@mitre/hdf-converters 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +9 -0
- package/README.md +4 -0
- package/lib/data/U_CCI_List.xml +38403 -0
- package/lib/data/aws-config-mapping.csv +107 -0
- package/lib/data/cwe-nist-mapping.csv +203 -0
- package/lib/data/nessus-plugins-nist-mapping.csv +108 -0
- package/lib/data/nikto-nist-mapping.csv +8942 -0
- package/lib/data/owasp-nist-mapping.csv +11 -0
- package/lib/data/scoutsuite-nist-mapping.csv +140 -0
- package/lib/index.d.ts +12 -0
- package/lib/index.js +25 -0
- package/lib/index.js.map +1 -0
- package/lib/package.json +45 -0
- package/lib/src/base-converter.d.ts +39 -0
- package/lib/src/base-converter.js +216 -0
- package/lib/src/base-converter.js.map +1 -0
- package/lib/src/burpsuite-mapper.d.ts +7 -0
- package/lib/src/burpsuite-mapper.js +157 -0
- package/lib/src/burpsuite-mapper.js.map +1 -0
- package/lib/src/dbprotect-mapper.d.ts +7 -0
- package/lib/src/dbprotect-mapper.js +165 -0
- package/lib/src/dbprotect-mapper.js.map +1 -0
- package/lib/src/fortify-mapper.d.ts +8 -0
- package/lib/src/fortify-mapper.js +180 -0
- package/lib/src/fortify-mapper.js.map +1 -0
- package/lib/src/jfrog-xray-mapper.d.ts +7 -0
- package/lib/src/jfrog-xray-mapper.js +169 -0
- package/lib/src/jfrog-xray-mapper.js.map +1 -0
- package/lib/src/mappings/CciNistMapping.d.ts +6 -0
- package/lib/src/mappings/CciNistMapping.js +60 -0
- package/lib/src/mappings/CciNistMapping.js.map +1 -0
- package/lib/src/mappings/CciNistMappingItem.d.ts +5 -0
- package/lib/src/mappings/CciNistMappingItem.js +11 -0
- package/lib/src/mappings/CciNistMappingItem.js.map +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts +6 -0
- package/lib/src/mappings/CweNistMapping.js +74 -0
- package/lib/src/mappings/CweNistMapping.js.map +1 -0
- package/lib/src/mappings/CweNistMappingItem.d.ts +8 -0
- package/lib/src/mappings/CweNistMappingItem.js +34 -0
- package/lib/src/mappings/CweNistMappingItem.js.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +6 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js +48 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +7 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +23 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -0
- package/lib/src/mappings/NiktoNistMapping.d.ts +6 -0
- package/lib/src/mappings/NiktoNistMapping.js +40 -0
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.d.ts +7 -0
- package/lib/src/mappings/NiktoNistMappingItem.js +28 -0
- package/lib/src/mappings/NiktoNistMappingItem.js.map +1 -0
- package/lib/src/mappings/OwaspNistMapping.d.ts +6 -0
- package/lib/src/mappings/OwaspNistMapping.js +55 -0
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.d.ts +8 -0
- package/lib/src/mappings/OwaspNistMappingItem.js +34 -0
- package/lib/src/mappings/OwaspNistMappingItem.js.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts +6 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js +39 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts +5 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js +21 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js.map +1 -0
- package/lib/src/nessus-mapper.d.ts +13 -0
- package/lib/src/nessus-mapper.js +303 -0
- package/lib/src/nessus-mapper.js.map +1 -0
- package/lib/src/netsparker-mapper.d.ts +7 -0
- package/lib/src/netsparker-mapper.js +221 -0
- package/lib/src/netsparker-mapper.js.map +1 -0
- package/lib/src/nikto-mapper.d.ts +7 -0
- package/lib/src/nikto-mapper.js +96 -0
- package/lib/src/nikto-mapper.js.map +1 -0
- package/lib/src/sarif-mapper.d.ts +7 -0
- package/lib/src/sarif-mapper.js +143 -0
- package/lib/src/sarif-mapper.js.map +1 -0
- package/lib/src/scoutsuite-mapper.d.ts +7 -0
- package/lib/src/scoutsuite-mapper.js +258 -0
- package/lib/src/scoutsuite-mapper.js.map +1 -0
- package/lib/src/snyk-mapper.d.ts +14 -0
- package/lib/src/snyk-mapper.js +165 -0
- package/lib/src/snyk-mapper.js.map +1 -0
- package/lib/src/xccdf-results-mapper.d.ts +6 -0
- package/lib/src/xccdf-results-mapper.js +206 -0
- package/lib/src/xccdf-results-mapper.js.map +1 -0
- package/lib/src/zap-mapper.d.ts +8 -0
- package/lib/src/zap-mapper.js +177 -0
- package/lib/src/zap-mapper.js.map +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"burpsuite-mapper.js","sourceRoot":"","sources":["../../src/burpsuite-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,gDAAwB;AACxB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;AAGzD,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,aAAa,EAAE,GAAG,CAAC;CACrB,CAAC,CAAC;AACH,MAAM,IAAI,GAAG,oBAAoB,CAAC;AAElC,MAAM,qBAAqB,GAAG,cAAI,CAAC,OAAO,CACxC,SAAS,EACT,8BAA8B,CAC/B,CAAC;AACF,MAAM,gBAAgB,GAAG,IAAI,+BAAc,CAAC,qBAAqB,CAAC,CAAC;AACnE,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAG3C,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE;QACxD,IAAI,CAAC,IAAI,CACP,aAAa,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,UAAU,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,CAC1E,CAAC;KACH;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KAChC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE;QAC5B,IAAI,CAAC,IAAI,CAAC,aAAa,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;KAC/D;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;KACzB;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;QAC/B,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;KACrE;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,EAAE;QAC9B,IAAI,CAAC,IAAI,CAAC,eAAe,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;KACnE;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAChC,CAAC;AACD,SAAS