Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve xccdf_results_mapper when converting XCCDF Results to HDF Results #4255

Merged
merged 28 commits into from
Jul 13, 2023
Merged

Improve xccdf_results_mapper when converting XCCDF Results to HDF Results #4255

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
403987d
Improve xccdf_results_mapper when converting XCCDF->HDF
candrews Apr 12, 2023
88cd988
Merge branch 'master' into xccdf_results_mapper-improvements
aaronlippold Apr 13, 2023
25b361c
Minor changes requested by code review
candrews May 9, 2023
e8bc220
Use the "RegExp.exec()" method instead
candrews May 9, 2023
263cf60
Set impact to 0 for 'notapplicable' and 'informational' results
candrews May 9, 2023
c2640f5
Don't handle every array item within each array item
candrews May 11, 2023
51f047f
"version" should use "version.text" (not just "version")
candrews May 11, 2023
2f63274
For version, prefer version over id
candrews May 22, 2023
6992f6d
For version, remove unnecessary comment
candrews May 22, 2023
9276f02
Remove unnecessary String conversion
candrews May 22, 2023
71fad37
Add tsdoc to getRulesInGroup
candrews May 22, 2023
4b01555
Merge branch 'master' into xccdf_results_mapper-improvements
Amndeep7 May 23, 2023
f216a6f
removed 'id' as a potential path for 'version'. the complianceascode…
Amndeep7 May 23, 2023
747bdc8
linting
Amndeep7 May 23, 2023
2f618b2
Use triple equals for string comparson
candrews May 23, 2023
5a9cf54
Various fixes
candrews Jun 17, 2023
aad9481
Correct "refs" to comply with schema
candrews Jun 21, 2023
68ab499
Only include description if it has a label
candrews Jun 21, 2023
587282d
make the nist family part of the regexes only match against valid nis…
Amndeep7 Jun 23, 2023
d637e70
Use `as unknown as ControlDescription` instead of `as any`
candrews Jun 23, 2023
8df5b2d
Run lint on src/nist.ts
candrews Jun 23, 2023
cd8b2ee
Regenerate samples
candrews Jun 23, 2023
fc89563
Use concise character class syntax '\d' instead of '[0-9]'.
candrews Jun 23, 2023
ebdaade
the treemap expects a canonized form of the nist controls that are no…
Amndeep7 Jul 13, 2023
d855250
get rid of dupe nist tags - even if there were dupes in the original …
Amndeep7 Jul 13, 2023
e926155
could simplify the default_partial_config implementation and also ran…
Amndeep7 Jul 13, 2023
9e93622
sonarqube
Amndeep7 Jul 13, 2023
cd2aaa6
Merge branch 'master' into xccdf_results_mapper-improvements
Amndeep7 Jul 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64,639 changes: 64,639 additions & 0 deletions ...results_mapper/sample_input_report/xccdf-results-openscap-ComplianceAsCode-ubuntu1804.xml
View file
Open in desktop
Amndeep7 marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make sure to add/update the sample files in the saf cli as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming you mean at https://github.com/mitre/saf/tree/main/test/sample_data

That data would be updated as part of the PR that updates the version of the @mitre/hdf-converters dependency at https://github.com/mitre/saf/blob/73fa1def42f5eb39602d64debbe8a57a2ca5e2a2/package-lock.json#L223 which can only be done after this PR is merged and an updated version of this project (@mitre/hdf-converters) is released, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can just make a draft pr in that repo and say it's blocked by this one getting merged/released

Large diffs are not rendered by default.

141,424 changes: 141,424 additions & 0 deletions ...ers/sample_jsons/xccdf_results_mapper/xccdf-openscap-ComplianceAsCode-ubuntu1804-hdf.json
View file
Open in desktop

Large diffs are not rendered by default.

20,341 changes: 9,217 additions & 11,124 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-openscap-rhel7-hdf-withraw.json
View file
Open in desktop

Large diffs are not rendered by default.

20,267 changes: 9,180 additions & 11,087 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-openscap-rhel7-hdf.json
View file
Open in desktop

Large diffs are not rendered by default.

