAM,KAAK,CAAC,YAAwC,CAAC,IAAI,GAAG;4BAC9D,CAAC,CAAC,EAAE,CAAC;wBACP,yFAAyF;wBACzF,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC;4BAC5B,iCAAiC;4BACjC,OAAQ,KAAK,CAAC,OAAqC;iCAChD,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC;iCAChD,IAAI,CAAC,IAAI,CAAC,CAAC;wBAChB,CAAC;6BAAM,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;4BACxB,sDAAsD;4BACtD,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,YAAY,EAAE,CAAC;wBAC1C,CAAC;6BAAM,CAAC;4BACN,OAAO,SAAS,CAAC;wBACnB,CAAC;oBACH,CAAC;iBACF;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,oCAAoC;oBAC1C,WAAW,EAAE,qBAAY;iBAC1B;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,kCAAkC;oBACxC,WAAW,EAAE,qBAAY;iBAC1B;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,wBAAwB;oBAC9B,WAAW,EAAE,CACX,KAAuC,EACnB,EAAE;wBACtB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;4BACpB,OAAO,SAAS,CAAC;wBACnB,CAAC;wBACD,4EAA4E;wBAC5E,6CAA6C;wBAC7C,OAAO,KAAK,CAAC,QAAQ;4BACnB,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAChB,OAAO,EAAE,OAAO,EAAE,IAAI;4BACpB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI;4BACtB,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CACzB;6BACA,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC;6BAClC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChB,CAAC;iBACF;gBACD,QAAQ,EAAE,EAAE;gBACZ,UAAU,EAAE,EAAE;gBACd,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,iBAAiB;wBACvB,GAAG,EAAE,IAAI;wBACT,IAAI,EAAE;4BACJ,IAAI,EAAE;gCACJ,IAAI,EAAE,MAAM;gCACZ,WAAW,EAAE,WAAW;6BACzB;4BACD,GAAG,EAAE;gCACH,IAAI,EAAE,MAAM;gCACZ,WAAW,EAAE,CACX,KAEiE,EACvD,EAAE,CAAC,IAAA,2BAAkB,EAAC,WAAW,CAAC,KAAK,CAAC,CAAC;6BACtD;4BACD,GAAG,EAAE,EAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAC;4BAC/C,SAAS,EAAE;gCACT,IAAI,EAAE,SAAS;gCACf,WAAW,EAAE,qBAAY;6BAC1B;4BACD,OAAO,EAAE;gCACP,IAAI,EAAE,SAAS;gCACf,WAAW,EAAE,CACX,KAAsC,EAClB,EAAE,CACtB,KAAK;oCACH,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;yCACP,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;wCACd,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI;4CACtC,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK;4CAC7B,CAAC,CAAC,wBAAwB,CAAC;wCAC7B,OAAO,GAAG,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;oCAC7C,CAAC,CAAC;yCACD,IAAI,CAAC,IAAI,CAAC;oCACf,CAAC,CAAC,SAAS;6BAChB;4BACD,OAAO,EAAE;gCACP,IAAI,EAAE,SAAS;gCACf,WAAW,EAAE,qBAAY;6BAC1B;4BACD,SAAS,EAAE;gCACT,IAAI,EAAE,WAAW;gCACjB,WAAW,EAAE,qBAAY;6BAC1B;4BACD,OAAO,EAAE;gCACP,IAAI,EAAE,SAAS;gCACf,WAAW,EAAE,qBAAY;6BAC1B;4BACD,0CAA0C;4BAC1C,QAAQ,EAAE;gCACR,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,qBAAY;6BAC1B;4BACD,OAAO,EAAE;gCACP,IAAI,EAAE,SAAS;gCACf,WAAW,EAAE,CACX,KAAoC,EAChB,EAAE,CACtB,KAAK;oCACH,CAAC,CAAC,GAAG,KAAK,CAAC,WAAW;wCAClB,EAAE,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;yCACrC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC;yCACtB,IAAI,CAAC,IAAI,CAAC,EAAE;oCACjB,CAAC,CAAC,SAAS;6BAChB;4BACD,KAAK,EAAE;gCACL,IAAI,EAAE,OAAO;gCACb,WAAW,EAAE,CACX,KAIe,EACK,EAAE;oCACtB,IAAI,CAAC,KAAK,EAAE,CAAC;wCACX,OAAO,SAAS,CAAC;oCACnB,CAAC;oCACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;wCACzB,OAAO,KAAK;6CACT,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;6CACxB,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC;6CACtB,IAAI,CAAC,IAAI,CAAC,CAAC;oCAChB,CAAC;oCACD,OAAO;wCACL,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;4CACtD,EAAE,CAAC;wCACL,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;4CACpD,EAAE,CAAC;qCACN,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gCACf,CAAC;6BACF;4BACD,0CAA0C;4BAC1C,gBAAgB,EAAE;gCAChB,IAAI,EAAE,gBAAgB;gCACtB,WAAW,EAAE,qBAAY;6BAC1B;4BACD,wBAAwB,EAAE;gCACxB,IAAI,EAAE,wBAAwB;gCAC9B,WAAW,EAAE,qBAAY;6BAC1B;4BACD,mBAAmB,EAAE;gCACnB,IAAI,EAAE,mBAAmB;gCACzB,WAAW,EAAE,CAAC,KAAiB,EAAsB,EAAE,CACrD,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;6BAC3D;4BACD,iBAAiB,EAAE;gCACjB,IAAI,EAAE,iBAAiB;gCACvB,WAAW,EAAE,qBAAY;6BAC1B;4BACD,sBAAsB,EAAE;gCACtB,IAAI,EAAE,sBAAsB;gCAC5B,WAAW,EAAE,qBAAY;6BAC1B;4BACD,sBAAsB,EAAE;gCACtB,IAAI,EAAE,sBAAsB;gCAC5B,WAAW,EAAE,qBAAY;6BAC1B;yBACF;wBACD,YAAY,EAAE;4BACZ,WAAW,EAAE,CACX,KAEyD,EACzD,EAAE;gCACF,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc;oCACzC,CAAC,CAAC,mBAAmB,KAAK,CAAC,cAAc,EAAE;oCAC3C,CAAC,CAAC,EAAE,CAAC;gCACP,uFAAuF;gCACvF,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC;oCAC3C,CAAC,CAAC,eAAe,KAAK,CAAC,UAAU,EAAE;oCACnC,CAAC,CAAC,EAAE,CAAC;gCACP,OAAO;oCACL,cAAc,IAAI,UAAU;wCAC1B,CAAC,CAAC;4CACE,IAAI,EAAE,GAAG,cAAc,OAAO,UAAU,EAAE,CAAC,IAAI,EAAE;4CACjD,KAAK,EAAE,KAAK;yCACb;wCACH,CAAC,CAAC,SAAS;oCACb,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC;wCAC5B,CAAC,CAAC;4CACE,IAAI,EAAE,qBAAqB,IAAI,CAAC,SAAS,CACvC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAC9B,IAAI,EACJ,CAAC,CACF,EAAE;4CACH,KAAK,EAAE,OAAO;yCACf;wCACH,CAAC,CAAC,SAAS;iCACd,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC;4BAC/C,CAAC;yBAC0C;wBAC7C,IAAI,EAAE;4BACJ;gCACE,WAAW,EAAE,CACX,KAA8B,EACL,EAAE;oCAC3B,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;oCACzD,MAAM,GAAG,GAAG,SAAS;yCAClB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;yCAC1C,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,gBAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;oCACpC,OAAO,EAAC,GAAG,EAAE,GAAG,EAAC,CAAC;gCACpB,CAAC;6BACF;yBACF;wBACD,eAAe,EAAE,EAAE;wBACnB,KAAK,EAAE;4BACL,wCAAwC;4BACxC,WAAW,EAAE,CACX,KAEyD,EACjD,EAAE,CACV,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,EAAE,EAAE;yBAC7D;wBACD,EAAE,EAAE,EAAC,IAAI,EAAE,IAAI,EAAC;wBAChB,IAAI,EAAE;4BACJ,WAAW,EAAE,CACX,KAEyD,EACrC,EAAE;gCACtB,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW;oCACnC,CAAC,CAAC,gBAAgB,KAAK,CAAC,WAAW,EAAE;oCACrC,CAAC,CAAC,EAAE,CAAC;gCACP,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gCAC7D,OAAO,IAAA,qBAAY,EAAC,GAAG,WAAW,OAAO,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;4BAC5D,CAAC;yBACF;wBACD,MAAM,EAAE;4BACN,WAAW,EAAE,CACX,KAEyD,EACjD,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;yBAC5C;wBACD,IAAI,EAAE;4BACJ,WAAW,EAAE,CAAC,aAAsC,EAAU,EAAE,CAC9D,IAAI,CAAC,SAAS,CACZ,gBAAC,CAAC,IAAI,CAAC,aAAa,EAAE,oBAAoB,CAAC,EAC3C,IAAI,EACJ,CAAC,CACF;yBACJ;wBACD,gBAAgB,EAAE,yBAAyB;wBAC3C,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,oBAAoB;gCAC1B,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;gCAC3C,SAAS,EAAE;oCACT,WAAW,EAAE,CAAC,KAAa,EAAU,EAAE;wCACrC,MAAM,qBAAqB,GAAG,IAAI,CAAC,wBAAwB,CACzD,KAAK,EACL,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAC7B,CAAC;wCACF,MAAM,KAAK,GAAG,gBAAC,CAAC,GAAG,CAAC,qBAAqB,EAAE,OAAO,CAAC;4CACjD,CAAC,CAAC,GAAG,qBAAqB,CAAC,KAAK,GAAG;4CACnC,CAAC,CAAC,EAAE,CAAC;wCACP,MAAM,OAAO,GAAG,gBAAC,CAAC,GAAG,CAAC,qBAAqB,EAAE,SAAS,CAAC;4CACrD,CAAC,CAAC,IAAI,qBAAqB,CAAC,OAAO,EAAE;4CACrC,CAAC,CAAC,EAAE,CAAC;wCACP,OAAO,aAAa,KAAK,GAAG,gBAAC,CAAC,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,GAAG,OAAO,gBAAgB,CAAC;oCAC7F,CAAC;iCACF;gCACD,OAAO,EAAE;oCACP,WAAW,EAAE,CAAC,KAAa,EAAU,EAAE;wCACrC,iGAAiG;wCACjG,MAAM,qBAAqB,GAAG,IAAI,CAAC,wBAAwB,CACzD,KAAK,EACL;4CACE,MAAM;4CACN,WAAW;4CACX,SAAS;4CACT,UAAU;4CACV,cAAc;4CACd,SAAS,EAAE,4BAA4B;4CACvC,QAAQ,EAAE,qBAAqB;4CAC/B,WAAW;4CACX,OAAO;4CACP,MAAM;4CACN,SAAS;4CACT,aAAa;4CACb,UAAU;4CACV,WAAW;yCACZ,CACF,CAAC;wCACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC;6CAC3C,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;4CACX,OAAO,KAAK,CAAC,OAAO,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;gDAC9C,CAAC,CAAC,SAAS,gBAAC,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,qBAAqB,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;gDACtF,CAAC,CAAC,SAAS,gBAAC,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;wCAClE,CAAC,CAAC;6CACD,IAAI,CAAC,EAAE,CAAC,CAAC;wCACZ,OAAO,sBAAsB,GAAG,EAAE,CAAC;oCACrC,CAAC;iCACF;gCACD,UAAU,EAAE,EAAE;6BACf;yBACF;qBACF;iBACF;gBACD,MAAM,EAAE,EAAE;aACX;SACF;QACD,WAAW,EAAE;YACX,WAAW,EAAE,CAAC,KAAkB,EAA2B,EAAE;gBAC3D,+DAA+D;gBAC/D,oDAAoD;gBACpD,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CACxC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,OAAO,CAClC,CAAC;gBACF,OAAO;oBACL,cAAc,EAAE;wBACd;4BACE,IAAI,EAAE,MAAM;4BACZ,UAAU,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;4BACtD,YAAY,EAAE,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,kBAAkB,CAAC;4BAC9C,IAAI,EAAE,gBAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;gCACtB,YAAY;gCACZ,iBAAiB;gCACjB,cAAc;6BACf,CAAC;yBACH;qBACF;oBACD,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAC,GAAG,EAAE,KAAK,CAAC,GAAG,EAAC,CAAC;iBACtC,CAAC;YACJ,CAAC;SACF;KACF,CAAC;IACF,YAAY,UAAuB,EAAE,OAAO,GAAG,KAAK;QAClD,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QACxB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF;AA1YD,kDA0YC","sourcesContent":["import {ExecJSON} from 'inspecjs';\nimport _ from 'lodash';\nimport {version as HeimdallToolsVersion} from '../package.json';\nimport {BaseConverter, ILookupPath, MappedTransform} from './base-converter';\nimport {CweNistMapping} from './mappings/CweNistMapping';\nimport {filterString, getCCIsForNISTTags} from './utils/global';\nimport {\n CycloneDXSoftwareBillOfMaterialSpecification,\n CycloneDXSoftwareBillOfMaterialsStandard,\n CycloneDXBillOfMaterialsStandardVulnerability,\n CycloneDXSoftwareBillOfMaterialsStandardVulnerability,\n FluffyCredits,\n PurpleCredits,\n FluffyRating,\n PurpleRating,\n MethodEnum,\n Response,\n CreationToolsLegacyElement,\n ToolsTools,\n ToolsToolsLegacy,\n FluffyTools,\n ComponentClass,\n ComponentObject\n} from '../types/cyclonedx';\n\nconst cvssMethods = ['CVSSv2', 'CVSSv3', 'CVSSv31', 'CVSSv4'] as const;\ntype CVSSMethodEnum = Extract<MethodEnum, (typeof cvssMethods)[number]>;\n\ntype IntermediaryComponent = Omit<\n ComponentClass | ComponentObject,\n 'components'\n> & {\n components?: IntermediaryComponent[];\n affectingVulnerabilities?: string[];\n isDummy?: boolean;\n};\n\ntype IntermediaryVulnerability = (\n | CycloneDXBillOfMaterialsStandardVulnerability\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability\n) & {\n affectedComponents?: number[];\n};\n\ntype DataStorage = {\n components: IntermediaryComponent[];\n vulnerabilities: IntermediaryVulnerability[];\n raw:\n | CycloneDXSoftwareBillOfMaterialSpecification\n | CycloneDXSoftwareBillOfMaterialsStandard;\n};\n\nconst CWE_NIST_MAPPING = new CweNistMapping();\nconst DEFAULT_NIST_TAG = ['SI-2', 'RA-5'];\nconst IMPACT_MAPPING: Map<string, number> = new Map([\n ['critical', 1.0],\n ['high', 0.7],\n ['medium', 0.5],\n ['low', 0.3],\n ['info', 0.5],\n ['none', 0.0],\n ['unknown', 0.5]\n]);\n\n// Convert object type to string[] and prepend `CWE` if used directly for tag display\nfunction formatCWETags(\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability['cwes']\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability['cwes'],\n addPrefix = true\n): string[] {\n return input && Array.isArray(input)\n ? input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`))\n : [];\n}\n\n// Convert gathered CWEs to corresponding NIST 800-53s\nfunction getNISTTags(\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability['cwes']\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability['cwes']\n): string[] {\n return CWE_NIST_MAPPING.nistFilter(\n formatCWETags(input, false),\n DEFAULT_NIST_TAG\n );\n}\n\n// A single SBOM vulnerability can contain multiple security ratings\n// Find the max of any existing ratings and then pass to `impact`\nfunction maxImpact(ratings: FluffyRating[] | PurpleRating[]): number {\n return ratings\n .map((rating) =>\n rating.score &&\n rating.method &&\n cvssMethods.includes(rating.method as CVSSMethodEnum) // cast required since .includes expects the parameter to be a subtype\n ? // Prefer to use CVSS-based `score` field when possible\n rating.score / 10\n : // Else interpret it from `severity` field, defaulting to medium/0.5\n (IMPACT_MAPPING.get(rating.severity?.toLowerCase() ?? '') ?? 0.5)\n )\n .reduce(\n (maxValue, newValue) =>\n // Find max of existing ratings\n maxValue > newValue ? maxValue : newValue,\n 0\n );\n}\n\n// If the highest rating severity for a control is `info` or `unknown`, set the results to skipped and request a manual review\nfunction skipSeverityInfoOrUnknown(controls: unknown[]): unknown[] {\n if (controls) {\n (controls as ExecJSON.Control[])\n // Filter to controls whose highest rating severity is either `info` or `unknown`\n .filter((control) => {\n const ratings = (_.get(control, 'tags.ratings', '') as string).split(\n / - |, /\n );\n return (\n (ratings.includes('info') || ratings.includes('unknown')) &&\n !(\n ratings.includes('critical') ||\n ratings.includes('high') ||\n ratings.includes('medium') ||\n ratings.includes('low') ||\n ratings.includes('none')\n )\n );\n })\n // For every result contained by that control, set the status to skipped and request a manual review\n .map((control) =>\n control.results.map((result) => {\n result.status = ExecJSON.ControlResultStatus.Skipped;\n result.skip_message =\n 'Manual review required because a CycloneDX rating severity is set to `info` or `unknown`.';\n })\n );\n }\n return controls;\n}\n\nexport class CycloneDXSBOMResults {\n data: DataStorage;\n withRaw: boolean;\n constructor(sbomJson: string, withRaw = false) {\n this.data = {\n components: [],\n vulnerabilities: [],\n raw: JSON.parse(sbomJson)\n };\n this.withRaw = withRaw;\n\n if (this.data.raw.components) {\n // We know this is SBOM data\n this.flattenComponents(this.data);\n if (this.data.raw.vulnerabilities) {\n // If this SBOM data has a vulnerabilities field, we can create an intermediary object\n this.generateIntermediary(this.data);\n }\n } else if (this.data.raw.vulnerabilities) {\n // Back up in case we ingest VEX data instead\n this.formatVEX(this.data);\n } else {\n throw new Error(\n 'Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.'\n );\n }\n }\n\n // Flatten any arbitrarily nested components list\n flattenComponents(data: DataStorage) {\n // Pull components from raw data\n data.components = _.cloneDeep(\n data.raw.components\n ) as IntermediaryComponent[];\n\n // Look through every component at the top level of the list\n for (const component of data.components) {\n // Identify if subcomponents exist\n if (component.components) {\n // If so, pull out the subcomponents and push them to end of top level component list for further flattening\n data.components.push(...component.components);\n delete component.components;\n }\n }\n }\n\n /*\n Copy the indices of all components that are affected by a vulnerability and place them under that corresponding vulnerability\n Also note in each component the IDs of the vulnerabilities that affect them\n This allows for bidirectional traversal in SBOM view\n\n Should result in the following general structure:\n {\n components: [\n component: {\n affectingVulnerabilities: [ // Added field\n vulnID,\n ...\n ],\n ...\n },\n ...\n ],\n vulnerabilities: [\n vulnerability: {\n affectedComponents: [ // Added field\n componentIndex,\n ...\n ],\n ...\n },\n ...\n ],\n ...\n }\n */\n generateIntermediary(data: DataStorage) {\n // Pull vulnerabilities from raw data\n data.vulnerabilities = _.cloneDeep(\n data.raw.vulnerabilities\n ) as IntermediaryVulnerability[];\n\n for (const vulnerability of data.vulnerabilities) {\n vulnerability.affectedComponents = [];\n\n vulnerability.affectedComponents.push(\n ...Array.from(data.components.entries())\n // Find every component that is affected via listed bom-refs\n .filter(([_index, component]) =>\n vulnerability.affects\n ?.map((id) => id.ref.toString())\n .includes(component['bom-ref'] as string)\n )\n // Add the index of that affected component to the corresponding vulnerability object\n .map(([index, _component]) => index)\n );\n\n // Also record the ID of the vulnerability in the component for use in bidirectional traversal\n for (const index of vulnerability.affectedComponents) {\n if (!data.components[index].affectingVulnerabilities) {\n data.components[index].affectingVulnerabilities = [];\n }\n (data.components[index].affectingVulnerabilities as string[]).push(\n _.get(vulnerability, 'bom-ref') as unknown as string\n );\n }\n }\n }\n\n // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF\n // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM\n formatVEX(data: DataStorage) {\n // Pull vulnerabilities from raw data\n data.vulnerabilities = [\n ...(_.cloneDeep(data.raw.vulnerabilities) as\n | CycloneDXBillOfMaterialsStandardVulnerability[]\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability[])\n ] as unknown as IntermediaryVulnerability[];\n\n for (const vulnerability of data.vulnerabilities) {\n vulnerability.affectedComponents = vulnerability.affects?.map((id) => {\n // Build a dummy component for each bom-ref identified as being affected by the vulnerability\n const dummy: IntermediaryComponent = {\n name: `${id.ref}`,\n 'bom-ref': `${id.ref}`,\n isDummy: true,\n type: 'application' // a type must be provided, and \"application\" is the default classification\n };\n // Add that component to the corresponding vulnerability object\n data.components.push(dummy);\n // Return the index of that dummy object\n return data.components.length - 1;\n });\n }\n }\n\n toHdf(): ExecJSON.Execution {\n return new CycloneDXSBOMMapper(this.data, this.withRaw).toHdf();\n }\n}\n\nexport class CycloneDXSBOMMapper extends BaseConverter<DataStorage> {\n withRaw: boolean;\n\n // Pull any keys from a given index for the