@mitre/inspec-objects 0.0.1 → 0.0.4

package/lib/objects/control.d.ts

@@ -5,11 +5,15 @@ export default class Control {
     code?: string | null;
     desc?: string | null;
     descs?: ExecJSON.ControlDescription[] | {
-        [key: string]: string;
+        [key: string]: string | undefined;
     } | null;
     impact?: number;
     ref?: string;
-    refs?: string[];
+    refs?: (string | {
+        ref?: string;
+        url?: string;
+        uri?: string;
+    })[];
     tags: {
         check?: string;
         fix?: string;
@@ -19,7 +23,7 @@ export default class Control {
         satisfies?: string[];
         rid?: string;
         stig_id?: string;
-        fix_id?: string;
+        fix_id?: string | null;
         cci?: string[];
         cis_controls?: Record<string, string[]>[];
         nist?: string[];

package/lib/objects/control.js

@@ -6,6 +6,8 @@ const flat_1 = require("flat");
 const global_1 = require("../utilities/global");
 class Control {
     constructor(data) {
+        this.tags = {};
+        this.refs = [];
         this.tags = {};
         if (data) {
             Object.entries(data).forEach(([key, value]) => {
@@ -55,7 +57,12 @@ class Control {
         }
         if (this.refs) {
             this.refs.forEach((ref) => {
-                result += `  ref '${(0, global_1.escapeQuotes)(ref)}'\n`;
+                if (typeof ref === 'string') {
+                    result += `  ref '${(0, global_1.escapeQuotes)(ref)}'\n`;
+                }
+                else {
+                    result += `  ref '${(0, global_1.escapeQuotes)(ref.ref || '')}', url: '${(0, global_1.escapeQuotes)(ref.url || '')}'`;
+                }
             });
         }
         Object.entries(this.tags).forEach(([tag, value]) => {

package/lib/parsers/oval.d.ts

@@ -0,0 +1,2 @@
+import { OvalDefinitionValue } from '../types/oval';
+export declare function processOVAL(oval: string): Record<string, OvalDefinitionValue>;

package/lib/parsers/oval.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processOVAL = void 0;
+const xccdf_1 = require("../utilities/xccdf");
+function processOVAL(oval) {
+    const parsed = (0, xccdf_1.convertEncodedXmlIntoJson)(oval);
+    const extractedDefinitions = {};
+    for (const ovalDefinitions of parsed.oval_definitions) {
+        for (const definitionList of ovalDefinitions.definitions) {
+            for (const definition of definitionList.definition) {
+                extractedDefinitions[definition["@_id"]] = definition;
+            }
+        }
+    }
+    return extractedDefinitions;
+}
+exports.processOVAL = processOVAL;

package/lib/parsers/xccdf.d.ts

@@ -1,2 +1,8 @@
 import Profile from '../objects/profile';
-export declare function processXCCDF(xml: string): Profile;
+import { BenchmarkGroup, BenchmarkRule } from '../types/xccdf';
+import { OvalDefinitionValue } from '../types/oval';
+export declare type GroupContextualizedRule = BenchmarkRule & {
+    group: Omit<BenchmarkGroup, 'Rule' | 'Group'>;
+};
+export declare function extractAllRules(groups: BenchmarkGroup[]): GroupContextualizedRule[];
+export declare function processXCCDF(xml: string, removeNewlines?: boolean, ovalDefinitions?: Record<string, OvalDefinitionValue>): Profile;

