@mitre/hdf-converters 2.5.0 → 2.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/data/aws-config-mapping.json +638 -0
- package/lib/data/cci-nist-mapping.json +3553 -0
- package/lib/data/converters/csv2json.d.ts +1 -0
- package/lib/data/converters/csv2json.js +36 -0
- package/lib/data/converters/csv2json.js.map +1 -0
- package/lib/data/converters/csv2json.ts +36 -0
- package/lib/data/converters/xml2json.d.ts +14 -0
- package/lib/data/converters/xml2json.js +42 -0
- package/lib/data/converters/xml2json.js.map +1 -0
- package/lib/data/converters/xml2json.ts +57 -0
- package/lib/data/cwe-nist-mapping.json +1416 -0
- package/lib/data/nessus-plugins-nist-mapping.json +644 -0
- package/lib/data/nikto-nist-mapping.json +53648 -0
- package/lib/data/owasp-nist-mapping.json +72 -0
- package/lib/data/scoutsuite-nist-mapping.json +558 -0
- package/lib/index.d.ts +3 -0
- package/lib/index.js +3 -0
- package/lib/index.js.map +1 -1
- package/lib/package.json +18 -9
- package/lib/src/asff-mapper.d.ts +15 -0
- package/lib/src/asff-mapper.js +508 -0
- package/lib/src/asff-mapper.js.map +1 -0
- package/lib/src/base-converter.d.ts +3 -7
- package/lib/src/base-converter.js +27 -9
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/burpsuite-mapper.js +6 -8
- package/lib/src/burpsuite-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts +88 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js +3 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js.map +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts +31 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js +132 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js.map +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.d.ts +44 -0
- package/lib/src/converters-from-hdf/asff/transformers.js +397 -0
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts +24 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js +111 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js.map +1 -0
- package/lib/src/dbprotect-mapper.js +1 -1
- package/lib/src/dbprotect-mapper.js.map +1 -1
- package/lib/src/jfrog-xray-mapper.js +3 -5
- package/lib/src/jfrog-xray-mapper.js.map +1 -1
- package/lib/src/mappings/AwsConfigMapping.d.ts +6 -0
- package/lib/src/mappings/AwsConfigMapping.js +39 -0
- package/lib/src/mappings/AwsConfigMapping.js.map +1 -0
- package/lib/src/mappings/AwsConfigMappingItem.d.ts +7 -0
- package/lib/src/mappings/AwsConfigMappingItem.js +28 -0
- package/lib/src/mappings/AwsConfigMappingItem.js.map +1 -0
- package/lib/src/mappings/CciNistMapping.d.ts +1 -1
- package/lib/src/mappings/CciNistMapping.js +5 -24
- package/lib/src/mappings/CciNistMapping.js.map +1 -1
- package/lib/src/mappings/CweNistMapping.d.ts +8 -1
- package/lib/src/mappings/CweNistMapping.js +4 -27
- package/lib/src/mappings/CweNistMapping.js.map +1 -1
- package/lib/src/mappings/CweNistMappingItem.d.ts +2 -1
- package/lib/src/mappings/CweNistMappingItem.js +9 -9
- package/lib/src/mappings/CweNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +7 -1
- package/lib/src/mappings/NessusPluginsNistMapping.js +4 -8
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +2 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +16 -6
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NiktoNistMapping.d.ts +7 -1
- package/lib/src/mappings/NiktoNistMapping.js +4 -8
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingItem.d.ts +2 -1
- package/lib/src/mappings/NiktoNistMappingItem.js +7 -7
- package/lib/src/mappings/NiktoNistMappingItem.js.map +1 -1
- package/lib/src/mappings/OwaspNistMapping.d.ts +8 -1
- package/lib/src/mappings/OwaspNistMapping.js +4 -8
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -1
- package/lib/src/mappings/OwaspNistMappingItem.d.ts +2 -1
- package/lib/src/mappings/OwaspNistMappingItem.js +9 -9
- package/lib/src/mappings/OwaspNistMappingItem.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts +5 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.js +4 -10
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts +2 -1
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js +4 -4
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js.map +1 -1
- package/lib/src/nessus-mapper.js +9 -12
- package/lib/src/nessus-mapper.js.map +1 -1
- package/lib/src/netsparker-mapper.js +4 -7
- package/lib/src/netsparker-mapper.js.map +1 -1
- package/lib/src/nikto-mapper.js +1 -3
- package/lib/src/nikto-mapper.js.map +1 -1
- package/lib/src/sarif-mapper.js +1 -3
- package/lib/src/sarif-mapper.js.map +1 -1
- package/lib/src/scoutsuite-mapper.js +2 -4
- package/lib/src/scoutsuite-mapper.js.map +1 -1
- package/lib/src/snyk-mapper.js +2 -7
- package/lib/src/snyk-mapper.js.map +1 -1
- package/lib/src/sonarqube-mapper.d.ts +54 -0
- package/lib/src/sonarqube-mapper.js +196 -0
- package/lib/src/sonarqube-mapper.js.map +1 -0
