-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hdf2ckl severity #5866
Hdf2ckl severity #5866
Conversation
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see my inline comments
libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts
Outdated
Show resolved
Hide resolved
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently the behavior is severity if it's there, otherwise fallback to impact.
What happens if there is a security override coming from a ckl? What should the behavior be then? I think the behavior should be the override if it's there, then the severity, then fallback to impact.
What should we do about the severity override justification? Should that be shown in the details tab?
Questions for @ejaronne
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
a08b5de
to
62cedce
Compare
One last behavioral change was made here: |
Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: kemley76 <kemley@mitre.org>
…verity Signed-off-by: kemley76 <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
Signed-off-by: Kaden Emley <kemley@mitre.org>
5577f51
to
65237ef
Compare
This pull request has a conflict. Could you fix it @kemley76? |
Signed-off-by: Kaden Emley <kemley@mitre.org>
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ready to merge
* use severity tag in hdf2ckl mapping Signed-off-by: kemley76 <kemley@mitre.org> * use default values in severity check Signed-off-by: kemley76 <kemley@mitre.org> * update hdf2ckl test Signed-off-by: kemley76 <kemley@mitre.org> * fix inconsistencies with how severity is computed and displayed Signed-off-by: kemley76 <kemley@mitre.org> * linting Signed-off-by: kemley76 <kemley@mitre.org> * add clarifying comments for severity computation Signed-off-by: kemley76 <kemley@mitre.org> * update ckl2hdf tests * remove unecessary lowercase conversion Signed-off-by: kemley76 <kemley@mitre.org> * show severityoverride and severity justification in details panel Signed-off-by: kemley76 <kemley@mitre.org> * severity override info displayed in results table Signed-off-by: kemley76 <kemley@mitre.org> * format results view impact column to show severity as well Signed-off-by: kemley76 <kemley@mitre.org> * linting Signed-off-by: kemley76 <kemley@mitre.org> * added severity and severity overrides to hdf2ckl and ckl2hdf Signed-off-by: kemley76 <kemley@mitre.org> * ensure severity low and critical get mapped properly in hdf2ckl Signed-off-by: kemley76 <kemley@mitre.org> * fix fallbacks in ControlRowHeader for showing severity override Signed-off-by: kemley76 <kemley@mitre.org> * linting Signed-off-by: kemley76 <kemley@mitre.org> * split impact and severity into two columns Signed-off-by: kemley76 <kemley@mitre.org> * linting Signed-off-by: kemley76 <kemley@mitre.org> * add information labels on severity and impact table headers Signed-off-by: kemley76 <kemley@mitre.org> * linting Signed-off-by: kemley76 <kemley@mitre.org> * add visual spacing between delta and severity level for overridden severity Signed-off-by: kemley76 <kemley@mitre.org> * update impact ranges for results table header tooltip Signed-off-by: kemley76 <kemley@mitre.org> * removed transparancy from v-tooltip backgrounds Signed-off-by: Kaden Emley <kemley@mitre.org> * refactor checklist mapper to use result type when parsing Json Signed-off-by: Kaden Emley <kemley@mitre.org> * use severity form Third_Party_Tools section if present upon ckl2hdf Signed-off-by: Kaden Emley <kemley@mitre.org> * ensure that impact is computed using computed severity upon ckl2hdf Signed-off-by: Kaden Emley <kemley@mitre.org> * add data to ckl thirdPartyTools to ensure hdf's severity and impact are preserved Signed-off-by: Kaden Emley <kemley@mitre.org> * add severityoverride tag to control when impact and severity differ Signed-off-by: Kaden Emley <kemley@mitre.org> * recombine severity into impact column and indicate if they differ Signed-off-by: Kaden Emley <kemley@mitre.org> * linting Signed-off-by: Kaden Emley <kemley@mitre.org> * add ability to filter controls by the presence of specific tags Signed-off-by: Kaden Emley <kemley@mitre.org> * create