@mitre/inspec-objects 1.0.0 → 2.0.0

package/lib/utilities/update.js

@@ -2,13 +2,39 @@
 // Utilities to update a profile or control with new metadata
 // The ultimate goal is to preserve all the metadata that is already there and only add what is new
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.updateProfileUsingXCCDF = exports.updateProfile = exports.updateControl = exports.findUpdatedControlByAllIdentifiers = exports.getExistingDescribeFromControl = void 0;
+exports.getExistingDescribeFromControl = getExistingDescribeFromControl;
+exports.findUpdatedControlByAllIdentifiers = findUpdatedControlByAllIdentifiers;
+exports.updateControl = updateControl;
+exports.updateControlDescribeBlock = updateControlDescribeBlock;
+exports.updateProfile = updateProfile;
+exports.updateProfileUsingXCCDF = updateProfileUsingXCCDF;
 const tslib_1 = require("tslib");
 const lodash_1 = tslib_1.__importDefault(require("lodash"));
 const diff_1 = require("./diff");
+const control_1 = tslib_1.__importDefault(require("../objects/control"));
 const profile_1 = tslib_1.__importDefault(require("../objects/profile"));
 const xccdf_1 = require("../parsers/xccdf");
 const diffMarkdown_1 = require("./diffMarkdown");
+/**
+ * Projects values from the source object onto the destination object,
+ * updating the destination object in place.
+ *
+ * @param dst - The destination object to be updated.
+ * @param src - The source object containing new values.
+ * @param currentPath - The current path being processed (used for nested objects).
+ * @returns The updated destination object.
+ *
+ * @remarks
+ * - If a value in the source object is an object and the corresponding value
+ *   in the destination object is also an object, the function will recursively
+ *   update the nested object.
+ * - If a value in the source object is a string, it will be trimmed before
+ *   being set in the destination object.
+ * - If a value in the source object is a number, it will be directly set in
+ *   the destination object.
+ * - If a value in the source object is an array, the function will merge it with
+ *   the corresponding array in the destination object, ensuring unique values.
+ */
 function projectValuesOntoExistingObj(dst, src, currentPath = '') {
     for (const updatedValue in src) {
         const existingValue = lodash_1.default.get(dst, updatedValue);
@@ -31,28 +57,32 @@ function projectValuesOntoExistingObj(dst, src, currentPath = '') {
     }
     return dst;
 }
+/**
+ * Returns an array containing two numerical indices (i.e., start and stop
+ * line numbers) for each string or multi-line comment, given raw text as
+ * an input parameter. The raw text is a string containing the entirety of an
+ * InSpec control.
+ *
+ * The function utilizes a pair of stacks (i.e., `stack`, `rangeStack`) to keep
+ * track of string delimiters and their associated line numbers, respectively.
+ *
+ * Combinations Handled:
+ * - Single quotes (')
+ * - Double quotes (")
+ * - Back ticks (`)
+ * - Mixed quotes ("`'")
+ * - Percent strings (%; keys: q, Q, r, i, I, w, W, x; delimiters: (), {},
+ *   [], <>, most non-alphanumeric characters); (e.g., "%q()")
+ * - Percent literals (%; delimiters: (), {}, [], <>, most non-
+ *   alphanumeric characters); (e.g., "%()")
+ * - Multi-line comments (e.g., =begin\nSome comment\n=end)
+ * - Variable delimiters (i.e., parenthesis: (); array: []; hash: {})
+ *
+ * @param text - The raw text containing the entirety of an InSpec control.
+ * @returns An array of arrays, each containing two numerical indices representing
+ * the start and stop line numbers for each string or multi-line comment.
+ */
 function getRangesForLines(text) {
-    /*
-      Returns an array containing two numerical indices (i.e., start and stop
-      line numbers) for each string or multi-line comment, given raw text as
-      an input parameter. The raw text is a string containing the entirety of an
-      InSpec control.
-  
-      Algorithm utilizes a pair of stacks (i.e., `stack`, `rangeStack`) to keep
-      track of string delimiters and their associated line numbers, respectively.
