add referenceLabel

Author: ioggstream

data-new/BuildAndDeployment/Sub-Dimensions.yaml

@@ -57,10 +57,11 @@ Build:
     implementation:
     - *ci-cd
     - Container technologies and orchestration like Docker, Kubernetes
-    samm2: i-secure-build|A|1
-    iso27001-2017:
-    - 12.1.1
-    - 14.2.2
+    references:
+      samm2: i-secure-build|A|1
+      iso27001-2017:
+      - 12.1.1
+      - 14.2.2
   Signing of code:
     risk: Unauthorized manipulation of source code might be difficult to spot.
     measure: Digitally signing commits helps to prevent unauthorized manipulation
@@ -74,10 +75,11 @@ Build:
     implementation: ~
     dependsOn:
     - Defined build process
-    samm: OA3-B
-    samm2: i-secure-build|A|2
-    iso27001-2017:
-    - 14.2.6
+    references:
+      samm: OA3-B
+      samm2: i-secure-build|A|2
+      iso27001-2017:
+      - 14.2.6
   Signing of artifacts:
     risk: Unauthorized manipulation of artifacts might be difficult to spot. For
       example, this may result in images with malicious code in the Docker registry.
@@ -94,10 +96,13 @@ Build:
     - <a href="https://in-toto.github.io/">in-toto</a>
     dependsOn:
     - Defined build process
-    samm: OA3-B
-    samm2: i-secure-build|A|1
-    iso27001-2017:
-    - 14.2.6
+    references:
+      samm:
+      - OA3-B
+      samm2:
+      - i-secure-build|A|1
+      iso27001-2017:
+      - 14.2.6
 Deployment:
   Backup before deployment:
     risk: If errors are experienced during the deployment process you want to deploy
@@ -114,11 +119,12 @@ Deployment:
       complex environments, a Point in Time Recovery for databases should be implemented.
     dependsOn:
     - Defined deployment process
-    samm: OE2-A
-    samm2: TODO
-    iso27001-2017:
-    - "12.3"
-    - 14.2.6
+    references:
+      samm: OE2-A
+      samm2: TODO
+      iso27001-2017:
+      - "12.3"
+      - 14.2.6
   Blue/Green Deployment:
     risk: A new artifacts version can have unknown defects.
     measure: By having multiple production environments, a deployment can be performant
@@ -134,14 +140,15 @@ Deployment:
       Deployments</a>
     dependsOn:
     - Smoke Test
-    samm2: TODO
-    iso27001-2017:
-    - 17.2.1
-    - 12.1.1
-    - 12.1.2
-    - 12.1.4
-    - 12.5.1
-    - 14.2.9
+    references:
+      samm2: TODO
+      iso27001-2017:
+      - 17.2.1
+      - 12.1.1
+      - 12.1.2
+      - 12.1.4
+      - 12.5.1
+      - 14.2.9
   Defined deployment process:
     risk: Deployments without a defined process are error prone thus allowing old
       or untested artifact to be deployed.
@@ -154,10 +161,11 @@ Deployment:
     usefulness: 4
     level: 1
     implementation: Jenkins, Docker
-    samm2: i-secure-deployment|A|1
-    iso27001-2017:
-    - 12.1.1
-    - 14.2.2
+    references:
+      samm2: i-secure-deployment|A|1
+      iso27001-2017:
+      - 12.1.1
+      - 14.2.2
   Environment depending configuration parameters:
     risk: Attackers who compromise source code can see confidential access information
       like database credentials.
@@ -170,11 +178,12 @@ Deployment:
     usefulness: 4
     level: 2
     implementation: ""
-    samm: SA2-A
-    samm2: i-secure-deployment|B|1
-    iso27001-2017:
-    - 9.4.5
-    - 14.2.6
+    references:
+      samm: SA2-A
+      samm2: i-secure-deployment|B|1
+      iso27001-2017:
+      - 9.4.5
+      - 14.2.6
   Handover of confidential parameters:
     risk:
     - Attackers who compromise a system can see confidential access information
@@ -194,14 +203,15 @@ Deployment:
     implementation: ""
     dependsOn:
     - Environment depending configuration parameters
-    samm: SA2-A
-    samm2: i-secure-deployment|B|2 TODO might be 1
-    iso27001-2017:
-    - 14.1.3
-    - 13.1.3
-    - 9.4.3
-    - 9.4.1
-    - 10.1.2
+    references:
+      samm: SA2-A
+      samm2: i-secure-deployment|B|2 TODO might be 1
+      iso27001-2017:
+      - 14.1.3
+      - 13.1.3
+      - 9.4.3
+      - 9.4.1
+      - 10.1.2
   Rolling update on deployment:
     risk: While a deployment is performed, the application can not be reached.
     measure: A deployment without downtime is performed*.

