Merge pull request #36 from wurstbrot/feat/meta

wurstbrot · web-flow · commit d69ea042da84 · 2021-02-03T17:52:39.000+01:00
Add meta info
diff --git a/data.php b/data.php
@@ -3,7 +3,8 @@
 
 $files = scandir("data");
 
-function readYaml($file) {
+function readYaml($file)
+{
     return yaml_parse(
         file_get_contents($file)
     );
@@ -28,19 +29,19 @@ function readYaml($file) {
     }
 }
 
-if(array_key_exists("performed", $_GET)) {
+if (array_key_exists("performed", $_GET)) {
     $showPerformed = $_GET['performed'];
- 
-    if($showPerformed != "true") $showPerformed = false;
-}else {
+
+    if ($showPerformed != "true") $showPerformed = false;
+} else {
     $showPerformed = false;
 }
 
-if(array_key_exists("planned", $_GET)) {
+if (array_key_exists("planned", $_GET)) {
     $showPlanned = $_GET['planned'];
 
-    if($showPlanned != "true") $showPlanned = false;
-}else {
+    if ($showPlanned != "true") $showPlanned = false;
+} else {
     $showPlanned = false;
 }
 $filteredDimensions = array();
@@ -49,25 +50,25 @@ function readYaml($file) {
     foreach ($subDimension as $subDimensionName => $elements) {
         $newElements = $elements;
         ksort($newElements);
-        foreach($newElements as $activityName => $activity) {
-            if(elementIsSelected($activityName) && !$showPerformed) {
+        foreach ($newElements as $activityName => $activity) {
+            if (elementIsSelected($activityName) && !$showPerformed) {
                 continue;
             }
 
-            if(!elementIsSelected($activityName) && !$showPlanned) {
+            if (!elementIsSelected($activityName) && !$showPlanned) {
                 continue;
-            } 
+            }
             $filteredDimensions[$dimensionName][$subDimensionName][$activityName] = $activity;
         }
-        
+
     }
 }
 
 
 function getDifficultyOfImplementationWithDependencies($dimensions, $elementImplementation, &$allElements)
 {
-    if($elementImplementation == null) {
-        return ;
+    if ($elementImplementation == null) {
+        return;
     }
     $knowledge = getKnowledge($elementImplementation);
 
@@ -94,8 +95,8 @@ function getDifficultyOfImplementationWithDependencies($dimensions, $elementImpl
 
 function getDifficultyOfImplementation($dimensions, $elementImplementation)
 {
-    if($elementImplementation == null) {
-        return ;
+    if ($elementImplementation == null) {
+        return;
     }
     $knowledge = getKnowledge($elementImplementation);
 
@@ -131,6 +132,49 @@ function getKnowledge($elementImplementation)
     return $knowledge;
 }
 
+function getElementContentAndCheckExistence($parent, $name)
+{
+    if (array_key_exists($name, $parent)) {
+        return getElementContent($parent[$name]);
+    }
+    return "";
+}
+
+function getElementContent($element)
+{
+    $contentString = "";
+    if (is_array($element)) {
+        if (isAssoc($element)) {
+            foreach ($element as $title => $elementContent) {
+                $titleWithSpace = preg_replace('/(?<=[a-z])[A-Z]|[A-Z](?=[a-z])/', ' $0', $title);
+                $contentString .= "<b>" . ucfirst($titleWithSpace) . "</b>";
+                $contentString .= "<ul>";
+                if (is_array($elementContent)) {
+                    $contentString .= getElementContent($elementContent);
+                } else
+                    $contentString .= "<li>" . str_replace("\"", "'", $elementContent) . "</li>";
+                $contentString .= "</ul>";
+            }
+
+        } else {
+            $contentString .= "<ul>";
+            foreach ($element as $content) {
+                $contentString .= "<li>" . str_replace("\"", "'", $content) . "</li>";
+            }
+            $contentString .= "</ul>";
+        }
+
+    } else {
+        $contentString = str_replace("\"", "'", $element);
+    }
+    return $contentString;
+}
+
+function isAssoc(array $arr)
+{
+    if (array() === $arr) return false;
+    return array_keys($arr) !== range(0, count($arr) - 1);
+}
 
 function build_table_tooltip($array, $headerWeight = 2)
 {
@@ -139,33 +183,24 @@ function build_table_tooltip($array, $headerWeight = 2)
     $mapResources = $mapTime;
     $mapUsefulness = $mapTime;
 
-    $evidenceContent = "";
-    if(array_key_exists("evidence", $array)) {
-        if( is_array($array['evidence'])) {
-            $evidenceContent .= "<ul>";
-            foreach($array['evidence'] as $content) {
-                $evidenceContent .= "<li>".str_replace("\"", "'", $content) . "</li>";
-            }
-            $evidenceContent .= "</ul>";
-        }else {
-            $evidenceContent = str_replace("\"", "'", $array['evidence']);
-        }
-    }else {
+    getElementContentAndCheckExistence($array, "meta");
+    $evidenceContent = getElementContentAndCheckExistence($array, "evidence");
+    if ($evidenceContent == "") {
         $evidenceContent = "TODO";
     }
 