InfoCardRow component to alert user to any severity overrides Signed-off-by: Kaden Emley <kemley@mitre.org> * bring back severity column Signed-off-by: Kaden Emley <kemley@mitre.org> * linting Signed-off-by: Kaden Emley <kemley@mitre.org> * remove impact column, only showing severity Signed-off-by: Kaden Emley <kemley@mitre.org> * revert changes to include severityoverride when severity and impact differ Signed-off-by: Kaden Emley <kemley@mitre.org> * ensure hdf to ckl to hdf doesn't add extra metadata Signed-off-by: Kaden Emley <kemley@mitre.org> * update hdf2ckl test Signed-off-by: Kaden Emley <kemley@mitre.org> * linting Signed-off-by: Kaden Emley <kemley@mitre.org> * remove extra code leftover from removed impact column Signed-off-by: Kaden Emley <kemley@mitre.org> * removed ts specific code tested in frontend test that caused error Signed-off-by: Kaden Emley <kemley@mitre.org> * linting Signed-off-by: Kaden Emley <kemley@mitre.org> * updated ckl2hdf tests to consider third party tools Signed-off-by: Kaden Emley <kemley@mitre.org> * add checklist with overrides file to sample files Signed-off-by: Kaden Emley <kemley@mitre.org> * expanded checklist override test to include non-overridden vuln severities Signed-off-by: Kaden Emley <kemley@mitre.org> * added frontend test to ensure severity overrides can be filtered properly Signed-off-by: Kaden Emley <kemley@mitre.org> * add cypress test to ensure severity override lables appear Signed-off-by: Kaden Emley <kemley@mitre.org> * clean up vue logic for severity override display Signed-off-by: Kaden Emley <kemley@mitre.org> * account for non-lowercase severity tags Signed-off-by: Kaden Emley <kemley@mitre.org> * remove unneeded code bits Signed-off-by: Kaden Emley <kemley@mitre.org> * fix sample loading in cypress test Signed-off-by: Kaden Emley <kemley@mitre.org> * fix hdf2checklist third party tools computation Signed-off-by: Kaden Emley <kemley@mitre.org> * update control search help menu with tag filter Signed-off-by: Kaden Emley <kemley@mitre.org> * fixed issue with critical severity being lost in hdf to ckl to hdf Signed-off-by: Kaden Emley <kemley@mitre.org> * fix logic and complexity of hdf2ckl addHdfSpecificData Signed-off-by: Kaden Emley <kemley@mitre.org> * linting Signed-off-by: Kaden Emley <kemley@mitre.org> * accounted for possiblity of nil severity tag when doing hdf2ckl Signed-off-by: Kaden Emley <kemley@mitre.org> * add severity name constants in inspecJs as utility Signed-off-by: Kaden Emley <kemley@mitre.org> * added test util for version replacement for ckl and xccdf reverse testing Signed-off-by: Kaden Emley <kemley@mitre.org> * add parseJson to util file with better return type Signed-off-by: Kaden Emley <kemley@mitre.org> * relocate ckl2hdf helper function Signed-off-by: Kaden Emley <kemley@mitre.org> * refactor hdf2ckl computeImpact to use standard util function Signed-off-by: Kaden Emley <kemley@mitre.org> * remove redundant 'active-class' in results table's chips Signed-off-by: Kaden Emley <kemley@mitre.org> * fix weird autoformating instances in vue Signed-off-by: Kaden Emley <kemley@mitre.org> * fix comment typo Signed-off-by: Kaden Emley <kemley@mitre.org> * fix messed up test in checklist reverse mapper Signed-off-by: Kaden Emley <kemley@mitre.org> * fix typo Co-authored-by: Amndeep Singh Mann <amann@mitre.org> * refactored to remove unecessary type casting Signed-off-by: Kaden Emley <kemley@mitre.org> * use more representative type for JSON parse output Signed-off-by: Kaden Emley <kemley@mitre.org> * simplify ckl mapper helper function Signed-off-by: Kaden Emley <kemley@mitre.org> * linting Signed-off-by: Kaden Emley <kemley@mitre.org> * remove unused imports Signed-off-by: Kaden Emley <kemley@mitre.org> * export inspecJS function for converting impact into severity Signed-off-by: Kaden Emley <kemley@mitre.org> * restart CI --------- Signed-off-by: kemley76 <kemley@mitre.org> Signed-off-by: Kaden Emley <kemley@mitre.org> Co-authored-by: Amndeep Singh Mann <amann@mitre.org> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Fix to #5842.