package/lib/parsers/xccdf.js

@@ -1,67 +1,248 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processXCCDF = void 0;
+exports.processXCCDF = exports.extractAllRules = void 0;
 const tslib_1 = require("tslib");
-const CciNistMappingData_1 = require("@mitre/hdf-converters/lib/src/mappings/CciNistMappingData");
 const profile_1 = tslib_1.__importDefault(require("../objects/profile"));
 const xccdf_1 = require("../utilities/xccdf");
 const control_1 = tslib_1.__importDefault(require("../objects/control"));
 const lodash_1 = tslib_1.__importDefault(require("lodash"));
-function processXCCDF(xml) {
+const CciNistMappingData_1 = require("../mappings/CciNistMappingData");
+function extractAllRules(groups) {
+    const rules = [];
+    groups.forEach((group) => {
+        if (group.Rule) {
+            rules.push(...(group.Rule.map((rule) => {
+                return {
+                    ...rule,
+                    group: lodash_1.default.omit(group, ['Rule', 'Group'])
+                };
+            })));
+        }
+        if (group.Group) {
+            rules.push(...extractAllRules(group.Group));
+        }
+    });
+    return rules;
+}
+exports.extractAllRules = extractAllRules;
+function processXCCDF(xml, removeNewlines = false, ovalDefinitions) {
     const parsedXML = (0, xccdf_1.convertEncodedXmlIntoJson)(xml);
-    const groups = parsedXML.Benchmark.Group;
+    const rules = extractAllRules(parsedXML.Benchmark[0].Group);
     const profile = new profile_1.default({
-        name: parsedXML.Benchmark['@_id'],
-        title: parsedXML.Benchmark.title,
-        summary: parsedXML.Benchmark.description
+        name: parsedXML.Benchmark[0]['@_id'],
+        title: parsedXML.Benchmark[0].title[0]['#text'],
+        summary: parsedXML.Benchmark[0].description[0]['#text']
     });
-    groups.forEach(group => {
-        var _a, _b, _c;
-        const extractedDescription = (0, xccdf_1.convertEncodedHTMLIntoJson)((_a = group.Rule) === null || _a === void 0 ? void 0 : _a.description);
-        const control = new control_1.default({
-            id: group['@_id'],
-            title: group.Rule['@_severity'] ? group.Rule.title : `[[[MISSING SEVERITY FROM STIG]]] ${group.Rule.title}`,
-            desc: (_b = extractedDescription.VulnDiscussion) === null || _b === void 0 ? void 0 : _b.split('Satisfies: ')[0],
-            impact: (0, xccdf_1.severityStringToImpact)(group.Rule['@_severity'] || 'critical'),
-            descs: {
-                check: group.Rule.check['check-content'],
-                fix: group.Rule.fixtext['#text']
-            },
-            tags: lodash_1.default.omitBy({
-                severity: (0, xccdf_1.impactNumberToSeverityString)((0, xccdf_1.severityStringToImpact)(group.Rule['@_severity'] || 'critical')),
-                gtitle: group.title,
-                satisfies: ((_c = extractedDescription.VulnDiscussion) === null || _c === void 0 ? void 0 : _c.includes('Satisfies: ')) && extractedDescription.VulnDiscussion.split('Satisfies: ').length >= 1 ? extractedDescription.VulnDiscussion.split('Satisfies: ')[1].split(',').map(satisfaction => satisfaction.trim()) : undefined,
-                gid: group['@_id'],
-                rid: group.Rule['@_id'],
-                stig_id: group.Rule.version,
-                fix_id: group.Rule.fix['@_id'],
-                false_negatives: extractedDescription.FalseNegatives,
-                false_positives: extractedDescription.FalsePositives,
-                documentable: extractedDescription.Documentable,
-                mitigations: extractedDescription.Mitigations,
-                severity_override_guidance: extractedDescription.SeverityOverrideGuidance,
-                potential_impacts: extractedDescription.PotentialImpacts,
-                third_party_tools: extractedDescription.ThirdPartyTools,
-                mitigation_control: extractedDescription.MitigationControl,
-                mitigation_controls: extractedDescription.MitigationControls,
-                responsibility: extractedDescription.Responsibility,
-                ia_controls: extractedDescription.IAControls
-            }, i => !Boolean(i))
+    rules.forEach(rule => {
+        var _a, _b, _c, _d;
+        let extractedDescription;
+        if (Array.isArray(rule.description)) {
+            extractedDescription = rule.description[0]['#text'];
+        }
