HDF Converters How Tos - mitre/heimdall2 GitHub Wiki
Common HDF-Converters Information
The purpose of this page is to assist developer with creation of HDF Converters and Mappers contain content for how-tos and/or links to step by step instructions for some of the more specific HDF-Converter Maps. If you are just getting started on making mappers for HDF-Converters, please visit Editing HDF Mapper and Converter Creation Guide.
This page also contains information to help explain some of the mapping decisions.
A collection of more specific types of mappers.
JSONIX has the capability of using the XML Schema as a mapping object for forward and reverse translation of data. Since JSON objects are used in hdf-converters, the XML Schema needs to be converted to a JSON object that is used for the JSONIX library as a Context. There is a flag to also generate a .jsonschema
that can be used to create a strongly typed object ensuring the results of the JSONIX library are correct.
These files can be saved in the HDF Converters library under schemas
.
A visualization for how the JSONIX library is connected to the HDF-Converters:
graph TD;
XML_Schema --> Jsonix-schema-complier;
Jsonix-schema-complier --> Mapping_Object;
Jsonix-schema-complier --> JSON_Schema;
JSON_Schema --> QuickType;
QuickType --> JSONIX_Unmarshall_Type_Object;
XML_String --> jsonix-converter.ts;
JSONIX_Unmarshall_Type_Object --> jsonix-converter.ts;
Mapping_Object --> jsonix-converter.toJsonix;
jsonix-converter.ts --> jsonix-converter.toJsonix;
jsonix-converter.toJsonix --> MAPPER;
jsonix-converter.toJsonix -- Optional .-> jsonix-intermediate-converter.toIntermediateObject;
Custom_Intermediate_Type_Object --> jsonix-intermediate-converter.toIntermediateObject;
jsonix-intermediate-converter.toIntermediateObject --> MAPPER;
- Use the map generation page found on the JSONIX wiki to generate the module factory file with the
-generateJsonSchema
flag to create an additional file used to create a type for marshalling/unmarshalling functions.
Example of Command
docker run --rm -v "$(pwd)":/jsonix/ -w /jsonix eclipse-temurin:8-jre java -jar jsonix-schema-compiler-full-2.3.9.jar -generateJsonSchema -p CHECKLIST U_Checklist_Schema_V2.xsd
This will generate the following files in the directory using the name provided in the -p
flag:
|--- CHECKLIST.js
|--- CHECKLIST.jsonschema
- Access the resulting .js file.
- Copy the object that is returned as a constant in a separate file.
- Update naming conventions to conform to best practices. (i.e. change the name of the object and use
const
instead ofvar
and export so it is exposed and accessible)
To use the mapping object, a type must be generated and passed to the jsonix-converter.ts
.
This type can be auto-generated using the QuickType library with the .jsonschema file created from the above command
Example of Checklist jsonschema
{
"id":"#",
"definitions":{
"STIGDATA":{
"type":"object",
"title":"STIGDATA",
"required":[
"vulnattribute",
"attributedata"
],
"properties":{
"vulnattribute":{
"title":"vulnattribute",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"CCI_REF",
"Check_Content",
"Check_Content_Ref",
"Class",
"Documentable",
"False_Negatives",
"False_Positives",
"Fix_Text",
"Group_Title",
"IA_Controls",
"Mitigation_Control",
"Mitigations",
"Potential_Impact",
"Responsibility",
"Rule_ID",
"Rule_Title",
"Rule_Ver",
"STIGRef",
"Security_Override_Guidance",
"Severity",
"Third_Party_Tools",
"Vuln_Discuss",
"Vuln_Num",
"Weight",
"TargetKey",
"STIG_UUID",
"LEGACY_ID"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"VULN_ATTRIBUTE",
"namespaceURI":""
}
},
"attributedata":{
"title":"attributedata",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"ATTRIBUTE_DATA",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"vulnattribute",
"attributedata"
]
},
"ASSET":{
"type":"object",
"title":"ASSET",
"required":[
"role",
"assettype",
"hostname",
"hostip",
"hostmac",
"hostfqdn",
"techarea",
"targetkey",
"webordatabase",
"webdbsite",
"webdbinstance"
],
"properties":{
"role":{
"title":"role",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"None",
"Workstation",
"Member Server",
"Domain Controller"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"ROLE",
"namespaceURI":""
}
},
"assettype":{