- package/lib/src/xccdf-results-mapper.js +4 -6
- package/lib/src/xccdf-results-mapper.js.map +1 -1
- package/lib/src/zap-mapper.d.ts +1 -1
- package/lib/src/zap-mapper.js +8 -5
- package/lib/src/zap-mapper.js.map +1 -1
- package/package.json +18 -9
- package/lib/data/U_CCI_List.xml +0 -38403
- package/lib/data/aws-config-mapping.csv +0 -107
- package/lib/data/cwe-nist-mapping.csv +0 -203
- package/lib/data/nessus-plugins-nist-mapping.csv +0 -108
- package/lib/data/nikto-nist-mapping.csv +0 -8942
- package/lib/data/owasp-nist-mapping.csv +0 -11
- package/lib/data/scoutsuite-nist-mapping.csv +0 -140
|
@@ -27,7 +27,7 @@ const crypto_1 = require("crypto");
|
|
|
27
27
|
const htmlparser = __importStar(require("htmlparser2"));
|
|
28
28
|
const lodash_1 = __importDefault(require("lodash"));
|
|
29
29
|
function generateHash(data, algorithm = 'sha256') {
|
|
30
|
-
const hash = crypto_1.createHash(algorithm);
|
|
30
|
+
const hash = (0, crypto_1.createHash)(algorithm);
|
|
31
31
|
return hash.update(data).digest('hex');
|
|
32
32
|
}
|
|
33
33
|
exports.generateHash = generateHash;
|
|
@@ -40,6 +40,7 @@ function parseHtml(input) {
|
|
|
40
40
|
});
|
|
41
41
|
if (typeof input === 'string') {
|
|
42
42
|
myParser.write(input);
|
|
43
|
+
myParser.end();
|
|
43
44
|
}
|
|
44
45
|
return textData.join('');
|
|
45
46
|
}
|
|
@@ -133,18 +134,19 @@ class BaseConverter {
|
|
|
133
134
|
return pathVal;
|
|
134
135
|
}
|
|
135
136
|
if (typeof transformer === 'function') {
|
|
136
|
-
return transformer(file);
|
|
137
|
+
return transformer.bind(this)(file);
|
|
137
138
|
}
|
|
138
139
|
else {
|
|
139
140
|
return this.convertInternal(file, v);
|
|
140
141
|
}
|
|
141
142
|
}
|
|
142
143
|
handleArray(file, v) {
|
|
144
|
+
var _a, _b, _c;
|
|
143
145
|
if (v.length === 0) {
|
|
144
146
|
return [];
|
|
145
147
|
}
|
|
146
148
|
if (v[0].path === undefined) {
|
|
147
|
-
const arrayTransformer = v[0].arrayTransformer;
|
|
149
|
+
const arrayTransformer = (_a = v[0].arrayTransformer) === null || _a === void 0 ? void 0 : _a.bind(this);
|
|
148
150
|
v = v.map((element) => {
|
|
149
151
|
return lodash_1.default.omit(element, ['arrayTransformer']);
|
|
150
152
|
});
|
|
@@ -153,15 +155,23 @@ class BaseConverter {
|
|
|
153
155
|
output.push(this.evaluate(file, element));
|
|
154
156
|
});
|
|
155
157
|
if (arrayTransformer !== undefined) {
|
|
156
|
-
|
|
158
|
+
if (Array.isArray(arrayTransformer)) {
|
|
159
|
+
output = arrayTransformer[0].apply(arrayTransformer[1], [
|
|
160
|
+
v,
|
|
161
|
+
this.data
|
|
162
|
+
]);
|
|
163
|
+
}
|
|
164
|
+
else {
|
|
165
|
+
output = arrayTransformer.apply(null, [output, this.data]);
|
|
166
|
+
}
|
|
157
167
|
}
|
|
158
168
|
return output;
|
|
159
169
|
}
|
|
160
170
|
else {
|
|
161
171
|
const path = v[0].path;
|
|
162
172
|
const key = v[0].key;
|
|
163
|
-
const arrayTransformer = v[0].arrayTransformer;
|
|
164
|
-
const transformer = v[0].transformer;
|
|
173
|
+
const arrayTransformer = (_b = v[0].arrayTransformer) === null || _b === void 0 ? void 0 : _b.bind(this);
|
|
174
|
+
const transformer = (_c = v[0].transformer) === null || _c === void 0 ? void 0 : _c.bind(this);
|
|
165
175
|
if (this.hasPath(file, path)) {
|
|
166
176
|
const pathVal = this.handlePath(file, path);
|
|
167
177
|
if (Array.isArray(pathVal)) {
|
|
@@ -173,12 +183,20 @@ class BaseConverter {
|
|
|
173
183
|
'key'
|
|
174
184
|
]);
|
|
175
185
|
});
|
|
186
|
+
if (arrayTransformer !== undefined) {
|
|
187
|
+
if (Array.isArray(arrayTransformer)) {
|
|
188
|
+
v = arrayTransformer[0].apply(arrayTransformer[1], [
|
|
189
|
+
v,
|
|
190
|
+
this.data
|
|
191
|
+
]);
|
|
192
|
+
}
|
|
193
|
+
else {
|
|
194
|
+
v = arrayTransformer.apply(null, [v, this.data]);
|
|
195
|
+
}
|
|
196
|
+
}
|
|
176
197
|
if (key !== undefined) {
|
|
177
198
|
v = collapseDuplicates(v, key, this.collapseResults);
|
|
178
199
|
}
|
|
179
|
-
if (arrayTransformer !== undefined) {
|
|
180
|
-
v = arrayTransformer(v, this.data);
|
|
181
|
-
}
|
|
182
200
|
return v;
|
|
183
201
|
}
|
|
184
202
|
else {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-converter.js","sourceRoot":"","sources":["../../src/base-converter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAkC;AAClC,wDAA0C;AAE1C,oDAAuB;
|
|
1
|
+