+        else {
+            extractedDescription = (0, xccdf_1.convertEncodedHTMLIntoJson)(rule.description);
+        }
+        const control = new control_1.default();
+        control.id = rule['@_id'];
+        if (removeNewlines) {
+            const title = (0, xccdf_1.removeXMLSpecialCharacters)(rule['@_severity'] ? rule.title : `[[[MISSING SEVERITY FROM STIG]]] ${rule.title}`);
+            control.title = title.replace(/\n/g, '{{{{newlineHERE}}}}');
+            const desc = (0, xccdf_1.removeXMLSpecialCharacters)(typeof extractedDescription === 'string' ? extractedDescription : ((_a = extractedDescription.VulnDiscussion) === null || _a === void 0 ? void 0 : _a.split('Satisfies: ')[0]) || 'Missing Description');
+            control.desc = desc === null || desc === void 0 ? void 0 : desc.replace(/\n/g, '{{{{newlineHERE}}}}');
+        }
+        else {
+            control.title = (0, xccdf_1.removeXMLSpecialCharacters)(rule['@_severity'] ? rule.title : `[[[MISSING SEVERITY FROM STIG]]] ${rule.title}`);
+            control.desc = (0, xccdf_1.removeXMLSpecialCharacters)(typeof extractedDescription === 'string' ? extractedDescription : ((_b = extractedDescription.VulnDiscussion) === null || _b === void 0 ? void 0 : _b.split('Satisfies: ')[0]) || 'Missing Description');
+        }
+        control.impact = (0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'critical', rule.group['@_id']);
+        if (!control.descs || Array.isArray(control.descs)) {
+            control.descs = {};
+        }
+        if (rule.check) {
+            if (rule.check.some((ruleValue) => 'check-content' in ruleValue)) {
+                if (removeNewlines) {
+                    const check = (0, xccdf_1.removeXMLSpecialCharacters)(rule.check ? rule.check[0]['check-content'] : 'Missing description');
+                    control.descs.check = check.replace(/\n/g, '{{{{newlineHERE}}}}');
+                }
+                else {
+                    control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(rule.check ? rule.check[0]['check-content'] : 'Missing description');
+                }
+            }
+            else if (rule.check.some((ruleValue) => 'check-content-ref' in ruleValue) && ovalDefinitions) {
+                let referenceID = null;
+                for (const checkContent of rule.check) {
+                    if ('check-content-ref' in checkContent && checkContent['@_system'].includes('oval')) {
+                        for (const checkContentRef of checkContent['check-content-ref']) {
+                            if (checkContentRef['@_name']) {
+                                referenceID = checkContentRef['@_name'];
+                            }
+                        }
+                    }
+                }
+                if (referenceID && referenceID in ovalDefinitions) {
+                    if (removeNewlines) {
+                        const check = (0, xccdf_1.removeXMLSpecialCharacters)(ovalDefinitions[referenceID].metadata[0].title);
+                        control.descs.check = check.replace(/\n/g, '{{{{newlineHERE}}}}');
+                    }
+                    else {
+                        control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(ovalDefinitions[referenceID].metadata[0].title);
+                    }
+                }
+                else if (referenceID) {
+                    console.warn(`Could not find OVAL definition for ${referenceID}`);
+                }
+            }
+        }
+        if (removeNewlines) {
+            const fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext ? rule.fixtext[0]['#text'] : (rule.fix ? rule.fix[0]['#text'] || 'Missing fix text' : 'Missing fix text'));
+            control.descs.fix = fix.replace(/\n/g, '{{{{newlineHERE}}}}');
+        }
+        else {
+            control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext ? rule.fixtext[0]['#text'] : (rule.fix ? rule.fix[0]['#text'] || 'Missing fix text' : 'Missing fix text'));
+        }
+        control.tags.severity = (0, xccdf_1.impactNumberToSeverityString)((0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'critical', control.id));
+        control.tags.gid = rule.group['@_id'],
+            control.tags.rid = rule['@_id'];
+        control.tags.stig_id = rule['version'];
+        if (typeof rule.group.title === "string") {
