@mitre/hdf-schema 3.0.1 → 3.1.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/LICENSE.md +55 -0
  2. package/README.md +83 -40
  3. package/dist/go/hdf.go +148 -104
  4. package/dist/index.d.ts +26 -1
  5. package/dist/index.js +26 -1
  6. package/dist/schemas/hdf-amendments.schema.json +178 -53
  7. package/dist/schemas/hdf-baseline.schema.json +181 -56
  8. package/dist/schemas/hdf-comparison.schema.json +523 -108
  9. package/dist/schemas/hdf-evidence-package.schema.json +175 -50
  10. package/dist/schemas/hdf-plan.schema.json +181 -56
  11. package/dist/schemas/hdf-results.schema.json +502 -87
  12. package/dist/schemas/hdf-system.schema.json +190 -65
  13. package/dist/ts/hdf-amendments.d.ts +43 -15
  14. package/dist/ts/hdf-amendments.js +18 -7
  15. package/dist/ts/hdf-amendments.ts +44 -15
  16. package/dist/ts/hdf-results.d.ts +91 -37
  17. package/dist/ts/hdf-results.js +40 -20
  18. package/dist/ts/hdf-results.ts +91 -36
  19. package/package.json +44 -45
  20. package/dist/python/hdf_amendments.py +0 -695
  21. package/dist/python/hdf_baseline.py +0 -782
  22. package/dist/python/hdf_comparison.py +0 -1771
  23. package/dist/python/hdf_evidence_package.py +0 -593
  24. package/dist/python/hdf_plan.py +0 -363
  25. package/dist/python/hdf_results.py +0 -2163
  26. package/dist/python/hdf_system.py +0 -904
  27. package/src/schemas/hdf-amendments.schema.json +0 -97
  28. package/src/schemas/hdf-baseline.schema.json +0 -190
  29. package/src/schemas/hdf-comparison.schema.json +0 -107
  30. package/src/schemas/hdf-evidence-package.schema.json +0 -227
  31. package/src/schemas/hdf-plan.schema.json +0 -92
  32. package/src/schemas/hdf-results.schema.json +0 -304
  33. package/src/schemas/hdf-system.schema.json +0 -136
  34. package/src/schemas/primitives/amendments.schema.json +0 -155
  35. package/src/schemas/primitives/common.schema.json +0 -814
  36. package/src/schemas/primitives/comparison.schema.json +0 -809
  37. package/src/schemas/primitives/component.schema.json +0 -518
  38. package/src/schemas/primitives/data-flow.schema.json +0 -158
  39. package/src/schemas/primitives/extensions.schema.json +0 -342
  40. package/src/schemas/primitives/parameter.schema.json +0 -128
  41. package/src/schemas/primitives/plan.schema.json +0 -128
  42. package/src/schemas/primitives/platform.schema.json +0 -32
  43. package/src/schemas/primitives/result.schema.json +0 -133
  44. package/src/schemas/primitives/runner.schema.json +0 -83
  45. package/src/schemas/primitives/statistics.schema.json +0 -71
  46. package/src/schemas/primitives/system.schema.json +0 -132
  47. package/src/schemas/primitives/target.schema.json +0 -523
package/src/schemas/primitives/target.schema.json DELETED
@@ -1,523 +0,0 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/target/v3.0.0",
4
- "title": "HDF Target Primitives",
5
- "description": "Polymorphic target system supporting diverse scan targets from 35+ security tools.",
6
- "$defs": {
7
- "Base_Target": {
8
- "type": "object",
9
- "additionalProperties": true,
10
- "required": [
11
- "type",
12
- "name"
13
- ],
14
- "properties": {
15
- "type": {
16
- "type": "string",
17
- "description": "Target type discriminator."
18
- },
19
- "name": {
20
- "type": "string",
21
- "description": "Human-readable name for this target."
22
- },
23
- "labels": {
24
- "type": "object",
25
- "additionalProperties": {
26
- "type": "string"
27
- },
28
- "description": "Optional key-value labels for flexible grouping. Well-known keys: system, component, environment, region, team. Values must be strings."