     $html = "";
     $html .= "<h" . $headerWeight . ">Risk and Opportunity</h$headerWeight>";
     $html .= "<div><b>" . "Risk" . ":</b> " . $array['risk'] . "</div>";
     $html .= "<div><b>" . "Opportunity" . ":</b> " . $array['measure'] . "</div>";
-    if(IS_SHOW_EVIDENCE_TODO || $evidenceContent != "TODO")
-        $html .= "<div><b>" . "Evidence" . ":</b> " . $evidenceContent . "</div>"; 
+    if (IS_SHOW_EVIDENCE_TODO || $evidenceContent != "TODO")
+        $html .= "<div><b>" . "Evidence" . ":</b> " . $evidenceContent . "</div>";
     $html .= "<hr />";
     $html .= "<h$headerWeight>Exploit details</h$headerWeight>";
-    $html .= "<div><b>Usefullness:</b> " . ucfirst($mapUsefulness[$array['usefulness']-1]) . "</div>";
-    $html .= "<div><b>Required knowledge:</b> " . ucfirst($mapKnowLedge[$array['difficultyOfImplementation']['knowledge']-1]) . "</div>";
-    $html .= "<div><b>Required time:</b> " . ucfirst($mapTime[$array['difficultyOfImplementation']['time']-1]) . "</div>";
-    $html .= "<div><b>Required resources (systems):</b> " . ucfirst($mapResources[$array['difficultyOfImplementation']['resources']-1]) . "</div>";
+    $html .= "<div><b>Usefullness:</b> " . ucfirst($mapUsefulness[$array['usefulness'] - 1]) . "</div>";
+    $html .= "<div><b>Required knowledge:</b> " . ucfirst($mapKnowLedge[$array['difficultyOfImplementation']['knowledge'] - 1]) . "</div>";
+    $html .= "<div><b>Required time:</b> " . ucfirst($mapTime[$array['difficultyOfImplementation']['time'] - 1]) . "</div>";
+    $html .= "<div><b>Required resources (systems):</b> " . ucfirst($mapResources[$array['difficultyOfImplementation']['resources'] - 1]) . "</div>";
     return $html;
 }
 
diff --git a/data/BuildandDeployment.yml b/data/BuildandDeployment.yml
@@ -6,13 +6,17 @@ Build:
       libraries or because they are altered during the delivery phase.
     measure: Each step during within the build and testing phase is performed in a separate virtual
       environments, which is destroyed afterward.
+    meta:
+      implementationGuide: Depending on your envirnoment, usage of virtual machines or container technoligy is a good way. After the build, the filesystem should not be used again in other builds.
     difficultyOfImplementation:
       knowledge: 2
       time: 2
       resources: 2
     usefulness: 2
-    level: 4
-    implementation: Docker
+    implementation:
+      - Container technologies and orchestration like Docker, Kubernetes
+      - CI/CD Tools, e.g. Jenkins
+    level: 2
     samm2: i-secure-build|A|2
     iso27001-2017:
       - 14.2.6
@@ -28,7 +32,9 @@ Build:
       resources: 2
     usefulness: 4
     level: 1
-    implementation: "Jenkins, Docker"
+    implementation:
+      - CI/CD Tools, e.g. Jenkins
+      - Container technologies and orchestration like Docker, Kubernetes
     samm2: i-secure-build|A|1
     iso27001-2017:
       - 12.1.1
diff --git a/detail.php b/detail.php
@@ -43,7 +43,7 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep
     echo build_table_tooltip($element, $headerWeight + 1);
     echo "<hr/>";
 
-    if (array_key_exists("dependsOn", $element) || array_key_exists("implementation", $element) || array_key_exists("comment", $element)) {
+    if (array_key_exists("dependsOn", $element) || array_key_exists("implementation", $element) || array_key_exists("comment", $element) || array_key_exists("meta", $element)) {
         echo "<h" . ($headerWeight + 1) . ">Additional Information</h" . ($headerWeight + 1) . ">";
         if (array_key_exists("dependsOn", $element)) {
             $dependsOn = $element['dependsOn'];
@@ -59,6 +59,7 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep
 
             echo "<div><b>Dependencies:</b> $dependencies</div>";
         }
+        echo getElementContentAndCheckExistence($element, "meta");
     }
 
 

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep`
`43`	`43`	`echo build_table_tooltip($element, $headerWeight + 1);`
`44`	`44`	`echo "<hr/>";`
`45`	`45`
`46`		`- if (array_key_exists("dependsOn", $element) \|\| array_key_exists("implementation", $element) \|\| array_key_exists("comment", $element)) {`
	`46`	`+ if (array_key_exists("dependsOn", $element) \|\| array_key_exists("implementation", $element) \|\| array_key_exists("comment", $element) \|\| array_key_exists("meta", $element)) {`
`47`	`47`	`echo "<h" . ($headerWeight + 1) . ">Additional Information</h" . ($headerWeight + 1) . ">";`
`48`	`48`	`if (array_key_exists("dependsOn", $element)) {`
`49`	`49`	`$dependsOn = $element['dependsOn'];`
`@@ -59,6 +59,7 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep`
`59`	`59`
`60`	`60`	`echo "<div><b>Dependencies:</b> $dependencies</div>";`
`61`	`61`	`}`
	`62`	`+ echo getElementContentAndCheckExistence($element, "meta");`
`62`	`63`	`}`
`63`	`64`
`64`	`65`