+            control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(rule.group.title);
+        }
+        else {
+            control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(lodash_1.default.get(rule.group, 'title[0].#text'));
+        }
+        if (rule['fix'] && rule['fix'].length > 0) {
+            control.tags.fix_id = rule['fix'][0]['@_id'];
+        }
+        else {
+            control.tags.fix_id = null;
+        }
+        if (rule['rationale']) {
+            control.tags.rationale = rule['rationale'][0]['#text'];
+        }
+        else {
+            control.tags.rationale = null;
+        }
+        if (typeof extractedDescription === 'object') {
+            control.tags.satisfies = ((_c = extractedDescription.VulnDiscussion) === null || _c === void 0 ? void 0 : _c.includes('Satisfies: ')) && extractedDescription.VulnDiscussion.split('Satisfies: ').length >= 1 ? extractedDescription.VulnDiscussion.split('Satisfies: ')[1].split(',').map(satisfaction => satisfaction.trim()) : undefined;
+            control.tags.false_negatives = extractedDescription.FalseNegatives || undefined;
+            control.tags.false_positives = extractedDescription.FalsePositives || undefined;
+            control.tags.documentable = typeof extractedDescription.Documentable === 'boolean' ? extractedDescription.Documentable : undefined;
+            control.tags.mitigations = extractedDescription.Mitigations || undefined;
+            control.tags.severity_override_guidance = extractedDescription.SeverityOverrideGuidance || undefined;
+            control.tags.potential_impacts = extractedDescription.PotentialImpacts || undefined;
+            control.tags.third_party_tools = extractedDescription.ThirdPartyTools || undefined;
+            control.tags.mitigation_control = extractedDescription.MitigationControl || undefined;
+            control.tags.mitigation_controls = extractedDescription.MitigationControls || undefined;
+            control.tags.responsibility = extractedDescription.Responsibility || undefined;
+            control.tags.ia_controls = extractedDescription.IAControls || undefined;
+        }
+        control.tags = lodash_1.default.mapValues(lodash_1.default.omitBy(control.tags, (value) => value === undefined), (value) => {
+            if (typeof value === 'string') {
+                return (0, xccdf_1.removeXMLSpecialCharacters)(value);
+            }
+            else {
+                return value;
+            }
         });
-        if ('ident' in group.Rule) {
-            const identifiers = Array.isArray(group.Rule.ident) ? group.Rule.ident : [group.Rule.ident];
-            // Grab CCI/NIST/Legacy identifiers
-            identifiers.forEach(identifier => {
+        // Get all identifiers from the rule
+        if (rule.ident) {
+            rule.ident.forEach((identifier) => {
                 var _a, _b, _c;
-                const identifierText = identifier['#text'];
-                if (identifier['@_system'].toLowerCase().endsWith('cci')) {
-                    (_a = control.tags.cci) === null || _a === void 0 ? void 0 : _a.push(identifierText);
-                    if (identifierText in CciNistMappingData_1.data) {
-                        (_b = control.tags.nist) === null || _b === void 0 ? void 0 : _b.push(lodash_1.default.get(CciNistMappingData_1.data, identifierText));
+                // Get CCIs
+                if (identifier['@_system'].toLowerCase().includes('cci')) {
+                    if (!('cci' in control.tags)) {
+                        control.tags.cci = [];
+                    }
+                    (_a = control.tags.cci) === null || _a === void 0 ? void 0 : _a.push(identifier['#text']);
+                }
+                // Get legacy identifiers
+                else if (identifier['@_system'].toLowerCase().includes('legacy')) {
+                    if (!('legacy' in control.tags)) {
+                        control.tags.legacy = [];
+                    }
+                    (_b = control.tags.legacy) === null || _b === void 0 ? void 0 : _b.push(identifier['#text']);
+                }
+                // Get NIST identifiers
+                else if (identifier['@_system'].toLowerCase().includes('nist')) {
+                    if (!('nist' in control.tags)) {
+                        control.tags.nist = [];
                     }