{"version":3,"file":"base-converter.js","sourceRoot":"","sources":["../../src/base-converter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAkC;AAClC,wDAA0C;AAE1C,oDAAuB;AA8BvB,SAAgB,YAAY,CAAC,IAAY,EAAE,SAAS,GAAG,QAAQ;IAC7D,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAHD,oCAGC;AAED,SAAgB,SAAS,CAAC,KAAc;IACtC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;QACrC,MAAM,CAAC,IAAY;YACjB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,EAAE,CAAC;KAChB;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3B,CAAC;AAZD,8BAYC;AACD,SAAgB,aAAa,CAC3B,OAA4B;IAE5B,OAAO,CAAC,QAAiB,EAAU,EAAE;QACnC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;SAC5D;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;AACJ,CAAC;AAVD,sCAUC;AAGD,SAAS,kBAAkB,CACzB,KAAe,EACf,GAAW,EACX,eAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,MAAM,QAAQ,GAAQ,EAAE,CAAC;IACzB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAO,EAAE,EAAE;QACxB,MAAM,aAAa,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE;gBAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBACjC,OAAO,EAAE,CAAC;aACX;iBAAM;gBACL,MAAM,SAAS,GAAG,gBAAC,CAAC,GAAG,CACrB,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,CACkB,CAAC;gBAC9B,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAC7C,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAC5B,CAAC;gBACF,IAAI,eAAe,EAAE;oBACnB,IACE,YAAY,CAAC,OAAO,CAClB,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAW,CAC9C,KAAK,CAAC,CAAC,EACR;wBACA,gBAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CACd,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CACnD,CACF,CAAC;qBACH;iBACF;qBAAM;oBACL,gBAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CAAC,CACrE,CAAC;iBACH;aACF;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AAClB,CAAC;AACD,MAAa,aAAa;IAKxB,YAAY,IAA6B,EAAE,eAAe,GAAG,KAAK;QAChE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IACD,WAAW,CACT,QAA0D;QAE1D,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IACD,KAAK;QACH,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;SAC9C;aAAM;YACL,MAAM,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7B,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YACzD,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC;SACV;IACH,CAAC;IAED,SAAS,CAAO,GAAM,EAAE,EAA8B;QACpD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAC1B,CAAC;IAC1B,CAAC;IACD,eAAe,CACb,IAA6B,EAC7B,MAAS;QAET,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAmB,EAAE,EAAE,CAC5D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CACvB,CAAC;QACF,OAAO,MAAsC,CAAC;IAChD,CAAC;IAED,QAAQ,CACN,IAA6B,EAC7B,CAAe;QAEf,MAAM,WAAW,GAAG,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YACpB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;SAClC;aAAM,IACL,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,SAAS;YACtB,CAAC,KAAK,IAAI,EACV;YACA,OAAO,CAAC,CAAC;SACV;aAAM,IAAI,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE;YAC3B,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE;gBACrC,OAAO,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAW,CAAC,CAAC,CAAC;aACvE;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAW,CAAC,CAAC;YAClE,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;gBAC1B,OAAO,OAAc,CAAC;aACvB;YACD,OAAO,OAAY,CAAC;SACrB;QACD,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE;YACrC,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;SACrC;aAAM;YACL,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;SACtC;IACH,CAAC;IAED,WAAW,CACT,IAA6B,EAC7B,CAAyB;;QAEzB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,OAAO,EAAE,CAAC;SACX;QACD,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,MAAA,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3D,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;gBACpB,OAAO,gBAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CAAoB,CAAC;YAClE,CAAC,CAAC,CAAC;YACH,IAAI,MAAM,GAAa,EAAE,CAAC;YAC1B,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBACpB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAM,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YACH,IAAI,gBAAgB,KAAK,SAAS,EAAE;gBAClC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;oBACnC,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;wBACtD,CAAC;wBACD,IAAI,CAAC,IAAI;qBACV,CAAC,CAAC;iBACJ;qBAAM;oBACL,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAQ,CAAC;iBACnE;aACF;YACD,OAAO,MAAM,CAAC;SACf;aAAM;YACL,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACrB,MAAM,gBAAgB,GAAG,MAAA,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3D,MAAM,WAAW,GAAG,MAAA,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;oBAC1B,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,OAAgC,EAAE,EAAE;wBACnD,OAAO,gBAAC,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;4BACjD,MAAM;4BACN,aAAa;4BACb,kBAAkB;4BAClB,KAAK;yBACN,CAAM,CAAC;oBACV,CAAC,CAAC,CAAC;oBACH,IAAI,gBAAgB,KAAK,SAAS,EAAE;wBAClC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;4BACnC,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;gCACjD,CAAC;gCACD,IAAI,CAAC,IAAI;6BACV,CAAC,CAAC;yBACJ;6BAAM;4BACL,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAQ,CAAC;yBACzD;qBACF;oBACD,IAAI,GAAG,KAAK,SAAS,EAAE;wBACrB,CAAC,GAAG,kBAAkB,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;qBACtD;oBACD,OAAO,CAAC,CAAC;iBACV;qBAAM;oBACL,IAAI,WAAW,KAAK,SAAS,EAAE;wBAC7B,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAM,CAAC,CAAC;qBACxD;yBAAM;wBACL,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAM,CAAC,CAAC;qBAC3C;iBACF;aACF;iBAAM;gBACL,OAAO,EAAE,CAAC;aACX;SACF;IACH,CAAC;IACD,UAAU,CAAC,IAA6B,EAAE,IAAY;QACpD,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YACzB,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SAC9C;aAAM;YACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;SAChC;IACH,CAAC;IACD,OAAO,CAAC,IAA6B,EAAE,IAAY;QACjD,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YACzB,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;SACxC;aAAM;YACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;SAC1B;IACH,CAAC;CACF;AA3JD,sCA2JC"}
