@mitre/hdf-converters 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +9 -0
- package/README.md +4 -0
- package/lib/data/U_CCI_List.xml +38403 -0
- package/lib/data/aws-config-mapping.csv +107 -0
- package/lib/data/cwe-nist-mapping.csv +203 -0
- package/lib/data/nessus-plugins-nist-mapping.csv +108 -0
- package/lib/data/nikto-nist-mapping.csv +8942 -0
- package/lib/data/owasp-nist-mapping.csv +11 -0
- package/lib/data/scoutsuite-nist-mapping.csv +140 -0
- package/lib/index.d.ts +12 -0
- package/lib/index.js +25 -0
- package/lib/index.js.map +1 -0
- package/lib/package.json +45 -0
- package/lib/src/base-converter.d.ts +39 -0
- package/lib/src/base-converter.js +216 -0
- package/lib/src/base-converter.js.map +1 -0
- package/lib/src/burpsuite-mapper.d.ts +7 -0
- package/lib/src/burpsuite-mapper.js +157 -0
- package/lib/src/burpsuite-mapper.js.map +1 -0
- package/lib/src/dbprotect-mapper.d.ts +7 -0
- package/lib/src/dbprotect-mapper.js +165 -0
- package/lib/src/dbprotect-mapper.js.map +1 -0
- package/lib/src/fortify-mapper.d.ts +8 -0
- package/lib/src/fortify-mapper.js +180 -0
- package/lib/src/fortify-mapper.js.map +1 -0
- package/lib/src/jfrog-xray-mapper.d.ts +7 -0
- package/lib/src/jfrog-xray-mapper.js +169 -0
- package/lib/src/jfrog-xray-mapper.js.map +1 -0
- package/lib/src/mappings/CciNistMapping.d.ts +6 -0
- package/lib/src/mappings/CciNistMapping.js +60 -0
- package/lib/src/mappings/CciNistMapping.js.map +1 -0
- package/lib/src/mappings/CciNistMappingItem.d.ts +5 -0
- package/lib/src/mappings/CciNistMappingItem.js +11 -0
- package/lib/src/mappings/CciNistMappingItem.js.map +1 -0
- package/lib/src/mappings/CweNistMapping.d.ts +6 -0
- package/lib/src/mappings/CweNistMapping.js +74 -0
- package/lib/src/mappings/CweNistMapping.js.map +1 -0
- package/lib/src/mappings/CweNistMappingItem.d.ts +8 -0
- package/lib/src/mappings/CweNistMappingItem.js +34 -0
- package/lib/src/mappings/CweNistMappingItem.js.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +6 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js +48 -0
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +7 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +23 -0
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -0
- package/lib/src/mappings/NiktoNistMapping.d.ts +6 -0
- package/lib/src/mappings/NiktoNistMapping.js +40 -0
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -0
- package/lib/src/mappings/NiktoNistMappingItem.d.ts +7 -0
- package/lib/src/mappings/NiktoNistMappingItem.js +28 -0
- package/lib/src/mappings/NiktoNistMappingItem.js.map +1 -0
- package/lib/src/mappings/OwaspNistMapping.d.ts +6 -0
- package/lib/src/mappings/OwaspNistMapping.js +55 -0
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -0
- package/lib/src/mappings/OwaspNistMappingItem.d.ts +8 -0
- package/lib/src/mappings/OwaspNistMappingItem.js +34 -0
- package/lib/src/mappings/OwaspNistMappingItem.js.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.d.ts +6 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js +39 -0
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.d.ts +5 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js +21 -0
- package/lib/src/mappings/ScoutsuiteNistMappingItem.js.map +1 -0
- package/lib/src/nessus-mapper.d.ts +13 -0
- package/lib/src/nessus-mapper.js +303 -0
- package/lib/src/nessus-mapper.js.map +1 -0
- package/lib/src/netsparker-mapper.d.ts +7 -0
- package/lib/src/netsparker-mapper.js +221 -0
- package/lib/src/netsparker-mapper.js.map +1 -0
- package/lib/src/nikto-mapper.d.ts +7 -0
- package/lib/src/nikto-mapper.js +96 -0
- package/lib/src/nikto-mapper.js.map +1 -0
- package/lib/src/sarif-mapper.d.ts +7 -0
- package/lib/src/sarif-mapper.js +143 -0
- package/lib/src/sarif-mapper.js.map +1 -0
- package/lib/src/scoutsuite-mapper.d.ts +7 -0
- package/lib/src/scoutsuite-mapper.js +258 -0
- package/lib/src/scoutsuite-mapper.js.map +1 -0
- package/lib/src/snyk-mapper.d.ts +14 -0
- package/lib/src/snyk-mapper.js +165 -0
- package/lib/src/snyk-mapper.js.map +1 -0
- package/lib/src/xccdf-results-mapper.d.ts +6 -0
- package/lib/src/xccdf-results-mapper.js +206 -0
- package/lib/src/xccdf-results-mapper.js.map +1 -0
- package/lib/src/zap-mapper.d.ts +8 -0
- package/lib/src/zap-mapper.js +177 -0
- package/lib/src/zap-mapper.js.map +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1,303 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.NessusMapper = exports.NessusResults = void 0;
|
|
7
|
+
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
|
+
const inspecjs_1 = require("inspecjs");
|
|
9
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
10
|
+
const path_1 = __importDefault(require("path"));
|
|
11
|
+
const package_json_1 = require("../package.json");
|
|
12
|
+
const base_converter_1 = require("./base-converter");
|
|
13
|
+
const CciNistMapping_1 = require("./mappings/CciNistMapping");
|
|
14
|
+
const NessusPluginsNistMapping_1 = require("./mappings/NessusPluginsNistMapping");
|
|
15
|
+
const IMPACT_MAPPING = new Map([
|
|
16
|
+
['4', 0.9],
|
|
17
|
+
['3', 0.7],
|
|
18
|
+
['i', 0.7],
|
|
19
|
+
['2', 0.5],
|
|
20
|
+
['ii', 0.5],
|
|
21
|
+
['1', 0.3],
|
|
22
|
+
['iii', 0.3],
|
|
23
|
+
['0', 0.0]
|
|
24
|
+
]);
|
|
25
|
+
const COMPLIANCE_PATH = 'cm:compliance-reference';
|
|
26
|
+
const NA_PLUGIN_OUTPUT = 'This Nessus Plugin does not provide output message.';
|
|
27
|
+