-  
-      Combinations Handled:
-      - Single quotes (')
-      - Double quotes (")
-      - Back ticks (`)
-      - Mixed quotes ("`'")
-      - Percent strings (%; keys: q, Q, r, i, I, w, W, x; delimiters: (), {},
-        [], <>, most non-alphanumeric characters); (e.g., "%q()")
-      - Percent literals (%; delimiters: (), {}, [], <>, most non-
-        alphanumeric characters); (e.g., "%()")
-      - Multi-line comments (e.g., =begin\nSome comment\n=end)
-      - Variable delimiters (i.e., parenthesis: (); array: []; hash: {})
-    */
     const stringDelimiters = { '(': ')', '{': '}', '[': ']', '<': '>' };
     const variableDelimiters = { '(': ')', '{': '}', '[': ']' };
     const quotes = '\'"`';
@@ -145,11 +175,17 @@ function getRangesForLines(text) {
     }
     return ranges;
 }
+/**
+ * Joins lines of text from specified ranges and returns an array of strings.
+ * Each range is specified by a start and stop index, and the lines within
+ * those ranges are joined together.
+ *
+ * @param text - The raw text input to be processed.
+ * @param ranges - An array of ranges, where each range is a tuple containing
+ *                 the start and stop indices (inclusive) of the lines to be joined.
+ * @returns An array of strings, where lines within the specified ranges are joined.
+ */
 function joinMultiLineStringsFromRanges(text, ranges) {
-    /*
-      Returns an array of strings and joined strings at specified ranges, given
-      raw text as an input parameter.
-    */
     const originalLines = text.split('\n');
     const joinedLines = [];
     let i = 0;
@@ -170,11 +206,16 @@ function joinMultiLineStringsFromRanges(text, ranges) {
     }
     return joinedLines;
 }
+/**
+ * Filters out ranges that span only a single line. There is,
+ * drops ranges with the same start and stop line numbers (i.e., strings
+ * that populate a single line)
+ *
+ * @param ranges - An array of ranges, where each range is represented by a
+ *                 tuple of start and stop line numbers.
+ * @returns An array of ranges that span multiple lines.
+ */
 function getMultiLineRanges(ranges) {
-    /*
-      Drops ranges with the same start and stop line numbers (i.e., strings
-      that populate a single line)
-    */
     const multiLineRanges = [];
     for (const [start, stop] of ranges) {
         if (start !== stop) {
@@ -183,10 +224,15 @@ function getMultiLineRanges(ranges) {
     }
     return multiLineRanges;
 }
-/*
-  This is the most likely thing to break if you are getting code formatting issues.
-  Extract the existing describe blocks (what is actually run by inspec for validation)
-*/
+/**
+ * This is the most likely thing to break if you are getting code formatting issues.
+ *
+ * Extracts the `describe` block (what is actually run by inspec for validation)
+ * from an InSpec control object, collapsing multi-line strings.
+ *
+ * @param control - The InSpec control object containing the code to extract the `describe` block from.
+ * @returns The extracted `describe` block as a string, or an empty string if the control has no code.
+ */
 function getExistingDescribeFromControl(control) {
     if (control.code) {
         // Join multi-line strings in InSpec control.
@@ -214,17 +260,32 @@ function getExistingDescribeFromControl(control) {
             }
         }
         // Return synthesized logic as describe block
-        return describeBlock.slice(0, describeBlock.lastIndexOf('end')).join('\n'); // Drop trailing ['end', '\n'] from Control block.
+        const lastIndex = (describeBlock.lastIndexOf('end') === -1)
+            ? describeBlock.lastIndexOf('end\r')
+            : describeBlock.lastIndexOf('end');
+        // Drop trailing ['end', '\n'] from Control block.
+        return describeBlock.slice(0, lastIndex).join('\n');
     }
     else {
         return '';
     }
 }
-exports.getExistingDescribeFromControl = getExistingDescribeFromControl;
+/**
+ * Finds an updated control from a list of updated controls by matching all possible identifiers.