"title":"assettype",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"Computing",
"Non-Computing"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"ASSET_TYPE",
"namespaceURI":""
}
},
"marking":{
"title":"marking",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"MARKING",
"namespaceURI":""
}
},
"hostname":{
"title":"hostname",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"HOST_NAME",
"namespaceURI":""
}
},
"hostip":{
"title":"hostip",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"HOST_IP",
"namespaceURI":""
}
},
"hostmac":{
"title":"hostmac",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"HOST_MAC",
"namespaceURI":""
}
},
"hostguid":{
"title":"hostguid",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"HOST_GUID",
"namespaceURI":""
}
},
"hostfqdn":{
"title":"hostfqdn",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"HOST_FQDN",
"namespaceURI":""
}
},
"targetcomment":{
"title":"targetcomment",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"TARGET_COMMENT",
"namespaceURI":""
}
},
"techarea":{
"title":"techarea",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"",
"Application Review",
"Boundary Security",
"CDS Admin Review",
"CDS Technical Review",
"Database Review",
"Domain Name System (DNS)",
"Exchange Server",
"Host Based System Security (HBSS)",
"Internal Network",
"Mobility",
"Releasable Networks (REL)",
"Releaseable Networks (REL)",
"Traditional Security",
"UNIX OS",
"VVOIP Review",
"Web Review",
"Windows OS",
"Other Review"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"TECH_AREA",
"namespaceURI":""
}
},
"targetkey":{
"title":"targetkey",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"TARGET_KEY",
"namespaceURI":""
}
},
"stigguid":{
"title":"stigguid",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"STIG_GUID",
"namespaceURI":""
}
},
"webordatabase":{
"title":"webordatabase",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/boolean"
}
],
"propertyType":"element",
"elementName":{
"localPart":"WEB_OR_DATABASE",
"namespaceURI":""
}
},
"webdbsite":{
"title":"webdbsite",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"WEB_DB_SITE",
"namespaceURI":""
}
},
"webdbinstance":{
"title":"webdbinstance",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"WEB_DB_INSTANCE",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"role",
"assettype",
"marking",
"hostname",
"hostip",
"hostmac",
"hostguid",
"hostfqdn",
"targetcomment",
"techarea",
"targetkey",
"stigguid",
"webordatabase",
"webdbsite",
"webdbinstance"
]
},
"SIDATA":{
"type":"object",
"title":"SIDATA",
"required":[
"sidname"
],
"properties":{
"sidname":{
"title":"sidname",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"classification",
"customname",
"description",
"filename",
"notice",
"releaseinfo",
"source",
"stigid",
"title",
"uuid",
"version"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"SID_NAME",
"namespaceURI":""
}
},
"siddata":{
"title":"siddata",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"SID_DATA",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"sidname",
"siddata"
]
},
"STIGS":{
"type":"object",
"title":"STIGS",
"required":[
"istig"
],
"properties":{
"istig":{
"title":"istig",
"allOf":[
{
"type":"array",
"items":{
"$ref":"#/definitions/ISTIG"
},
"minItems":1
}
],
"propertyType":"element",
"elementName":{
"localPart":"iSTIG",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"istig"
]
},
"STIGINFO":{
"type":"object",
"title":"STIGINFO",
"required":[
"sidata"
],
"properties":{
"sidata":{
"title":"sidata",
"allOf":[
{
"type":"array",
"items":{
"$ref":"#/definitions/SIDATA"
},
"minItems":1
}
],
"propertyType":"element",
"elementName":{
"localPart":"SI_DATA",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"sidata"
]
},
"CHECKLIST":{
"type":"object",
"title":"CHECKLIST",
"required":[
"asset",
"stigs"
],
"properties":{
"asset":{
"title":"asset",
"allOf":[
{
"$ref":"#/definitions/ASSET"
}
],
"propertyType":"element",
"elementName":{
"localPart":"ASSET",
"namespaceURI":""
}
},
"stigs":{
"title":"stigs",
"allOf":[
{
"$ref":"#/definitions/STIGS"
}
],
"propertyType":"element",
"elementName":{
"localPart":"STIGS",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"asset",
"stigs"
]
},
"VULN":{
"type":"object",
"title":"VULN",
"required":[
"stigdata",
"status",
"findingdetails",
"comments",
"severityoverride",
"severityjustification"
],
"properties":{
"stigdata":{
"title":"stigdata",
"allOf":[
{
"type":"array",
"items":{
"$ref":"#/definitions/STIGDATA"
},
"minItems":1
}
],
"propertyType":"element",
"elementName":{
"localPart":"STIG_DATA",
"namespaceURI":""
}
},
"status":{
"title":"status",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"NotAFinding",
"Open",
"Not_Applicable",
"Not_Reviewed"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"STATUS",
"namespaceURI":""
}
},
"findingdetails":{
"title":"findingdetails",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"FINDING_DETAILS",
"namespaceURI":""
}
},
"comments":{
"title":"comments",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"COMMENTS",
"namespaceURI":""
}
},
"severityoverride":{
"title":"severityoverride",
"allOf":[
{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"",
"low",
"medium",
"high"
]
}
]
}
],
"propertyType":"element",
"elementName":{
"localPart":"SEVERITY_OVERRIDE",
"namespaceURI":""
}
},
"severityjustification":{
"title":"severityjustification",
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
],
"propertyType":"element",
"elementName":{
"localPart":"SEVERITY_JUSTIFICATION",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"stigdata",
"status",
"findingdetails",
"comments",
"severityoverride",
"severityjustification"
]
},
"ISTIG":{
"type":"object",
"title":"ISTIG",
"required":[
"stiginfo",
"vuln"
],
"properties":{
"stiginfo":{
"title":"stiginfo",
"allOf":[
{
"$ref":"#/definitions/STIGINFO"
}
],
"propertyType":"element",
"elementName":{
"localPart":"STIG_INFO",
"namespaceURI":""
}
},
"vuln":{
"title":"vuln",
"allOf":[
{
"type":"array",
"items":{
"$ref":"#/definitions/VULN"
},
"minItems":1
}
],
"propertyType":"element",
"elementName":{
"localPart":"VULN",
"namespaceURI":""
}
}
},
"typeType":"classInfo",
"propertiesOrder":[
"stiginfo",
"vuln"
]
}
},
"anyOf":[
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"WEB_DB_INSTANCE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"WEB_DB_INSTANCE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"TARGET_KEY"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"TARGET_KEY",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"ROLE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"None",
"Workstation",
"Member Server",
"Domain Controller"
]
}
]
}
},
"elementName":{
"localPart":"ROLE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"MARKING"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"MARKING",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"SID_NAME"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"classification",
"customname",
"description",
"filename",
"notice",
"releaseinfo",
"source",
"stigid",
"title",
"uuid",
"version"
]
}
]
}
},
"elementName":{
"localPart":"SID_NAME",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"HOST_NAME"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"HOST_NAME",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"SEVERITY_OVERRIDE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"",
"low",
"medium",
"high"
]
}
]
}
},
"elementName":{
"localPart":"SEVERITY_OVERRIDE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"HOST_FQDN"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"HOST_FQDN",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"FINDING_DETAILS"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"FINDING_DETAILS",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"SEVERITY_JUSTIFICATION"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"SEVERITY_JUSTIFICATION",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"STIG_DATA"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/STIGDATA"
}
},
"elementName":{
"localPart":"STIG_DATA",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"HOST_MAC"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"HOST_MAC",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"HOST_GUID"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"HOST_GUID",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"STATUS"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"NotAFinding",
"Open",
"Not_Applicable",
"Not_Reviewed"
]
}
]
}
},
"elementName":{
"localPart":"STATUS",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"COMMENTS"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"COMMENTS",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"VULN"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/VULN"
}
},
"elementName":{
"localPart":"VULN",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"STIG_INFO"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/STIGINFO"
}
},
"elementName":{
"localPart":"STIG_INFO",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"ASSET"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/ASSET"
}
},
"elementName":{
"localPart":"ASSET",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"CHECKLIST"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/CHECKLIST"
}
},
"elementName":{
"localPart":"CHECKLIST",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"iSTIG"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/ISTIG"
}
},
"elementName":{
"localPart":"iSTIG",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"HOST_IP"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"HOST_IP",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"STIG_GUID"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"STIG_GUID",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"WEB_OR_DATABASE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/boolean"
}
},
"elementName":{
"localPart":"WEB_OR_DATABASE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"SID_DATA"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"SID_DATA",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"TECH_AREA"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"",
"Application Review",
"Boundary Security",
"CDS Admin Review",
"CDS Technical Review",
"Database Review",
"Domain Name System (DNS)",
"Exchange Server",
"Host Based System Security (HBSS)",
"Internal Network",
"Mobility",
"Releasable Networks (REL)",
"Releaseable Networks (REL)",
"Traditional Security",
"UNIX OS",
"VVOIP Review",
"Web Review",
"Windows OS",
"Other Review"
]
}
]
}
},
"elementName":{
"localPart":"TECH_AREA",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"ATTRIBUTE_DATA"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"ATTRIBUTE_DATA",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"ASSET_TYPE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"Computing",
"Non-Computing"
]
}
]
}
},
"elementName":{
"localPart":"ASSET_TYPE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"VULN_ATTRIBUTE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/string"
},
{
"enum":[
"CCI_REF",
"Check_Content",
"Check_Content_Ref",
"Class",
"Documentable",
"False_Negatives",
"False_Positives",
"Fix_Text",
"Group_Title",
"IA_Controls",
"Mitigation_Control",
"Mitigations",
"Potential_Impact",
"Responsibility",
"Rule_ID",
"Rule_Title",
"Rule_Ver",
"STIGRef",
"Security_Override_Guidance",
"Severity",
"Third_Party_Tools",
"Vuln_Discuss",
"Vuln_Num",
"Weight",
"TargetKey",
"STIG_UUID",
"LEGACY_ID"
]
}
]
}
},
"elementName":{
"localPart":"VULN_ATTRIBUTE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"TARGET_COMMENT"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"TARGET_COMMENT",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"SI_DATA"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/SIDATA"
}
},
"elementName":{
"localPart":"SI_DATA",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"WEB_DB_SITE"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"XMLSchema.jsonschema#/definitions/string"
}
},
"elementName":{
"localPart":"WEB_DB_SITE",
"namespaceURI":""
}
},
{
"type":"object",
"properties":{
"name":{
"allOf":[
{
"$ref":"XMLSchema.jsonschema#/definitions/QName"
},
{
"type":"object",
"properties":{
"localPart":{
"enum":[
"STIGS"
]
},
"namespaceURI":{
"enum":[
""
]
}
}
}
]
},
"value":{
"$ref":"#/definitions/STIGS"
}
},
"elementName":{
"localPart":"STIGS",
"namespaceURI":""
}
}
]
}
Use the following command line syntax to generate a file with the type structure to use.
npx quicktype -l ts -s schema --src <PATH-TO-JSONSCHEMA-FILE.jsonschema> -o <PATH-TO-CREATE-FILE.ts> --runtime-typecheck
You may find you will have to install quicktype if not install if you receive this message:
Need to install the following packages:
quicktype@#.#.#
Ok to proceed? (y)
The resulting file will contain both the type structure and a class for parsing json strings. This class is not necessary for Heimdall and can be removed.
The types should be tightened up in a few ways. For example, any
should be substituted with actual types or unknown
, allowance for generic indexable fields (i.e. [property: string]: any
) should be removed unless that type is intended on being expandable in that fashion, and the syntax should be changed from interface
to type
.
// ORIGINAL
export interface Name {
};
// CHANGE TO
export type Name = {
};
Store the contents of the type in a <FILE-NAME>.d.ts
file under the /types directory.
Specific details for a particular map or HDF Converters file can be found here.
An abstract class added to assist with implementation of JSONIX library. Contains a constructor that requires the XML string of the file and the type object generated from the quicktype
command.
The class also contains a toJsonix()
function that uses the map object generated from the jsonix-schema-compiler
and returns a Jsonix mapped object. This object can then be used to map directly to HDF.
However, in some instances, it may be more useful to create an intermediate object that flattens and makes the elements directly accessible. As example, if the schema defines key-value pairs as the values of repeated elements such as:
{
"sidname": "version",
"siddata": "1"
},
{
"sidname": "description",
"siddata": "This STIG is published ..."
} ...
In this scenario, making an intermediate object allows for the use of path
keyword when mapping to HDF rather than relying on string matching. Turning the above example into:
{
"version": "1",
"description": "This STIG is published ..."
}
This is the purpose of this abstract class. It will require the type object generated from the quicktype
command and the hand-created type generated by the implementation of the abstract function toIntermediateObject()
. The implementation of an intermediate object is to stay as close to the structure of the schema. Since this is a custom implementation, the type is not something automated.
The spreadsheet below contains the following headers and are defined as follows:
- Checklist - Elements found in Checklist file
- Checklist (intermediate Object found in Passthrough) - Object used in Checklist Mapper
- Typical Values and/or StigViewer area - What are the typical values (and default if defined) and where in StigViewer is it found
- is Searchable? - Does StigViewer provide a filter or search option for field?
- HDF - What part of the HDF schema is matched to
- Notes - Extra details
Correlation Spreadsheet
Checklist | ChecklistFile (intermediate Object found in Passthrough) | Typical Values and/or StigViewer area | is Searchable? | HDF | Notes |
---|---|---|---|---|---|
ASSET | ChecklistAsset | ||||
ROLE | role | Default None | Workstation | Member Server | Domain Controller | |||
ASSET_TYPE | assettype | Target Data (Computing | Non-Computing) | |||
MARKING | marking | Target Data (default CUI) | Hardcoded to CUI: private String marking = "CUI"; | ||
HOST_NAME | hostname | Target Data | |||
HOST_IP | hostip | Target Data | |||
HOST_MAC | hostmac | Target Data | |||
HOST_GUID | |||||
HOST_FQDN | hostfqdn | Target Data | |||
TARGET_COMMENT | targetcomment | Target Data | |||
TECH_AREA | techarea | Under Technology Area - dropdown | There is a supported spelling error | ||
TARKET_KEY | targetkey | First non-empty vuln attr.TargetKey | if (cs.size() > 0 && ( (STIG)cs.get(0)).getVulnList().size() > 0) this.Checklist.setTargetKey(((Vuln)((STIG)cs .get(0)).getVulnList().get(0)).getAttr(Vuln.VulnAttr.TargetKey)); | ||
STIG_GUID | |||||
WEB_OR_DATABASE | webordatabase | Checkbox Boolean default False | |||
WEB_DB_SITE | webdbsite | If above is true | |||
WEB_DB_INSTANCE | webdbinstance | If above is true | |||
