@mitre/inspec-objects 0.0.2 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/mappings/CciNistMappingData.d.ts +5100 -0
- package/lib/mappings/CciNistMappingData.js +5103 -0
- package/lib/objects/control.js +6 -6
- package/lib/parsers/xccdf.d.ts +1 -1
- package/lib/parsers/xccdf.js +62 -16
- package/lib/utilities/CciNistMappingData.d.ts +5100 -0
- package/lib/utilities/CciNistMappingData.js +5103 -0
- package/lib/utilities/diff.d.ts +1 -2
- package/lib/utilities/diff.js +15 -4
- package/lib/utilities/global.d.ts +1 -0
- package/lib/utilities/global.js +34 -2
- package/lib/utilities/xccdf.d.ts +1 -0
- package/lib/utilities/xccdf.js +5 -1
- package/mitre-inspec-objects-v0.0.3.tgz +0 -0
- package/mitre-inspec-objects-v0.0.5.tgz +0 -0
- package/package-lock.json +38 -3415
- package/package.json +4 -4
- package/tsconfig.json +1 -1
- package/error.log +0 -12
- package/mitre-inspec-objects-v0.0.1.tgz +0 -0
- package/src/index.ts +0 -5
- package/src/objects/control.ts +0 -148
- package/src/objects/profile.ts +0 -93
- package/src/parsers/json.ts +0 -92
- package/src/parsers/oval.ts +0 -18
- package/src/parsers/xccdf.ts +0 -222
- package/src/types/diff.d.ts +0 -9
- package/src/types/oval.d.ts +0 -609
- package/src/types/xccdf.d.ts +0 -883
- package/src/utilities/diff.ts +0 -60
- package/src/utilities/global.ts +0 -52
- package/src/utilities/xccdf.ts +0 -115
- package/types/ionchannelAnalysis.d.ts +0 -238
- package/types/ionchannelProjects.d.ts +0 -72
- package/types/ionchannelTeams.d.ts +0 -26
- package/types/reverseMappedXCCDF.d.ts +0 -67
- package/types/splunk-sdk-no-env/index.d.ts +0 -88
package/lib/objects/control.js
CHANGED
|
@@ -28,13 +28,13 @@ class Control {
|
|
|
28
28
|
let result = "# encoding: UTF-8\n\n";
|
|
29
29
|
result += `control "${this.id}" do\n`;
|
|
30
30
|
if (this.title) {
|
|
31
|
-
result += ` title "${(0, global_1.wrapAndEscapeQuotes)(this.title, lineLength)}"\n`;
|
|
31
|
+
result += ` title "${(0, global_1.wrapAndEscapeQuotes)((0, global_1.removeNewlinePlaceholders)(this.title), lineLength)}"\n`;
|
|
32
32
|
}
|
|
33
33
|
else {
|
|
34
34
|
console.error(`${this.id} does not have a title`);
|
|
35
35
|
}
|
|
36
36
|
if (this.desc) {
|
|
37
|
-
result += ` desc "${(0, global_1.wrapAndEscapeQuotes)(this.desc, lineLength)}"\n`;
|
|
37
|
+
result += ` desc "${(0, global_1.wrapAndEscapeQuotes)((0, global_1.removeNewlinePlaceholders)(this.desc), lineLength)}"\n`;
|
|
38
38
|
}
|
|
39
39
|
else {
|
|
40
40
|
console.error(`${this.id} does not have a desc`);
|
|
@@ -42,7 +42,7 @@ class Control {
|
|
|
42
42
|
if (this.descs) {
|
|
43
43
|
Object.entries(this.descs).forEach(([key, desc]) => {
|
|
44
44
|
if (desc) {
|
|
45
|
-
result += ` desc "${key}", "${(0, global_1.wrapAndEscapeQuotes)(desc, lineLength)}"\n`;
|
|
45
|
+
result += ` desc "${key}", "${(0, global_1.wrapAndEscapeQuotes)((0, global_1.removeNewlinePlaceholders)(desc), lineLength)}"\n`;
|
|
46
46
|
}
|
|
47
47
|
else {
|
|
48
48
|
console.error(`${this.id} does not have a desc for the value ${key}`);
|
|
@@ -58,10 +58,10 @@ class Control {
|
|
|
58
58
|
if (this.refs) {
|
|
59
59
|
this.refs.forEach((ref) => {
|
|
60
60
|
if (typeof ref === 'string') {
|
|
61
|
-
result += ` ref '${(0, global_1.escapeQuotes)(ref)}'\n`;
|
|
61
|
+
result += ` ref '${(0, global_1.escapeQuotes)((0, global_1.removeNewlinePlaceholders)(ref))}'\n`;
|
|
62
62
|
}
|
|
63
63
|
else {
|
|
64
|
-
result += ` ref '${(0, global_1.escapeQuotes)(ref.ref || '')}', url: '${(0, global_1.escapeQuotes)(ref.url || '')}'`;
