working mappings.php

Author: ioggstream

data-new/BuildAndDeployment/Sub-Dimensions.yaml

@@ -36,9 +36,9 @@ Build:
     - *ci-cd
     references:
       samm2:
-      - i-secure-build|A|2
+      - "samm2:i-secure-build|A|2"
       iso27001-2017:
-      - 14.2.6
+      - "iso27001-2017:14.2.6"
   Defined build process:
     risk:
     - Performing builds without a defined process is error prone; for example, as
@@ -58,7 +58,8 @@ Build:
     - *ci-cd
     - Container technologies and orchestration like Docker, Kubernetes
     references:
-      samm2: i-secure-build|A|1
+      samm2:
+      - i-secure-build|A|1
       iso27001-2017:
       - 12.1.1
       - 14.2.2
@@ -120,8 +121,10 @@ Deployment:
     dependsOn:
     - Defined deployment process
     references:
-      samm: OE2-A
-      samm2: TODO
+      samm:
+      - OE2-A
+      samm2:
+        - TODO
       iso27001-2017:
       - "12.3"
       - 14.2.6
@@ -141,7 +144,8 @@ Deployment:
     dependsOn:
     - Smoke Test
     references:
-      samm2: TODO
+      samm2:
+      - TODO
       iso27001-2017:
       - 17.2.1
       - 12.1.1
@@ -179,8 +183,10 @@ Deployment:
     level: 2
     implementation: ""
     references:
-      samm: SA2-A
-      samm2: i-secure-deployment|B|1
+      samm:
+      - SA2-A
+      samm2:
+      - i-secure-deployment|B|1
       iso27001-2017:
       - 9.4.5
       - 14.2.6
@@ -283,7 +289,7 @@ Deployment:
       resources: 1
     usefulness: 3
     level: 2
-    samm2: i-secure-deployment|A|2
+    samm2: samm2:i-secure-deployment|A|2
     iso27001-2017:
     - 15.1.1
     - 15.1.2

data/strings.yml

@@ -5,17 +5,22 @@
 strings:
   en: &en
     references:
+      samm2:
+        label: OWASP SAMM VERSION 2
+        description: |-
+          https://owaspsamm.org/blog/2020/01/31/samm2-release/
+      iso27001-2017:
+        label: ISO27001 2017
+        description: |-
+          ISO 27001 / 2017
       samm:
         label: OWASP SAMM (Software Assurance Maturity Model)
         description: |-
           Software Assurance Maturity Model
           The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate
           and implement a strategy for software security that is tailored
           to the specific risks facing the organization.
-      samm2:
-        label: OWASP SAMM VERSION 2
-        description: |-
-          https://owaspsamm.org/blog/2020/01/31/samm2-release/
+
     labels: ["Very Low", "Low", "Medium", "High", "Very High"]
     hardness: ["Very soft", "Soft", "Medium", "High", "Very high"]
     maturity_levels: ["Level 1: Basic understanding of security practices" ,

detail.php

@@ -1,20 +1,22 @@
 <?php
 
-$title = "Details for '" . htmlspecialchars($_GET['element']) . "'";
+if (array_key_exists("element", $_GET)) {
+    $title = "Details for '" . htmlspecialchars($_GET['element']) . "'";
+}
 include_once "head.php";
 ?>
     <body>
 <?php
 include_once "data.php";
 include_once "navi.php";
 
-$dimension = $_GET['dimension'];
-$subdimension = $_GET['subdimension'];
-$activityName = $_GET['element'];
+$dimension = $_GET['dimension'] ?? null;
+$subdimension = $_GET['subdimension'] ?? null;
+$activityName = $_GET['element'] ?? null;
 
 function printDetail($dimension, $subdimension, $activityName, $dimensions, $report = false)
 {
-    $element = $dimensions[$dimension][$subdimension][$activityName];
+    $element = $dimensions[$dimension][$subdimension][$activityName] ?? null;
 
     if ($element == null) { //Whitelist approach for security reasons (deny XSS)
         //echo "Sorry, we could not found the element";
@@ -90,12 +92,15 @@ function printReferences($element) {
 
     $references = $element['references'];
     foreach ($references as $r => $values) {
+        // if it's not an array, array-ze it. Remove after fixing all yamls.
+        $values = is_array($values) ? $values : array($values);
+
         $label = getReferenceLabel($r);
         echo "<div><h3>$label</h3></div>";
         echo "<ul><li>".  implode("</li><li>", $values) ."</li></ul>";
     }
 
 
 }
-echo var_dump($dimensions);
+// echo var_dump($dimensions);
 printDetail($dimension, $subdimension, $activityName, $dimensions);

functions.php

@@ -17,6 +17,7 @@ function readYaml($file) {
     return $ret;
 }
 
+/** This function should be a sort of db wrapper. */
 function getActions($dimensions) {
     ksort($dimensions);
     foreach ($dimensions as $dimension => $subdimensions) {
@@ -30,11 +31,43 @@ function getActions($dimensions) {
     }
 }
 
+function getReferenceLabels(){
+    return readYaml("data/strings.yml#/strings/en/references");
+}
 function getReferenceLabel($reference_id) {
     $referenceLabels = readYaml("data/strings.yml#/strings/en/references");
+
     return $referenceLabels[$reference_id]["label"] ?? $reference_id;
 }
 
+
+function renderSamm($samm_reference){
+    return "$samm_reference";
+}
+function as_list($items){
+    if(is_array($items)){
+        yield from $items;
+    } else {
+        yield $items;
+    }
+}
+function renderSamms($samm_references) {
+    if( ! is_array($samm_references) ){
+        return renderSamm($samm_references);
+    }
+
+        $ret = "<ul><li>"
+            . implode("</li><li>", array_map('renderSamm', $samm_references)) 
+            ."</li></ul>";
+    return $ret;
+}
+function getReferences($references) {
+    foreach ($references as $r_name => $rlist) {
+
+    }
+
+}
+
 // TODO create testcases
 
 function test_getActions(){