+ *
+ * This function attempts to find a matching control in the `updatedControls` array by comparing
+ * the `id` of the `existingControl` with the `id` of each control in the `updatedControls` array.
+ * If no match is found based on `id`, it then tries to match based on legacy identifiers found
+ * in the `tags.legacy` property of each control in the `updatedControls` array.
+ *
+ * @param existingControl - The control to find a match for in the updated controls.
+ * @param updatedControls - An array of updated controls to search through.
+ * @returns The matching updated control if found, otherwise `undefined`.
+ */
 function findUpdatedControlByAllIdentifiers(existingControl, updatedControls) {
     // Try to match based on IDs
     let updatedControl = updatedControls.find((updatedControl) => {
-        return updatedControl.id.toLowerCase() === existingControl.id.toLowerCase();
+        return updatedControl.id[0].toLowerCase() === existingControl.id[0].toLowerCase();
     });
     if (updatedControl) {
         return updatedControl;
@@ -242,7 +303,14 @@ function findUpdatedControlByAllIdentifiers(existingControl, updatedControls) {
     }
     return undefined;
 }
-exports.findUpdatedControlByAllIdentifiers = findUpdatedControlByAllIdentifiers;
+/**
+ * Updates a given control object with the provided partial update and logs the process.
+ *
+ * @param {Control} from - The original control object to be updated.
+ * @param {Partial<Control>} update - An object containing the properties to update in the original control.
+ * @param {winston.Logger} logger - A logger instance to log debug information.
+ * @returns {Control} - The updated control object.
+ */
 function updateControl(from, update, logger) {
     const existingDescribeBlock = getExistingDescribeFromControl(from);
     logger.debug(`Existing describe block for control ${from.id}: ${JSON.stringify(existingDescribeBlock)}`);
@@ -250,7 +318,31 @@ function updateControl(from, update, logger) {
     projectedControl.describe = existingDescribeBlock;
     return projectedControl;
 }
-exports.updateControl = updateControl;
+/**
+ * Updates the describe block of a control with the describe block from another control.
+ *
+ * @param from - The control from which to get the existing describe block.
+ * @param update - The partial control data to update.
+ * @param logger - The logger instance to use for logging debug information.
+ * @returns The updated control with the describe block from the `from` control.
+ */
+function updateControlDescribeBlock(from, update, logger) {
+    const existingDescribeBlock = getExistingDescribeFromControl(from);
+    logger.debug(`Updating control ${update.id} with this describe block: ${JSON.stringify(existingDescribeBlock)}`);
+    const projectedControl = new control_1.default(update);
+    projectedControl.describe = existingDescribeBlock;
+    return projectedControl;
+}
+/**
+ * Updates a given profile with new metadata and controls from another profile.
+ *
+ * @param from - The original profile to be updated.
+ * @param using - The profile containing the new metadata and controls.
+ * @param logger - A winston logger instance for logging debug information.
+ * @returns An object containing the updated profile and the diff between the original and updated profiles, excluding markdown.
+ *
+ * @throws Will throw an error if a new control is added but the control data is not available.
+ */
 function updateProfile(from, using, logger) {
     // Update the profile with the new metadata
     const to = new profile_1.default(lodash_1.default.omit(from, 'controls'));
@@ -285,9 +377,8 @@ function updateProfile(from, using, logger) {
         diff,
     };
 }
-exports.updateProfile = updateProfile;
 function updateProfileUsingXCCDF(from, using, id, logger, ovalDefinitions) {
-    logger.debug(`Updating profile ${from.name} with control IDs: ${id}`);
+    logger.info(`Updating profile ${from.name} with control IDs type: ${id}`);
     // Parse the XCCDF benchmark and convert it into a Profile
     logger.debug('Loading XCCDF File');
     const xccdfProfile = (0, xccdf_1.processXCCDF)(using, false, id, ovalDefinitions);
@@ -305,4 +396,3 @@ function updateProfileUsingXCCDF(from, using, id, logger, ovalDefinitions) {
         markdown: markdown
     };
 }
-exports.updateProfileUsingXCCDF = updateProfileUsingXCCDF;

package/lib/utilities/xccdf.d.ts

@@ -1,7 +1,88 @@
 import { DecodedDescription } from '../types/xccdf';
+/**
+ * Converts an encoded XML string into a JSON object.
