Skip to content

Commit

Permalink
Update GitHub Action and cciListXml2json script to create NIST->CCI J…
Browse files Browse the repository at this point in the history
…SON file and check in that file

Signed-off-by: Joyce Quach <[email protected]>
  • Loading branch information
jtquach1 committed Nov 1, 2024
1 parent 65038ca commit 25a2798
Show file tree
Hide file tree
Showing 3 changed files with 9,368 additions and 13 deletions.
23 changes: 13 additions & 10 deletions .github/workflows/convert-cci-list.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ name: Convert CCI List XML to JSON

on:
push:
branches: ['master']
# branches: ['master']
branches: ['add-convert-cci-list-workflow']

# Run this workflow on the 1st day at 00:00 every month
schedule:
- cron: '0 0 1 * *'
# schedule:
# - cron: '0 0 1 * *'

env:
# This URL is super brittle with how links constantly get changed.
Expand Down Expand Up @@ -45,19 +46,21 @@ jobs:
run: echo "ROOT_DIRECTORY=$(pwd)" >> $GITHUB_ENV

- name: Convert CCI List XML to two JSON files
run: yarn workspace @mitre/hdf-converters cciListXml2json $ROOT_DIRECTORY/U_CCI_List.xml $ROOT_DIRECTORY/U_CCI_List.nist.json $ROOT_DIRECTORY/U_CCI_List.defs.json
run: yarn workspace @mitre/hdf-converters cciListXml2json $ROOT_DIRECTORY/U_CCI_List.xml $ROOT_DIRECTORY/U_CCI_List.nist.json $ROOT_DIRECTORY/U_CCI_List.defs.json $ROOT_DIRECTORY/U_CCI_List.cci.json

- name: Update CCI to NIST and CCI to Definition mappings
run: |
mv $ROOT_DIRECTORY/U_CCI_List.nist.json $ROOT_DIRECTORY/libs/hdf-converters/src/mappings/
mv $ROOT_DIRECTORY/U_CCI_List.defs.json $ROOT_DIRECTORY/libs/hdf-converters/src/mappings/
mv $ROOT_DIRECTORY/U_CCI_List.cci.json $ROOT_DIRECTORY/libs/hdf-converters/src/mappings/
- name: Commit changes to CciNistMappingData.ts
run: |
git config --local user.email "[email protected]"
git config --local user.name "MITRE SAF Automation"
git add $ROOT_DIRECTORY/libs/hdf-converters/src/mappings/CciNistMappingData.ts
git commit -sm "Update CCI List to the current NIST and definition mappings as of $DATETIME"
git push
# run: |
# git config --local user.email "[email protected]"
# git config --local user.name "MITRE SAF Automation"
# git add $ROOT_DIRECTORY/U_CCI_List.nist.json $ROOT_DIRECTORY/U_CCI_List.defs.json $ROOT_DIRECTORY/U_CCI_List.cci.json
# git commit -sm "Update CCI List to the current NIST and definition mappings as of $DATETIME"
# git push
run: echo $DATETIME && git status
env:
DATETIME: ${{steps.publish-date.outputs.info}}
23 changes: 20 additions & 3 deletions libs/hdf-converters/data/converters/cciListXml2json.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ const parser = new xml2js.Parser();
const pathToInfile = process.argv[2];
const pathToCci2NistOutfile = process.argv[3];
const pathToCci2DefinitionsOutfile = process.argv[4];
const pathToNist2CciOutfile = process.argv[5];

// XML Structure after conversion
export interface ICCIList {
Expand All @@ -25,7 +26,12 @@ export interface ICCIList {
};
}

if (!pathToInfile || !pathToCci2NistOutfile || !pathToCci2DefinitionsOutfile) {
if (
!pathToInfile ||
!pathToCci2NistOutfile ||
!pathToCci2DefinitionsOutfile ||
!pathToNist2CciOutfile
) {
console.error(`You must provide the path to the input and two output files.`);
} else {
fs.readFile(pathToInfile, function (readFileError, data) {
Expand All @@ -37,9 +43,11 @@ if (!pathToInfile || !pathToCci2NistOutfile || !pathToCci2DefinitionsOutfile) {
if (parseFileError) {
console.error(`Failed to parse ${pathToInfile}: ${parseFileError}`);
} else {
// These store our CCI->NIST names and definitions mappings
// These store our CCI->NIST names, CCI->definitions, and NIST->CCI mappings
const nists: Record<string, string> = {};
const definitions: Record<string, string> = {};
const ccis: Record<string, string[]> = {};

// For all CCI items
for (const cciItem of converted.cci_list.cci_items[0].cci_item) {
// Get the latest reference
Expand All @@ -49,6 +57,11 @@ if (!pathToInfile || !pathToCci2NistOutfile || !pathToCci2DefinitionsOutfile) {
);
if (newestReference) {
nists[cciItem.$.id] = newestReference.$.index;
if (ccis[newestReference.$.index] === undefined) {
ccis[newestReference.$.index] = [cciItem.$.id];
} else {
ccis[newestReference.$.index].push(cciItem.$.id);
}
definitions[cciItem.$.id] = cciItem.definition[0];
} else {
console.error(`No NIST Controls found for ${cciItem.$.id}`);
Expand All @@ -60,7 +73,11 @@ if (!pathToInfile || !pathToCci2NistOutfile || !pathToCci2DefinitionsOutfile) {
);
fs.writeFileSync(
pathToCci2DefinitionsOutfile,
JSON.stringify(definitions)
JSON.stringify(definitions, null, 2)
);
fs.writeFileSync(
pathToNist2CciOutfile,
JSON.stringify(ccis, null, 2)
);
}
});
Expand Down
Loading

0 comments on commit 25a2798

Please sign in to comment.