npm - genai-security-crosswalk - Versions diffs - 2.0.0 - Mend

genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/LICENSE.md +28 -0
package/README.md +618 -0
package/data/entries/ASI01.json +911 -0
package/data/entries/ASI02.json +850 -0
package/data/entries/ASI03.json +854 -0
package/data/entries/ASI04.json +759 -0
package/data/entries/ASI05.json +764 -0
package/data/entries/ASI06.json +817 -0
package/data/entries/ASI07.json +789 -0
package/data/entries/ASI08.json +788 -0
package/data/entries/ASI09.json +754 -0
package/data/entries/ASI10.json +833 -0
package/data/entries/DSGAI01.json +779 -0
package/data/entries/DSGAI02.json +728 -0
package/data/entries/DSGAI03.json +671 -0
package/data/entries/DSGAI04.json +752 -0
package/data/entries/DSGAI05.json +689 -0
package/data/entries/DSGAI06.json +673 -0
package/data/entries/DSGAI07.json +680 -0
package/data/entries/DSGAI08.json +698 -0
package/data/entries/DSGAI09.json +687 -0
package/data/entries/DSGAI10.json +627 -0
package/data/entries/DSGAI11.json +663 -0
package/data/entries/DSGAI12.json +695 -0
package/data/entries/DSGAI13.json +688 -0
package/data/entries/DSGAI14.json +703 -0
package/data/entries/DSGAI15.json +655 -0
package/data/entries/DSGAI16.json +716 -0
package/data/entries/DSGAI17.json +690 -0
package/data/entries/DSGAI18.json +613 -0
package/data/entries/DSGAI19.json +638 -0
package/data/entries/DSGAI20.json +671 -0
package/data/entries/DSGAI21.json +881 -0
package/data/entries/LLM01.json +975 -0
package/data/entries/LLM02.json +868 -0
package/data/entries/LLM03.json +817 -0
package/data/entries/LLM04.json +797 -0
package/data/entries/LLM05.json +761 -0
package/data/entries/LLM06.json +848 -0
package/data/entries/LLM07.json +749 -0
package/data/entries/LLM08.json +750 -0
package/data/entries/LLM09.json +760 -0
package/data/entries/LLM10.json +763 -0
package/data/incidents-schema.json +121 -0
package/data/incidents.json +1484 -0
package/data/schema.json +134 -0
package/dist/index.d.ts +97 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +124 -0
package/dist/index.js.map +1 -0
package/dist/index.test.d.ts +2 -0
package/dist/index.test.d.ts.map +1 -0
package/dist/index.test.js +97 -0
package/dist/index.test.js.map +1 -0
package/package.json +62 -0

package/data/incidents-schema.json ADDED Viewed

@@ -0,0 +1,121 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents-schema.json",
+  "title": "GenAI Security Crosswalk — Incident Database Schema",
+  "description": "Schema for real-world AI security incidents, mapped to OWASP entries and MAESTRO layers",
+  "type": "object",
+  "required": ["version", "generated", "incidents"],
+  "properties": {
+    "version":   { "type": "string" },
+    "generated": { "type": "string", "format": "date" },
+    "incidents": {
+      "type": "array",
+      "items": { "$ref": "#/definitions/Incident" }
+    }
+  },
+  "definitions": {
+    "Incident": {
+      "type": "object",
+      "required": ["id", "title", "date", "description", "owasp_entries", "maestro_layers", "attack_vector", "impact", "severity"],
+      "additionalProperties": false,
+      "properties": {
+        "id": {
+          "type": "string",
+          "pattern": "^INC-\\d{3}$",
+          "description": "Unique incident identifier"
+        },
+        "title": {
+          "type": "string",
+          "description": "Short descriptive title"
+        },
+        "date": {
+          "type": "string",
+          "pattern": "^\\d{4}(-\\d{2})?$",
+          "description": "YYYY or YYYY-MM of incident discovery/disclosure"
+        },
+        "year": {
+          "type": "integer",
+          "description": "Year for easy filtering"
+        },
+        "category": {
+          "type": "string",
+          "enum": ["real-world", "research-demonstrated", "red-team"],
+          "description": "Whether this is a confirmed real-world incident, researcher-demonstrated attack, or red-team finding"
+        },
+        "description": {
+          "type": "string",
+          "description": "What happened, how it was discovered, and what the outcome was"
+        },
+        "owasp_entries": {
+          "type": "array",
+          "items": { "type": "string", "pattern": "^(LLM|ASI|DSGAI)\\d{2}$" },
+          "minItems": 1,
+          "description": "OWASP entry IDs this incident exemplifies"
+        },
+        "maestro_layers": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["layer", "role"],
+            "properties": {
+              "layer": {
+                "type": "string",
+                "enum": ["L1", "L2", "L3", "L4", "L5", "L6", "L7"],
+                "description": "MAESTRO layer ID"
+              },
+              "label": {
+                "type": "string",
+                "description": "MAESTRO layer human name"
+              },
+              "role": {
+                "type": "string",
+                "enum": ["origin", "propagation", "impact", "blind-spot"],
+                "description": "How this layer is involved: origin=where attack starts, propagation=how it spreads, impact=where harm manifests, blind-spot=where detection failed"
+              },
+              "notes": {
+                "type": "string"
+              }
+            }
+          }
+        },
+        "attack_vector": {
+          "type": "string",
+          "description": "Technical mechanism of the attack"
+        },
+        "affected": {
+          "type": "string",
+          "description": "System, organisation, or product affected"
+        },
+        "impact": {
+          "type": "string",
+          "description": "Actual or potential harm caused"
+        },
+        "severity": {
+          "type": "string",
+          "enum": ["Critical", "High", "Medium", "Low"]
+        },
+        "mitigations": {
+          "type": "array",
+          "items": { "type": "string" },
+          "description": "Controls that would prevent or contain this incident"
+        },
+        "references": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["title", "url"],
+            "properties": {
+              "title": { "type": "string" },
+              "url":   { "type": "string", "format": "uri" },
+              "type":  { "type": "string", "enum": ["news", "research", "advisory", "disclosure", "legal"] }
+            }
+          }
+        },
+        "tags": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      }
+    }
+  }
+}