npm - @zerothreatai/vulnerability-registry - Versions diffs - 5.0.0 → 6.0.0 - Mend

@zerothreatai/vulnerability-registry 5.0.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/dist/compliance-codes.d.ts +207 -0
package/dist/compliance-codes.js +213 -0
package/dist/compliances/gdpr.d.ts +2 -0
package/dist/compliances/gdpr.js +252 -0
package/dist/compliances/helpers.d.ts +6 -0
package/dist/compliances/helpers.js +11 -0
package/dist/compliances/hipaa.d.ts +2 -0
package/dist/compliances/hipaa.js +187 -0
package/dist/compliances/index.d.ts +5 -0
package/dist/compliances/index.js +5 -0
package/dist/compliances/owasp.d.ts +2 -0
package/dist/compliances/owasp.js +127 -0
package/dist/compliances/pci-dss.d.ts +2 -0
package/dist/compliances/pci-dss.js +260 -0
package/dist/compliances/sans-top-25.d.ts +2 -0
package/dist/compliances/sans-top-25.js +242 -0
package/dist/index.d.ts +7 -1
package/dist/index.js +7 -1
package/dist/types.d.ts +33 -0
package/dist/types.js +11 -1
package/dist-cjs/compliance-codes.js +216 -0
package/dist-cjs/compliances/gdpr.js +255 -0
package/dist-cjs/compliances/helpers.js +19 -0
package/dist-cjs/compliances/hipaa.js +190 -0
package/dist-cjs/compliances/index.js +13 -0
package/dist-cjs/compliances/owasp.js +130 -0
package/dist-cjs/compliances/pci-dss.js +263 -0
package/dist-cjs/compliances/sans-top-25.js +245 -0
package/dist-cjs/index.js +12 -1
package/dist-cjs/types.js +12 -0
package/package.json +6 -1
package/src/compliance-codes.ts +216 -0
package/src/compliances/README.md +82 -0
package/src/compliances/gdpr.ts +258 -0
package/src/compliances/helpers.ts +29 -0
package/src/compliances/hipaa.ts +193 -0
package/src/compliances/index.ts +5 -0
package/src/compliances/owasp.ts +133 -0
package/src/compliances/pci-dss.ts +266 -0
package/src/compliances/sans-top-25.ts +246 -0
package/src/index.ts +12 -1
package/src/types.ts +40 -4

package/dist-cjs/compliance-codes.js ADDED Viewed

@@ -0,0 +1,216 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ComplianceCode = void 0;
+var ComplianceCode;
+(function (ComplianceCode) {
+    // --- OWASP (ComplianceId: 1) ---
+    ComplianceCode["OWASP_A1_BROKEN_ACCESS_CONTROL"] = "OWASP_A1_BROKEN_ACCESS_CONTROL";
+    ComplianceCode["OWASP_A2_CRYPTOGRAPHIC_FAILURES"] = "OWASP_A2_CRYPTOGRAPHIC_FAILURES";
+    ComplianceCode["OWASP_A3_INJECTION_FLAWS"] = "OWASP_A3_INJECTION_FLAWS";
+    ComplianceCode["OWASP_A4_INSECURE_DESIGN"] = "OWASP_A4_INSECURE_DESIGN";
+    ComplianceCode["OWASP_A5_SECURITY_MISCONFIGURATION"] = "OWASP_A5_SECURITY_MISCONFIGURATION";
+    ComplianceCode["OWASP_A6_VULNERABLE_OUTDATED_COMPONENTS"] = "OWASP_A6_VULNERABLE_OUTDATED_COMPONENTS";
+    ComplianceCode["OWASP_A7_IDENTIFICATION_AUTH_FAILURE"] = "OWASP_A7_IDENTIFICATION_AUTH_FAILURE";
+    ComplianceCode["OWASP_A8_SOFTWARE_DATA_INTEGRITY_FAILURE"] = "OWASP_A8_SOFTWARE_DATA_INTEGRITY_FAILURE";
+    ComplianceCode["OWASP_A9_LOGGING_MONITORING_FAILURES"] = "OWASP_A9_LOGGING_MONITORING_FAILURES";
+    ComplianceCode["OWASP_A10_SSRF"] = "OWASP_A10_SSRF";
+    // --- HIPAA (ComplianceId: 2) ---
+    ComplianceCode["HIPAA_164_105_PROTECT_PRIVATE_HEALTH_INFO"] = "HIPAA_164_105_PROTECT_PRIVATE_HEALTH_INFO";
+    ComplianceCode["HIPAA_164_306_A_1_KEEP_INFO_SAFE"] = "HIPAA_164_306_A_1_KEEP_INFO_SAFE";
+    ComplianceCode["HIPAA_164_306_A_2_PROTECT_AGAINST_THREATS"] = "HIPAA_164_306_A_2_PROTECT_AGAINST_THREATS";
+    ComplianceCode["HIPAA_164_306_A_3_STOP_UNAUTHORIZED_ACCESS"] = "HIPAA_164_306_A_3_STOP_UNAUTHORIZED_ACCESS";
+    ComplianceCode["HIPAA_164_308_A_1_I_PREVENT_FIX_PROBLEMS"] = "HIPAA_164_308_A_1_I_PREVENT_FIX_PROBLEMS";
+    ComplianceCode["HIPAA_164_308_A_1_II_B_LOWER_SECURITY_RISKS"] = "HIPAA_164_308_A_1_II_B_LOWER_SECURITY_RISKS";
+    ComplianceCode["HIPAA_164_308_A_5_II_B_BLOCK_MALWARE"] = "HIPAA_164_308_A_5_II_B_BLOCK_MALWARE";
+    ComplianceCode["HIPAA_164_308_A_5_II_C_WATCH_LOGINS"] = "HIPAA_164_308_A_5_II_C_WATCH_LOGINS";
+    ComplianceCode["HIPAA_164_308_A_5_II_D_PROTECT_PASSWORDS"] = "HIPAA_164_308_A_5_II_D_PROTECT_PASSWORDS";
+    ComplianceCode["HIPAA_164_308_A_7_I_PLAN_EMERGENCIES"] = "HIPAA_164_308_A_7_I_PLAN_EMERGENCIES";
+    ComplianceCode["HIPAA_164_312_A_1_CONTROL_ACCESS"] = "HIPAA_164_312_A_1_CONTROL_ACCESS";
+    ComplianceCode["HIPAA_164_312_C_1_PREVENT_CHANGES"] = "HIPAA_164_312_C_1_PREVENT_CHANGES";
+    ComplianceCode["HIPAA_164_312_D_VERIFY_IDENTITY"] = "HIPAA_164_312_D_VERIFY_IDENTITY";
+    ComplianceCode["HIPAA_164_312_E_1_PROTECT_ONLINE_INFO"] = "HIPAA_164_312_E_1_PROTECT_ONLINE_INFO";
