From 65038ca6c42428f2c66581c30b22e6631811da44 Mon Sep 17 00:00:00 2001 From: Joyce Quach Date: Fri, 1 Nov 2024 16:09:48 -0400 Subject: [PATCH] Move getCCIsForNISTTags function into libs/hdf-converters/src/mappings/CciNistMapping.ts Signed-off-by: Joyce Quach --- .../src/asff-mapper/asff-mapper.ts | 6 ++---- libs/hdf-converters/src/burpsuite-mapper.ts | 6 ++---- libs/hdf-converters/src/cyclonedx-sbom-mapper.ts | 3 ++- libs/hdf-converters/src/dbprotect-mapper.ts | 6 ++---- .../src/dependency-track-mapper.ts | 6 ++---- libs/hdf-converters/src/fortify-mapper.ts | 2 +- libs/hdf-converters/src/ionchannel-mapper.ts | 6 ++---- libs/hdf-converters/src/jfrog-xray-mapper.ts | 6 ++---- .../src/mappings/CciNistMapping.ts | 16 ++++++++++++++++ libs/hdf-converters/src/netsparker-mapper.ts | 6 ++---- libs/hdf-converters/src/nikto-mapper.ts | 2 +- libs/hdf-converters/src/prisma-mapper.ts | 4 ++-- libs/hdf-converters/src/sarif-mapper.ts | 6 ++---- libs/hdf-converters/src/scoutsuite-mapper.ts | 2 +- libs/hdf-converters/src/snyk-mapper.ts | 6 ++---- libs/hdf-converters/src/sonarqube-mapper.ts | 2 +- libs/hdf-converters/src/twistlock-mapper.ts | 6 ++---- libs/hdf-converters/src/utils/global.ts | 15 --------------- libs/hdf-converters/src/veracode-mapper.ts | 2 +- libs/hdf-converters/src/zap-mapper.ts | 6 ++---- 20 files changed, 47 insertions(+), 67 deletions(-) diff --git a/libs/hdf-converters/src/asff-mapper/asff-mapper.ts b/libs/hdf-converters/src/asff-mapper/asff-mapper.ts index 1c4992cc03..b6aa91536a 100644 --- a/libs/hdf-converters/src/asff-mapper/asff-mapper.ts +++ b/libs/hdf-converters/src/asff-mapper/asff-mapper.ts @@ -7,10 +7,7 @@ import {ExecJSON} from 'inspecjs'; import * as _ from 'lodash'; import {version as HeimdallToolsVersion} from '../../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from '../base-converter'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from '../utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from '../utils/global'; import {getCMSInSpec} from './case-cms-inspec'; import {getFirewallManager} from './case-firewall-manager'; import {getGuardDuty} from './case-guardduty'; @@ -19,6 +16,7 @@ import {getPreviouslyHDF} from './case-previously-hdf'; import {getProwler} from './case-prowler'; import {getSecurityHub} from './case-security-hub'; import {getTrivy} from './case-trivy'; +import {getCCIsForNISTTags} from '../mappings/CciNistMapping'; const IMPACT_MAPPING: Map = new Map([ ['CRITICAL', 0.9], diff --git a/libs/hdf-converters/src/burpsuite-mapper.ts b/libs/hdf-converters/src/burpsuite-mapper.ts index 1ced8886ed..4f41befd38 100644 --- a/libs/hdf-converters/src/burpsuite-mapper.ts +++ b/libs/hdf-converters/src/burpsuite-mapper.ts @@ -10,10 +10,8 @@ import { parseXml } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; // Constant const IMPACT_MAPPING: Map = new Map([ diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts index 62f77fb1ee..f1cc5560c0 100644 --- a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -3,7 +3,7 @@ import _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import {filterString, getCCIsForNISTTags} from './utils/global'; +import {filterString} from './utils/global'; import { CycloneDXSoftwareBillOfMaterialSpecification, CycloneDXSoftwareBillOfMaterialsStandard, @@ -22,6 +22,7 @@ import { ComponentClass, ComponentObject } from '../types/cyclonedx'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const cvssMethods = ['CVSSv2', 'CVSSv3', 'CVSSv31', 'CVSSv4'] as const; type CVSSMethodEnum = Extract; diff --git a/libs/hdf-converters/src/dbprotect-mapper.ts b/libs/hdf-converters/src/dbprotect-mapper.ts index 1097723115..aee1d5983d 100644 --- a/libs/hdf-converters/src/dbprotect-mapper.ts +++ b/libs/hdf-converters/src/dbprotect-mapper.ts @@ -8,10 +8,8 @@ import { MappedTransform, parseXml } from './base-converter'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const IMPACT_MAPPING: Map = new Map([ ['high', 0.7], diff --git a/libs/hdf-converters/src/dependency-track-mapper.ts b/libs/hdf-converters/src/dependency-track-mapper.ts index b0414da003..52d94452ae 100644 --- a/libs/hdf-converters/src/dependency-track-mapper.ts +++ b/libs/hdf-converters/src/dependency-track-mapper.ts @@ -8,10 +8,8 @@ import { MappedTransform } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; interface ICweEntry { cweId: number; diff --git a/libs/hdf-converters/src/fortify-mapper.ts