Skip to content

Commit

Permalink
VEX alignment changes
Browse files Browse the repository at this point in the history 
Signed-off-by: Charles Hu <[email protected]>
  • Loading branch information
@charleshu-8
charleshu-8 committed Jul 30, 2024
1 parent ec42b2f commit 043ca2b
Show file tree
Hide file tree
Showing 9 changed files with 11,416 additions and 806 deletions.
8 changes: 3 additions & 5 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,16 @@
"statistics": {},
"profiles": [
{
"name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7",
"title": "test 9",
"name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7",
"title": "test 9 CycloneDX BOM Report",
"version": "SNAPSHOT",
"maintainer": "",
"description": "This is the project I want to use to generate data to understand the schema a bit better",
"license": "",
"supports": [],
"attributes": [],
"groups": [],
"status": "loaded",
"controls": [],
"sha256": "45a072f28e84cfb00c8cab2139b026114a1f548fff8551d51d84c8c13b05f772"
"sha256": "457073f76a4355932e902365ca9adf836dac722c1faa4ea1a78e3db202f28c68"
}
],
"passthrough": {
Expand Down
8 changes: 3 additions & 5 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-no-vulns-hdf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,16 @@
"statistics": {},
"profiles": [
{
"name": "application/602de70a-7107-4ac8-9ad2-3c1c816892a7",
"title": "test 9",
"name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7",
"title": "test 9 CycloneDX BOM Report",
"version": "SNAPSHOT",
"maintainer": "",
"description": "This is the project I want to use to generate data to understand the schema a bit better",
"license": "",
"supports": [],
"attributes": [],
"groups": [],
"status": "loaded",
"controls": [],
"sha256": "45a072f28e84cfb00c8cab2139b026114a1f548fff8551d51d84c8c13b05f772"
"sha256": "457073f76a4355932e902365ca9adf836dac722c1faa4ea1a78e3db202f28c68"
}
],
"passthrough": {
Expand Down
3,015 changes: 2,824 additions & 191 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json
View file

Large diffs are not rendered by default.

3,015 changes: 2,824 additions & 191 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vex-hdf.json
View file

Large diffs are not rendered by default.

3,015 changes: 2,824 additions & 191 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json
View file

Large diffs are not rendered by default.

3,015 changes: 2,824 additions & 191 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-dropwizard-vulns-hdf.json
View file