STIGS | ChecklistStig | ||||
iSTIG | |||||
STIG_INFO | StigHeader | ||||
CLASSIFICATION | classification | Default UNCLASSIFIED | UNCLASSIFIED//FOR OFFICIAL USE ONLY | CUI | This alters Vuln.Class to equal Unclass | FOUO | CUI and this is what appears next to Classification in viewer | ||
CUSTOMNAME | customname | Typically empty | Does not appear to have a viewable component linked | ||
DESCRIPTION | description | Either This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]. OR This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]. | profiles.summary | This can also be blank and appears the Export is using some concatenation of the filename + version + sha256 + maintainer + copyright + copyright_email + number of controls | |
FILENAME | filename | Specific XXCDF Filename | |||
NOTICE | notice | Only value I have seen is terms-of-use | profiles.license | Code in source that parses it does not appear in viewer case "notice": this.ImportSTIG.setSTIG_notice(parseXMLAttr("id")); | |
RELEASEINFO | releaseinfo | Release: # Benchmark Date: dd mon yyyy | Appears in 'title' at top after :: and Version # | ||
SOURCE | source | Only value I have seen is STIG.DOD.MIL | |||
STIGID | stigid | Seems to be a duplicate field of title but snake cased | |||
TITLE | title | Title of STIG | profiles.title && profiles.name | This appears as the first element at top | |
UUID | uuid | ||||
VERSION | version | Version # of the stig typically a number | profiles.version | This appears just after the 'title' and :: Version # | |
VULN | ChecklistVuln | ||||
STIG_DATA | |||||
CCI_REF | cciRef | List of CCI numbers | yes | profiles.controls.tags.cci && profiles.controls.tags.nist using transform | CCI Definitions and NIST Control Maps are down internally with the use of U_CCI_List.xml and displayed under References. Also appears as a column in center |
CHECK_CONTENT | checkContent | string | profiles.controls.descriptions as check | Appears as Check Text | |
CHECK_CONTENT_REF | checkContentRef | M always M | |||
CLASS | class | Unclass | FOUO | CUI | This is what appears next to Classification in viewer and seems to be controlled by the CLASSIFICATION value | ||
DOCUMENTABLE | documentable | Boolean | Only value I have seen is 'false' and is used during the StigViewer Export to print Yes or No. | ||
FALSE_NEGATIVES | falseNegatives | profiles.controls.tags.false_negatives | |||
FALSE_POSITIVES | falsePositives | profiles.controls.tags.false_positives | |||
FIX_TEXT | fixText | string | profiles.controls.descriptions as fix | Appears as Fix Text | |
GROUP_TITLE | groupTitle | profiles.controls.tags.gtitle | Appears as Rule Name in center | ||
IA_CONTROLS | iaControls | List of DOD-8500.2 controls | yes | profiles.controls.tags.ia_controls | If existing, appears under References as MISC Data |
MITIGATION_CONTROL | mitigationControls | profiles.controls.tags.mitigation_controls | |||
MITIGATIONS | mitigations | profiles.controls.tags.mitigations | |||
POTENTIAL_IMPACT | potentialImpact | profiles.controls.tags.potential_impact | |||
RESPONSIBILITY | responsibility | profiles.tags.responsibility | |||
RULE_ID | ruleId | Rule ID | yes | profiles.controls.tags.rid | Appears in center column as Rule ID and as field in header |
RULE_TITLE | ruleTitle | Rule Title | yes | profiles.controls.title | Appears as Rule Title |
RULE_VER | ruleVersion | STIG ID | yes | profiles.controls.tags.stigId | Appears in center column as STIG ID and as field in header |
STIGREF | stigRef | Full Title <title> :: Version , <release_info> | profiles.controls.tags.stig_ref | Appears at the top of the header area | |
SECURITY_OVERRIDE_GUIDANCE | securityOverrideGuidance | profiles.controls.tags.security_override_guidance | |||
