@mitre/inspec-objects 1.0.0 → 2.0.0

package/lib/parsers/json.js

@@ -1,12 +1,21 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processInSpecProfile = exports.processExecJSON = exports.processProfileJSON = exports.processEvaluation = void 0;
+exports.processEvaluation = processEvaluation;
+exports.processProfileJSON = processProfileJSON;
+exports.processExecJSON = processExecJSON;
+exports.processInSpecProfile = processInSpecProfile;
 const tslib_1 = require("tslib");
 const inspecjs_1 = require("inspecjs");
 const lodash_1 = tslib_1.__importDefault(require("lodash"));
 const control_1 = tslib_1.__importStar(require("../objects/control"));
 const profile_1 = tslib_1.__importDefault(require("../objects/profile"));
 const update_1 = require("../utilities/update");
+/**
+ * Processes a contextualized evaluation input and converts it into a Profile object.
+ *
+ * @param evaluationInput - The contextualized evaluation input containing profile and control data.
+ * @returns A Profile object populated with the data from the evaluation input.
+ */
 function processEvaluation(evaluationInput) {
     const topLevelProfile = evaluationInput.contains[0];
     const profile = new profile_1.default({
@@ -32,7 +41,12 @@ function processEvaluation(evaluationInput) {
     });
     return profile;
 }
-exports.processEvaluation = processEvaluation;
+/**
+ * Processes a contextualized profile JSON object and converts it into a Profile instance.
+ *
+ * @param profileInput - The contextualized profile input containing profile data and controls.
+ * @returns A Profile instance populated with the data from the input.
+ */
 function processProfileJSON(profileInput) {
     const profile = new profile_1.default({
         name: profileInput.data.name,
@@ -71,11 +85,29 @@ function processProfileJSON(profileInput) {
     });
     return profile;
 }
-exports.processProfileJSON = processProfileJSON;
+/**
+ * Processes the given ExecJSON execution object and returns a Profile.
+ *
+ * This function takes an ExecJSON execution object, contextualizes the evaluation,
+ * and then processes the evaluation to produce a Profile.
+ *
+ * @param execJSON - The ExecJSON execution object to be processed.
+ * @returns The processed Profile.
+ */
 function processExecJSON(execJSON) {
     return processEvaluation((0, inspecjs_1.contextualizeEvaluation)(execJSON));
 }
-exports.processExecJSON = processExecJSON;
+/**
+ * Processes an InSpec profile from a JSON string.
+ *
+ * This function takes a JSON string representing an InSpec profile, converts it,
+ * and processes it to return a `Profile` object. It handles different versions
+ * of the InSpec JSON format and sorts the controls by their ID.
+ *
+ * @param json - The JSON string representing the InSpec profile.
+ * @returns A `Profile` object containing the processed profile data.
+ * @throws Will throw an error if the JSON string does not match known InSpec formats.
+ */
 function processInSpecProfile(json) {
     const convertedFile = (0, inspecjs_1.convertFile)(json, true);
     let profile = new profile_1.default();
@@ -91,4 +123,3 @@ function processInSpecProfile(json) {
     profile.controls = lodash_1.default.sortBy(profile.controls, 'id');
     return profile;
 }
-exports.processInSpecProfile = processInSpecProfile;

package/lib/parsers/oval.d.ts

@@ -1,3 +1,31 @@
 import { OvalDefinitionValue, DefinitionCriterion } from '../types/oval';
+/**
+ * Extracts all test references from a list of initial criteria.
+ *
+ * This function recursively traverses the provided criteria and extracts
+ * all test references (`@_test_ref`) from each criterion. It returns an
+ * array of all found test references.
+ *
+ * @param initialCriteria - An array of `DefinitionCriterion` objects to extract test references from.
+ * @returns An array of strings containing all extracted test references.
