@mitre/hdf-converters 2.6.21 → 2.6.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.d.ts +2 -1
- package/lib/index.js +4 -2
- package/lib/index.js.map +1 -1
- package/lib/package.json +4 -4
- package/lib/src/asff-mapper/asff-mapper.d.ts +106 -0
- package/lib/src/asff-mapper/asff-mapper.js +462 -0
- package/lib/src/asff-mapper/asff-mapper.js.map +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.d.ts +1 -0
- package/lib/src/asff-mapper/case-firewall-manager.js +27 -0
- package/lib/src/asff-mapper/case-firewall-manager.js.map +1 -0
- package/lib/src/asff-mapper/case-hdf2asff.d.ts +1 -0
- package/lib/src/asff-mapper/case-hdf2asff.js +192 -0
- package/lib/src/asff-mapper/case-hdf2asff.js.map +1 -0
- package/lib/src/asff-mapper/case-prowler.d.ts +1 -0
- package/lib/src/asff-mapper/case-prowler.js +39 -0
- package/lib/src/asff-mapper/case-prowler.js.map +1 -0
- package/lib/src/asff-mapper/case-security-hub.d.ts +1 -0
- package/lib/src/asff-mapper/case-security-hub.js +136 -0
- package/lib/src/asff-mapper/case-security-hub.js.map +1 -0
- package/lib/src/asff-mapper/case-trivy.d.ts +1 -0
- package/lib/src/asff-mapper/case-trivy.js +71 -0
- package/lib/src/asff-mapper/case-trivy.js.map +1 -0
- package/lib/src/base-converter.js +8 -12
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/burpsuite-mapper.js +2 -2
- package/lib/src/burpsuite-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/transformers.js +8 -4
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -1
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.d.ts +2 -2
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js +2 -2
- package/lib/src/converters-from-hdf/splunk/reverse-splunk-mapper.js.map +1 -1
- package/lib/src/converters-from-hdf/splunk/splunk-profile-types.d.ts +1 -1
- package/lib/src/converters-from-hdf/splunk/splunk-report-types.d.ts +2 -1
- package/lib/src/fortify-mapper.js +1 -3
- package/lib/src/fortify-mapper.js.map +1 -1
- package/lib/src/ionchannel-mapper.d.ts +27 -0
- package/lib/src/ionchannel-mapper.js +268 -0
- package/lib/src/ionchannel-mapper.js.map +1 -0
- package/lib/src/jfrog-xray-mapper.js +2 -2
- package/lib/src/jfrog-xray-mapper.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.js +3 -3
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -1
- package/lib/src/nessus-mapper.js +8 -3
- package/lib/src/nessus-mapper.js.map +1 -1
- package/lib/src/netsparker-mapper.js +2 -2
- package/lib/src/netsparker-mapper.js.map +1 -1
- package/lib/src/prisma-mapper.js +2 -2
- package/lib/src/prisma-mapper.js.map +1 -1
- package/lib/src/sarif-mapper.js +8 -4
- package/lib/src/sarif-mapper.js.map +1 -1
- package/lib/src/snyk-mapper.d.ts +3 -1
- package/lib/src/snyk-mapper.js +25 -19
- package/lib/src/snyk-mapper.js.map +1 -1
- package/lib/src/splunk-mapper.d.ts +3 -2
- package/lib/src/splunk-mapper.js +5 -5
- package/lib/src/splunk-mapper.js.map +1 -1
- package/lib/src/utils/global.d.ts +4 -2
- package/lib/src/utils/global.js +11 -6
- package/lib/src/utils/global.js.map +1 -1
- package/lib/src/xccdf-results-mapper.js +2 -2
- package/lib/src/xccdf-results-mapper.js.map +1 -1
- package/lib/src/zap-mapper.js +2 -8
- package/lib/src/zap-mapper.js.map +1 -1
- package/package.json +4 -4
- package/lib/src/asff-mapper.d.ts +0 -25
- package/lib/src/asff-mapper.js +0 -887
- package/lib/src/asff-mapper.js.map +0 -1
|
@@ -0,0 +1,268 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.IonChannelMapper = exports.IonChannelAPIMapper = void 0;
|
|
7
|
+
const axios_1 = __importDefault(require("axios"));
|
|
8
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
9
|
+
const package_json_1 = require("../package.json");
|
|
10
|
+
const base_converter_1 = require("./base-converter");
|
|
11
|
+
const global_1 = require("./utils/global");
|
|
12
|
+
function extractAllDependencies(dependency) {
|
|
13
|
+
const result = [];
|
|
14
|
+
result.push({
|
|
15
|
+
...dependency,
|
|
16
|
+
parentDependencies: []
|
|
17
|
+
});
|
|
18
|
+
if (Array.isArray(dependency.dependencies)) {
|
|
19
|
+
dependency.dependencies.forEach((subDependency) => {
|
|
20
|
+
result.push(...extractAllDependencies(subDependency));
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
return result;
|
|
24
|
+
}
|
|
25
|
+
function preprocessIonChannelData(ionchannelData) {
|
|
26
|
+
const result = {
|
|
27
|
+
metadata: {},
|
|
28
|
+
scans: {
|
|
29
|
+
vulnerability: [],
|
|
30
|
+
dependency: {
|
|
31
|
+
dependencies: [],
|
|
32
|
+
contextualizedDependencies: []
|
|
33
|
+
},
|
|
34
|
+
ecosystems: [],
|
|
35
|
+
community: [],
|
|
36
|
+
buildsystems: [],
|
|
37
|
+
virus: [],
|
|
38
|
+
license: [],
|
|
39
|
+
difference: [],
|
|
40
|
+
about_yml: []
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
const parsed = JSON.parse(ionchannelData);
|
|
44
|
+
const scanSummaries = lodash_1.default.get(parsed, 'scan_summaries');
|
|
45
|
+
result.metadata = lodash_1.default.omit(parsed, 'scan_summaries');
|
|
46
|
+
if (!Array.isArray(scanSummaries)) {
|
|
47
|
+
throw new Error(`Ion Channel scan_summaries invalid summary data (expecting array, got ${typeof scanSummaries})`);
|
|
48
|
+
}
|
|
49
|
+
scanSummaries.forEach((scanSummary) => {
|
|
50
|
+
switch (scanSummary.name) {
|
|
51
|
+
case 'dependency':
|
|
52
|
+
if (!scanSummary.results.data.dependencies) {
|
|
53
|
+
throw new Error('Dependency scan contains no dependencies array');
|
|
54
|
+
}
|
|
55
|
+
result.scans.dependency.dependencies =
|
|
56
|
+
scanSummary.results.data.dependencies;
|
|
57
|
+
break;
|
|
58
|
+
default:
|
|
59
|
+
break;
|
|
60
|
+
}
|
|
61
|
+
});
|
|
62
|
+
const dependencyGraph = {};
|
|
63
|
+
result.scans.dependency.dependencies.forEach((topLevelDependency) => {
|
|
64
|
+
const flatDependencies = extractAllDependencies(topLevelDependency);
|
|
65
|
+
flatDependencies.forEach((dependency) => {
|
|
66
|
+
dependencyGraph[`${dependency.org}/${dependency.name}`] = dependency;
|
|
67
|
+
});
|
|
68
|
+
});
|
|
69
|
+
Object.entries(dependencyGraph).forEach(([, dependency]) => {
|
|
70
|
+
if (Array.isArray(dependency.dependencies)) {
|
|
71
|
+
dependency.dependencies.forEach((subDependency) => {
|
|
72
|
+
dependencyGraph[`${subDependency.org}/${subDependency.name}`].parentDependencies.push(`${dependency.org}/${dependency.name}`);
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
|
+
});
|
|
76
|
+
Object.entries(dependencyGraph).forEach(([, dependency]) => {
|
|
77
|
+
result.scans.dependency.contextualizedDependencies.push(dependency);
|
|
78
|
+
});
|
|
79
|
+
return result;
|
|
80
|
+
}
|
|
81
|
+
class IonChannelAPIMapper {
|
|
82
|
+
constructor(apiKey, projectId, teamId, analysisId) {
|
|
83
|
+
this.apiKey = apiKey;
|
|
84
|
+
this.projectId = projectId;
|
|
85
|
+
this.teamId = teamId;
|
|
86
|
+
this.analysisId = analysisId;
|
|
87
|
+
this.apiClient = axios_1.default.create();
|
|
88
|
+
this.apiClient.defaults.headers.common['Authorization'] = `Bearer ${this.apiKey}`;
|
|
89
|
+
this.apiClient.defaults.headers.common['Accept'] =
|
|
90
|
+
'application/json, text/plain, */*';
|
|
91
|
+
}
|
|
92
|
+
async toHdf() {
|
|
93
|
+
const analysis = await this.getAnalysis();
|
|
94
|
+
const mapper = new IonChannelMapper(JSON.stringify(analysis.analysis));
|
|
95
|
+
return mapper.toHdf();
|
|
96
|
+
}
|
|
97
|
+
async setTeam(teamName) {
|
|
98
|
+
const availableTeams = await this.getTeams();
|
|
99
|
+
const foundTeam = availableTeams.find((team) => team.name.toLowerCase() === teamName.toLowerCase());
|
|
100
|
+
if (!foundTeam) {
|
|
101
|
+
throw new Error(`Team ${teamName} not found in available teams: ${availableTeams
|
|
102
|
+
.map((team) => team.name)
|
|
103
|
+
.join(', ')}`);
|
|
104
|
+
}
|
|
105
|
+
this.teamId = foundTeam.id;
|
|
106
|
+
}
|
|
107
|
+
async getTeams() {
|
|
108
|
+
if (!this.apiKey) {
|
|
109
|
+
throw new Error('No API-Key Set');
|
|
110
|
+
}
|
|
111
|
+
return this.apiClient
|
|
112
|
+