+                    (_c = control.tags.nist) === null || _c === void 0 ? void 0 : _c.push(identifier['#text']);
+                }
+                else {
+                    // console.log('Alert')
+                    // console.log(identifier['@_system'])
+                    // console.log(identifier['#text'])
+                }
+            });
+        }
+        (_d = rule.reference) === null || _d === void 0 ? void 0 : _d.forEach((reference) => {
+            var _a, _b, _c, _d;
+            if (lodash_1.default.get(reference, '@_href') === '') {
+                (_a = control.refs) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(reference, '#text'));
+            }
+            else {
+                try {
+                    const referenceText = lodash_1.default.get(reference, '#text') || '';
+                    const referenceURL = lodash_1.default.get(reference, '@_href') || '';
+                    if (referenceURL) {
+                        const parsedURL = new URL(lodash_1.default.get(reference, '@_href'));
+                        if (parsedURL.protocol.toLowerCase().includes('http') || parsedURL.protocol.toLowerCase().includes('https')) {
+                            (_b = control.refs) === null || _b === void 0 ? void 0 : _b.push({
+                                ref: referenceText,
+                                url: referenceURL
+                            });
+                        }
+                        else {
+                            (_c = control.refs) === null || _c === void 0 ? void 0 : _c.push({
+                                ref: referenceText,
+                                uri: referenceURL
+                            });
+                        }
+                    }
+                    else {
+                        if ('title' in reference) {
+                            (_d = control.refs) === null || _d === void 0 ? void 0 : _d.push(lodash_1.default.get(reference, 'title'));
+                        }
+                    }
+                    // Add the reference to the control tags when seperated by §
+                    if (typeof referenceText === 'string' && referenceText.indexOf('§') !== -1) {
+                        const referenceParts = referenceText.split('§');
+                        if (referenceParts.length == 2) {
+                            let [identifierType, identifier] = referenceText.split('§');
+                            identifierType = identifierType.toLowerCase();
+                            if (!(identifierType in control.tags)) {
+                                control.tags[identifierType] = [identifier];
+                            }
+                            else if (Array.isArray(control.tags[identifierType])) {
+                                control.tags[identifierType] = lodash_1.default.union(control.tags[identifierType], [identifier]);
+                            }
+                            else {
+                                console.warn(`Attempted to push identifier to control tags when identifier already exists: ${identifierType}: ${identifier}`);
+                            }
+                        }
+                        else {
+                            console.warn("Reference parts of invalid length:");
+                            console.log(referenceParts);
+                        }
+                    }
+                }
+                catch (e) {
+                    console.warn(`Error parsing ref for control ${control.id}: `);
+                    console.warn(JSON.stringify(reference, null, 2));
+                    console.warn(e);
+                }
+            }
+        });
+        // Associate any CCIs with NIST tags
+        if (control.tags.cci) {
+            control.tags.cci.forEach((cci) => {
+                var _a;
+                if (!('nist' in control.tags)) {
+                    control.tags.nist = [];
                 }
-                if (identifier['@_system'].toLowerCase().endsWith('legacy')) {
-                    (_c = control.tags.legacy) === null || _c === void 0 ? void 0 : _c.push(identifierText);
+                if (cci in CciNistMappingData_1.data) {
+                    (_a = control.tags.nist) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(CciNistMappingData_1.data, cci));
                 }
             });
         }