,UAAU,CAAC,EAAW;IAC7B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE;QACpD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;KACtB;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,IAAA,0BAAS,EAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAClD,CAAC;AACD,SAAS,OAAO,CAAC,KAAa;IAC5B,IAAI,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3C,GAAG,CAAC,KAAK,EAAE,CAAC;IACZ,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,OAAO,gBAAgB,CAAC,UAAU,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AACD,MAAa,eAAgB,SAAQ,8BAAa;IA2EhD,YAAY,QAAgB;QAC1B,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QA3E5B,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,IAAI;oBACV,OAAO,EAAE,EAAC,IAAI,EAAE,oBAAoB,EAAC;oBACrC,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,cAAc;4BACpB,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAC;4BAC3C,KAAK,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;4BACrB,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAE,WAAW,EAAE,0BAAS,EAAC;4BACvD,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,8BAA8B;oCACpC,WAAW,EAAE,OAAO;iCACrB;gCACD,KAAK,EAAE;oCACL,IAAI,EAAE,8BAA8B;oCACpC,WAAW,EAAE,WAAW;iCACzB;gCACD,UAAU,EAAE,EAAC,IAAI,EAAE,YAAY,EAAC;6BACjC;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAE,WAAW,EAAE,0BAAS,EAAC;oCACvD,KAAK,EAAE,OAAO;iCACf;gCACD;oCACE,IAAI,EAAE,EAAC,IAAI,EAAE,uBAAuB,EAAE,WAAW,EAAE,0BAAS,EAAC;oCAC7D,KAAK,EAAE,KAAK;iCACb;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAC,IAAI,EAAE,qBAAqB,EAAC;iCAC1C;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AAnFD,0CAmFC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
export declare class DBProtectMapper extends BaseConverter {
|
|
4
|
+
mappings: MappedTransform<ExecJSON.Execution, ILookupPath>;
|
|
5
|
+
constructor(dbProtectXml: string);
|
|
6
|
+
setMappings(customMappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
7
|
+
}
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.DBProtectMapper = void 0;
|
|
7
|
+
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
|
+
const inspecjs_1 = require("inspecjs");
|
|
9
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
10
|
+
const package_json_1 = require("../package.json");
|
|
11
|
+
const base_converter_1 = require("./base-converter");
|
|
12
|
+
const IMPACT_MAPPING = new Map([
|
|
13
|
+
['high', 0.7],
|
|
14
|
+
['medium', 0.5],
|
|
15
|
+
['low', 0.3],
|
|
16
|
+
['informational', 0]
|
|
17
|
+
]);
|
|
18
|
+
function parseXml(xml) {
|
|
19
|
+
const options = {
|
|
20
|
+
attributeNamePrefix: '',
|
|
21
|
+
textNodeName: 'text',
|
|
22
|
+
ignoreAttributes: false
|
|
23
|
+
};
|
|
24
|
+
return fast_xml_parser_1.default.parse(xml, options);
|
|
25
|
+
}
|
|
26
|
+
function compileFindings(input) {
|
|
27
|
+
const keys = lodash_1.default.get(input, 'dataset.metadata.item');
|
|
28
|
+
const findings = lodash_1.default.get(input, 'dataset.data.row');
|
|
29
|
+
let output = [];
|
|
30
|
+
if (Array.isArray(keys) && Array.isArray(findings)) {
|
|
31
|
+
const keyNames = keys.map((element) => {
|
|
32
|
+
return lodash_1.default.get(element, 'name');
|
|
33
|
+
});
|
|
34
|
+
output = findings.map((element) => {
|
|
35
|
+
return Object.fromEntries(keyNames.map(function (name, i) {
|
|
36
|
+
return [name, lodash_1.default.get(element, `value[${i}]`)];
|
|
37
|
+
}));
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
return Object.fromEntries([['data', output]]);
|
|
41
|
+
}
|
|
42
|
+
function formatSummary(entry) {
|
|
43
|
+
const text = [];
|
|
44
|
+
text.push(`Organization : ${lodash_1.default.get(entry, 'Organization')}`);
|
|
45
|
+
text.push(`Asset : ${lodash_1.default.get(entry, 'Check Asset')}`);
|
|
46
|
+
text.push(`Asset Type : ${lodash_1.default.get(entry, 'Asset Type')}`);
|
|
47
|
+
text.push(`IP Address, Port, Instance : ${lodash_1.default.get(entry, 'Asset Type')}`);
|
|
48
|
+
text.push(`IP Address, Port, Instance : ${lodash_1.default.get(entry, 'IP Address, Port, Instance')} `);
|
|
49
|
+
return text.join('\n');
|
|
50
|
+
}
|
|
51
|
+
function formatDesc(entry) {
|
|
52
|
+
const text = [];
|
|
53
|
+
text.push(`Task : ${lodash_1.default.get(entry, 'Task')}`);
|
|
54
|
+
text.push(`Check Category : ${lodash_1.default.get(entry, 'Check Category')}`);
|
|
55
|
+
return text.join('; ');
|
|
56
|
+
}
|
|
57
|
+
function getStatus(input) {
|
|
58
|
+
switch (input) {
|
|
59
|
+
case 'Fact':
|
|
60
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
61
|
+
case 'Failed':
|
|
62
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
63
|
+
case 'Finding':
|
|
64
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
65
|
+
case 'Not A Finding':
|
|
66
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Passed;
|
|
67
|
+
}
|
|
68
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
69
|
+
}
|
|
70
|
+
function getBacktrace(input) {
|
|
71
|
+
if (input === 'Failed') {
|
|
72
|
+
return 'DB Protect Failed Check';
|
|
73
|
+
}
|
|
74
|
+
else {
|
|
75
|
+
return '';
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
function handleBacktrace(input) {
|
|
79
|
+
if (Array.isArray(input)) {
|
|
80
|
+
input = input.map((element) => {
|
|
81
|
+
if (lodash_1.default.get(element, 'backtrace')[0] === '') {
|
|
82
|
+
return lodash_1.default.omit(element, 'backtrace');
|
|
83
|
+
}
|
|
84
|
+
else {
|
|
85
|
+
return element;
|
|
86
|
+
}
|
|
87
|
+
});
|
|
88
|
+
}
|
|
89
|
+
return input;
|
|
90
|
+
}
|
|
91
|
+
function idToString(id) {
|
|
92
|
+
if (typeof id === 'string' || typeof id === 'number') {
|
|
93
|
+
return id.toString();
