@mitre/hdf-converters 2.6.1 → 2.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/lib/index.d.ts +3 -0
- package/lib/index.js +3 -0
- package/lib/index.js.map +1 -1
- package/lib/package.json +8 -5
- package/lib/src/asff-mapper.js +1 -0
- package/lib/src/asff-mapper.js.map +1 -1
- package/lib/src/aws-config-mapper.d.ts +28 -0
- package/lib/src/aws-config-mapper.js +369 -0
- package/lib/src/aws-config-mapper.js.map +1 -0
- package/lib/src/base-converter.d.ts +6 -5
- package/lib/src/base-converter.js +100 -63
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/burpsuite-mapper.js +1 -10
- package/lib/src/burpsuite-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/asff-types.d.ts +88 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js +3 -0
- package/lib/src/converters-from-hdf/asff/asff-types.js.map +1 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.d.ts +31 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js +132 -0
- package/lib/src/converters-from-hdf/asff/reverse-asff-mapper.js.map +1 -0
- package/lib/src/converters-from-hdf/asff/transformers.d.ts +44 -0
- package/lib/src/converters-from-hdf/asff/transformers.js +397 -0
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts +24 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js +118 -0
- package/lib/src/converters-from-hdf/reverse-base-converter.js.map +1 -0
- package/lib/src/dbprotect-mapper.js +1 -10
- package/lib/src/dbprotect-mapper.js.map +1 -1
- package/lib/src/fortify-mapper.js +1 -10
- package/lib/src/fortify-mapper.js.map +1 -1
- package/lib/src/nessus-mapper.js +1 -10
- package/lib/src/nessus-mapper.js.map +1 -1
- package/lib/src/netsparker-mapper.js +1 -10
- package/lib/src/netsparker-mapper.js.map +1 -1
- package/lib/src/sonarqube-mapper.d.ts +54 -0
- package/lib/src/sonarqube-mapper.js +196 -0
- package/lib/src/sonarqube-mapper.js.map +1 -0
- package/lib/src/xccdf-results-mapper.js +292 -89
- package/lib/src/xccdf-results-mapper.js.map +1 -1
- package/package.json +8 -5
|
@@ -22,8 +22,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
22
22
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
23
23
|
};
|
|
24
24
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
25
|
-
exports.BaseConverter = exports.impactMapping = exports.parseHtml = exports.generateHash = void 0;
|
|
25
|
+
exports.BaseConverter = exports.impactMapping = exports.parseXml = exports.parseHtml = exports.generateHash = void 0;
|
|
26
26
|
const crypto_1 = require("crypto");
|
|
27
|
+
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
27
28
|
const htmlparser = __importStar(require("htmlparser2"));
|
|
28
29
|
const lodash_1 = __importDefault(require("lodash"));
|
|
29
30
|
function generateHash(data, algorithm = 'sha256') {
|
|
@@ -45,6 +46,15 @@ function parseHtml(input) {
|
|
|
45
46
|
return textData.join('');
|
|
46
47
|
}
|
|
47
48
|
exports.parseHtml = parseHtml;
|
|
49
|
+
function parseXml(xml) {
|
|
50
|
+
const options = {
|
|
51
|
+
attributeNamePrefix: '',
|
|
52
|
+
textNodeName: 'text',
|
|
53
|
+
ignoreAttributes: false
|
|
54
|
+
};
|
|
55
|
+
return fast_xml_parser_1.default.parse(xml, options);
|
|
56
|
+
}
|
|
57
|
+
exports.parseXml = parseXml;
|
|
48
58
|
function impactMapping(mapping) {
|
|
49
59
|
return (severity) => {
|
|
50
60
|
if (typeof severity === 'string' || typeof severity === 'number') {
|
|
@@ -145,89 +155,116 @@ class BaseConverter {
|
|
|
145
155
|
if (v.length === 0) {
|
|
146
156
|
return [];
|
|
147
157
|
}
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
output
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
158
|
+
const resultingData = [];
|
|
159
|
+
for (const lookupPath of v) {
|
|
160
|
+
if (lookupPath.path === undefined) {
|
|
161
|
+
const arrayTransformer = (_a = lookupPath.arrayTransformer) === null || _a === void 0 ? void 0 : _a.bind(this);
|
|
162
|
+
v = v.map((element) => {
|
|
163
|
+
return lodash_1.default.omit(element, ['arrayTransformer']);
|
|
164
|
+
});
|
|
165
|
+
let output = [];
|
|
166
|
+
v.forEach((element) => {
|
|
167
|
+
output.push(this.evaluate(file, element));
|
|
168
|
+
});
|
|
169
|
+
if (arrayTransformer !== undefined) {
|
|
170
|
+
if (Array.isArray(arrayTransformer)) {
|
|
171
|
+
output = arrayTransformer[0].apply(arrayTransformer[1], [
|
|
172
|
+
v,
|
|
173
|
+
this.data
|
|
174
|
+
]);
|
|
175
|
+
}
|
|
176
|
+
else {
|
|
177
|
+
output = arrayTransformer.apply(null, [output, this.data]);
|
|
178
|
+
}
|
|
166
179
|
}
|
|
180
|
+
resultingData.push(...output);
|
|
167
181
|
}
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
'arrayTransformer',
|
|
183
|
-
'key'
|
|
184
|
-
]);
|
|
185
|
-
});
|
|
186
|
-
if (arrayTransformer !== undefined) {
|
|
187
|
-
if (Array.isArray(arrayTransformer)) {
|
|
188
|
-
v = arrayTransformer[0].apply(arrayTransformer[1], [
