Skip to content

Commit

Permalink
Update XCCDF mapper and expected XML->HDF test outputs to not include…
Browse files Browse the repository at this point in the history
… static analysis tags if there are already existing found NIST tags and/or mapped CCI->NIST tags

Signed-off-by: Joyce Quach <[email protected]>
  • Loading branch information
jtquach1 committed Nov 8, 2024
1 parent faa3b6c commit 078c006
Show file tree
Hide file tree
Showing 10 changed files with 2,052 additions and 2,173 deletions.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

Large diffs are not rendered by default.

29 changes: 26 additions & 3 deletions libs/hdf-converters/src/xccdf-results-mapper.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import {ExecJSON} from 'inspecjs';
import {ExecJSON, is_control, NistControl, parse_nist} from 'inspecjs';
import * as _ from 'lodash';
import {version as HeimdallToolsVersion} from '../package.json';
import {
Expand Down Expand Up @@ -146,8 +146,31 @@ function extractCci(input: IIdent | IIdent[]): string[] {
return output;
}

function extractNist(input: IIdent | IIdent[]): string[] {
const inputArray = asArray(input);
return inputArray
.map((element) =>
_.get(
element,
'text',
'' // Rules may not always contain references.
)
)
.map(parse_nist)
.filter(is_control)
.flatMap((c) => c.canonize() || []);
}

function nistTag(input: IIdent | IIdent[]): string[] {
return CCI2NIST(extractCci(input), DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS);
// The XCCDF results input file might already contain some NIST tags.
const existingNists = extractNist(input);

// It might also have CCI tags adjacent to the NIST tags.
const ccis = extractCci(input);
const nistsFromMappedCcis = CCI2NIST(ccis, []);

const nists = _.uniq([...existingNists, ...nistsFromMappedCcis]);
return nists.length > 0 ? nists : DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS;
}

/**
Expand Down Expand Up @@ -307,7 +330,7 @@ export class XCCDFResultsMapper extends BaseConverter {
transformer: extractCci
},
nist: {
path: ['ident', 'reference'],
path: ['ident', 'reference'], // WIP: figure out why reference isn't being pulled
transformer: nistTag
},
severity: {path: 'severity'},
Expand Down

0 comments on commit 078c006

Please sign in to comment.