hackmyagent 0.11.11 → 0.11.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -21
- package/dist/arp/engine/correlation.d.ts +27 -0
- package/dist/arp/engine/correlation.d.ts.map +1 -0
- package/dist/arp/engine/correlation.js +95 -0
- package/dist/arp/engine/correlation.js.map +1 -0
- package/dist/arp/engine/event-engine.d.ts +1 -0
- package/dist/arp/engine/event-engine.d.ts.map +1 -1
- package/dist/arp/engine/event-engine.js +16 -0
- package/dist/arp/engine/event-engine.js.map +1 -1
- package/dist/arp/index.d.ts +2 -0
- package/dist/arp/index.d.ts.map +1 -1
- package/dist/arp/index.js +5 -1
- package/dist/arp/index.js.map +1 -1
- package/dist/arp/intelligence/anomaly.d.ts +4 -0
- package/dist/arp/intelligence/anomaly.d.ts.map +1 -1
- package/dist/arp/intelligence/anomaly.js +71 -0
- package/dist/arp/intelligence/anomaly.js.map +1 -1
- package/dist/arp/intelligence/nanomind-l1.d.ts +72 -0
- package/dist/arp/intelligence/nanomind-l1.d.ts.map +1 -0
- package/dist/arp/intelligence/nanomind-l1.js +268 -0
- package/dist/arp/intelligence/nanomind-l1.js.map +1 -0
- package/dist/arp/monitors/network.d.ts +16 -1
- package/dist/arp/monitors/network.d.ts.map +1 -1
- package/dist/arp/monitors/network.js +55 -1
- package/dist/arp/monitors/network.js.map +1 -1
- package/dist/arp/proxy/server.d.ts +7 -0
- package/dist/arp/proxy/server.d.ts.map +1 -1
- package/dist/arp/proxy/server.js +24 -0
- package/dist/arp/proxy/server.js.map +1 -1
- package/dist/cli.js +30 -8
- package/dist/cli.js.map +1 -1
- package/dist/hardening/scanner.d.ts +1 -1
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +192 -1
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/output/asff.d.ts +37 -0
- package/dist/output/asff.d.ts.map +1 -0
- package/dist/output/asff.js +111 -0
- package/dist/output/asff.js.map +1 -0
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* hackmyagent — Find it. Break it. Fix it.
|
|
3
3
|
* Unified security toolkit for AI agents.
|
|
4
4
|
*/
|
|
5
|
-
export declare const VERSION = "0.11.
|
|
5
|
+
export declare const VERSION = "0.11.11";
|
|
6
6
|
export { checkSkill, parseSkillIdentifier, analyzePermissions, analyzeSkillDependencies, buildDependencyGraph, detectCircularDeps, detectPhantomDeps, detectUnpinnedDeps, parseSkillFrontmatter, } from './checker';
|
|
7
7
|
export type { CheckResult, CheckOptions, PublisherInfo, PermissionInfo, RevocationInfo, RiskLevel, SkillIdentifier, PermissionAnalysis, SkillMetadata, DependencyGraph, } from './checker';
|
|
8
8
|
export { HardeningScanner } from './hardening';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,YAAY,CAAC;AAGjC,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GACtB,MAAM,WAAW,CAAC;AAEnB,YAAY,EACV,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,cAAc,EACd,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,yBAAyB,IAAI,8BAA8B,EAC3D,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,WAAW,EACX,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,mBAAmB,EACnB,UAAU,EACV,yBAAyB,EACzB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAE1B,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,WAAW,EACX,eAAe,EACf,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,sBAAsB,EACtB,aAAa,EACb,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,cAAc,EACd,OAAO,IAAI,aAAa,EACxB,WAAW,EACX,UAAU,EACV,YAAY,EACZ,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,YAAY,IAAI,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,OAAO,CAAC;AACnG,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,OAAO,CAAC;AAGzF,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACpG,YAAY,EACV,SAAS,EACT,YAAY,EACZ,SAAS,EACT,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG7C,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,+BAA+B,EAC/B,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,qBAAa,OAAO;IACZ,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAOhD"}