|
|
189
|
-
v,
|
|
190
|
-
this.data
|
|
182
|
+
else {
|
|
183
|
+
const path = lookupPath.path;
|
|
184
|
+
const key = lookupPath.key;
|
|
185
|
+
const arrayTransformer = (_b = lookupPath.arrayTransformer) === null || _b === void 0 ? void 0 : _b.bind(this);
|
|
186
|
+
const transformer = (_c = lookupPath.transformer) === null || _c === void 0 ? void 0 : _c.bind(this);
|
|
187
|
+
if (this.hasPath(file, path)) {
|
|
188
|
+
const pathVal = this.handlePath(file, path);
|
|
189
|
+
if (Array.isArray(pathVal)) {
|
|
190
|
+
v = pathVal.map((element) => {
|
|
191
|
+
return lodash_1.default.omit(this.convertInternal(element, lookupPath), [
|
|
192
|
+
'path',
|
|
193
|
+
'transformer',
|
|
194
|
+
'arrayTransformer',
|
|
195
|
+
'key'
|
|
191
196
|
]);
|
|
197
|
+
});
|
|
198
|
+
if (arrayTransformer !== undefined) {
|
|
199
|
+
if (Array.isArray(arrayTransformer)) {
|
|
200
|
+
v = arrayTransformer[0].apply(arrayTransformer[1], [
|
|
201
|
+
v,
|
|
202
|
+
this.data
|
|
203
|
+
]);
|
|
204
|
+
}
|
|
205
|
+
else {
|
|
206
|
+
v = arrayTransformer.apply(null, [v, this.data]);
|
|
207
|
+
}
|
|
192
208
|
}
|
|
193
|
-
|
|
194
|
-
v =
|
|
209
|
+
if (key !== undefined) {
|
|
210
|
+
v = collapseDuplicates(v, key, this.collapseResults);
|
|
195
211
|
}
|
|
196
|
-
|
|
197
|
-
if (key !== undefined) {
|
|
198
|
-
v = collapseDuplicates(v, key, this.collapseResults);
|
|
199
|
-
}
|
|
200
|
-
return v;
|
|
201
|
-
}
|
|
202
|
-
else {
|
|
203
|
-
if (transformer !== undefined) {
|
|
204
|
-
return [transformer(this.handlePath(file, path))];
|
|
212
|
+
resultingData.push(...v);
|
|
205
213
|
}
|
|
206
214
|
else {
|
|
207
|
-
|
|
215
|
+
if (transformer !== undefined) {
|
|
216
|
+
resultingData.push(transformer(this.handlePath(file, path)));
|
|
217
|
+
}
|
|
218
|
+
else {
|
|
219
|
+
resultingData.push(this.handlePath(file, path));
|
|
220
|
+
}
|
|
208
221
|
}
|
|
209
222
|
}
|
|
210
223
|
}
|
|
211
|
-
else {
|
|
212
|
-
return [];
|
|
213
|
-
}
|
|
214
224
|
}
|
|
225
|
+
const uniqueResults = [];
|
|
226
|
+
resultingData.forEach((result) => {
|
|
227
|
+
if (!uniqueResults.some((uniqueResult) => lodash_1.default.isEqual(result, uniqueResult))) {
|
|
228
|
+
uniqueResults.push(result);
|
|
229
|
+
}
|
|
230
|
+
});
|
|
231
|
+
return uniqueResults;
|
|
215
232
|
}
|
|
216
233
|
handlePath(file, path) {
|
|
217
|
-
|
|
218
|
-
|
|
234
|
+
let pathArray;
|
|
235
|
+
if (typeof path === 'string') {
|
|
236
|
+
pathArray = [path];
|
|
237
|
+
}
|
|
238
|
+
else {
|
|
239
|
+
pathArray = path;
|
|
240
|
+
}
|
|
241
|
+
const index = lodash_1.default.findIndex(pathArray, (p) => this.hasPath(file, p));
|
|
242
|
+
if (index === -1) {
|
|
243
|
+
return '';
|
|
244
|
+
}
|
|
245
|
+
else if (pathArray[index].startsWith('$.')) {
|
|
246
|
+
return lodash_1.default.get(this.data, pathArray[index].slice(2)) || '';
|
|
219
247
|
}
|
|
220
248
|
else {
|
|
221
|
-
return lodash_1.default.get(file,
|
|
249
|
+
return lodash_1.default.get(file, pathArray[index]) || '';
|
|
222
250
|
}
|
|
223
251
|
}
|
|
224
252
|
hasPath(file, path) {
|
|
225
|
-
|
|
226
|
-
|
|
253
|
+
let pathArray;
|
|
254
|
+
if (typeof path === 'string') {
|
|
255
|
+
pathArray = [path];
|
|
227
256
|
}
|
|
228
257
|
else {
|
|
229
|
-
|
|
258
|
+
pathArray = path;
|
|
230
259
|
}
|
|
260
|
+
return lodash_1.default.some(pathArray, (p) => {
|
|
261
|
+
if (p.startsWith('$.')) {
|
|
262
|
+
return lodash_1.default.has(this.data, p.slice(2));
|
|
263
|
+
}
|
|
264
|
+
else {
|
|
265
|
+
return lodash_1.default.has(file, p);
|
|
266
|
+
}
|
|
267
|
+
});
|
|
231
268
|
}
|
|
232
269
|
}
|
|
233
270
|
exports.BaseConverter = BaseConverter;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-converter.js","sourceRoot":"","sources":["../../src/base-converter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAkC;AAClC,wDAA0C;AAE1C,oDAAuB;AA8BvB,SAAgB,YAAY,CAAC,IAAY,EAAE,SAAS,GAAG,QAAQ;IAC7D,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAHD,oCAGC;AAED,SAAgB,SAAS,CAAC,KAAc;IACtC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;QACrC,MAAM,CAAC,IAAY;YACjB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,EAAE,CAAC;KAChB;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3B,CAAC;AAZD,8BAYC;
|
|
1
|
+