|
|
64
|
+
result += ` ref '${(0, global_1.escapeQuotes)((0, global_1.removeNewlinePlaceholders)(ref.ref || ''))}', url: '${(0, global_1.escapeQuotes)((0, global_1.removeNewlinePlaceholders)(ref.url || ''))}'`;
|
|
65
65
|
}
|
|
66
66
|
});
|
|
67
67
|
}
|
|
@@ -84,7 +84,7 @@ class Control {
|
|
|
84
84
|
}
|
|
85
85
|
}
|
|
86
86
|
else if (typeof value === "string") {
|
|
87
|
-
result += ` tag ${tag}: "${(0, global_1.wrapAndEscapeQuotes)(value, lineLength)}"\n`;
|
|
87
|
+
result += ` tag ${tag}: "${(0, global_1.wrapAndEscapeQuotes)((0, global_1.removeNewlinePlaceholders)(value), lineLength)}"\n`;
|
|
88
88
|
}
|
|
89
89
|
}
|
|
90
90
|
});
|
package/lib/parsers/xccdf.d.ts
CHANGED
|
@@ -5,4 +5,4 @@ export declare type GroupContextualizedRule = BenchmarkRule & {
|
|
|
5
5
|
group: Omit<BenchmarkGroup, 'Rule' | 'Group'>;
|
|
6
6
|
};
|
|
7
7
|
export declare function extractAllRules(groups: BenchmarkGroup[]): GroupContextualizedRule[];
|
|
8
|
-
export declare function processXCCDF(xml: string, ovalDefinitions?: Record<string, OvalDefinitionValue>): Profile;
|
|
8
|
+
export declare function processXCCDF(xml: string, removeNewlines: boolean | undefined, useRuleId: 'group' | 'rule' | 'version', ovalDefinitions?: Record<string, OvalDefinitionValue>): Profile;
|
package/lib/parsers/xccdf.js
CHANGED
|
@@ -6,7 +6,7 @@ const profile_1 = tslib_1.__importDefault(require("../objects/profile"));
|
|
|
6
6
|
const xccdf_1 = require("../utilities/xccdf");
|
|
7
7
|
const control_1 = tslib_1.__importDefault(require("../objects/control"));
|
|
8
8
|
const lodash_1 = tslib_1.__importDefault(require("lodash"));
|
|
9
|
-
const
|
|
9
|
+
const CciNistMappingData_1 = require("../mappings/CciNistMappingData");
|
|
10
10
|
function extractAllRules(groups) {
|
|
11
11
|
const rules = [];
|
|
12
12
|
groups.forEach((group) => {
|
|
@@ -25,7 +25,7 @@ function extractAllRules(groups) {
|
|
|
25
25
|
return rules;
|
|
26
26
|
}
|
|
27
27
|
exports.extractAllRules = extractAllRules;
|
|
28
|
-
function processXCCDF(xml, ovalDefinitions) {
|
|
28
|
+
function processXCCDF(xml, removeNewlines = false, useRuleId, ovalDefinitions) {
|
|
29
29
|
const parsedXML = (0, xccdf_1.convertEncodedXmlIntoJson)(xml);
|
|
30
30
|
const rules = extractAllRules(parsedXML.Benchmark[0].Group);
|
|
31
31
|
const profile = new profile_1.default({
|
|
@@ -34,7 +34,7 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
34
34
|
summary: parsedXML.Benchmark[0].description[0]['#text']
|
|
35
35
|
});
|
|
36
36
|
rules.forEach(rule => {
|
|
37
|
-
var _a, _b, _c;
|
|
37
|
+
var _a, _b, _c, _d;
|
|
38
38
|
let extractedDescription;
|
|
39
39
|
if (Array.isArray(rule.description)) {
|
|
40
40
|
extractedDescription = rule.description[0]['#text'];
|
|
@@ -43,16 +43,43 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
43
43
|
extractedDescription = (0, xccdf_1.convertEncodedHTMLIntoJson)(rule.description);
|
|
44
44
|
}
|
|
45
45
|
const control = new control_1.default();
|
|
46
|
-
control.id = rule
|
|
47
|
-
|
|
48
|
-
|
|
46
|
+
control.id = rule['@_id'];
|
|
47
|
+
switch (useRuleId) {
|
|
48
|
+
case 'group':
|
|
49
|
+
control.id = rule.group['@_id'];
|
|
50
|
+
break;
|
|
51
|
+
case 'rule':
|
|
52
|
+
control.id = rule['@_id'];
|
|
53
|
+
break;
|
|
54
|
+
case 'version':
|
|
55
|
+
control.id = rule.version;
|
|
56
|
+
break;
|
|
57
|
+
default:
|
|
58
|
+
throw new Error('useRuleId must be one of "group", "rule", or "version"');