.get('https://api.ionchannel.io/v1/teams/getTeams')
|
|
113
|
+
.then(({ data }) => data.data);
|
|
114
|
+
}
|
|
115
|
+
async setProject(projectName) {
|
|
116
|
+
const availableProjects = await this.getProjects();
|
|
117
|
+
const foundProject = availableProjects.find((project) => project.name.toLowerCase() === projectName.toLowerCase());
|
|
118
|
+
if (!foundProject) {
|
|
119
|
+
throw new Error(`Project ${projectName} not found in available projects: ${availableProjects
|
|
120
|
+
.map((project) => project.name)
|
|
121
|
+
.join(', ')}`);
|
|
122
|
+
}
|
|
123
|
+
this.projectId = foundProject.id;
|
|
124
|
+
this.analysisId = foundProject.analysis_summary.analysis_id;
|
|
125
|
+
}
|
|
126
|
+
async getProjects() {
|
|
127
|
+
if (!this.apiKey) {
|
|
128
|
+
throw new Error('No API-Key Defined');
|
|
129
|
+
}
|
|
130
|
+
if (!this.teamId) {
|
|
131
|
+
throw new Error('No Team ID Defined');
|
|
132
|
+
}
|
|
133
|
+
return this.apiClient
|
|
134
|
+
.get('https://api.ionchannel.io/v1/report/getProjects', {
|
|
135
|
+
params: {
|
|
136
|
+
team_id: this.teamId
|
|
137
|
+
}
|
|
138
|
+
})
|
|
139
|
+
.then(({ data }) => data.data);
|
|
140
|
+
}
|
|
141
|
+
async getAnalysis() {
|
|
142
|
+
if (!this.apiKey) {
|
|
143
|
+
throw new Error('No API-Key Defined');
|
|
144
|
+
}
|
|
145
|
+
if (!this.projectId) {
|
|
146
|
+
throw new Error('No Project ID Defined');
|
|
147
|
+
}
|
|
148
|
+
if (!this.teamId) {
|
|
149
|
+
throw new Error('No Team ID Defined');
|
|
150
|
+
}
|
|
151
|
+
if (!this.analysisId) {
|
|
152
|
+
throw new Error('No Analysis ID Defined');
|
|
153
|
+
}
|
|
154
|
+
return this.apiClient
|
|
155
|
+
.get('https://api.ionchannel.io/v1/report/getAnalysis', {
|
|
156
|
+
params: {
|
|
157
|
+
project_id: this.projectId,
|
|
158
|
+
team_id: this.teamId,
|
|
159
|
+
analysis_id: this.analysisId
|
|
160
|
+
}
|
|
161
|
+
})
|
|
162
|
+
.then(({ data }) => data.data);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
exports.IonChannelAPIMapper = IonChannelAPIMapper;
|
|
166
|
+
class IonChannelMapper extends base_converter_1.BaseConverter {
|
|
167
|
+
constructor(ionchannelJson) {
|
|
168
|
+
super(preprocessIonChannelData(ionchannelJson));
|
|
169
|
+
this.mappings = {
|
|
170
|
+
platform: {
|
|
171
|
+
name: 'Heimdall Tools',
|
|
172
|
+
release: package_json_1.version,
|
|
173
|
+
target_id: { path: 'metadata.project_id' }
|
|
174
|
+
},
|
|
175
|
+
passthrough: {
|
|
176
|
+
ionchannel_metadata: {
|
|
177
|
+
path: 'metadata'
|
|
178
|
+
}
|
|
179
|
+
},
|
|
180
|
+
version: package_json_1.version,
|
|
181
|
+
statistics: {
|
|
182
|
+
duration: null
|
|
183
|
+
},
|
|
184
|
+
profiles: [
|
|
185
|
+
{
|
|
186
|
+
name: 'IonChannel SBOM Analysis',
|
|
187
|
+
version: '',
|
|
188
|
+
title: {
|
|
189
|
+
path: 'metadata.source',
|
|
190
|
+
transformer: (source) => `IonChannel Analysis of ${source}`
|
|
191
|
+
},
|
|
192
|
+
maintainer: 'saf@groups.mitre.org',
|
|
193
|
+
summary: '',
|
|
194
|
+
license: null,
|
|
195
|
+
copyright: null,
|
|
196
|
+
copyright_email: null,
|
|
197
|
+
supports: [],
|
|
198
|
+
attributes: [],
|
|
199
|
+
depends: [],
|
|
200
|
+
groups: [],
|
|
201
|
+
status: 'loaded',
|
|
202
|
+
controls: [
|
|
203
|
+
{
|
|
204
|
+
path: 'scans.dependency.contextualizedDependencies',
|
|
205
|
+
key: 'id',
|
|
206
|
+
tags: {
|
|
207
|
+
transformer: (dependency) => {
|
|
208
|
+
return Array.isArray(dependency.dependencies)
|
|
209
|
+
? {
|
|
210
|
+
...lodash_1.default.omit(dependency, 'dependencies'),
|
|
211
|
+
nist: global_1.DEFAULT_INFORMATION_SYSTEM_COMPONENT_MANAGEMENT_NIST_TAGS,
|
|
212
|
+
dependencies: dependency.dependencies.map((subDependency) => `${subDependency.name}`)
|
|
213
|
+
}
|
|
214
|
+
: {
|
|
215
|
+
...lodash_1.default.omit(dependency, 'dependencies'),
|
|
216
|
+
nist: global_1.DEFAULT_INFORMATION_SYSTEM_COMPONENT_MANAGEMENT_NIST_TAGS
|
|
217
|
+
};
|
|
218
|
+
}
|
|
219
|
+
},
|
|
220
|
+
descriptions: [],
|
|
221
|
+
refs: [],
|
|
222
|
+
source_location: {},
|
|
223
|
+
title: {
|
|
224
|
+
transformer: (dependency) => {
|
|
225
|
+
if (dependency.type === 'pypi' &&
|
|
226
|
+
dependency.package === 'egg' &&
|
|
227
|
+
dependency.name === '-e') {
|
|
228
|
+
return `Python requirements file ${dependency.file}`;
|
|
229
|
+
}
|
|
230
|
+
let title = `Dependency ${dependency.name} `;
|
|
231
|
+
if (dependency.org && dependency.org.toLowerCase() !== 'n/a') {
|
|
232
|
+
title += `from ${dependency.org} `;
|
|
233
|
+
}
|
|
234
|
+
if (dependency.version &&
|
|
235
|
+
dependency.version.toLowerCase() !== 'n/a') {
|
|
236
|
+
title += `@ ${dependency.version} `;
|
|
237
|
+
}
|
|
238
|
+
if (dependency.requirement &&
|
|
239
|
+
dependency.requirement.toLowerCase() !== 'n/a') {
|
|
240
|
+
title += `(Required ${dependency.requirement}) `;
|
|
241
|
+
}
|
|
242
|
+
return title.trim();
|
|
243
|
+
}
|
|
244
|
+
},
|
|
245
|
+
id: {
|
|
246
|
+
transformer: (dependency) => {
|
|
247
|
+
return `dependency-${dependency.org}/${dependency.name}`;
|
|
248
|
+
}
|
|
249
|
+
},
|
|
250
|
+
desc: '',
|
|
251
|
+
impact: 0.0,
|
|
252
|
+
code: {
|
|
253
|
+
transformer: (dependency) => JSON.stringify(dependency, null, 2)
|
|
254
|
+
},
|
|
255
|
+
results: []
|
|
256
|
+
}
|
|
257
|
+
],
|
|
258
|
+
sha256: ''
|
|
259
|
+
}
|
|
260
|
+
]
|
|
261
|
+
};
|
|
262
|
+
}
|
|
263
|
+
setMappings(customMappings) {
|
|
264
|
+
super.setMappings(customMappings);
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
exports.IonChannelMapper = IonChannelMapper;
|
|
268
|
+
//# sourceMappingURL=ionchannel-mapper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ionchannel-mapper.js","sourceRoot":"","sources":["../../src/ionchannel-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,kDAA2C;AAE3C,oDAAuB;AACvB,kDAAgE;AAShE,qDAA6E;AAC7E,2CAAyF;AAGzF,SAAS,sBAAsB,CAC7B,UAAsB;IAEtB,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,UAAU;QACb,kBAAkB,EAAE,EAAE;KACvB,CAAC,CAAC;IACH,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE;QAC1C,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;YAChD,MAAM,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;KACJ;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,wBAAwB,CAAC,cAAsB;IACtD,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE;YACL,aAAa,EAAE,EAAE;YACjB,UAAU,EAAE;gBACV,YAAY,EAAE,EAAkB;gBAChC,0BAA0B,EAAE,EAAgC;aAC7D;YACD,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;YACb,YAAY,EAAE,EAAE;YAChB,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,EAAE;YACX,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd;KACF,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,gBAAC,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAEtD,MAAM,CAAC,QAAQ,GAAG,gBAAC,CAAC,IAAI,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAEnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;QACjC,MAAM,IAAI,KAAK,CACb,yEAAyE,OAAO,aAAa,GAAG,CACjG,CAAC;KACH;IAED,aAAa,CAAC,OAAO,CAAC,CAAC,WAAwB,EAAE,EAAE;QACjD,QAAQ,WAAW,CAAC,IAAI,EAAE;YACxB,KAAK,YAAY;gBACf,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE;oBAC1C,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;iBACnE;gBACD,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY;oBAClC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;gBACxC,MAAM;YAER;gBACE,MAAM;SACT;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAA6C,EAAE,CAAC;IAGrE,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,kBAAkB,EAAE,EAAE;QAClE,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;QACpE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACtC,eAAe,CAAC,GAAG,UAAU,CAAC,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,GAAG,UAAU,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAGH,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,EAAE;QACzD,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE;YAC1C,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;gBAChD,eAAe,CACb,GAAG,aAAa,CAAC,GAAG,IAAI,aAAa,CAAC,IAAI,EAAE,CAC7C,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;YACpE,CAAC,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,EAAE;QACzD,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAa,mBAAmB;IAQ9B,YACE,MAAc,EACd,SAAkB,EAClB,MAAe,EACf,UAAmB;QAEnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAE7B,IAAI,CAAC,SAAS,GAAG,eAAK,CAAC,MAAM,EAAE,CAAC;QAChC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CACpC,eAAe,CAChB,GAAG,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;YAC9C,mCAAmC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAgB;QAC5B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CACnC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,WAAW,EAAE,CAC7D,CAAC;QACF,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,KAAK,CACb,QAAQ,QAAQ,kCAAkC,cAAc;iBAC7D,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;iBACxB,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;SACH;QACD,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;SACnC;QACD,OAAO,IAAI,CAAC,SAAS;aAClB,GAAG,CAAC,6CAA6C,CAAC;aAClD,IAAI,CAAC,CAAC,EAAC,IAAI,EAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,WAAmB;QAClC,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CACzC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC,WAAW,EAAE,CACtE,CAAC;QACF,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,KAAK,CACb,WAAW,WAAW,qCAAqC,iBAAiB;iBACzE,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;iBAC9B,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;SACH;QACD,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,YAAY,CAAC,gBAAgB,CAAC,WAAW,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACvC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACvC;QACD,OAAO,IAAI,CAAC,SAAS;aAClB,GAAG,CAAC,iDAAiD,EAAE;YACtD,MAAM,EAAE;gBACN,OAAO,EAAE,IAAI,CAAC,MAAM;aACrB;SACF,CAAC;aACD,IAAI,CAAC,CAAC,EAAC,IAAI,EAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACvC;QACD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;SACvC;QACD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;YACpB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;SAC3C;QACD,OAAO,IAAI,CAAC,SAAS;aAClB,GAAG,CAAC,iDAAiD,EAAE;YACtD,MAAM,EAAE;gBACN,UAAU,EAAE,IAAI,CAAC,SAAS;gBAC1B,OAAO,EAAE,IAAI,CAAC,MAAM;gBACpB,WAAW,EAAE,IAAI,CAAC,UAAU;aAC7B;SACF,CAAC;aACD,IAAI,CAAC,CAAC,EAAC,IAAI,EAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;CACF;AAhHD,kDAgHC;AAED,MAAa,gBAAiB,SAAQ,8BAAa;IA6GjD,YAAY,cAAsB;QAChC,KAAK,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC,CAAC;QA7GlD,aAAQ,GAGJ;YACF,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAC,IAAI,EAAE,qBAAqB,EAAC;aACzC;YACD,WAAW,EAAE;gBACX,mBAAmB,EAAE;oBACnB,IAAI,EAAE,UAAU;iBACjB;aACF;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,0BAA0B;oBAChC,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE;wBACL,IAAI,EAAE,iBAAiB;wBACvB,WAAW,EAAE,CAAC,MAAe,EAAE,EAAE,CAAC,0BAA0B,MAAM,EAAE;qBACrE;oBACD,UAAU,EAAE,sBAAsB;oBAClC,OAAO,EAAE,EAAE;oBACX,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,6CAA6C;4BACnD,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,UAAsB,EAAE,EAAE;oCACtC,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC;wCAC3C,CAAC,CAAC;4CACE,GAAG,gBAAC,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;4CACrC,IAAI,EAAE,kEAAyD;4CAC/D,YAAY,EAAE,UAAU,CAAC,YAAY,CAAC,GAAG,CACvC,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,aAAa,CAAC,IAAI,EAAE,CAC3C;yCACF;wCACH,CAAC,CAAC;4CACE,GAAG,gBAAC,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;4CACrC,IAAI,EAAE,kEAAyD;yCAChE,CAAC;gCACR,CAAC;6BACF;4BACD,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,KAAK,EAAE;gCACL,WAAW,EAAE,CAAC,UAAsB,EAAE,EAAE;oCAEtC,IACE,UAAU,CAAC,IAAI,KAAK,MAAM;wCAC1B,UAAU,CAAC,OAAO,KAAK,KAAK;wCAC5B,UAAU,CAAC,IAAI,KAAK,IAAI,EACxB;wCACA,OAAO,4BAA4B,UAAU,CAAC,IAAI,EAAE,CAAC;qCACtD;oCAED,IAAI,KAAK,GAAG,cAAc,UAAU,CAAC,IAAI,GAAG,CAAC;oCAC7C,IAAI,UAAU,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE;wCAC5D,KAAK,IAAI,QAAQ,UAAU,CAAC,GAAG,GAAG,CAAC;qCACpC;oCACD,IACE,UAAU,CAAC,OAAO;wCAClB,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,KAAK,EAC1C;wCACA,KAAK,IAAI,KAAK,UAAU,CAAC,OAAO,GAAG,CAAC;qCACrC;oCACD,IACE,UAAU,CAAC,WAAW;wCACtB,UAAU,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,KAAK,EAC9C;wCACA,KAAK,IAAI,aAAa,UAAU,CAAC,WAAW,IAAI,CAAC;qCAClD;oCACD,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;gCACtB,CAAC;6BACF;4BACD,EAAE,EAAE;gCACF,WAAW,EAAE,CAAC,UAAoC,EAAE,EAAE;oCACpD,OAAO,cAAc,UAAU,CAAC,GAAG,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gCAC3D,CAAC;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,MAAM,EAAE,GAAG;4BACX,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,UAAsB,EAAE,EAAE,CACtC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;4BACD,OAAO,EAAE,EAAE;yBACZ;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAIF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AArHD,4CAqHC"}
|
|
@@ -9,13 +9,13 @@ const lodash_1 = __importDefault(require("lodash"));
|
|
|
9
9
|
const package_json_1 = require("../package.json");
|
|
10
10
|
const base_converter_1 = require("./base-converter");
|
|
11
11
|
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
12
|
+
const global_1 = require("./utils/global");
|
|
12
13
|
const IMPACT_MAPPING = new Map([
|
|
13
14
|
['high', 0.7],
|
|
14
15
|
['medium', 0.5],
|
|
15
16
|
['low', 0.3]
|
|
16
17
|
]);
|
|
17
18
|
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
|
|
18
|
-
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
19
19
|
function hashId(vulnerability) {
|
|
20
20
|
if (lodash_1.default.get(vulnerability, 'id') === '') {
|
|
21
21
|
return (0, base_converter_1.generateHash)(lodash_1.default.get(vulnerability, 'summary').toString(), 'md5');
|
|
@@ -86,7 +86,7 @@ function parseIdentifier(identifier) {
|
|
|
86
86
|
}
|
|
87
87
|
function nistTag(identifier) {
|
|
88
88
|
const identifiers = parseIdentifier(identifier);
|
|
89
|
-
return CWE_NIST_MAPPING.nistFilter(identifiers,
|
|
89
|
+
return CWE_NIST_MAPPING.nistFilter(identifiers, global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS);
|
|
90
90
|
}
|
|
91
91
|
class JfrogXrayMapper extends base_converter_1.BaseConverter {
|
|
92
92
|
constructor(xrayJson) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jfrog-xray-mapper.js","sourceRoot":"","sources":["../../src/jfrog-xray-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;
|
|
1
|
+
{"version":3,"file":"jfrog-xray-mapper.js","sourceRoot":"","sources":["../../src/jfrog-xray-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAM0B;AAC1B,8DAAyD;AACzD,2CAAsE;AAGtE,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;CACb,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAG9C,SAAS,MAAM,CAAC,aAAsB;IACpC,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,EAAE,EAAE;QACrC,OAAO,IAAA,6BAAY,EAAC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;KACxE;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAW,CAAC;KAC7C;AACH,CAAC;AACD,SAAS,UAAU,CAAC,aAAsB;IACxC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,EAAE;QACvC,IAAI,CAAC,IAAI,CAAC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;KAC3D;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;QAChC,MAAM,GAAG,GAAG,MAAM,CAAC;QACnB,MAAM,GAAG,GAAG,KAAK,CAAC;QAClB,IAAI,CAAC,IAAI,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;aAClD,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC;aACnB,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CACxB,CAAC;KACH;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AACD,SAAS,cAAc,CAAC,aAAsB;IAC5C,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,KAAK,CAAC;IACjB,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,gBAAgB,CAAC,EAAE;QAC1C,aAAa,CAAC,IAAI,CAChB,oBAAoB,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,gBAAgB,CAAC,EAAE,CAC7D,CAAC;KACH;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KACzC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,wCAAwC,CAAC,EAAE;QAClE,aAAa,CAAC,IAAI,CAChB,yBAAyB,IAAI,CAAC,SAAS,CACrC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,wCAAwC,CAAC,CAC/D,EAAE,CACJ,CAAC;KACH;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;KAC9C;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mCAAmC,CAAC,EAAE;QAC7D,aAAa,CAAC,IAAI,CAChB,oBAAoB,IAAI,CAAC,SAAS,CAChC,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mCAAmC,CAAC,CAC1D,EAAE,CACJ,CAAC;KACH;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;KACzC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE;QACtC,aAAa,CAAC,IAAI,CAAC,gBAAgB,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;KAC1E;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;KACrC;IACD,IAAI,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE;QACpC,aAAa,CAAC,IAAI,CAAC,cAAc,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;KACtE;SAAM;QACL,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KACnC;IACD,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;AACpD,CAAC;AACD,SAAS,eAAe,CAAC,UAAmC;IAC1D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;QAC7B,UAAU,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aACvC;QACH,CAAC,CAAC,CAAC;KACJ;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AACD,SAAS,OAAO,CAAC,UAAmC;IAClD,MAAM,WAAW,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAChD,OAAO,gBAAgB,CAAC,UAAU,CAChC,WAAW,EACX,+CAAsC,CACvC,CAAC;AACJ,CAAC;AAGD,MAAa,eAAgB,SAAQ,8BAAa;IAoEhD,YAAY,QAAgB;QAC1B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QApEpC,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAE;aACd;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE,iBAAiB;oBACxB,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,qDAAqD;oBAC9D,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,MAAM;4BACZ,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,6CAA6C;oCACnD,WAAW,EAAE,OAAO;iCACrB;gCACD,KAAK,EAAE;oCACL,IAAI,EAAE,6CAA6C;oCACnD,WAAW,EAAE,eAAe;iCAC7B;6BACF;4BACD,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,EAAE,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;4BACzB,KAAK,EAAE,EAAC,IAAI,EAAE,SAAS,EAAC;4BACxB,IAAI,EAAE;gCACJ,IAAI,EAAE,iCAAiC;gCACvC,WAAW,EAAE,UAAU;6BACxB;4BACD,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAE;iCACf;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AA5ED,0CA4EC"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ScoutsuiteNistMapping = void 0;
|
|
4
|
+
const global_1 = require("../utils/global");
|
|
4
5
|
const ScoutsuiteNistMappingData_1 = require("./ScoutsuiteNistMappingData");
|
|
5
6
|
const ScoutsuiteNistMappingItem_1 = require("./ScoutsuiteNistMappingItem");
|
|
6
|
-
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
7
7
|
class ScoutsuiteNistMapping {
|
|
8
8
|
constructor() {
|
|
9
9
|
this.data = [];
|
|
@@ -13,7 +13,7 @@ class ScoutsuiteNistMapping {
|
|
|
13
13
|
}
|
|
14
14
|
nistTag(rule) {
|
|
15
15
|
if (rule === '' || rule === undefined) {
|
|
16
|
-
return
|
|
16
|
+
return global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
|
|
17
17
|
}
|
|
18
18
|
else {
|
|
19
19
|
const item = this.data.find((element) => element.rule === rule);
|
|
@@ -21,7 +21,7 @@ class ScoutsuiteNistMapping {
|
|
|
21
21
|
return item.nistId.split('|');
|
|
22
22
|
}
|
|
23
23
|
else {
|
|
24
|
-
return
|
|
24
|
+
return global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScoutsuiteNistMapping.js","sourceRoot":"","sources":["../../../src/mappings/ScoutsuiteNistMapping.ts"],"names":[],"mappings":";;;AAAA,2EAAiD;AACjD,2EAAsE;
|
|
1
|
+
{"version":3,"file":"ScoutsuiteNistMapping.js","sourceRoot":"","sources":["../../../src/mappings/ScoutsuiteNistMapping.ts"],"names":[],"mappings":";;;AAAA,4CAAuE;AACvE,2EAAiD;AACjD,2EAAsE;AAOtE,MAAa,qBAAqB;IAGhC;QACE,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;QAEf,IAAI,KAAK,CAAC,OAAO,CAAC,gCAAI,CAAC,EAAE;YACvB,IAAI,CAAC,IAAI,GAAG,gCAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,qDAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;SACrE;IACH,CAAC;IACD,OAAO,CAAC,IAAY;QAClB,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,KAAK,SAAS,EAAE;YACrC,OAAO,+CAAsC,CAAC;SAC/C;aAAM;YACL,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAChE,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS,EAAE;gBACvC,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aAC/B;iBAAM;gBACL,OAAO,+CAAsC,CAAC;aAC/C;SACF;IACH,CAAC;CACF;AAtBD,sDAsBC"}
|
package/lib/src/nessus-mapper.js
CHANGED
|
@@ -192,7 +192,6 @@ class NessusResults {
|
|
|
192
192
|
const results = [];
|
|
193
193
|
policyName = lodash_1.default.get(this.data, 'NessusClientData_v2.Policy.policyName');
|
|
194
194
|
const preference = lodash_1.default.get(this.data, 'NessusClientData_v2.Policy.Preferences.ServerPreferences.preference');
|
|
195
|
-
console.log(this.data);
|
|
196
195
|
if (Array.isArray(preference)) {
|
|
197
196
|
version =
|
|
198
197
|
lodash_1.default.get(preference.find((element) => {
|
|
@@ -298,9 +297,15 @@ class NessusMapper extends base_converter_1.BaseConverter {
|
|
|
298
297
|
status: { transformer: getStatus },
|
|
299
298
|
code_desc: { transformer: formatCodeDesc },
|
|
300
299
|
message: {
|
|
301
|
-
path: ['plugin_output', 'cm:compliance-actual-value']
|
|
300
|
+
path: ['plugin_output', 'cm:compliance-actual-value'],
|
|
301
|
+
transformer: (value) => {
|
|
302
|
+
if (value === null || value === undefined) {
|
|
303
|
+
return value;
|
|
304
|
+
}
|
|
305
|
+
return String(value);
|
|
306
|
+
}
|
|
302
307
|
},
|
|
303
|
-
run_time: 0,
|
|
308
|
+
run_time: 0.0,
|
|
304
309
|
start_time: {
|
|
305
310
|
path: '$.HostProperties.tag',
|
|
306
311
|
transformer: getStartTime
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nessus-mapper.js","sourceRoot":"","sources":["../../src/nessus-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAO0B;AAC1B,8DAAyD;AACzD,kFAA6E;AAG7E,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,IAAI,EAAE,GAAG,CAAC;IACX,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,GAAG,EAAE,GAAG,CAAC;CACX,CAAC,CAAC;AACH,MAAM,eAAe,GAAG,yBAAyB,CAAC;AAClD,MAAM,gBAAgB,GAAG,qDAAqD,CAAC;AAC/E,MAAM,2BAA2B,GAAG,IAAI,mDAAwB,EAAE,CAAC;AACnE,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,gBAAgB,GAAa,EAAE,CAAC;AAEtC,IAAI,UAAkB,CAAC;AACvB,IAAI,OAAe,CAAC;AAEpB,SAAS,aAAa;IACpB,OAAO,SAAS,GAAG,UAAU,CAAC;AAChC,CAAC;AACD,SAAS,UAAU;IACjB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,KAAK,CAAC,IAAa;IAC1B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KAChC;AACH,CAAC;AACD,SAAS,QAAQ,CAAC,IAAa;IAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,0BAA0B,CAAC,EAAE;QAC3C,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,0BAA0B,CAAC,CAAC;KAChD;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KAClC;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,oBAAoB,CAAC,EAAE;QACrC,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC,CAAC;KACrD;SAAM;QACL,OAAO,IAAA,0BAAS,EAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;KACpC;AACH,CAAC;AACD,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;IAC5D,IAAI,CAAC,IAAI,CAAC,SAAS,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,IAAI,CAAC,aAAa,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AAC/B,CAAC;AACD,SAAS,aAAa,CAAC,IAAa;IAClC,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACnC,OAAO,2BAA2B,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,gBAAgB,CAAC,CAAC;AAC9E,CAAC;AACD,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,WAAW,GAAa,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrD,OAAO,gBAAgB,CAAC,UAAU,CAAC,WAAW,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAW;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AACD,SAAS,SAAS,CAAC,IAAa;IAC9B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,IAAA,8BAAa,EAAC,cAAc,CAAC,CAClC,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CACvD,CAAC;KACH;SAAM;QACL,OAAO,IAAA,8BAAa,EAAC,cAAc,CAAC,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;KAC/D;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,IAAa;IAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