|
package/dist/index.js
CHANGED
|
@@ -7,7 +7,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
7
7
|
exports.buildPublishPayload = exports.signPayload = exports.readAgentKeypair = exports.buildCommunityAttackReport = exports.buildCommunityReport = exports.buildAttackReport = exports.buildScanReport = exports.RegistryClient = exports.isValidBenchmark = exports.AVAILABLE_BENCHMARKS = exports.calculateRating = exports.getCheckIdsForLevel = exports.getControlsForCategory = exports.getControlsForLevel = exports.OASB_1_NAME = exports.OASB_1_VERSION = exports.OASB_1_CATEGORIES = exports.TOOL_SHADOW_PAYLOADS = exports.SUPPLY_CHAIN_PAYLOADS = exports.CONTEXT_WINDOW_PAYLOADS = exports.MEMORY_WEAPONIZATION_PAYLOADS = exports.A2A_ATTACK_PAYLOADS = exports.MCP_EXPLOITATION_PAYLOADS = exports.shouldFail = exports.parseCustomPayloads = exports.getPayloadsByIntensity = exports.getPayloadsByCategory = exports.getPayloadById = exports.getPayloads = exports.PAYLOAD_STATS = exports.ALL_PAYLOADS = exports.ATTACK_CATEGORIES = exports.AttackScanner = exports.validateCapabilities = exports.inferActualCapabilities = exports.parseSkillDeclaredCapabilities = exports.isLikelyFalsePositive = exports.classifySkillSection = exports.ExternalScanner = exports.HardeningScanner = exports.parseSkillFrontmatter = exports.detectUnpinnedDeps = exports.detectPhantomDeps = exports.detectCircularDeps = exports.buildDependencyGraph = exports.analyzeSkillDependencies = exports.analyzePermissions = exports.parseSkillIdentifier = exports.checkSkill = exports.VERSION = void 0;
|
|
8
8
|
exports.Scanner = exports.recordScanAndMaybeShowTip = exports.showContributePrompt = exports.saveContributeChoice = exports.incrementScanCount = exports.shouldPromptContribute = exports.isContributeEnabled = exports.submitContribution = exports.flushQueue = exports.queueAndMaybeFlush = exports.queueEvent = exports.buildContributionPayloadFromDir = exports.buildScanEvent = exports.getContributorToken = exports.generateContributorToken = exports.DOMAIN_TEMPLATES = exports.PROFILE_DOMAINS = exports.GOVERNANCE_FILES = exports.DOMAIN_ORDER = exports.CONTROL_DEFS = exports.SoulScanner = exports.parseDeclaredCapabilities = exports.createCapabilityMonitor = exports.SkillCapabilityMonitor = exports.AgentRuntimeProtection = exports.createSkillguardPlugin = exports.createSigncryptPlugin = exports.createCredVaultPlugin = exports.clearRegistry = exports.listPlugins = exports.getPlugin = exports.registerPlugin = exports.buildDeepScanResult = exports.CostEstimator = exports.SEMANTIC_OASB_MAPPINGS = exports.toSecurityFindings = exports.toSecurityFinding = exports.BudgetTracker = exports.LLMCache = exports.AnthropicClient = exports.LLMAnalyzer = exports.PermissionModelAnalyzer = exports.InstructionAnalyzer = exports.McpConfigAnalyzer = exports.CredentialContextAnalyzer = exports.StructuralAnalyzer = exports.formatPublishOutput = exports.publishScanResults = void 0;
|
|
9
9
|
exports.createScanner = createScanner;
|
|
10
|
-
exports.VERSION = '0.11.
|
|
10
|
+
exports.VERSION = '0.11.11';
|
|
11
11
|
// Checker module
|
|
12
12
|
var checker_1 = require("./checker");
|
|
13
13
|
Object.defineProperty(exports, "checkSkill", { enumerable: true, get: function () { return checker_1.checkSkill; } });
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;AA0OH,sCAEC;AA1OY,QAAA,OAAO,GAAG,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;AA0OH,sCAEC;AA1OY,QAAA,OAAO,GAAG,SAAS,CAAC;AAEjC,iBAAiB;AACjB,qCAUmB;AATjB,qGAAA,UAAU,OAAA;AACV,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,mHAAA,wBAAwB,OAAA;AACxB,+GAAA,oBAAoB,OAAA;AACpB,6GAAA,kBAAkB,OAAA;AAClB,4GAAA,iBAAiB,OAAA;AACjB,6GAAA,kBAAkB,OAAA;AAClB,gHAAA,qBAAqB,OAAA;AAgBvB,mBAAmB;AACnB,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAGzB,0BAA0B;AAC1B,qCAA4C;AAAnC,0GAAA,eAAe,OAAA;AAQxB,wBAAwB;AACxB,yCAA0E;AAAjE,iHAAA,oBAAoB,OAAA;AAAE,kHAAA,qBAAqB,OAAA;AAEpD,yCAIqB;AAHnB,2HAAA,yBAAyB,OAAkC;AAC3D,oHAAA,uBAAuB,OAAA;AACvB,iHAAA,oBAAoB,OAAA;AAItB,gBAAgB;AAChB,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AAEtB,mCAgBkB;AAfhB,2GAAA,iBAAiB,OAAA;AACjB,sGAAA,YAAY,OAAA;AACZ,uGAAA,aAAa,OAAA;AACb,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,+GAAA,qBAAqB,OAAA;AACrB,gHAAA,sBAAsB,OAAA;AACtB,6GAAA,mBAAmB,OAAA;AACnB,oGAAA,UAAU,OAAA;AACV,mHAAA,yBAAyB,OAAA;AACzB,6GAAA,mBAAmB,OAAA;AACnB,uHAAA,6BAA6B,OAAA;AAC7B,iHAAA,uBAAuB,OAAA;AACvB,+GAAA,qBAAqB,OAAA;AACrB,8GAAA,oBAAoB,OAAA;AAiBtB,oBAAoB;AACpB,2CAUsB;AATpB,+GAAA,iBAAiB,OAAA;AACjB,4GAAA,cAAc,OAAA;AACd,yGAAA,WAAW,OAAA;AACX,iHAAA,mBAAmB,OAAA;AACnB,oHAAA,sBAAsB,OAAA;AACtB,iHAAA,mBAAmB,OAAA;AACnB,6GAAA,eAAe,OAAA;AACf,kHAAA,oBAAoB,OAAA;AACpB,8GAAA,gBAAgB,OAAA;AAalB,kBAAkB;AAClB,uCAYoB;AAXlB,0GAAA,cAAc,OAAA;AACd,2GAAA,eAAe,OAAA;AACf,6GAAA,iBAAiB,OAAA;AACjB,gHAAA,oBAAoB,OAAA;AACpB,sHAAA,0BAA0B,OAAA;AAC1B,mBAAmB;AACnB,4GAAA,gBAAgB,OAAA;AAChB,uGAAA,WAAW,OAAA;AACX,+GAAA,mBAAmB,OAAA;AACnB,8GAAA,kBAAkB,OAAA;AAClB,+GAAA,mBAAmB,OAAA;AAarB,+CAA+C;AAC/C,uCAeoB;AAdlB,8GAAA,kBAAkB,OAAA;AAClB,qHAAA,yBAAyB,OAAA;AACzB,6GAAA,iBAAiB,OAAA;AACjB,+GAAA,mBAAmB,OAAA;AACnB,mHAAA,uBAAuB,OAAA;AACvB,uGAAA,WAAW,OAAA;AACX,2GAAA,eAAe,OAAA;AACf,oGAAA,QAAQ,OAAA;AACR,yGAAA,aAAa,OAAA;AACb,6GAAA,iBAAiB,OAAA;AACjB,8GAAA,kBAAkB,OAAA;AAClB,kHAAA,sBAAsB,OAAA;AACtB,yGAAA,aAAa,OAAA;AACb,+GAAA,mBAAmB,OAAA;AAGrB,gBAAgB;AAChB,uCAKwB;AAJtB,sGAAA,cAAc,OAAA;AACd,iGAAA,SAAS,OAAA;AACT,mGAAA,WAAW,OAAA;AACX,qGAAA,aAAa,OAAA;AAaf,mBAAmB;AACnB,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,iDAA4E;AAAnE,kHAAA,YAAY,OAAyB;AAC9C,mDAA8E;AAArE,oHAAA,YAAY,OAA0B;AAE/C,2BAA2B;AAC3B,6BAA+C;AAAtC,6GAAA,sBAAsB,OAAA;AAC/B,6BAAmG;AAA1F,6GAAA,sBAAsB,OAAA;AAAE,8GAAA,uBAAuB,OAAA;AAAE,gHAAA,yBAAyB,OAAA;AAGnF,8CAA8C;AAC9C,+BAAoG;AAA3F,mGAAA,WAAW,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,oGAAA,YAAY,OAAA;AAAE,wGAAA,gBAAgB,OAAA;AAAE,uGAAA,eAAe,OAAA;AAWnF,+BAA0C;AAAjC,wGAAA,gBAAgB,OAAA;AAGzB,iEAAiE;AACjE,yCAeqB;AAdnB,qHAAA,wBAAwB,OAAA;AACxB,gHAAA,mBAAmB,OAAA;AACnB,2GAAA,cAAc,OAAA;AACd,4HAAA,+BAA+B,OAAA;AAC/B,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,uGAAA,UAAU,OAAA;AACV,+GAAA,kBAAkB,OAAA;AAClB,gHAAA,mBAAmB,OAAA;AACnB,mHAAA,sBAAsB,OAAA;AACtB,+GAAA,kBAAkB,OAAA;AAClB,iHAAA,oBAAoB,OAAA;AACpB,iHAAA,oBAAoB,OAAA;AACpB,sHAAA,yBAAyB,OAAA;AAsB3B,SAAgB,aAAa;IAC3B,OAAO,IAAI,OAAO,EAAE,CAAC;AACvB,CAAC;AAED,MAAa,OAAO;IAClB,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,OAAO;YACL,MAAM;YACN,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;IACJ,CAAC;CACF;AARD,0BAQC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Security Finding Format (ASFF) adapter.
|
|
3
|
+
*
|
|
4
|
+
* Transforms HMA security findings into ASFF JSON for import
|
|
5
|
+
* into AWS Security Hub via BatchImportFindings API.
|
|
6
|
+
*
|
|
7
|
+
* Usage:
|
|
8
|
+
* hackmyagent secure --format asff
|
|
9
|
+
* hackmyagent secure --format asff | aws securityhub batch-import-findings --findings file:///dev/stdin
|
|
10
|
+
*
|
|
11
|
+
* Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
|
|
12
|
+
*/
|
|
13
|
+
export interface SecurityFinding {
|
|
14
|
+
checkId: string;
|
|
15
|
+
name: string;
|
|
16
|
+
severity: string;
|
|
17
|
+
passed: boolean;
|
|
18
|
+
fixed?: boolean;
|
|
19
|
+
message?: string;
|
|
20
|
+
file?: string;
|
|
21
|
+
line?: number;
|
|
22
|
+
recommendation?: string;
|
|
23
|
+
category?: string;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Convert HMA findings to AWS Security Finding Format.
|
|
27
|
+
*/
|
|
28
|
+
export declare function toASSF(findings: SecurityFinding[], options?: {
|
|
29
|
+
awsAccountId?: string;
|
|
30
|
+
awsRegion?: string;
|
|
31
|
+
targetDir?: string;
|
|
32
|
+
}): string;
|
|
33
|
+
/**
|
|
34
|
+
* Split ASFF findings into batches of 100 (AWS API limit).
|
|
35
|
+
*/
|
|
36
|
+
export declare function batchASSF(assfJson: string): string[];
|
|
37
|
+
//# sourceMappingURL=asff.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asff.d.ts","sourceRoot":"","sources":["../../src/output/asff.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAiDD;;GAEG;AACH,wBAAgB,MAAM,CACpB,QAAQ,EAAE,eAAe,EAAE,EAC3B,OAAO,GAAE;IACP,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL,MAAM,CAuER;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CASpD"}
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* AWS Security Finding Format (ASFF) adapter.
|
|
4
|
+
*
|
|
5
|
+
* Transforms HMA security findings into ASFF JSON for import
|
|
6
|
+
* into AWS Security Hub via BatchImportFindings API.