+ */
 export declare function extractAllCriteriaRefs(initialCriteria: DefinitionCriterion[]): string[];
+/**
+ * Processes an OVAL (Open Vulnerability and Assessment Language) XML string and converts it into a JSON object.
+ * Extracts definitions and their associated criteria references and resolved values.
+ * The function performs the following steps:
+ * 1. Converts the OVAL XML string into a JSON object.
+ * 2. Iterates through the OVAL definitions and extracts each definition.
+ * 3. For each definition, extracts criteria references and resolves the associated objects and states.
+ * 4. Logs warnings if any objects or states cannot be found.
+ *
+ * The returned record contains:
+ * - The original definition.
+ * - An array of criteria references.
+ * - An array of resolved values, each containing the original criteria, resolved objects, and resolved states.
+ *
+ * @param {string} [oval] - The OVAL XML string to be processed. If not provided, the function returns `undefined`.
+ * @returns {Record<string, OvalDefinitionValue> | undefined} - A record of extracted definitions with their
+ *  criteria references and resolved values, or `undefined` if no OVAL string is provided.
+ */
 export declare function processOVAL(oval?: string): Record<string, OvalDefinitionValue> | undefined;

package/lib/parsers/oval.js

@@ -1,9 +1,23 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processOVAL = exports.extractAllCriteriaRefs = void 0;
+exports.extractAllCriteriaRefs = extractAllCriteriaRefs;
+exports.processOVAL = processOVAL;
 const xccdf_1 = require("../utilities/xccdf");
 const logging_1 = require("../utilities/logging");
-// https://stackoverflow.com/questions/9133500/how-to-find-a-node-in-a-tree-with-javascript
+/**
+ * Search through all arrays of the tree to find a value from a property
+ * Code provided by:
+ * https://stackoverflow.com/questions/9133500/how-to-find-a-node-in-a-tree-with-javascript
+ *
+ * @param aTree : The tree array
+ * @param fCompair : This function will receive each node. Define based on caller for specific
+                     condition necessary for the match. It must return true if the condition
+                     is matched. Example:
+                        function(oNode){ if(oNode["Name"] === "AA") return true; }
+ * @param bGreedy? : Set to `true` to search all node and not stopping after the first match, default is false
+ * @return An array with references to the nodes for which fCompair was true. In case no node was found an empty array
+ *         will be returned
+*/
 function searchTree(aTree, fCompair, bGreedy) {
     let oNode; // always the current node  
     const aInnerTree = []; // will contain the inner children
@@ -36,6 +50,16 @@ function searchTree(aTree, fCompair, bGreedy) {
     }
     return aReturnNodes;
 }
+/**
+ * Extracts all test references from a list of initial criteria.
+ *
+ * This function recursively traverses the provided criteria and extracts
+ * all test references (`@_test_ref`) from each criterion. It returns an
+ * array of all found test references.
+ *
+ * @param initialCriteria - An array of `DefinitionCriterion` objects to extract test references from.
+ * @returns An array of strings containing all extracted test references.
+ */
 function extractAllCriteriaRefs(initialCriteria) {
     const criteriaRefs = [];
     initialCriteria.forEach(criteria => {
@@ -51,10 +75,27 @@ function extractAllCriteriaRefs(initialCriteria) {
     });
     return criteriaRefs;
 }
-exports.extractAllCriteriaRefs = extractAllCriteriaRefs;
+/**
+ * Processes an OVAL (Open Vulnerability and Assessment Language) XML string and converts it into a JSON object.
+ * Extracts definitions and their associated criteria references and resolved values.
+ * The function performs the following steps:
+ * 1. Converts the OVAL XML string into a JSON object.
+ * 2. Iterates through the OVAL definitions and extracts each definition.
+ * 3. For each definition, extracts criteria references and resolves the associated objects and states.
+ * 4. Logs warnings if any objects or states cannot be found.
+ *
+ * The returned record contains:
+ * - The original definition.
+ * - An array of criteria references.