,EAAE;QACzC,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC,CAAC;KACzD;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED,SAAS,MAAM,CAAC,IAAa;IAC3B,MAAM,GAAG,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACpC,IAAI,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE;QACxB,OAAO,GAAG,CAAC;KACZ;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,UAAU,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;KACjD;SAAM;QACL,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;KAC5B;AACH,CAAC;AACD,SAAS,MAAM,CAAC,IAAa;IAC3B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC;KACtD;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,MAAM,CAAC,IAAa;IAC3B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KAChC;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,SAAS,CAAC,IAAa;IAC9B,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IACnD,QAAQ,MAAM,EAAE;QACd,KAAK,QAAQ;YACX,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;QAC7C,KAAK,SAAS;YACZ,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;QAC9C,KAAK,OAAO;YACV,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC;QAC5C;YACE,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;KAC9C;AACH,CAAC;AACD,SAAS,cAAc,CAAC,IAAa;IACnC,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE;QAC9B,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,gBAAgB,CAAC,CAAC;KAClE;SAAM;QACL,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,gBAAgB,CAAC,CAAC;KACpE;AACH,CAAC;AACD,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,gBAAC,CAAC,GAAG,CACV,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACnB,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC;QACjD,CAAC,CAAC,EACF,MAAM,CACP,CAAC;KACH;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;KAC3B;AACH,CAAC;AAED,SAAS,SAAS,CAAC,OAAkB;IACnC,MAAM,eAAe,GAAG,OAA6B,CAAC;IACtD,eAAe,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAClC,IAAI,OAAO,YAAY,MAAM,EAAE;YAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC3C,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;aAC5C;YACD,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,EAAE;gBACrC,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;aAC5C;YACD,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE,EAAE;gBACzC,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;aAChD;YACD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,IAAI,OAAO,CAAC,YAAY,KAAK,IAAI,EAAE;gBACvE,OAAO,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAChD,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,CACjD,CAAC;aACH;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,eAAe,CAAC;AACzB,CAAC;AACD,MAAa,aAAa;IAGxB,YAAY,SAAiB;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAA,yBAAQ,EAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,KAAK;QACH,MAAM,OAAO,GAAyB,EAAE,CAAC;QACzC,UAAU,GAAG,gBAAC,CAAC,GAAG,CAChB,IAAI,CAAC,IAAI,EACT,uCAAuC,CAC9B,CAAC;QACZ,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CACtB,IAAI,CAAC,IAAI,EACT,qEAAqE,CACtE,CAAC;QACF,
|
|
1
|
+
{"version":3,"file":"nessus-mapper.js","sourceRoot":"","sources":["../../src/nessus-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAO0B;AAC1B,8DAAyD;AACzD,kFAA6E;AAG7E,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,IAAI,EAAE,GAAG,CAAC;IACX,CAAC,GAAG,EAAE,GAAG,CAAC;IACV,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,GAAG,EAAE,GAAG,CAAC;CACX,CAAC,CAAC;AACH,MAAM,eAAe,GAAG,yBAAyB,CAAC;AAClD,MAAM,gBAAgB,GAAG,qDAAqD,CAAC;AAC/E,MAAM,2BAA2B,GAAG,IAAI,mDAAwB,EAAE,CAAC;AACnE,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,gBAAgB,GAAa,EAAE,CAAC;AAEtC,IAAI,UAAkB,CAAC;AACvB,IAAI,OAAe,CAAC;AAEpB,SAAS,aAAa;IACpB,OAAO,SAAS,GAAG,UAAU,CAAC;AAChC,CAAC;AACD,SAAS,UAAU;IACjB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,KAAK,CAAC,IAAa;IAC1B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KAChC;AACH,CAAC;AACD,SAAS,QAAQ,CAAC,IAAa;IAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,0BAA0B,CAAC,EAAE;QAC3C,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,0BAA0B,CAAC,CAAC;KAChD;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KAClC;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,oBAAoB,CAAC,EAAE;QACrC,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC,CAAC;KACrD;SAAM;QACL,OAAO,IAAA,0BAAS,EAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;KACpC;AACH,CAAC;AACD,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,IAAI,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;IAC5D,IAAI,CAAC,IAAI,CAAC,SAAS,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,IAAI,CAAC,aAAa,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AAC/B,CAAC;AACD,SAAS,aAAa,CAAC,IAAa;IAClC,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACnC,OAAO,2BAA2B,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,gBAAgB,CAAC,CAAC;AAC9E,CAAC;AACD,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,WAAW,GAAa,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrD,OAAO,gBAAgB,CAAC,UAAU,CAAC,WAAW,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAW;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AACD,SAAS,SAAS,CAAC,IAAa;IAC9B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,IAAA,8BAAa,EAAC,cAAc,CAAC,CAClC,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CACvD,CAAC;KACH;SAAM;QACL,OAAO,IAAA,8BAAa,EAAC,cAAc,CAAC,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;KAC/D;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,IAAa;IAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,EAAE;QACzC,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC,CAAC;KACzD;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED,SAAS,MAAM,CAAC,IAAa;IAC3B,MAAM,GAAG,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACpC,IAAI,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE;QACxB,OAAO,GAAG,CAAC;KACZ;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,UAAU,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;KACjD;SAAM;QACL,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;KAC5B;AACH,CAAC;AACD,SAAS,MAAM,CAAC,IAAa;IAC3B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC;KACtD;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,MAAM,CAAC,IAAa;IAC3B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;KAChC;AACH,CAAC;AACD,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE;QAChC,OAAO,QAAQ,CAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KACpE;SAAM;QACL,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AACD,SAAS,SAAS,CAAC,IAAa;IAC9B,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IACnD,QAAQ,MAAM,EAAE;QACd,KAAK,QAAQ;YACX,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;QAC7C,KAAK,SAAS;YACZ,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,OAAO,CAAC;QAC9C,KAAK,OAAO;YACV,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC;QAC5C;YACE,OAAO,mBAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC;KAC9C;AACH,CAAC;AACD,SAAS,cAAc,CAAC,IAAa;IACnC,IAAI,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE;QAC9B,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,gBAAgB,CAAC,CAAC;KAClE;SAAM;QACL,OAAO,IAAA,0BAAS,EAAC,gBAAC,CAAC,GAAG,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,gBAAgB,CAAC,CAAC;KACpE;AACH,CAAC;AACD,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACtB,OAAO,gBAAC,CAAC,GAAG,CACV,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YACnB,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC;QACjD,CAAC,CAAC,EACF,MAAM,CACP,CAAC;KACH;SAAM;QACL,OAAO,gBAAC,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;KAC3B;AACH,CAAC;AAED,SAAS,SAAS,CAAC,OAAkB;IACnC,MAAM,eAAe,GAAG,OAA6B,CAAC;IACtD,eAAe,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAClC,IAAI,OAAO,YAAY,MAAM,EAAE;YAC7B,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC3C,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;aAC5C;YACD,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,EAAE;gBACrC,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;aAC5C;YACD,IAAI,gBAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