{"version":3,"file":"base-converter.js","sourceRoot":"","sources":["../../src/base-converter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAkC;AAClC,sEAAqC;AACrC,wDAA0C;AAE1C,oDAAuB;AA8BvB,SAAgB,YAAY,CAAC,IAAY,EAAE,SAAS,GAAG,QAAQ;IAC7D,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAHD,oCAGC;AAED,SAAgB,SAAS,CAAC,KAAc;IACtC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;QACrC,MAAM,CAAC,IAAY;YACjB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;QAC7B,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,EAAE,CAAC;KAChB;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC3B,CAAC;AAZD,8BAYC;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,MAAM,OAAO,GAAG;QACd,mBAAmB,EAAE,EAAE;QACvB,YAAY,EAAE,MAAM;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IACF,OAAO,yBAAM,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC;AAPD,4BAOC;AAED,SAAgB,aAAa,CAC3B,OAA4B;IAE5B,OAAO,CAAC,QAAiB,EAAU,EAAE;QACnC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC;SAC5D;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;AACJ,CAAC;AAVD,sCAUC;AAGD,SAAS,kBAAkB,CACzB,KAAe,EACf,GAAW,EACX,eAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,MAAM,QAAQ,GAAQ,EAAE,CAAC;IACzB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAO,EAAE,EAAE;QACxB,MAAM,aAAa,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE;gBAC5B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBACjC,OAAO,EAAE,CAAC;aACX;iBAAM;gBACL,MAAM,SAAS,GAAG,gBAAC,CAAC,GAAG,CACrB,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,CACkB,CAAC;gBAC9B,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAC7C,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAC5B,CAAC;gBACF,IAAI,eAAe,EAAE;oBACnB,IACE,YAAY,CAAC,OAAO,CAClB,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAW,CAC9C,KAAK,CAAC,CAAC,EACR;wBACA,gBAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CACd,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CACnD,CACF,CAAC;qBACH;iBACF;qBAAM;oBACL,gBAAC,CAAC,GAAG,CACH,QAAQ,CAAC,KAAK,CAAC,EACf,SAAS,EACT,SAAS,CAAC,MAAM,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAA6B,CAAC,CACrE,CAAC;iBACH;aACF;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AAClB,CAAC;AACD,MAAa,aAAa;IAKxB,YAAY,IAA6B,EAAE,eAAe,GAAG,KAAK;QAChE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IACD,WAAW,CACT,QAA0D;QAE1D,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IACD,KAAK;QACH,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;SAC9C;aAAM;YACL,MAAM,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7B,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YACzD,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC;SACV;IACH,CAAC;IAED,SAAS,CAAO,GAAM,EAAE,EAA8B;QACpD,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAC1B,CAAC;IAC1B,CAAC;IACD,eAAe,CACb,IAA6B,EAC7B,MAAS;QAET,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAmB,EAAE,EAAE,CAC5D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CACvB,CAAC;QACF,OAAO,MAAsC,CAAC;IAChD,CAAC;IAED,QAAQ,CACN,IAA6B,EAC7B,CAAe;QAEf,MAAM,WAAW,GAAG,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YACpB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;SAClC;aAAM,IACL,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,QAAQ;YACrB,OAAO,CAAC,KAAK,SAAS;YACtB,CAAC,KAAK,IAAI,EACV;YACA,OAAO,CAAC,CAAC;SACV;aAAM,IAAI,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE;YAC3B,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE;gBACrC,OAAO,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAW,CAAC,CAAC,CAAC;aACvE;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,gBAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAW,CAAC,CAAC;YAClE,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;gBAC1B,OAAO,OAAc,CAAC;aACvB;YACD,OAAO,OAAY,CAAC;SACrB;QACD,IAAI,OAAO,WAAW,KAAK,UAAU,EAAE;YACrC,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;SACrC;aAAM;YACL,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;SACtC;IACH,CAAC;IAED,WAAW,CACT,IAA6B,EAC7B,CAAyB;;QAEzB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,OAAO,EAAE,CAAC;SACX;QACD,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,KAAK,MAAM,UAAU,IAAI,CAAC,EAAE;YAC1B,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE;gBACjC,MAAM,gBAAgB,GAAG,MAAA,UAAU,CAAC,gBAAgB,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;oBACpB,OAAO,gBAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CAAoB,CAAC;gBAClE,CAAC,CAAC,CAAC;gBACH,IAAI,MAAM,GAAa,EAAE,CAAC;gBAC1B,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;oBACpB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAM,CAAC,CAAC;gBACjD,CAAC,CAAC,CAAC;gBACH,IAAI,gBAAgB,KAAK,SAAS,EAAE;oBAClC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;wBACnC,MAAM,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;4BACtD,CAAC;4BACD,IAAI,CAAC,IAAI;yBACV,CAAC,CAAC;qBACJ;yBAAM;wBACL,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAQ,CAAC;qBACnE;iBACF;gBACD,aAAa,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;aAC/B;iBAAM;gBACL,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;gBAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC;gBAC3B,MAAM,gBAAgB,GAAG,MAAA,UAAU,CAAC,gBAAgB,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjE,MAAM,WAAW,GAAG,MAAA,UAAU,CAAC,WAAW,0CAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE;oBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;wBAC1B,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