|
|
59
|
+
}
|
|
60
|
+
if (removeNewlines) {
|
|
61
|
+
const title = (0, xccdf_1.removeXMLSpecialCharacters)(rule['@_severity'] ? rule.title : `[[[MISSING SEVERITY FROM STIG]]] ${rule.title}`);
|
|
62
|
+
control.title = title.replace(/\n/g, '{{{{newlineHERE}}}}');
|
|
63
|
+
const desc = (0, xccdf_1.removeXMLSpecialCharacters)(typeof extractedDescription === 'string' ? extractedDescription : ((_a = extractedDescription.VulnDiscussion) === null || _a === void 0 ? void 0 : _a.split('Satisfies: ')[0]) || 'Missing Description');
|
|
64
|
+
control.desc = desc === null || desc === void 0 ? void 0 : desc.replace(/\n/g, '{{{{newlineHERE}}}}');
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
control.title = (0, xccdf_1.removeXMLSpecialCharacters)(rule['@_severity'] ? rule.title : `[[[MISSING SEVERITY FROM STIG]]] ${rule.title}`);
|
|
68
|
+
control.desc = (0, xccdf_1.removeXMLSpecialCharacters)(typeof extractedDescription === 'string' ? extractedDescription : ((_b = extractedDescription.VulnDiscussion) === null || _b === void 0 ? void 0 : _b.split('Satisfies: ')[0]) || 'Missing Description');
|
|
69
|
+
}
|
|
49
70
|
control.impact = (0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'critical', rule.group['@_id']);
|
|
50
71
|
if (!control.descs || Array.isArray(control.descs)) {
|
|
51
72
|
control.descs = {};
|
|
52
73
|
}
|
|
53
74
|
if (rule.check) {
|
|
54
75
|
if (rule.check.some((ruleValue) => 'check-content' in ruleValue)) {
|
|
55
|
-
|
|
76
|
+
if (removeNewlines) {
|
|
77
|
+
const check = (0, xccdf_1.removeXMLSpecialCharacters)(rule.check ? rule.check[0]['check-content'] : 'Missing description');
|
|
78
|
+
control.descs.check = check.replace(/\n/g, '{{{{newlineHERE}}}}');
|
|
79
|
+
}
|
|
80
|
+
else {
|
|
81
|
+
control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(rule.check ? rule.check[0]['check-content'] : 'Missing description');
|
|
82
|
+
}
|
|
56
83
|
}
|
|
57
84
|
else if (rule.check.some((ruleValue) => 'check-content-ref' in ruleValue) && ovalDefinitions) {
|
|
58
85
|
let referenceID = null;
|
|
@@ -66,23 +93,35 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
66
93
|
}
|
|
67
94
|
}
|
|
68
95
|
if (referenceID && referenceID in ovalDefinitions) {
|
|
69
|
-
|
|
96
|
+
if (removeNewlines) {
|
|
97
|
+
const check = (0, xccdf_1.removeXMLSpecialCharacters)(ovalDefinitions[referenceID].metadata[0].title);
|
|
98
|
+
control.descs.check = check.replace(/\n/g, '{{{{newlineHERE}}}}');
|
|
99
|
+
}
|
|
100
|
+
else {
|
|
101
|
+
control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(ovalDefinitions[referenceID].metadata[0].title);
|
|
102
|
+
}
|
|
70
103
|
}
|
|
71
104
|
else if (referenceID) {
|
|
72
105
|
console.warn(`Could not find OVAL definition for ${referenceID}`);
|
|
73
106
|
}
|
|
74
107
|
}
|
|
75
108
|
}
|
|
76
|
-
|
|
109
|
+
if (removeNewlines) {
|
|
110
|
+
const fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext ? rule.fixtext[0]['#text'] : (rule.fix ? rule.fix[0]['#text'] || 'Missing fix text' : 'Missing fix text'));
|
|
111
|
+
control.descs.fix = fix.replace(/\n/g, '{{{{newlineHERE}}}}');
|
|
112
|
+
}
|
|
113
|
+
else {
|
|
114
|
+
control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext ? rule.fixtext[0]['#text'] : (rule.fix ? rule.fix[0]['#text'] || 'Missing fix text' : 'Missing fix text'));
|
|
115
|
+
}
|
|
77
116
|
control.tags.severity = (0, xccdf_1.impactNumberToSeverityString)((0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'critical', control.id));