29
- }
30
- },
31
- "description": "Base properties shared by all target types.",
32
- "title": "Base Target"
33
- },
34
- "Target": {
35
- "description": "A scan target. Uses discriminated union pattern with 'type' field as discriminator.",
36
- "title": "Target",
37
- "oneOf": [
38
- {
39
- "$ref": "#/$defs/Host_Target"
40
- },
41
- {
42
- "$ref": "#/$defs/Container_Image_Target"
43
- },
44
- {
45
- "$ref": "#/$defs/Container_Instance_Target"
46
- },
47
- {
48
- "$ref": "#/$defs/Container_Platform_Target"
49
- },
50
- {
51
- "$ref": "#/$defs/Cloud_Account_Target"
52
- },
53
- {
54
- "$ref": "#/$defs/Cloud_Resource_Target"
55
- },
56
- {
57
- "$ref": "#/$defs/Repository_Target"
58
- },
59
- {
60
- "$ref": "#/$defs/Application_Target"
61
- },
62
- {
63
- "$ref": "#/$defs/Artifact_Target"
64
- },
65
- {
66
- "$ref": "#/$defs/Network_Target"
67
- },
68
- {
69
- "$ref": "#/$defs/Database_Target"
70
- }
71
- ]
72
- },
73
- "Host_Target": {
74
- "allOf": [
75
- {
76
- "$ref": "#/$defs/Base_Target"
77
- },
78
- {
79
- "type": "object",
80
- "properties": {
81
- "type": {
82
- "const": "host"
83
- },
84
- "fqdn": {
85
- "type": "string",
86
- "format": "hostname",
87
- "description": "Fully qualified domain name."
88
- },
89
- "ipAddress": {
90
- "anyOf": [
91
- {
92
- "type": "string",
93
- "format": "ipv4"
94
- },
95
- {
96
- "type": "string",
97
- "format": "ipv6"
98
- }
99
- ],
100
- "description": "IP address of the host."
101
- },
102
- "macAddress": {
103
- "type": "string",
104
- "pattern": "^([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}$",
105
- "description": "MAC address of the host in colon-separated hexadecimal format (e.g., '00:1A:2B:3C:4D:5E')."
106
- },
107
- "osName": {
108
- "type": "string",
109
- "description": "Operating system name."
110
- },
111
- "osVersion": {
112
- "type": "string",
113
- "description": "Operating system version."
114
- }
115
- }
116
- }
117
- ],
118
- "examples": [
119
- {
120
- "type": "host",
121
- "name": "web-server-01",
122
- "fqdn": "web01.prod.example.com",
123
- "ipAddress": "192.168.1.100",
124
- "macAddress": "00:1A:2B:3C:4D:5E",
125
- "osName": "Ubuntu",
126
- "osVersion": "22.04 LTS"
127
- },
128
- {
129
- "type": "host",
130
- "name": "database-server",
131
- "ipAddress": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
132
- "osName": "Red Hat Enterprise Linux",
133
- "osVersion": "9.2"
134
- }
135
- ],
136
- "description": "A physical or virtual server, workstation, or network device.",
137
- "title": "Host Target"
138
- },
139
- "Container_Image_Target": {
140
- "allOf": [
141
- {
142
- "$ref": "#/$defs/Base_Target"
143
- },
144
- {
145
- "type": "object",
146
- "properties": {
147
- "type": {
148
- "const": "containerImage"
149
- },
150
- "imageId": {
151
- "type": "string",
152
- "description": "Container image ID."
153
- },
154
- "registry": {
155
- "type": "string",
156
- "description": "Container registry. Example: 'docker.io'."
157
- },
158
- "repository": {
159
- "type": "string",
160
- "description": "Repository name. Example: 'library/nginx'."
161
- },
162
- "tag": {
163
- "type": "string",
164
- "description": "Image tag. Example: '1.25'."
165
- },
166
- "digest": {
167
- "type": "string",
168
- "pattern": "^(sha256:[a-f0-9]{64}|sha512:[a-f0-9]{128}|blake3:[a-f0-9]{64})$",
169
- "description": "Image digest for immutable reference. Example: 'sha256:abc123...'. Must be sha256 (64 hex chars), sha512 (128 hex chars), or blake3 (64 hex chars)."
170
- }
171
- }
172
- }
173
- ],
174
- "examples": [
175
- {
176
- "type": "containerImage",
177
- "name": "nginx-webserver",
178
- "registry": "docker.io",
179
- "repository": "library/nginx",
180
- "tag": "1.25-alpine",
181
- "digest": "sha256:a9286defaba7b3a519d585ba0e37d0b2cbee74ebfe590960b0b1d6a5e97d1e1d"
182
- },
183
- {
184
- "type": "containerImage",
185
- "name": "custom-api-service",
186
- "registry": "gcr.io",
187
- "repository": "my-project/api-service",
188
- "tag": "v2.3.1",
189
- "imageId": "sha256:9c27eacc5497"
190
- }
191
- ],
192
- "description": "A static container image (not running).",
193
- "title": "Container Image Target"
194
- },
195
- "Container_Instance_Target": {
196
- "allOf": [
197
- {
198
- "$ref": "#/$defs/Base_Target"
199
- },
200
- {
201
- "type": "object",
202
- "properties": {
203
- "type": {
204
- "const": "containerInstance"
205
- },
206
- "containerId": {
207
- "type": "string",
208
- "description": "Running container ID."
