More YAML Parsng in Task Description section

0x41head · 0x41head · commit 930a5a73d3cf · 2022-07-04T14:53:08.000+05:30
diff --git a/src/app/app-routing.module.ts b/src/app/app-routing.module.ts
@@ -3,12 +3,14 @@ import { RouterModule, Routes } from '@angular/router';
 import { CircularHeatmapComponent } from './component/circular-heatmap/circular-heatmap.component';
 import { MainContentComponent } from './component/main-content/main-content.component';
 import { MatrixComponent } from './component/matrix/matrix.component';
+import { TaskDescriptionComponent } from './component/task-description/task-description.component';
 
 
 const routes: Routes = [
   {path: '',component: MainContentComponent},
   {path: 'matrix', component: MatrixComponent},
-  {path: 'circular-heatmap', component: CircularHeatmapComponent}
+  {path: 'circular-heatmap', component: CircularHeatmapComponent},
+  {path: 'task-description', component: TaskDescriptionComponent}
 ];
 
 @NgModule({
diff --git a/src/app/component/task-description/task-description.component.html b/src/app/component/task-description/task-description.component.html
@@ -11,43 +11,43 @@ <h1>{{currentTask.dimension}} -> {{currentTask.subDimension}}: Building and test
                     <b>Description</b>
                 </mat-panel-title>
             </mat-expansion-panel-header>
-            <p [innerHTML]="description"></p>
-            </mat-expansion-panel>
+            <p [innerHTML]="currentTask.description"></p>
+        </mat-expansion-panel>
         <mat-expansion-panel>
             <mat-expansion-panel-header>
                 <mat-panel-title>
                     <b>Risk</b>
                 </mat-panel-title>
             </mat-expansion-panel-header>
-            <p [innerHTML]="risk"></p>
+            <ul *ngFor="let risk of currentTask.risk">
+                <li>{{risk}}</li>
+            </ul>
         </mat-expansion-panel>
         <mat-expansion-panel>
             <mat-expansion-panel-header>
                 <mat-panel-title>
                     <b>Measure</b>
                 </mat-panel-title>
             </mat-expansion-panel-header>
-            <p [innerHTML]="measure"></p>
+            <p [innerHTML]="currentTask.measure"></p>
         </mat-expansion-panel>
         <mat-expansion-panel>
             <mat-expansion-panel-header>
                 <mat-panel-title>
                     <b>Implementation Guide</b>
                 </mat-panel-title>
             </mat-expansion-panel-header>
-            <p>Depending on your environment, usage of virtual machines
-                or container technology is a good way. After the build, the filesystem should
-                not be used again in other builds.</p>
+            <p [innerHTML]="currentTask.implementatonGuide"></p>
         </mat-expansion-panel>
         <mat-expansion-panel>
             <mat-expansion-panel-header>
                 <mat-panel-title>
                     <b>Difficulty Of Implementation</b>
                 </mat-panel-title>
             </mat-expansion-panel-header>
-            <p>Knowledge: 2 </p>
-            <p>Time: 2 </p>
-            <p>Resources: 2 </p>
+            <p>Knowledge: {{this.currentTask.knowledge}} </p>
+            <p>Time: {{this.currentTask.time}} </p>
+            <p>Resources: {{this.currentTask.resources}}</p>
         </mat-expansion-panel>
         <mat-expansion-panel>
             <mat-expansion-panel-header>
@@ -141,23 +141,33 @@ <h1>{{currentTask.dimension}} -> {{currentTask.subDimension}}: Building and test
                                 <b>OWASP SAMM VERSION 2</b>
                             </mat-panel-title>
                         </mat-expansion-panel-header>
-                        <p>
-                            I-SB-2-A 
-                        </p>
+                        <ul *ngFor="let samm of currentTask.samm">
+                            <li>{{samm}}</li>
+                        </ul>
                     </mat-expansion-panel>
                     <mat-expansion-panel>
                         <mat-expansion-panel-header>
                             <mat-panel-title>
                                 <b>ISO27001 2017</b>
                             </mat-panel-title>
                         </mat-expansion-panel-header>
-                        <p>
-                            iso27001-2017:14.2.6
-                        </p>
+                        <ul *ngFor="let iso of currentTask.iso">
+                            <li>{{iso}}</li>
+                        </ul>
                     </mat-expansion-panel>
                 </mat-accordion>
             </p>
         </mat-expansion-panel>
+        <mat-expansion-panel>
+            <mat-expansion-panel-header>
+                <mat-panel-title>
+                    <b>Depends on</b>
+                </mat-panel-title>
+            </mat-expansion-panel-header>
+            <ul *ngFor="let dependency of this.currentTask.dependsOn">
+                <li>{{dependency}}</li>
+            </ul>
+        </mat-expansion-panel>
     </mat-accordion>
 </div>
   