b/libs/hdf-converters/src/fortify-mapper.ts index 1371179bc9..c3e960804d 100644 --- a/libs/hdf-converters/src/fortify-mapper.ts +++ b/libs/hdf-converters/src/fortify-mapper.ts @@ -8,7 +8,7 @@ import { parseHtml, parseXml } from './base-converter'; -import {getCCIsForNISTTags} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const NIST_REFERENCE_NAME = 'Standards Mapping - NIST Special Publication 800-53 Revision 4'; diff --git a/libs/hdf-converters/src/ionchannel-mapper.ts b/libs/hdf-converters/src/ionchannel-mapper.ts index 8157f50751..831f8d1215 100644 --- a/libs/hdf-converters/src/ionchannel-mapper.ts +++ b/libs/hdf-converters/src/ionchannel-mapper.ts @@ -11,10 +11,8 @@ import { import {Project} from '../types/ionchannelProjects'; import {Team} from '../types/ionchannelTeams'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; -import { - DEFAULT_INFORMATION_SYSTEM_COMPONENT_MANAGEMENT_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_INFORMATION_SYSTEM_COMPONENT_MANAGEMENT_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; // Extracts all levels of dependencies from any dependency (including sub-dependencies) function extractAllDependencies( diff --git a/libs/hdf-converters/src/jfrog-xray-mapper.ts b/libs/hdf-converters/src/jfrog-xray-mapper.ts index 03c1cea40e..7a3fc60cff 100644 --- a/libs/hdf-converters/src/jfrog-xray-mapper.ts +++ b/libs/hdf-converters/src/jfrog-xray-mapper.ts @@ -9,10 +9,8 @@ import { MappedTransform } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; // Constants const IMPACT_MAPPING: Map = new Map([ diff --git a/libs/hdf-converters/src/mappings/CciNistMapping.ts b/libs/hdf-converters/src/mappings/CciNistMapping.ts index cb91566d73..2f2d411fc2 100644 --- a/libs/hdf-converters/src/mappings/CciNistMapping.ts +++ b/libs/hdf-converters/src/mappings/CciNistMapping.ts @@ -3,6 +3,7 @@ import _ from 'lodash'; import {CCI_List} from '../utils/CCI_List'; import {CCI_TO_NIST} from './CciNistMappingData'; import {CciNistMappingItem} from './CciNistMappingItem'; +import {data as NistCciMappingData} from '../mappings/NistCciMappingData'; type Reference = { '@_creator': string; @@ -188,3 +189,18 @@ export class CciNistMapping { return matches; } } + +export function getCCIsForNISTTags(nistTags: string[]): string[] { + const cciTags: string[] = []; + for (const nistTag of nistTags) { + const baseTag = /\w\w-\d\d?\d?/g.exec(nistTag); + if ( + Array.isArray(baseTag) && + baseTag.length > 0 && + baseTag[0] in NistCciMappingData + ) { + cciTags.push(...NistCciMappingData[baseTag[0]]); + } + } + return cciTags; +} diff --git a/libs/hdf-converters/src/netsparker-mapper.ts b/libs/hdf-converters/src/netsparker-mapper.ts index 6bff896d5d..ebc8c98876 100644 --- a/libs/hdf-converters/src/netsparker-mapper.ts +++ b/libs/hdf-converters/src/netsparker-mapper.ts @@ -11,10 +11,8 @@ import { } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {OwaspNistMapping} from './mappings/OwaspNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const IMPACT_MAPPING: Map = new Map([ ['critical', 1.0], diff --git a/libs/hdf-converters/src/nikto-mapper.ts b/libs/hdf-converters/src/nikto-mapper.ts index b36d43d7c8..98ad8795aa 100644 --- a/libs/hdf-converters/src/nikto-mapper.ts +++ b/libs/hdf-converters/src/nikto-mapper.ts @@ -3,7 +3,7 @@ import * as _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {NiktoNistMapping} from './mappings/NiktoNistMapping'; -import {getCCIsForNISTTags} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const NIKTO_NIST_MAPPING = new NiktoNistMapping(); diff --git a/libs/hdf-converters/src/prisma-mapper.ts b/libs/hdf-converters/src/prisma-mapper.ts index 69c165d65b..9a1c45cdf1 100644 --- a/libs/hdf-converters/src/prisma-mapper.ts +++ b/libs/hdf-converters/src/prisma-mapper.ts @@ -9,9 +9,9 @@ import { } from './base-converter'; import { DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - DEFAULT_UPDATE_REMEDIATION_NIST_TAGS, - getCCIsForNISTTags + DEFAULT_UPDATE_REMEDIATION_NIST_TAGS } from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; export type PrismaControl = { Packages: string; diff --git a/libs/hdf-converters/src/sarif-mapper.ts b/libs/hdf-converters/src/sarif-mapper.ts index c45188ae7e..56262aee05 100644 --- a/libs/hdf-converters/src/sarif-mapper.ts +++ b/libs/hdf-converters/src/sarif-mapper.ts @@ -3,10 +3,8 @@ import * as _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const