|
|
7
|
+
*
|
|
8
|
+
* Usage:
|
|
9
|
+
* hackmyagent secure --format asff
|
|
10
|
+
* hackmyagent secure --format asff | aws securityhub batch-import-findings --findings file:///dev/stdin
|
|
11
|
+
*
|
|
12
|
+
* Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
|
|
13
|
+
*/
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.toASSF = toASSF;
|
|
16
|
+
exports.batchASSF = batchASSF;
|
|
17
|
+
const SEVERITY_MAP = {
|
|
18
|
+
critical: 'CRITICAL',
|
|
19
|
+
high: 'HIGH',
|
|
20
|
+
medium: 'MEDIUM',
|
|
21
|
+
low: 'LOW',
|
|
22
|
+
informational: 'INFORMATIONAL',
|
|
23
|
+
info: 'INFORMATIONAL',
|
|
24
|
+
};
|
|
25
|
+
const CATEGORY_TYPE_MAP = {
|
|
26
|
+
credentials: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
27
|
+
mcp: 'Software and Configuration Checks/Industry and Regulatory Standards',
|
|
28
|
+
network: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
29
|
+
injection: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
30
|
+
supply_chain: 'Software and Configuration Checks/Vulnerabilities/CVE',
|
|
31
|
+
governance: 'Software and Configuration Checks/Industry and Regulatory Standards',
|
|
32
|
+
config: 'Software and Configuration Checks/AWS Security Best Practices',
|
|
33
|
+
};
|
|
34
|
+
/**
|
|
35
|
+
* Convert HMA findings to AWS Security Finding Format.
|
|
36
|
+
*/
|
|
37
|
+
function toASSF(findings, options = {}) {
|
|
38
|
+
const accountId = options.awsAccountId || process.env.AWS_ACCOUNT_ID || '000000000000';
|
|
39
|
+
const region = options.awsRegion || process.env.AWS_REGION || 'us-east-1';
|
|
40
|
+
const targetDir = options.targetDir || process.cwd();
|
|
41
|
+
const now = new Date().toISOString();
|
|
42
|
+
const productArn = `arn:aws:securityhub:${region}:${accountId}:product/${accountId}/default`;
|
|
43
|
+
// Only include failed (not passed, not fixed) findings
|
|
44
|
+
const failed = findings.filter(f => !f.passed && !f.fixed);
|
|
45
|
+
const assfFindings = failed.map(f => {
|
|
46
|
+
const severity = SEVERITY_MAP[f.severity] || 'INFORMATIONAL';
|
|
47
|
+
const category = f.category || f.checkId.split('-')[0].toLowerCase();
|
|
48
|
+
const types = CATEGORY_TYPE_MAP[category]
|
|
49
|
+
? [CATEGORY_TYPE_MAP[category]]
|
|
50
|
+
: ['Software and Configuration Checks'];
|
|
51
|
+
const title = f.name || f.checkId;
|
|
52
|
+
const description = (f.message || f.name || f.checkId).slice(0, 1024);
|
|
53
|
+
const finding = {
|
|
54
|
+
SchemaVersion: '2018-10-08',
|
|
55
|
+
Id: `opena2a/hma/${f.checkId}/${Date.now()}`,
|
|
56
|
+
ProductArn: productArn,
|
|
57
|
+
GeneratorId: `hackmyagent/${f.checkId}`,
|
|
58
|
+
AwsAccountId: accountId,
|
|
59
|
+
Types: types,
|
|
60
|
+
CreatedAt: now,
|
|
61
|
+
UpdatedAt: now,
|
|
62
|
+
Severity: {
|
|
63
|
+
Label: severity,
|
|
64
|
+
Original: f.severity,
|
|
65
|
+
},
|
|
66
|
+
Title: title.slice(0, 256),
|
|
67
|
+
Description: description,
|
|
68
|
+
Resources: [{
|
|
69
|
+
Type: 'Other',
|
|
70
|
+
Id: f.file || targetDir,
|
|
71
|
+
}],
|
|
72
|
+
ProductFields: {
|
|
73
|
+
'opena2a/checkId': f.checkId,
|
|
74
|
+
'opena2a/scanner': 'hackmyagent',
|
|
75
|
+
'opena2a/scannerVersion': '0.11.11',
|
|
76
|
+
},
|
|
77
|
+
RecordState: 'ACTIVE',
|
|
78
|
+
Workflow: { Status: 'NEW' },
|
|
79
|
+
};
|
|
80
|
+
if (f.recommendation) {
|
|
81
|
+
finding.Remediation = {
|
|
82
|
+
Recommendation: {
|
|
83
|
+
Text: f.recommendation.slice(0, 512),
|
|
84
|
+
Url: `https://hackmyagent.com/docs/checks/${f.checkId.toLowerCase()}`,
|
|
85
|
+
},
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
if (f.file) {
|
|
89
|
+
finding.Resources[0].Details = {
|
|
90
|
+
Other: {
|
|
91
|
+
filePath: f.file,
|
|
92
|
+
...(f.line ? { lineNumber: String(f.line) } : {}),
|
|
93
|
+
},
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
return finding;
|
|
97
|
+
});
|
|
98
|
+
return JSON.stringify(assfFindings, null, 2);
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Split ASFF findings into batches of 100 (AWS API limit).
