Merge pull request #3 from anurag-rajawat/feat/auto-gen

feat: Auto generate README.md file

.github/workflows/ci-verify.yml

@@ -0,0 +1,22 @@
+name: CI-Verify
+
+on:
+  push:
+    branches: [ main]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  check-readme-updated:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+
+      - name: Do Make
+        run: make
+      - name: Check if README.md is updated
+        run: |
+          git diff | cat
+          val=$(git diff | wc -l) && [[ $val -ne 0 ]] && echo "Changes not updated. Run make and raise PR with any modified/added files" && exit 1
+          echo "All Good" && exit 0

Makefile

@@ -0,0 +1,2 @@
+all:
+	@./tools/gendoc.sh

README.md

@@ -1,19 +1,39 @@
+<!-- THIS IS AN AUTO-GENERATED FILE by ./tools/gendoc.sh. DO NOT EDIT MANUALLY -->
+
 # Security Intents for Intent Driven Security
+![CI status](https://github.com/5GSEC/security-intents/actions/workflows/ci-verify.yml/badge.svg)
 
 Repository to hold Security Intents in standard template format.
 
 ![](res/nimbus.png)
 
 ## Security Intent Template
 
-| Threat Scenario | (Scenario title) |
-|:---------------:|------------------------|
-| **Description** | (Detailed description of the scenario) |
-| **Severity** | High/Medium/Low |
-| **O-RAN Threat ID** | (mapping to Threat IDs defined in O-RAN WG11 Threat Model document) |
-| **Detection Methods** | Mechanisms to detect the threat |
-| **Mitigation Methods** | Mechanisms to mitigate the threat |
-| **Security Intent** | YAML |
-| **Security Intent Binding** | (Set of labels, annotations describing workloads who would be impacted by this threat) |
-| **Pre-Deployment considerations** | (Anything that can be done in CI/CD pipelines that can alleviate this threat) |
-| **References** | |
+|          Threat Scenario          | (Scenario title)                                                                       |
+|:---------------------------------:|----------------------------------------------------------------------------------------|
+|          **Description**          | (Detailed description of the scenario)                                                 |
+|           **Severity**            | High/Medium/Low                                                                        |
+|        **O-RAN Threat ID**        | (mapping to Threat IDs defined in O-RAN WG11 Threat Model document)                    |
+|       **Detection Methods**       | Mechanisms to detect the threat                                                        |
+|      **Mitigation Methods**       | Mechanisms to mitigate the threat                                                      |
+|        **Security Intent**        | YAML                                                                                   |
+|    **Security Intent Binding**    | (Set of labels, annotations describing workloads who would be impacted by this threat) |
+| **Pre-Deployment considerations** | (Anything that can be done in CI/CD pipelines that can alleviate this threat)          |
+|          **References**           |                                                                                        |
+
+## Security Intents
+| Title | Description | Severity | O-RAN Threat ID | Detection Methods | Mitigation Methods | Security Intent | Security Intent Binding | Pre-Deployment considerations | References |
+|:-----:|-------------|----------|-----------------|-------------------|--------------------|-----------------|-------------------------|-------------------------------|------------|
+
+## Contributions welcome...
+
+### Adding a new Security Intent
+
+1. Fork and clone this repository
+2. Create `security-intent-name.yaml` and `security-intent-binding-name.yaml` files
+3. Copy the `intent.example` file and update it accordingly
+   ```shell
+   cp intent.example intent
+    ```
+4. Run `make`
+5. Raise a PR

intent.example

@@ -0,0 +1,10 @@
+TITLE="Scenario-title"
+DESCRIPTION="Detailed description of the scenario"
+SEVERITY=High/Medium/Low
+THREAT_ID="mapping to Threat IDs defined in O-RAN WG11 Threat Model document"
+DETECTION_METHODS="Mechanisms to detect the threat"
+MITIGATION_METHODS="Mechanisms to mitigate the threat"
+SI_FILE=sample-si.yaml
+SIB_FILE=sample-si-binding.yaml
+PRE_DEPLOYMENT_CONSIDERATIONS="Anything that can be done in CI/CD pipelines that can alleviate this threat"
+REFERENCES="ref1, ref2"

tools/footer.md

@@ -0,0 +1,12 @@
+## Contributions welcome...
+
+### Adding a new Security Intent
+
+1. Fork and clone this repository
+2. Create `security-intent-name.yaml` and `security-intent-binding-name.yaml` files
+3. Copy the `intent.example` file and update it accordingly
+   ```shell
+   cp intent.example intent
+    ```
+4. Run `make`
+5. Raise a PR