|
|
@@ -7,7 +7,6 @@ exports.BurpSuiteMapper = void 0;
|
|
|
7
7
|
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
8
|
const inspecjs_1 = require("inspecjs");
|
|
9
9
|
const lodash_1 = __importDefault(require("lodash"));
|
|
10
|
-
const path_1 = __importDefault(require("path"));
|
|
11
10
|
const package_json_1 = require("../package.json");
|
|
12
11
|
const base_converter_1 = require("./base-converter");
|
|
13
12
|
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
@@ -18,8 +17,7 @@ const IMPACT_MAPPING = new Map([
|
|
|
18
17
|
['information', 0.3]
|
|
19
18
|
]);
|
|
20
19
|
const NAME = 'BurpSuite Pro Scan';
|
|
21
|
-
const
|
|
22
|
-
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping(CWE_NIST_MAPPING_FILE);
|
|
20
|
+
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
|
|
23
21
|
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
24
22
|
function formatCodeDesc(issue) {
|
|
25
23
|
const text = [];
|
|
@@ -30,16 +28,16 @@ function formatCodeDesc(issue) {
|
|
|
30
28
|
text.push('Host: ip: , url: ');
|
|
31
29
|
}
|
|
32
30
|
if (lodash_1.default.has(issue, 'location')) {
|
|
33
|
-
text.push(`Location: ${base_converter_1.parseHtml(lodash_1.default.get(issue, 'location'))}`);
|
|
31
|
+
text.push(`Location: ${(0, base_converter_1.parseHtml)(lodash_1.default.get(issue, 'location'))}`);
|
|
34
32
|
}
|
|
35
33
|
else {
|
|
36
34
|
text.push('Location: ');
|
|
37
35
|
}
|
|
38
36
|
if (lodash_1.default.has(issue, 'issueDetail')) {
|
|
39
|
-
text.push(`issueDetail: ${base_converter_1.parseHtml(lodash_1.default.get(issue, 'issueDetail'))}`);
|
|
37
|
+
text.push(`issueDetail: ${(0, base_converter_1.parseHtml)(lodash_1.default.get(issue, 'issueDetail'))}`);
|
|
40
38
|
}
|
|
41
39
|
if (lodash_1.default.has(issue, 'confidence')) {
|
|
42
|
-
text.push(`confidence: ${base_converter_1.parseHtml(lodash_1.default.get(issue, 'confidence'))}`);
|
|
40
|
+
text.push(`confidence: ${(0, base_converter_1.parseHtml)(lodash_1.default.get(issue, 'confidence'))}`);
|
|
43
41
|
}
|
|
44
42
|
else {
|
|
45
43
|
text.push('confidence: ');
|
|
@@ -55,7 +53,7 @@ function idToString(id) {
|
|
|
55
53
|
}
|
|
56
54
|
}
|
|
57
55
|
function formatCweId(input) {
|
|
58
|
-
return base_converter_1.parseHtml(input).slice(1, -1).trimLeft();
|
|
56
|
+
return (0, base_converter_1.parseHtml)(input).slice(1, -1).trimLeft();
|
|
59
57
|
}
|
|
60
58
|
function nistTag(input) {
|
|
61
59
|
let cwe = formatCweId(input).split('CWE-');
|
|
@@ -108,7 +106,7 @@ class BurpSuiteMapper extends base_converter_1.BaseConverter {
|
|
|
108
106
|
desc: { path: 'issueBackground', transformer: base_converter_1.parseHtml },
|
|
109
107
|
impact: {
|
|
110
108
|
path: 'severity',
|
|
111
|
-
transformer: base_converter_1.impactMapping(IMPACT_MAPPING)
|
|
109
|
+
transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
|
|
112
110
|
},
|
|
113
111
|
tags: {
|
|
114
112
|
nist: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"burpsuite-mapper.js","sourceRoot":"","sources":["../../src/burpsuite-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,
|
|
1
|
+
{"version":3,"file":"burpsuite-mapper.js","sourceRoot":"","sources":["../../src/burpsuite-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;AAGzD,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,aAAa,EAAE,GAAG,CAAC;CACrB,CAAC,CAAC;AACH,MAAM,IAAI,GAAG,oBAAoB,CAAC;AAClC,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAG3C,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE;QACxD,IAAI,CAAC,IAAI,CACP,aAAa,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,UAAU,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,CAC1E,CAAC;KACH;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KAChC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE;QAC5B,IAAI,CAAC,IAAI,CAAC,aAAa,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;KAC/D;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;KACzB;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;QAC/B,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;KACrE;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,EAAE;QAC9B,IAAI,CAAC,IAAI,CAAC,eAAe,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