Skip to content

Commit

Permalink
Revert NIST->CCI trie to Record<string, string[]>
Browse files Browse the repository at this point in the history
Signed-off-by: Joyce Quach <[email protected]>
  • Loading branch information
jtquach1 committed Nov 6, 2024
1 parent 706674c commit 483df2d
Show file tree
Hide file tree
Showing 4 changed files with 9,326 additions and 14,259 deletions.
44 changes: 1 addition & 43 deletions libs/hdf-converters/data/converters/cciListXml2json.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,6 @@ import xml2js from 'xml2js';
import {parseArgs} from 'node:util';
import {is_control, parse_nist} from 'inspecjs/src/nist';

export const CCIS_KEY = 'ccis';
export const DELIMITER = ' ';

// Documentation is located at https://github.com/mitre/heimdall2/wiki/Control-Correlation-Identifier-(CCI)-Converter.
const parser = new xml2js.Parser();

Expand Down Expand Up @@ -123,50 +120,11 @@ if (scriptIsCalled) {
);
fs.writeFileSync(
pathToNist2CciOutfile,
JSON.stringify(unflatten(ccis), null, 2)
JSON.stringify(ccis, null, 2)
);
}
});
}
});
}
}

type Leaf = {
[CCIS_KEY]?: string[];
};

type Branch = Leaf & {
[key: string]: Branch | string[] | undefined;
};

export type Trie = {
[key: string]: Branch;
};

export function removeParentheses(key: string): string {
return key.replace(/[()]/g, '');
}

function unflatten(fullNistPathToListOfCcis: Record<string, string[]>): Trie {
const result = {};

const keys = _.keys(fullNistPathToListOfCcis);
const nists = keys.map(parse_nist);

const paths = nists
.filter(is_control)
.map((control) => [
control.subSpecifiers.slice(0, 2).join('-'),
...control.subSpecifiers.slice(2)
]);

for (let i = 0; i < keys.length; i++) {
const key = keys[i];
const path = [...paths[i], CCIS_KEY];
const value = fullNistPathToListOfCcis[key];
_.setWith(result, path, value, Object);
}

return result;
}
38 changes: 10 additions & 28 deletions libs/hdf-converters/src/mappings/CciNistMapping.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import {
} from '../mappings/NistCciMappingData';
import {is_control, parse_nist} from 'inspecjs';
import {CCI_TO_NIST} from './CciNistMappingData';
import {CCIS_KEY} from '../../data/converters/cciListXml2json';

export function CCI2NIST(
identifiers: string[],
Expand All @@ -24,35 +23,18 @@ export function NIST2CCI(
): string[] {
const DEFAULT_CCI_TAGS = defaultNist2Cci || [];

const paths = identifiers
const ccis = identifiers
.map(parse_nist)
.filter(is_control)
.map((control) => [
control.subSpecifiers.slice(0, 2).join('-'),
...control.subSpecifiers.slice(2)
]);

const ccis = _.uniq(
paths.flatMap((specifiers) => {
const parentSpecifier = specifiers[0];

// See if the given path maps to CCIs, otherwise back up a specifier.
for (let i = 0; i < specifiers.length; i++) {
const path = [
parentSpecifier,
...specifiers.slice(1, specifiers.length - i),
CCIS_KEY
];
const ccis = _.get(NIST_TO_CCI, path);
if (ccis) {
return ccis;
}
}

// If there is no official NIST->CCI mapping for this NIST control, then check the handcrafted mapping.
return _.get(HANDCRAFTED_DEFAULT_NIST_TO_CCI, parentSpecifier, []);
})
);
.map((nist) => nist.canonize())
.flatMap((nist) => {
// Get the official NIST->CCI mapping if it exists. Otherwise, get the handcrafted mapping.
return _.get(
NIST_TO_CCI,
nist,
_.get(HANDCRAFTED_DEFAULT_NIST_TO_CCI, nist, [])
);
});

return ccis.length > 0 ? ccis : DEFAULT_CCI_TAGS;
}
3 changes: 1 addition & 2 deletions libs/hdf-converters/src/mappings/NistCciMappingData.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import {Trie} from '../../data/converters/cciListXml2json';
import nistToCciData from './U_CCI_List.cci.json';

export const NIST_TO_CCI: Trie = nistToCciData;
export const NIST_TO_CCI: Record<string, string[]> = nistToCciData;

export const HANDCRAFTED_DEFAULT_NIST_TO_CCI = {
'AC-7': ['CCI-000044'],
Expand Down
Loading

0 comments on commit 483df2d

Please sign in to comment.