+ * - An array of resolved values, each containing the original criteria, resolved objects, and resolved states.
+ *
+ * @param {string} [oval] - The OVAL XML string to be processed. If not provided, the function returns `undefined`.
+ * @returns {Record<string, OvalDefinitionValue> | undefined} - A record of extracted definitions with their
+ *  criteria references and resolved values, or `undefined` if no OVAL string is provided.
+ */
 function processOVAL(oval) {
     var _a;
-    const logger = (0, logging_1.createWinstonLogger)();
+    const logger = (0, logging_1.createWinstonLogger)('ts-inspec-objects');
     if (!oval) {
         return undefined;
     }
@@ -114,4 +155,3 @@ function processOVAL(oval) {
     }
     return extractedDefinitions;
 }
-exports.processOVAL = processOVAL;

package/lib/parsers/xccdf.d.ts

@@ -1,11 +1,42 @@
 import Profile from '../objects/profile';
 import { BenchmarkGroup, BenchmarkRule, RuleComplexCheck } from '../types/xccdf';
 import { OvalDefinitionValue } from '../types/oval';
-export declare type GroupContextualizedRule = BenchmarkRule & {
+export type GroupContextualizedRule = BenchmarkRule & {
     group: Omit<BenchmarkGroup, 'Rule' | 'Group'>;
 };
+/**
+ * Extracts all rules from the given benchmark groups, including nested groups.
+ *
+ * @param groups - An array of benchmark groups to extract rules from.
+ * @returns An array of contextualized rules, each rule includes its parent group context.
+ */
 export declare function extractAllRules(groups: BenchmarkGroup[]): GroupContextualizedRule[];
+/**
+ * Extracts all nested complex checks from a given `RuleComplexCheck` object.
+ *
+ * This function recursively traverses the `complex-check` property of the input
+ * `RuleComplexCheck` object and collects all nested complex checks into a flat array.
+ * Each complex check in the resulting array will have its own `complex-check` property omitted.
+ *
+ * @param complexCheck - The `RuleComplexCheck` object to extract complex checks from.
+ * @returns An array of `RuleComplexCheck` objects with the `complex-check` property omitted.
+ */
 export declare function extractAllComplexChecks(complexCheck: RuleComplexCheck): Omit<RuleComplexCheck, 'complex-check'>[];
+export type InputTextLang = {
+    '#text': string;
+    '@_lang': string;
+};
+/**
+ * Processes an XCCDF XML string and converts it into a Profile object.
+ * Note: Moved the newline removal to diff library rather than here.
+ *
+ * @param xml - The XCCDF XML string to process.
+ * @param removeNewlines - A flag indicating whether to remove newlines from the processed data.
+ * @param useRuleId - Specifies the rule ID format to use. Can be 'group', 'rule', 'version', or 'cis'.
+ * @param ovalDefinitions - Optional OVAL definitions to use for resolving values.
+ * @returns A Profile object representing the processed XCCDF data.
+ * @throws Will throw an error if the XCCDF file is not properly formatted or if required data is missing.
+ */
 export declare function processXCCDF(xml: string, removeNewlines: false, useRuleId: 'group' | 'rule' | 'version' | 'cis', ovalDefinitions?: Record<string, OvalDefinitionValue & {
     criteriaRefs?: string[];
     resolvedValues?: any;

package/lib/parsers/xccdf.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processXCCDF = exports.extractAllComplexChecks = exports.extractAllRules = void 0;
+exports.extractAllRules = extractAllRules;
+exports.extractAllComplexChecks = extractAllComplexChecks;
+exports.processXCCDF = processXCCDF;
 const tslib_1 = require("tslib");
 const profile_1 = tslib_1.__importDefault(require("../objects/profile"));
 const xccdf_1 = require("../utilities/xccdf");
@@ -9,6 +11,12 @@ const lodash_1 = tslib_1.__importDefault(require("lodash"));
 const CciNistMappingData_1 = require("../mappings/CciNistMappingData");
 const pretty_1 = tslib_1.__importDefault(require("pretty"));
 const logging_1 = require("../utilities/logging");
+/**
+ * Extracts all rules from the given benchmark groups, including nested groups.