+    ComplianceCode["HIPAA_164_312_E_2_I_PREVENT_UNAUTHORIZED_CHANGES"] = "HIPAA_164_312_E_2_I_PREVENT_UNAUTHORIZED_CHANGES";
+    ComplianceCode["HIPAA_164_312_E_2_II_USE_ENCRYPTION"] = "HIPAA_164_312_E_2_II_USE_ENCRYPTION";
+    ComplianceCode["HIPAA_164_530_C_2_I_KEEP_INFO_SHARED"] = "HIPAA_164_530_C_2_I_KEEP_INFO_SHARED";
+    // --- GDPR (ComplianceId: 3) ---
+    ComplianceCode["GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES"] = "GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES";
+    ComplianceCode["GDPR_A_10_1_2_CHANGE_MANAGEMENT"] = "GDPR_A_10_1_2_CHANGE_MANAGEMENT";
+    ComplianceCode["GDPR_A_10_1_3_SEGREGATION_OF_DUTIES"] = "GDPR_A_10_1_3_SEGREGATION_OF_DUTIES";
+    ComplianceCode["GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS"] = "GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS";
+    ComplianceCode["GDPR_A_10_2_1_SERVICE_DELIVERY"] = "GDPR_A_10_2_1_SERVICE_DELIVERY";
+    ComplianceCode["GDPR_A_10_2_2_MONITORING_THIRD_PARTY_SERVICES"] = "GDPR_A_10_2_2_MONITORING_THIRD_PARTY_SERVICES";
+    ComplianceCode["GDPR_A_10_2_3_MANAGING_CHANGES_THIRD_PARTY"] = "GDPR_A_10_2_3_MANAGING_CHANGES_THIRD_PARTY";
+    ComplianceCode["GDPR_A_10_3_1_CAPACITY_MANAGEMENT"] = "GDPR_A_10_3_1_CAPACITY_MANAGEMENT";
+    ComplianceCode["GDPR_A_10_3_2_SYSTEM_ACCEPTANCE"] = "GDPR_A_10_3_2_SYSTEM_ACCEPTANCE";
+    ComplianceCode["GDPR_A_10_4_1_CONTROLS_AGAINST_MALICIOUS_CODE"] = "GDPR_A_10_4_1_CONTROLS_AGAINST_MALICIOUS_CODE";
+    ComplianceCode["GDPR_A_10_4_2_CONTROLS_AGAINST_MOBILE_CODE"] = "GDPR_A_10_4_2_CONTROLS_AGAINST_MOBILE_CODE";
+    ComplianceCode["GDPR_A_10_5_1_INFORMATION_BACK_UP"] = "GDPR_A_10_5_1_INFORMATION_BACK_UP";
+    ComplianceCode["GDPR_A_10_6_1_NETWORK_CONTROLS"] = "GDPR_A_10_6_1_NETWORK_CONTROLS";
+    ComplianceCode["GDPR_A_10_6_2_SECURITY_OF_NETWORK_SERVICES"] = "GDPR_A_10_6_2_SECURITY_OF_NETWORK_SERVICES";
+    ComplianceCode["GDPR_A_10_7_1_MANAGEMENT_REMOVABLE_MEDIA"] = "GDPR_A_10_7_1_MANAGEMENT_REMOVABLE_MEDIA";
+    ComplianceCode["GDPR_A_10_7_2_DISPOSAL_OF_MEDIA"] = "GDPR_A_10_7_2_DISPOSAL_OF_MEDIA";
+    ComplianceCode["GDPR_A_10_7_3_INFORMATION_HANDLING_PROCEDURES"] = "GDPR_A_10_7_3_INFORMATION_HANDLING_PROCEDURES";
+    ComplianceCode["GDPR_A_10_7_4_SECURITY_SYSTEM_DOCUMENTATION"] = "GDPR_A_10_7_4_SECURITY_SYSTEM_DOCUMENTATION";
+    ComplianceCode["GDPR_A_10_8_1_INFO_EXCHANGE_POLICIES"] = "GDPR_A_10_8_1_INFO_EXCHANGE_POLICIES";
+    ComplianceCode["GDPR_A_10_8_2_EXCHANGE_AGREEMENTS"] = "GDPR_A_10_8_2_EXCHANGE_AGREEMENTS";
+    ComplianceCode["GDPR_A_10_8_3_PHYSICAL_MEDIA_IN_TRANSIT"] = "GDPR_A_10_8_3_PHYSICAL_MEDIA_IN_TRANSIT";
+    ComplianceCode["GDPR_A_10_8_4_ELECTRONIC_MESSAGING"] = "GDPR_A_10_8_4_ELECTRONIC_MESSAGING";
+    ComplianceCode["GDPR_A_10_8_5_BUSINESS_INFORMATION_SYSTEMS"] = "GDPR_A_10_8_5_BUSINESS_INFORMATION_SYSTEMS";
+    ComplianceCode["GDPR_A_10_9_1_ELECTRONIC_COMMERCE"] = "GDPR_A_10_9_1_ELECTRONIC_COMMERCE";
+    ComplianceCode["GDPR_A_10_9_2_ONLINE_TRANSACTIONS"] = "GDPR_A_10_9_2_ONLINE_TRANSACTIONS";
+    ComplianceCode["GDPR_A_10_9_3_PUBLICLY_AVAILABLE"] = "GDPR_A_10_9_3_PUBLICLY_AVAILABLE";
+    ComplianceCode["GDPR_A_10_10_1_AUDIT_LOGGING"] = "GDPR_A_10_10_1_AUDIT_LOGGING";
+    ComplianceCode["GDPR_A_10_10_2_MONITORING_SYSTEM_USE"] = "GDPR_A_10_10_2_MONITORING_SYSTEM_USE";
+    ComplianceCode["GDPR_A_10_10_3_PROTECTION_OF_LOG_INFORMATION"] = "GDPR_A_10_10_3_PROTECTION_OF_LOG_INFORMATION";
+    ComplianceCode["GDPR_A_10_10_4_ADMINISTRATOR_OPERATOR_LOGS"] = "GDPR_A_10_10_4_ADMINISTRATOR_OPERATOR_LOGS";
+    ComplianceCode["GDPR_A_10_10_5_FAULT_LOGGING"] = "GDPR_A_10_10_5_FAULT_LOGGING";
+    ComplianceCode["GDPR_A_10_10_6_CLOCK_SYNCHRONIZATION"] = "GDPR_A_10_10_6_CLOCK_SYNCHRONIZATION";
+    ComplianceCode["GDPR_A_11_1_1_ACCESS_CONTROL_POLICY"] = "GDPR_A_11_1_1_ACCESS_CONTROL_POLICY";
+    ComplianceCode["GDPR_A_11_2_1_USER_REGISTRATION"] = "GDPR_A_11_2_1_USER_REGISTRATION";
+    ComplianceCode["GDPR_A_11_2_2_PRIVILEGE_MANAGEMENT"] = "GDPR_A_11_2_2_PRIVILEGE_MANAGEMENT";
+    ComplianceCode["GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT"] = "GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT";
+    ComplianceCode["GDPR_A_11_2_4_REVIEW_USER_ACCESS_RIGHTS"] = "GDPR_A_11_2_4_REVIEW_USER_ACCESS_RIGHTS";
+    ComplianceCode["GDPR_A_11_3_1_PASSWORD_USE"] = "GDPR_A_11_3_1_PASSWORD_USE";
+    ComplianceCode["GDPR_A_11_3_2_UNATTENDED_USER_EQUIPMENT"] = "GDPR_A_11_3_2_UNATTENDED_USER_EQUIPMENT";
+    ComplianceCode["GDPR_A_11_3_3_CLEAR_DESK_SCREEN_POLICY"] = "GDPR_A_11_3_3_CLEAR_DESK_SCREEN_POLICY";