+ *
+ * @param encodedXml - The encoded XML string to be converted.
+ * @returns The JSON representation of the XML string.
+ *
+ * @remarks
+ * This function uses the `fast-xml-parser` library to parse the XML string.
+ * The parser options are configured to:
+ * - Not ignore attributes.
+ * - Remove namespace prefixes.
+ * - Prefix attribute names with '@_'.
+ * - Stop parsing at 'div' and 'p' nodes.
+ * - Treat all nodes as arrays.
+ *
+ * For more details on the parser options, see the documentation for the v4 or v5 version of the library:
+ * {@link https://github.com/NaturalIntelligence/fast-xml-parser/tree/master/docs/v4}
+ */
 export declare function convertEncodedXmlIntoJson(encodedXml: string): any;
+/**
+ * Converts a JSON object into an XML string.
+ *
+ * @param data - The JSON object to be converted.
+ * @returns The XML string representation of the JSON object.
+ */
 export declare function convertJsonIntoXML(data: any): string;
+/**
+ * Removes XML special characters from a given string.
+ *
+ * This function decodes any XML special characters in the input string
+ * and returns the decoded result.
+ *
+ * @param str - The input string containing XML special characters.
+ * @returns The decoded string with XML special characters removed.
+ */
 export declare function removeXMLSpecialCharacters(str: string): string;
-export declare function severityStringToImpact(string: string, id: string): number;
+/**
+ * Converts a severity string to a numerical impact value.
+ *
+ * The function matches the input string against various regular expressions
+ * to determine the corresponding impact value:
+ * - "none", "na", "n/a", "not applicable" (case insensitive) -> 0.0
+ * - "low", "category iii", "category 3" (case insensitive) -> 0.3
+ * - "medium", "category ii", "category 2" -> 0.5
+ * - "high", "category i", "category 1" -> 0.7
+ * - "critical", "severe" -> 1.0
+ *
+ * If no match is found, the default impact value is 0.5.
+ *
+ * @param string - The severity string to be converted.
+ * @returns The numerical impact value corresponding to the severity string.
+ */
+export declare function severityStringToImpact(string: string): number;
+/**
+ * Converts an impact number to a severity string.
+ *
+ * @param impact - A number representing the impact, which must be between 0.0 and 1.0 inclusive.
+ * @returns A string representing the severity level:
+ * - 'critical' for impact >= 0.9
+ * - 'high' for impact >= 0.7
+ * - 'medium' for impact >= 0.4
+ * - 'low' for impact >= 0.1
+ * - 'none' for impact < 0.1
+ * @throws {Error} If the impact is less than 0.0 or greater than 1.0.
+ */
 export declare function impactNumberToSeverityString(impact: number): string;
+/**
+ * Converts an encoded HTML string into a JSON object, handling specific edge
+ * cases related to XSS and XML tags.
+ *
+ * This function performs the following steps:
+ * 1. Replaces occurrences of `"&lt;"` with a placeholder to avoid
+ *    breaking parsing.
+ * 2. Parses the patched HTML to extract text chunks.
+ * 3. Converts the extracted text chunks into JSON.
+ * 4. Cleans the converted JSON by replacing placeholders with the original
+ *    characters and handling nested objects.
+ *
+ * Note: This function specifically addresses issues found in certain
+ *       STIGs (Security Technical Implementation Guides) where XML tags are
+ *       embedded within text fields.
+ *
+ * @param encodedHTML - The encoded HTML string to be converted.
+ *                      If not provided, an empty object is returned.
+ * @returns A `DecodedDescription` object containing the converted JSON data.