|
|
78
117
|
control.tags.gid = rule.group['@_id'],
|
|
79
118
|
control.tags.rid = rule['@_id'];
|
|
80
119
|
control.tags.stig_id = rule['version'];
|
|
81
120
|
if (typeof rule.group.title === "string") {
|
|
82
|
-
control.tags.gtitle = rule.group.title;
|
|
121
|
+
control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(rule.group.title);
|
|
83
122
|
}
|
|
84
123
|
else {
|
|
85
|
-
control.tags.gtitle = lodash_1.default.get(rule.group, 'title[0].#text');
|
|
124
|
+
control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(lodash_1.default.get(rule.group, 'title[0].#text'));
|
|
86
125
|
}
|
|
87
126
|
if (rule['fix'] && rule['fix'].length > 0) {
|
|
88
127
|
control.tags.fix_id = rule['fix'][0]['@_id'];
|
|
@@ -97,7 +136,7 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
97
136
|
control.tags.rationale = null;
|
|
98
137
|
}
|
|
99
138
|
if (typeof extractedDescription === 'object') {
|
|
100
|
-
control.tags.satisfies = ((
|
|
139
|
+
control.tags.satisfies = ((_c = extractedDescription.VulnDiscussion) === null || _c === void 0 ? void 0 : _c.includes('Satisfies: ')) && extractedDescription.VulnDiscussion.split('Satisfies: ').length >= 1 ? extractedDescription.VulnDiscussion.split('Satisfies: ')[1].split(',').map(satisfaction => satisfaction.trim()) : undefined;
|
|
101
140
|
control.tags.false_negatives = extractedDescription.FalseNegatives || undefined;
|
|
102
141
|
control.tags.false_positives = extractedDescription.FalsePositives || undefined;
|
|
103
142
|
control.tags.documentable = typeof extractedDescription.Documentable === 'boolean' ? extractedDescription.Documentable : undefined;
|
|
@@ -110,7 +149,14 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
110
149
|
control.tags.responsibility = extractedDescription.Responsibility || undefined;
|
|
111
150
|
control.tags.ia_controls = extractedDescription.IAControls || undefined;
|
|
112
151
|
}
|
|
113
|
-
control.tags = lodash_1.default.omitBy(control.tags, (value) => value === undefined)
|
|
152
|
+
control.tags = lodash_1.default.mapValues(lodash_1.default.omitBy(control.tags, (value) => value === undefined), (value) => {
|
|
153
|
+
if (typeof value === 'string') {
|
|
154
|
+
return (0, xccdf_1.removeXMLSpecialCharacters)(value);
|
|
155
|
+
}
|
|
156
|
+
else {
|
|
157
|
+
return value;
|
|
158
|
+
}
|
|
159
|
+
});
|
|
114
160
|
// Get all identifiers from the rule
|
|
115
161
|
if (rule.ident) {
|
|
116
162
|
rule.ident.forEach((identifier) => {
|
|
@@ -143,7 +189,7 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
143
189
|
}
|
|
144
190
|
});
|
|
145
191
|
}
|
|
146
|
-
(
|
|
192
|
+
(_d = rule.reference) === null || _d === void 0 ? void 0 : _d.forEach((reference) => {
|
|
147
193
|
var _a, _b, _c, _d;
|
|
148
194
|
if (lodash_1.default.get(reference, '@_href') === '') {
|
|
149
195
|
(_a = control.refs) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(reference, '#text'));
|
|
@@ -208,8 +254,8 @@ function processXCCDF(xml, ovalDefinitions) {
|
|
|
208
254
|
if (!('nist' in control.tags)) {
|
|
209
255
|
control.tags.nist = [];
|
|
210
256
|
}
|
|
211
|
-
if (cci in
|
|
212
|
-
(_a = control.tags.nist) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(
|
|
257
|
+
if (cci in CciNistMappingData_1.data) {
|
|
258
|
+
(_a = control.tags.nist) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(CciNistMappingData_1.data, cci));
|
|
213
259
|
}
|
|
214
260
|
});
|
|
215
261
|
}
|