+ *
+ * @param groups - An array of benchmark groups to extract rules from.
+ * @returns An array of contextualized rules, each rule includes its parent group context.
+ */
 function extractAllRules(groups) {
     const rules = [];
     groups.forEach((group) => {
@@ -26,7 +34,16 @@ function extractAllRules(groups) {
     });
     return rules;
 }
-exports.extractAllRules = extractAllRules;
+/**
+ * Extracts all nested complex checks from a given `RuleComplexCheck` object.
+ *
+ * This function recursively traverses the `complex-check` property of the input
+ * `RuleComplexCheck` object and collects all nested complex checks into a flat array.
+ * Each complex check in the resulting array will have its own `complex-check` property omitted.
+ *
+ * @param complexCheck - The `RuleComplexCheck` object to extract complex checks from.
+ * @returns An array of `RuleComplexCheck` objects with the `complex-check` property omitted.
+ */
 function extractAllComplexChecks(complexCheck) {
     const complexChecks = [lodash_1.default.omit(complexCheck, 'complex-check')];
     if (complexCheck['complex-check']) {
@@ -37,13 +54,32 @@ function extractAllComplexChecks(complexCheck) {
     }
     return complexChecks;
 }
-exports.extractAllComplexChecks = extractAllComplexChecks;
-function ensureDecodedXMLStringValue(input) {
-    return lodash_1.default.get(input, '[0].#text') ? lodash_1.default.get(input, '[0].#text') : input;
+/**
+ * Ensures that the input is decoded as an XML string value.
+ *
+ * @param input - The input value which can be either a string or an array of
+ *                InputTextLang objects.
+ * @param defaultValue - The default string value to return if the input is
+ *                       not a string.
+ * @returns The decoded XML string value if the input is a string, otherwise the
+ *          value from the first element of the input array or the default value.
+ */
+function ensureDecodedXMLStringValue(input, defaultValue) {
+    return lodash_1.default.isString(input) ? input : lodash_1.default.get(input, '[0].#text', defaultValue);
 }
-// Moving the newline removal to diff library rather than processXCCDF level
+/**
+ * Processes an XCCDF XML string and converts it into a Profile object.
+ * Note: Moved the newline removal to diff library rather than here.
+ *
+ * @param xml - The XCCDF XML string to process.
+ * @param removeNewlines - A flag indicating whether to remove newlines from the processed data.
+ * @param useRuleId - Specifies the rule ID format to use. Can be 'group', 'rule', 'version', or 'cis'.
+ * @param ovalDefinitions - Optional OVAL definitions to use for resolving values.
+ * @returns A Profile object representing the processed XCCDF data.
+ * @throws Will throw an error if the XCCDF file is not properly formatted or if required data is missing.