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf-withraw.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
"statistics": {},
"profiles": [
{
"name": "application/@mitre/[email protected]",
"title": "@mitre/saf",
"name": "CycloneDX BOM Report: application/@mitre/[email protected]",
"title": "@mitre/saf CycloneDX BOM Report",
"version": "1.4.7",
"maintainer": "The MITRE Security Automation Framework",
"description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.",
Expand All @@ -18,7 +18,7 @@
"groups": [],
"status": "loaded",
"controls": [],
"sha256": "293aa65c39599822577a8957155b2b71f759a252c5e08724637cf1dc44089595"
"sha256": "d0eb06874c873528a609afe066d8ce3728bc38e9f6d57dd693ed21455edfe0f8"
}
],
"passthrough": {
Expand Down
6 changes: 3 additions & 3 deletions libs/hdf-converters/sample_jsons/sbom_mapper/sbom-saf-hdf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
"statistics": {},
"profiles": [
{
"name": "application/@mitre/[email protected]",
"title": "@mitre/saf",
"name": "CycloneDX BOM Report: application/@mitre/[email protected]",
"title": "@mitre/saf CycloneDX BOM Report",
"version": "1.4.7",
"maintainer": "The MITRE Security Automation Framework",
"description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.",
Expand All @@ -18,7 +18,7 @@
"groups": [],
"status": "loaded",
"controls": [],
"sha256": "293aa65c39599822577a8957155b2b71f759a252c5e08724637cf1dc44089595"
"sha256": "d0eb06874c873528a609afe066d8ce3728bc38e9f6d57dd693ed21455edfe0f8"
}
],
"passthrough": {
Expand Down
134 changes: 108 additions & 26 deletions libs/hdf-converters/src/sbom-mapper.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,31 +190,72 @@ export class SBOMMapper extends BaseConverter {
{
name: {
path: 'metadata.component',
transformer: (input: Record<string, unknown>): string => {
return `${input.type}/${input['bom-ref']}`;
}
transformer: (input: Record<string, unknown>): string =>
input['bom-ref']
? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}`
: 'CycloneDX BOM Report'
},
title: {
path: 'metadata.component',
transformer: (input: Record<string, unknown>): string => {
const group = input.group ? `${input.group}/` : '';
return `${group}${input.name}`;
if (input.name) {
const group = input.group ? `${input.group}/` : '';
return `${group}${input.name} CycloneDX BOM Report`;
} else {
return 'CycloneDX BOM Report';
}
}
},
version: {
path: 'metadata.component.version',
transformer: (input: Record<string, unknown>): string | undefined =>
input ? `${input}` : undefined
},
maintainer: {
path: 'metadata.component',
transformer: (input: Record<string, unknown>): string | undefined => {
// Check through every single possible field which may hold ownership over this component
if (input.author) {
// `author` is deprecated in v1.6 but may still appear
return `${input.author}`;
} else if (input.authors) {
// Join list of component authors
let msg = '';
for (const author of input.authors as Record<string, unknown>[]) {
msg += `${author.name}, `;
}
return msg.slice(0, -2);
} else if (input.manufacturer) {
// If we can't pinpoint the exact authors, resort to the organization
return `${(input.manufacturer as Record<string, unknown>).name}`;
} else {
return undefined;
}
}
},
version: {path: 'metadata.component.version'},
maintainer: {path: 'metadata.component.author'},
description: {path: 'metadata.component.description'},
description: {
path: 'metadata.component',
transformer: (input: Record<string, unknown>): string | undefined =>
input.description ? `${input.description}` : undefined
},
copyright: {
path: 'metadata.component',
transformer: (input: Record<string, unknown>): string | undefined =>
input.copyright ? `${input.copyright}` : undefined
},
license: {
path: 'metadata.component',
transformer: (input: Record<string, unknown>): string => {
transformer: (input: Record<string, unknown>): string | undefined => {
let message = '';
if (Array.isArray(input.licenses)) {
// Join together all applicable licenses for this component
input.licenses.map((license) => {
message = message.concat(`${license.license.id}, `);
});
return message.slice(0, -2);
}
return message.slice(0, -2);
// If there are no found licenses, remove field
return undefined;
}
},
supports: [],
Expand All @@ -232,12 +273,28 @@ export class SBOMMapper extends BaseConverter {
},
cci: {
path: 'cwes',
transformer: (input: number[]) =>
transformer: (input: number[]): string[] =>
getCCIsForNISTTags(getNISTTags(input))
},
cwe: {path: 'cwes', transformer: formatCWETags}
},
descriptions: [
{
data: {path: 'detail'},
label: 'Detail'
},
{
data: {path: 'recommendation'},
label: 'Recommendation'
},
{
data: {path: 'workaround'},
label: 'Workaround'
},
{
data: {path: 'proofOfConcept'},
label: 'Proof of concept'
},
{
data: {path: 'created'},
label: 'Date created'
Expand All @@ -249,29 +306,54 @@ export class SBOMMapper extends BaseConverter {
{
data: {path: 'updated'},
label: 'Date updated'
},
{
data: {path: 'rejected'},
label: 'Date rejected'
},
{
data: {path: 'credits'},
label: 'Credits'
},
{
data: {path: 'tools'},
label: 'Tools'
},
{
data: {path: 'analysis'},
label: 'Analysis'
}
],
refs: [
{
path: 'source',
transformer: (data: Record<string, unknown>) => {
return {ref: [data]};
transformer: (
input: Record<string, unknown>
): Record<string, unknown> => {
const searchFor = ['source', 'references', 'advisories'];
const ref = [];
for (const key of searchFor) {
if (input[key]) {
ref.push(input[key] as Record<string, unknown>);
}
}
return {ref: ref};
}
}
],
source_location: {},
title: {path: 'bom-ref'},
title: {
transformer: (input: Record<string, unknown>): string =>
input.description ? `${input.description}` : `${input.id}`
},
id: {path: 'id'},
desc: {path: 'description'},
impact: {path: 'ratings', transformer: aggregateImpact},
impact: {path: 'ratings', transformer: aggregateImpact}, // temp
code: {
transformer: (vulnerability: Record<string, unknown>): string => {
return JSON.stringify(
transformer: (vulnerability: Record<string, unknown>): string =>
JSON.stringify(
_.omit(vulnerability, 'affectedComponents'),
null,
2
);
}
)
},
results: [
{
Expand Down Expand Up @@ -306,21 +388,21 @@ export class SBOMMapper extends BaseConverter {
}
],
passthrough: {
transformer: (data: Record<string, any>): Record<string, unknown> => {
transformer: (input: Record<string, any>): Record<string, unknown> => {
return {
auxiliary_data: [
{
name: 'SBOM',
components: _.get(data, 'components'),
dependencies: _.get(data, 'dependencies'),
data: _.omit(data, [
components: _.get(input, 'components'),
dependencies: _.get(input, 'dependencies'),
data: _.omit(input, [
'components',
'vulnerabilities',
'dependencies'
])
}
],
...(this.withRaw && {raw: data})
...(this.withRaw && {raw: input})
};
}
}
Expand Down

0 comments on commit 043ca2b

Please sign in to comment.