,OAAgC,EAAE,EAAE;4BACnD,OAAO,gBAAC,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE;gCACvD,MAAM;gCACN,aAAa;gCACb,kBAAkB;gCAClB,KAAK;6BACN,CAAM,CAAC;wBACV,CAAC,CAAC,CAAC;wBACH,IAAI,gBAAgB,KAAK,SAAS,EAAE;4BAClC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE;gCACnC,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE;oCACjD,CAAC;oCACD,IAAI,CAAC,IAAI;iCACV,CAAC,CAAC;6BACJ;iCAAM;gCACL,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAQ,CAAC;6BACzD;yBACF;wBACD,IAAI,GAAG,KAAK,SAAS,EAAE;4BACrB,CAAC,GAAG,kBAAkB,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;yBACtD;wBACD,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;qBAC1B;yBAAM;wBACL,IAAI,WAAW,KAAK,SAAS,EAAE;4BAC7B,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAM,CAAC,CAAC;yBACnE;6BAAM;4BACL,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAM,CAAC,CAAC;yBACtD;qBACF;iBACF;aACF;SACF;QAED,MAAM,aAAa,GAAQ,EAAE,CAAC;QAC9B,aAAa,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YAC/B,IACE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,gBAAC,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,EACtE;gBACA,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;aAC5B;QACH,CAAC,CAAC,CAAC;QACH,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,UAAU,CAAC,IAA6B,EAAE,IAAuB;QAC/D,IAAI,SAAS,CAAC;QACd,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YAC5B,SAAS,GAAG,CAAC,IAAI,CAAC,CAAC;SACpB;aAAM;YACL,SAAS,GAAG,IAAI,CAAC;SAClB;QAED,MAAM,KAAK,GAAG,gBAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAEnE,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE;YAEhB,OAAO,EAAE,CAAC;SACX;aAAM,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YAC5C,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SAC1D;aAAM;YACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;SAC5C;IACH,CAAC;IACD,OAAO,CAAC,IAA6B,EAAE,IAAuB;QAC5D,IAAI,SAAS,CAAC;QACd,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YAC5B,SAAS,GAAG,CAAC,IAAI,CAAC,CAAC;SACpB;aAAM;YACL,SAAS,GAAG,IAAI,CAAC;SAClB;QAED,OAAO,gBAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;YAC7B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;gBACtB,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aACrC;iBAAM;gBACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;aACvB;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA3LD,sCA2LC"}
|
|
@@ -4,7 +4,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.BurpSuiteMapper = void 0;
|
|
7
|
-
const fast_xml_parser_1 = __importDefault(require("fast-xml-parser"));
|
|
8
7
|
const inspecjs_1 = require("inspecjs");
|
|
9
8
|
const lodash_1 = __importDefault(require("lodash"));
|
|
10
9
|
const package_json_1 = require("../package.json");
|
|
@@ -61,17 +60,9 @@ function nistTag(input) {
|
|
|
61
60
|
cwe = cwe.map((x) => x.split(':')[0]);
|
|
62
61
|
return CWE_NIST_MAPPING.nistFilter(cwe, DEFAULT_NIST_TAG).concat(['Rev_4']);
|
|
63
62
|
}
|
|
64
|
-
function parseXml(xml) {
|
|
65
|
-
const options = {
|
|
66
|
-
attributeNamePrefix: '',
|
|
67
|
-
textNodeName: 'text',
|
|
68
|
-
ignoreAttributes: false
|
|
69
|
-
};
|
|
70
|
-
return fast_xml_parser_1.default.parse(xml, options);
|
|
71
|
-
}
|
|
72
63
|
class BurpSuiteMapper extends base_converter_1.BaseConverter {
|
|
73
64
|
constructor(burpsXml) {
|
|
74
|
-
super(parseXml(burpsXml));
|
|
65
|
+
super((0, base_converter_1.parseXml)(burpsXml));
|
|
75
66
|
this.mappings = {
|
|
76
67
|
platform: {
|
|
77
68
|
name: 'Heimdall Tools',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"burpsuite-mapper.js","sourceRoot":"","sources":["../../src/burpsuite-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"burpsuite-mapper.js","sourceRoot":"","sources":["../../src/burpsuite-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAO0B;AAC1B,8DAAyD;AAGzD,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,aAAa,EAAE,GAAG,CAAC;CACrB,CAAC,CAAC;AACH,MAAM,IAAI,GAAG,oBAAoB,CAAC;AAClC,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAG3C,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE;QACxD,IAAI,CAAC,IAAI,CACP,aAAa,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,UAAU,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,CAC1E,CAAC;KACH;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KAChC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE;QAC5B,IAAI,CAAC,IAAI,CAAC,aAAa,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;KAC/D;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;KACzB;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;QAC/B,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;KACrE;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,EAAE;QAC9B,IAAI,CAAC,IAAI,CAAC,eAAe,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;KACnE;SAAM;QACL,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;KAC3B;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAChC,CAAC;AACD,SAAS,UAAU,CAAC,EAAW;IAC7B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE;QACpD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;KACtB;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,IAAA,0BAAS,EAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAClD,CAAC;AACD,SAAS,OAAO,CAAC,KAAa;IAC5B,IAAI,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3C,GAAG,CAAC,KAAK,EAAE,CAAC;IACZ,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,OAAO,gBAAgB,CAAC,UAAU,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,MAAa,eAAgB,SAAQ,8BAAa;IA2EhD,YAAY,QAAgB;QAC1B,KAAK,CAAC,IAAA,yBAAQ,EAAC,QAAQ,CAAC,CAAC,CAAC;QA3E5B,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,IAAI;oBACV,OAAO,EAAE,EAAC,IAAI,EAAE,oBAAoB,EAAC;oBACrC,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,cAAc;4BACpB,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAC;4BAC3C,KAAK,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;4BACrB,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAE,WAAW,EAAE,0BAAS,EAAC;4BACvD,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,8BAA8B;oCACpC,WAAW,EAAE,OAAO;iCACrB;gCACD,KAAK,EAAE;oCACL,IAAI,EAAE,8BAA8B;oCACpC,WAAW,EAAE,WAAW;iCACzB;gCACD,UAAU,EAAE,EAAC,IAAI,EAAE,YAAY,EAAC;6BACjC;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAE,WAAW,EAAE,0BAAS,EAAC;oCACvD,KAAK,EAAE,OAAO;iCACf;gCACD;oCACE,IAAI,EAAE,EAAC,IAAI,EAAE,uBAAuB,EAAE,WAAW,EAAE,0BAAS,EAAC;oCAC7D,KAAK,EAAE,KAAK;iCACb;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAC,IAAI,EAAE,qBAAqB,EAAC;iCAC1C;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AAnFD,0CAmFC"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
export interface IOptions {
|
|
2
|
+
input: string;
|
|
3
|
+
awsAccountId: string;
|
|
4
|
+
target: string;
|
|
5
|
+
region: string;
|
|
6
|
+
}
|
|
7
|
+
export interface IExecJSONASFF {
|
|
8
|
+
Findings: IFindingASFF[];
|
|
9
|
+
}
|
|
10
|
+
export interface IFindingASFF {
|
|
11
|
+
SchemaVersion: string;
|
|
12
|
+
Id: string;
|
|
13
|
+
ProductArn: string;
|
|
14
|
+
ProductName?: string;
|
|
15
|
+
CompanyName?: string;
|
|
16
|
+
Region?: string;
|
|
17
|
+
GeneratorId: string;
|
|
18
|
+
AwsAccountId: string;
|
|
19
|
+
Types?: string[] | Record<string, unknown>;
|
|
20
|
+
FirstObservedAt?: string;
|
|
21
|
+
LastObservedAt?: string;
|
|
22
|
+
CreatedAt: string;
|
|
23
|
+
UpdatedAt: string;
|
|
24
|
+
Severity: ISeverityASFF;
|
|
25
|
+
Title: string;
|
|
26
|
+
Description: string;
|
|
27
|
+
Remediation: IRemediationASFF;
|
|
28
|
+
ProductFields: IProductFieldsASFF;
|
|
29
|
+
Resources: IResourcesASFF[];
|
|
30
|
+
Compliance: IComplianceASFF;
|
|
31
|
+
WorkflowState?: string;
|
|
32
|
+
Workflow?: {
|
|
33
|
+
Status: string;
|
|
34
|
+
};
|
|
35
|
+
RecordState?: string;
|
|
36
|
+
FindingProviderFields: IFindingProviderFieldsASFF;
|
|
37
|
+
}
|
|
38
|
+
export interface ISeverityASFF {
|
|
39
|
+
Product?: number;
|
|
40
|
+
Label: string;
|
|
41
|
+
Normalized?: number;
|
|
42
|
+
Original?: string;
|
|
43
|
+
}
|
|
44
|
+
export interface IRemediationASFF {
|
|
45
|
+
Recommendation: {
|
|
46
|
+
Text: string;
|
|
47
|
+
Url?: string;
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
export interface IProductFieldsASFF {
|
|
51
|
+
Check?: string | Record<string, unknown>;
|
|
52
|
+
StandardsGuideArn?: string;
|
|
53
|
+
StandardsGuideSubscriptionArn?: string;
|
|
54
|
+
RuleId?: string;
|
|
55
|
+
RecommendationUrl?: string;
|
|
56
|
+
StandardsControlArn?: string;
|
|
57
|
+
'aws/securityhub/ProductName'?: string;
|
|
58
|
+
'aws/securityhub/CompanyName'?: string;
|
|
59
|
+
'aws/securityhub/annotation'?: string;
|
|
60
|
+
'Resources:0/Id'?: string;
|
|
61
|
+
'aws/securityhub/FindingId'?: string;
|
|
62
|
+
}
|
|
63
|
+
export interface IResourcesASFF {
|
|
64
|
+
Type: string;
|
|
65
|
+
Id: string;
|
|
66
|
+
Partition?: string;
|
|
67
|
+
Region?: string;
|
|
68
|
+
Details?: {
|
|
69
|
+
AwsIamRole: {
|
|
70
|
+
AssumeRolePolicyDocument: string | Record<string, unknown>;
|
|
71
|
+
};
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
export interface IComplianceASFF {
|
|
75
|
+
Status: string;
|
|
76
|
+
StatusReasons?: ({
|
|
77
|
+
ReasonCode: string | null;
|
|
78
|
+
Description: string | null;
|
|
79
|
+
} | null)[];
|
|
80
|
+
RelatedRequirements?: string[] | Record<string, unknown>;
|
|
81
|
+
}
|
|
82
|
+
export interface IFindingProviderFieldsASFF {
|
|
83
|
+
Severity: {
|
|
84
|
+
Label: string;
|
|
85
|
+
Original?: string;
|
|
86
|
+
};
|
|
87
|
+
Types: string[] | Record<string, unknown>;
|
|
88
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asff-types.js","sourceRoot":"","sources":["../../../../src/converters-from-hdf/asff/asff-types.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { ExecJSON } from 'inspecjs';
|
|
2
|
+