diff --git a/src/app/component/task-description/task-description.component.ts b/src/app/component/task-description/task-description.component.ts
@@ -10,8 +10,15 @@ export interface taskDescription {
   level:string
   taskIndex:number
   description:string
-  risk: string
+  risk: string[]
   measure: string
+  implementatonGuide:string
+  iso:string[]
+  samm:string[]
+  knowledge:number
+  resources:number
+  time:number
+  dependsOn:string[]
 }
 
 @Component({
@@ -21,15 +28,14 @@ export interface taskDescription {
 })
 export class TaskDescriptionComponent implements OnInit {
 
-  currentTask: taskDescription={dimension:'',subDimension:'',level:'',taskIndex:-1,description:'',risk:'',measure:''}
+  currentTask: taskDescription={dimension:'',subDimension:'',level:'',taskIndex:-1,description:'',risk:[],
+                                measure:'',implementatonGuide:'',samm:[''],iso:[''],knowledge:-1,resources:-1,
+                              time:-1,dependsOn:[]}
 
   YamlObject:any;
 
   rowIndex:number=0;
   markdown:md = md()
-  description:any;
-  risk:any;
-  measure:any;
 
   @ViewChildren(MatAccordion) accordion!: QueryList<MatAccordion>;
   constructor(private route: ActivatedRoute,private yaml:ymlService) { }
@@ -59,23 +65,72 @@ export class TaskDescriptionComponent implements OnInit {
       catch{
         console.log('Task does not exist!')
       }
+      var data =this.YamlObject['dimension'][this.rowIndex]['subdimension']
+      [this.currentTask.level][this.currentTask.taskIndex]
+
+
+      this.currentTask.description=this.defineStringValues(data['description'],'')
+      this.currentTask.risk=this.defineStringArrayValues(data['risk'],[])
+      this.currentTask.measure=this.defineStringValues(data['measure'],'')
+      try{
+        data['meta']
+        this.currentTask.implementatonGuide=this.defineStringValues(data['meta']['implementationGuide'],'')
+      }
+      catch{
+        console.log('Meta does not exist')
+      }
+      try{
+        data['difficultyOfImplementation']
+        this.currentTask.knowledge=this.defineIntegerValues(data['difficultyOfImplementation']['knowledge'],-1)
+        this.currentTask.time=this.defineIntegerValues(data['difficultyOfImplementation']['time'],-1)
+        this.currentTask.resources=this.defineIntegerValues(data['difficultyOfImplementation']['resources'],-1)
+      }
+      catch{
+        console.log('difficultyOfImplementation does not exist')
+      }
+      try{
+        data['references']
+        this.currentTask.iso=this.defineStringArrayValues(data['iso27001-2017'],[])
+        this.currentTask.samm=this.defineStringArrayValues(data['samm2'],[])
+      }
+      catch{
+        console.log('references does not exist')
+      }
       
-      this.currentTask.description = this.YamlObject['dimension'][this.rowIndex]['subdimension']
-      [this.currentTask.level][this.currentTask.taskIndex]['description']
-      this.currentTask.risk = this.YamlObject['dimension'][this.rowIndex]['subdimension']
-      [this.currentTask.level][this.currentTask.taskIndex]['risk']
-      this.currentTask.measure = this.YamlObject['dimension'][this.rowIndex]['subdimension']
-      [this.currentTask.level][this.currentTask.taskIndex]['measure']
-      this.measure=this.markdown.render(this.currentTask.measure);
-      this.description=this.markdown.render(this.currentTask.description);
-      this.risk=this.markdown.render(this.currentTask.risk);
+      this.currentTask.dependsOn=this.defineStringArrayValues(data['dependsOn'],[])
+  
+      //console.log(this.measure)
       
-       
-       console.log('ere')
     })
   }
 
+  defineStringValues(dataToCheck:string,valueOfDataIfUndefined:string): string{
+    try{
+      return this.markdown.render(dataToCheck)
+    }
+    catch{
+      return valueOfDataIfUndefined
+    }
+  }
+
+  defineStringArrayValues(dataToCheck:string[],valueOfDataIfUndefined:string[]): string[]{
+    try{
+      return dataToCheck
+    }
+    catch{
+      return valueOfDataIfUndefined
+    }
+  }
 
