From 158c69adf695abdcfc0450ae80ad401f9fbf21cd Mon Sep 17 00:00:00 2001
From: Spyros
Date: Mon, 2 Oct 2023 15:08:01 +0100
Subject: [PATCH] fix smartlink functionality in case we don't know about a
standard (#409)
* fix smartlink functionality in case we don't know about a standard
* lint and tests fix
* lint2
---
.../src/pages/Search/components/BodyText.tsx | 26 +++++++++++--------
.../frontend/src/pages/chatbot/chatbot.tsx | 24 +++++++----------
application/tests/web_main_test.py | 8 +++---
application/web/web_main.py | 10 +++----
4 files changed, 35 insertions(+), 33 deletions(-)
diff --git a/application/frontend/src/pages/Search/components/BodyText.tsx b/application/frontend/src/pages/Search/components/BodyText.tsx
index 124e73e50..7e089c105 100644
--- a/application/frontend/src/pages/Search/components/BodyText.tsx
+++ b/application/frontend/src/pages/Search/components/BodyText.tsx
@@ -25,10 +25,10 @@ export const SearchBody = () => {
- Use OpenCRE Chat to ask any security question (Google account required to maximize queries per minute). In collaboration
- with Google, we injected all the standards in OpenCRE into an AI model to create the world's first
- security-specialized chatbot. This ensures you get a more reliable answer, and also a reference to a
- reputable source.
+ Use OpenCRE Chat to ask any security question (Google account required to
+ maximize queries per minute). In collaboration with Google, we injected all the standards in OpenCRE
+ into an AI model to create the world's first security-specialized chatbot. This ensures you get a more
+ reliable answer, and also a reference to a reputable source.
HOW?
@@ -48,10 +48,10 @@ export const SearchBody = () => {
WHO?
- OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van
- der Veer, who joined forces to tackle the complexities and segmentation in current security standards
- and guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp
- Top 10 project. OpenCRE is an open-source platform overseen by the OWASP foundation through the
+ OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van der Veer,
+ who joined forces to tackle the complexities and segmentation in current security standards and
+ guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp Top
+ 10 project. OpenCRE is an open-source platform overseen by the OWASP foundation through the
OWASP Integration standard project
. The goal is to foster better coordination among security initiatives.
@@ -61,8 +61,8 @@ export const SearchBody = () => {
Cloud Control Matrix, ISO27001, ISO27002, and NIST SSDF).
- Contact us via (rob.vanderveer [at] owasp.org) for any questions, remarks or to join the movement. Currently, a stakeholder group is
- being formed.
+ Contact us via (rob.vanderveer [at] owasp.org) for any questions, remarks or to join the movement.
+ Currently, a stakeholder group is being formed.
For more details, see this
@@ -72,7 +72,11 @@ export const SearchBody = () => {
OpenCRE explanation document{' '}
, follow our
- LinkedIn page , click the diagram below, or browse our catalogue textually or graphically.
+ LinkedIn page , click the diagram below, or{' '}
+
+ browse our catalogue textually or graphically
+
+ .
diff --git a/application/frontend/src/pages/chatbot/chatbot.tsx b/application/frontend/src/pages/chatbot/chatbot.tsx
index 228258eb5..47b66dca2 100644
--- a/application/frontend/src/pages/chatbot/chatbot.tsx
+++ b/application/frontend/src/pages/chatbot/chatbot.tsx
@@ -1,7 +1,7 @@
import './chatbot.scss';
-import DOMPurify,{sanitize} from 'dompurify';
-import {marked} from 'marked';
+import DOMPurify, { sanitize } from 'dompurify';
+import { marked } from 'marked';
import React, { createElement, useEffect, useState } from 'react';
import { Prism as SyntaxHighlighter } from 'react-syntax-highlighter';
import { oneLight } from 'react-syntax-highlighter/dist/esm/styles/prism';
@@ -13,7 +13,6 @@ import { useEnvironment } from '../../hooks';
import { Document } from '../../types';
export const Chatbot = () => {
-
type chatMessage = {
timestamp: string;
role: string;
@@ -64,12 +63,12 @@ export const Chatbot = () => {
for (const txt of responses) {
if (i % 2 == 0) {
res.push(
-
- )
+ );
} else {
res.push({txt});
}
@@ -171,9 +170,7 @@ export const Chatbot = () => {
{m.role}
-
- {m.timestamp}
-
+ {m.timestamp}
{processResponse(m.message)}
{m.data
@@ -187,9 +184,8 @@ export const Chatbot = () => {
Note: The content of OpenCRE could not be used to answer your question, as
no matching standard was found. The answer therefore has no reference and
- needs to be regarded as less reliable. Try rephrasing your question,
- use similar topics, or{' '}
- OpenCRE search.
+ needs to be regarded as less reliable. Try rephrasing your question, use
+ similar topics, or OpenCRE search.
)}
diff --git a/application/tests/web_main_test.py b/application/tests/web_main_test.py
index 30f870c6f..f35492168 100644
--- a/application/tests/web_main_test.py
+++ b/application/tests/web_main_test.py
@@ -557,7 +557,7 @@ def test_smartlink(self) -> None:
self.assertEqual(location, "/node/standard/ASVS/section/v0.1.2")
self.assertEqual(302, response.status_code)
- # negative test, this cwe does not exist, therefore there is nowhere to redirect to
+ # negative test, this cwe does not exist, therefore we redirect to Mitre!
response = client.get(
"/smartlink/standard/CWE/999",
headers={"Content-Type": "application/json"},
@@ -566,5 +566,7 @@ def test_smartlink(self) -> None:
for head in response.headers:
if head[0] == "Location":
location = head[1]
- self.assertEqual(location, "")
- self.assertEqual(404, response.status_code)
+ self.assertEqual(
+ location, "https://cwe.mitre.org/data/definitions/999.html"
+ )
+ self.assertEqual(302, response.status_code)
diff --git a/application/web/web_main.py b/application/web/web_main.py
index 0cfccf9bf..587f88e43 100644
--- a/application/web/web_main.py
+++ b/application/web/web_main.py
@@ -290,13 +290,13 @@ def smartlink(
name: str, ntype: str = defs.Credoctypes.Standard.value, section: str = ""
) -> Any:
"""if node is found, show node, else redirect"""
+ # ATTENTION: DO NOT MESS WITH THIS FUNCTIONALITY WITHOUT A TICKET AND CORE CONTRIBUTORS APPROVAL!
+ # CRITICAL FUNCTIONALITY DEPENDS ON THIS!
database = db.Node_collection()
opt_version = request.args.get("version")
# match ntype to the credoctypes case-insensitive
- typ = [t for t in defs.Credoctypes if t.value.lower() == ntype.lower()]
- doctype = None
- if typ:
- doctype = typ[0]
+ typ = [t.value for t in defs.Credoctypes if t.value.lower() == ntype.lower()]
+ doctype = None if not typ else typ[0]
page = 1
items_per_page = 1
@@ -327,7 +327,7 @@ def smartlink(
if found_section_id:
return redirect(f"/node/{ntype}/{name}/sectionid/{section}")
return redirect(f"/node/{ntype}/{name}/section/{section}")
- elif ntype == defs.Credoctypes.Standard.value and redirectors.redirect(
+ elif doctype == defs.Credoctypes.Standard.value and redirectors.redirect(
name, section
):
logger.info(