From d9b6e9997636b32a059ab20b2fa3d2d9cd1ceab8 Mon Sep 17 00:00:00 2001
From: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Date: Wed, 27 Dec 2023 22:02:12 +0530
Subject: [PATCH 1/2] feat: Auto generate README.md file

Signed-off-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
---
 Makefile        |  2 ++
 README.md       | 42 ++++++++++++++++++-------
 intent.example  | 10 ++++++
 tools/footer.md | 12 ++++++++
 tools/gendoc.sh | 82 +++++++++++++++++++++++++++++++++++++++++++++++++
 tools/header.md | 20 ++++++++++++
 6 files changed, 157 insertions(+), 11 deletions(-)
 create mode 100644 Makefile
 create mode 100644 intent.example
 create mode 100644 tools/footer.md
 create mode 100755 tools/gendoc.sh
 create mode 100644 tools/header.md

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..948884b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,2 @@
+all:
+	@./tools/gendoc.sh
diff --git a/README.md b/README.md
index b21e7f5..907d861 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,7 @@
+<!-- THIS IS AN AUTO-GENERATED FILE by ./tools/gendoc.sh. DO NOT EDIT MANUALLY -->
+
 # Security Intents for Intent Driven Security
+![CI status](https://github.com/5GSEC/security-intents/actions/workflows/ci-verify.yml/badge.svg)
 
 Repository to hold Security Intents in standard template format.
 
@@ -6,14 +9,31 @@ Repository to hold Security Intents in standard template format.
 