|
|
94
|
+
}
|
|
95
|
+
else {
|
|
96
|
+
return '';
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
class DBProtectMapper extends base_converter_1.BaseConverter {
|
|
100
|
+
constructor(dbProtectXml) {
|
|
101
|
+
super(compileFindings(parseXml(dbProtectXml)));
|
|
102
|
+
this.mappings = {
|
|
103
|
+
platform: {
|
|
104
|
+
name: 'Heimdall Tools',
|
|
105
|
+
release: package_json_1.version,
|
|
106
|
+
target_id: ''
|
|
107
|
+
},
|
|
108
|
+
version: package_json_1.version,
|
|
109
|
+
statistics: {
|
|
110
|
+
duration: null
|
|
111
|
+
},
|
|
112
|
+
profiles: [
|
|
113
|
+
{
|
|
114
|
+
name: { path: 'data.[0].Policy' },
|
|
115
|
+
version: '',
|
|
116
|
+
title: { path: 'data.[0].Job Name' },
|
|
117
|
+
maintainer: null,
|
|
118
|
+
summary: { path: 'data.[0]', transformer: formatSummary },
|
|
119
|
+
license: null,
|
|
120
|
+
copyright: null,
|
|
121
|
+
copyright_email: null,
|
|
122
|
+
supports: [],
|
|
123
|
+
attributes: [],
|
|
124
|
+
depends: [],
|
|
125
|
+
groups: [],
|
|
126
|
+
status: 'loaded',
|
|
127
|
+
controls: [
|
|
128
|
+
{
|
|
129
|
+
path: 'data',
|
|
130
|
+
key: 'id',
|
|
131
|
+
id: { path: 'Check ID', transformer: idToString },
|
|
132
|
+
title: { path: 'Check' },
|
|
133
|
+
desc: { transformer: formatDesc },
|
|
134
|
+
impact: {
|
|
135
|
+
path: 'Risk DV',
|
|
136
|
+
transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
|
|
137
|
+
},
|
|
138
|
+
tags: {},
|
|
139
|
+
descriptions: [],
|
|
140
|
+
refs: [],
|
|
141
|
+
source_location: {},
|
|
142
|
+
code: '',
|
|
143
|
+
results: [
|
|
144
|
+
{
|
|
145
|
+
arrayTransformer: handleBacktrace,
|
|
146
|
+
status: { path: 'Result Status', transformer: getStatus },
|
|
147
|
+
code_desc: { path: 'Details' },
|
|
148
|
+
run_time: 0,
|
|
149
|
+
start_time: { path: 'Date' },
|
|
150
|
+
backtrace: [{ path: 'Result Status', transformer: getBacktrace }]
|
|
151
|
+
}
|
|
152
|
+
]
|
|
153
|
+
}
|
|
154
|
+
],
|
|
155
|
+
sha256: ''
|
|
156
|
+
}
|
|
157
|
+
]
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
setMappings(customMappings) {
|
|
161
|
+
super.setMappings(customMappings);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
exports.DBProtectMapper = DBProtectMapper;
|
|
165
|
+
//# sourceMappingURL=dbprotect-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dbprotect-mapper.js","sourceRoot":"","sources":["../../src/dbprotect-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAK0B;AAE1B,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,eAAe,EAAE,CAAC,CAAC;CACrB,CAAC,CAAC;AAEH,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AACD,SAAS,eAAe,CACtB,KAA8B;IAE9B,MAAM,IAAI,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,uBAAuB,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;IAElD,IAAI,MAAM,GAAc,EAAE,CAAC;IAE3B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;QAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAgC,EAAU,EAAE;YACrE,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAW,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAgC,EAAE,EAAE;YACzD,OAAO,MAAM,CAAC,WAAW,CACvB,QAAQ,CAAC,GAAG,CAAC,UAAU,IAAY,EAAE,CAAS;gBAC5C,OAAO,CAAC,IAAI,EAAE,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;KACJ;IACD,OAAO,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC;AACD,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;IAC5D,IAAI,CAAC,IAAI,CAAC,WAAW,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;IACpD,IAAI,CAAC,IAAI,CAAC,gBAAgB,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI,CAAC,gCAAgC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,IAAI,CACP,gCAAgC,gBAAC,CAAC,GAAG,CACnC,KAAK,EACL,4BAA4B,CAC7B,GAAG,CACL,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AACD,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,IAAI,CAAC,UAAU,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI,CAAC,oBAAoB,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,CAAC;IAChE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AACD,SAAS,SAAS,CAAC,KAAc;IAC/B,QAAQ,KAAK,EAAE;QACb,KAAK,MAAM;YACT,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;QAC9C,KAAK,QAAQ;YACX,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;QAC7C,KAAK,SAAS;YACZ,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;QAC7C,KAAK,eAAe;YAClB,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;KAC9C;IACD,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;AAC9C,CAAC;AACD,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,KAAK,QAAQ,EAAE;QACtB,OAAO,yBAAyB,CAAC;KAClC;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACxB,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE;gBACzC,OAAO,gBAAC,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;aACrC;iBAAM;gBACL,OAAO,OAAO,CAAC;aAChB;QACH,CAAC,CAAC,CAAC;KACJ;IACD,OAAO,KAAiC,CAAC;AAC3C,CAAC;AACD,SAAS,UAAU,CAAC,EAAW;IAC7B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE;QACpD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;KACtB;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED,MAAa,eAAgB,SAAQ,8BAAa;IA0DhD,YAAY,YAAoB;QAC9B,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QA1DjD,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAC;oBAC/B,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE,EAAC,IAAI,EAAE,mBAAmB,EAAC;oBAClC,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,EAAC,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAC;oBACvD,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,MAAM;4BACZ,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAC;4BAC/C,KAAK,EAAE,EAAC,IAAI,EAAE,OAAO,EAAC;4BACtB,IAAI,EAAE,EAAC,WAAW,EAAE,UAAU,EAAC;4BAC/B,MAAM,EAAE;gCACN,IAAI,EAAE,SAAS;gCACf,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE,EAAE;4BACR,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,gBAAgB,EAAE,eAAe;oCACjC,MAAM,EAAE,EAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAC;oCACvD,SAAS,EAAE,EAAC,IAAI,EAAE,SAAS,EAAC;oCAC5B,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;oCAC1B,SAAS,EAAE,CAAC,EAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,YAAY,EAAC,CAAC;iCAChE;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AAlED,0CAkEC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