+    ComplianceCode["GDPR_A_11_4_1_POLICY_USE_NETWORK_SERVICES"] = "GDPR_A_11_4_1_POLICY_USE_NETWORK_SERVICES";
+    ComplianceCode["GDPR_A_11_4_2_USER_AUTH_EXTERNAL_CONNECTIONS"] = "GDPR_A_11_4_2_USER_AUTH_EXTERNAL_CONNECTIONS";
+    ComplianceCode["GDPR_A_11_4_3_EQUIPMENT_IDENTIFICATION"] = "GDPR_A_11_4_3_EQUIPMENT_IDENTIFICATION";
+    ComplianceCode["GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION"] = "GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION";
+    ComplianceCode["GDPR_A_11_4_5_SEGREGATION_IN_NETWORKS"] = "GDPR_A_11_4_5_SEGREGATION_IN_NETWORKS";
+    ComplianceCode["GDPR_A_11_4_6_NETWORK_CONNECTION_CONTROL"] = "GDPR_A_11_4_6_NETWORK_CONNECTION_CONTROL";
+    ComplianceCode["GDPR_A_11_4_7_NETWORK_ROUTING_CONTROL"] = "GDPR_A_11_4_7_NETWORK_ROUTING_CONTROL";
+    ComplianceCode["GDPR_A_11_5_1_SECURE_LOG_ON"] = "GDPR_A_11_5_1_SECURE_LOG_ON";
+    ComplianceCode["GDPR_A_11_5_2_USER_ID_AND_AUTH"] = "GDPR_A_11_5_2_USER_ID_AND_AUTH";
+    ComplianceCode["GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM"] = "GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM";
+    ComplianceCode["GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES"] = "GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES";
+    ComplianceCode["GDPR_A_11_5_5_SESSION_TIMEOUT"] = "GDPR_A_11_5_5_SESSION_TIMEOUT";
+    ComplianceCode["GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME"] = "GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME";
+    ComplianceCode["GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION"] = "GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION";
+    ComplianceCode["GDPR_A_11_6_2_SENSITIVE_SYSTEM_ISOLATION"] = "GDPR_A_11_6_2_SENSITIVE_SYSTEM_ISOLATION";
+    ComplianceCode["GDPR_A_11_7_1_MOBILE_COMPUTING"] = "GDPR_A_11_7_1_MOBILE_COMPUTING";
+    ComplianceCode["GDPR_A_11_7_2_TELEWORKING"] = "GDPR_A_11_7_2_TELEWORKING";
+    ComplianceCode["GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS"] = "GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS";
+    ComplianceCode["GDPR_A_12_2_1_INPUT_DATA_VALIDATION"] = "GDPR_A_12_2_1_INPUT_DATA_VALIDATION";
+    ComplianceCode["GDPR_A_12_2_2_CONTROL_INTERNAL_PROCESSING"] = "GDPR_A_12_2_2_CONTROL_INTERNAL_PROCESSING";
+    ComplianceCode["GDPR_A_12_2_3_MESSAGE_INTEGRITY"] = "GDPR_A_12_2_3_MESSAGE_INTEGRITY";
+    ComplianceCode["GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION"] = "GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION";
+    ComplianceCode["GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS"] = "GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS";
+    ComplianceCode["GDPR_A_12_3_2_KEY_MANAGEMENT"] = "GDPR_A_12_3_2_KEY_MANAGEMENT";
+    ComplianceCode["GDPR_A_12_4_1_CONTROL_OPERATIONAL_SOFTWARE"] = "GDPR_A_12_4_1_CONTROL_OPERATIONAL_SOFTWARE";
+    ComplianceCode["GDPR_A_12_4_2_PROTECTION_SYSTEM_TEST_DATA"] = "GDPR_A_12_4_2_PROTECTION_SYSTEM_TEST_DATA";
+    ComplianceCode["GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE"] = "GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE";
+    ComplianceCode["GDPR_A_12_5_1_CHANGE_CONTROL_PROCEDURES"] = "GDPR_A_12_5_1_CHANGE_CONTROL_PROCEDURES";
+    ComplianceCode["GDPR_A_12_5_2_TECHNICAL_REVIEW_APPS"] = "GDPR_A_12_5_2_TECHNICAL_REVIEW_APPS";
+    ComplianceCode["GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE"] = "GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE";
+    ComplianceCode["GDPR_A_12_5_4_INFORMATION_LEAKAGE"] = "GDPR_A_12_5_4_INFORMATION_LEAKAGE";
+    ComplianceCode["GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV"] = "GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV";
+    ComplianceCode["GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES"] = "GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES";
+    // --- PCI DSS (ComplianceId: 4) ---
+    ComplianceCode["PCI_REQ_1_INSTALL_FIREWALL"] = "PCI_REQ_1_INSTALL_FIREWALL";
+    ComplianceCode["PCI_REQ_2_1_CHANGE_DEFAULT_PASSWORDS"] = "PCI_REQ_2_1_CHANGE_DEFAULT_PASSWORDS";
+    ComplianceCode["PCI_REQ_2_2_1_ONE_PRIMARY_FUNCTION"] = "PCI_REQ_2_2_1_ONE_PRIMARY_FUNCTION";
+    ComplianceCode["PCI_REQ_2_2_2_ENABLE_NECESSARY_SERVICES"] = "PCI_REQ_2_2_2_ENABLE_NECESSARY_SERVICES";
+    ComplianceCode["PCI_REQ_2_2_3_SECURE_INSECURE_SERVICES"] = "PCI_REQ_2_2_3_SECURE_INSECURE_SERVICES";
+    ComplianceCode["PCI_REQ_2_2_4_CONFIGURE_SYSTEM_PARAMETERS"] = "PCI_REQ_2_2_4_CONFIGURE_SYSTEM_PARAMETERS";
+    ComplianceCode["PCI_REQ_2_2_5_STRENGTHEN_INSECURE_SERVICES"] = "PCI_REQ_2_2_5_STRENGTHEN_INSECURE_SERVICES";