+ */
 export declare function convertEncodedHTMLIntoJson(encodedHTML?: string): DecodedDescription;

package/lib/utilities/xccdf.js

@@ -1,51 +1,118 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.convertEncodedHTMLIntoJson = exports.impactNumberToSeverityString = exports.severityStringToImpact = exports.removeXMLSpecialCharacters = exports.convertJsonIntoXML = exports.convertEncodedXmlIntoJson = void 0;
+exports.convertEncodedXmlIntoJson = convertEncodedXmlIntoJson;
+exports.convertJsonIntoXML = convertJsonIntoXML;
+exports.removeXMLSpecialCharacters = removeXMLSpecialCharacters;
+exports.severityStringToImpact = severityStringToImpact;
+exports.impactNumberToSeverityString = impactNumberToSeverityString;
+exports.convertEncodedHTMLIntoJson = convertEncodedHTMLIntoJson;
 const tslib_1 = require("tslib");
-const fast_xml_parser_1 = tslib_1.__importDefault(require("fast-xml-parser"));
+const fast_xml_parser_1 = require("fast-xml-parser");
 const jstoxml_1 = require("jstoxml");
 const htmlparser = tslib_1.__importStar(require("htmlparser2"));
 const lodash_1 = tslib_1.__importDefault(require("lodash"));
 const he_1 = tslib_1.__importDefault(require("he"));
+/**
+ * Converts an encoded XML string into a JSON object.
+ *
+ * @param encodedXml - The encoded XML string to be converted.
+ * @returns The JSON representation of the XML string.
+ *
+ * @remarks
+ * This function uses the `fast-xml-parser` library to parse the XML string.
+ * The parser options are configured to:
+ * - Not ignore attributes.
+ * - Remove namespace prefixes.
+ * - Prefix attribute names with '@_'.
+ * - Stop parsing at 'div' and 'p' nodes.
+ * - Treat all nodes as arrays.
+ *
+ * For more details on the parser options, see the documentation for the v4 or v5 version of the library:
+ * {@link https://github.com/NaturalIntelligence/fast-xml-parser/tree/master/docs/v4}
+ */
 function convertEncodedXmlIntoJson(encodedXml) {
-    return fast_xml_parser_1.default.parse(encodedXml, {
+    const options = {
         ignoreAttributes: false,
-        ignoreNameSpace: true,
+        removeNSPrefix: true,
         attributeNamePrefix: '@_',
         stopNodes: ['div', 'p'],
-        arrayMode: true
-    });
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        isArray: (_name, _jpath, _isLeafNode, _isAttribute) => true,
+    };
+    const parser = new fast_xml_parser_1.XMLParser(options);
+    return parser.parse(encodedXml);
 }
-exports.convertEncodedXmlIntoJson = convertEncodedXmlIntoJson;
+/**
+ * Converts a JSON object into an XML string.
+ *
+ * @param data - The JSON object to be converted.
+ * @returns The XML string representation of the JSON object.
+ */
 function convertJsonIntoXML(data) {
     return (0, jstoxml_1.toXML)(data);
 }
-exports.convertJsonIntoXML = convertJsonIntoXML;
+/**
+ * Removes XML special characters from a given string.
+ *
+ * This function decodes any XML special characters in the input string
+ * and returns the decoded result.
+ *
+ * @param str - The input string containing XML special characters.
+ * @returns The decoded string with XML special characters removed.
+ */
 function removeXMLSpecialCharacters(str) {
-    return he_1.default.decode(str);
+    //console.log('Remove special characters: ', JSON.stringify(str, null, 2));
+    const result = he_1.default.decode(str);
+    //console.log('Result of he.decode: ', JSON.stringify(result));
+    return result;
 }
-exports.removeXMLSpecialCharacters = removeXMLSpecialCharacters;
-function severityStringToImpact(string, id) {
+/**
+ * Converts a severity string to a numerical impact value.
+ *
+ * The function matches the input string against various regular expressions
+ * to determine the corresponding impact value:
+ * - "none", "na", "n/a", "not applicable" (case insensitive) -> 0.0
+ * - "low", "category iii", "category 3" (case insensitive) -> 0.3
+ * - "medium", "category ii", "category 2" -> 0.5
+ * - "high", "category i", "category 1" -> 0.7
+ * - "critical", "severe" -> 1.0
+ *
+ * If no match is found, the default impact value is 0.5.