package/lib/utilities/diff.d.ts

@@ -1,3 +1,4 @@
 import Profile from '../objects/profile';
 import { ProfileDiff } from '../types/diff';
+export declare function removeNewlines(control?: Record<string, unknown>): Record<string, unknown>;
 export declare function diffProfile(fromProfile: Profile, toProfile: Profile): ProfileDiff;

package/lib/utilities/diff.js

@@ -1,9 +1,24 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.diffProfile = void 0;
+exports.diffProfile = exports.removeNewlines = void 0;
 const tslib_1 = require("tslib");
 const json_diff_1 = require("json-diff");
 const lodash_1 = tslib_1.__importDefault(require("lodash"));
+function removeNewlines(control) {
+    if (!control) {
+        return {};
+    }
+    return lodash_1.default.mapValues(control, (value) => {
+        if (typeof value === 'string') {
+            return value.replace(/\n/g, '{{{{newlineHERE}}}}').trim();
+        }
+        else if (typeof value === 'object' && value !== null) {
+            return removeNewlines(value);
+        }
+        return value;
+    });
+}
+exports.removeNewlines = removeNewlines;
 function diffProfile(fromProfile, toProfile) {
     const profileDiff = {
         addedControlIDs: [],
@@ -14,7 +29,7 @@ function diffProfile(fromProfile, toProfile) {
     const toControlIDs = toProfile.controls.map((control) => control.id).sort();
     // Find new controls
     const controlIDDiff = (0, json_diff_1.diff)(fromControlIDs, toControlIDs);
-    controlIDDiff.forEach((diffValue) => {
+    controlIDDiff === null || controlIDDiff === void 0 ? void 0 : controlIDDiff.forEach((diffValue) => {
         if (diffValue[0] === '-') {
             profileDiff.removedControlIDs.push(diffValue[1]);
         }
@@ -34,13 +49,15 @@ function diffProfile(fromProfile, toProfile) {
         const toControl = toProfile.controls.find((control) => control.id === fromControl.id);
         if (toControl) {
             const controlDiff = (0, json_diff_1.diff)(fromControl, toControl);
+            console.log(controlDiff);
             if (controlDiff) {
                 Object.entries(controlDiff).forEach(([key, value]) => {
+                    console.log(value);
                     if (lodash_1.default.has(value, '__new')) {
                         lodash_1.default.set(profileDiff, 'changedControls.' + fromControl.id + '.' + key.replace('.', '\\.'), lodash_1.default.get(controlDiff, key + '.__new'));
                     }
                     else if (typeof value === 'object') {
-                        Object.entries(value).forEach(([subKey, subValue]) => {
+                        Object.entries(value).forEach(([subKey]) => {
                             lodash_1.default.set(profileDiff, 'changedControls.' + fromControl.id + '.' + key.replace('.', '\\.') + '.' + subKey.replace('.', '\\.'), lodash_1.default.get(controlDiff, key + '.' + subKey + '.__new'));
                         });
                     }

package/lib/utilities/global.d.ts

@@ -4,3 +4,5 @@ declare const escapeQuotes: (s: string) => string;
 declare const escapeDoubleQuotes: (s: string) => string;
 declare const wrapAndEscapeQuotes: (s: string, lineLength?: number) => string;
 export { escapeQuotes, escapeDoubleQuotes, wrapAndEscapeQuotes };
+export declare function getFirstPath(object: Record<string, unknown>, paths: string[]): string;
+export declare function hasPath(file: Record<string, unknown>, path: string | string[]): boolean;