+    ComplianceCode["PCI_REQ_2_3_ENCRYPT_NON_CONSOLE_ADMIN"] = "PCI_REQ_2_3_ENCRYPT_NON_CONSOLE_ADMIN";
+    ComplianceCode["PCI_REQ_A_1_1_ISOLATE_PROCESSES_CDE"] = "PCI_REQ_A_1_1_ISOLATE_PROCESSES_CDE";
+    ComplianceCode["PCI_REQ_A_1_2_RESTRICT_ENTITY_ACCESS"] = "PCI_REQ_A_1_2_RESTRICT_ENTITY_ACCESS";
+    ComplianceCode["PCI_REQ_A_1_3_ENABLE_UNIQUE_LOGGING"] = "PCI_REQ_A_1_3_ENABLE_UNIQUE_LOGGING";
+    ComplianceCode["PCI_REQ_A_1_4_ENABLE_FORENSIC_INVESTIGATION"] = "PCI_REQ_A_1_4_ENABLE_FORENSIC_INVESTIGATION";
+    ComplianceCode["PCI_REQ_3_1_MINIMIZE_DATA_STORAGE"] = "PCI_REQ_3_1_MINIMIZE_DATA_STORAGE";
+    ComplianceCode["PCI_REQ_3_2_1_NO_FULL_TRACK_DATA"] = "PCI_REQ_3_2_1_NO_FULL_TRACK_DATA";
+    ComplianceCode["PCI_REQ_3_2_2_NO_CVV_STORAGE"] = "PCI_REQ_3_2_2_NO_CVV_STORAGE";
+    ComplianceCode["PCI_REQ_3_2_3_NO_PIN_STORAGE"] = "PCI_REQ_3_2_3_NO_PIN_STORAGE";
+    ComplianceCode["PCI_REQ_3_3_MASK_PAN"] = "PCI_REQ_3_3_MASK_PAN";
+    ComplianceCode["PCI_REQ_3_4_RENDER_PAN_UNREADABLE"] = "PCI_REQ_3_4_RENDER_PAN_UNREADABLE";
+    ComplianceCode["PCI_REQ_3_5_PROTECT_ENCRYPTION_KEYS"] = "PCI_REQ_3_5_PROTECT_ENCRYPTION_KEYS";
+    ComplianceCode["PCI_REQ_3_6_KEY_MANAGEMENT_PROCESSES"] = "PCI_REQ_3_6_KEY_MANAGEMENT_PROCESSES";
+    ComplianceCode["PCI_REQ_3_7_DOCUMENT_POLICIES_STORED_DATA"] = "PCI_REQ_3_7_DOCUMENT_POLICIES_STORED_DATA";
+    ComplianceCode["PCI_REQ_4_1_STRONG_CRYPTO_TRANSMISSION"] = "PCI_REQ_4_1_STRONG_CRYPTO_TRANSMISSION";
+    ComplianceCode["PCI_REQ_4_2_NO_UNPROTECTED_PAN_MESSAGING"] = "PCI_REQ_4_2_NO_UNPROTECTED_PAN_MESSAGING";
+    ComplianceCode["PCI_REQ_4_3_ENCRYPTION_POLICIES_TRANSMISSION"] = "PCI_REQ_4_3_ENCRYPTION_POLICIES_TRANSMISSION";
+    ComplianceCode["PCI_REQ_5_PROTECT_MALWARE_ANTIVIRUS"] = "PCI_REQ_5_PROTECT_MALWARE_ANTIVIRUS";
+    ComplianceCode["PCI_REQ_6_1_IDENTIFY_RANK_VULNERABILITIES"] = "PCI_REQ_6_1_IDENTIFY_RANK_VULNERABILITIES";
+    ComplianceCode["PCI_REQ_6_2_INSTALL_SECURITY_PATCHES"] = "PCI_REQ_6_2_INSTALL_SECURITY_PATCHES";
+    ComplianceCode["PCI_REQ_6_3_1_SECURE_SOFTWARE_DEVELOPMENT"] = "PCI_REQ_6_3_1_SECURE_SOFTWARE_DEVELOPMENT";
+    ComplianceCode["PCI_REQ_6_3_2_CODE_REVIEW"] = "PCI_REQ_6_3_2_CODE_REVIEW";
+    ComplianceCode["PCI_REQ_6_4_1_SEPARATE_DEV_PROD"] = "PCI_REQ_6_4_1_SEPARATE_DEV_PROD";
+    ComplianceCode["PCI_REQ_6_4_2_SEPARATION_OF_DUTIES"] = "PCI_REQ_6_4_2_SEPARATION_OF_DUTIES";
+    ComplianceCode["PCI_REQ_6_4_3_NO_LIVE_DATA_TESTING"] = "PCI_REQ_6_4_3_NO_LIVE_DATA_TESTING";
+    ComplianceCode["PCI_REQ_6_4_4_REMOVE_TEST_DATA"] = "PCI_REQ_6_4_4_REMOVE_TEST_DATA";
+    ComplianceCode["PCI_REQ_6_5_1_PREVENT_INJECTION"] = "PCI_REQ_6_5_1_PREVENT_INJECTION";
+    ComplianceCode["PCI_REQ_6_5_2_PREVENT_BUFFER_OVERFLOW"] = "PCI_REQ_6_5_2_PREVENT_BUFFER_OVERFLOW";
+    ComplianceCode["PCI_REQ_6_5_3_SECURE_CRYPTOGRAPHIC_STORAGE"] = "PCI_REQ_6_5_3_SECURE_CRYPTOGRAPHIC_STORAGE";
+    ComplianceCode["PCI_REQ_6_5_4_SECURE_COMM_CHANNELS"] = "PCI_REQ_6_5_4_SECURE_COMM_CHANNELS";
+    ComplianceCode["PCI_REQ_6_5_5_PROPER_ERROR_HANDLING"] = "PCI_REQ_6_5_5_PROPER_ERROR_HANDLING";
+    ComplianceCode["PCI_REQ_6_5_6_ADDRESS_HIGH_RISK_VULNS"] = "PCI_REQ_6_5_6_ADDRESS_HIGH_RISK_VULNS";
+    ComplianceCode["PCI_REQ_6_5_7_PREVENT_XSS"] = "PCI_REQ_6_5_7_PREVENT_XSS";
+    ComplianceCode["PCI_REQ_6_5_8_PREVENT_ACCESS_CONTROL_VULNS"] = "PCI_REQ_6_5_8_PREVENT_ACCESS_CONTROL_VULNS";
+    ComplianceCode["PCI_REQ_6_5_9_PREVENT_CSRF"] = "PCI_REQ_6_5_9_PREVENT_CSRF";
+    ComplianceCode["PCI_REQ_6_5_10_PREVENT_BROKEN_AUTH"] = "PCI_REQ_6_5_10_PREVENT_BROKEN_AUTH";
+    ComplianceCode["PCI_REQ_6_6_PROTECT_PUBLIC_WEB_APPS"] = "PCI_REQ_6_6_PROTECT_PUBLIC_WEB_APPS";
+    ComplianceCode["PCI_REQ_6_7_DOCUMENT_POLICIES_SECURE_SYSTEMS"] = "PCI_REQ_6_7_DOCUMENT_POLICIES_SECURE_SYSTEMS";
+    ComplianceCode["PCI_REQ_7_RESTRICT_ACCESS_NEED_TO_KNOW"] = "PCI_REQ_7_RESTRICT_ACCESS_NEED_TO_KNOW";
+    ComplianceCode["PCI_REQ_7_1_1_DEFINE_ROLE_BASED_ACCESS"] = "PCI_REQ_7_1_1_DEFINE_ROLE_BASED_ACCESS";
+    ComplianceCode["PCI_REQ_7_1_2_RESTRICT_PRIVILEGED_USER"] = "PCI_REQ_7_1_2_RESTRICT_PRIVILEGED_USER";
+    ComplianceCode["PCI_REQ_7_1_3_ASSIGN_ACCESS_BY_ROLE"] = "PCI_REQ_7_1_3_ASSIGN_ACCESS_BY_ROLE";
+    ComplianceCode["PCI_REQ_7_1_4_DOCUMENTED_APPROVAL"] = "PCI_REQ_7_1_4_DOCUMENTED_APPROVAL";
+    ComplianceCode["PCI_REQ_7_2_ACCESS_CONTROL_NEED_TO_KNOW"] = "PCI_REQ_7_2_ACCESS_CONTROL_NEED_TO_KNOW";
+    ComplianceCode["PCI_REQ_7_3_DOCUMENT_POLICIES_CARDHOLDER_DATA"] = "PCI_REQ_7_3_DOCUMENT_POLICIES_CARDHOLDER_DATA";