|
|
102
|
+
*/
|
|
103
|
+
function batchASSF(assfJson) {
|
|
104
|
+
const findings = JSON.parse(assfJson);
|
|
105
|
+
const batches = [];
|
|
106
|
+
for (let i = 0; i < findings.length; i += 100) {
|
|
107
|
+
batches.push(JSON.stringify(findings.slice(i, i + 100), null, 2));
|
|
108
|
+
}
|
|
109
|
+
return batches;
|
|
110
|
+
}
|
|
111
|
+
//# sourceMappingURL=asff.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"asff.js","sourceRoot":"","sources":["../../src/output/asff.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAiEH,wBA8EC;AAKD,8BASC;AAlHD,MAAM,YAAY,GAA2B;IAC3C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,aAAa,EAAE,eAAe;IAC9B,IAAI,EAAE,eAAe;CACtB,CAAC;AAEF,MAAM,iBAAiB,GAA2B;IAChD,WAAW,EAAE,uDAAuD;IACpE,GAAG,EAAE,qEAAqE;IAC1E,OAAO,EAAE,uDAAuD;IAChE,SAAS,EAAE,uDAAuD;IAClE,YAAY,EAAE,uDAAuD;IACrE,UAAU,EAAE,qEAAqE;IACjF,MAAM,EAAE,+DAA+D;CACxE,CAAC;AAEF;;GAEG;AACH,SAAgB,MAAM,CACpB,QAA2B,EAC3B,UAII,EAAE;IAEN,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,cAAc,CAAC;IACvF,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,UAAU,GAAG,uBAAuB,MAAM,IAAI,SAAS,YAAY,SAAS,UAAU,CAAC;IAE7F,uDAAuD;IACvD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE3D,MAAM,YAAY,GAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC;QAC7D,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACrE,MAAM,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAE1C,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC;QAClC,MAAM,WAAW,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAe;YAC1B,aAAa,EAAE,YAAY;YAC3B,EAAE,EAAE,eAAe,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5C,UAAU,EAAE,UAAU;YACtB,WAAW,EAAE,eAAe,CAAC,CAAC,OAAO,EAAE;YACvC,YAAY,EAAE,SAAS;YACvB,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE;gBACR,KAAK,EAAE,QAAQ;gBACf,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB;YACD,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC1B,WAAW,EAAE,WAAW;YACxB,SAAS,EAAE,CAAC;oBACV,IAAI,EAAE,OAAO;oBACb,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,SAAS;iBACxB,CAAC;YACF,aAAa,EAAE;gBACb,iBAAiB,EAAE,CAAC,CAAC,OAAO;gBAC5B,iBAAiB,EAAE,aAAa;gBAChC,wBAAwB,EAAE,SAAS;aACpC;YACD,WAAW,EAAE,QAAQ;YACrB,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;SAC5B,CAAC;QAEF,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;YACrB,OAAO,CAAC,WAAW,GAAG;gBACpB,cAAc,EAAE;oBACd,IAAI,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACpC,GAAG,EAAE,uCAAuC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE;iBACtE;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG;gBAC7B,KAAK,EAAE;oBACL,QAAQ,EAAE,CAAC,CAAC,IAAI;oBAChB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAClD;aACF,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,QAAgB;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|