export declare class FortifyMapper extends BaseConverter {
|
|
4
|
+
startTime: string;
|
|
5
|
+
mappings: MappedTransform<ExecJSON.Execution, ILookupPath>;
|
|
6
|
+
constructor(fvdl: string);
|
|
7
|
+
setMappings(customMappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
8
|
+
}
|
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.FortifyMapper = void 0;
|
|
7
|
+
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
|
+
const inspecjs_1 = require("inspecjs");
|
|
9
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
10
|
+
const package_json_1 = require("../package.json");
|
|
11
|
+
const base_converter_1 = require("./base-converter");
|
|
12
|
+
const NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4';
|
|
13
|
+
const DEFAULT_NIST_TAG = ['unmapped', 'Rev_4'];
|
|
14
|
+
function parseXml(xml) {
|
|
15
|
+
const options = {
|
|
16
|
+
attributeNamePrefix: '',
|
|
17
|
+
textNodeName: 'text',
|
|
18
|
+
ignoreAttributes: false
|
|
19
|
+
};
|
|
20
|
+
return fast_xml_parser_1.default.parse(xml, options);
|
|
21
|
+
}
|
|
22
|
+
function impactMapping(input, id) {
|
|
23
|
+
if (Array.isArray(input)) {
|
|
24
|
+
const matches = input.find((element) => {
|
|
25
|
+
return lodash_1.default.get(element, 'ClassInfo.ClassID') === id;
|
|
26
|
+
});
|
|
27
|
+
return parseFloat(lodash_1.default.get(matches, 'ClassInfo.DefaultSeverity')) / 5;
|
|
28
|
+
}
|
|
29
|
+
else {
|
|
30
|
+
return parseFloat(lodash_1.default.get(input, 'ClassInfo.DefaultSeverity')) / 5;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
function nistTag(rule) {
|
|
34
|
+
let references = lodash_1.default.get(rule, 'References.Reference');
|
|
35
|
+
if (!Array.isArray(references)) {
|
|
36
|
+
references = [references];
|
|
37
|
+
}
|
|
38
|
+
if (Array.isArray(references)) {
|
|
39
|
+
const tag = references.find((element) => {
|
|
40
|
+
return lodash_1.default.get(element, 'Author') === NIST_REFERENCE_NAME;
|
|
41
|
+
});
|
|
42
|
+
if (tag === null || tag === undefined) {
|
|
43
|
+
return DEFAULT_NIST_TAG;
|
|
44
|
+
}
|
|
45
|
+
else {
|
|
46
|
+
return lodash_1.default.get(tag, 'Title')
|
|
47
|
+
.match(/[a-zA-Z][a-zA-Z]-\d{1,2}/)
|
|
48
|
+
.concat(['Rev_4']);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
return [];
|
|
52
|
+
}
|
|
53
|
+
function processEntry(input) {
|
|
54
|
+
const output = [];
|
|
55
|
+
output.push(`${lodash_1.default.get(input, 'id')}<=SNIPPET`);
|
|
56
|
+
output.push(`\nPath: ${lodash_1.default.get(input, 'File')}\n`);
|
|
57
|
+
output.push(`StartLine: ${lodash_1.default.get(input, 'StartLine')}, `);
|
|
58
|
+
output.push(`EndLine: ${lodash_1.default.get(input, 'EndLine')}\n`);
|
|
59
|
+
output.push(`Code:\n${lodash_1.default.get(input, 'Text').trim()}`);
|
|
60
|
+
return output.join('');
|
|
61
|
+
}
|
|
62
|
+
function makeArray(input) {
|
|
63
|
+
if (Array.isArray(input)) {
|
|
64
|
+
return input;
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
return [input];
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
function filterVuln(input, file) {
|
|
71
|
+
input.forEach((element) => {
|
|
72
|
+
if (element instanceof Object) {
|
|
73
|
+
lodash_1.default.set(element, 'results', lodash_1.default.get(element, 'results').filter((result) => {
|
|
74
|
+
const codedesc = lodash_1.default.get(result, 'code_desc').split('<=SNIPPET');
|
|
75
|
+
const snippetid = codedesc[0];
|
|
76
|
+
const classid = lodash_1.default.get(element, 'id');
|
|
77
|
+
lodash_1.default.set(result, 'code_desc', codedesc[1]);
|
|
78
|
+
let isMatch = false;
|
|
79
|
+
const matches = lodash_1.default.get(file, 'FVDL.Vulnerabilities.Vulnerability').filter((subElement) => {
|
|
80
|
+
return lodash_1.default.get(subElement, 'ClassInfo.ClassID') === classid;
|
|
81
|
+
});
|
|
82
|
+
matches.forEach((match) => {
|
|
83
|
+
const traces = makeArray(lodash_1.default.get(match, 'AnalysisInfo.Unified.Trace'));
|
|
84
|
+
traces.forEach((trace) => {
|
|
85
|
+
const entries = makeArray(lodash_1.default.get(trace, 'Primary.Entry'));
|
|
86
|
+
const filteredEntries = entries.filter((entry) => {
|
|
87
|
+
return lodash_1.default.has(entry, 'Node.SourceLocation.snippet');
|
|
88
|
+
});
|
|
89
|
+
filteredEntries.forEach((entry) => {
|
|
90
|
+
if (lodash_1.default.get(entry, 'Node.SourceLocation.snippet') === snippetid) {
|
|
91
|
+
isMatch = true;
|
|
92
|
+
}
|
|
93
|
+
});
|
|
94
|
+
});
|
|
95
|
+
});
|
|
96
|
+
return isMatch;
|
|
97
|
+
}));
|
|
98
|
+
lodash_1.default.set(element, 'impact', impactMapping(lodash_1.default.get(element, 'impact'), lodash_1.default.get(element, 'id')));
|
|
99
|
+
}
|
|
100
|
+
return element;
|
|
101
|
+
});
|
|
102
|
+
return input;
|
|
103
|
+
}
|
|
104
|
+
class FortifyMapper extends base_converter_1.BaseConverter {
|
|
105
|
+
constructor(fvdl) {
|
|
106
|
+
super(parseXml(fvdl));
|
|
107
|
+
this.mappings = {
|
|
108
|
+
platform: {
|
|
109
|
+
name: 'Heimdall Tools',
|
|
110
|
+
release: package_json_1.version,
|
|
111
|
+
target_id: ''