+ */
 function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
-    const logger = (0, logging_1.createWinstonLogger)();
+    const logger = (0, logging_1.createWinstonLogger)('ts-inspec-objects');
     const parsedXML = (0, xccdf_1.convertEncodedXmlIntoJson)(xml);
     if (parsedXML.Benchmark === undefined) {
         throw new Error('Could not process the XCCDF file, check the input to make sure this is a properly formatted XCCDF file.');
@@ -85,11 +121,11 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
                 control.id = rule.group['@_id'];
                 break;
             case 'rule':
-                if (rule['@_id'].toLowerCase().startsWith('sv')) {
-                    control.id = rule['@_id'].split('r')[0];
+                if (rule['@_id'][0].toLowerCase().startsWith('sv')) {
+                    control.id = rule['@_id'][0].split('r')[0];
                 }
                 else {
-                    control.id = rule['@_id'];
+                    control.id = rule['@_id'][0];
                 }
                 break;
             case 'version':
@@ -110,7 +146,10 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
             default:
                 throw new Error('useRuleId must be one of "group", "rule", or "version"');
         }
-        control.title = (0, xccdf_1.removeXMLSpecialCharacters)(rule['@_severity'] ? ensureDecodedXMLStringValue(rule.title) : `[[[MISSING SEVERITY FROM BENCHMARK]]] ${ensureDecodedXMLStringValue(rule.title)}`);
+        if (!(lodash_1.default.isArray(rule.title) && rule.title.length === 1)) {
+            throw new Error('Rule title is not an array of length 1. Investigate if the file is in the proper format.');
+        }
+        control.title = (0, xccdf_1.removeXMLSpecialCharacters)(rule['@_severity'] ? ensureDecodedXMLStringValue(rule.title[0], 'undefined title') : `[[[MISSING SEVERITY FROM BENCHMARK]]] ${ensureDecodedXMLStringValue(rule.title[0], 'undefined title')}`);
         if (typeof extractedDescription === 'object' && !Array.isArray(extractedDescription)) {
             control.desc = ((_a = extractedDescription.VulnDiscussion) === null || _a === void 0 ? void 0 : _a.split('Satisfies: ')[0]) || '';
         }
@@ -123,13 +162,13 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
         else {
             logger.warn(`Invalid value for extracted description: ${extractedDescription}`);
         }
-        control.impact = (0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'medium', rule.group['@_id']);
+        control.impact = (0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'medium');
         if (!control.descs || Array.isArray(control.descs)) {
             control.descs = {};
         }
         if (rule.check) {
             if (rule.check.some((ruleValue) => 'check-content' in ruleValue)) {
-                control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(rule.check ? rule.check[0]['check-content'] : 'Missing description');
+                control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(rule.check ? rule.check[0]['check-content'][0] : 'Missing description');
                 control.tags.check_id = rule.check[0]['@_system'];
             }
             else if (rule.check.some((ruleValue) => 'check-content-ref' in ruleValue) && ovalDefinitions) {
@@ -145,7 +184,8 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
                     }
                 }
                 if (referenceID && referenceID in ovalDefinitions) {
-                    control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(ovalDefinitions[referenceID].metadata[0].title);
+                    // May need to further check if ovalDefinitions[referenceID].metadata[0].title[0] are not populated?
+                    control.descs.check = (0, xccdf_1.removeXMLSpecialCharacters)(ovalDefinitions[referenceID].metadata[0].title[0]);
                 }
                 else if (referenceID) {
                     logger.warn(`Could not find OVAL definition for ${referenceID}`);
@@ -164,7 +204,7 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
                     if (complexCheck.check) {
                         complexCheck.check.forEach((check) => {
                             var _a;
-                            if ((_a = check['@_system']) === null || _a === void 0 ? void 0 : _a.toLowerCase().includes('oval')) {
+                            if ((_a = check['@_system']) === null || _a === void 0 ? void 0 : _a.toString().toLowerCase().includes('oval')) {
                                 const ovalReference = check['check-content-ref'][0]['@_name'];
                                 if (!ovalDefinitions) {
                                     logger.warn(`Missing OVAL definitions! Unable to process OVAL reference: ${ovalReference}`);
@@ -203,12 +243,17 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