const NESSUS_PLUGINS_NIST_MAPPING_FILE = path_1.default.resolve(__dirname, '../data/nessus-plugins-nist-mapping.csv');
|
|
28
|
+
const NESSUS_PLUGINS_NIST_MAPPING = new NessusPluginsNistMapping_1.NessusPluginsNistMapping(NESSUS_PLUGINS_NIST_MAPPING_FILE);
|
|
29
|
+
const CCI_NIST_MAPPING_FILE = path_1.default.resolve(__dirname, '../data/U_CCI_List.xml');
|
|
30
|
+
const CCI_NIST_MAPPING = new CciNistMapping_1.CciNistMapping(CCI_NIST_MAPPING_FILE);
|
|
31
|
+
const DEFAULT_NIST_TAG = ['unmapped'];
|
|
32
|
+
function parseXml(xml) {
|
|
33
|
+
const options = {
|
|
34
|
+
attributeNamePrefix: '',
|
|
35
|
+
textNodeName: 'text',
|
|
36
|
+
ignoreAttributes: false
|
|
37
|
+
};
|
|
38
|
+
return fast_xml_parser_1.default.parse(xml, options);
|
|
39
|
+
}
|
|
40
|
+
let policyName;
|
|
41
|
+
let version;
|
|
42
|
+
function getPolicyName() {
|
|
43
|
+
return 'Nessus ' + policyName;
|
|
44
|
+
}
|
|
45
|
+
function getVersion() {
|
|
46
|
+
return version;
|
|
47
|
+
}
|
|
48
|
+
function getId(item) {
|
|
49
|
+
if (lodash_1.default.has(item, COMPLIANCE_PATH)) {
|
|
50
|
+
return parseRef(lodash_1.default.get(item, COMPLIANCE_PATH), 'Vuln-ID')[0];
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
return lodash_1.default.get(item, 'pluginID');
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
function getTitle(item) {
|
|
57
|
+
if (lodash_1.default.has(item, 'cm:compliance-check-name')) {
|
|
58
|
+
return lodash_1.default.get(item, 'cm:compliance-check-name');
|
|
59
|
+
}
|
|
60
|
+
else {
|
|
61
|
+
return lodash_1.default.get(item, 'pluginName');
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
function getDesc(item) {
|
|
65
|
+
if (lodash_1.default.has(item, 'cm:compliance-info')) {
|
|
66
|
+
return (0, base_converter_1.parseHtml)(lodash_1.default.get(item, 'cm:compliance-info'));
|
|
67
|
+
}
|
|
68
|
+
else {
|
|
69
|
+
return (0, base_converter_1.parseHtml)(formatDesc(item));
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
function formatDesc(issue) {
|
|
73
|
+
const desc = [];
|
|
74
|
+
desc.push(`Plugin Family: ${lodash_1.default.get(issue, 'pluginFamily')}`);
|
|
75
|
+
desc.push(`Port: ${lodash_1.default.get(issue, 'port')}`);
|
|
76
|
+
desc.push(`Protocol: ${lodash_1.default.get(issue, 'protocol')}`);
|
|
77
|
+
return desc.join('; ') + ';';
|
|
78
|
+
}
|
|
79
|
+
function pluginNistTag(item) {
|
|
80
|
+
const family = lodash_1.default.get(item, 'pluginFamily');
|
|
81
|
+
const id = lodash_1.default.get(item, 'pluginID');
|
|
82
|
+
return NESSUS_PLUGINS_NIST_MAPPING.nistFilter(family, id, DEFAULT_NIST_TAG);
|
|
83
|
+
}
|
|
84
|
+
function cciNistTag(input) {
|
|
85
|
+
const identifiers = parseRef(input, 'CCI');
|
|
86
|
+
return CCI_NIST_MAPPING.nistFilter(identifiers, DEFAULT_NIST_TAG, false);
|
|
87
|
+
}
|
|
88
|
+
function parseRef(input, key) {
|
|
89
|
+
const matches = input.split(',').filter((element) => element.startsWith(key));
|
|
90
|
+
return matches.map((element) => element.split('|')[1]);
|
|
91
|
+
}
|
|
92
|
+
function getImpact(item) {
|
|
93
|
+
if (lodash_1.default.has(item, COMPLIANCE_PATH)) {
|
|
94
|
+
return (0, base_converter_1.impactMapping)(IMPACT_MAPPING)(parseRef(lodash_1.default.get(item, COMPLIANCE_PATH), 'CAT').join(''));
|
|
95
|
+
}
|
|
96
|
+
else {
|
|
97
|
+
return (0, base_converter_1.impactMapping)(IMPACT_MAPPING)(lodash_1.default.get(item, 'severity'));
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
function getCheck(item) {
|
|
101
|
+
if (lodash_1.default.has(item, 'cm:compliance-solution')) {
|
|
102
|
+
return (0, base_converter_1.parseHtml)(lodash_1.default.get(item, 'cm:compliance-solution'));
|
|
103
|
+
}
|
|
104
|
+
else {
|
|
105
|
+
return '';
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
function getNist(item) {
|
|
109
|
+
if (lodash_1.default.has(item, COMPLIANCE_PATH)) {
|
|
110
|
+
return cciNistTag(lodash_1.default.get(item, COMPLIANCE_PATH));
|
|
111
|
+
}
|
|
112
|
+
else {
|
|
113
|
+
return pluginNistTag(item);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
function getCci(item) {
|
|
117
|
+
if (lodash_1.default.has(item, COMPLIANCE_PATH)) {
|
|
118
|
+
return parseRef(lodash_1.default.get(item, COMPLIANCE_PATH), 'CCI');
|
|
119
|
+
}
|
|
120
|
+
else {
|
|
121
|
+
return [];
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
function getRid(item) {
|
|
125
|
+
if (lodash_1.default.has(item, COMPLIANCE_PATH)) {
|
|
126
|
+
return parseRef(lodash_1.default.get(item, COMPLIANCE_PATH), 'Rule-ID').join(',');
|
|
127
|
+
}
|
|
128
|
+
else {
|
|
129
|
+
return lodash_1.default.get(item, 'pluginID');
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
function getStig(item) {
|
|
133
|
+
if (lodash_1.default.has(item, COMPLIANCE_PATH)) {
|
|
134
|
+
return parseRef(lodash_1.default.get(item, COMPLIANCE_PATH), 'STIG-ID').join(',');
|
|
135
|
+
}
|
|
136
|
+
else {
|
|
137
|
+
return '';
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
function getStatus(item) {
|
|
141
|
+
const result = lodash_1.default.get(item, 'cm:compliance-result');
|
|
142
|
+
switch (result) {
|
|
143
|
+
case 'PASSED':
|
|
144
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Passed;
|
|
145
|
+
case 'WARNING':
|
|
146
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Skipped;
|
|
147
|
+
case 'ERROR':
|
|
148
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Error;
|
|
149
|
+
default:
|
|
150
|
+