+  defineIntegerValues(dataToCheck:number,valueOfDataIfUndefined:number): number{
+    try{
+      return dataToCheck
+    }
+    catch{
+      return valueOfDataIfUndefined
+    }
+  }
+  
 
   // Expand all function
   openall(): void{
diff --git a/src/assets/YAML/generated/sample.yaml b/src/assets/YAML/generated/sample.yaml
@@ -37,7 +37,8 @@ dimension:
           - iso27001-2017:14.2.6
           samm2:
           - I-SB-1-A
-        risk: Quality is not visible to everyone, quality checks are distributed or
+        risk: 
+        - Quality is not visible to everyone, quality checks are distributed or
           manually and not deterministic.
         usefulness: 2
       - dependsOn:
@@ -98,12 +99,10 @@ dimension:
           - iso27001-2017:14.2.6
           samm2:
           - I-SB-2-A
-        risk:
-        - 'While building and testing artifacts, third party systems, application frameworks
-
+        risk: 
+        - While building and testing artifacts, third party systems, application frameworks
           and 3rd party libraries are used. These might be malicious as a result of
-
-          vulnerable libraries or because they are altered during the delivery phase.'
+          vulnerable libraries or because they are altered during the delivery phase.
         usefulness: 2
       - comment: The usage of pinning requires a good processes for patching. Therefore,
           choose this activity wisly.
@@ -145,8 +144,7 @@ dimension:
         measure: Creation of an SBOM of components (e.g. application and container image
           content) during build.
         name: SBOM of components
-        risk:
-        - In case a vulnerability of severity high or critical exists, it needs to be
+        risk: In case a vulnerability of severity high or critical exists, it needs to be
           known where an artifacts with that vulnerability is deployed with which dependencies.
         usefulness: 3
       level-3:
@@ -164,7 +162,8 @@ dimension:
         references:
           iso27001-2017:
           - 14.2.6
-          samm2: I-SB-2-A
+          samm2: 
+          - I-SB-2-A
         risk:
         - Unauthorized manipulation of source code might be difficult to spot.
         usefulness: 3
@@ -213,7 +212,8 @@ dimension:
           iso27001-2017:
           - 12.1.1
           - 14.2.2
-          samm2: I-SD-1-A
+          samm2: 
+          - I-SD-1-A
         risk:
         - Deployments without a defined process are error prone thus allowing old or
           untested artifact to be deployed.
@@ -265,7 +265,8 @@ dimension:
         risk:
         - Developers or operations might start random images in the production cluster
           which have malicious code or known vulnerabilities.
-        samm2: I-SD-2-A
+        samm2: 
+        - I-SD-2-A
         usefulness: 3
       - difficultyOfImplementation:
           knowledge: 1
@@ -305,7 +306,8 @@ dimension:
         name: Rolling update on deployment
         risk:
         - While a deployment is performed, the application can not be reached.
-        samm2: I-SD-1-A
+        samm2: 
+        - I-SD-1-A
         usefulness: 2
       - dependsOn:
         - Defined build process
@@ -326,7 +328,8 @@ dimension:
         risk:
         - Building of an artifact for different environments means that an untested
           artifact might reach the production environment.
-        samm2: I-SD-2-A
+        samm2: 
+        - I-SD-2-A
         usefulness: 4
       - dependsOn:
         - Environment depending configuration parameters (secrets)
@@ -347,7 +350,8 @@ dimension:
           - 9.4.3
           - 9.4.1
           - 10.1.2
-          samm2: I-SD-2-B
+          samm2: 
+          - I-SD-2-B
         risk:
         - Attackers who compromise a system can see confidential access information
           like database credentials.
@@ -394,7 +398,8 @@ dimension:
         - In case a vulnerability of severity high or critical exists, it needs to be
           known where an artifacts (e.g. container image) with that vulnerability is
           deployed.
-        samm2: I-SD-2-A
+        samm2: 
+        - I-SD-2-A
         usefulness: 3
       - dependesOn:
         - SBOM of components
@@ -417,7 +422,8 @@ dimension:
         - In case a vulnerability of severity high or critical is known by the organization,
           it needs to be known where an artifacts with that vulnerability is deployed
           with which dependencies.
-        samm2: I-SD-2-A
+        samm2: 
+        - I-SD-2-A
         usefulness: 3
       level-4:
       - dependsOn:
