Bump fast-xml-parser from 3.21.1 to 4.2.7

package.json

@@ -31,7 +31,7 @@
     "@types/lodash": "^4.14.178",
     "@types/mustache": "^4.2.0",
     "@types/pretty": "^2.0.1",
-    "fast-xml-parser": "^3.1.19",
+    "fast-xml-parser": "^4.2.7",
     "flat": "5.0.2",
     "he": "^1.2.0",
     "htmlparser2": "^9.0.0",

src/objects/control.ts

@@ -150,7 +150,7 @@ export default class Control {
     return result;
   }
 
-  toRuby(verbose = true) {
+  toRuby(verbose = false) {
     const logger = createWinstonLogger();
     let result = '';
 
@@ -183,7 +183,7 @@ export default class Control {
             result += `  desc '${key}', ${escapeQuotes(subDesc)}\n`;
           }
         } else {
-          if (verbose) {logger.error(`${this.id} does not have a desc for the value ${key}`);}
+          if (verbose) {logger.warn(`${this.id} does not have a desc for the value ${key}`);}
         }
       });
     }

src/parsers/xccdf.ts

@@ -94,10 +94,10 @@
         control.id = rule.group['@_id']
         break;
       case 'rule':
-        if (rule['@_id'].toLowerCase().startsWith('sv')) {
-          control.id = rule['@_id'].split('r')[0]
+        if (rule['@_id'][0].toLowerCase().startsWith('sv')) {
+          control.id = rule['@_id'][0].split('r')[0]
         } else {
-          control.id = rule['@_id']
+          control.id = rule['@_id'][0]
         }
         break;
       case 'version':
@@ -118,8 +118,12 @@
       default:
         throw new Error('useRuleId must be one of "group", "rule", or "version"')
     }
-
-    control.title = removeXMLSpecialCharacters(rule['@_severity'] ? ensureDecodedXMLStringValue(rule.title, 'undefined title') : `[[[MISSING SEVERITY FROM BENCHMARK]]] ${ensureDecodedXMLStringValue(rule.title,'undefined title')}`)
+
+    if(!(_.isArray(rule.title) && rule.title.length === 1)) {
+      throw new Error('Rule title is not an array of length 1.');
+    }
+
+    control.title = removeXMLSpecialCharacters(rule['@_severity'] ? ensureDecodedXMLStringValue(rule.title[0], 'undefined title') : `[[[MISSING SEVERITY FROM BENCHMARK]]] ${ensureDecodedXMLStringValue(rule.title[0],'undefined title')}`)
 
     if (typeof extractedDescription === 'object' && !Array.isArray(extractedDescription)) {
       control.desc = extractedDescription.VulnDiscussion?.split('Satisfies: ')[0] || ''
@@ -139,7 +143,7 @@
 
     if (rule.check) {
       if (rule.check.some((ruleValue) => 'check-content' in ruleValue)) {
-        control.descs.check = removeXMLSpecialCharacters(rule.check ? rule.check[0]['check-content'] : 'Missing description')
+        control.descs.check = removeXMLSpecialCharacters(rule.check ? rule.check[0]['check-content'][0] : 'Missing description')
         control.tags.check_id = rule.check[0]['@_system']
       } else if (rule.check.some((ruleValue) => 'check-content-ref' in ruleValue) && ovalDefinitions) {
         let referenceID: string | null = null;
@@ -154,7 +158,7 @@
           }
         }
         if (referenceID && referenceID in ovalDefinitions) {
-          control.descs.check = removeXMLSpecialCharacters(ovalDefinitions[referenceID].metadata[0].title)
+          control.descs.check = removeXMLSpecialCharacters(ovalDefinitions[referenceID].metadata[0].title[0])
         } else if (referenceID) {
           logger.warn(`Could not find OVAL definition for ${referenceID}`)
         }
@@ -216,11 +220,11 @@
 