return inspecjs_1.ExecJSON.ControlResultStatus.Failed;
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
function formatCodeDesc(item) {
|
|
154
|
+
if (lodash_1.default.has(item, 'description')) {
|
|
155
|
+
return (0, base_converter_1.parseHtml)(lodash_1.default.get(item, 'description') || NA_PLUGIN_OUTPUT);
|
|
156
|
+
}
|
|
157
|
+
else {
|
|
158
|
+
return (0, base_converter_1.parseHtml)(lodash_1.default.get(item, 'plugin_output') || NA_PLUGIN_OUTPUT);
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
function getStartTime(tag) {
|
|
162
|
+
if (Array.isArray(tag)) {
|
|
163
|
+
return lodash_1.default.get(tag.find((element) => {
|
|
164
|
+
return lodash_1.default.get(element, 'name') === 'HOST_START';
|
|
165
|
+
}), 'text');
|
|
166
|
+
}
|
|
167
|
+
else {
|
|
168
|
+
return lodash_1.default.get(tag, 'text');
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
function cleanData(control) {
|
|
172
|
+
const filteredControl = control;
|
|
173
|
+
filteredControl.forEach((element) => {
|
|
174
|
+
if (element instanceof Object) {
|
|
175
|
+
if (lodash_1.default.get(element.tags, 'cci').length === 0) {
|
|
176
|
+
element.tags = lodash_1.default.omit(element.tags, 'cci');
|
|
177
|
+
}
|
|
178
|
+
if (lodash_1.default.get(element.tags, 'rid') === '') {
|
|
179
|
+
element.tags = lodash_1.default.omit(element.tags, 'rid');
|
|
180
|
+
}
|
|
181
|
+
if (lodash_1.default.get(element.tags, 'stig_id') === '') {
|
|
182
|
+
element.tags = lodash_1.default.omit(element.tags, 'stig_id');
|
|
183
|
+
}
|
|
184
|
+
if (element.descriptions !== undefined && element.descriptions !== null) {
|
|
185
|
+
if (lodash_1.default.get(element.descriptions[0], 'data') === '') {
|
|
186
|
+
element.descriptions = [];
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
});
|
|
191
|
+
return filteredControl;
|
|
192
|
+
}
|
|
193
|
+
class NessusResults {
|
|
194
|
+
constructor(nessusXml) {
|
|
195
|
+
this.data = parseXml(nessusXml);
|
|
196
|
+
}
|
|
197
|
+
toHdf() {
|
|
198
|
+
const results = [];
|
|
199
|
+
policyName = lodash_1.default.get(this.data, 'NessusClientData_v2.Policy.policyName');
|
|
200
|
+
const preference = lodash_1.default.get(this.data, 'NessusClientData_v2.Policy.Preferences.ServerPreferences.preference');
|
|
201
|
+
if (Array.isArray(preference)) {
|
|
202
|
+
version =
|
|
203
|
+
lodash_1.default.get(preference.find((element) => {
|
|
204
|
+
return lodash_1.default.get(element, 'name') === 'sc_version';
|
|
205
|
+
}), 'value') || '';
|
|
206
|
+
}
|
|
207
|
+
const reportHost = lodash_1.default.get(this.data, 'NessusClientData_v2.Report.ReportHost');
|
|
208
|
+
if (Array.isArray(reportHost)) {
|
|
209
|
+
reportHost.forEach((element) => {
|
|
210
|
+
const entry = new NessusMapper(element);
|
|
211
|
+
if (this.customMapping !== undefined) {
|
|
212
|
+
entry.setMappings(this.customMapping);
|
|
213
|
+
}
|
|
214
|
+
results.push(entry.toHdf());
|
|
215
|
+
});
|
|
216
|
+
return results;
|
|
217
|
+
}
|
|
218
|
+
else {
|
|
219
|
+
const result = new NessusMapper(reportHost);
|
|
220
|
+
if (this.customMapping !== undefined) {
|
|
221
|
+
result.setMappings(this.customMapping);
|
|
222
|
+
}
|
|
223
|
+
return result.toHdf();
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
setMappings(customMapping) {
|
|
227
|
+
this.customMapping = customMapping;
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
exports.NessusResults = NessusResults;
|
|
231
|
+
class NessusMapper extends base_converter_1.BaseConverter {
|
|
232
|
+
constructor(nessusJson) {
|
|
233
|
+
super(nessusJson);
|
|
234
|
+
this.mappings = {
|
|
235
|
+
platform: {
|
|
236
|
+
name: 'Heimdall Tools',
|
|
237
|
+
release: package_json_1.version,
|
|
238
|
+
target_id: { path: 'name' }
|
|
239
|
+
},
|
|
240
|
+
version: package_json_1.version,
|
|
241
|
+
statistics: {
|
|
242
|
+
duration: null
|
|
243
|
+
},
|
|
244
|
+
profiles: [
|
|
245
|
+
{
|
|
246
|
+
name: { transformer: getPolicyName },
|
|
247
|
+
version: { transformer: getVersion },
|
|
248
|
+
title: { transformer: getPolicyName },
|
|
249
|
+
maintainer: null,
|
|
250
|
+
summary: { transformer: getPolicyName },
|
|
251
|
+
license: null,
|
|
252
|
+
copyright: null,
|
|
253
|
+
copyright_email: null,
|
|
254
|
+
supports: [],
|
|
255
|
+
attributes: [],
|
|
256
|
+
depends: [],
|
|
257
|
+
groups: [],
|
|
258
|
+
status: 'loaded',
|
|
259
|
+
controls: [
|
|
260
|
+
{
|
|
261
|
+
arrayTransformer: cleanData,
|
|
262
|
+
path: 'ReportItem',
|
|
263
|
+
key: 'id',
|
|
264
|
+
tags: {
|
|
265
|
+
nist: { transformer: getNist },
|
|
266
|
+
cci: { transformer: getCci },
|
|
267
|
+
rid: { transformer: getRid },
|
|
268
|
+
stig_id: { transformer: getStig }
|
|
269
|
+
},
|
|
270
|
+
descriptions: [
|
|
271
|
+
{
|
|
272
|
+
data: { transformer: getCheck },
|
|
273
|
+
label: 'check'
|
|
274
|
+
}
|
|
275
|
+
],
|
|
276
|
+
refs: [],
|
|
277
|
+
source_location: {},
|
|
278
|
+
id: { transformer: getId },
|
|
279
|
+
title: { transformer: getTitle },
|
|
280
|
+
desc: { transformer: getDesc },
|
|
281
|
+
impact: { transformer: getImpact },
|
|
282
|
+
code: '',
|
|
283
|
+
results: [
|
|
284
|
+
{
|
|
285
|
+
status: { transformer: getStatus },
|
|
286
|
+
code_desc: { transformer: formatCodeDesc },
|
|
287
|
+
run_time: 0,
|
|
288
|
+
start_time: {
|
|
289
|
+
path: '$.HostProperties.tag',
|
|
290
|
+
transformer: getStartTime
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
]
|
|
294
|
+
}
|
|
295
|
+
],
|
|
296
|
+
sha256: ''
|
|
297
|
+
}
|
|
298
|
+
]
|
|
299
|
+
};
|
|
300
|
+
}
|
|
301
|
+
}
|
|
302
|
+
exports.NessusMapper = NessusMapper;
|
|
303
|
+
//# sourceMappingURL=nessus-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nessus-mapper.js","sourceRoot":"","sources":["../../src/nessus-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,gDAAwB;AACxB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;AACzD,kFAA6E;AAG7E,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,IAAI,EAAE,GAAG,CAAC;IACX,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,GAAG,EAAE,GAAG,CAAC;CACX,CAAC,CAAC;AACH,MAAM,eAAe,GAAG,yBAAyB,CAAC;AAClD,MAAM,gBAAgB,GAAG,qDAAqD,CAAC;AAC/E,MAAM,gCAAgC,GAAG,cAAI,CAAC,OAAO,CACnD,SAAS,EACT,yCAAyC,CAC1C,CAAC;AACF,MAAM,2BAA2B,GAAG,IAAI,mDAAwB,CAC9D,gCAAgC,CACjC,CAAC;AACF,MAAM,qBAAqB,GAAG,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAC;AAChF,MAAM,gBAAgB,GAAG,IAAI,+BAAc,CAAC,qBAAqB,CAAC,CAAC;AACnE,MAAM,gBAAgB,GAAG,CAAC,UAAU,CAAC,CAAC;AAEtC,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,IAAI,UAAkB,CAAC;AACvB,IAAI,OAAe,CAAC;AAEpB,SAAS,aAAa;IACpB,OAAO,SAAS,GAAG,UAAU,CAAC;AAChC,CAAC;AACD,SAAS,UAAU;IACjB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,KAAK,CAAC,IAAa;IAC1B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KAChC;AACH,CAAC;AACD,SAAS,QAAQ,CAAC,IAAa;IAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,0BAA0B,CAAC,EAAE;QAC3C,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,0BAA0B,CAAC,CAAC;KAChD;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KAClC;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,oBAAoB,CAAC,EAAE;QACrC,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC,CAAC;KACrD;SAAM;QACL,OAAO,IAAA,0BAAS,EAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;KACpC;AACH,CAAC;AACD,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;IAC5D,IAAI,CAAC,IAAI,CAAC,SAAS,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,IAAI,CAAC,aAAa,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AAC/B,CAAC;AACD,SAAS,aAAa,CAAC,IAAa;IAClC,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACnC,OAAO,2BAA2B,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,gBAAgB,CAAC,CAAC;AAC9E,CAAC;AACD,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,WAAW,GAAa,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrD,OAAO,gBAAgB,CAAC,UAAU,CAAC,WAAW,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAW;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AACD,SAAS,SAAS,CAAC,IAAa;IAC9B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,IAAA,8BAAa,EAAC,cAAc,CAAC,CAClC,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CACvD,CAAC;KACH;SAAM;QACL,OAAO,IAAA,8BAAa,EAAC,cAAc,CAAC,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;KAC/D;AACH,CAAC;AACD,SAAS,QAAQ,CAAC,IAAa;IAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,EAAE;QACzC,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC,CAAC;KACzD;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,UAAU,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;KACjD;SAAM;QACL,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;KAC5B;AACH,CAAC;AACD,SAAS,MAAM,CAAC,IAAa;IAC3B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC;KACtD;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,MAAM,CAAC,IAAa;IAC3B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KAChC;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,SAAS,CAAC,IAAa;IAC9B,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IACnD,QAAQ,MAAM,EAAE;QACd,KAAK,QAAQ;YACX,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;QAC7C,KAAK,SAAS;YACZ,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;QAC9C,KAAK,OAAO;YACV,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC;QAC5C;YACE,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;KAC9C;AACH,CAAC;AACD,SAAS,cAAc,CAAC,IAAa;IACnC,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE;QAC9B,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,gBAAgB,CAAC,CAAC;KAClE;SAAM;QACL,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,gBAAgB,CAAC,CAAC;KACpE;AACH,CAAC;AACD,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,gBAAC,CAAC,GAAG,CACV,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACnB,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC;QACjD,CAAC,CAAC,EACF,MAAM,CACP,CAAC;KACH;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;KAC3B;AACH,CAAC;AACD,SAAS,SAAS,CAAC,OAAkB;IACnC,MAAM,eAAe,GAAG,OAA6B,CAAC;IACtD,eAAe,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAClC,IAAI,OAAO,YAAY,MAAM,EAAE;YAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC3C,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;aAC5C;YACD,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,EAAE;gBACrC,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;aAC5C;YACD,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE,EAAE;gBACzC,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;aAChD;YACD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,IAAI,OAAO,CAAC,YAAY,KAAK,IAAI,EAAE;gBACvE,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE;oBACjD,OAAO,CAAC,YAAY,GAAG,EAAE,CAAC;iBAC3B;aACF;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,eAAe,CAAC;AACzB,CAAC;AACD,MAAa,aAAa;IAGxB,YAAY,SAAiB;QAC3B,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,KAAK;QACH,MAAM,OAAO,GAAyB,EAAE,CAAC;QACzC,UAAU,GAAG,gBAAC,CAAC,GAAG,CAChB,IAAI,CAAC,IAAI,EACT,uCAAuC,CAC9B,CAAC;QACZ,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CACtB,IAAI,CAAC,IAAI,EACT,qEAAqE,CACtE,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,OAAO;gBACL,gBAAC,CAAC,GAAG,CACH,UAAU,CAAC,IAAI,CAAC,CAAC,OAAgC,EAAE,EAAE;oBACnD,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC;gBACjD,CAAC,CAAC,EACF,OAAO,CACR,IAAI,EAAE,CAAC;SACX;QACD,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CACtB,IAAI,CAAC,IAAI,EACT,uCAAuC,CACxC,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,UAAU,CAAC,OAAO,CAAC,CAAC,OAAgC,EAAE,EAAE;gBACtD,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;gBACxC,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,EAAE;oBACpC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;iBACvC;gBACD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;SAChB;aAAM;YACL,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,UAAqC,CAAC,CAAC;YACvE,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,EAAE;gBACpC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;aACxC;YACD,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;SACvB;IACH,CAAC;IACD,WAAW,CACT,aAA+D;QAE/D,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACrC,CAAC;CACF;AApDD,sCAoDC;AAED,MAAa,YAAa,SAAQ,8BAAa;IAmE7C,YAAY,UAAmC;QAC7C,KAAK,CAAC,UAAU,CAAC,CAAC;QAnEpB,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;aAC1B;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,EAAC,WAAW,EAAE,aAAa,EAAC;oBAClC,OAAO,EAAE,EAAC,WAAW,EAAE,UAAU,EAAC;oBAClC,KAAK,EAAE,EAAC,WAAW,EAAE,aAAa,EAAC;oBACnC,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,EAAC,WAAW,EAAE,aAAa,EAAC;oBACrC,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,gBAAgB,EAAE,SAAS;4BAC3B,IAAI,EAAE,YAAY;4BAClB,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,IAAI,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;gCAC5B,GAAG,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;gCAC1B,GAAG,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;gCAC1B,OAAO,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;6BAChC;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,QAAQ,EAAC;oCAC7B,KAAK,EAAE,OAAO;iCACf;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,EAAE,EAAE,EAAC,WAAW,EAAE,KAAK,EAAC;4BACxB,KAAK,EAAE,EAAC,WAAW,EAAE,QAAQ,EAAC;4BAC9B,IAAI,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;4BAC5B,MAAM,EAAE,EAAC,WAAW,EAAE,SAAS,EAAC;4BAChC,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,EAAC,WAAW,EAAE,SAAS,EAAC;oCAChC,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE;wCACV,IAAI,EAAE,sBAAsB;wCAC5B,WAAW,EAAE,YAAY;qCAC1B;iCACF;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;CACF;AAtED,oCAsEC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
export declare class NetsparkerMapper extends BaseConverter {
|
|
4
|
+
mappings: MappedTransform<ExecJSON.Execution, ILookupPath>;
|
|
5
|
+
constructor(netsparkerXml: string);
|
|
6
|
+
setMappings(customMappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
7
|
+
}
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.NetsparkerMapper = void 0;
|
|
7
|
+
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
|
+
const inspecjs_1 = require("inspecjs");
|
|
9
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
10
|
+
const path_1 = __importDefault(require("path"));
|
|
11
|
+
const package_json_1 = require("../package.json");
|
|
12
|
+
const base_converter_1 = require("./base-converter");
|
|
13
|
+
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
14
|
+
const OwaspNistMapping_1 = require("./mappings/OwaspNistMapping");
|
|
15
|
+
const IMPACT_MAPPING = new Map([
|
|
16
|
+
['critical', 1.0],
|
|
17
|
+
['high', 0.7],
|
|
18
|
+
['medium', 0.5],
|
|
19
|
+
['low', 0.3],
|
|
20
|
+
['best_practice', 0.0],
|
|
21
|
+
['information', 0.0]
|
|
22
|
+
]);
|
|
23
|
+
const CWE_NIST_MAPPING_FILE = path_1.default.resolve(__dirname, '../data/cwe-nist-mapping.csv');
|
|
24
|
+
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping(CWE_NIST_MAPPING_FILE);
|
|
25
|
+
const OWASP_NIST_MAPPING_FILE = path_1.default.resolve(__dirname, '../data/owasp-nist-mapping.csv');
|
|
26
|
+
const OWASP_NIST_MAPPING = new OwaspNistMapping_1.OwaspNistMapping(OWASP_NIST_MAPPING_FILE);
|
|
27
|
+
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
28
|
+
function parseXml(xml) {
|
|
29
|
+
const options = {
|
|
30
|
+
attributeNamePrefix: '',
|
|
31
|
+
textNodeName: 'text',
|
|
32
|
+
ignoreAttributes: false
|
|
33
|
+
};
|
|
34
|
+
return fast_xml_parser_1.default.parse(xml, options);
|
|
35
|
+
}
|
|
36
|
+
function nistTag(classification) {
|
|
37
|
+
let cweTag = lodash_1.default.get(classification, 'cwe');
|
|
38
|
+
if (!Array.isArray(cweTag)) {
|
|
39
|
+
cweTag = [cweTag];
|
|
40
|
+
}
|
|
41
|
+
let owaspTag = lodash_1.default.get(classification, 'owasp');
|
|
42
|
+
if (!Array.isArray(owaspTag)) {
|
|
43
|
+
owaspTag = [owaspTag];
|
|
44
|
+
}
|
|
45
|
+
const cwe = CWE_NIST_MAPPING.nistFilter(cweTag);
|
|
46
|
+
const owasp = OWASP_NIST_MAPPING.nistFilterNoDefault(owaspTag);
|
|
47
|
+
const result = cwe.concat(owasp);
|
|
48
|
+
if (result.length !== 0) {
|
|
49
|
+
return result;
|
|
50
|
+
}
|
|
51
|
+
else {
|
|
52
|
+
return DEFAULT_NIST_TAG;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
function formatControlDesc(vulnerability) {
|
|
56
|
+
const text = [];
|
|
57
|
+
const description = lodash_1.default.get(vulnerability, 'description');
|
|
58
|
+
if (description) {
|
|
59
|
+