         if (lodash_1.default.get(rule.fixtext, '[0]["#text"]')) {
             control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext[0]['#text']);
         }
-        else if (typeof rule.fixtext === 'string') {
-            control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext);
+        else if (typeof rule.fixtext === 'undefined') {
+            if (rule.fix && rule.fix[0]) {
+                control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fix[0]['#text'] || 'Missing fix text');
+            }
+        }
+        else if (typeof rule.fixtext[0] === 'string') {
+            control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fixtext[0]);
         }
-        else if (typeof rule.fixtext === 'object') {
-            if (Array.isArray(rule.fixtext)) {
-                control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)((0, pretty_1.default)((0, xccdf_1.convertJsonIntoXML)(rule.fixtext.map((fixtext) => {
+        else if (typeof rule.fixtext[0] === 'object') {
+            if (Array.isArray(rule.fixtext[0])) {
+                control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)((0, pretty_1.default)((0, xccdf_1.convertJsonIntoXML)(rule.fixtext[0].map((fixtext) => {
                     if (fixtext.div) {
                         return fixtext.div;
                     }
@@ -221,23 +266,18 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
                 control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)((0, pretty_1.default)((0, xccdf_1.convertJsonIntoXML)(rule.fixtext)));
             }
         }
-        else if (typeof rule.fixtext === 'undefined') {
-            if (rule.fix && rule.fix[0]) {
-                control.descs.fix = (0, xccdf_1.removeXMLSpecialCharacters)(rule.fix[0]['#text'] || 'Missing fix text');
-            }
-        }
         else {
             control.descs.fix = 'Missing fix text';
         }
-        control.tags.severity = (0, xccdf_1.impactNumberToSeverityString)((0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'medium', control.id || 'Unknown'));
+        control.tags.severity = (0, xccdf_1.impactNumberToSeverityString)((0, xccdf_1.severityStringToImpact)(rule['@_severity'] || 'medium'));
         control.tags.gid = rule.group['@_id'],
             control.tags.rid = rule['@_id'];
         control.tags.stig_id = rule['version'];
-        if (typeof rule.group.title === 'string') {
-            control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(rule.group.title);
+        if (typeof rule.group.title[0] === 'string') {
+            control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(rule.group.title[0]);
         }
         else {
-            control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(lodash_1.default.get(rule.group, 'title[0].#text'));
+            control.tags.gtitle = (0, xccdf_1.removeXMLSpecialCharacters)(lodash_1.default.get(rule.group, 'title[0].#text', 'undefined title'));
         }
         if (rule['fix'] && rule['fix'].length > 0) {
             control.tags.fix_id = rule['fix'][0]['@_id'];
@@ -260,7 +300,15 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
             control.tags.ia_controls = extractedDescription.IAControls || undefined;
         }
         control.tags = lodash_1.default.mapValues(lodash_1.default.omitBy(control.tags, (value) => value === undefined), (value) => {
-            if (typeof value === 'string') {
+            if (value && Array.isArray(value)) {
+                if (Array.isArray(value[0])) {
+                    return (0, xccdf_1.removeXMLSpecialCharacters)(value[0][0]);
+                }
+                else {
+                    return (0, xccdf_1.removeXMLSpecialCharacters)(value[0]);
+                }
+            }
+            else if (typeof value === 'string') {
                 return (0, xccdf_1.removeXMLSpecialCharacters)(value);
             }
             else {
@@ -272,21 +320,21 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
             rule.ident.forEach((identifier) => {
                 var _a, _b, _c;
                 // Get CCIs
-                if (identifier['@_system'].toLowerCase().includes('cci')) {
+                if (identifier['@_system'][0].toLowerCase().includes('cci')) {
                     if (!('cci' in control.tags)) {
                         control.tags.cci = [];
                     }
                     (_a = control.tags.cci) === null || _a === void 0 ? void 0 : _a.push(identifier['#text']);
                 }
                 // Get legacy identifiers
-                else if (identifier['@_system'].toLowerCase().includes('legacy')) {
+                else if (identifier['@_system'][0].toLowerCase().includes('legacy')) {
                     if (!('legacy' in control.tags)) {
                         control.tags.legacy = [];
                     }
