@mitre/inspec-objects 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +9 -0
- package/README.md +20 -0
- package/lib/index.d.ts +5 -0
- package/lib/index.js +8 -0
- package/lib/objects/control.d.ts +42 -0
- package/lib/objects/control.js +88 -0
- package/lib/objects/profile.d.ts +50 -0
- package/lib/objects/profile.js +48 -0
- package/lib/parsers/json.d.ts +6 -0
- package/lib/parsers/json.js +80 -0
- package/lib/parsers/xccdf.d.ts +2 -0
- package/lib/parsers/xccdf.js +73 -0
- package/lib/utilities/diff.d.ts +3 -0
- package/lib/utilities/diff.js +53 -0
- package/lib/utilities/global.d.ts +6 -0
- package/lib/utilities/global.js +18 -0
- package/lib/utilities/xccdf.d.ts +5 -0
- package/lib/utilities/xccdf.js +103 -0
- package/mitre-inspec-objects-v0.0.1.tgz +0 -0
- package/package-lock.json +11247 -0
- package/package.json +53 -0
- package/src/index.ts +5 -0
- package/src/objects/control.ts +137 -0
- package/src/objects/profile.ts +93 -0
- package/src/parsers/json.ts +92 -0
- package/src/parsers/xccdf.ts +74 -0
- package/src/types/diff.d.ts +9 -0
- package/src/types/xccdf.d.ts +126 -0
- package/src/utilities/diff.ts +54 -0
- package/src/utilities/global.ts +23 -0
- package/src/utilities/xccdf.ts +110 -0
- package/test/sample_data/inspec/profiles/redhat-enterprise-linux-7-stig-baseline/spec/fixtures/kitchen/manifests/site.pp +29 -0
- package/test/sample_data/inspec/profiles/redhat-enterprise-linux-7-stig-baseline/spec/fixtures/kitchen/modules/garbage/.gitignore +0 -0
- package/test/sample_data/inspec/profiles/redhat-enterprise-linux-7-stig-baseline/spec/results/.gitkeep +0 -0
- package/tsconfig.build.json +5 -0
- package/tsconfig.json +21 -0
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
import parser from 'fast-xml-parser'
|
|
2
|
+
import * as htmlparser from 'htmlparser2'
|
|
3
|
+
import _ from 'lodash'
|
|
4
|
+
import { DecodedDescription } from '../types/xccdf'
|
|
5
|
+
|
|
6
|
+
export function convertEncodedXmlIntoJson(
|
|
7
|
+
encodedXml: string,
|
|
8
|
+
): any {
|
|
9
|
+
return parser.parse(encodedXml, {
|
|
10
|
+
ignoreAttributes: false,
|
|
11
|
+
attributeNamePrefix: '@_',
|
|
12
|
+
})
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
export function severityStringToImpact(string: string): number {
|
|
16
|
+
if (string.match(/none|na|n\/a|not[\s()*_|]?applicable/i)?.length) {
|
|
17
|
+
return 0.0
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
if (string.match(/low|cat(egory)?\s*(iii|3)/i)?.length) {
|
|
21
|
+
return 0.3
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
if (string.match(/med(ium)?|cat(egory)?\s*(ii|2)/)?.length) {
|
|
25
|
+
return 0.5
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
if (string.match(/high|cat(egory)?\s*(i|1)/)?.length) {
|
|
29
|
+
return 0.7
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
if (string.match(/crit(ical)?|severe/)?.length) {
|
|
33
|
+
return 1.0
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
throw new Error(`${string}' is not a valid severity value. It should be one of the approved keywords`)
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
export function impactNumberToSeverityString(impact: number): string {
|
|
40
|
+
// Impact must be 0.0 - 1.0
|
|
41
|
+
if (impact < 0.0 || impact > 1.0) {
|
|
42
|
+
throw new Error('Impact cannot be less than 0.0 or greater than 1.0')
|
|
43
|
+
} else {
|
|
44
|
+
if (impact >= 0.9) {
|
|
45
|
+
return 'critical'
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
if (impact >= 0.7) {
|
|
49
|
+
return 'high'
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
if (impact >= 0.4) {
|
|
53
|
+
return 'medium'
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
if (impact >= 0.1) {
|
|
57
|
+
return 'low'
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
return 'none'