209
- },
210
- "image": {
211
- "type": "string",
212
- "description": "Image the container was started from."
213
- },
214
- "runtime": {
215
- "type": "string",
216
- "description": "Container runtime. Example: 'docker', 'containerd', 'cri-o'."
217
- }
218
- }
219
- }
220
- ],
221
- "description": "A running container instance.",
222
- "title": "Container Instance Target"
223
- },
224
- "Container_Platform_Target": {
225
- "allOf": [
226
- {
227
- "$ref": "#/$defs/Base_Target"
228
- },
229
- {
230
- "type": "object",
231
- "properties": {
232
- "type": {
233
- "const": "containerPlatform"
234
- },
235
- "platformType": {
236
- "type": "string",
237
- "description": "Platform type. Example: 'kubernetes', 'openshift', 'ecs', 'docker-swarm'."
238
- },
239
- "clusterName": {
240
- "type": "string",
241
- "description": "Cluster name."
242
- },
243
- "namespace": {
244
- "type": "string",
245
- "description": "Namespace within the cluster, if applicable."
246
- },
247
- "version": {
248
- "type": "string",
249
- "description": "Platform version."
250
- }
251
- }
252
- }
253
- ],
254
- "description": "A container orchestration platform (Kubernetes, OpenShift, ECS, etc.) or workloads running on it.",
255
- "title": "Container Platform Target"
256
- },
257
- "Cloud_Account_Target": {
258
- "allOf": [
259
- {
260
- "$ref": "#/$defs/Base_Target"
261
- },
262
- {
263
- "type": "object",
264
- "properties": {
265
- "type": {
266
- "const": "cloudAccount"
267
- },
268
- "provider": {
269
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Cloud_Provider",
270
- "description": "Cloud provider."
271
- },
272
- "accountId": {
273
- "type": "string",
274
- "description": "Cloud account identifier. Example: AWS account ID, Azure subscription ID."
275
- },
276
- "region": {
277
- "type": "string",
278
- "description": "Cloud region, if applicable."
279
- }
280
- }
281
- }
282
- ],
283
- "description": "A cloud provider account (AWS account, Azure subscription, GCP project).",
284
- "title": "Cloud Account Target"
285
- },
286
- "Cloud_Resource_Target": {
287
- "allOf": [
288
- {
289
- "$ref": "#/$defs/Base_Target"
290
- },
291
- {
292
- "type": "object",
293
- "properties": {
294
- "type": {
295
- "const": "cloudResource"
296
- },
297
- "provider": {
298
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Cloud_Provider",
299
- "description": "Cloud provider."
300
- },
301
- "resourceType": {
302
- "type": "string",
303
- "description": "Type of cloud resource. Example: 'ec2:instance', 's3:bucket'."
304
- },
305
- "resourceId": {
306
- "type": "string",
307
- "description": "Provider-specific resource identifier."
308
- },
309
- "arn": {
310
- "type": "string",
311
- "description": "Amazon Resource Name (AWS only)."
312
- },
313
- "region": {
314
- "type": "string",
315
- "description": "Cloud region where the resource resides."
316
- }
317
- }
318
- }
319
- ],
320
- "examples": [
321
- {
322
- "type": "cloudResource",
323
- "name": "production-web-server",
324
- "provider": "aws",
325
- "resourceType": "ec2:instance",
326
- "resourceId": "i-0123456789abcdef0",
327
- "arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-0123456789abcdef0",
328
- "region": "us-east-1"
329
- },
330
- {
331
- "type": "cloudResource",
332
- "name": "application-data-bucket",
333
- "provider": "aws",
334
- "resourceType": "s3:bucket",
335
- "resourceId": "my-application-data-bucket",
336
- "arn": "arn:aws:s3:::my-application-data-bucket",
337
- "region": "us-west-2"
338
- },
339
- {
340
- "type": "cloudResource",
341
- "name": "analytics-vm",
342
- "provider": "azure",
343
- "resourceType": "Microsoft.Compute/virtualMachines",
344
- "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/analytics-rg/providers/Microsoft.Compute/virtualMachines/analytics-vm-01",
345
- "region": "eastus"
346
- }
347
- ],
348
- "description": "A specific cloud resource (EC2 instance, S3 bucket, Azure VM, etc.).",
349
- "title": "Cloud Resource Target"
350
- },
351
- "Repository_Target": {
352
- "allOf": [
353
- {
354
- "$ref": "#/$defs/Base_Target"
355
- },
356
- {
357
- "type": "object",
358
- "properties": {
359
- "type": {
360
- "const": "repository"
361
- },
362
- "url": {
363
- "type": "string",
364
- "format": "uri",
365
- "description": "Repository URL."