|
|
112
|
+
},
|
|
113
|
+
version: package_json_1.version,
|
|
114
|
+
statistics: {
|
|
115
|
+
duration: null
|
|
116
|
+
},
|
|
117
|
+
profiles: [
|
|
118
|
+
{
|
|
119
|
+
name: 'Fortify Static Analyzer Scan',
|
|
120
|
+
version: { path: 'FVDL.EngineData.EngineVersion' },
|
|
121
|
+
title: 'Fortify Static Analyzer Scan',
|
|
122
|
+
maintainer: null,
|
|
123
|
+
summary: {
|
|
124
|
+
path: 'FVDL.UUID',
|
|
125
|
+
transformer: (uuid) => {
|
|
126
|
+
return `Fortify Static Analyzer Scan of UUID: ${uuid}`;
|
|
127
|
+
}
|
|
128
|
+
},
|
|
129
|
+
license: null,
|
|
130
|
+
copyright: null,
|
|
131
|
+
copyright_email: null,
|
|
132
|
+
supports: [],
|
|
133
|
+
attributes: [],
|
|
134
|
+
depends: [],
|
|
135
|
+
groups: [],
|
|
136
|
+
status: 'loaded',
|
|
137
|
+
controls: [
|
|
138
|
+
{
|
|
139
|
+
arrayTransformer: filterVuln,
|
|
140
|
+
path: 'FVDL.Description',
|
|
141
|
+
key: 'id',
|
|
142
|
+
id: { path: 'classID' },
|
|
143
|
+
title: { path: 'Abstract', transformer: base_converter_1.parseHtml },
|
|
144
|
+
desc: { path: 'Explanation', transformer: base_converter_1.parseHtml },
|
|
145
|
+
impact: { path: '$.FVDL.Vulnerabilities.Vulnerability' },
|
|
146
|
+
tags: {
|
|
147
|
+
nist: { transformer: nistTag }
|
|
148
|
+
},
|
|
149
|
+
descriptions: [],
|
|
150
|
+
refs: [],
|
|
151
|
+
source_location: {},
|
|
152
|
+
code: '',
|
|
153
|
+
results: [
|
|
154
|
+
{
|
|
155
|
+
path: '$.FVDL.Snippets.Snippet',
|
|
156
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
157
|
+
code_desc: { transformer: processEntry },
|
|
158
|
+
run_time: 0,
|
|
159
|
+
start_time: {
|
|
160
|
+
path: '$.FVDL.CreatedTS',
|
|
161
|
+
transformer: (input) => {
|
|
162
|
+
return `${lodash_1.default.get(input, 'date')} ${lodash_1.default.get(input, 'time')}`;
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
]
|
|
167
|
+
}
|
|
168
|
+
],
|
|
169
|
+
sha256: ''
|
|
170
|
+
}
|
|
171
|
+
]
|
|
172
|
+
};
|
|
173
|
+
this.startTime = `${lodash_1.default.get(this.data, 'FVDL.CreatedTS.date')} ${lodash_1.default.get(this.data, 'FVDL.CreatedTS.time')}`;
|
|
174
|
+
}
|
|
175
|
+
setMappings(customMappings) {
|
|
176
|
+
super.setMappings(customMappings);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
exports.FortifyMapper = FortifyMapper;
|
|
180
|
+
//# sourceMappingURL=fortify-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fortify-mapper.js","sourceRoot":"","sources":["../../src/fortify-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAK0B;AAE1B,MAAM,mBAAmB,GACvB,gEAAgE,CAAC;AACnE,MAAM,gBAAgB,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAE/C,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AACD,SAAS,aAAa,CAAC,KAA8B,EAAE,EAAU;IAC/D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACxB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACrC,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,mBAAmB,CAAC,KAAK,EAAE,CAAC;QACpD,CAAC,CAAC,CAAC;QACH,OAAO,UAAU,CAAC,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,UAAU,CAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,2BAA2B,CAAW,CAAC,GAAG,CAAC,CAAC;KAC5E;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAA6B;IAC5C,IAAI,UAAU,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IACrD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;QAC9B,UAAU,GAAG,CAAC,UAAU,CAAC,CAAC;KAC3B;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;QAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,OAAgC,EAAE,EAAE;YAC/D,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,mBAAmB,CAAC;QAC1D,CAAC,CAAC,CAAC;QACH,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE;YACrC,OAAO,gBAAgB,CAAC;SACzB;aAAM;YACL,OAAO,gBAAC,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC;iBACvB,KAAK,CAAC,0BAA0B,CAAC;iBACjC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;SACtB;KACF;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC,WAAW,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,CAAC,cAAc,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,CAAC,IAAI,CAAC,YAAY,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,UAAU,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAErD,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACzB,CAAC;AACD,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACxB,OAAO,KAAkB,CAAC;KAC3B;SAAM;QACL,OAAO,CAAC,KAAK,CAAC,CAAC;KAChB;AACH,CAAC;AACD,SAAS,UAAU,CAAC,KAAgB,EAAE,IAAa;IACjD,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QACxB,IAAI,OAAO,YAAY,MAAM,EAAE;YAC7B,gBAAC,CAAC,GAAG,CACH,OAAO,EACP,SAAS,EACT,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,MAA8B,EAAE,EAAE;gBAClE,MAAM,QAAQ,GAAG,gBAAC,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC9B,MAAM,OAAO,GAAG,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBACrC,gBAAC,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAExC,IAAI,OAAO,GAAG,KAAK,CAAC;gBACpB,MAAM,OAAO,GAAG,gBAAC,CAAC,GAAG,CACnB,IAAI,EACJ,oCAAoC,CACrC,CAAC,MAAM,CAAC,CAAC,UAAmC,EAAE,EAAE;oBAC/C,OAAO,gBAAC,CAAC,GAAG,CAAC,UAAU,EAAE,mBAAmB,CAAC,KAAK,OAAO,CAAC;gBAC5D,CAAC,CAAC,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,CAAC,KAA8B,EAAE,EAAE;oBACjD,MAAM,MAAM,GAAc,SAAS,CACjC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,4BAA4B,CAAC,CAC3C,CAAC;oBACF,MAAM,CAAC,OAAO,CAAC,CAAC,KAAc,EAAE,EAAE;wBAChC,MAAM,OAAO,GAAc,SAAS,CAClC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,eAAe,CAAC,CAC9B,CAAC;wBACF,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,KAAc,EAAE,EAAE;4BACxD,OAAO,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;wBACrD,CAAC,CAAC,CAAC;wBACH,eAAe,CAAC,OAAO,CAAC,CAAC,KAAc,EAAE,EAAE;4BACzC,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,6BAA6B,CAAC,KAAK,SAAS,EAAE;gCAC7D,OAAO,GAAG,IAAI,CAAC;6BAChB;wBACH,CAAC,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBACH,OAAO,OAAO,CAAC;YACjB,CAAC,CAAC,CACH,CAAC;YACF,gBAAC,CAAC,GAAG,CACH,OAAO,EACP,QAAQ,EACR,aAAa,CAAC,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAC9D,CAAC;SACH;QACD,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;IACH,OAAO,KAA2B,CAAC;AACrC,CAAC;AAED,MAAa,aAAc,SAAQ,8BAAa;IAoE9C,YAAY,IAAY;QACtB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAnExB,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,8BAA8B;oBACpC,OAAO,EAAE,EAAC,IAAI,EAAE,+BAA+B,EAAC;oBAChD,KAAK,EAAE,8BAA8B;oBACrC,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE;wBACP,IAAI,EAAE,WAAW;wBACjB,WAAW,EAAE,CAAC,IAAa,EAAU,EAAE;4BACrC,OAAO,yCAAyC,IAAI,EAAE,CAAC;wBACzD,CAAC;qBACF;oBACD,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,gBAAgB,EAAE,UAAU;4BAC5B,IAAI,EAAE,kBAAkB;4BACxB,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,SAAS,EAAC;4BACrB,KAAK,EAAE,EAAC,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,0BAAS,EAAC;4BACjD,IAAI,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,0BAAS,EAAC;4BACnD,MAAM,EAAE,EAAC,IAAI,EAAE,sCAAsC,EAAC;4BACtD,IAAI,EAAE;gCACJ,IAAI,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;6BAC7B;4BACD,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,IAAI,EAAE,yBAAyB;oCAC/B,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,WAAW,EAAE,YAAY,EAAC;oCACtC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE;wCACV,IAAI,EAAE,kBAAkB;wCACxB,WAAW,EAAE,CAAC,KAAc,EAAU,EAAE;4CACtC,OAAO,GAAG,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC;wCAC3D,CAAC;qCACF;iCACF;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;QAGA,IAAI,CAAC,SAAS,GAAG,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,IAAI,gBAAC,CAAC,GAAG,CAClE,IAAI,CAAC,IAAI,EACT,qBAAqB,CACtB,EAAE,CAAC;IACN,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AAhFD,sCAgFC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
export declare class JfrogXrayMapper extends BaseConverter {
|
|
4
|
+
mappings: MappedTransform<ExecJSON.Execution, ILookupPath>;
|
|
5
|
+
constructor(xrayJson: string);
|
|
6
|
+
setMappings(customMappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
7
|
+
}
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.JfrogXrayMapper = void 0;
|
|
7
|
+
const inspecjs_1 = require("inspecjs");
|
|
8
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
9
|
+
const path_1 = __importDefault(require("path"));
|
|
10
|
+
const package_json_1 = require("../package.json");
|
|
11
|
+
const base_converter_1 = require("./base-converter");
|
|
12
|
+
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
13
|
+
const IMPACT_MAPPING = new Map([
|
|
14
|
+
['high', 0.7],
|
|
15
|
+
['medium', 0.5],
|
|
16
|
+
['low', 0.3]
|
|
17
|
+
]);
|
|
18
|
+
const CWE_NIST_MAPPING_FILE = path_1.default.resolve(__dirname, '../data/cwe-nist-mapping.csv');
|
|
19
|
+
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping(CWE_NIST_MAPPING_FILE);
|
|
20
|
+
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
21
|
+
function hashId(vulnerability) {
|
|
22
|
+
if (lodash_1.default.get(vulnerability, 'id') === '') {
|
|
23
|
+
return (0, base_converter_1.generateHash)(lodash_1.default.get(vulnerability, 'summary').toString(), 'md5');
|
|
24
|
+
}
|
|
25
|
+
else {
|
|
26
|
+
return lodash_1.default.get(vulnerability, 'id');
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
function formatDesc(vulnerability) {
|
|
30
|
+
const text = [];
|
|
31
|
+
if (lodash_1.default.has(vulnerability, 'description')) {
|
|
32
|
+
text.push(lodash_1.default.get(vulnerability, 'description').toString());
|
|
33
|
+
}
|
|
34
|
+
if (lodash_1.default.has(vulnerability, 'cves')) {
|
|
35
|
+
const re1 = /":/gi;
|
|
36
|
+
const re2 = /,/gi;
|
|
37
|
+
text.push(`cves: ${JSON.stringify(lodash_1.default.get(vulnerability, 'cves'))
|
|
38
|
+
.replace(re1, '"=>')
|
|
39
|
+
.replace(re2, ', ')}`);
|
|
40
|
+
}
|
|
41
|
+
return text.join('<br>');
|
|
42
|
+
}
|
|
43
|
+
function formatCodeDesc(vulnerability) {
|
|
44
|
+
const codeDescArray = [];
|
|
45
|
+
const re = /,/gi;
|
|
46
|
+
if (lodash_1.default.has(vulnerability, 'source_comp_id')) {
|
|
47
|
+
codeDescArray.push(`source_comp_id : ${lodash_1.default.get(vulnerability, 'source_comp_id')}`);
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
codeDescArray.push('source_comp_id : ');
|
|
51
|
+
}
|
|
52
|
+
if (lodash_1.default.has(vulnerability, 'component_versions.vulnerable_versions')) {
|
|
53
|
+
codeDescArray.push(`vulnerable_versions : ${JSON.stringify(lodash_1.default.get(vulnerability, 'component_versions.vulnerable_versions'))}`);
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
codeDescArray.push('vulnerable_versions : ');
|
|
57
|
+
}
|
|
58
|
+
if (lodash_1.default.has(vulnerability, 'component_versions.fixed_versions')) {
|
|
59
|
+
codeDescArray.push(`fixed_versions : ${JSON.stringify(lodash_1.default.get(vulnerability, 'component_versions.fixed_versions'))}`);
|
|
60
|
+
}
|
|
61
|
+
else {
|
|
62
|
+
codeDescArray.push('fixed_versions : ');
|
|
63
|
+
}
|
|
64
|
+
if (lodash_1.default.has(vulnerability, 'issue_type')) {
|
|
65
|
+
codeDescArray.push(`issue_type : ${lodash_1.default.get(vulnerability, 'issue_type')}`);
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
codeDescArray.push('issue_type : ');
|
|
69
|
+
}
|
|
70
|
+
if (lodash_1.default.has(vulnerability, 'provider')) {
|
|
71
|
+