import { MappedTransform } from '../../base-converter';
|
|
3
|
+
import { FromHdfBaseConverter } from '../reverse-base-converter';
|
|
4
|
+
import { IExecJSONASFF, IFindingASFF, IOptions } from './asff-types';
|
|
5
|
+
export declare type SegmentedControl = ExecJSON.Control & {
|
|
6
|
+
result: ExecJSON.ControlResult;
|
|
7
|
+
layersOfControl: (ExecJSON.Control & {
|
|
8
|
+
fix?: string;
|
|
9
|
+
profileInfo?: Record<string, unknown>;
|
|
10
|
+
})[];
|
|
11
|
+
};
|
|
12
|
+
export interface ILookupPathASFF {
|
|
13
|
+
path?: string;
|
|
14
|
+
transformer?: (value: SegmentedControl, context?: FromHdfToAsffMapper) => unknown;
|
|
15
|
+
arrayTransformer?: (value: unknown[], file: ExecJSON.Execution) => unknown[];
|
|
16
|
+
key?: string;
|
|
17
|
+
passParent?: boolean;
|
|
18
|
+
}
|
|
19
|
+
export declare class FromHdfToAsffMapper extends FromHdfBaseConverter {
|
|
20
|
+
mappings: MappedTransform<IExecJSONASFF, ILookupPathASFF>;
|
|
21
|
+
contextProfiles: any;
|
|
22
|
+
counts: any;
|
|
23
|
+
ioptions: IOptions;
|
|
24
|
+
index?: number;
|
|
25
|
+
impactMapping: Map<number, string>;
|
|
26
|
+
constructor(hdfObj: ExecJSON.Execution, options: IOptions | undefined);
|
|
27
|
+
defaultOptions(): IOptions;
|
|
28
|
+
setMappings(customMappings: MappedTransform<IExecJSONASFF, ILookupPathASFF>): void;
|
|
29
|
+
controlsToSegments(): SegmentedControl[];
|
|
30
|
+
toAsff(): IFindingASFF[];
|
|
31
|
+
}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.FromHdfToAsffMapper = void 0;
|
|
4
|
+
const inspecjs_1 = require("inspecjs");
|
|
5
|
+
const reverse_base_converter_1 = require("../reverse-base-converter");
|
|
6
|
+
const transformers_1 = require("./transformers");
|
|
7
|
+
class FromHdfToAsffMapper extends reverse_base_converter_1.FromHdfBaseConverter {
|
|
8
|
+
constructor(hdfObj, options) {
|
|
9
|
+
super(hdfObj);
|
|
10
|
+
this.mappings = {
|
|
11
|
+
Findings: [
|
|
12
|
+
{
|
|
13
|
+
SchemaVersion: '2018-10-08',
|
|
14
|
+
Id: { path: ``, transformer: transformers_1.setupId, passParent: true },
|
|
15
|
+
ProductArn: { path: ``, transformer: transformers_1.setupProductARN, passParent: true },
|
|
16
|
+
AwsAccountId: { path: ``, transformer: transformers_1.setupAwsAcct, passParent: true },
|
|
17
|
+
Types: {
|
|
18
|
+
transformer: () => ['Software and Configuration Checks']
|
|
19
|
+
},
|
|
20
|
+
CreatedAt: { path: ``, transformer: transformers_1.setupCreated },
|
|
21
|
+
Region: { path: '', transformer: transformers_1.setupRegion, passParent: true },
|
|
22
|
+
UpdatedAt: { path: ``, transformer: transformers_1.setupUpdated, passParent: true },
|
|
23
|
+
GeneratorId: {
|
|
24
|
+
path: '',
|
|
25
|
+
transformer: transformers_1.setupGeneratorId,
|
|
26
|
+
passParent: true
|
|
27
|
+
},
|
|
28
|
+
Title: { path: '', transformer: transformers_1.setupTitle },
|
|
29
|
+
Description: { path: '', transformer: transformers_1.setupDescr },
|
|
30
|
+
FindingProviderFields: {
|
|
31
|
+
Severity: {
|
|
32
|
+
Label: { path: '', transformer: transformers_1.setupSevLabel, passParent: true },
|
|
33
|
+
Original: { path: '', transformer: transformers_1.setupSevLabel, passParent: true }
|
|
34
|
+
},
|
|
35
|
+
Types: { path: '', transformer: transformers_1.setupFindingType, passParent: true }
|
|
36
|
+
},
|
|
37
|
+
Remediation: {
|
|
38
|
+
Recommendation: {
|
|
39
|
+
Text: { path: '', transformer: transformers_1.setupRemRec }
|
|
40
|
+
}
|
|
41
|
+
},
|
|
42
|
+
ProductFields: {
|
|
43
|
+
Check: { path: '', transformer: transformers_1.setupProdFieldCheck }
|
|
44
|
+
},
|
|
45
|
+
Severity: {
|
|
46
|
+
Label: { path: '', transformer: transformers_1.setupSevLabel, passParent: true },
|
|
47
|
+
Original: { path: '', transformer: transformers_1.setupSevOriginal }
|
|
48
|
+
},
|
|
49
|
+
Resources: [
|
|
50
|
+
{
|
|
51
|
+
Type: 'AwsAccount',
|
|
52
|
+
Id: { path: '', transformer: transformers_1.setupResourcesID, passParent: true },
|
|
53
|
+
Partition: 'aws',
|
|
54
|
+
Region: { path: '', transformer: transformers_1.setupRegion, passParent: true }
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
Id: { path: '', transformer: transformers_1.setupResourcesID2 },
|
|
58
|
+
Type: 'AwsIamRole',
|
|
59
|
+
Details: {
|
|
60
|
+
AwsIamRole: {
|
|
61
|
+
AssumeRolePolicyDocument: {
|
|
62
|
+
path: '',
|
|
63
|
+
transformer: transformers_1.setupDetailsAssume
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
],
|
|
69
|
+
Compliance: {
|
|
70
|
+
RelatedRequirements: {
|
|
71
|
+
transformer: () => [
|
|
72
|
+
'SEE REMEDIATION FIELD FOR RESULTS AND RECOMMENDED ACTION(S)'
|
|
73
|
+
]
|
|
74
|
+
},
|
|
75
|
+
Status: { path: '', transformer: transformers_1.setupControlStatus }
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
]
|
|
79
|
+
};
|
|
80
|
+
this.impactMapping = new Map([
|
|
81
