BUG - TypeError: Cannot read properties of undefined (reading 'length') when converting HDF to CSV #2925
Description
Describe the bug
Currently when attempting to convert a seemingly valid XCCDF file from oscap-docker, an error occurs. This happens on 1.4.15 of saf
/ # saf convert hdf2csv -i openscap-report.hdf.json -o report.csv -t
/usr/local/lib/node_modules/@mitre/saf/lib/commands/convert/hdf2csv.js:34
if ((row[key]).length > 32767) {
^
TypeError: Cannot read properties of undefined (reading 'length')
at /usr/local/lib/node_modules/@mitre/saf/lib/commands/convert/hdf2csv.js:34:32
at Array.map (<anonymous>)
at HDF2CSV.run (/usr/local/lib/node_modules/@mitre/saf/lib/commands/convert/hdf2csv.js:31:21)
at async HDF2CSV._run (/usr/local/lib/node_modules/@mitre/saf/node_modules/@oclif/core/lib/command.js:301:22)
at async Config.runCommand (/usr/local/lib/node_modules/@mitre/saf/node_modules/@oclif/core/lib/config/config.js:424:25)
at async Object.run (/usr/local/lib/node_modules/@mitre/saf/node_modules/@oclif/core/lib/main.js:95:16)
To Reproduce
Steps to reproduce the behavior:
- Get a hold of the chainguard profile from https://github.com/chainguard-dev/stigs .
- Use docker-oscap to perform an analysis, E.G.:
oscap-docker image "chainguard/wolfi-base:latest" xccdf eval --verbose ERROR --fetch-remote-resources --profile "xccdf_basic_profile_.check" --results "openscap-report.xml" --report "opensca
p-report.html" "ssg/stigs-0.1.2/gpos/xml/scap/ssg/content/ssg-chainguard-gpos-ds.xml"
-
Use SAF to convert the results to HDF, E.G.:
saf convert xccdf_results2hdf -i "openscap-report.xml" -o openscap-report.hdf -
Use SAF to convert the HDF to CSV, E.G.:
saf convert hdf2csv -i openscap-report.hdf.json -o report.csv -t
Expected behavior
I expect SAF to convert the file into a HDF file, and then into a CSV. I expect the CSV to be valid.
Additional context
I am attaching the XCCDF file that gets generated from the Wolfi STIG artifacts as well as the HDF file that is generated.