From 158c69adf695abdcfc0450ae80ad401f9fbf21cd Mon Sep 17 00:00:00 2001 From: Spyros Date: Mon, 2 Oct 2023 15:08:01 +0100 Subject: [PATCH] fix smartlink functionality in case we don't know about a standard (#409) * fix smartlink functionality in case we don't know about a standard * lint and tests fix * lint2 --- .../src/pages/Search/components/BodyText.tsx | 26 +++++++++++-------- .../frontend/src/pages/chatbot/chatbot.tsx | 24 +++++++---------- application/tests/web_main_test.py | 8 +++--- application/web/web_main.py | 10 +++---- 4 files changed, 35 insertions(+), 33 deletions(-) diff --git a/application/frontend/src/pages/Search/components/BodyText.tsx b/application/frontend/src/pages/Search/components/BodyText.tsx index 124e73e50..7e089c105 100644 --- a/application/frontend/src/pages/Search/components/BodyText.tsx +++ b/application/frontend/src/pages/Search/components/BodyText.tsx @@ -25,10 +25,10 @@ export const SearchBody = () => {

- Use OpenCRE Chat to ask any security question (Google account required to maximize queries per minute). In collaboration - with Google, we injected all the standards in OpenCRE into an AI model to create the world's first - security-specialized chatbot. This ensures you get a more reliable answer, and also a reference to a - reputable source. + Use OpenCRE Chat to ask any security question (Google account required to + maximize queries per minute). In collaboration with Google, we injected all the standards in OpenCRE + into an AI model to create the world's first security-specialized chatbot. This ensures you get a more + reliable answer, and also a reference to a reputable source.

HOW?

@@ -48,10 +48,10 @@ export const SearchBody = () => {

WHO?

- OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van - der Veer, who joined forces to tackle the complexities and segmentation in current security standards - and guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp - Top 10 project. OpenCRE is an open-source platform overseen by the OWASP foundation through the + OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van der Veer, + who joined forces to tackle the complexities and segmentation in current security standards and + guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp Top + 10 project. OpenCRE is an open-source platform overseen by the OWASP foundation through the OWASP Integration standard project . The goal is to foster better coordination among security initiatives.

@@ -61,8 +61,8 @@ export const SearchBody = () => { Cloud Control Matrix, ISO27001, ISO27002, and NIST SSDF).

- Contact us via (rob.vanderveer [at] owasp.org) for any questions, remarks or to join the movement. Currently, a stakeholder group is - being formed. + Contact us via (rob.vanderveer [at] owasp.org) for any questions, remarks or to join the movement. + Currently, a stakeholder group is being formed.

For more details, see this @@ -72,7 +72,11 @@ export const SearchBody = () => { OpenCRE explanation document{' '} , follow our - LinkedIn page , click the diagram below, or browse our catalogue textually or graphically. + LinkedIn page , click the diagram below, or{' '} + + browse our catalogue textually or graphically + + .

diff --git a/application/frontend/src/pages/chatbot/chatbot.tsx b/application/frontend/src/pages/chatbot/chatbot.tsx index 228258eb5..47b66dca2 100644 --- a/application/frontend/src/pages/chatbot/chatbot.tsx +++ b/application/frontend/src/pages/chatbot/chatbot.tsx @@ -1,7 +1,7 @@ import './chatbot.scss'; -import DOMPurify,{sanitize} from 'dompurify'; -import {marked} from 'marked'; +import DOMPurify, { sanitize } from 'dompurify'; +import { marked } from 'marked'; import React, { createElement, useEffect, useState } from 'react'; import { Prism as SyntaxHighlighter } from 'react-syntax-highlighter'; import { oneLight } from 'react-syntax-highlighter/dist/esm/styles/prism'; @@ -13,7 +13,6 @@ import { useEnvironment } from '../../hooks'; import { Document } from '../../types'; export const Chatbot = () => { - type chatMessage = { timestamp: string; role: string; @@ -64,12 +63,12 @@ export const Chatbot = () => { for (const txt of responses) { if (i % 2 == 0) { res.push( -

- ) + ); } else { res.push({txt}); } @@ -171,9 +170,7 @@ export const Chatbot = () => { {m.role} - - {m.timestamp} - + {m.timestamp} {processResponse(m.message)} {m.data @@ -187,9 +184,8 @@ export const Chatbot = () => { Note: The content of OpenCRE could not be used to answer your question, as no matching standard was found. The answer therefore has no reference and - needs to be regarded as less reliable. Try rephrasing your question, - use similar topics, or{' '} - OpenCRE search. + needs to be regarded as less reliable. Try rephrasing your question, use + similar topics, or OpenCRE search. )} diff --git a/application/tests/web_main_test.py b/application/tests/web_main_test.py index 30f870c6f..f35492168 100644 --- a/application/tests/web_main_test.py +++ b/application/tests/web_main_test.py @@ -557,7 +557,7 @@ def test_smartlink(self) -> None: self.assertEqual(location, "/node/standard/ASVS/section/v0.1.2") self.assertEqual(302, response.status_code) - # negative test, this cwe does not exist, therefore there is nowhere to redirect to + # negative test, this cwe does not exist, therefore we redirect to Mitre! response = client.get( "/smartlink/standard/CWE/999", headers={"Content-Type": "application/json"}, @@ -566,5 +566,7 @@ def test_smartlink(self) -> None: for head in response.headers: if head[0] == "Location": location = head[1] - self.assertEqual(location, "") - self.assertEqual(404, response.status_code) + self.assertEqual( + location, "https://cwe.mitre.org/data/definitions/999.html" + ) + self.assertEqual(302, response.status_code) diff --git a/application/web/web_main.py b/application/web/web_main.py index 0cfccf9bf..587f88e43 100644 --- a/application/web/web_main.py +++ b/application/web/web_main.py @@ -290,13 +290,13 @@ def smartlink( name: str, ntype: str = defs.Credoctypes.Standard.value, section: str = "" ) -> Any: """if node is found, show node, else redirect""" + # ATTENTION: DO NOT MESS WITH THIS FUNCTIONALITY WITHOUT A TICKET AND CORE CONTRIBUTORS APPROVAL! + # CRITICAL FUNCTIONALITY DEPENDS ON THIS! database = db.Node_collection() opt_version = request.args.get("version") # match ntype to the credoctypes case-insensitive - typ = [t for t in defs.Credoctypes if t.value.lower() == ntype.lower()] - doctype = None - if typ: - doctype = typ[0] + typ = [t.value for t in defs.Credoctypes if t.value.lower() == ntype.lower()] + doctype = None if not typ else typ[0] page = 1 items_per_page = 1 @@ -327,7 +327,7 @@ def smartlink( if found_section_id: return redirect(f"/node/{ntype}/{name}/sectionid/{section}") return redirect(f"/node/{ntype}/{name}/section/{section}") - elif ntype == defs.Credoctypes.Standard.value and redirectors.redirect( + elif doctype == defs.Credoctypes.Standard.value and redirectors.redirect( name, section ): logger.info(