Merge pull request #63 from northdpole/master

CRE Mappings
OWASP · Jun 12, 2023 · 584df44 · 584df44
2 parents 9809034 + c89c5b3
commit 584df44
Show file tree

Hide file tree

Showing 4 changed files with 342 additions and 0 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -6,3 +6,12 @@ setuptools == 67.8.0 --hash=sha256:5df61bf30bb10c6f756eb19e7c9f3b473051f48db77fd
 platformdirs == 3.5.3 --hash=sha256:0ade98a4895e87dc51d47151f7d2ec290365a585151d97b4d8d6312ed6132fed --hash=sha256:e48fabd87db8f3a7df7150a4a5ea22c546ee8bc39bc2473244730d4b56d2cc4e
 filelock == 3.12.1 --hash=sha256:42f1e4ff2b497311213d61ad7aac5fed9050608e5309573f101eefa94143134a --hash=sha256:82b1f7da46f0ae42abf1bc78e548667f484ac59d2bcec38c713cee7e2eb51e83
 distlib == 0.3.6 --hash=sha256:f35c4b692542ca110de7ef0bea44d73981caeb34ca0b9b6b2e6d7790dda8f80e
+certifi==2023.5.7
+idna==3.4 --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2
+pypng==0.20220715.0 --hash=sha256:4a43e969b8f5aaafb2a415536c1a8ec7e341cd6a3f957fd5b5f32a4cfeed902c
+PyYAML==6.0 --hash=sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2
+qrcode==7.4.2 --hash=sha256:581dca7a029bcb2deef5d01068e39093e80ef00b4a61098a2182eac59d01643a
+requests==2.31.0 --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f
+typing_extensions==4.6.3 --hash=sha256:88a4153d8505aabbb4e13aacb7c486c2b4a33ca3b3f807914a9b4c844c471c26
+urllib3==2.0.3 --hash=sha256:48e7fafa40319d358848e1bc6809b208340fafe2096f1725d05d67443d0483d1
+charset-normalizer==3.1.0 --hash=sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324
diff --git a/scripts/gen_mappings.py b/scripts/gen_mappings.py
@@ -0,0 +1,79 @@
+import argparse
+import yaml
+import requests
+import qrcode
+import qrcode.image.svg
+
+opencre_base_url = "https://opencre.org"
+opencre_rest_url = "https://opencre.org/rest/v1"
+CORNUCOPIA_VERSION = "1.20"
+
+def make_cre_link(id:str, frontend:bool=False):
+    if frontend:
+        return f"{opencre_base_url}/cre/{id}"
+    else:
+        return f"{opencre_rest_url}/id/{id}"
+
+def produce_ecommerce_mappings(source_file,
+                               standards_to_add=[
+                                   "ASVS",
+                                   "CAPEC",
+                                   "SCP"])->dict:
+    base = {
+        "meta":
+            {
+                "edition":"ecommerce",
+                "component":"mappings",
+                "language":"ALL",
+                "version":CORNUCOPIA_VERSION
+                },
+            }
+    for indx, suit in enumerate(source_file.copy()["suits"]):
+        for card_indx,card in enumerate(suit["cards"]):
+            cre = card["cre"][0]
+            response = requests.get(make_cre_link(cre))
+            if response.status_code == 200:
+                cre_object = response.json().get("data")
+                for standard in standards_to_add:
+                    for link in cre_object.get("links"):
+                        if link.get("document").get("name") == standard:
+                            source_file["suits"][indx]["cards"][card_indx][standard]=link.get("document").get("sectionID")
+            else:
+                print(f"could not find CRE {cre}, status code {response.status_code}")                        
+
+    base["suits"] = source_file["suits"]
+    return base
+
+def generate_qr_images(existing_mappings:dict,directory_path:str):
+    for suit in existing_mappings["suits"]:
+        for card in suit["cards"]:
+            cre = card["cre"][0]
+            link = make_cre_link(cre,frontend=True)
+            print(f"making qr code for {cre}")
+            img = qrcode.make(link, image_factory=qrcode.image.svg.SvgImage)
+            with open(f"{directory_path}/{cre}","wb") as f:
+                img.save(f)
+
+def main():
+    global opencre_base_url,opencre_rest_url
+    parser = argparse.ArgumentParser(description='generate mappings')
+    parser.add_argument('-c','--cres', help='Where to find the file mapping cornucopia to CREs', required=True)
+    parser.add_argument('-t','--target', help='Path where to store the result')
+    parser.add_argument('-s','--staging',action='store_true', help='If provided will use staging.opencre.org instead of opencre.org')
+    parser.add_argument('-q','--qr_images', help='If provided will populate the target dir with qr image pointing to every cre')
+    args = vars(parser.parse_args())
+    if args["staging"]:
+        print("Using staging.opencre.org")
+        opencre_base_url = "https://staging.opencre.org"
+        opencre_rest_url = "https://staging.opencre.org/rest/v1"
+    with open(args["cres"]) as f:
+        mappings = yaml.safe_load(f)
+        if args["target"]:
+            ecommerce = produce_ecommerce_mappings(mappings)
+            with open(args["target"],"w") as ef:
+                yaml.safe_dump(ecommerce, ef)
+        if args["qr_images"]:
+            generate_qr_images(mappings,args["qr_images"])
+
+if __name__ == "__main__":
+    main()
diff --git a/source/cre-mappings.yaml b/source/cre-mappings.yaml
@@ -0,0 +1,234 @@
+meta:
+  component: mappings
+  edition: ecommerce
+  language: ALL
+  version: '1.20'
+suits:
+- cards:
+  - cre:
+    - 308-515
+    value: '2'
+  - cre:
+    - 010-308
+    value: '3'
+  - cre:
+    - 064-808
+    value: '4'
+  - cre:
+    - 161-451
+    value: '5'
+  - cre:
+    - 848-711
+    value: '6'
+  - cre:
+    - 538-446
+    value: '7'
+  - cre:
+    - 764-765
+    value: '8'
+  - cre:
+    - 118-602
+    value: '9'
+  - cre:
+    - 650-560
+    value: '10'
+  - cre:
+    - 848-711
+    value: J
+  - cre:
+    - 161-451
+    value: Q
+  - cre:
+    - 760-764
+    value: K
+  name: Data validation & encoding
+- cards:
+  - cre:
+    - 138-448
+    value: '2'
+  - cre:
+    - 223-780
+    value: '3'
+  - cre:
+    - 224-321
+    value: '4'
+  - cre:
+    - 774-888
+    value: '5'
+  - cre:
+    - 581-525
+    value: '6'
+  - cre:
+    - 270-568
+    value: '7'
+  - cre:
+    - 166-151
+    value: '8'
+  - cre:
+    - 258-115
+    value: '9'
+  - cre:
+    - 113-133
+    value: '10'
+  - cre:
+    - 146-556
+    value: J
+  - cre:
+    - 146-556
+    value: Q
+  - cre:
+    - 633-428
+    value: K
+  name: Authentication
+- cards:
+  - cre:
+    - 716-526
+    value: '2'
+  - cre:
+    - 177-260
+    value: '3'
+  - cre:
+    - 177-260
+    value: '4'
+  - cre:
+    - 716-526
+    value: '5'
+  - cre:
+    - 470-731
+    value: '6'
+  - cre:
+    - 457-165
+    value: '7'
+  - cre:
+    - 470-731
+    value: '8'
+  - cre:
+    - 177-260
+    value: '9'
+  - cre:
+    - 060-472
+    value: '10'
+  - cre:
+    - 060-472
+    value: J
+  - cre:
+    - 576-042
+    value: Q
+  - cre:
+    - 177-260
+    value: K
+  name: Session management
+- cards:
+  - cre:
+    - 657-084
+    value: '2'
+  - cre:
+    - 330-281
+    value: '3'
+  - cre:
+    - 284-521
+    value: '4'
+  - cre:
+    - 284-521
+    value: '5'
+  - cre:
+    - 284-521
+    value: '6'
+  - cre:
+    - 284-521
+    value: '7'
+  - cre:
+    - 576-042
+    value: '8'
+  - cre:
+    - 854-643
+    value: '9'
+  - cre:
+    - 128-128
+    value: '10'
+  - cre:
+    - 308-515
+    value: J
+  - cre:
+    - 857-718
+    value: Q
+  - cre:
+    - 284-521
+    value: K
+  name: Authorization
+- cards:
+  - cre:
+    - 504-340
+    value: '2'
+  - cre:
+    - 762-616
+    value: '3'
+  - cre:
+    - 504-340
+    value: '4'
+  - cre:
+    - 036-810
+    value: '5'
+  - cre:
+    - 504-340
+    value: '6'
+  - cre:
+    - 504-340
+    value: '7'
+  - cre:
+    - 400-007
+    value: '8'
+  - cre:
+    - 664-571
+    value: '9'
+  - cre:
+    - 002-801
+    value: '10'
+  - cre:
+    - 223-780
+    value: J
+  - cre:
+    - 223-780
+    value: Q
+  - cre:
+    - 170-772
+    value: K
+  name: Cryptography
+- cards:
+  - cre:
+    - 724-770
+    value: '2'
+  - cre:
+    - 308-515
+    value: '3'
+  - cre:
+    - 184-284
+    value: '4'
+  - cre: 
+    - 155-155
+    value: '5'
+  - cre:
+    - 513-183
+    value: '6'
+  - cre:
+    - 402-706
+    value: '7'
+  - cre:
+    - 724-770
+    value: '8'
+  - cre:
+    - 152-725
+    value: '9'
+  - cre:
+    - 613-285
+    value: '10'
+  - cre:
+    - 180-488
+    value: J
+  - cre:
+    - 132-146
+    value: Q
+  - cre:
+    - 623-550
+    value: K
+  name: Cornucopia
diff --git a/tests/scripts/gen_mappings_utest.py b/tests/scripts/gen_mappings_utest.py
@@ -0,0 +1,20 @@
+import unittest
+from scripts import gen_mappings as gm
+
+
+if "unittest.util" in __import__("sys").modules:
+    # Show full diff in self.assertEqual.
+    __import__("sys").modules["unittest.util"]._MAX_LENGTH = 999999999
+
+
+class TestProduceEcommerceMappings(unittest.TestCase):
+
+    def test_can_add_one_standard(self):
+        input = {'suits': [{'cards': [{'cre': ['308-515'], 'value': '2'}], 'name': 'Data validation & encoding'}, {'cards': [{'cre': ['138-448'], 'value': '2'}], 'name': 'Session management'}]}
+        standards = ['ASVS']
+        expected = {'meta': {'component': 'mappings','edition': 'ecommerce','language': 'ALL','version': '1.20'},'suits': [{'cards': [{'cre': ['308-515'], 'value': '2'}],'name': 'Data validation & encoding'},{'cards': [{'ASVS': 'V2.3.3', 'cre': ['138-448'], 'value': '2'}],            'name': 'Session management'}]}
+
+        self.assertEqual(gm.produce_ecommerce_mappings(input,standards),expected)
+
+if __name__ == "__main__":
+    unittest.main()