@sentriflow/cli 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +41 -25
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -10727,16 +10727,18 @@ function generateSarif(results, filePath, rules, options = {}, ipSummary) {
10727
10727
  kinds: ["superset"]
10728
10728
  }));
10729
10729
  }
10730
- if (secMeta?.cvssScore !== void 0 || secMeta?.cvssVector || secMeta?.tags) {
10730
+ const hasCvss = secMeta?.cvssScore !== void 0 || secMeta?.cvssVector;
10731
+ const hasTags = rule.metadata.tags && rule.metadata.tags.length > 0;
10732
+ if (hasCvss || hasTags) {
10731
10733
  base.properties = {};
10732
- if (secMeta.cvssScore !== void 0) {
10734
+ if (secMeta?.cvssScore !== void 0) {
10733
10735
  base.properties["security-severity"] = String(secMeta.cvssScore);
10734
10736
  }
10735
- if (secMeta.cvssVector) {
10737
+ if (secMeta?.cvssVector) {
10736
10738
  base.properties["cvss-vector"] = secMeta.cvssVector;
10737
10739
  }
10738
- if (secMeta.tags && secMeta.tags.length > 0) {
10739
- base.properties.tags = secMeta.tags;
10740
+ if (hasTags) {
10741
+ base.properties.tags = rule.metadata.tags.map((t) => t.label);
10740
10742
  }
10741
10743
  }
10742
10744
  return base;
@@ -10752,7 +10754,7 @@ function generateSarif(results, filePath, rules, options = {}, ipSummary) {
10752
10754
  tool: {
10753
10755
  driver: {
10754
10756
  name: "Sentriflow",
10755
- version: "0.1.8",
10757
+ version: "0.1.9",
10756
10758
  informationUri: "https://github.com/sentriflow/sentriflow",
10757
10759
  rules: sarifRules,
10758
10760
  // SEC-007: Include CWE taxonomy when rules reference it
@@ -10874,16 +10876,18 @@ function generateMultiFileSarif(fileResults, rules, options = {}) {
10874
10876
  kinds: ["superset"]
10875
10877
  }));
10876
10878
  }
10877
- if (secMeta?.cvssScore !== void 0 || secMeta?.cvssVector || secMeta?.tags) {
10879
+ const hasCvss = secMeta?.cvssScore !== void 0 || secMeta?.cvssVector;
10880
+ const hasTags = rule.metadata.tags && rule.metadata.tags.length > 0;
10881
+ if (hasCvss || hasTags) {
10878
10882
  base.properties = {};
10879
- if (secMeta.cvssScore !== void 0) {
10883
+ if (secMeta?.cvssScore !== void 0) {
10880
10884
  base.properties["security-severity"] = String(secMeta.cvssScore);
10881
10885
  }
10882
- if (secMeta.cvssVector) {
10886
+ if (secMeta?.cvssVector) {
10883
10887
  base.properties["cvss-vector"] = secMeta.cvssVector;
10884
10888
  }
10885
- if (secMeta.tags && secMeta.tags.length > 0) {
10886
- base.properties.tags = secMeta.tags;
10889
+ if (hasTags) {
10890
+ base.properties.tags = rule.metadata.tags.map((t) => t.label);
10887
10891
  }
10888
10892
  }
10889
10893
  return base;
@@ -10906,7 +10910,7 @@ function generateMultiFileSarif(fileResults, rules, options = {}) {
10906
10910
  tool: {
10907
10911
  driver: {
10908
10912
  name: "Sentriflow",
10909
- version: "0.1.8",
10913
+ version: "0.1.9",
10910
10914
  informationUri: "https://github.com/sentriflow/sentriflow",
10911
10915
  rules: sarifRules,
10912
10916
  // SEC-007: Include CWE taxonomy when rules reference it
@@ -13484,9 +13488,12 @@ var cisco_json_rules_default = {
13484
13488
  description: "Trunk ports should disable DTP (Dynamic Trunking Protocol)",
13485
13489
  remediation: "Add 'switchport nonegotiate' to disable DTP on trunk ports",
13486
13490
  security: {
13487
- cwe: ["CWE-319"],
13488
- tags: ["vlan-hopping", "network-security"]
13489
- }
13491
+ cwe: ["CWE-319"]
13492
+ },
13493
+ tags: [
13494
+ { type: "security", label: "vlan-hopping" },
13495
+ { type: "security", label: "network-security" }
13496
+ ]
13490
13497
  },
13491
13498
  check: {
13492
13499
  type: "and",
@@ -13527,9 +13534,12 @@ var cisco_json_rules_default = {
13527
13534
  description: "VTY lines should have access-class configured for SSH access control",
13528
13535
  remediation: "Add 'access-class <acl> in' to restrict VTY access",
13529
13536
  security: {
13530
- cwe: ["CWE-284"],
13531
- tags: ["access-control", "remote-access"]
13532
- }
13537
+ cwe: ["CWE-284"]
13538
+ },
13539
+ tags: [
13540
+ { type: "security", label: "access-control" },
13541
+ { type: "security", label: "remote-access" }
13542
+ ]
13533
13543
  },
13534
13544
  check: {
13535
13545
  type: "child_not_exists",
@@ -13611,9 +13621,12 @@ var juniper_json_rules_default = {
13611
13621
  description: "SSH should be configured for version 2 only",
13612
13622
  remediation: "Configure 'set system services ssh protocol-version v2'",
13613
13623
  security: {
13614
- cwe: ["CWE-327"],
13615
- tags: ["ssh", "encryption"]
13616
- }
13624
+ cwe: ["CWE-327"]
13625
+ },
13626
+ tags: [
13627
+ { type: "security", label: "ssh" },
13628
+ { type: "security", label: "encryption" }
13629
+ ]
13617
13630
  },
13618
13631
  check: {
13619
13632
  type: "and",
@@ -13644,9 +13657,12 @@ var juniper_json_rules_default = {
13644
13657
  description: "Telnet service should be disabled",
13645
13658
  remediation: "Remove 'set system services telnet' or add 'delete system services telnet'",
13646
13659
  security: {
13647
- cwe: ["CWE-319"],
13648
- tags: ["telnet", "cleartext"]
13649
- }
13660
+ cwe: ["CWE-319"]
13661
+ },
13662
+ tags: [
13663
+ { type: "security", label: "telnet" },
13664
+ { type: "security", label: "cleartext" }
13665
+ ]
13650
13666
  },
13651
13667
  check: {
13652
13668
  type: "helper",
@@ -14857,7 +14873,7 @@ function isStdinRequested(files) {
14857
14873
 
14858
14874
  // index.ts
14859
14875
  var program = new Command();
14860
- program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.8").argument("[files...]", "Path(s) to configuration file(s) (supports multiple files)").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
14876
+ program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.9").argument("[files...]", "Path(s) to configuration file(s) (supports multiple files)").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
14861
14877
  "--encrypted-pack <path...>",
14862
14878
  "SEC-012: Path(s) to encrypted rule pack(s) (.grpx), can specify multiple"
14863
14879
  ).option(
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sentriflow/cli",
3
- "version": "0.1.8",
3
+ "version": "0.1.9",
4
4
  "description": "SentriFlow CLI - Network configuration linter and validator",
5
5
  "license": "Apache-2.0",
6
6
  "main": "dist/index.js",