+ *
+ * @param string - The severity string to be converted.
+ * @returns The numerical impact value corresponding to the severity string.
+ */
+function severityStringToImpact(string) {
     var _a, _b, _c, _d, _e;
-    if ((_a = string.match(/none|na|n\/a|not[\s()*_|]?applicable/i)) === null || _a === void 0 ? void 0 : _a.length) {
+    if ((_a = RegExp(/none|na|n\/a|not[\s()*_|]?applicable/i).exec(string)) === null || _a === void 0 ? void 0 : _a.length) {
         return 0.0;
     }
-    if ((_b = string.match(/low|cat(egory)?\s*(iii|3)/i)) === null || _b === void 0 ? void 0 : _b.length) {
+    if ((_b = RegExp(/low|cat(egory)?\s*(iii|3)/i).exec(string)) === null || _b === void 0 ? void 0 : _b.length) {
         return 0.3;
     }
-    if ((_c = string.match(/med(ium)?|cat(egory)?\s*(ii|2)/)) === null || _c === void 0 ? void 0 : _c.length) {
+    if ((_c = RegExp(/med(ium)?|cat(egory)?\s*(ii|2)/).exec(string)) === null || _c === void 0 ? void 0 : _c.length) {
         return 0.5;
     }
-    if ((_d = string.match(/high|cat(egory)?\s*(i|1)/)) === null || _d === void 0 ? void 0 : _d.length) {
+    if ((_d = RegExp(/high|cat(egory)?\s*(i|1)/).exec(string)) === null || _d === void 0 ? void 0 : _d.length) {
         return 0.7;
     }
-    if ((_e = string.match(/crit(ical)?|severe/)) === null || _e === void 0 ? void 0 : _e.length) {
+    if ((_e = RegExp(/crit(ical)?|severe/).exec(string)) === null || _e === void 0 ? void 0 : _e.length) {
         return 1.0;
     }
-    console.log(`${string} is not a valid severity value. It should be one of the approved keywords. ${id} will be treated as medium severity`);
     return 0.5;
 }
-exports.severityStringToImpact = severityStringToImpact;
+/**
+ * Converts an impact number to a severity string.
+ *
+ * @param impact - A number representing the impact, which must be between 0.0 and 1.0 inclusive.
+ * @returns A string representing the severity level:
+ * - 'critical' for impact >= 0.9
+ * - 'high' for impact >= 0.7
+ * - 'medium' for impact >= 0.4
+ * - 'low' for impact >= 0.1
+ * - 'none' for impact < 0.1
+ * @throws {Error} If the impact is less than 0.0 or greater than 1.0.
+ */
 function impactNumberToSeverityString(impact) {
     // Impact must be 0.0 - 1.0
     if (impact < 0.0 || impact > 1.0) {
@@ -67,7 +134,26 @@ function impactNumberToSeverityString(impact) {
         return 'none';
     }
 }
-exports.impactNumberToSeverityString = impactNumberToSeverityString;
+/**
+ * Converts an encoded HTML string into a JSON object, handling specific edge
+ * cases related to XSS and XML tags.
+ *
+ * This function performs the following steps:
+ * 1. Replaces occurrences of `"&lt;"` with a placeholder to avoid
+ *    breaking parsing.
+ * 2. Parses the patched HTML to extract text chunks.
+ * 3. Converts the extracted text chunks into JSON.
+ * 4. Cleans the converted JSON by replacing placeholders with the original
+ *    characters and handling nested objects.
+ *
+ * Note: This function specifically addresses issues found in certain
+ *       STIGs (Security Technical Implementation Guides) where XML tags are
+ *       embedded within text fields.
+ *
+ * @param encodedHTML - The encoded HTML string to be converted.
+ *                      If not provided, an empty object is returned.
+ * @returns A `DecodedDescription` object containing the converted JSON data.