stored components listing\n getComponentValueAtIndex(\n index: number,\n keys: string[]\n ): Record<string, unknown> {\n return _.pick(this.data.components[index], keys);\n }\n\n mappings: MappedTransform<\n ExecJSON.Execution & {passthrough: unknown},\n ILookupPath\n > = {\n platform: {\n name: 'Heimdall Tools',\n release: HeimdallToolsVersion\n },\n version: HeimdallToolsVersion,\n statistics: {},\n profiles: [\n {\n name: {\n path: 'raw.metadata.component',\n transformer: (input: ComponentClass | ComponentObject): string =>\n _.has(input, 'bom-ref')\n ? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}`\n : 'CycloneDX BOM Report'\n },\n title: {\n path: 'raw.metadata.component',\n transformer: (input: ComponentClass | ComponentObject): string => {\n if (input.name) {\n const group = input.group ? `${input.group}/` : '';\n return `${group}${input.name} CycloneDX BOM Report`;\n } else {\n return 'CycloneDX BOM Report';\n }\n }\n },\n version: {\n path: 'raw.metadata.component.version',\n transformer: filterString\n },\n maintainer: {\n path: 'raw.metadata.component',\n transformer: (\n input: ComponentClass | ComponentObject\n ): string | undefined => {\n // Find organization of authors if possible\n const manufacturer = _.has(input, 'manufacturer')\n ? ` (${(input.manufacturer as Record<string, unknown>).name})`\n : '';\n // Check through every single possible field which may hold ownership over this component\n if (_.has(input, 'authors')) {\n // Join list of component authors\n return (input.authors as Record<string, unknown>[])\n .map((author) => `${author.name}${manufacturer}`)\n .join(', ');\n } else if (input.author) {\n // `author` is deprecated in v1.6 but may still appear\n return `${input.author}${manufacturer}`;\n } else {\n return undefined;\n }\n }\n },\n summary: {\n path: 'raw.metadata.component.description',\n transformer: filterString\n },\n copyright: {\n path: 'raw.metadata.component.copyright',\n transformer: filterString\n },\n license: {\n path: 'raw.metadata.component',\n transformer: (\n input: ComponentClass | ComponentObject\n ): string | undefined => {\n if (!input.licenses) {\n return undefined;\n }\n // Certain license reports only provide the license name in the `name` field\n // Check there first and then default to `id`\n return input.licenses\n ?.map((license) =>\n license?.license?.name\n ? license.license.name\n : license?.license?.id\n )\n .filter((identifier) => identifier)\n .join(', ');\n }\n },\n supports: [],\n attributes: [],\n groups: [],\n status: 'loaded',\n controls: [\n {\n path: 'vulnerabilities',\n key: 'id',\n tags: {\n nist: {\n path: 'cwes',\n transformer: getNISTTags\n },\n cci: {\n path: 'cwes',\n transformer: (\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability['cwes']\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability['cwes']\n ): string[] => getCCIsForNISTTags(getNISTTags(input))\n },\n cwe: {path: 'cwes', transformer: formatCWETags},\n 'bom-ref': {\n path: 'bom-ref',\n transformer: filterString\n },\n ratings: {\n path: 'ratings',\n transformer: (\n input: FluffyRating[] | PurpleRating[]\n ): string | undefined =>\n input\n ? [...input]\n .map((rating) => {\n const ratingSource = rating.source?.name\n ? `${rating.source?.name} - `\n : 'Unidentified Source - ';\n return `${ratingSource}${rating.severity}`;\n })\n .join(', ')\n : undefined\n },\n created: {\n path: 'created',\n transformer: filterString\n },\n published: {\n path: 'published',\n transformer: filterString\n },\n updated: {\n path: 'updated',\n transformer: filterString\n },\n // Workflow items will not affect `impact`\n rejected: {\n path: 'rejected',\n transformer: filterString\n },\n credits: {\n path: 'credits',\n transformer: (\n input: FluffyCredits | PurpleCredits\n ): string | undefined =>\n input\n ? `${input.individuals\n ?.map((individual) => individual.name)\n .filter((name) => name)\n .join(', ')}`\n : undefined\n },\n tools: {\n path: 'tools',\n transformer: (\n input:\n | CreationToolsLegacyElement[]\n | ToolsToolsLegacy[]\n | ToolsTools\n | FluffyTools\n ): string | undefined => {\n if (!input) {\n return undefined;\n }\n if (Array.isArray(input)) {\n return input\n .map((tool) => tool.name)\n .filter((name) => name)\n .join(', ');\n }\n return [\n ...(input.components?.map((component) => component.name) ??\n []),\n ...(input.services?.map((component) => component.name) ??\n [])\n ].join(', ');\n }\n },\n // Workflow items will not affect `impact`\n 'analysis.state': {\n path: 'analysis.state',\n transformer: filterString\n },\n 'analysis.justification': {\n path: 'analysis.justification',\n transformer: filterString\n },\n 'analysis.response': {\n path: 'analysis.response',\n transformer: (input: Response[]): string | undefined =>\n input && input.length > 0 ? input.join(', ') : undefined\n },\n 'analysis.detail': {\n path: 'analysis.detail',\n transformer: filterString\n },\n 'analysis.firstIssued': {\n path: 'analysis.firstIssued',\n transformer: filterString\n },\n 'analysis.lastUpdated': {\n path: 'analysis.lastUpdated',\n transformer: filterString\n }\n },\n descriptions: {\n transformer: (\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability\n ) => {\n const recommendation = input.recommendation\n ? `Recommendation: ${input.recommendation}`\n : '';\n // Workaround not defined by types? Use lodash for now until proper type is implemented\n const workaround = _.has(input, 'workaround')\n ? `Workaround: ${input.workaround}`\n : '';\n return [\n recommendation || workaround\n ? {\n data: `${recommendation}\\n\\n${workaround}`.trim(),\n label: 'fix'\n }\n : undefined,\n _.has(input, 'proofOfConcept')\n ? {\n data: `Proof of concept: ${JSON.stringify(\n _.get(input, 'proofOfConcept'),\n null,\n 2\n )}`,\n label: 'check'\n }\n : undefined\n ].filter((subdescription) => subdescription);\n }\n } as unknown as ExecJSON.ControlDescription[],\n refs: [\n {\n transformer: (\n input: Record<string, unknown>\n ): Record<string, unknown> => {\n const searchFor = ['source', 'references', 'advisories'];\n const ref = searchFor\n .filter((key) => input.hasOwnProperty(key))\n .map((key) => _.pick(input, key));\n return {ref: ref};\n }\n }\n ],\n source_location: {},\n title: {\n // Give description as title if possible\n transformer: (\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability\n ): string =>\n input.description ? `${input.description}` : `${input.id}`\n },\n id: {path: 'id'},\n desc: {\n transformer: (\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability\n ): string | undefined => {\n const description = input.description\n ? `Description: ${input.description}`\n : '';\n const detail = input.detail ? `Detail: ${input.detail}` : '';\n return filterString(`${description}\\n\\n${detail}`.trim());\n }\n },\n impact: {\n transformer: (\n input:\n | CycloneDXBillOfMaterialsStandardVulnerability\n | CycloneDXSoftwareBillOfMaterialsStandardVulnerability\n ): number => maxImpact(input.ratings ?? [])\n },\n code: {\n transformer: (vulnerability: Record<string, unknown>): string =>\n JSON.stringify(\n _.omit(vulnerability, 'affectedComponents'),\n null,\n 2\n )\n },\n arrayTransformer: skipSeverityInfoOrUnknown,\n results: [\n {\n path: 'affectedComponents',\n status: ExecJSON.ControlResultStatus.Failed,\n code_desc: {\n transformer: (index: number): string => {\n const selectComponentValues = this.getComponentValueAtIndex(\n index,\n ['group', 'version', 'name']\n );\n const group = _.has(selectComponentValues, 'group')\n ? `${selectComponentValues.group}/`\n : '';\n const version = _.has(selectComponentValues, 'version')\n ? `@${selectComponentValues.version}`\n : '';\n return `Component ${group}${_.get(selectComponentValues, 'name')}${version} is vulnerable`;\n }\n },\n message: {\n transformer: (index: number): string => {\n // Selectively pick out fields to display; full components are listed in full component structure\n const selectComponentValues = this.getComponentValueAtIndex(\n index,\n [\n 'type',\n 'mime-type',\n 'bom-ref',\n 'supplier',\n 'manufacturer',\n 'authors', // Replaces `author` in v1.6\n 'author', // Deprecated in v1.6\n 'publisher',\n 'group',\n 'name',\n 'version',\n 'description',\n 'licenses',\n 'copyright'\n ]\n );\n const msg = Object.keys(selectComponentValues)\n .map((key) => {\n return Array.isArray(selectComponentValues[key])\n ? `\\n\\n- ${_.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}`\n : `\\n\\n- ${_.capitalize(key)}: ${selectComponentValues[key]}`;\n })\n .join('');\n return `-Component Summary-${msg}`;\n }\n },\n start_time: ''\n }\n ]\n }\n ],\n sha256: ''\n }\n ],\n passthrough: {\n transformer: (input: DataStorage): Record<string, unknown> => {\n // VEX files will generate dummy components for control results\n // Filter them out for the proper components listing\n const components = input.components.filter(\n (component) => !component.isDummy\n );\n return {\n auxiliary_data: [\n {\n name: 'SBOM',\n components: components.length ? components : undefined,\n dependencies: _.get(input, 'raw.dependencies'),\n data: _.omit(input.raw, [\n 'components',\n 'vulnerabilities',\n 'dependencies'\n ])\n }\n ],\n ...(this.withRaw && {raw: input.raw})\n };\n }\n }\n };\n constructor(exportJson: DataStorage, withRaw = false) {\n super(exportJson, true);\n this.withRaw = withRaw;\n }\n}\n"]}

package/lib/src/dbprotect-mapper.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import { ExecJSON } from 'inspecjs';
-import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
-export declare class DBProtectMapper extends BaseConverter {
-    withRaw: boolean;
-    mappings: MappedTransform<ExecJSON.Execution & {
-        passthrough: unknown;
-    }, ILookupPath>;
-    constructor(dbProtectXml: string, withRaw?: boolean);
-}
-//# sourceMappingURL=dbprotect-mapper.d.ts.map

package/lib/src/dbprotect-mapper.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"dbprotect-mapper.d.ts","sourceRoot":"","sources":["../../src/dbprotect-mapper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,QAAQ,EAAC,MAAM,UAAU,CAAC;AAGlC,OAAO,EACL,aAAa,EACb,WAAW,EAEX,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AA+F1B,qBAAa,eAAgB,SAAQ,aAAa;IAChD,OAAO,EAAE,OAAO,CAAC;IAEjB,QAAQ,EAAE,eAAe,CACvB,QAAQ,CAAC,SAAS,GAAG;QAAC,WAAW,EAAE,OAAO,CAAA;KAAC,EAC3C,WAAW,CACZ,CAwDC;gBACU,YAAY,EAAE,MAAM,EAAE,OAAO,UAAQ;CAIlD"}