+    ComplianceCode["PCI_REQ_8_1_1_ASSIGN_UNIQUE_IDS"] = "PCI_REQ_8_1_1_ASSIGN_UNIQUE_IDS";
+    ComplianceCode["PCI_REQ_8_1_2_CONTROL_USER_ID_MANAGEMENT"] = "PCI_REQ_8_1_2_CONTROL_USER_ID_MANAGEMENT";
+    ComplianceCode["PCI_REQ_8_1_3_REVOKE_TERMINATED_USERS"] = "PCI_REQ_8_1_3_REVOKE_TERMINATED_USERS";
+    ComplianceCode["PCI_REQ_8_1_4_REMOVE_INACTIVE_ACCOUNTS"] = "PCI_REQ_8_1_4_REMOVE_INACTIVE_ACCOUNTS";
+    ComplianceCode["PCI_REQ_8_1_5_MANAGE_THIRD_PARTY_IDS"] = "PCI_REQ_8_1_5_MANAGE_THIRD_PARTY_IDS";
+    ComplianceCode["PCI_REQ_8_1_6_LIMIT_REPEATED_ACCESS_ATTEMPTS"] = "PCI_REQ_8_1_6_LIMIT_REPEATED_ACCESS_ATTEMPTS";
+    ComplianceCode["PCI_REQ_8_1_7_ACCOUNT_LOCKOUT_DURATION"] = "PCI_REQ_8_1_7_ACCOUNT_LOCKOUT_DURATION";
+    ComplianceCode["PCI_REQ_8_1_8_SESSION_RE_AUTH_IDLE"] = "PCI_REQ_8_1_8_SESSION_RE_AUTH_IDLE";
+    ComplianceCode["PCI_REQ_8_2_1_ENCRYPT_CREDENTIALS"] = "PCI_REQ_8_2_1_ENCRYPT_CREDENTIALS";
+    ComplianceCode["PCI_REQ_8_2_2_VERIFY_IDENTITY_BEFORE_CHANGE"] = "PCI_REQ_8_2_2_VERIFY_IDENTITY_BEFORE_CHANGE";
+    ComplianceCode["PCI_REQ_8_2_3_PASSWORD_STRENGTH"] = "PCI_REQ_8_2_3_PASSWORD_STRENGTH";
+    ComplianceCode["PCI_REQ_8_2_4_PASSWORD_EXPIRATION"] = "PCI_REQ_8_2_4_PASSWORD_EXPIRATION";
+    ComplianceCode["PCI_REQ_8_2_5_PASSWORD_REUSE"] = "PCI_REQ_8_2_5_PASSWORD_REUSE";
+    ComplianceCode["PCI_REQ_8_2_6_UNIQUE_INITIAL_PASSWORD"] = "PCI_REQ_8_2_6_UNIQUE_INITIAL_PASSWORD";
+    ComplianceCode["PCI_REQ_8_3_SECURE_REMOTE_ACCESS_MFA"] = "PCI_REQ_8_3_SECURE_REMOTE_ACCESS_MFA";
+    ComplianceCode["PCI_REQ_8_4_DOCUMENT_AUTH_POLICIES"] = "PCI_REQ_8_4_DOCUMENT_AUTH_POLICIES";
+    ComplianceCode["PCI_REQ_8_5_1_UNIQUE_CREDS_SERVICE_PROVIDERS"] = "PCI_REQ_8_5_1_UNIQUE_CREDS_SERVICE_PROVIDERS";
+    ComplianceCode["PCI_REQ_8_6_AUTH_MECHANISMS_INDIVIDUAL"] = "PCI_REQ_8_6_AUTH_MECHANISMS_INDIVIDUAL";
+    ComplianceCode["PCI_REQ_8_7_RESTRICT_DB_ACCESS"] = "PCI_REQ_8_7_RESTRICT_DB_ACCESS";
+    ComplianceCode["PCI_REQ_8_8_DOCUMENT_AUTH_POLICIES_COMM"] = "PCI_REQ_8_8_DOCUMENT_AUTH_POLICIES_COMM";
+    ComplianceCode["PCI_REQ_9_RESTRICT_PHYSICAL_ACCESS"] = "PCI_REQ_9_RESTRICT_PHYSICAL_ACCESS";
+    ComplianceCode["PCI_REQ_10_4_SYNCHRONIZE_CLOCKS"] = "PCI_REQ_10_4_SYNCHRONIZE_CLOCKS";
+    ComplianceCode["PCI_REQ_10_5_SECURE_AUDIT_TRAILS"] = "PCI_REQ_10_5_SECURE_AUDIT_TRAILS";
+    ComplianceCode["PCI_REQ_10_6_REVIEW_LOGS"] = "PCI_REQ_10_6_REVIEW_LOGS";
+    ComplianceCode["PCI_REQ_10_7_RETAIN_AUDIT_TRAIL"] = "PCI_REQ_10_7_RETAIN_AUDIT_TRAIL";
+    ComplianceCode["PCI_REQ_10_9_DOCUMENT_ACCESS_MONITORING"] = "PCI_REQ_10_9_DOCUMENT_ACCESS_MONITORING";
+    ComplianceCode["PCI_REQ_11_REGULAR_TESTING"] = "PCI_REQ_11_REGULAR_TESTING";
+    ComplianceCode["PCI_REQ_12_INFO_SEC_POLICY"] = "PCI_REQ_12_INFO_SEC_POLICY";
+    // --- SANS/CWE Top 25 (ComplianceId: 5) ---
+    ComplianceCode["SANS_TOP_25_CWE_79_XSS"] = "SANS_TOP_25_CWE_79_XSS";
+    ComplianceCode["SANS_TOP_25_CWE_787_OOB_WRITE"] = "SANS_TOP_25_CWE_787_OOB_WRITE";
+    ComplianceCode["SANS_TOP_25_CWE_89_SQLI"] = "SANS_TOP_25_CWE_89_SQLI";
+    ComplianceCode["SANS_TOP_25_CWE_352_CSRF"] = "SANS_TOP_25_CWE_352_CSRF";
+    ComplianceCode["SANS_TOP_25_CWE_22_PATH_TRAVERSAL"] = "SANS_TOP_25_CWE_22_PATH_TRAVERSAL";
+    ComplianceCode["SANS_TOP_25_CWE_125_OOB_READ"] = "SANS_TOP_25_CWE_125_OOB_READ";
+    ComplianceCode["SANS_TOP_25_CWE_78_OS_COMMAND_INJECTION"] = "SANS_TOP_25_CWE_78_OS_COMMAND_INJECTION";
+    ComplianceCode["SANS_TOP_25_CWE_416_USE_AFTER_FREE"] = "SANS_TOP_25_CWE_416_USE_AFTER_FREE";
+    ComplianceCode["SANS_TOP_25_CWE_862_MISSING_AUTHZ"] = "SANS_TOP_25_CWE_862_MISSING_AUTHZ";
+    ComplianceCode["SANS_TOP_25_CWE_434_UNRESTRICTED_UPLOAD"] = "SANS_TOP_25_CWE_434_UNRESTRICTED_UPLOAD";
+    ComplianceCode["SANS_TOP_25_CWE_94_CODE_INJECTION"] = "SANS_TOP_25_CWE_94_CODE_INJECTION";
+    ComplianceCode["SANS_TOP_25_CWE_20_INPUT_VALIDATION"] = "SANS_TOP_25_CWE_20_INPUT_VALIDATION";
+    ComplianceCode["SANS_TOP_25_CWE_77_COMMAND_INJECTION"] = "SANS_TOP_25_CWE_77_COMMAND_INJECTION";
+    ComplianceCode["SANS_TOP_25_CWE_287_IMPROPER_AUTH"] = "SANS_TOP_25_CWE_287_IMPROPER_AUTH";
+    ComplianceCode["SANS_TOP_25_CWE_269_PRIVILEGE_MGMT"] = "SANS_TOP_25_CWE_269_PRIVILEGE_MGMT";
+    ComplianceCode["SANS_TOP_25_CWE_502_UNTRUSTED_DESER"] = "SANS_TOP_25_CWE_502_UNTRUSTED_DESER";
+    ComplianceCode["SANS_TOP_25_CWE_200_INFO_EXPOSURE"] = "SANS_TOP_25_CWE_200_INFO_EXPOSURE";
+    ComplianceCode["SANS_TOP_25_CWE_863_INCORRECT_AUTHZ"] = "SANS_TOP_25_CWE_863_INCORRECT_AUTHZ";