 ## Security Intent Template
 
-| Threat Scenario | (Scenario title) |
-|:---------------:|------------------------|
-| **Description** | (Detailed description of the scenario) |
-| **Severity** | High/Medium/Low |
-| **O-RAN Threat ID** | (mapping to Threat IDs defined in O-RAN WG11 Threat Model document) |
-| **Detection Methods** | Mechanisms to detect the threat |
-| **Mitigation Methods** | Mechanisms to mitigate the threat |
-| **Security Intent** | YAML |
-| **Security Intent Binding** | (Set of labels, annotations describing workloads who would be impacted by this threat) |
-| **Pre-Deployment considerations** | (Anything that can be done in CI/CD pipelines that can alleviate this threat) |
-| **References** | |
+|          Threat Scenario          | (Scenario title)                                                                       |
+|:---------------------------------:|----------------------------------------------------------------------------------------|
+|          **Description**          | (Detailed description of the scenario)                                                 |
+|           **Severity**            | High/Medium/Low                                                                        |
+|        **O-RAN Threat ID**        | (mapping to Threat IDs defined in O-RAN WG11 Threat Model document)                    |
+|       **Detection Methods**       | Mechanisms to detect the threat                                                        |
+|      **Mitigation Methods**       | Mechanisms to mitigate the threat                                                      |
+|        **Security Intent**        | YAML                                                                                   |
+|    **Security Intent Binding**    | (Set of labels, annotations describing workloads who would be impacted by this threat) |
+| **Pre-Deployment considerations** | (Anything that can be done in CI/CD pipelines that can alleviate this threat)          |
+|          **References**           |                                                                                        |
+
+## Security Intents
+| Title | Description | Severity | O-RAN Threat ID | Detection Methods | Mitigation Methods | Security Intent | Security Intent Binding | Pre-Deployment considerations | References |
+|:-----:|-------------|----------|-----------------|-------------------|--------------------|-----------------|-------------------------|-------------------------------|------------|
+
+## Contributions welcome...
+
+### Adding a new Security Intent
+
+1. Fork and clone this repository
+2. Create `security-intent-name.yaml` and `security-intent-binding-name.yaml` files
+3. Copy the `intent.example` file and update it accordingly
+   ```shell
+   cp intent.example intent
+    ```
+4. Run `make`
+5. Raise a PR
diff --git a/intent.example b/intent.example
new file mode 100644
index 0000000..03b3b26
--- /dev/null
+++ b/intent.example
@@ -0,0 +1,10 @@
+TITLE="Scenario-title"
+DESCRIPTION="Detailed description of the scenario"
+SEVERITY=High/Medium/Low
+THREAT_ID="mapping to Threat IDs defined in O-RAN WG11 Threat Model document"
+DETECTION_METHODS="Mechanisms to detect the threat"
+MITIGATION_METHODS="Mechanisms to mitigate the threat"
+SI_FILE=sample-si.yaml
+SIB_FILE=sample-si-binding.yaml
+PRE_DEPLOYMENT_CONSIDERATIONS="Anything that can be done in CI/CD pipelines that can alleviate this threat"
+REFERENCES="ref1, ref2"
diff --git a/tools/footer.md b/tools/footer.md
new file mode 100644
index 0000000..d4b731b
--- /dev/null
+++ b/tools/footer.md
@@ -0,0 +1,12 @@
+## Contributions welcome...
+
+### Adding a new Security Intent
+
+1. Fork and clone this repository
+2. Create `security-intent-name.yaml` and `security-intent-binding-name.yaml` files
+3. Copy the `intent.example` file and update it accordingly
+   ```shell
+   cp intent.example intent
+    ```
+4. Run `make`
+5. Raise a PR
diff --git a/tools/gendoc.sh b/tools/gendoc.sh
new file mode 100755
index 0000000..2c2e2b7
--- /dev/null
+++ b/tools/gendoc.sh
@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+INTENTS_DIR=res/intents
+HDR_MD=$(dirname $0)/header.md
+FTR_MD=$(dirname $0)/footer.md
+MD="README.md"
+
+statusLine() {
+  ORANGE="\033[0;33m"
+  RED="\033[0;31m"
+  GREEN="\033[0;32m"
+  NC="\033[0m" # No Color
+
+  status=$1
+  shift
+  [[ $status == AOK ]] || [[ $status == "0" ]] &&
+    {
+      printf "[${GREEN}OK${NC}] $*\n"
+      return
+    }
+  [[ $status == WARN ]] &&
+    {
+      printf "[${ORANGE}WARN${NC}] $*\n"
+      return
+    }
+  printf "[${RED}FAIL${NC}] $*\n"
+  exit 1
+}
+
+cleanup() {
+  if [[ -f intent ]]; then
+    . intent
+    rm -f intent $SI_FILE $SIB_FILE
+    statusLine AOK "done with processing"
+  fi
+}
+
+copyContents() {
+  [[ -f intent ]] && {
+    . intent
+    mkdir -p $INTENTS_DIR/$TITLE
+    cp intent $SI_FILE $SIB_FILE $INTENTS_DIR/$TITLE
+  }
+}
+
+addCommonEntries() {
+  CUR_INTENT_DIR=$INTENTS_DIR/$TITLE
+  cat >>${MD} <<EOF
+  | [$TITLE]($CUR_INTENT_DIR) | $DESCRIPTION | $SEVERITY | $THREAT_ID | $DETECTION_METHODS | $MITIGATION_METHODS | [file]($CUR_INTENT_DIR/$SI_FILE) | [file]($CUR_INTENT_DIR/$SIB_FILE) | $PRE_DEPLOYMENT_CONSIDERATIONS | $REFERENCES |
+EOF
+}
+
+forEveryIntent() {
+  [[ "$1" == "" ]] && statusLine ERR "invalid use of forEveryIntent"
+  if [[ -d $INTENTS_DIR ]]; then
+    while read dir; do
+      . $dir/intent
+      $1
+    done < <(find $INTENTS_DIR -mindepth 1 -maxdepth 1 -type d | sort)
+  fi
+}
+
+main() {
+  cat >$MD <<EOF
+<!-- THIS IS AN AUTO-GENERATED FILE by $0. DO NOT EDIT MANUALLY -->
+
+$(cat $HDR_MD)
+
+## Security Intents
+| Title | Description | Severity | O-RAN Threat ID | Detection Methods | Mitigation Methods | Security Intent | Security Intent Binding | Pre-Deployment considerations | References |
+|:-----:|-------------|----------|-----------------|-------------------|--------------------|-----------------|-------------------------|-------------------------------|------------|
+EOF
+  copyContents
+  forEveryIntent addCommonEntries
+  cat >>"$MD" <<EOF
+
+$(cat $FTR_MD)
+EOF
+  cleanup
+}
+
+main
diff --git a/tools/header.md b/tools/header.md
new file mode 100644
index 0000000..4e2a931
--- /dev/null
+++ b/tools/header.md
@@ -0,0 +1,20 @@
+# Security Intents for Intent Driven Security
+![CI status](https://github.com/5GSEC/security-intents/actions/workflows/ci-verify.yml/badge.svg)
+
+Repository to hold Security Intents in standard template format.
+
+![](res/nimbus.png)
+
+## Security Intent Template
+
+|          Threat Scenario          | (Scenario title)                                                                       |
+|:---------------------------------:|----------------------------------------------------------------------------------------|
+|          **Description**          | (Detailed description of the scenario)                                                 |
+|           **Severity**            | High/Medium/Low                                                                        |
+|        **O-RAN Threat ID**        | (mapping to Threat IDs defined in O-RAN WG11 Threat Model document)                    |
+|       **Detection Methods**       | Mechanisms to detect the threat                                                        |
+|      **Mitigation Methods**       | Mechanisms to mitigate the threat                                                      |
+|        **Security Intent**        | YAML                                                                                   |
+|    **Security Intent Binding**    | (Set of labels, annotations describing workloads who would be impacted by this threat) |
+| **Pre-Deployment considerations** | (Anything that can be done in CI/CD pipelines that can alleviate this threat)          |
+|          **References**           |                                                                                        |

From dc7e6938e6d1127a03fe88b65610600087b6b305 Mon Sep 17 00:00:00 2001
From: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Date: Wed, 27 Dec 2023 22:35:30 +0530
Subject: [PATCH 2/2] feat(ci): Create ci-verify.yaml

Signed-off-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
---
 .github/workflows/ci-verify.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/ci-verify.yml

diff --git a/.github/workflows/ci-verify.yml b/.github/workflows/ci-verify.yml
new file mode 100644
index 0000000..7af5764
--- /dev/null
+++ b/.github/workflows/ci-verify.yml
@@ -0,0 +1,22 @@
+name: CI-Verify
+
+on:
+  push:
+    branches: [ main]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  check-readme-updated:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+
+      - name: Do Make
+        run: make
+      - name: Check if README.md is updated
+        run: |
+          git diff | cat
+          val=$(git diff | wc -l) && [[ $val -ne 0 ]] && echo "Changes not updated. Run make and raise PR with any modified/added files" && exit 1
+          echo "All Good" && exit 0