IMPACT_MAPPING: Map = new Map([ ['error', 0.7], diff --git a/libs/hdf-converters/src/scoutsuite-mapper.ts b/libs/hdf-converters/src/scoutsuite-mapper.ts index 46736b958a..87096776be 100644 --- a/libs/hdf-converters/src/scoutsuite-mapper.ts +++ b/libs/hdf-converters/src/scoutsuite-mapper.ts @@ -8,7 +8,7 @@ import { MappedTransform } from './base-converter'; import {ScoutsuiteNistMapping} from './mappings/ScoutsuiteNistMapping'; -import {getCCIsForNISTTags} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const INSPEC_INPUTS_MAPPING = { string: 'String', diff --git a/libs/hdf-converters/src/snyk-mapper.ts b/libs/hdf-converters/src/snyk-mapper.ts index 81e904db14..e9333321b4 100644 --- a/libs/hdf-converters/src/snyk-mapper.ts +++ b/libs/hdf-converters/src/snyk-mapper.ts @@ -8,10 +8,8 @@ import { MappedTransform } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const IMPACT_MAPPING: Map = new Map([ ['high', 0.7], diff --git a/libs/hdf-converters/src/sonarqube-mapper.ts b/libs/hdf-converters/src/sonarqube-mapper.ts index f1dae0ad8a..9950c387d6 100644 --- a/libs/hdf-converters/src/sonarqube-mapper.ts +++ b/libs/hdf-converters/src/sonarqube-mapper.ts @@ -9,7 +9,7 @@ import { } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; import {OwaspNistMapping} from './mappings/OwaspNistMapping'; -import {getCCIsForNISTTags} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; // eslint-disable-next-line @typescript-eslint/naming-convention export type Issue = { diff --git a/libs/hdf-converters/src/twistlock-mapper.ts b/libs/hdf-converters/src/twistlock-mapper.ts index 7dd38f6e39..9335c5a1c0 100644 --- a/libs/hdf-converters/src/twistlock-mapper.ts +++ b/libs/hdf-converters/src/twistlock-mapper.ts @@ -7,10 +7,8 @@ import { impactMapping, MappedTransform } from './base-converter'; -import { - DEFAULT_UPDATE_REMEDIATION_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_UPDATE_REMEDIATION_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const IMPACT_MAPPING: Map = new Map([ ['critical', 0.9], diff --git a/libs/hdf-converters/src/utils/global.ts b/libs/hdf-converters/src/utils/global.ts index 26dc1e292d..0588002478 100644 --- a/libs/hdf-converters/src/utils/global.ts +++ b/libs/hdf-converters/src/utils/global.ts @@ -63,21 +63,6 @@ export function getDescription( return found; } -export function getCCIsForNISTTags(nistTags: string[]): string[] { - const cciTags: string[] = []; - for (const nistTag of nistTags) { - const baseTag = /\w\w-\d\d?\d?/g.exec(nistTag); - if ( - Array.isArray(baseTag) && - baseTag.length > 0 && - baseTag[0] in NistCciMappingData - ) { - cciTags.push(...NistCciMappingData[baseTag[0]]); - } - } - return cciTags; -} - // Using the spread operator on a falsy value within an object does nothing. It is possible to use that syntactic behavior to conditionally add attributes to an object by writing something as follows: {...(condition && {attributeName: attribute})} which returns {} if condition is falsy and {attributeName: attribute} otherwise. Use this function to replace the stuff in the parentheses to save cognitive complexity marks when sonarqube complains. export function conditionallyProvideAttribute( attributeName: string, diff --git a/libs/hdf-converters/src/veracode-mapper.ts b/libs/hdf-converters/src/veracode-mapper.ts index 43ae05d641..f1384b5b62 100644 --- a/libs/hdf-converters/src/veracode-mapper.ts +++ b/libs/hdf-converters/src/veracode-mapper.ts @@ -8,7 +8,7 @@ import { parseXml } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import {getCCIsForNISTTags} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const STATIC_FLAWS = 'staticflaws.flaw'; const SEVERITY = 'detailedreport.severity'; const FILE_PATH_VALUE = 'file_paths.file_path.@_.value'; diff --git a/libs/hdf-converters/src/zap-mapper.ts b/libs/hdf-converters/src/zap-mapper.ts index e2377a3d57..9e93203429 100644 --- a/libs/hdf-converters/src/zap-mapper.ts +++ b/libs/hdf-converters/src/zap-mapper.ts @@ -8,10 +8,8 @@ import { parseHtml } from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; -import { - DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS, - getCCIsForNISTTags -} from './utils/global'; +import {DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS} from './utils/global'; +import {getCCIsForNISTTags} from './mappings/CciNistMapping'; const CWE_NIST_MAPPING = new CweNistMapping();