+ */
 function convertEncodedHTMLIntoJson(encodedHTML) {
     if (encodedHTML) {
         // Some STIGs regarding XSS put the < character inside of the description which breaks parsing
@@ -82,9 +168,15 @@ function convertEncodedHTMLIntoJson(encodedHTML) {
         htmlParser.end();
         const converted = convertEncodedXmlIntoJson(xmlChunks.join(''));
         let cleaned = {};
-        if (typeof converted.VulnDiscussion === 'object') { // Some STIGs have xml tags inside of the actual text which breaks processing, e.g U_ASD_STIG_V5R1_Manual-xccdf.xml and all Oracle Database STIGs
+        // Some STIGs have xml tags inside of the actual text which breaks processing,
+        // e.g U_ASD_STIG_V5R1_Manual-xccdf.xml and all Oracle Database STIGs
+        if (typeof converted.VulnDiscussion === 'object') {
             let extractedVulnDescription = '';
-            const remainingFields = lodash_1.default.omit(converted.VulnDiscussion, ['FalsePositives', 'FalseNegatives', 'Documentable', 'Mitigations', 'SeverityOverrideGuidance', 'PotentialImpacts', 'ThirdPartyTools', 'MitigationControl', 'Responsibility', 'IAControls']);
+            const remainingFields = lodash_1.default.omit(converted.VulnDiscussion, [
+                'FalsePositives', 'FalseNegatives', 'Documentable', 'Mitigations',
+                'SeverityOverrideGuidance', 'PotentialImpacts', 'ThirdPartyTools',
+                'MitigationControl', 'Responsibility', 'IAControls'
+            ]);
             Object.entries(remainingFields).forEach(([field, value]) => {
                 extractedVulnDescription += `<${field}> ${value}`;
             });
@@ -114,4 +206,3 @@ function convertEncodedHTMLIntoJson(encodedHTML) {
     }
     return {};
 }
-exports.convertEncodedHTMLIntoJson = convertEncodedHTMLIntoJson;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mitre/inspec-objects",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks",
   "main": "lib/index.js",
   "publishConfig": {
@@ -24,36 +24,36 @@
   },
   "homepage": "https://github.com/mitre/ts-inspec-objects#readme",
   "dependencies": {
-    "@types/flat": "^5.0.2",
+    "@types/flat": "5.0.2",
     "@types/he": "^1.1.2",
-    "@types/json-diff": "^0.7.0",
+    "@types/json-diff": "^1.0.0",
     "@types/jstoxml": "^2.0.2",
     "@types/lodash": "^4.14.178",
     "@types/mustache": "^4.2.0",
     "@types/pretty": "^2.0.1",
-    "fast-xml-parser": "^3.1.19",
-    "flat": "^5.0.2",
+    "fast-xml-parser": "^4.5.1",
+    "flat": "5.0.2",
     "he": "^1.2.0",
-    "htmlparser2": "^7.2.0",
+    "htmlparser2": "^10.0.0",
     "inspecjs": "^2.6.6",
-    "jest": "^28.1.1",
-    "json-diff": "^0.9.0",
-    "jstoxml": "^3.2.3",
+    "json-diff": "^1.0.6",
+    "jstoxml": "^5.0.2",
     "lodash": "^4.17.21",
     "mustache": "^4.2.0",
     "pretty": "^2.0.0",
-    "ts-jest": "^28.0.4",
-    "typescript": "^4.5.5",
     "winston": "^3.8.1",
-    "yaml": "^1.10.2"
+    "yaml": "^2.3.1"
   },
   "devDependencies": {
-    "@types/jest": "^28.1.1",
-    "@types/node": "^17.0.18",
-    "@typescript-eslint/eslint-plugin": "^5.47.0",
-    "@typescript-eslint/parser": "^5.47.0",
+    "@types/jest": "^29.5.12",
+    "@types/node": "^22.5.2",
+    "@typescript-eslint/eslint-plugin": "^6.4.1",
+    "@typescript-eslint/parser": "^6.0.0",
     "eslint": "^8.30.0",
-    "tslib": "^2.4.0"
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.1",
+    "tslib": "^2.4.0",
+    "typescript": "^5.2.2"
   },
   "jest": {
     "rootDir": ".",