detail.php

@@ -80,40 +80,22 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep
     }
 
     printReferences($element);
-
-    if (array_key_exists("samm", $element) && !empty($element['samm'])) {
-    	$samm = $element['samm'];
-    	echo "<div><b>OWASP SAMM 1 Mapping:</b> $samm</div>";
-    }
-    if (array_key_exists("samm2", $element) && !empty($element['samm2'])) {
-    	$samm = $element['samm2'];
-    	echo "<div><b>OWASP SAMM 2 Mapping:</b> $samm</div>";
-    }
-    if (array_key_exists("iso27001-2017", $element) && !empty($element['iso27001-2017'])) {
-        echo "<div><b>ISO27001:2017 Controls Mapping:</b></div>";
-
-        echo "<ul>";
-        foreach ($element['iso27001-2017'] as $isocontrol) {
-            echo "<li>$isocontrol</li>";
-        }
-        echo "</ul>";
-    }
 }
 
 function printReferences($element) {
     if (!array_key_exists("references", $element)) {
         return;
     }
     $actionLabels = readYaml("data/strings.yml#/actionLabels");
-    $referenceLabels = readYaml("data/strings.yml#/strings/en/references");
 
     $references = $element['references'];
     foreach ($references as $r => $values) {
-        $label = $referenceLabels[$r]['label'] ? $referenceLabels[$r]['label'] : $r ;
+        $label = getReferenceLabel($r);
         echo "<div><h3>$label</h3></div>";
         echo "<ul><li>".  implode("</li><li>", $values) ."</li></ul>";
     }
 
 
 }
+echo var_dump($dimensions);
 printDetail($dimension, $subdimension, $activityName, $dimensions);

functions.php

@@ -30,6 +30,10 @@ function getActions($dimensions) {
     }
 }
 
+function getReferenceLabel($reference_id) {
+    $referenceLabels = readYaml("data/strings.yml#/strings/en/references");
+    return $referenceLabels[$reference_id]["label"] ?? $reference_id;
+}
 
 // TODO create testcases
 

mappings.php

@@ -11,33 +11,38 @@
 
 $mappingExists = array();
 $noMappingExists = array();
+$sort = $_GET["sort"] ?? "activity";
 
-if(array_key_exists("sort", $_GET)) {
-    $sort = $_GET["sort"];
-}else {
-    $sort = "activity";
+
+$referenceLabels = readYaml("data/strings.yml#/strings/en/references");
+
+function formCheck($reference_id) {
+        if($_GET['sort'] == $reference_id) {
+            $checked = "checked";
+        }
+        $reference_label = $referenceLabels[$reference_id]["label"] ?? $reference_id;
+        echo '
+        <div class="form-check">
+        <input class="form-check-input" type="radio" name="sort" id="exampleRadios2" value="'.$reference_id.'"
+         '. $checked. '
+        <label class="form-check-label" for="exampleRadios2">'. $reference_label.'</label>
+        </div>
+        ';
 }
 
 ?>
-
 <form method="get">
     <div class="form-check">
-        <input class="form-check-input" type="radio" name="sort" id="exampleRadios1" value="activity" <?php if($_GET['sort'] == "activity") echo "checked"; ?>>
-        <label class="form-check-label" for="exampleRadios1">
-            Activity
-        </label>
-        </div>
-        <div class="form-check">
-        <input class="form-check-input" type="radio" name="sort" id="exampleRadios2" value="samm2" <?php if($_GET['sort'] == "samm2") echo "checked"; ?>>
-        <label class="form-check-label" for="exampleRadios2">
-            SAMM 2
-        </label>
-        </div>
-        <div class="form-check">
-        <input class="form-check-input" type="radio" name="sort" id="exampleRadios3" value="iso27001-2017" <?php if($_GET['sort'] == "iso27001-2017") echo "checked"; ?>>
-        <label class="form-check-label" for="exampleRadios3">
-            ISO27001:27001
-        </label>
+        <input class="form-check-input" type="radio" name="sort" id="exampleRadios1" value="activity"
+         <?php if($_GET['sort'] == "activity") echo "checked"; ?>>
+        <label class="form-check-label" for="exampleRadios1"> Activity </label>
+    </div>
+    <?php
+    foreach($referenceLabels as $r) {
+        echo formCheck($r);
+    }
+    ?>
+
     </div>
     <div class="form-check">
         <input type="checkbox" class="form-check-input" name="performed" id="exampleCheck1" value="true" <?php if($showPerformed) {echo " checked=checked";}?>>
@@ -85,13 +90,7 @@
     <table class="table">
     <thead>
         <tr>
-            <?php
-                if($sort == "iso27001-2017") {
-                    echo '<th scope="col">ISO 27001 Control</th>';
-                }else {
-                    echo '<th scope="col">' . $sort . '</th>';
-                }
-            ?>
+            <?php echo '<th scope="col">' . $sort . '</th>'; ?>
             <th scope="col">Dimension</th>
             <th scope="col">Subdimension</th>
             <th scope="col">Actvity</th>

scutter.php

@@ -161,7 +161,8 @@ function toggle() {
 <form action="?" method="get">
 <input name="aggregated" type="hidden"
 <?php
-if($_GET['aggregated'] == "true") {
+$aggregated = $_GET['aggregated'] ?? null;
+if($aggregated == "true") {
     echo "value='false'";
 }else {
     echo "value='true'";
@@ -171,7 +172,7 @@ function toggle() {
 </input>
     <button id="">
         <?php
-        if($_GET['aggregated'] == "true") {
+        if($aggregated == "true") {
             echo "Show specific values";
         }else {
             echo "Show total values";