;KACnE;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAChC,CAAC;AACD,SAAS,UAAU,CAAC,EAAW;IAC7B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE;QACpD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;KACtB;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,IAAA,0BAAS,EAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAClD,CAAC;AACD,SAAS,OAAO,CAAC,KAAa;IAC5B,IAAI,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3C,GAAG,CAAC,KAAK,EAAE,CAAC;IACZ,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,OAAO,gBAAgB,CAAC,UAAU,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AACD,MAAa,eAAgB,SAAQ,8BAAa;IA2EhD,YAAY,QAAgB;QAC1B,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QA3E5B,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,IAAI;oBACV,OAAO,EAAE,EAAC,IAAI,EAAE,oBAAoB,EAAC;oBACrC,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,cAAc;4BACpB,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAC;4BAC3C,KAAK,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;4BACrB,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAE,WAAW,EAAE,0BAAS,EAAC;4BACvD,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,8BAA8B;oCACpC,WAAW,EAAE,OAAO;iCACrB;gCACD,KAAK,EAAE;oCACL,IAAI,EAAE,8BAA8B;oCACpC,WAAW,EAAE,WAAW;iCACzB;gCACD,UAAU,EAAE,EAAC,IAAI,EAAE,YAAY,EAAC;6BACjC;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAE,WAAW,EAAE,0BAAS,EAAC;oCACvD,KAAK,EAAE,OAAO;iCACf;gCACD;oCACE,IAAI,EAAE,EAAC,IAAI,EAAE,uBAAuB,EAAE,WAAW,EAAE,0BAAS,EAAC;oCAC7D,KAAK,EAAE,KAAK;iCACb;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAC,IAAI,EAAE,qBAAqB,EAAC;iCAC1C;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AAnFD,0CAmFC"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
export interface IOptions {
|
|
2
|
+
input: string;
|
|
3
|
+
awsAccountId: string;
|
|
4
|
+
target: string;
|
|
5
|
+
region: string;
|
|
6
|
+
}
|
|
7
|
+
export interface IExecJSONASFF {
|
|
8
|
+
Findings: IFindingASFF[];
|
|
9
|
+
}
|
|
10
|
+
export interface IFindingASFF {
|
|
11
|
+
SchemaVersion: string;
|
|
12
|
+
Id: string;
|
|
13
|
+
ProductArn: string;
|
|
14
|
+
ProductName?: string;
|
|
15
|
+
CompanyName?: string;
|
|
16
|
+
Region?: string;
|
|
17
|
+
GeneratorId: string;
|
|
18
|
+
AwsAccountId: string;
|
|
19
|
+
Types?: string[] | Record<string, unknown>;
|
|
20
|
+
FirstObservedAt?: string;
|
|
21
|
+
LastObservedAt?: string;
|
|
22
|
+
CreatedAt: string;
|
|
23
|
+
UpdatedAt: string;
|
|
24
|
+
Severity: ISeverityASFF;
|
|
25
|
+
Title: string;
|
|
26
|
+
Description: string;
|
|
27
|
+
Remediation: IRemediationASFF;
|
|
28
|
+
ProductFields: IProductFieldsASFF;
|
|
29
|
+
Resources: IResourcesASFF[];
|
|
30
|
+
Compliance: IComplianceASFF;
|
|
31
|
+
WorkflowState?: string;
|
|
32
|
+
Workflow?: {
|
|
33
|
+
Status: string;
|
|
34
|
+
};
|
|
35
|
+
RecordState?: string;
|
|
36
|
+
FindingProviderFields: IFindingProviderFieldsASFF;
|
|
37
|
+
}
|
|
38
|
+
export interface ISeverityASFF {
|
|
39
|
+
Product?: number;
|
|
40
|
+
Label: string;
|
|
41
|
+
Normalized?: number;
|
|
42
|
+
Original?: string;
|
|
43
|
+
}
|
|
44
|
+
export interface IRemediationASFF {
|
|
45
|
+
Recommendation: {
|
|
46
|
+
Text: string;
|
|
47
|
+
Url?: string;
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
export interface IProductFieldsASFF {
|
|
51
|
+
Check?: string | Record<string, unknown>;
|
|
52
|
+
StandardsGuideArn?: string;
|
|
53
|
+
StandardsGuideSubscriptionArn?: string;
|
|
54
|
+
RuleId?: string;
|
|
55
|
+
RecommendationUrl?: string;
|
|
56
|
+
StandardsControlArn?: string;
|
|
57
|
+
'aws/securityhub/ProductName'?: string;
|
|
58
|
+
'aws/securityhub/CompanyName'?: string;
|
|
59
|
+
'aws/securityhub/annotation'?: string;
|
|
60
|
+
'Resources:0/Id'?: string;
|
|
61
|
+
'aws/securityhub/FindingId'?: string;
|
|
62
|
+
}
|
|
63
|
+
export interface IResourcesASFF {
|
|
64
|
+
Type: string;
|
|
65
|
+
Id: string;
|
|
66
|
+
Partition?: string;
|
|
67
|
+
Region?: string;
|
|
68
|
+
Details?: {
|
|
69
|
+
AwsIamRole: {
|
|
70
|
+
AssumeRolePolicyDocument: string | Record<string, unknown>;
|
|
71
|
+
};
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
export interface IComplianceASFF {
|
|
75
|
+
Status: string;
|
|
76
|
+
StatusReasons?: ({
|
|
77
|
+
ReasonCode: string | null;
|
|
78
|
+
Description: string | null;
|
|
79
|
+
} | null)[];
|
|
80
|
+
RelatedRequirements?: string[] | Record<string, unknown>;
|
|
81
|
+
}
|
|
82
|
+
export interface IFindingProviderFieldsASFF {
|
|
83
|
+
Severity: {
|
|
84
|
+
Label: string;
|
|
85
|
+
Original?: string;
|
|
86
|
+
};
|
|
87
|
+
Types: string[] | Record<string, unknown>;
|
|
88
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asff-types.js","sourceRoot":"","sources":["../../../../src/converters-from-hdf/asff/asff-types.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { MappedTransform } from '../../base-converter';