text.push(description);
|
|
60
|
+
}
|
|
61
|
+
const exploitationSkills = lodash_1.default.get(vulnerability, 'exploitation-skills');
|
|
62
|
+
if (exploitationSkills) {
|
|
63
|
+
text.push(`Exploitation-skills: ${exploitationSkills}`);
|
|
64
|
+
}
|
|
65
|
+
const extraInformation = lodash_1.default.get(vulnerability, 'extra-information');
|
|
66
|
+
if (extraInformation) {
|
|
67
|
+
text.push(`Extra-information: ${JSON.stringify(extraInformation).replace(/:/gi, '=>')}`);
|
|
68
|
+
}
|
|
69
|
+
const classification = lodash_1.default.get(vulnerability, 'classification');
|
|
70
|
+
if (classification) {
|
|
71
|
+
text.push(`Classification: ${JSON.stringify(classification).replace(/:/gi, '=>')}`);
|
|
72
|
+
}
|
|
73
|
+
const impact = lodash_1.default.get(vulnerability, 'impact');
|
|
74
|
+
if (impact) {
|
|
75
|
+
text.push(`Impact: ${impact}`);
|
|
76
|
+
}
|
|
77
|
+
const firstSeenDate = lodash_1.default.get(vulnerability, 'FirstSeenDate');
|
|
78
|
+
if (firstSeenDate) {
|
|
79
|
+
text.push(`FirstSeenDate: ${firstSeenDate}`);
|
|
80
|
+
}
|
|
81
|
+
const lastSeenDate = lodash_1.default.get(vulnerability, 'LastSeenDate');
|
|
82
|
+
if (lastSeenDate) {
|
|
83
|
+
text.push(`LastSeenDate: ${lastSeenDate}`);
|
|
84
|
+
}
|
|
85
|
+
const certainty = lodash_1.default.get(vulnerability, 'certainty');
|
|
86
|
+
if (certainty) {
|
|
87
|
+
text.push(`Certainty: ${certainty}`);
|
|
88
|
+
}
|
|
89
|
+
const type = lodash_1.default.get(vulnerability, 'type');
|
|
90
|
+
if (type) {
|
|
91
|
+
text.push(`Type: ${type}`);
|
|
92
|
+
}
|
|
93
|
+
const confirmed = lodash_1.default.get(vulnerability, 'confirmed');
|
|
94
|
+
if (confirmed) {
|
|
95
|
+
text.push(`Confirmed: ${confirmed}`);
|
|
96
|
+
}
|
|
97
|
+
return text.join('<br>');
|
|
98
|
+
}
|
|
99
|
+
function formatCheck(vulnerability) {
|
|
100
|
+
const text = [];
|
|
101
|
+
const exploitationSkills = lodash_1.default.get(vulnerability, 'exploitation-skills');
|
|
102
|
+
if (exploitationSkills) {
|
|
103
|
+
text.push(`Exploitation-skills: ${exploitationSkills}`);
|
|
104
|
+
}
|
|
105
|
+
const proofOfConcept = lodash_1.default.get(vulnerability, 'proof-of-concept');
|
|
106
|
+
if (proofOfConcept) {
|
|
107
|
+
text.push(`Proof-of-concept: ${proofOfConcept}`);
|
|
108
|
+
}
|
|
109
|
+
return (0, base_converter_1.parseHtml)(text.join('<br>'));
|
|
110
|
+
}
|
|
111
|
+
function formatFix(vulnerability) {
|
|
112
|
+
const text = [];
|
|
113
|
+
const remedialActions = lodash_1.default.get(vulnerability, 'remedial-actions');
|
|
114
|
+
if (remedialActions) {
|
|
115
|
+
text.push(`Remedial-actions: ${remedialActions}`);
|
|
116
|
+
}
|
|
117
|
+
const remedialProcedure = lodash_1.default.get(vulnerability, 'remedial-procedure');
|
|
118
|
+
if (remedialProcedure) {
|
|
119
|
+
text.push(`Remedial-procedure: ${remedialProcedure}`);
|
|
120
|
+
}
|
|
121
|
+
const remedyReferences = lodash_1.default.get(vulnerability, 'remedy-references');
|
|
122
|
+
if (remedyReferences) {
|
|
123
|
+
text.push(`Remedy-references: ${remedyReferences}`);
|
|
124
|
+
}
|
|
125
|
+
return text.join('<br>');
|
|
126
|
+
}
|
|
127
|
+
function formatCodeDesc(request) {
|
|
128
|
+
const text = [];
|
|
129
|
+
text.push(`http-request : ${lodash_1.default.get(request, 'content')}`);
|
|
130
|
+
text.push(`method : ${lodash_1.default.get(request, 'method')}`);
|
|
131
|
+
return text.join('\n');
|
|
132
|
+
}
|
|
133
|
+
function formatMessage(response) {
|
|
134
|
+
const text = [];
|
|
135
|
+
text.push(`http-response : ${lodash_1.default.get(response, 'content')}`);
|
|
136
|
+
text.push(`duration : ${lodash_1.default.get(response, 'duration')}`);
|
|
137
|
+
text.push(`status-code : ${lodash_1.default.get(response, 'status-code')}`);
|
|
138
|
+
return text.join('\n');
|
|
139
|
+
}
|
|
140
|
+
class NetsparkerMapper extends base_converter_1.BaseConverter {
|
|
141
|
+
constructor(netsparkerXml) {
|
|
142
|
+
super(parseXml(netsparkerXml));
|
|
143
|
+
this.mappings = {
|
|
144
|
+
platform: {
|
|
145
|
+
name: 'Heimdall Tools',
|
|
146
|
+
release: package_json_1.version,
|
|
147
|
+
target_id: { path: 'netsparker-enterprise.target.url' }
|
|
148
|
+
},
|
|
149
|
+
version: package_json_1.version,
|
|
150
|
+
statistics: {
|
|
151
|
+
duration: null
|
|
152
|
+
},
|
|
153
|
+
profiles: [
|
|
154
|
+
{
|
|
155
|
+
name: 'Netsparker Enterprise Scan',
|
|
156
|
+
version: '',
|
|
157
|
+
title: {
|
|
158
|
+
path: 'netsparker-enterprise.target',
|
|
159
|
+
transformer: (input) => {
|
|
160
|
+
return `Netsparker Enterprise Scan ID: ${lodash_1.default.get(input, 'scan-id')} URL: ${lodash_1.default.get(input, 'url')}`;
|
|
161
|
+
}
|
|
162
|
+
},
|
|
163
|
+
maintainer: null,
|
|
164
|
+
summary: 'Netsparker Enterprise Scan',
|
|
165
|
+
license: null,
|
|
166
|
+
copyright: null,
|
|
167
|
+
copyright_email: null,
|
|
168
|
+
supports: [],
|
|
169
|
+
attributes: [],
|
|
170
|
+
depends: [],
|
|
171
|
+
groups: [],
|
|
172
|
+
status: 'loaded',
|
|
173
|
+
controls: [
|
|
174
|
+
{
|
|
175
|
+
path: 'netsparker-enterprise.vulnerabilities.vulnerability',
|
|
176
|
+
key: 'id',
|
|
177
|
+
id: { path: 'LookupId' },
|
|
178
|
+
title: { path: 'name' },
|
|
179
|
+
desc: { transformer: formatControlDesc },
|
|
180
|
+
impact: {
|
|
181
|
+
path: 'severity',
|
|
182
|
+
transformer: (0, base_converter_1.impactMapping)(IMPACT_MAPPING)
|
|
183
|
+
},
|
|
184
|
+
tags: {