,KAAK,EAAE,EAAE;gBACzC,OAAO,CAAC,IAAI,GAAG,gBAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;aAChD;YACD,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,IAAI,OAAO,CAAC,YAAY,KAAK,IAAI,EAAE;gBACvE,OAAO,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,MAAM,CAChD,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,CACjD,CAAC;aACH;SACF;IACH,CAAC,CAAC,CAAC;IACH,OAAO,eAAe,CAAC;AACzB,CAAC;AACD,MAAa,aAAa;IAGxB,YAAY,SAAiB;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAA,yBAAQ,EAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,KAAK;QACH,MAAM,OAAO,GAAyB,EAAE,CAAC;QACzC,UAAU,GAAG,gBAAC,CAAC,GAAG,CAChB,IAAI,CAAC,IAAI,EACT,uCAAuC,CAC9B,CAAC;QACZ,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CACtB,IAAI,CAAC,IAAI,EACT,qEAAqE,CACtE,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,OAAO;gBACL,gBAAC,CAAC,GAAG,CACH,UAAU,CAAC,IAAI,CAAC,CAAC,OAAgC,EAAE,EAAE;oBACnD,OAAO,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC;gBACjD,CAAC,CAAC,EACF,OAAO,CACR,IAAI,EAAE,CAAC;SACX;QACD,MAAM,UAAU,GAAG,gBAAC,CAAC,GAAG,CACtB,IAAI,CAAC,IAAI,EACT,uCAAuC,CACxC,CAAC;QACF,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,UAAU,CAAC,OAAO,CAAC,CAAC,OAAgC,EAAE,EAAE;gBACtD,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;gBACxC,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,EAAE;oBACpC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;iBACvC;gBACD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9B,CAAC,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;SAChB;aAAM;YACL,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,UAAqC,CAAC,CAAC;YACvE,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,EAAE;gBACpC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;aACxC;YACD,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;SACvB;IACH,CAAC;IACD,WAAW,CACT,aAA+D;QAE/D,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACrC,CAAC;CACF;AApDD,sCAoDC;AAED,MAAa,YAAa,SAAQ,8BAAa;IA+F7C,YAAY,UAAmC;QAC7C,KAAK,CAAC,UAAU,CAAC,CAAC;QA/FpB,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;aAC1B;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,EAAC,WAAW,EAAE,aAAa,EAAC;oBAClC,OAAO,EAAE,EAAC,WAAW,EAAE,UAAU,EAAC;oBAClC,KAAK,EAAE,EAAC,WAAW,EAAE,aAAa,EAAC;oBACnC,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,EAAC,WAAW,EAAE,aAAa,EAAC;oBACrC,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,gBAAgB,EAAE,SAAS;4BAC3B,IAAI,EAAE,YAAY;4BAClB,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,IAAI,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;gCAC5B,GAAG,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;gCAC1B,GAAG,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;gCAC1B,OAAO,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;gCAC/B,WAAW,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;gCAClC,WAAW,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;gCAClC,uBAAuB,EAAE,EAAC,IAAI,EAAE,yBAAyB,EAAC;gCAC1D,KAAK,EAAE,EAAC,IAAI,EAAE,OAAO,EAAC;gCACtB,gBAAgB,EAAE,EAAC,IAAI,EAAE,kBAAkB,EAAC;gCAC5C,eAAe,EAAE,EAAC,IAAI,EAAE,iBAAiB,EAAC;6BAC3C;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,QAAQ,EAAC;oCAC7B,KAAK,EAAE,OAAO;iCACf;gCACD;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,MAAM,EAAC;oCAC3B,KAAK,EAAE,KAAK;iCACb;6BACF;4BACD,IAAI,EAAE;gCACJ;oCACE,GAAG,EAAE;wCACH,IAAI,EAAE,UAAU;qCACjB;iCACF;6BACF;4BACD,eAAe,EAAE,EAAE;4BACnB,EAAE,EAAE,EAAC,WAAW,EAAE,KAAK,EAAC;4BACxB,KAAK,EAAE,EAAC,WAAW,EAAE,QAAQ,EAAC;4BAC9B,IAAI,EAAE,EAAC,WAAW,EAAE,OAAO,EAAC;4BAC5B,MAAM,EAAE,EAAC,WAAW,EAAE,SAAS,EAAC;4BAChC,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,UAAmB,EAAE,EAAE,CACnC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;6BACtC;4BACD,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,EAAC,WAAW,EAAE,SAAS,EAAC;oCAChC,SAAS,EAAE,EAAC,WAAW,EAAE,cAAc,EAAC;oCACxC,OAAO,EAAE;wCACP,IAAI,EAAE,CAAC,eAAe,EAAE,4BAA4B,CAAC;wCACrD,WAAW,EAAE,CAAC,KAAc,EAAE,EAAE;4CAC9B,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE;gDACzC,OAAO,KAAK,CAAC;6CACd;4CACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;wCACvB,CAAC;qCACF;oCACD,QAAQ,EAAE,GAAG;oCACb,UAAU,EAAE;wCACV,IAAI,EAAE,sBAAsB;wCAC5B,WAAW,EAAE,YAAY;qCAC1B;iCACF;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;CACF;AAlGD,oCAkGC"}
|
|
@@ -10,6 +10,7 @@ const package_json_1 = require("../package.json");
|
|
|
10
10
|
const base_converter_1 = require("./base-converter");
|
|
11
11
|
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
12
12
|
const OwaspNistMapping_1 = require("./mappings/OwaspNistMapping");
|
|
13
|
+
const global_1 = require("./utils/global");
|
|
13
14
|
const IMPACT_MAPPING = new Map([
|
|
14
15
|
['critical', 1.0],
|
|
15
16
|
['high', 0.7],
|
|
@@ -20,7 +21,6 @@ const IMPACT_MAPPING = new Map([
|
|
|
20
21
|
]);
|
|
21
22
|
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
|
|
22
23
|
const OWASP_NIST_MAPPING = new OwaspNistMapping_1.OwaspNistMapping();
|
|
23
|
-
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
24
24
|
function nistTag(classification) {
|
|
25
25
|
let cweTag = lodash_1.default.get(classification, 'cwe');
|
|
26
26
|
if (!Array.isArray(cweTag)) {
|
|
@@ -37,7 +37,7 @@ function nistTag(classification) {
|
|
|
37
37
|
return result;
|
|
38
38
|
}
|
|
39
39
|
else {
|
|
40
|
-
return
|
|
40
|
+
return global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
|
|
41
41
|
}
|
|
42
42
|
}
|
|
43
43
|
function formatControlDesc(vulnerability) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"netsparker-mapper.js","sourceRoot":"","sources":["../../src/netsparker-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAO0B;AAC1B,8DAAyD;AACzD,kEAA6D;
|
|
1
|
+
{"version":3,"file":"netsparker-mapper.js","sourceRoot":"","sources":["../../src/netsparker-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAO0B;AAC1B,8DAAyD;AACzD,kEAA6D;AAC7D,2CAAsE;AAEtE,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,UAAU,EAAE,GAAG,CAAC;IACjB,CAAC,MAAM,EAAE,GAAG,CAAC;IACb,CAAC,QAAQ,EAAE,GAAG,CAAC;IACf,CAAC,KAAK,EAAE,GAAG,CAAC;IACZ,CAAC,eAAe,EAAE,GAAG,CAAC;IACtB,CAAC,aAAa,EAAE,GAAG,CAAC;CACrB,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAC9C,MAAM,kBAAkB,GAAG,IAAI,mCAAgB,EAAE,CAAC;AAElD,SAAS,OAAO,CAAC,cAAuC;IACtD,IAAI,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QAC1B,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;KACnB;IACD,IAAI,QAAQ,GAAG,gBAAC,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;QAC5B,QAAQ,GAAG,CAAC,QAAQ,CAAC,CAAC;KACvB;IACD,MAAM,GAAG,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAkB,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,kBAAkB,CAAC,mBAAmB,CAAC,QAAoB,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;QACvB,OAAO,MAAM,CAAC;KACf;SAAM;QACL,OAAO,+CAAsC,CAAC;KAC/C;AACH,CAAC;AACD,SAAS,iBAAiB,CAAC,aAAsB;IAC/C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,WAAW,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;IACxD,IAAI,WAAW,EAAE;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;KACxB;IACD,MAAM,kBAAkB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IACvE,IAAI,kBAAkB,EAAE;QACtB,IAAI,CAAC,IAAI,CAAC,wBAAwB,kBAAkB,EAAE,CAAC,CAAC;KACzD;IACD,MAAM,gBAAgB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IACnE,IAAI,gBAAgB,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,sBAAsB,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAC5D,KAAK,EACL,IAAI,CACL,EAAE,CACJ,CAAC;KACH;IACD,MAAM,cAAc,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IAC9D,IAAI,cAAc,EAAE;QAClB,IAAI,CAAC,IAAI,CACP,mBAAmB,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CACzE,CAAC;KACH;IACD,MAAM,MAAM,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAC9C,IAAI,MAAM,EAAE;QACV,IAAI,CAAC,IAAI,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;KAChC;IACD,MAAM,aAAa,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,aAAa,EAAE;QACjB,IAAI,CAAC,IAAI,CAAC,kBAAkB,aAAa,EAAE,CAAC,CAAC;KAC9C;IACD,MAAM,YAAY,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE;QAChB,IAAI,CAAC,IAAI,CAAC,iBAAiB,YAAY,EAAE,CAAC,CAAC;KAC5C;IACD,MAAM,SAAS,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE;QACb,IAAI,CAAC,IAAI,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;KACtC;IACD,MAAM,IAAI,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC1C,IAAI,IAAI,EAAE;QACR,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;KAC5B;IACD,MAAM,SAAS,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE;QACb,IAAI,CAAC,IAAI,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;KACtC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AACD,SAAS,WAAW,CAAC,aAAsB;IACzC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,kBAAkB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IACvE,IAAI,kBAAkB,EAAE;QACtB,IAAI,CAAC,IAAI,CAAC,wBAAwB,kBAAkB,EAAE,CAAC,CAAC;KACzD;IACD,MAAM,cAAc,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;IAChE,IAAI,cAAc,EAAE;QAClB,IAAI,CAAC,IAAI,CAAC,qBAAqB,cAAc,EAAE,CAAC,CAAC;KAClD;IACD,OAAO,IAAA,0BAAS,EAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AACtC,CAAC;AACD,SAAS,SAAS,CAAC,aAAsB;IACvC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,eAAe,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;IACjE,IAAI,eAAe,EAAE;QACnB,IAAI,CAAC,IAAI,CAAC,qBAAqB,eAAe,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,iBAAiB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,oBAAoB,CAAC,CAAC;IACrE,IAAI,iBAAiB,EAAE;QACrB,IAAI,CAAC,IAAI,CAAC,uBAAuB,iBAAiB,EAAE,CAAC,CAAC;KACvD;IACD,MAAM,gBAAgB,GAAG,gBAAC,CAAC,GAAG,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IACnE,IAAI,gBAAgB,EAAE;QACpB,IAAI,CAAC,IAAI,CAAC,sBAAsB,gBAAgB,EAAE,CAAC,CAAC;KACrD;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AACD,SAAS,cAAc,CAAC,OAAgB;IACtC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC,IAAI,CAAC,YAAY,gBAAC,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AACD,SAAS,aAAa,CAAC,QAAiB;IACtC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,CAAC,IAAI,CAAC,mBAAmB,gBAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3D,IAAI,CAAC,IAAI,CAAC,cAAc,gBAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,IAAI,CAAC,kBAAkB,gBAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;IAC9D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzB,CAAC;AACD,MAAa,gBAAiB,SAAQ,8BAAa;IA4EjD,YAAY,aAAqB;QAC/B,KAAK,CAAC,IAAA,yBAAQ,EAAC,aAAa,CAAC,CAAC,CAAC;QA5EjC,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,EAAC,IAAI,EAAE,kCAAkC,EAAC;aACtD;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,4BAA4B;oBAClC,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE;wBACL,IAAI,EAAE,8BAA8B;wBACpC,WAAW,EAAE,CAAC,KAAc,EAAU,EAAE;4BACtC,OAAO,kCAAkC,gBAAC,CAAC,GAAG,CAC5C,KAAK,EACL,SAAS,CACV,SAAS,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC;wBAClC,CAAC;qBACF;oBACD,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,4BAA4B;oBACrC,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,qDAAqD;4BAC3D,GAAG,EAAE,IAAI;4BACT,EAAE,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;4BACtB,KAAK,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;4BACrB,IAAI,EAAE,EAAC,WAAW,EAAE,iBAAiB,EAAC;4BACtC,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,IAAA,8BAAa,EAAC,cAAc,CAAC;6BAC3C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,EAAC,IAAI,EAAE,gBAAgB,EAAE,WAAW,EAAE,OAAO,EAAC;6BACrD;4BACD,YAAY,EAAE;gCACZ;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,WAAW,EAAC;oCAChC,KAAK,EAAE,OAAO;iCACf;gCACD;oCACE,IAAI,EAAE,EAAC,WAAW,EAAE,SAAS,EAAC;oCAC9B,KAAK,EAAE,KAAK;iCACb;6BACF;4BACD,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE,EAAE;4BACnB,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE,EAAC,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAC;oCAC9D,OAAO,EAAE,EAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,EAAC;oCAC5D,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAC,IAAI,EAAE,0CAA0C,EAAC;iCAC/D;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AApFD,4CAoFC"}
|
package/lib/src/prisma-mapper.js
CHANGED
|
@@ -8,6 +8,7 @@ const inspecjs_1 = require("inspecjs");
|
|
|
8
8
|
const lodash_1 = __importDefault(require("lodash"));
|
|
9
9
|
const package_json_1 = require("../package.json");
|
|
10
10
|
const base_converter_1 = require("./base-converter");
|
|
11
|
+
const global_1 = require("./utils/global");
|
|
11
12
|
const SEVERITY_LOOKUP = {
|
|
12
13
|
low: 0.3,
|
|
13
14
|
moderate: 0.5,
|
|
@@ -15,7 +16,6 @@ const SEVERITY_LOOKUP = {
|
|
|
15
16
|
important: 0.9,
|
|
16
17
|
critical: 1
|
|
17
18
|
};
|
|
18
|
-
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
19
19
|
const REMEDIATION_NIST_TAG = ['SI-2', 'RA-5'];
|
|
20
20
|
class PrismaControlMapper extends base_converter_1.BaseConverter {
|
|
21
21
|
constructor(prismaControls) {
|
|
@@ -55,7 +55,7 @@ class PrismaControlMapper extends base_converter_1.BaseConverter {
|
|
|
55
55
|
path: 'CVE ID',
|
|
56
56
|
transformer: (cveTag) => {
|
|
57
57
|
if (!cveTag) {
|
|
58
|
-
return
|
|
58
|
+
return global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
|
|
59
59
|
}
|
|
60
60
|
else {
|
|
61
61
|
return REMEDIATION_NIST_TAG;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prisma-mapper.js","sourceRoot":"","sources":["../../src/prisma-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAK0B;
|
|
1
|
+
{"version":3,"file":"prisma-mapper.js","sourceRoot":"","sources":["../../src/prisma-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAK0B;AAC1B,2CAAsE;AAetE,MAAM,eAAe,GAA2B;IAC9C,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,IAAI,EAAE,GAAG;IACT,SAAS,EAAE,GAAG;IACd,QAAQ,EAAE,CAAC;CACZ,CAAC;AAIF,MAAM,oBAAoB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE9C,MAAa,mBAAoB,SAAQ,8BAAa;IA0HpD,YAAY,cAA+B;QACzC,KAAK,CAAC,EAAC,OAAO,EAAE,cAAc,EAAC,CAAC,CAAC;QA1HnC,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,0BAA0B;aACtC;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,6BAA6B;oBACnC,OAAO,EAAE,EAAE;oBACX,KAAK,EAAE,0BAA0B;oBACjC,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,EAAE;oBACX,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,SAAS;4BACf,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE,EAAC,IAAI,EAAE,aAAa,EAAC;4BAC3B,IAAI,EAAE;gCACJ,IAAI,EAAE;oCACJ,IAAI,EAAE,QAAQ;oCACd,WAAW,EAAE,CAAC,MAA0B,EAAE,EAAE;wCAC1C,IAAI,CAAC,MAAM,EAAE;4CACX,OAAO,+CAAsC,CAAC;yCAC/C;6CAAM;4CACL,OAAO,oBAAoB,CAAC;yCAC7B;oCACH,CAAC;iCACF;gCACD,GAAG,EAAE,EAAC,IAAI,EAAE,QAAQ,EAAC;gCACrB,IAAI,EAAE,EAAC,IAAI,EAAE,MAAM,EAAC;6BACrB;4BACD,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,CAAC,EAAC,GAAG,EAAE,EAAC,IAAI,EAAE,oBAAoB,EAAC,EAAC,CAAC;4BAC3C,eAAe,EAAE,EAAC,IAAI,EAAE,UAAU,EAAC;4BACnC,EAAE,EAAE;gCACF,WAAW,EAAE,CAAC,IAAmB,EAAE,EAAE;oCACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE;wCAClB,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;qCACrD;yCAAM;wCACL,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;qCACnE;gCACH,CAAC;6BACF;4BACD,KAAK,EAAE;gCACL,WAAW,EAAE,CAAC,IAAmB,EAAE,EAAE,CACnC,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,EAAE;6BACjD;4BACD,MAAM,EAAE;gCACN,IAAI,EAAE,UAAU;gCAChB,WAAW,EAAE,CAAC,QAAgB,EAAE,EAAE;oCAChC,IAAI,QAAQ,EAAE;wCACZ,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;qCAClC;yCAAM;wCACL,OAAO,GAAG,CAAC;qCACZ;gCACH,CAAC;6BACF;4BACD,IAAI,EAAE;gCACJ,WAAW,EAAE,CAAC,GAAkB,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;6BAClE;4BACD,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE;wCACT,WAAW,EAAE,CAAC,GAAkB,EAAE,EAAE;4CAClC,IAAI,MAAM,GAAG,EAAE,CAAC;4CAChB,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE;gDACxB,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE;oDAC1B,MAAM,IAAI,6BAA6B,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;iDAC1D;6CACF;iDAAM,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE;gDAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE;oDACrB,MAAM,IAAI,2BAA2B,GAAG,CAAC,MAAM,EAAE,CAAC;iDACnD;qDAAM;oDACL,MAAM,IAAI,EAAE,CAAC;iDACd;6CACF;iDAAM;gDACL,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,cAAc,GAAG,CAAC,QAAQ,EAAE,CAAC;6CACnD;4CACD,MAAM,IAAI,