|
|
3
|
+
import { FromHdfBaseConverter } from '../reverse-base-converter';
|
|
4
|
+
import { IExecJSONASFF, IFindingASFF, IOptions } from './asff-types';
|
|
5
|
+
export declare type SegmentedControl = ExecJSON.Control & {
|
|
6
|
+
result: ExecJSON.ControlResult;
|
|
7
|
+
layersOfControl: (ExecJSON.Control & {
|
|
8
|
+
fix?: string;
|
|
9
|
+
profileInfo?: Record<string, unknown>;
|
|
10
|
+
})[];
|
|
11
|
+
};
|
|
12
|
+
export interface ILookupPathASFF {
|
|
13
|
+
path?: string;
|
|
14
|
+
transformer?: (value: SegmentedControl, context?: FromHdfToAsffMapper) => unknown;
|
|
15
|
+
arrayTransformer?: (value: unknown[], file: ExecJSON.Execution) => unknown[];
|
|
16
|
+
key?: string;
|
|
17
|
+
passParent?: boolean;
|
|
18
|
+
}
|
|
19
|
+
export declare class FromHdfToAsffMapper extends FromHdfBaseConverter {
|
|
20
|
+
mappings: MappedTransform<IExecJSONASFF, ILookupPathASFF>;
|
|
21
|
+
contextProfiles: any;
|
|
22
|
+
counts: any;
|
|
23
|
+
ioptions: IOptions;
|
|
24
|
+
index?: number;
|
|
25
|
+
impactMapping: Map<number, string>;
|
|
26
|
+
constructor(hdfObj: ExecJSON.Execution, options: IOptions | undefined);
|
|
27
|
+
defaultOptions(): IOptions;
|
|
28
|
+
setMappings(customMappings: MappedTransform<IExecJSONASFF, ILookupPathASFF>): void;
|
|
29
|
+
controlsToSegments(): SegmentedControl[];
|
|
30
|
+
toAsff(): IFindingASFF[];
|
|
31
|
+
}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.FromHdfToAsffMapper = void 0;
|
|
4
|
+
const inspecjs_1 = require("inspecjs");
|
|
5
|
+
const reverse_base_converter_1 = require("../reverse-base-converter");
|
|
6
|
+
const transformers_1 = require("./transformers");
|
|
7
|
+
class FromHdfToAsffMapper extends reverse_base_converter_1.FromHdfBaseConverter {
|
|
8
|
+
constructor(hdfObj, options) {
|
|
9
|
+
super(hdfObj);
|
|
10
|
+
this.mappings = {
|
|
11
|
+
Findings: [
|
|
12
|
+
{
|
|
13
|
+
SchemaVersion: '2018-10-08',
|
|
14
|
+
Id: { path: ``, transformer: transformers_1.setupId, passParent: true },
|
|
15
|
+
ProductArn: { path: ``, transformer: transformers_1.setupProductARN, passParent: true },
|
|
16
|
+
AwsAccountId: { path: ``, transformer: transformers_1.setupAwsAcct, passParent: true },
|
|
17
|
+
Types: {
|
|
18
|
+
transformer: () => ['Software and Configuration Checks']
|
|
19
|
+
},
|
|
20
|
+
CreatedAt: { path: ``, transformer: transformers_1.setupCreated },
|
|
21
|
+
Region: { path: '', transformer: transformers_1.setupRegion, passParent: true },
|
|
22
|
+
UpdatedAt: { path: ``, transformer: transformers_1.setupUpdated, passParent: true },
|
|
23
|
+
GeneratorId: {
|
|
24
|
+
path: '',
|
|
25
|
+
transformer: transformers_1.setupGeneratorId,
|
|
26
|
+
passParent: true
|
|
27
|
+
},
|
|
28
|
+
Title: { path: '', transformer: transformers_1.setupTitle },
|
|
29
|
+
Description: { path: '', transformer: transformers_1.setupDescr },
|
|
30
|
+
FindingProviderFields: {
|
|
31
|
+
Severity: {
|
|
32
|
+
Label: { path: '', transformer: transformers_1.setupSevLabel, passParent: true },
|
|
33
|
+
Original: { path: '', transformer: transformers_1.setupSevLabel, passParent: true }
|
|
34
|
+
},
|
|
35
|
+
Types: { path: '', transformer: transformers_1.setupFindingType, passParent: true }
|
|
36
|
+
},
|
|
37
|
+
Remediation: {
|
|
38
|
+
Recommendation: {
|
|
39
|
+
Text: { path: '', transformer: transformers_1.setupRemRec }
|
|
40
|
+
}
|
|
41
|
+
},
|
|
42
|
+
ProductFields: {
|
|
43
|
+
Check: { path: '', transformer: transformers_1.setupProdFieldCheck }
|
|
44
|
+
},
|
|
45
|
+
Severity: {
|
|
46
|
+
Label: { path: '', transformer: transformers_1.setupSevLabel, passParent: true },
|
|
47
|
+
Original: { path: '', transformer: transformers_1.setupSevOriginal }
|
|
48
|
+
},
|
|
49
|
+
Resources: [
|
|
50
|
+
{
|
|
51
|
+
Type: 'AwsAccount',
|
|
52
|
+
Id: { path: '', transformer: transformers_1.setupResourcesID, passParent: true },
|
|
53
|
+
Partition: 'aws',
|
|
54
|
+
Region: { path: '', transformer: transformers_1.setupRegion, passParent: true }
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
Id: { path: '', transformer: transformers_1.setupResourcesID2 },
|
|
58
|
+
Type: 'AwsIamRole',
|
|
59
|
+
Details: {
|
|
60
|
+
AwsIamRole: {
|
|
61
|
+
AssumeRolePolicyDocument: {
|
|
62
|
+
path: '',
|
|
63
|
+
transformer: transformers_1.setupDetailsAssume
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
],
|
|
69
|
+
Compliance: {
|
|
70
|
+
RelatedRequirements: {
|
|
71
|
+
transformer: () => [
|
|
72
|
+
'SEE REMEDIATION FIELD FOR RESULTS AND RECOMMENDED ACTION(S)'
|
|
73
|
+
]
|
|
74
|
+
},
|
|
75
|
+
Status: { path: '', transformer: transformers_1.setupControlStatus }
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
]
|
|
79
|
+
};
|
|
80
|
+
this.impactMapping = new Map([