codeDescArray.push(`provider : ${lodash_1.default.get(vulnerability, 'provider')}`);
|
|
72
|
+
}
|
|
73
|
+
else {
|
|
74
|
+
codeDescArray.push('provider : ');
|
|
75
|
+
}
|
|
76
|
+
return codeDescArray.join('\n').replace(re, ', ');
|
|
77
|
+
}
|
|
78
|
+
function parseIdentifier(identifier) {
|
|
79
|
+
const output = [];
|
|
80
|
+
if (Array.isArray(identifier)) {
|
|
81
|
+
identifier.forEach((element) => {
|
|
82
|
+
if (element.split('CWE-')[1]) {
|
|
83
|
+
output.push(element.split('CWE-')[1]);
|
|
84
|
+
}
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
return output;
|
|
88
|
+
}
|
|
89
|
+
function nistTag(identifier) {
|
|
90
|
+
const identifiers = parseIdentifier(identifier);
|
|
91
|
+
return CWE_NIST_MAPPING.nistFilter(identifiers, DEFAULT_NIST_TAG);
|
|
92
|
+
}
|
|
93
|
+
class JfrogXrayMapper extends base_converter_1.BaseConverter {
|
|
94
|
+
constructor(xrayJson) {
|
|
95
|
+
super(JSON.parse(xrayJson), true);
|
|
96
|
+
this.mappings = {
|
|
97
|
+
platform: {
|
|
98
|
+
name: 'Heimdall Tools',
|
|
99
|
+
release: package_json_1.version,
|
|
100
|
+
target_id: ''
|
|
101
|
+
},
|
|
102
|
+
version: package_json_1.version,
|
|
103
|
+
statistics: {
|
|
104
|
+
duration: null
|
|
105
|
+
},
|
|
106
|
+
profiles: [
|
|
107
|
+
{
|
|
108
|
+
name: 'JFrog Xray Scan',
|
|
109
|
+
version: '',
|
|
110
|
+
title: 'JFrog Xray Scan',
|
|
111
|
+
maintainer: null,
|
|
112
|
+
summary: 'Continuous Security and Universal Artifact Analysis',
|
|
113
|
+
license: null,
|
|
114
|
+
copyright: null,
|
|
115
|
+
copyright_email: null,
|
|
116
|
+
supports: [],
|
|
117
|
+
attributes: [],
|
|
118
|
+
depends: [],
|
|
119
|
+
groups: [],
|
|
120
|
+
status: 'loaded',
|
|
121
|
+
controls: [
|
|
122
|
+
{
|
|
123
|
+
path: 'data',
|
|
124
|
+
key: 'id',
|
|
125
|
+
tags: {
|
|
126
|
+
nist: {
|
|
127
|
+
path: 'component_versions.more_details.cves[0].cwe',
|
|
128
|
+
transformer: nistTag
|
|
129
|
+
},
|
|
130
|
+
cweid: {
|
|
131
|
+
path: 'component_versions.more_details.cves[0].cwe',
|
|
132
|
+
transformer: parseIdentifier
|
|
133
|
+
}
|
|
134
|
+
},
|
|
135
|
+
descriptions: [],
|
|
136
|
+
refs: [],
|
|
137
|
+
source_location: {},
|
|
138
|
+
id: { transformer: hashId },
|
|
139
|
+
title: { path: 'summary' },
|
|
140
|
+
desc: {
|
|
141
|
+
path: 'component_versions.more_details',
|
|
142
|
+
transformer: formatDesc
|
|
143
|
+
},
|
|
144
|
+
impact: {
|
|
145
|
+
path: 'severity',
|
|
146
|
+
transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
|
|
147
|
+
},
|
|
148
|
+
code: '',
|
|
149
|
+
results: [
|
|
150
|
+
{
|
|
151
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
152
|
+
code_desc: { transformer: formatCodeDesc },
|
|
153
|
+
run_time: 0,
|
|
154
|
+
start_time: ''
|
|
155
|
+
}
|
|
156
|
+
]
|
|
157
|
+
}
|
|
158
|
+
],
|
|
159
|
+
sha256: ''
|
|
160
|
+
}
|
|
161
|
+
]
|
|
162
|
+
};
|
|
163
|
+
}
|
|
164
|
+
setMappings(customMappings) {
|
|
165
|
+
super.setMappings(customMappings);
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
exports.JfrogXrayMapper = JfrogXrayMapper;
|
|
169
|
+
//# sourceMappingURL=jfrog-xray-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jfrog-xray-mapper.js","sourceRoot":"","sources":["../../src/jfrog-xray-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,gDAAwB;AACxB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;AAGzD,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;CACb,CAAC,CAAC;AACH,MAAM,qBAAqB,GAAG,cAAI,CAAC,OAAO,CACxC,SAAS,EACT,8BAA8B,CAC/B,CAAC;AACF,MAAM,gBAAgB,GAAG,IAAI,+BAAc,CAAC,qBAAqB,CAAC,CAAC;AACnE,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAG3C,SAAS,MAAM,CAAC,aAAsB;IACpC,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,EAAE,EAAE;QACrC,OAAO,IAAA,6BAAY,EAAC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;KACxE;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAW,CAAC;KAC7C;AACH,CAAC;AACD,SAAS,UAAU,CAAC,aAAsB;IACxC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,EAAE;QACvC,IAAI,CAAC,IAAI,CAAC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;KAC3D;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;QAChC,MAAM,GAAG,GAAG,MAAM,CAAC;QACnB,MAAM,GAAG,GAAG,KAAK,CAAC;QAClB,IAAI,CAAC,IAAI,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;aAClD,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC;aACnB,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CACxB,CAAC;KACH;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AACD,SAAS,cAAc,CAAC,aAAsB;IAC5C,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,KAAK,CAAC;IACjB,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,gBAAgB,CAAC,EAAE;QAC1C,aAAa,CAAC,IAAI,CAChB,oBAAoB,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,gBAAgB,CAAC,EAAE,CAC7D,CAAC;KACH;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KACzC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,wCAAwC,CAAC,EAAE;QAClE,aAAa,CAAC,IAAI,CAChB,yBAAyB,IAAI,CAAC,SAAS,CACrC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,wCAAwC,CAAC,CAC/D,EAAE,CACJ,CAAC;KACH;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;KAC9C;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mCAAmC,CAAC,EAAE;QAC7D,aAAa,CAAC,IAAI,CAChB,oBAAoB,IAAI,CAAC,SAAS,CAChC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mCAAmC,CAAC,CAC1D,EAAE,CACJ,CAAC;KACH;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KACzC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE;QACtC,aAAa,CAAC,IAAI,CAAC,gBAAgB,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;KAC1E;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;KACrC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE;QACpC,aAAa,CAAC,IAAI,CAAC,cAAc,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;KACtE;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KACnC;IACD,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;AACpD,CAAC;AACD,SAAS,eAAe,CAAC,UAAmC;IAC1D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;QAC7B,UAAU,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aACvC;QACH,CAAC,CAAC,CAAC;KACJ;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AACD,SAAS,OAAO,CAAC,UAAmC;IAClD,MAAM,WAAW,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAChD,OAAO,gBAAgB,CAAC,UAAU,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;AACpE,CAAC;AAID,MAAa,eAAgB,SAAQ,8BAAa;IAoEhD,YAAY,QAAgB;QAC1B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QApEpC,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE,iBAAiB;oBACxB,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,qDAAqD;oBAC9D,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,MAAM;4BACZ,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,6CAA6C;oCACnD,WAAW,EAAE,OAAO;iCACrB;gCACD,KAAK,EAAE;oCACL,IAAI,EAAE,6CAA6C;oCACnD,WAAW,EAAE,eAAe;iCAC7B;6BACF;4BACD,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,EAAE,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;4BACzB,KAAK,EAAE,EAAC,IAAI,EAAE,SAAS,EAAC;4BACxB,IAAI,EAAE;gCACJ,IAAI,EAAE,iCAAiC;gCACvC,WAAW,EAAE,UAAU;6BACxB;4BACD,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAE;iCACf;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AA5ED,0CA4EC"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.CciNistMapping = void 0;
|
|
7
|
+
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
|
+
const fs_1 = __importDefault(require("fs"));
|
|
9
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
10
|
+
const CciNistMappingItem_1 = require("./CciNistMappingItem");
|
|
11
|
+
const options = {
|
|
12
|
+
attributeNamePrefix: '',
|
|
13
|
+
textNodeName: 'text',
|
|
14
|
+
ignoreAttributes: false
|
|
15
|
+
};
|
|
16
|
+
class CciNistMapping {
|
|
17
|
+
constructor(xmlDataPath) {
|
|
18
|
+
this.data = [];
|
|
19
|
+
const tags = lodash_1.default.get(fast_xml_parser_1.default.parse(fs_1.default.readFileSync(xmlDataPath, { encoding: 'utf-8' }), options), 'cci_list.cci_items.cci_item');
|
|
20
|
+
if (Array.isArray(tags)) {
|
|
21
|
+
tags.forEach((element) => {
|
|
22
|
+
let path = '';
|
|
23
|
+
if (Array.isArray(lodash_1.default.get(element, 'references.reference'))) {
|
|
24
|
+
path = 'references.reference[2].index';
|
|
25
|
+
if (lodash_1.default.get(element, path) === null ||
|
|
26
|
+
lodash_1.default.get(element, path) === undefined) {
|
|
27
|
+
path = 'references.reference[0].index';
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
else {
|
|
31
|
+
path = 'references.reference.index';
|
|
32
|
+
}
|
|
33
|
+
this.data.push(new CciNistMappingItem_1.CciNistMappingItem(lodash_1.default.get(element, 'id'), lodash_1.default.get(element, path)));
|
|
34
|
+
});
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
nistFilter(identifiers, defaultNist, collapse = true) {
|
|
38
|
+
const DEFAULT_NIST_TAG = defaultNist;
|
|
39
|
+
const matches = [];
|
|
40
|
+
identifiers.forEach((id) => {
|
|
41
|
+
const item = this.data.find((element) => element.cci === id);
|
|
42
|
+
if (item && item.nistId) {
|
|
43
|
+
if (collapse) {
|
|
44
|
+
if (matches.indexOf(item.nistId) === -1) {
|
|
45
|
+
matches.push(item.nistId);
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
else {
|
|
49
|
+
matches.push(item.nistId);
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
});
|
|
53
|
+
if (matches.length === 0) {
|
|
54
|
+
return DEFAULT_NIST_TAG;
|
|
55
|
+
}
|
|
56
|
+
return matches;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
exports.CciNistMapping = CciNistMapping;
|
|
60
|
+
//# sourceMappingURL=CciNistMapping.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CciNistMapping.js","sourceRoot":"","sources":["../../../src/mappings/CciNistMapping.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,4CAAoB;AACpB,oDAAuB;AACvB,6DAAwD;AAExD,MAAM,OAAO,GAAG;IACd,mBAAmB,EAAE,EAAE;IACvB,YAAY,EAAE,MAAM;IACpB,gBAAgB,EAAE,KAAK;CACxB,CAAC;AAEF,MAAa,cAAc;IAGzB,YAAY,WAAmB;QAC7B,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,gBAAC,CAAC,GAAG,CAChB,yBAAM,CAAC,KAAK,CAAC,YAAE,CAAC,YAAY,CAAC,WAAW,EAAE,EAAC,QAAQ,EAAE,OAAO,EAAC,CAAC,EAAE,OAAO,CAAC,EACxE,6BAA6B,CAC9B,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACvB,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBACvB,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC,EAAE;oBACzD,IAAI,GAAG,+BAA+B,CAAC;oBACvC,IACE,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,IAAI;wBAC7B,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,SAAS,EAClC;wBACA,IAAI,GAAG,+BAA+B,CAAC;qBACxC;iBACF;qBAAM;oBACL,IAAI,GAAG,4BAA4B,CAAC;iBACrC;gBACD,IAAI,CAAC,IAAI,CAAC,IAAI,CACZ,IAAI,uCAAkB,CAAC,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CACnE,CAAC;YACJ,CAAC,CAAC,CAAC;SACJ;IACH,CAAC;IAED,UAAU,CACR,WAAqB,EACrB,WAAqB,EACrB,QAAQ,GAAG,IAAI;QAEf,MAAM,gBAAgB,GAAG,WAAW,CAAC;QACrC,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;YAC7D,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE;gBACvB,IAAI,QAAQ,EAAE;oBACZ,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE;wBACvC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;qBAC3B;iBACF;qBAAM;oBACL,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;iBAC3B;aACF;QACH,CAAC,CAAC,CAAC;QACH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,OAAO,gBAAgB,CAAC;SACzB;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAtDD,wCAsDC"}
|