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC;4CACnC,OAAO,MAAM,CAAC;wCAChB,CAAC;qCACF;oCACD,OAAO,EAAE;wCACP,WAAW,EAAE,CAAC,GAAkB,EAAE,EAAE;4CAClC,IAAI,MAAM,GAAG,EAAE,CAAC;4CAChB,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,KAAK,KAAK,EAAE,EAAE;gDAChD,MAAM,IAAI,eAAe,GAAG,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,CAAC;6CAC9D;iDAAM,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE;gDACnC,MAAM,IAAI,eAAe,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;6CAC9C;iDAAM,IAAI,GAAG,CAAC,KAAK,KAAK,EAAE,EAAE;gDAC3B,MAAM,IAAI,UAAU,GAAG,CAAC,KAAK,EAAE,CAAC;6CACjC;iDAAM;gDACL,MAAM,IAAI,SAAS,CAAC;6CACrB;4CACD,OAAO,MAAM,CAAC;wCAChB,CAAC;qCACF;oCACD,UAAU,EAAE,EAAC,IAAI,EAAE,WAAW,EAAC;iCAChC;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAIF,CAAC;CACF;AA7HD,kDA6HC;AAED,MAAa,YAAY;IAmBvB,YAAY,SAAiB;QAlB7B,SAAI,GAAoB,EAAE,CAAC;QAmBzB,IAAI,CAAC,IAAI,GAAG,IAAA,yBAAQ,EAAC,SAAS,CAAoB,CAAC;IACrD,CAAC;IAlBD,KAAK;QACH,MAAM,UAAU,GAAyB,EAAE,CAAC;QAC5C,MAAM,kBAAkB,GAAoC,EAAE,CAAC;QAC/D,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAqB,EAAE,EAAE;YAC1C,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBACpC,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,EAAE;YAClE,MAAM,SAAS,GAAG,IAAI,mBAAmB,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC;YAC5D,gBAAC,CAAC,GAAG,CAAC,SAAS,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;YACjD,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QACH,OAAO,UAAU,CAAC;IACpB,CAAC;CAKF;AAtBD,oCAsBC"}
|
package/lib/src/sarif-mapper.js
CHANGED
|
@@ -9,6 +9,7 @@ const lodash_1 = __importDefault(require("lodash"));
|
|
|
9
9
|
const package_json_1 = require("../package.json");
|
|
10
10
|
const base_converter_1 = require("./base-converter");
|
|
11
11
|
const CweNistMapping_1 = require("./mappings/CweNistMapping");
|
|
12
|
+
const global_1 = require("./utils/global");
|
|
12
13
|
const IMPACT_MAPPING = new Map([
|
|
13
14
|
['error', 0.7],
|
|
14
15
|
['warning', 0.5],
|
|
@@ -16,7 +17,6 @@ const IMPACT_MAPPING = new Map([
|
|
|
16
17
|
]);
|
|
17
18
|
const MESSAGE_TEXT = 'message.text';
|
|
18
19
|
const CWE_NIST_MAPPING = new CweNistMapping_1.CweNistMapping();
|
|
19
|
-
const DEFAULT_NIST_TAG = ['SA-11', 'RA-5'];
|
|
20
20
|
function extractCwe(text) {
|
|
21
21
|
let output = text.split('(').slice(-1)[0].slice(0, -2).split(', ');
|
|
22
22
|
if (output.length === 1) {
|
|
@@ -42,7 +42,7 @@ function formatCodeDesc(input) {
|
|
|
42
42
|
function nistTag(text) {
|
|
43
43
|
let identifiers = extractCwe(text);
|
|
44
44
|
identifiers = identifiers.map((element) => element.split('-')[1]);
|
|
45
|
-
return CWE_NIST_MAPPING.nistFilter(identifiers,
|
|
45
|
+
return CWE_NIST_MAPPING.nistFilter(identifiers, global_1.DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS);
|
|
46
46
|
}
|
|
47
47
|
class SarifMapper extends base_converter_1.BaseConverter {
|
|
48
48
|
constructor(sarifJson) {
|
|
@@ -87,8 +87,12 @@ class SarifMapper extends base_converter_1.BaseConverter {
|
|
|
87
87
|
descriptions: [],
|
|
88
88
|
refs: [],
|
|
89
89
|
source_location: {
|
|
90
|
-
|
|
91
|
-
|
|
90
|
+
transformer: (control) => {
|
|
91
|
+
return lodash_1.default.omitBy({
|
|
92
|
+
ref: lodash_1.default.get(control, 'locations[0].physicalLocation.artifactLocation.uri'),
|
|
93
|
+
line: lodash_1.default.get(control, 'locations[0].physicalLocation.region.startLine')
|
|
94
|
+
}, (value) => value === '');
|
|
95
|
+
}
|
|
92
96
|
},
|
|
93
97
|
title: {
|
|
94
98
|
path: MESSAGE_TEXT,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sarif-mapper.js","sourceRoot":"","sources":["../../src/sarif-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAA6E;AAC7E,8DAAyD;
|
|
1
|
+
{"version":3,"file":"sarif-mapper.js","sourceRoot":"","sources":["../../src/sarif-mapper.ts"],"names":[],"mappings":";;;;;;AAAA,uCAAkC;AAClC,oDAAuB;AACvB,kDAAgE;AAChE,qDAA6E;AAC7E,8DAAyD;AACzD,2CAAsE;AAEtE,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC;IAClD,CAAC,OAAO,EAAE,GAAG,CAAC;IACd,CAAC,SAAS,EAAE,GAAG,CAAC;IAChB,CAAC,MAAM,EAAE,GAAG,CAAC;CACd,CAAC,CAAC;AACH,MAAM,YAAY,GAAG,cAAc,CAAC;AACpC,MAAM,gBAAgB,GAAG,IAAI,+BAAc,EAAE,CAAC;AAE9C,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;QACvB,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;KAChE;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AACD,SAAS,aAAa,CAAC,QAAiB;IACtC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;QAChE,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC,IAAI,GAAG,CAAC;KACrE;SAAM;QACL,OAAO,GAAG,CAAC;KACZ;AACH,CAAC;AACD,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,MAAM,CAAC,IAAI,CAAC,SAAS,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,sBAAsB,CAAC,EAAE,CAAC,CAAC;IAC7D,MAAM,CAAC,IAAI,CAAC,UAAU,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAC1D,MAAM,CAAC,IAAI,CAAC,YAAY,gBAAC,CAAC,GAAG,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC9D,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AACD,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IACnC,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,OAAO,gBAAgB,CAAC,UAAU,CAChC,WAAW,EACX,+CAAsC,CACvC,CAAC;AACJ,CAAC;AAED,MAAa,WAAY,SAAQ,8BAAa;IAiG5C,YAAY,SAAiB;QAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAjG/B,aAAQ,GAAqD;YAC3D,QAAQ,EAAE;gBACR,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,sBAAoB;gBAC7B,SAAS,EAAE,4CAA4C;aACxD;YACD,OAAO,EAAE,sBAAoB;YAC7B,UAAU,EAAE;gBACV,QAAQ,EAAE,IAAI;aACf;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,EAAC,IAAI,EAAE,WAAW,EAAC;oBAC5B,KAAK,EAAE,4CAA4C;oBACnD,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,EAAE;oBACX,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,IAAI;oBACf,eAAe,EAAE,IAAI;oBACrB,QAAQ,EAAE,EAAE;oBACZ,UAAU,EAAE,EAAE;oBACd,OAAO,EAAE,EAAE;oBACX,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,SAAS;4BACf,GAAG,EAAE,IAAI;4BACT,IAAI,EAAE;gCACJ,GAAG,EAAE;oCACH,IAAI,EAAE,YAAY;oCAClB,WAAW,EAAE,UAAU;iCACxB;gCACD,IAAI,EAAE,EAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAC;6BACjD;4BACD,YAAY,EAAE,EAAE;4BAChB,IAAI,EAAE,EAAE;4BACR,eAAe,EAAE;gCACf,WAAW,EAAE,CAAC,OAAgB,EAAE,EAAE;oCAChC,OAAO,gBAAC,CAAC,MAAM,CACb;wCACE,GAAG,EAAE,gBAAC,CAAC,GAAG,CACR,OAAO,EACP,oDAAoD,CACrD;wCACD,IAAI,EAAE,gBAAC,CAAC,GAAG,CACT,OAAO,EACP,gDAAgD,CACjD;qCACF,EACD,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,EAAE,CACxB,CAAC;gCACJ,CAAC;6BACF;4BACD,KAAK,EAAE;gCACL,IAAI,EAAE,YAAY;gCAClB,WAAW,EAAE,CAAC,IAAa,EAAU,EAAE;oCACrC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;wCAC5B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;qCAC5B;yCAAM;wCACL,OAAO,EAAE,CAAC;qCACX;gCACH,CAAC;6BACF;4BACD,EAAE,EAAE,EAAC,IAAI,EAAE,QAAQ,EAAC;4BACpB,IAAI,EAAE;gCACJ,IAAI,EAAE,YAAY;gCAClB,WAAW,EAAE,CAAC,IAAa,EAAU,EAAE;oCACrC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;wCAC5B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;qCAC5B;yCAAM;wCACL,OAAO,EAAE,CAAC;qCACX;gCACH,CAAC;6BACF;4BACD,MAAM,EAAE,EAAC,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,EAAC;4BACnD,IAAI,EAAE,EAAE;4BACR,OAAO,EAAE;gCACP;oCACE,MAAM,EAAE,mBAAQ,CAAC,mBAAmB,CAAC,MAAM;oCAC3C,SAAS,EAAE;wCACT,IAAI,EAAE,+BAA+B;wCACrC,WAAW,EAAE,cAAc;qCAC5B;oCACD,QAAQ,EAAE,CAAC;oCACX,UAAU,EAAE,EAAE;iCACf;6BACF;yBACF;qBACF;oBACD,MAAM,EAAE,EAAE;iBACX;aACF;SACF,CAAC;IAGF,CAAC;IACD,WAAW,CACT,cAAgE;QAEhE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;IACpC,CAAC;CACF;AAzGD,kCAyGC"}
|
package/lib/src/snyk-mapper.d.ts
CHANGED
|
@@ -8,7 +8,9 @@ export declare class SnykResults {
|
|
|
8
8
|
setMappings(customMapping: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
9
9
|
}
|
|
10
10
|
export declare class SnykMapper extends BaseConverter {
|
|
11
|
-
mappings: MappedTransform<ExecJSON.Execution
|
|
11
|
+
mappings: MappedTransform<ExecJSON.Execution & {
|
|
12
|
+
passthrough: unknown;
|
|
13
|
+
}, ILookupPath>;
|
|
12
14
|
constructor(snykJson: Record<string, unknown>);
|
|
13
15
|
setMappings(customMappings: MappedTransform<ExecJSON.Execution, ILookupPath>): void;
|
|
14
16
|
}
|