     if (_.get(rule.fixtext, '[0]["#text"]')) {
       control.descs.fix = removeXMLSpecialCharacters(rule.fixtext[0]['#text'])
-    } else if (typeof rule.fixtext === 'string') {
-      control.descs.fix = removeXMLSpecialCharacters(rule.fixtext)
-    } else if (typeof rule.fixtext === 'object') {
-      if (Array.isArray(rule.fixtext)) {
-        control.descs.fix = removeXMLSpecialCharacters(pretty(convertJsonIntoXML(rule.fixtext.map((fixtext: any) => {
+    } else if (typeof rule.fixtext[0] === 'string') {
+      control.descs.fix = removeXMLSpecialCharacters(rule.fixtext[0])
+    } else if (typeof rule.fixtext[0] === 'object') {
+      if (Array.isArray(rule.fixtext[0])) {
+        control.descs.fix = removeXMLSpecialCharacters(pretty(convertJsonIntoXML(rule.fixtext[0].map((fixtext: any) => {
           if (fixtext.div) {
             return fixtext.div
           } else {
@@ -245,9 +249,8 @@
     control.tags.rid = rule['@_id']
     control.tags.stig_id = rule['version']
 
-
-    if (typeof rule.group.title === 'string') {
-      control.tags.gtitle = removeXMLSpecialCharacters(rule.group.title)
+    if (typeof rule.group.title[0] === 'string') {
+      control.tags.gtitle = removeXMLSpecialCharacters(rule.group.title[0])
     } else {
       control.tags.gtitle = removeXMLSpecialCharacters(_.get(rule.group, 'title[0].#text', 'undefined title'))
     }
@@ -276,7 +279,14 @@
     }
 
     control.tags = _.mapValues(_.omitBy(control.tags, (value) => value === undefined), (value) => {
-      if (typeof value === 'string') {
+      if (value && Array.isArray(value)) {
+        if (Array.isArray(value[0])) {
+          return removeXMLSpecialCharacters(value[0][0] as string)
+        }
+        else {
+          return removeXMLSpecialCharacters(value[0] as string)
+        }
+      } else if (typeof value === 'string') {
         return removeXMLSpecialCharacters(value)
       } else {
         return value
@@ -287,14 +297,14 @@
     if (rule.ident) {
       rule.ident.forEach((identifier) => {
         // Get CCIs
-        if (identifier['@_system'].toLowerCase().includes('cci')) {
+        if (identifier['@_system'][0].toLowerCase().includes('cci')) {
           if (!('cci' in control.tags)) {
             control.tags.cci = []
           }
           control.tags.cci?.push(identifier['#text'])
         }
         // Get legacy identifiers
-        else if (identifier['@_system'].toLowerCase().includes('legacy')) {
+        else if (identifier['@_system'][0].toLowerCase().includes('legacy')) {
           if (!('legacy' in control.tags)) {
             control.tags.legacy = []
           }
@@ -352,7 +362,7 @@
               }
             } else {
               logger.warn('Reference parts of invalid length:')
-              logger.info(referenceParts)
+              // logger.info(referenceParts)
             }
           }
         } catch (e) {

src/types/xccdf.d.ts

@@ -722,7 +722,7 @@ export interface BenchmarkRule {
   '@_severity': Severity;
   '@_weight': string;
   version: string;
-  title: string;
+  title: string[];
   description: string;
   rationale: FrontMatter[];
   reference: PurpleReference[];

src/utilities/update.ts

@@ -244,7 +244,7 @@ export function getExistingDescribeFromControl(control: Control): string {
 export function findUpdatedControlByAllIdentifiers(existingControl: Control, updatedControls: Control[]): Control | undefined {
   // Try to match based on IDs
   let updatedControl = updatedControls.find((updatedControl) => {
-    return updatedControl.id.toLowerCase() === existingControl.id.toLowerCase()
+    return updatedControl.id[0].toLowerCase() === existingControl.id[0].toLowerCase()
   })
 
   if (updatedControl) {

src/utilities/xccdf.ts

@@ -1,21 +1,39 @@
-import parser from 'fast-xml-parser'
+import {XMLParser} from 'fast-xml-parser'
 import {toXML} from 'jstoxml';
 import * as htmlparser from 'htmlparser2'
 import _ from 'lodash'
 import {DecodedDescription} from '../types/xccdf'
 import he from 'he'
 