366
- },
367
- "branch": {
368
- "type": "string",
369
- "description": "Branch that was scanned."
370
- },
371
- "commit": {
372
- "type": "string",
373
- "description": "Commit SHA that was scanned."
374
- }
375
- }
376
- }
377
- ],
378
- "description": "A code repository (for SAST tools).",
379
- "title": "Repository Target"
380
- },
381
- "Application_Target": {
382
- "allOf": [
383
- {
384
- "$ref": "#/$defs/Base_Target"
385
- },
386
- {
387
- "type": "object",
388
- "properties": {
389
- "type": {
390
- "const": "application"
391
- },
392
- "url": {
393
- "type": "string",
394
- "format": "uri",
395
- "description": "Application URL (for DAST tools)."
396
- },
397
- "version": {
398
- "type": "string",
399
- "description": "Application version."
400
- },
401
- "environment": {
402
- "type": "string",
403
- "description": "Environment. Example: 'production', 'staging', 'development'."
404
- }
405
- }
406
- }
407
- ],
408
- "description": "A running application or API (for DAST tools).",
409
- "title": "Application Target"
410
- },
411
- "Artifact_Target": {
412
- "allOf": [
413
- {
414
- "$ref": "#/$defs/Base_Target"
415
- },
416
- {
417
- "type": "object",
418
- "properties": {
419
- "type": {
420
- "const": "artifact"
421
- },
422
- "packageManager": {
423
- "type": "string",
424
- "description": "Package manager. Example: 'npm', 'maven', 'pip', 'nuget'."
425
- },
426
- "packageName": {
427
- "type": "string",
428
- "description": "Package name."
429
- },
430
- "version": {
431
- "type": "string",
432
- "description": "Package version."
433
- },
434
- "checksum": {
435
- "type": "string",
436
- "description": "Package checksum for verification."
437
- }
438
- }
439
- }
440
- ],
441
- "description": "A software artifact or dependency (for SCA tools).",
442
- "title": "Artifact Target"
443
- },
444
- "Network_Target": {
445
- "allOf": [
446
- {
447
- "$ref": "#/$defs/Base_Target"
448
- },
449
- {
450
- "type": "object",
451
- "properties": {
452
- "type": {
453
- "const": "network"
454
- },
455
- "cidr": {
456
- "type": "string",
457
- "description": "Network CIDR block."
458
- },
459
- "gateway": {
460
- "type": "string",
461
- "description": "Network gateway address."
462
- }
463
- }
464
- }
465
- ],
466
- "description": "A network segment or network device.",
467
- "title": "Network Target"
468
- },
469
- "Database_Target": {
470
- "allOf": [
471
- {
472
- "$ref": "#/$defs/Base_Target"
473
- },
474
- {
475
- "type": "object",
476
- "properties": {
477
- "type": {
478
- "const": "database"
479
- },
480
- "engine": {
481
- "type": "string",
482
- "description": "Database engine. Example: 'postgresql', 'mysql', 'oracle', 'mssql'."
483
- },
484
- "version": {
485
- "type": "string",
486
- "description": "Database version."
487
- },
488
- "host": {
489
- "type": "string",
490
- "description": "Database host."
491
- },
492
- "port": {
493
- "type": "integer",
494
- "minimum": 1,
495
- "maximum": 65535,
496
- "description": "Database port."
497
- }
498
- }
499
- }
500
- ],
501
- "examples": [
502
- {
503
- "type": "database",
504
- "name": "production-postgres",
505
- "engine": "postgresql",
506
- "version": "15.3",
507
- "host": "db.prod.example.com",
508
- "port": 5432
509
- },
510
- {
511
- "type": "database",
512
- "name": "analytics-mysql",
513
- "engine": "mysql",
514
- "version": "8.0.34",
515
- "host": "192.168.1.50",
516
- "port": 3306
517
- }
518
- ],
519
- "description": "A database instance.",
520
- "title": "Database Target"
521
- }
522
- }
523
- }