Keep Revision info when mapping from CCI to NIST

Signed-off-by: Joyce Quach <[email protected]>
mitre · Nov 29, 2024 · 31f77ee · 31f77ee
1 parent 8ca987d
commit 31f77ee
Show file tree

Hide file tree

Showing 7 changed files with 30,659 additions and 5,117 deletions.
diff --git a/libs/hdf-converters/data/converters/cciListXml2json.ts b/libs/hdf-converters/data/converters/cciListXml2json.ts
@@ -34,7 +34,12 @@ export interface ICCIList {
         $: Record<string, string>;
         references?: {
           reference: {
-            $: Record<string, string>;
+            $: {
+              creator: string;
+              title: string;
+              version: string;
+              index: string;
+            };
           }[];
         }[];
         definition: string[];
@@ -43,6 +48,13 @@ export interface ICCIList {
   };
 }
 
+export type NistReference = {
+  version: string;
+  creator: string;
+  title: string;
+  nist: string;
+};
+
 // Check that we're not doing `npm test`; it will look for the arguments to the input and output files.
 const scriptIsCalled = process.argv[1].includes('cciListXml2json');
 
@@ -98,11 +110,11 @@ if (scriptIsCalled) {
 }
 
 function produceConversions(cciList: ICCIList): {
-  nists: Record<string, string[]>;
+  nists: Record<string, NistReference[]>;
   definitions: Record<string, string>;
   ccis: Record<string, string[]>;
 } {
-  const nists: Record<string, string[]> = {};
+  const nists: Record<string, NistReference[]> = {};
   const definitions: Record<string, string> = {};
   const ccis: Record<string, string[]> = {};
 
@@ -117,13 +129,18 @@ function produceConversions(cciList: ICCIList): {
     if (newestReference) {
       /* There's 1 out of the 2000+ CCI controls where this index string is composed of at
       least 2 comma-and-space-separated controls found in the latest revision. */
-      const nistIds = newestReference.$.index
+      const {version, creator, index, title} = newestReference.$;
+      const nistIds = index
         .split(/,\s*/)
         .map(parse_nist)
         .filter(is_control)
         .map((n) => n.canonize());
 
-      _.set(nists, cciId, nistIds);
+      _.set(
+        nists,
+        cciId,
+        nistIds.map((nist) => ({version, creator, title, nist}))
+      );
       _.set(definitions, cciId, cciItem.definition[0]);
 
       for (const nistId of nistIds) {

diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts
@@ -54,7 +54,9 @@ function cciRef(input: string): string[] {
  */
 function nistTag(input: string): string[] {
   const identifiers: string[] = cciRef(input);
-  return CCI2NIST(identifiers, DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS);
+  return CCI2NIST(identifiers, DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS).map(
+    ({nist}) => nist
+  );
 }
 
 /**

diff --git a/libs/hdf-converters/src/mappings/CciNistMapping.ts b/libs/hdf-converters/src/mappings/CciNistMapping.ts
@@ -4,15 +4,20 @@ import {
   NIST_TO_CCI
 } from '../mappings/NistCciMappingData';
 import {is_control, parse_nist} from 'inspecjs';
-import {CCI_TO_NIST} from './CciNistMappingData';
+import {CCI_TO_NIST, DEFAULT_NIST_REFERENCE} from './CciNistMappingData';
+import {NistReference} from '../../data/converters/cciListXml2json';
 
 export function CCI2NIST(
   identifiers: string[],
   defaultCci2Nist: string[]
-): string[] {
-  const DEFAULT_NIST_TAGS = defaultCci2Nist;
-  const nists: string[] = _.uniq(
-    identifiers.flatMap((cci) => _.get(CCI_TO_NIST, cci, []))
+): NistReference[] {
+  const DEFAULT_NIST_TAGS = defaultCci2Nist.map((nist) => ({
+    nist,
+    ...DEFAULT_NIST_REFERENCE
+  }));
+  const nists: NistReference[] = _.uniqBy(
+    identifiers.flatMap((cci) => _.get(CCI_TO_NIST, cci, [])),
+    (ref) => ref.nist
   );
   return nists.length > 0 ? nists : DEFAULT_NIST_TAGS;
 }

diff --git a/libs/hdf-converters/src/mappings/CciNistMappingData.ts b/libs/hdf-converters/src/mappings/CciNistMappingData.ts
@@ -1,9 +1,15 @@
 import cciToNistData from './U_CCI_List.nist.json';
 import cciToDefinitionData from './U_CCI_List.defs.json';
 import {HANDCRAFTED_DEFAULT_NIST_TO_CCI} from '../mappings/NistCciMappingData';
+import {NistReference} from '../../data/converters/cciListXml2json';
 
-export const CCI_TO_NIST: Record<string, string[]> = cciToNistData;
+export const CCI_TO_NIST: Record<string, NistReference[]> = cciToNistData;
 export const CCI_TO_DEFINITION: Record<string, string> = cciToDefinitionData;
+export const DEFAULT_NIST_REFERENCE: Omit<NistReference, 'nist'> = {
+  version: '5',
+  creator: 'NIST',
+  title: 'NIST SP 800-53 Revision 5'
+};
 
 // DEFAULT_NIST_TAG is applicable to all automated configuration tests.
 // SA-11 (DEVELOPER SECURITY TESTING AND EVALUATION) - RA-5 (VULNERABILITY SCANNING)