package/lib/utilities/global.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.wrapAndEscapeQuotes = exports.escapeDoubleQuotes = exports.escapeQuotes = exports.unformatText = exports.wrap = void 0;
+exports.hasPath = exports.getFirstPath = exports.wrapAndEscapeQuotes = exports.escapeDoubleQuotes = exports.escapeQuotes = exports.unformatText = exports.wrap = void 0;
+const tslib_1 = require("tslib");
+const lodash_1 = tslib_1.__importDefault(require("lodash"));
 // Breaks lines down to lineLength number of characters
 function wrap(s, lineLength = 80) {
     return s.replace(new RegExp(`(?![^\n]{1,${lineLength}}$)([^\n]{1,${lineLength}})`, "g"), "$1\n");
@@ -16,3 +18,24 @@ const escapeDoubleQuotes = (s) => s.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
 exports.escapeDoubleQuotes = escapeDoubleQuotes;
 const wrapAndEscapeQuotes = (s, lineLength) => escapeDoubleQuotes(wrap(s, lineLength)); // Escape backslashes and quotes, and wrap long lines
 exports.wrapAndEscapeQuotes = wrapAndEscapeQuotes;
+function getFirstPath(object, paths) {
+    const index = lodash_1.default.findIndex(paths, (p) => hasPath(object, p));
+    if (index === -1) {
+        throw new Error(`Attestation is missing one of these paths: ${paths.join(', ')}`);
+    }
+    else {
+        return lodash_1.default.get(object, paths[index]);
+    }
+}
+exports.getFirstPath = getFirstPath;
+function hasPath(file, path) {
+    let pathArray;
+    if (typeof path === 'string') {
+        pathArray = [path];
+    }
+    else {
+        pathArray = path;
+    }
+    return lodash_1.default.some(pathArray, (p) => lodash_1.default.has(file, p));
+}
+exports.hasPath = hasPath;

package/lib/utilities/xccdf.d.ts

@@ -1,5 +1,6 @@
 import { DecodedDescription } from '../types/xccdf';
 export declare function convertEncodedXmlIntoJson(encodedXml: string): any;
-export declare function severityStringToImpact(string: string): number;
+export declare function removeXMLSpecialCharacters(input: string): string;
+export declare function severityStringToImpact(string: string, id: string): number;
 export declare function impactNumberToSeverityString(impact: number): string;
 export declare function convertEncodedHTMLIntoJson(encodedHTML?: string): DecodedDescription;

package/lib/utilities/xccdf.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertEncodedHTMLIntoJson = exports.impactNumberToSeverityString = exports.severityStringToImpact = exports.convertEncodedXmlIntoJson = void 0;
+exports.convertEncodedHTMLIntoJson = exports.impactNumberToSeverityString = exports.severityStringToImpact = exports.removeXMLSpecialCharacters = exports.convertEncodedXmlIntoJson = void 0;
 const tslib_1 = require("tslib");
 const fast_xml_parser_1 = tslib_1.__importDefault(require("fast-xml-parser"));
 const htmlparser = tslib_1.__importStar(require("htmlparser2"));
@@ -8,11 +8,17 @@ const lodash_1 = tslib_1.__importDefault(require("lodash"));
 function convertEncodedXmlIntoJson(encodedXml) {
     return fast_xml_parser_1.default.parse(encodedXml, {
         ignoreAttributes: false,
+        ignoreNameSpace: true,
         attributeNamePrefix: '@_',
+        arrayMode: true
     });
 }
 exports.convertEncodedXmlIntoJson = convertEncodedXmlIntoJson;
-function severityStringToImpact(string) {
+function removeXMLSpecialCharacters(input) {
+    return input.replace(/&amp;/gm, '&').replace(/&lt;/gm, '<').replace(/&gt;/gm, '>');
+}
+exports.removeXMLSpecialCharacters = removeXMLSpecialCharacters;
+function severityStringToImpact(string, id) {
     var _a, _b, _c, _d, _e;
     if ((_a = string.match(/none|na|n\/a|not[\s()*_|]?applicable/i)) === null || _a === void 0 ? void 0 : _a.length) {
         return 0.0;
@@ -29,7 +35,8 @@ function severityStringToImpact(string) {
     if ((_e = string.match(/crit(ical)?|severe/)) === null || _e === void 0 ? void 0 : _e.length) {
         return 1.0;
     }
-    throw new Error(`${string}' is not a valid severity value. It should be one of the approved keywords`);
+    console.log(`${string} is not a valid severity value. It should be one of the approved keywords. ${id} will be treated as medium severity`);
+    return 0.5;
 }
 exports.severityStringToImpact = severityStringToImpact;
 function impactNumberToSeverityString(impact) {