+    ComplianceCode["SANS_TOP_25_CWE_918_SSRF"] = "SANS_TOP_25_CWE_918_SSRF";
+    ComplianceCode["SANS_TOP_25_CWE_119_MEMORY_BOUNDS"] = "SANS_TOP_25_CWE_119_MEMORY_BOUNDS";
+    ComplianceCode["SANS_TOP_25_CWE_476_NULL_DEREF"] = "SANS_TOP_25_CWE_476_NULL_DEREF";
+    ComplianceCode["SANS_TOP_25_CWE_798_HARDCODED_CREDS"] = "SANS_TOP_25_CWE_798_HARDCODED_CREDS";
+    ComplianceCode["SANS_TOP_25_CWE_190_INTEGER_OVERFLOW"] = "SANS_TOP_25_CWE_190_INTEGER_OVERFLOW";
+    ComplianceCode["SANS_TOP_25_CWE_400_RESOURCE_CONSUMPTION"] = "SANS_TOP_25_CWE_400_RESOURCE_CONSUMPTION";
+    ComplianceCode["SANS_TOP_25_CWE_306_MISSING_AUTH"] = "SANS_TOP_25_CWE_306_MISSING_AUTH";
+})(ComplianceCode || (exports.ComplianceCode = ComplianceCode = {}));

package/dist-cjs/compliances/gdpr.js ADDED Viewed

@@ -0,0 +1,255 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GDPR_COMPLIANCE = void 0;
+const compliance_codes_1 = require("../compliance-codes");
+const types_1 = require("../types");
+const helpers_js_1 = require("./helpers.js");
+const authIds = (0, helpers_js_1.idsByCategory)('authentication');
+const injectionIds = (0, helpers_js_1.idsByCategory)('injection');
+const xssIds = (0, helpers_js_1.idsByCategory)('xss');
+const ssrfIds = (0, helpers_js_1.idsByCategory)('ssrf');
+const configIds = (0, helpers_js_1.idsByCategory)('configuration');
+const disclosureIds = (0, helpers_js_1.idsByCategory)('information_disclosure');
+const cookieIds = (0, helpers_js_1.idsByCodePrefix)(['COOKIE_']);
+const dirbrowseIds = (0, helpers_js_1.idsByCodePrefix)(['DIRBROWSE_']);
+const jwtIds = (0, helpers_js_1.idsByCodePrefix)(['JWT_']);
+const hstsIds = (0, helpers_js_1.idsByCodes)([
+    'HEADER_MISSING_HSTS',
+    'HEADER_HSTS_BAD_MAX_AGE',
+    'HEADER_HSTS_SHORT_MAX_AGE',
+    'HEADER_HSTS_NO_INCLUDESUBDOMAINS',
+    'HEADER_HSTS_PRELOAD_LOW_MAX_AGE',
+    'HEADER_DRIFT_HSTS',
+]);
+const cookieSecureIds = (0, helpers_js_1.idsByCodes)([
+    'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
+    'COOKIE_SESSION_MISSING_SECURE',
+    'COOKIE_MISSING_SECURE',
+    'COOKIE_HOST_PREFIX_INVALID',
+    'COOKIE_SECURE_PREFIX_INVALID',
+]);
+const allAppSecIds = (0, helpers_js_1.mergeIds)(authIds, injectionIds, xssIds, ssrfIds, configIds, disclosureIds);
+const authAndCookieIds = (0, helpers_js_1.mergeIds)(authIds, cookieIds);
+const accessRestrictionIds = (0, helpers_js_1.mergeIds)(authIds, cookieIds, dirbrowseIds, disclosureIds);
+const cryptoPolicyIds = (0, helpers_js_1.mergeIds)(jwtIds, hstsIds, cookieSecureIds);
+const inputValidationIds = (0, helpers_js_1.mergeIds)(injectionIds, xssIds, ssrfIds);
+const outputValidationIds = (0, helpers_js_1.mergeIds)(injectionIds, xssIds);
+const infoLeakageIds = (0, helpers_js_1.mergeIds)(configIds, disclosureIds);
+exports.GDPR_COMPLIANCE = {
+    [compliance_codes_1.ComplianceCode.GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES]: {
+        id: 1,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_10_1_1_DOCUMENTED_OPERATING_PROCEDURES,
+        title: 'A.10.1.1 Documented Operating Procedures',
+        description: 'Clear instructions for how systems and processes work should be written down, kept up to date, and shared with anyone who needs them.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_10_1_2_CHANGE_MANAGEMENT]: {
+        id: 2,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_10_1_2_CHANGE_MANAGEMENT,
+        title: 'A.10.1.2 Change Management',
+        description: 'Any updates or changes to systems and IT infrastructure should be carefully managed and monitored to avoid problems.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_10_1_3_SEGREGATION_OF_DUTIES]: {
+        id: 3,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_10_1_3_SEGREGATION_OF_DUTIES,
+        title: 'A.10.1.3 Segregation of Duties',
+        description: 'Responsibilities should be divided among different people to prevent unauthorized actions or mistakes that could harm the organization.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS]: {
+        id: 4,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_10_1_4_SEPARATION_DEV_TEST_OPS,
+        title: 'A.10.1.4  Separation of Development, Testing, and Operations',
+        description: 'The environments for creating, testing, and running software should be kept separate to minimize risks like unauthorized access or accidental changes to live systems.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_10_2_1_SERVICE_DELIVERY]: {