tools/gendoc.sh

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+INTENTS_DIR=res/intents
+HDR_MD=$(dirname $0)/header.md
+FTR_MD=$(dirname $0)/footer.md
+MD="README.md"
+
+statusLine() {
+  ORANGE="\033[0;33m"
+  RED="\033[0;31m"
+  GREEN="\033[0;32m"
+  NC="\033[0m" # No Color
+
+  status=$1
+  shift
+  [[ $status == AOK ]] || [[ $status == "0" ]] &&
+    {
+      printf "[${GREEN}OK${NC}] $*\n"
+      return
+    }
+  [[ $status == WARN ]] &&
+    {
+      printf "[${ORANGE}WARN${NC}] $*\n"
+      return
+    }
+  printf "[${RED}FAIL${NC}] $*\n"
+  exit 1
+}
+
+cleanup() {
+  if [[ -f intent ]]; then
+    . intent
+    rm -f intent $SI_FILE $SIB_FILE
+    statusLine AOK "done with processing"
+  fi
+}
+
+copyContents() {
+  [[ -f intent ]] && {
+    . intent
+    mkdir -p $INTENTS_DIR/$TITLE
+    cp intent $SI_FILE $SIB_FILE $INTENTS_DIR/$TITLE
+  }
+}
+
+addCommonEntries() {
+  CUR_INTENT_DIR=$INTENTS_DIR/$TITLE
+  cat >>${MD} <<EOF
+  | [$TITLE]($CUR_INTENT_DIR) | $DESCRIPTION | $SEVERITY | $THREAT_ID | $DETECTION_METHODS | $MITIGATION_METHODS | [file]($CUR_INTENT_DIR/$SI_FILE) | [file]($CUR_INTENT_DIR/$SIB_FILE) | $PRE_DEPLOYMENT_CONSIDERATIONS | $REFERENCES |
+EOF
+}
+
+forEveryIntent() {
+  [[ "$1" == "" ]] && statusLine ERR "invalid use of forEveryIntent"
+  if [[ -d $INTENTS_DIR ]]; then
+    while read dir; do
+      . $dir/intent
+      $1
+    done < <(find $INTENTS_DIR -mindepth 1 -maxdepth 1 -type d | sort)
+  fi
+}
+
+main() {
+  cat >$MD <<EOF
+<!-- THIS IS AN AUTO-GENERATED FILE by $0. DO NOT EDIT MANUALLY -->
+
+$(cat $HDR_MD)
+
+## Security Intents
+| Title | Description | Severity | O-RAN Threat ID | Detection Methods | Mitigation Methods | Security Intent | Security Intent Binding | Pre-Deployment considerations | References |
+|:-----:|-------------|----------|-----------------|-------------------|--------------------|-----------------|-------------------------|-------------------------------|------------|
+EOF
+  copyContents
+  forEveryIntent addCommonEntries
+  cat >>"$MD" <<EOF
+
+$(cat $FTR_MD)
+EOF
+  cleanup
+}
+
+main

tools/header.md

@@ -0,0 +1,20 @@
+# Security Intents for Intent Driven Security
+![CI status](https://github.com/5GSEC/security-intents/actions/workflows/ci-verify.yml/badge.svg)
+
+Repository to hold Security Intents in standard template format.
+
+![](res/nimbus.png)
+
+## Security Intent Template
+
+|          Threat Scenario          | (Scenario title)                                                                       |
+|:---------------------------------:|----------------------------------------------------------------------------------------|
+|          **Description**          | (Detailed description of the scenario)                                                 |
+|           **Severity**            | High/Medium/Low                                                                        |
+|        **O-RAN Threat ID**        | (mapping to Threat IDs defined in O-RAN WG11 Threat Model document)                    |
+|       **Detection Methods**       | Mechanisms to detect the threat                                                        |
+|      **Mitigation Methods**       | Mechanisms to mitigate the threat                                                      |
+|        **Security Intent**        | YAML                                                                                   |
+|    **Security Intent Binding**    | (Set of labels, annotations describing workloads who would be impacted by this threat) |
+| **Pre-Deployment considerations** | (Anything that can be done in CI/CD pipelines that can alleviate this threat)          |
+|          **References**           |                                                                                        |