|
|
185
|
+
nist: { path: 'classification', transformer: nistTag }
|
|
186
|
+
},
|
|
187
|
+
descriptions: [
|
|
188
|
+
{
|
|
189
|
+
data: { transformer: formatCheck },
|
|
190
|
+
label: 'check'
|
|
191
|
+
},
|
|
192
|
+
{
|
|
193
|
+
data: { transformer: formatFix },
|
|
194
|
+
label: 'fix'
|
|
195
|
+
}
|
|
196
|
+
],
|
|
197
|
+
refs: [],
|
|
198
|
+
source_location: {},
|
|
199
|
+
code: '',
|
|
200
|
+
results: [
|
|
201
|
+
{
|
|
202
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
203
|
+
code_desc: { path: 'http-request', transformer: formatCodeDesc },
|
|
204
|
+
message: { path: 'http-response', transformer: formatMessage },
|
|
205
|
+
run_time: 0,
|
|
206
|
+
start_time: { path: '$.netsparker-enterprise.target.initiated' }
|
|
207
|
+
}
|
|
208
|
+
]
|
|
209
|
+
}
|
|
210
|
+
],
|
|
211
|
+
sha256: ''
|
|
212
|
+
}
|
|
213
|
+
]
|
|
214
|
+
};
|
|
215
|
+
}
|
|
216
|
+
setMappings(customMappings) {
|
|
217
|
+
super.setMappings(customMappings);
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
exports.NetsparkerMapper = NetsparkerMapper;
|
|
221
|
+
//# sourceMappingURL=netsparker-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"netsparker-mapper.js","sourceRoot":"","sources":["../../src/netsparker-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,sEAAqC;AACrC,uCAAkC;AAClC,oDAAuB;AACvB,gDAAwB;AACxB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;AACzD,kEAA6D;AAE7D,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,eAAe,EAAE,GAAG,CAAC;IACtB,CAAC,aAAa,EAAE,GAAG,CAAC;CACrB,CAAC,CAAC;AACH,MAAM,qBAAqB,GAAG,cAAI,CAAC,OAAO,CACxC,SAAS,EACT,8BAA8B,CAC/B,CAAC;AACF,MAAM,gBAAgB,GAAG,IAAI,+BAAc,CAAC,qBAAqB,CAAC,CAAC;AACnE,MAAM,uBAAuB,GAAG,cAAI,CAAC,OAAO,CAC1C,SAAS,EACT,gCAAgC,CACjC,CAAC;AACF,MAAM,kBAAkB,GAAG,IAAI,mCAAgB,CAAC,uBAAuB,CAAC,CAAC;AACzE,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAE3C,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AACD,SAAS,OAAO,CAAC,cAAuC;IACtD,IAAI,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QAC1B,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;KACnB;IACD,IAAI,QAAQ,GAAG,gBAAC,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;QAC5B,QAAQ,GAAG,CAAC,QAAQ,CAAC,CAAC;KACvB;IACD,MAAM,GAAG,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAkB,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,QAAoB,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;QACvB,OAAO,MAAM,CAAC;KACf;SAAM;QACL,OAAO,gBAAgB,CAAC;KACzB;AACH,CAAC;AACD,SAAS,iBAAiB,CAAC,aAAsB;IAC/C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,WAAW,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;IACxD,IAAI,WAAW,EAAE;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;KACxB;IACD,MAAM,kBAAkB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IACvE,IAAI,kBAAkB,EAAE;QACtB,IAAI,CAAC,IAAI,CAAC,wBAAwB,kBAAkB,EAAE,CAAC,CAAC;KACzD;IACD,MAAM,gBAAgB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IACnE,IAAI,gBAAgB,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,sBAAsB,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAC5D,KAAK,EACL,IAAI,CACL,EAAE,CACJ,CAAC;KACH;IACD,MAAM,cAAc,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IAC9D,IAAI,cAAc,EAAE;QAClB,IAAI,CAAC,IAAI,CACP,mBAAmB,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CACzE,CAAC;KACH;IACD,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAC9C,IAAI,MAAM,EAAE;QACV,IAAI,CAAC,IAAI,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;KAChC;IACD,MAAM,aAAa,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,aAAa,EAAE;QACjB,IAAI,CAAC,IAAI,CAAC,kBAAkB,aAAa,EAAE,CAAC,CAAC;KAC9C;IACD,MAAM,YAAY,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE;QAChB,IAAI,CAAC,IAAI,CAAC,iBAAiB,YAAY,EAAE,CAAC,CAAC;KAC5C;IACD,MAAM,SAAS,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE;QACb,IAAI,CAAC,IAAI,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;KACtC;IACD,MAAM,IAAI,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC1C,IAAI,IAAI,EAAE;QACR,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;KAC5B;IACD,MAAM,SAAS,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE;QACb,IAAI,CAAC,IAAI,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;KACtC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AACD,SAAS,WAAW,CAAC,aAAsB;IACzC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,kBAAkB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IACvE,IAAI,kBAAkB,EAAE;QACtB,IAAI,CAAC,IAAI,CAAC,wBAAwB,kBAAkB,EAAE,CAAC,CAAC;KACzD;IACD,MAAM,cAAc,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;IAChE,IAAI,cAAc,EAAE;QAClB,IAAI,CAAC,IAAI,CAAC,qBAAqB,cAAc,EAAE,CAAC,CAAC;KAClD;IACD,OAAO,IAAA,0BAAS,EAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AACtC,CAAC;AACD,SAAS,SAAS,CAAC,aAAsB;IACvC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,eAAe,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;IACjE,IAAI,eAAe,EAAE;QACnB,IAAI,CAAC,IAAI,CAAC,qBAAqB,eAAe,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,iBAAiB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,oBAAoB,CAAC,CAAC;IACrE,IAAI,iBAAiB,EAAE;QACrB,IAAI,CAAC,IAAI,CAAC,uBAAuB,iBAAiB,EAAE,CAAC,CAAC;KACvD;IACD,MAAM,gBAAgB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IACnE,IAAI,gBAAgB,EAAE;QACpB,IAAI,CAAC,IAAI,CAAC,sBAAsB,gBAAgB,EAAE,CAAC,CAAC;KACrD;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AACD,SAAS,cAAc,CAAC,OAAgB;IACtC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC,IAAI,CAAC,YAAY,