+        id: 5,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_10_2_1_SERVICE_DELIVERY,
+        title: 'A.10.2.1 Service delivery',
+        description: 'Make sure that any security rules, service standards, and delivery expectations agreed with a third party are followed and maintained by them.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_10_3_2_SYSTEM_ACCEPTANCE]: {
+        id: 9,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_10_3_2_SYSTEM_ACCEPTANCE,
+        title: 'A.10.3.2 System acceptance',
+        description: 'Before fully using updated systems, ensure they meet security and performance standards through thorough testing.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: allAppSecIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT]: {
+        id: 36,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_2_3_USER_PASSWORD_MANAGEMENT,
+        title: 'A.11.2.3 User Password Management',
+        description: 'Manage password distribution securely through a formal process.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_3_1_PASSWORD_USE]: {
+        id: 38,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_3_1_PASSWORD_USE,
+        title: 'A.11.3.1 Password Use',
+        description: 'Users must follow strong security practices when creating and using passwords.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION]: {
+        id: 44,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_4_4_REMOTE_DIAGNOSTIC_PORT_PROTECTION,
+        title: 'A.11.4.4 Remote Diagnostic and Configuration Port Protection',
+        description: 'Control both physical and logical access to ports used for remote diagnostics and system configuration.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: disclosureIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM]: {
+        id: 50,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_5_3_PASSWORD_MANAGEMENT_SYSTEM,
+        title: 'A.11.5.3 Password Management System',
+        description: 'Use an interactive system to manage passwords, ensuring they are strong and meet security standards.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES]: {
+        id: 51,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_5_4_USE_OF_SYSTEM_UTILITIES,
+        title: 'A.11.5.4 Use of System Utilities',
+        description: 'Restrict and control the use of utility programs that can bypass system or application security.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_5_5_SESSION_TIMEOUT]: {
+        id: 52,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_5_5_SESSION_TIMEOUT,
+        title: 'A.11.5.5 Session Time-out',
+        description: 'Automatically log users out after a period of inactivity to protect the system.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME]: {
+        id: 53,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_5_6_LIMITATION_CONNECTION_TIME,
+        title: 'A.11.5.6 Limitation of Connection Time',
+        description: 'Limit connection times, especially for high-risk applications, to enhance security.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: authAndCookieIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION]: {
+        id: 54,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_11_6_1_INFORMATION_ACCESS_RESTRICTION,
+        title: 'A.11.6.1 Information Access Restriction',
+        description: 'Limit access to information and system functions based on the access control policy for users and support staff.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS]: {
+        id: 58,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_1_1_SECURITY_REQUIREMENTS_ANALYSIS,
+        title: 'A.12.1.1 Security Requirements Analysis and Specification',
+        description: 'When defining business requirements for new or updated information systems, include specific security control requirements to ensure protection.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_2_1_INPUT_DATA_VALIDATION]: {
+        id: 59,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_2_1_INPUT_DATA_VALIDATION,
+        title: 'A.12.2.1 Input Data Validation',
+        description: 'Validate all data entered into applications to ensure it\'s accurate and appropriate.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: inputValidationIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION]: {
+        id: 62,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_2_4_OUTPUT_DATA_VALIDATION,
+        title: 'A.12.2.4 Output Data Validation',