SEVERITY | severity | low | medium | high | yes (as individuals) | profiles.controls.impact through transformer | Corresponds with CAT III | CAT II | CAT I |
THIRD_PARTY_TOOLS | thirdPartyTools | Typically empty | When this has a value it is displayed under MISC Data | ||
VULN_DISCUSS | vulnDiscuss | Discussion | profiles.controls.desc | Appears as Discussion | |
VULN_NUM | vulnNum | Vul ID | yes | profiles.controls.tags.gid && profiles.controls.id | Appears as Vul ID |
WEIGHT | weight | Unknown but typically always 10.0 | profiles.controls.tags.weight | ||
TARGETKEY | targetKey | Defined as "Asset Posture" under Vuln.class in STIG Viewer and typically a four digit number | Each STIG appears to have their own as each Vuln is the same under the same iSTIG object - not displayed | ||
STIG_UUID | stigUuid | ||||
LEGACY_ID | legacyId | Legacy Group ID THEN Rule ID | yes | profiles.controls.tags.legacy_id | Is displayed as Legacy IDs: in header |
STATUS | status | Not Reviewed | Open | Not a Finding | Not Applicable | yes (as individuals) | profiles.controls.results.status through transformer AND profiles.controls.impact through transformer | Displayed as dropdown at top |
FINDING_DETAILS | findingDetails | Findings | profiles.controle.results.code_desc && profiles.controls.results.message through transformer | Displayed as Finding Details full text area and uses setCHK_Notes as updater | |
COMMENTS | comments | Comments | profiles.controls.descriptions as comments | Displayed as Comments full text area and uses setCheckComment as updater | |
SEVERITY_OVERRIDE | severityOverride | ''| low | medium | high | profiles.controls.impact through transformer | Does not have a good display that the original severity was changed | |
SEVERITY_JUSTIFICATION | severityJustification | Reason for changing severity | profiles.controls.tags.severity_justification | Is not displayed anywhere |
Nessus Converter Information
Nessus scan reports (.nessus
files) are XML files. The basic structure of a Nessus scan report is as follows.
<Report>
<ReportHost>
<HostProperties>
. . .
</HostProperties>
<ReportItem>
. . .
</ReportItem>
</ReportHost>
. . .
</Report>
Note that a report can have more than one <ReportHost>
element, to represent a single scan with multiple targets. The hdf-converters
library handles this by generating a unique OHDF file for each <ReportHost>
element that it processes. There is a one-to-one relationship between the hostname described by a <ReportHost>
element and the filename generated by the converter. This means that loading a single .nessus
file with more than one host into Heimdall will automatically split that file into multiple files.
Each control checked as part of a scan profile is recorded as a <ReportItem>
element. Nessus scans are conducted as a set of plugins, where each plugin can run an arbitrary number of controls.
A sample of an individual <ReportItem>
will look something like the following:
<ReportItem port="0" svc_name="general" protocol="tcp" severity="3" pluginID="21157" pluginName="Unix Compliance Checks" pluginFamily="Policy Compliance">
<cm:compliance-check-name>RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display.</cm:compliance-check-name>
<cm:compliance-benchmark-version>1.9.0</cm:compliance-benchmark-version>
<cm:compliance-actual-value>No matching files were found
Less than 1 matches of regex found</cm:compliance-actual-value>
<description>"RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display." : [FAILED]
When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.
Solution:
Configure the SSH daemon to prevent remote hosts from connecting to the proxy display.