|
+
[0.9, 'CRITICAL'],
|
|
82
|
+
[0.7, 'HIGH'],
|
|
83
|
+
[0.5, 'MEDIUM'],
|
|
84
|
+
[0.3, 'LOW'],
|
|
85
|
+
[0.0, 'INFORMATIONAL']
|
|
86
|
+
]);
|
|
87
|
+
this.ioptions = options === undefined ? this.defaultOptions() : options;
|
|
88
|
+
this.contextProfiles = (0, inspecjs_1.contextualizeEvaluation)(hdfObj);
|
|
89
|
+
this.counts = (0, transformers_1.statusCount)(this.contextProfiles);
|
|
90
|
+
}
|
|
91
|
+
defaultOptions() {
|
|
92
|
+
return {
|
|
93
|
+
input: '',
|
|
94
|
+
awsAccountId: '',
|
|
95
|
+
target: 'default',
|
|
96
|
+
region: ''
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
setMappings(customMappings) {
|
|
100
|
+
super.setMappings(customMappings);
|
|
101
|
+
}
|
|
102
|
+
controlsToSegments() {
|
|
103
|
+
const segments = [];
|
|
104
|
+
this.data.profiles.forEach((profile) => {
|
|
105
|
+
profile.controls.reverse().forEach((control) => {
|
|
106
|
+
control.results.forEach((segment) => {
|
|
107
|
+
segments.push({
|
|
108
|
+
...control,
|
|
109
|
+
result: segment,
|
|
110
|
+
layersOfControl: (0, transformers_1.getAllLayers)(this.data, control)
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
});
|
|
114
|
+
});
|
|
115
|
+
return segments;
|
|
116
|
+
}
|
|
117
|
+
toAsff() {
|
|
118
|
+
if (this.mappings === undefined) {
|
|
119
|
+
throw new Error('Mappings must be provided');
|
|
120
|
+
}
|
|
121
|
+
else {
|
|
122
|
+
const resList = this.controlsToSegments().map((segment, index) => {
|
|
123
|
+
this.index = index;
|
|
124
|
+
return this.convertInternal(segment, this.mappings)['Findings'][0];
|
|
125
|
+
});
|
|
126
|
+
resList.push((0, transformers_1.createProfileInfoFinding)(this.data, this.ioptions));
|
|
127
|
+
return resList;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
exports.FromHdfToAsffMapper = FromHdfToAsffMapper;
|
|
132
|
+
//# sourceMappingURL=reverse-asff-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reverse-asff-mapper.js","sourceRoot":"","sources":["../../../../src/converters-from-hdf/asff/reverse-asff-mapper.ts"],"names":[],"mappings":";;;AAAA,uCAA2D;AAE3D,sEAA+D;AAE/D,iDAsBwB;AAqBxB,MAAa,mBAAoB,SAAQ,6CAAoB;IAqF3D,YAAY,MAA0B,EAAE,OAA6B;QACnE,KAAK,CAAC,MAAM,CAAC,CAAC;QArFhB,aAAQ,GAAoD;YAC1D,QAAQ,EAAE;gBACR;oBACE,aAAa,EAAE,YAAY;oBAC3B,EAAE,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,sBAAO,EAAE,UAAU,EAAE,IAAI,EAAC;oBACtD,UAAU,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,8BAAe,EAAE,UAAU,EAAE,IAAI,EAAC;oBACtE,YAAY,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,2BAAY,EAAE,UAAU,EAAE,IAAI,EAAC;oBACrE,KAAK,EAAE;wBACL,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,mCAAmC,CAAC;qBACzD;oBACD,SAAS,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,2BAAY,EAAC;oBAChD,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,0BAAW,EAAE,UAAU,EAAE,IAAI,EAAC;oBAC9D,SAAS,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,2BAAY,EAAE,UAAU,EAAE,IAAI,EAAC;oBAClE,WAAW,EAAE;wBACX,IAAI,EAAE,EAAE;wBACR,WAAW,EAAE,+BAAgB;wBAC7B,UAAU,EAAE,IAAI;qBACjB;oBACD,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,yBAAU,EAAC;oBAC1C,WAAW,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,yBAAU,EAAC;oBAChD,qBAAqB,EAAE;wBACrB,QAAQ,EAAE;4BACR,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,4BAAa,EAAE,UAAU,EAAE,IAAI,EAAC;4BAC/D,QAAQ,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,4BAAa,EAAE,UAAU,EAAE,IAAI,EAAC;yBACnE;wBACD,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,+BAAgB,EAAE,UAAU,EAAE,IAAI,EAAC;qBACnE;oBACD,WAAW,EAAE;wBACX,cAAc,EAAE;4BACd,IAAI,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,0BAAW,EAAC;yBAC3C;qBACF;oBACD,aAAa,EAAE;wBACb,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,kCAAmB,EAAC;qBACpD;oBACD,QAAQ,EAAE;wBACR,KAAK,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,4BAAa,EAAE,UAAU,EAAE,IAAI,EAAC;wBAC/D,QAAQ,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,+BAAgB,EAAC;qBACpD;oBACD,SAAS,EAAE;wBACT;4BACE,IAAI,EAAE,YAAY;4BAClB,EAAE,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,+BAAgB,EAAE,UAAU,EAAE,IAAI,EAAC;4BAC/D,SAAS,EAAE,KAAK;4BAChB,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,0BAAW,EAAE,UAAU,EAAE,IAAI,EAAC;yBAC/D;wBACD;4BACE,EAAE,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,gCAAiB,EAAC;4BAC9C,IAAI,EAAE,YAAY;4BAClB,OAAO,EAAE;gCACP,UAAU,EAAE;oCACV,wBAAwB,EAAE;wCACxB,IAAI,EAAE,EAAE;wCACR,WAAW,EAAE,iCAAkB;qCAChC;iCACF;6BACF;yBACF;qBACF;oBACD,UAAU,EAAE;wBACV,mBAAmB,EAAE;4BACnB,WAAW,EAAE,GAAG,EAAE,CAAC;gCACjB,6DAA6D;6BAC9D;yBACF;wBACD,MAAM,EAAE,EAAC,IAAI,EAAE,EAAE,EAAE,WAAW,EAAE,iCAAkB,EAAC;qBACpD;iBACF;aACF;SACF,CAAC;QAOF,kBAAa,GAAwB,IAAI,GAAG,CAAC;YAC3C,CAAC,GAAG,EAAE,UAAU,CAAC;YACjB,CAAC,GAAG,EAAE,MAAM,CAAC;YACb,CAAC,GAAG,EAAE,QAAQ,CAAC;YACf,CAAC,GAAG,EAAE,KAAK,CAAC;YACZ,CAAC,GAAG,EAAE,eAAe,CAAC;SACvB,CAAC,CAAC;QAID,IAAI,CAAC,QAAQ,