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
export function convertEncodedHTMLIntoJson(encodedHTML?: string): DecodedDescription {
|
|
65
|
+
if (encodedHTML) {
|
|
66
|
+
// Some STIGs regarding XSS put the < character inside of the description which breaks parsing
|
|
67
|
+
const patchedHTML = encodedHTML.replace(/"<"/g, '[[[REPLACE_LESS_THAN]]]')
|
|
68
|
+
|
|
69
|
+
const xmlChunks: string[] = []
|
|
70
|
+
const htmlParser = new htmlparser.Parser({
|
|
71
|
+
ontext(text: string) {
|
|
72
|
+
xmlChunks.push(text)
|
|
73
|
+
},
|
|
74
|
+
})
|
|
75
|
+
htmlParser.write(patchedHTML)
|
|
76
|
+
htmlParser.end()
|
|
77
|
+
const converted = convertEncodedXmlIntoJson(xmlChunks.join(''))
|
|
78
|
+
let cleaned: Record<string, string | boolean | undefined> = {}
|
|
79
|
+
|
|
80
|
+
if (typeof converted.VulnDiscussion === 'object') { // Some STIGs have xml tags inside of the actual text which breaks processing, e.g U_ASD_STIG_V5R1_Manual-xccdf.xml and all Oracle Database STIGs
|
|
81
|
+
let extractedVulnDescription = ''
|
|
82
|
+
const remainingFields = _.omit(converted.VulnDiscussion, ['FalsePositives', 'FalseNegatives', 'Documentable', 'Mitigations', 'SeverityOverrideGuidance', 'PotentialImpacts', 'ThirdPartyTools', 'MitigationControl', 'Responsibility', 'IAControls'])
|
|
83
|
+
Object.entries(remainingFields).forEach(([field, value]) => {
|
|
84
|
+
extractedVulnDescription += `<${field}> ${value}`
|
|
85
|
+
})
|
|
86
|
+
cleaned = {
|
|
87
|
+
VulnDiscussion: extractedVulnDescription.replace(/\[\[\[REPLACE_LESS_THAN]]]/, '"<"'),
|
|
88
|
+
}
|
|
89
|
+
Object.entries(converted.VulnDiscussion).forEach(([key, value]) => {
|
|
90
|
+
if (typeof value === 'string') {
|
|
91
|
+
cleaned[key] = value.replace(/\[\[\[REPLACE_LESS_THAN]]]/, '"<"')
|
|
92
|
+
} else {
|
|
93
|
+
cleaned[key] = (value as boolean)
|
|
94
|
+
}
|
|
95
|
+
})
|
|
96
|
+
} else {
|
|
97
|
+
Object.entries(converted).forEach(([key, value]) => {
|
|
98
|
+
if (typeof value === 'string') {
|
|
99
|
+
cleaned[key] = value.replace(/\[\[\[REPLACE_LESS_THAN]]]/, '"<"')
|
|
100
|
+
} else {
|
|
101
|
+
cleaned[key] = (value as boolean)
|
|
102
|
+
}
|
|
103
|
+
})
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
return cleaned
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
return {}
|
|
110
|
+
}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
package { 'screen':
|
|
2
|
+
ensure => 'installed',
|
|
3
|
+
tag => 'V-71897'
|
|
4
|
+
}
|
|
5
|
+
|
|
6
|
+
Package {
|
|
7
|
+
ensure => 'installed'
|
|
8
|
+
}
|
|
9
|
+
$mfa = ['esc','pam_pkcs11','authconfig-gtk']
|
|
10
|
+
package {
|
|
11
|
+
$mfa: tag => 'V-72417'
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
sysctl { 'net.ipv4.conf.all.accept_redirects':
|
|
15
|
+
ensure => present,
|
|
16
|
+
value => '0',
|
|
17
|
+
tag => 'V-73175'
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
sysctl { 'net.ipv6.conf.all.accept_source_route':
|
|
21
|
+
ensure => present,
|
|
22
|
+
value => '0',
|
|
23
|
+
tag => 'V-72319'
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
package { 'sssd':
|
|
27
|
+
ensure => 'installed',
|
|
28
|
+
tag => 'V-72427'
|
|
29
|
+
}
|
|
File without changes
|
|
File without changes
|
package/tsconfig.json
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
{
|
|
2
|
+
"compilerOptions": {
|
|
3
|
+
"module": "commonjs",
|
|
4
|
+
"moduleResolution": "node",
|
|
5
|
+
"noImplicitAny": true,
|
|
6
|
+
"resolveJsonModule": true,
|
|
7
|
+
"declaration": true,
|
|
8
|
+
"importHelpers": true,
|
|
9
|
+
"esModuleInterop": true,
|
|
10
|
+
"outDir": "lib",
|
|
11
|
+
"rootDir": "src",
|
|
12
|
+
"strict": true,
|
|
13
|
+
"target": "es2019",
|
|
14
|
+
"types": ["node", "jest"]
|
|
15
|
+
},
|
|
16
|
+
"include": [
|
|
17
|
+
"index.ts",
|
|
18
|
+
"src/**/*"
|
|
19
|
+
],
|
|
20
|
+
}
|
|
21
|
+
|