+        description: 'Validate the data output from applications to confirm that the processed information is correct and relevant.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: outputValidationIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS]: {
+        id: 63,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_3_1_POLICY_CRYPTOGRAPHIC_CONTROLS,
+        title: 'A.12.3.1 Policy on the Use of Cryptographic Controls',
+        description: 'Develop and implement a policy for using cryptographic methods to protect information.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: cryptoPolicyIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_3_2_KEY_MANAGEMENT]: {
+        id: 64,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_3_2_KEY_MANAGEMENT,
+        title: 'A.12.3.2 Key Management',
+        description: 'Establish a key management system to support the organization\'s use of encryption and cryptographic techniques.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: cryptoPolicyIds,
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE]: {
+        id: 67,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_4_3_ACCESS_CONTROL_SOURCE_CODE,
+        title: 'A.12.4.3 Access Control to Program Source Code',
+        description: 'Restrict access to the source code of programs to authorized personnel only.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE]: {
+        id: 70,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_5_3_RESTRICTIONS_CHANGES_SOFTWARE,
+        title: 'A.12.5.3 Restrictions on Changes to Software Packages',
+        description: 'Limit modifications to software packages to necessary changes only, and tightly control all adjustments.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: accessRestrictionIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_5_4_INFORMATION_LEAKAGE]: {
+        id: 71,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_5_4_INFORMATION_LEAKAGE,
+        title: 'A.12.5.4  Information Leakage',
+        description: 'Prevent any opportunities that could lead to unauthorized information leakage.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: infoLeakageIds,
+        isNotApplicable: true,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV]: {
+        id: 72,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_5_5_OUTSOURCED_SOFTWARE_DEV,
+        title: 'A.12.5.5 Outsourced Software Development',
+        description: 'Supervise and monitor outsourced software development activities to ensure they meet the organization s security and quality standards.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: [],
+        isNotApplicable: false,
+    },
+    [compliance_codes_1.ComplianceCode.GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES]: {
+        id: 73,
+        code: compliance_codes_1.ComplianceCode.GDPR_A_12_6_1_CONTROL_TECHNICAL_VULNERABILITIES,
+        title: 'A.12.6.1 Control of Technical Vulnerabilities',
+        description: 'Stay informed about technical vulnerabilities in the systems being used, assess the organization\'s exposure to them, and take necessary actions to manage the associated risks.',
+        complianceStandard: types_1.ComplianceCategory.GDPR,
+        relatedVulnerabilityIds: allAppSecIds,
+        isNotApplicable: true,
+    },
+};

package/dist-cjs/compliances/helpers.js ADDED Viewed

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mergeIds = exports.idsByCodePrefix = exports.idsByCodes = exports.idsByCategory = exports.allVulnerabilityIds = void 0;
+const index_js_1 = require("../index.js");
+const ALL_VULNERABILITIES = Object.values(index_js_1.VULNERABILITY_REGISTRY);
+const uniqueSorted = (ids) => Array.from(new Set(ids)).sort((a, b) => a - b);
+const allVulnerabilityIds = () => uniqueSorted(ALL_VULNERABILITIES.map(v => v.id));
+exports.allVulnerabilityIds = allVulnerabilityIds;
+const idsByCategory = (category) => uniqueSorted(ALL_VULNERABILITIES.filter(v => v.category === category).map(v => v.id));
+exports.idsByCategory = idsByCategory;
+const idsByCodes = (codes) => uniqueSorted(codes
+    .map(code => index_js_1.VULNERABILITY_REGISTRY[code]?.id)
+    .filter((id) => typeof id === 'number'));
+exports.idsByCodes = idsByCodes;
+const idsByCodePrefix = (prefixes) => uniqueSorted(ALL_VULNERABILITIES.filter(v => prefixes.some(prefix => v.code.startsWith(prefix)))
+    .map(v => v.id));
+exports.idsByCodePrefix = idsByCodePrefix;
+const mergeIds = (...lists) => uniqueSorted(lists.flat());
+exports.mergeIds = mergeIds;