+// const alwaysArray = ['cci_item', 'reference', 'Group', 'group', 'Benchmark', 'Rule', 'title', 'rule', 'version', 'title', '@_id', 'check'];
+// 'title',  
+//STIG
+// const alwaysArray = ['title', 'dc-status', 'description','notice', 'front-matter', 'rear-matter', 'reference', 'plain-text', 'platform', 'metadata', 'Benchmark', 'Group', 'Rule', 'TestResult', 'Value', 'Profile', 'check', 'ident', 'rationale'];
+//OVAL
+const alwaysArray = ['object_reference', 'oval-def:definition', 'definition', 'affected', 'reference', 'xsd:any', 'platform', 'product', 'note', 'criteria', 'criterion', 'extend_definition', 'oval-def:test', 'oval-def:object', 'oval-def:filter', 'oval-def:state', 'oval-def:variable', 'possible_value', 'possible_restriction', 'restriction', 'value', 'field', 'definitions', 'generator'];
+
+// arrayMode: () => { 
+//   return true;
+// }//true  // needs to be updated to isArray https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/docs/v4/2.XMLparseOptions.md#isarray
 
 export function convertEncodedXmlIntoJson(
   encodedXml: string
 ): any {
-  return parser.parse(encodedXml, {
+  const options = {
     ignoreAttributes: false,
     ignoreNameSpace: true,
     attributeNamePrefix: '@_',
     stopNodes: ['div', 'p'],
-    arrayMode: true
-  })
+    isArray: (_name: string, _jpath: string, isLeafNode: boolean) => {
+      // if (isLeafNode) {
+        return true;
+      // } else {
+      //   return false;
+      // }
+    }
+  };
+  const parser = new XMLParser(options);
+  return parser.parse(encodedXml);
 }
 
 
@@ -24,31 +42,34 @@
 }
 
 export function removeXMLSpecialCharacters(str: string) {
-  return he.decode(str)
+  console.log("Remove special characters: ", JSON.stringify(str, null, 2));
+  const result = he.decode(str);
+  console.log("Result of he.decode: ", JSON.stringify(result));
+  return result
 }
 
 export function severityStringToImpact(string: string, id: string): number {
-  if (string.match(/none|na|n\/a|not[\s()*_|]?applicable/i)?.length) {
+  if (RegExp(/none|na|n\/a|not[\s()*_|]?applicable/i).exec(string)?.length) {
     return 0.0
   }
 
-  if (string.match(/low|cat(egory)?\s*(iii|3)/i)?.length) {
+  if (RegExp(/low|cat(egory)?\s*(iii|3)/i).exec(string)?.length) {
     return 0.3
   }
 
-  if (string.match(/med(ium)?|cat(egory)?\s*(ii|2)/)?.length) {
+  if (RegExp(/med(ium)?|cat(egory)?\s*(ii|2)/).exec(string)?.length) {
     return 0.5
   }
 
-  if (string.match(/high|cat(egory)?\s*(i|1)/)?.length) {
+  if (RegExp(/high|cat(egory)?\s*(i|1)/).exec(string)?.length) {
     return 0.7
   }
 
-  if (string.match(/crit(ical)?|severe/)?.length) {
+  if (RegExp(/crit(ical)?|severe/).exec(string)?.length) {
     return 1.0
   }
 
-  console.log(`${string} is not a valid severity value. It should be one of the approved keywords. ${id} will be treated as medium severity`)
+  // console.log(`${string} is not a valid severity value. It should be one of the approved keywords. ${id} will be treated as medium severity`)
   return 0.5;
 }