22,992 changes: 10,174 additions & 12,818 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-openscap-rhel8-hdf-withraw.json
View file
Open in desktop

Large diffs are not rendered by default.

22,976 changes: 10,166 additions & 12,810 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-openscap-rhel8-hdf.json
View file
Open in desktop

Large diffs are not rendered by default.

19,739 changes: 8,992 additions & 10,747 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-scc-rhel7-hdf-withraw.json
View file
Open in desktop

Large diffs are not rendered by default.

19,559 changes: 8,902 additions & 10,657 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-scc-rhel7-hdf.json
View file
Open in desktop

Large diffs are not rendered by default.

22,482 changes: 9,920 additions & 12,562 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-scc-rhel8-hdf-withraw.json
View file
Open in desktop

Large diffs are not rendered by default.

22,484 changes: 9,921 additions & 12,563 deletions libs/hdf-converters/sample_jsons/xccdf_results_mapper/xccdf-scc-rhel8-hdf.json
View file
Open in desktop

Large diffs are not rendered by default.

615 changes: 384 additions & 231 deletions libs/hdf-converters/src/xccdf-results-mapper.ts
View file
Open in desktop
Amndeep7 marked this conversation as resolved.
Show resolved Hide resolved

Large diffs are not rendered by default.

24 changes: 24 additions & 0 deletions libs/hdf-converters/test/mappers/forward/xccdf_mapper.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,30 @@ describe('xccdf_mapper', () => {
});
});
describe('OpenSCAP', () => {
it('ubuntu1804', () => {
const mapper = new XCCDFResultsMapper(
fs.readFileSync(
'sample_jsons/xccdf_results_mapper/sample_input_report/xccdf-results-openscap-ComplianceAsCode-ubuntu1804.xml',
{encoding: 'utf-8'}
)
);

// fs.writeFileSync(
Amndeep7 marked this conversation as resolved.
Show resolved Hide resolved
// 'sample_jsons/xccdf_results_mapper/xccdf-openscap-ComplianceAsCode-ubuntu1804-hdf.json',
// JSON.stringify(mapper.toHdf(), null, 2)
// );

expect(omitVersions(mapper.toHdf())).toEqual(
omitVersions(
JSON.parse(
fs.readFileSync(
'sample_jsons/xccdf_results_mapper/xccdf-openscap-ComplianceAsCode-ubuntu1804-hdf.json',
{encoding: 'utf-8'}
)
)
)
);
});
it('rhel7', () => {
const mapper = new XCCDFResultsMapper(
fs.readFileSync(
Expand Down
5 changes: 3 additions & 2 deletions libs/inspecjs/src/nist.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@ import {ControlStatus} from './compat_wrappers';
import {ALL_NIST_CONTROL_NUMBERS, ALL_NIST_FAMILIES} from './raw_nist';

// Regexes.
const NIST_FAMILY_RE = /^[A-Z]{2}$/;
// Matches against only currently existing NIST Control families instead of allowing any two adjacent uppercase letters
Amndeep7 marked this conversation as resolved.
Show resolved Hide resolved
const NIST_FAMILY_RE = /^(?:A[CPRTU]|C[AMP]|D[IM]|I[APR]|M[AP]|P[ELMS]|RA|S[ACEI]|TR|U[LM])$/;
Amndeep7 marked this conversation as resolved.
Show resolved Hide resolved
// Limit length of children to avoid potential DoS on malicious NIST Control strings
const NIST_CONTROL_RE = /^([A-Z]{2})-([0-9]+)(.{0,60})$/;
const NIST_CONTROL_RE = /^(A[CPRTU]|C[AMP]|D[IM]|I[APR]|M[AP]|P[ELMS]|RA|S[ACEI]|TR|U[LM])-([0-9]+)(.{0,60})$/;
const SPEC_SPLITTER = /[\s\(\)\.]+/; // Includes all whitespace, periods, and parenthesis
const REV_RE = /^rev[\s_.]+(\d+)$/i; // Matches Rev_5 etc
type ParseNist = NistControl | NistRevision | null;
Expand Down