                     (_b = control.tags.legacy) === null || _b === void 0 ? void 0 : _b.push(identifier['#text']);
                 }
                 // Get NIST identifiers
-                else if (identifier['@_system'].toLowerCase().includes('nist')) {
+                else if (identifier['@_system'].toString().toLowerCase().includes('nist')) {
                     if (!('nist' in control.tags)) {
                         control.tags.nist = [];
                     }
@@ -297,14 +345,14 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
         (_c = rule.reference) === null || _c === void 0 ? void 0 : _c.forEach((reference) => {
             var _a, _b, _c, _d;
             if (lodash_1.default.get(reference, '@_href') === '') {
-                (_a = control.refs) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(reference, '#text'));
+                (_a = control.refs) === null || _a === void 0 ? void 0 : _a.push(lodash_1.default.get(reference, '#text', 'undefined href'));
             }
             else {
                 try {
                     const referenceText = lodash_1.default.get(reference, '#text') || '';
                     const referenceURL = lodash_1.default.get(reference, '@_href') || '';
                     if (referenceURL) {
-                        const parsedURL = new URL(lodash_1.default.get(reference, '@_href'));
+                        const parsedURL = new URL(lodash_1.default.get(reference, '@_href', 'undefined href'));
                         if (parsedURL.protocol.toLowerCase().includes('http') || parsedURL.protocol.toLowerCase().includes('https')) {
                             (_b = control.refs) === null || _b === void 0 ? void 0 : _b.push({
                                 ref: referenceText,
@@ -341,8 +389,7 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
                             }
                         }
                         else {
-                            logger.warn('Reference parts of invalid length:');
-                            logger.info(referenceParts);
+                            logger.warn('Reference parts of invalid length: ', referenceParts);
                         }
                     }
                 }
@@ -370,4 +417,3 @@ function processXCCDF(xml, removeNewlines, useRuleId, ovalDefinitions) {
     profile.controls = lodash_1.default.sortBy(profile.controls, 'id');
     return profile.toUnformattedObject();
 }
-exports.processXCCDF = processXCCDF;

package/lib/utilities/diff.d.ts

@@ -1,8 +1,50 @@
 import Profile from '../objects/profile';
 import { ProfileDiff } from '../types/diff';
 import winston from 'winston';
+/**
+ * Removes newlines from all string values within a nested object.
+ *
+ * This function recursively traverses the provided object and replaces
+ * newline characters (`\n`) in string values with the placeholder `{{{{newlineHERE}}}}`.
+ * It also trims any leading or trailing whitespace from the string values.
+ *
+ * @param control - The object from which to remove newlines. If not provided,
+ *                  an empty object is returned.
+ * @returns A new object with newlines removed from all string values.
+ */
 export declare function removeNewlines(control?: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Processes a diff object to ignore formatting differences such as whitespace.
+ * Goal is to use a linter for the formatting and compare characters without
+ * whitespaces here.
+ *
+ * The function performs the following:
+ * - If the diff value has a `__new` property, it compares the `__new` and
+ *   `__old` values after removing whitespace. If they are different, it sets
+ *   the result to the `__new` value.
+ * - If the diff value is an array, it maps and filters the array to include
+ *   only the new values.
+ * - If the diff value is an object, it recursively processes the object.
+ * - If the key ends with `__deleted`, it ignores the value.
+ * - Otherwise, it sets the result to the diff value.
+ *
+ * @param diffData - The diff object containing differences to process.
+ * @returns A new object with formatting differences ignored.
+ *
+
+ */
 export declare function ignoreFormattingDiff(diffData: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Computes the differences between two profiles and logs the process.
+ *
+ * @param fromProfile - The original profile to compare from.
+ * @param toProfile   - The target profile to compare to.
+ * @param logger      - The logger instance to use for logging information.
+ *
+ * @returns An object containing two properties:
+ *  - `ignoreFormattingDiff`: The profile differences ignoring formatting changes.
+ *  - `rawDiff`: The raw profile differences.
+ */
 export declare function diffProfile(fromProfile: Profile, toProfile: Profile, logger: winston.Logger): {
     ignoreFormattingDiff: ProfileDiff;
     rawDiff: Record<string, unknown>;