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AACD,SAAS,aAAa,CAAC,QAAiB;IACtC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,CAAC,IAAI,CAAC,mBAAmB,gBAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3D,IAAI,CAAC,IAAI,CAAC,cAAc,gBAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;IAC9D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AACD,MAAa,gBAAiB,SAAQ,8BAAa;IA4EjD,YAAY,aAAqB;QAC/B,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;QA5EjC,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAC,IAAI,EAAE,kCAAkC,EAAC;aACtD;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,4BAA4B;oBAClC,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE;wBACL,IAAI,EAAE,8BAA8B;wBACpC,WAAW,EAAE,CAAC,KAAc,EAAU,EAAE;4BACtC,OAAO,kCAAkC,gBAAC,CAAC,GAAG,CAC5C,KAAK,EACL,SAAS,CACV,SAAS,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC;wBAClC,CAAC;qBACF;oBACD,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,4BAA4B;oBACrC,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,qDAAqD;4BAC3D,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;4BACtB,KAAK,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;4BACrB,IAAI,EAAE,EAAC,WAAW,EAAE,iBAAiB,EAAC;4BACtC,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,EAAC,IAAI,EAAE,gBAAgB,EAAE,WAAW,EAAE,OAAO,EAAC;6BACrD;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,WAAW,EAAC;oCAChC,KAAK,EAAE,OAAO;iCACf;gCACD;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,SAAS,EAAC;oCAC9B,KAAK,EAAE,KAAK;iCACb;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAC;oCAC9D,OAAO,EAAE,EAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,EAAC;oCAC5D,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAC,IAAI,EAAE,0CAA0C,EAAC;iCAC/D;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AApFD,4CAoFC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { BaseConverter, ILookupPath, MappedTransform } from './base-converter';
|
|
3
|
+
export declare class NiktoMapper extends BaseConverter {
|
|
4
|
+
mappings: MappedTransform<ExecJSON.Execution, ILookupPath>;
|
|
5
|
+
constructor(niktoJson: string);
|
|
6
|
+
setMappings(customMappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
7
|
+
}
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.NiktoMapper = void 0;
|
|
7
|
+
const inspecjs_1 = require("inspecjs");
|
|
8
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
9
|
+
const path_1 = __importDefault(require("path"));
|
|
10
|
+
const package_json_1 = require("../package.json");
|
|
11
|
+
const base_converter_1 = require("./base-converter");
|
|
12
|
+
const NiktoNistMapping_1 = require("./mappings/NiktoNistMapping");
|
|
13
|
+
const NIKTO_NIST_MAPPING_FILE = path_1.default.resolve(__dirname, '../data/nikto-nist-mapping.csv');
|
|
14
|
+
const NIKTO_NIST_MAPPING = new NiktoNistMapping_1.NiktoNistMapping(NIKTO_NIST_MAPPING_FILE);
|
|
15
|
+
function formatTitle(file) {
|
|
16
|
+
return `Nikto Target: ${projectName(file)}`;
|
|
17
|
+
}
|
|
18
|
+
function projectName(file) {
|
|
19
|
+
return `Host: ${lodash_1.default.get(file, 'host')} Port: ${lodash_1.default.get(file, 'port')}`;
|
|
20
|
+
}
|
|
21
|
+
function formatCodeDesc(vulnerability) {
|
|
22
|
+
return `URL : ${lodash_1.default.get(vulnerability, 'url')} Method: ${lodash_1.default.get(vulnerability, 'method')}`;
|
|
23
|
+
}
|
|
24
|
+
function nistTag(id) {
|
|
25
|
+
return NIKTO_NIST_MAPPING.nistTag(id);
|
|
26
|
+
}
|
|
27
|
+
class NiktoMapper extends base_converter_1.BaseConverter {
|
|
28
|
+
constructor(niktoJson) {
|
|
29
|
+
super(JSON.parse(niktoJson));
|
|
30
|
+
this.mappings = {
|
|
31
|
+
platform: {
|
|
32
|
+
name: 'Heimdall Tools',
|
|
33
|
+
release: package_json_1.version,
|
|
34
|
+
target_id: { transformer: projectName }
|
|
35
|
+
},
|
|
36
|
+
version: package_json_1.version,
|
|
37
|
+
statistics: {
|
|
38
|
+
duration: null
|
|
39
|
+
},
|
|
40
|
+
profiles: [
|
|
41
|
+
{
|
|
42
|
+
name: 'Nikto Website Scanner',
|
|
43
|
+
version: '',
|
|
44
|
+
title: { transformer: formatTitle },
|
|
45
|
+
maintainer: null,
|
|
46
|
+
summary: {
|
|
47
|
+
path: 'banner',
|
|
48
|
+
transformer: (input) => {
|
|
49
|
+
return `Banner: ${input}`;
|
|
50
|
+
}
|
|
51
|
+
},
|
|
52
|
+
license: null,
|
|
53
|
+
copyright: null,
|
|
54
|
+
copyright_email: null,
|
|
55
|
+
supports: [],
|
|
56
|
+
attributes: [],
|
|
57
|
+
depends: [],
|
|
58
|
+
groups: [],
|
|
59
|
+
status: 'loaded',
|
|
60
|
+
controls: [
|
|
61
|
+
{
|
|
62
|
+
path: 'vulnerabilities',
|
|
63
|
+
key: 'id',
|
|
64
|
+
tags: {
|
|
65
|
+
nist: { path: 'id', transformer: nistTag },
|
|
66
|
+
ösvdb: { path: 'OSVDB' }
|
|
67
|
+
},
|
|
68
|
+
descriptions: [],
|
|
69
|
+
refs: [],
|
|
70
|
+
source_location: {},
|
|
71
|
+
title: { path: 'msg' },
|
|
72
|
+
id: { path: 'id' },
|
|
73
|
+
desc: { path: 'msg' },
|
|
74
|
+
impact: 0.5,
|
|
75
|
+
code: '',
|
|
76
|
+
results: [
|
|
77
|
+
{
|
|
78
|
+
status: inspecjs_1.ExecJSON.ControlResultStatus.Failed,
|
|
79
|
+
code_desc: { transformer: formatCodeDesc },
|
|
80
|
+
run_time: 0,
|
|
81
|
+
start_time: ''
|
|
82
|
+
}
|
|
83
|
+
]
|
|
84
|
+
}
|
|
85
|
+
],
|
|
86
|
+
sha256: ''
|
|
87
|
+
}
|
|
88
|
+
]
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
setMappings(customMappings) {
|
|
92
|
+
super.setMappings(customMappings);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
exports.NiktoMapper = NiktoMapper;
|
|
96
|
+
//# sourceMappingURL=nikto-mapper.js.map
|