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QACxE,IAAI,CAAC,eAAe,GAAG,IAAA,kCAAuB,EAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAA,0BAAW,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC;IAED,cAAc;QACZ,OAAO;YACL,KAAK,EAAE,EAAE;YACT,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,EAAE;SACX,CAAC;IACJ,CAAC;IAED,WAAW,CACT,cAA+D;QAE/D,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;IAGD,kBAAkB;QAChB,MAAM,QAAQ,GAAuB,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7C,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;oBAElC,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG,OAAO;wBACV,MAAM,EAAE,OAAO;wBACf,eAAe,EAAE,IAAA,2BAAY,EAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC;qBAClD,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAGD,MAAM;QACJ,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;SAC9C;aAAM;YAGL,MAAM,OAAO,GAAmB,IAAI,CAAC,kBAAkB,EAAE,CAAC,GAAG,CAC3D,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;gBACjB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;gBACnB,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CACjD,UAAU,CACX,CAAC,CAAC,CAAiB,CAAC;YACvB,CAAC,CACF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,IAAA,uCAAwB,EAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjE,OAAO,OAAO,CAAC;SAChB;IACH,CAAC;CACF;AAjJD,kDAiJC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
import { ContextualizedEvaluation, ExecJSON } from 'inspecjs';
|
|
2
|
+
import { IFindingASFF, IOptions } from './asff-types';
|
|
3
|
+
import { FromHdfToAsffMapper, SegmentedControl } from './reverse-asff-mapper';
|
|
4
|
+
declare type Counts = {
|
|
5
|
+
Passed: number;
|
|
6
|
+
PassedTests: number;
|
|
7
|
+
Failed: number;
|
|
8
|
+
FailedTests: number;
|
|
9
|
+
PassingTestsFailedControl: number;
|
|
10
|
+
NotApplicable: number;
|
|
11
|
+
NotReviewed: number;
|
|
12
|
+
};
|
|
13
|
+
export declare function getRunTime(hdf: ExecJSON.Execution): Date;
|
|
14
|
+
export declare function createProfileInfoFinding(hdf: ExecJSON.Execution, options: IOptions): IFindingASFF;
|
|
15
|
+
export declare function statusCount(evaluation: ContextualizedEvaluation): Counts;
|
|
16
|
+
export declare function createDescription(counts: Counts): string;
|
|
17
|
+
export declare function createAssumeRolePolicyDocument(layersOfControl: ExecJSON.Control[], segment: ExecJSON.ControlResult): string;
|
|
18
|
+
export declare function sliceIntoChunks(arr: any[], chunkSize: number): any[][];
|
|
19
|
+
export declare function cleanText(text?: string | null): string | undefined;
|
|
20
|
+
export declare function getAllLayers(hdf: ExecJSON.Execution, knownControl: ExecJSON.Control): ExecJSON.Control[];
|
|
21
|
+
export declare function createNote(segment: ExecJSON.ControlResult): string;
|
|
22
|
+
export declare function createCode(control: ExecJSON.Control & {
|
|
23
|
+
profileInfo?: Record<string, unknown>;
|
|
24
|
+
}): string;
|
|
25
|
+
export declare function setupId(control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
26
|
+
export declare function setupProductARN(_val: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
27
|
+
export declare function setupAwsAcct(_val: SegmentedControl, context?: FromHdfToAsffMapper): string | undefined;
|
|
28
|
+
export declare function setupCreated(control: SegmentedControl): string;
|
|
29
|
+
export declare function setupRegion(_val: SegmentedControl, context?: FromHdfToAsffMapper): string | undefined;
|
|
30
|
+
export declare function setupUpdated(_control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
31
|
+
export declare function setupGeneratorId(control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
32
|
+
export declare function setupTitle(control: SegmentedControl): string;
|
|
33
|
+
export declare function setupDescr(control: SegmentedControl): string;
|
|
34
|
+
export declare function setupSevLabel(control: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
35
|
+
export declare function setupSevOriginal(control: SegmentedControl): string;
|
|
36
|
+
export declare function setupFindingType(control: SegmentedControl, context?: FromHdfToAsffMapper): string[];
|
|
37
|
+
export declare function getFixForControl(control: SegmentedControl): any;
|
|
38
|
+
export declare function setupRemRec(control: SegmentedControl): string;
|
|
39
|
+
export declare function setupProdFieldCheck(control: SegmentedControl): string;
|
|
40
|
+
export declare function setupResourcesID(_val: SegmentedControl, context?: FromHdfToAsffMapper): string;
|
|
41
|
+
export declare function setupResourcesID2(control: SegmentedControl): string;
|
|
42
|
+
export declare function setupDetailsAssume(control: SegmentedControl): string;
|
|
43
|
+
export declare function setupControlStatus(control: SegmentedControl): string;
|
|
44
|
+
export {};
|