Edit the '/etc/ssh/sshd_config' file to uncomment or add the line for the 'X11UseLocalhost' keyword and set its value to 'yes' (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
X11UseLocalhost yes
See Also: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V1R9_STIG.zip
Reference: 800-171|3.4.2,800-53|CM-6b.,800-53r5|CM-6b.,CAT|II,CCI|CCI-000366,CN-L3|8.1.10.6(d),CSF|PR.IP-1,DISA_Benchmark|RHEL_8_STIG,GDPR|32.1.b,HIPAA|164.306(a)(1),ITSG-33|CM-6b.,NESA|T3.2.1,Rule-ID|SV-230556r858723_rule,STIG-ID|RHEL-08-040341,SWIFT-CSCv1|2.3,Vuln-ID|V-230556
Policy Value:
expect: ^[\s]*(?i)X11UseLocalhost(?-i)[\s]+yes[\s]*$ file: /etc/ssh/sshd_config* /etc/ssh/sshd_config*/* file_required: NO min_occurrences: 1 regex: ^[\s]*(?i)X11UseLocalhost(?-i)[\s] string_required: NO system: Linux
Actual Value:
No matching files were found Less than 1 matches of regex found</description>
<cm:compliance-source>custom</cm:compliance-source>
<cm:compliance-audit-file>dd15d62f-a296-59d3-a7dc-3f7a21c1210f-2058882-scfile_mNUdS1</cm:compliance-audit-file>
<cm:compliance-check-id>fff20a85dd8bd57decda4bd3cbe90112853add4df931ff9732608cecca02cfe7</cm:compliance-check-id>
<cm:compliance-policy-value>expect: ^[\s]*(?i)X11UseLocalhost(?-i)[\s]+yes[\s]*$
file: /etc/ssh/sshd_config* /etc/ssh/sshd_config*/*
file_required: NO
min_occurrences: 1
regex: ^[\s]*(?i)X11UseLocalhost(?-i)[\s]
string_required: NO
system: Linux</cm:compliance-policy-value>
<cm:compliance-functional-id>7ddcc9b55e</cm:compliance-functional-id>
<cm:compliance-uname>Linux ip-10-201-149-27.us-gov-west-1.compute.internal 4.18.0-477.10.1.el8_8.x86_64 #1 SMP Wed Apr 5 13:35:01 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux</cm:compliance-uname>
<cm:compliance-info>When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.</cm:compliance-info>
<cm:compliance-result>PASSED</cm:compliance-result>
<cm:compliance-informational-id>cdbaa8d6322dcfd726d3fee79ee11c5840215cd782c1c6c7ca4dd3c9af34be2c</cm:compliance-informational-id>
<cm:compliance-reference>800-171|3.4.2,800-53|CM-6b.,800-53r5|CM-6b.,CAT|II,CCI|CCI-000366,CN-L3|8.1.10.6(d),CSF|PR.IP-1,DISA_Benchmark|RHEL_8_STIG,GDPR|32.1.b,HIPAA|164.306(a)(1),ITSG-33|CM-6b.,NESA|T3.2.1,Rule-ID|SV-230556r858723_rule,STIG-ID|RHEL-08-040341,SWIFT-CSCv1|2.3,Vuln-ID|V-230556</cm:compliance-reference>
<cm:compliance-solution>Configure the SSH daemon to prevent remote hosts from connecting to the proxy display.
Edit the '/etc/ssh/sshd_config' file to uncomment or add the line for the 'X11UseLocalhost' keyword and set its value to 'yes' (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
X11UseLocalhost yes</cm:compliance-solution>
<cm:compliance-benchmark-name>DISA STIG Red Hat Enterprise Linux 8</cm:compliance-benchmark-name>
<cm:compliance-control-id>05101c25f45b3d92efecb32ed5462bb36db86a81092483cccbacf20e86fc82eb</cm:compliance-control-id>
<cm:compliance-see-also>https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V1R9_STIG.zip</cm:compliance-see-also>
<cm:compliance-full-id>fff20a85dd8bd57decda4bd3cbe90112853add4df931ff9732608cecca02cfe7</cm:compliance-full-id>
</ReportItem>
<ReportItem>
...
</ReportItem>
The Nessus mapper that parses these files can be found at at libs/hdf-converters/src/nessus-mapper.ts
.
Notes:
- The Nessus mapper strips off the namespace of each element when it loads the scan as XML (ex. the
cm:
in the elements like <cm:compliance-full-id>
in the example above will be removed). - The Nessus mapper populates the OHDF schema using the fields starting with
compliance-*
. If for any reason it cannot find those fields, it falls back on using the overall plugin information in the attributes of the<ReportItem>
tag.