|
|
81
|
+
[0.9, 'CRITICAL'],
|
|
82
|
+
[0.7, 'HIGH'],
|
|
83
|
+
[0.5, 'MEDIUM'],
|
|
84
|
+
[0.3, 'LOW'],
|
|
85
|
+
[0.0, 'INFORMATIONAL']
|
|
86
|
+
]);
|
|
87
|
+
this.ioptions = options === undefined ? this.defaultOptions() : options;
|
|
88
|
+
this.contextProfiles = (0, inspecjs_1.contextualizeEvaluation)(hdfObj);
|
|
89
|
+
this.counts = (0, transformers_1.statusCount)(this.contextProfiles);
|
|
90
|
+
}
|
|
91
|
+
defaultOptions() {
|
|
92
|
+
return {
|
|
93
|
+
input: '',
|
|
94
|
+
awsAccountId: '',
|
|
95
|
+
target: 'default',
|
|
96
|
+
region: ''
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
setMappings(customMappings) {
|
|
100
|
+
super.setMappings(customMappings);
|
|
101
|
+
}
|
|
102
|
+
controlsToSegments() {
|
|
103
|
+
const segments = [];
|
|
104
|
+
this.data.profiles.forEach((profile) => {
|
|
105
|
+
profile.controls.reverse().forEach((control) => {
|
|
106
|
+
control.results.forEach((segment) => {
|
|
107
|
+
segments.push({
|
|
108
|
+
...control,
|
|
109
|
+
result: segment,
|
|
110
|
+
layersOfControl: (0, transformers_1.getAllLayers)(this.data, control)
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
});
|
|
114
|
+
});
|
|
115
|
+
return segments;
|
|
116
|
+
}
|
|
117
|
+
toAsff() {
|
|
118
|
+
if (this.mappings === undefined) {
|
|
119
|
+
throw new Error('Mappings must be provided');
|
|
120
|
+
}
|
|
121
|
+
else {
|
|
122
|
+
const resList = this.controlsToSegments().map((segment, index) => {
|
|
123
|
+
this.index = index;
|
|
124
|
+
return this.convertInternal(segment, this.mappings)['Findings'][0];
|
|
125
|
+
});
|
|
126
|
+
resList.push((0, transformers_1.createProfileInfoFinding)(this.data, this.ioptions));
|
|
127
|
+
return resList;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
exports.FromHdfToAsffMapper = FromHdfToAsffMapper;
|
|
132
|
+
//# sourceMappingURL=reverse-asff-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reverse-asff-mapper.js","sourceRoot":"","sources":["../../../../src/converters-from-hdf/asff/reverse-asff-mapper.ts"],"names":[],"mappings":";;;AAAA,uCAA2D;AAE3D,sEAA+D;AAE/D,iDAsBwB;AAqBxB,MAAa,mBAAoB,SAAQ,6CAAoB;IAqF3D,YAAY,MAA0B,EAAE,OAA6B;QACnE,KAAK,CAAC,MAAM,CAAC,CAAC;QArFhB,aAAQ,GAAoD;YAC1D,QAAQ,EAAE;gBACR;oBACE,aAAa,EAAE,YAAY;oBAC3B,EAAE,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,sBAAO,EAAE,UAAU,EAAE,IAAI,EAAC;oBACtD,UAAU,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,8BAAe,EAAE,UAAU,EAAE,IAAI,EAAC;oBACtE,YAAY,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,2BAAY,EAAE,UAAU,EAAE,IAAI,EAAC;oBACrE,KAAK,EAAE;wBACL,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,mCAAmC,CAAC;qBACzD;oBACD,SAAS,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,2BAAY,EAAC;oBAChD,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,0BAAW,EAAE,UAAU,EAAE,IAAI,EAAC;oBAC9D,SAAS,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,2BAAY,EAAE,UAAU,EAAE,IAAI,EAAC;oBAClE,WAAW,EAAE;wBACX,IAAI,EAAE,EAAE;wBACR,WAAW,EAAE,+BAAgB;wBAC7B,UAAU,EAAE,IAAI;qBACjB;oBACD,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,yBAAU,EAAC;oBAC1C,WAAW,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,yBAAU,EAAC;oBAChD,qBAAqB,EAAE;wBACrB,QAAQ,EAAE;4BACR,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,4BAAa,EAAE,UAAU,EAAE,IAAI,EAAC;4BAC/D,QAAQ,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,4BAAa,EAAE,UAAU,EAAE,IAAI,EAAC;yBACnE;wBACD,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,+BAAgB,EAAE,UAAU,EAAE,IAAI,EAAC;qBACnE;oBACD,WAAW,EAAE;wBACX,cAAc,EAAE;4BACd,IAAI,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,0BAAW,EAAC;yBAC3C;qBACF;oBACD,aAAa,EAAE;wBACb,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,kCAAmB,EAAC;qBACpD;oBACD,QAAQ,EAAE;wBACR,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,4BAAa,EAAE,UAAU,EAAE,IAAI,EAAC;wBAC/D,QAAQ,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,+BAAgB,EAAC;qBACpD;oBACD,SAAS,EAAE;wBACT;4BACE,IAAI,EAAE,YAAY;4BAClB,EAAE,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,+BAAgB,EAAE,UAAU,EAAE,IAAI,EAAC;4BAC/D,SAAS,EAAE,KAAK;4BAChB,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,0BAAW,EAAE,UAAU,EAAE,IAAI,EAAC;yBAC/D;wBACD;4BACE,EAAE,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,gCAAiB,EAAC;4BAC9C,IAAI,EAAE,YAAY;4BAClB,OAAO,EAAE;gCACP,UAAU,EAAE;oCACV,wBAAwB,EAAE;wCACxB,IAAI,EAAE,EAAE;wCACR,WAAW,EAAE,iCAAkB;qCAChC;iCACF;6BACF;yBACF;qBACF;oBACD,UAAU,EAAE;wBACV,mBAAmB,EAAE;4BACnB,WAAW,EAAE,GAAG,EAAE,CAAC;gCACjB,6DAA6D;6BAC9D;yBACF;wBACD,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,iCAAkB,EAAC;qBACpD;iBACF;aACF;SACF,CAAC;QAOF,kBAAa,GAAwB,IAAI,GAAG,CAAC;YAC3C,CAAC,GAAG,EAAE,UAAU,CAAC;YACjB,CAAC,GAAG,EAAE,MAAM,CAAC;YACb,CAAC,GAAG,EAAE,QAAQ,CAAC;YACf,CAAC,GAAG,EAAE,KAAK,CAAC;YACZ,CAAC,GAAG,EAAE,eAAe,CAAC;SACvB,CAAC,CAAC;QAID,IAAI,CAAC,QAAQ,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QACxE,IAAI,CAAC,eAAe,GAAG,IAAA,kCAAuB,EAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAA,0BAAW,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC;IAED,cAAc;QACZ,OAAO;YACL,KAAK,EAAE,EAAE;YACT,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,EAAE;SACX,CAAC;IACJ,CAAC;IAED,WAAW,CACT,cAA+D;QAE/D,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IAGD,kBAAkB;QAChB,MAAM,QAAQ,GAAuB,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7C,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;oBAElC,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG,OAAO;wBACV,MAAM,EAAE,OAAO;wBACf,eAAe,EAAE,IAAA,2BAAY,EAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC;qBAClD,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAGD,MAAM;QACJ,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;SAC9C;aAAM;YAGL,MAAM,OAAO,GAAmB,IAAI,CAAC,kBAAkB,EAAE,CAAC,GAAG,CAC3D,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;gBACjB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;gBACnB,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CACjD,UAAU,CACX,CAAC,CAAC,CAAiB,CAAC;YACvB,CAAC,CACF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,IAAA,uCAAwB,EAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjE,OAAO,OAAO,CAAC;SAChB;IACH,CAAC;CACF;AAjJD,kDAiJC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import { ContextualizedEvaluation, ExecJSON } from 'inspecjs';
|
|
2
|
+
import { IFindingASFF, IOptions } from './asff-types';
|
|
3
|
+
import { FromHdfToAsffMapper, SegmentedControl } from './reverse-asff-mapper';
|
|
4
|
+
declare type Counts = {
|
|
5
|
+
Passed: number;
|
|
6
|
+
PassedTests: number;
|
|
7
|
+
Failed: number;
|
|
8
|
+
FailedTests: number;
|
|
9
|
+
PassingTestsFailedControl: number;
|
|
10
|
+
NotApplicable: number;
|
|
11
|
+
NotReviewed: number;
|
|
12
|
+
};
|
|
13
|
+
export declare function getRunTime(hdf: ExecJSON.Execution): Date;
|
|
14
|
+
export declare function createProfileInfoFinding(hdf: ExecJSON.Execution, options: IOptions): IFindingASFF;
|
|
15
|
+
export declare function statusCount(evaluation: ContextualizedEvaluation): Counts;
|
|
16
|
+
export declare function createDescription(counts: Counts): string;
|
|
17
|
+
export declare function createAssumeRolePolicyDocument(layersOfControl: ExecJSON.Control[], segment: ExecJSON.ControlResult): string;
|
|
18
|
+
export declare function sliceIntoChunks(arr: any[], chunkSize: number): any[][];
|
|
19
|
+
export declare function cleanText(text?: string | null): string | undefined;
|
|
20
|
+
export declare function getAllLayers(hdf: ExecJSON.Execution, knownControl: ExecJSON.Control): ExecJSON.Control[];
|
|
21
|
+
export declare function createNote(segment: ExecJSON.ControlResult): string;
|
|
22
|
+
export declare function createCode(control: ExecJSON.Control & {
|
|
23
|
+
profileInfo?: Record<string, unknown>;
|
|
24
|
+
}): string;
|
|
25
|
+
export declare function setupId(control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
26
|
+
export declare function setupProductARN(_val: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
27
|
+
export declare function setupAwsAcct(_val: SegmentedControl, context?: FromHdfToAsffMapper): string | undefined;
|
|
28
|
+
export declare function setupCreated(control: SegmentedControl): string;
|
|
29
|
+
export declare function setupRegion(_val: SegmentedControl, context?: FromHdfToAsffMapper): string | undefined;
|
|
30
|
+
export declare function setupUpdated(_control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
31
|
+
export declare function setupGeneratorId(control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
32
|
+
export declare function setupTitle(control: SegmentedControl): string;
|
|
33
|
+
export declare function setupDescr(control: SegmentedControl): string;
|
|
34
|
+
export declare function setupSevLabel(control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
35
|
+
export declare function setupSevOriginal(control: SegmentedControl): string;
|
|
36
|
+
export declare function setupFindingType(control: SegmentedControl, context?: FromHdfToAsffMapper): string[];
|
|
37
|
+
export declare function getFixForControl(control: SegmentedControl): any;
|
|
38
|
+
export declare function setupRemRec(control: SegmentedControl): string;
|
|
39
|
+
export declare function setupProdFieldCheck(control: SegmentedControl): string;
|
|
40
|
+
export declare function setupResourcesID(_val: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
41
|
+
export declare function setupResourcesID2(control: SegmentedControl): string;
|
|
42
|
+
export declare function setupDetailsAssume(control: SegmentedControl): string;
|
|
43
|
+
export declare function setupControlStatus(control: SegmentedControl): string;
|
|
44
|
+
export {};
|