Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix smartlink functionality in case we don't know about a standard #409

Merged
merged 3 commits into from
Oct 2, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 15 additions & 11 deletions application/frontend/src/pages/Search/components/BodyText.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ export const SearchBody = () => {
</b>
</p>
<b>
Use <a href="/chatbot">OpenCRE Chat</a> to ask any security question (Google account required to maximize queries per minute). In collaboration
with Google, we injected all the standards in OpenCRE into an AI model to create the world's first
security-specialized chatbot. This ensures you get a more reliable answer, and also a reference to a
reputable source.
Use <a href="/chatbot">OpenCRE Chat</a> to ask any security question (Google account required to
maximize queries per minute). In collaboration with Google, we injected all the standards in OpenCRE
into an AI model to create the world's first security-specialized chatbot. This ensures you get a more
reliable answer, and also a reference to a reputable source.
</b>
<h2>HOW?</h2>
<p>
Expand All @@ -48,10 +48,10 @@ export const SearchBody = () => {
</p>
<h2>WHO?</h2>
<p>
OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van
der Veer, who joined forces to tackle the complexities and segmentation in current security standards
and guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp
Top 10 project. OpenCRE is an open-source platform overseen by the OWASP foundation through the
OpenCRE is the brainchild of software security professionals Spyros Gasteratos and Rob van der Veer,
who joined forces to tackle the complexities and segmentation in current security standards and
guidelines. They collaborated closely with many initiatives, including SKF, OpenSSF and the Owasp Top
10 project. OpenCRE is an open-source platform overseen by the OWASP foundation through the
<a href="https://owasp.org/www-project-integration-standards/"> OWASP Integration standard project</a>
. The goal is to foster better coordination among security initiatives.
</p>
Expand All @@ -61,8 +61,8 @@ export const SearchBody = () => {
Cloud Control Matrix, ISO27001, ISO27002, and NIST SSDF).
</p>
<p>
Contact us via (rob.vanderveer [at] owasp.org) for any questions, remarks or to join the movement. Currently, a stakeholder group is
being formed.
Contact us via (rob.vanderveer [at] owasp.org) for any questions, remarks or to join the movement.
Currently, a stakeholder group is being formed.
</p>
<p>
For more details, see this
Expand All @@ -72,7 +72,11 @@ export const SearchBody = () => {
OpenCRE explanation document{' '}
</a>
, follow our
<a href="https://www.linkedin.com/company/96695329"> LinkedIn page </a>, click the diagram below, or <a href="https://zeljkoobrenovic.github.io/opencre-explorer/">browse our catalogue textually or graphically</a>.
<a href="https://www.linkedin.com/company/96695329"> LinkedIn page </a>, click the diagram below, or{' '}
<a href="https://zeljkoobrenovic.github.io/opencre-explorer/">
browse our catalogue textually or graphically
</a>
.
</p>

<a href="/opencregraphic2.png" target="_blank">
Expand Down
24 changes: 10 additions & 14 deletions application/frontend/src/pages/chatbot/chatbot.tsx
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import './chatbot.scss';

import DOMPurify,{sanitize} from 'dompurify';
import {marked} from 'marked';
import DOMPurify, { sanitize } from 'dompurify';
import { marked } from 'marked';
import React, { createElement, useEffect, useState } from 'react';
import { Prism as SyntaxHighlighter } from 'react-syntax-highlighter';
import { oneLight } from 'react-syntax-highlighter/dist/esm/styles/prism';
Expand All @@ -13,7 +13,6 @@ import { useEnvironment } from '../../hooks';
import { Document } from '../../types';

export const Chatbot = () => {

type chatMessage = {
timestamp: string;
role: string;
Expand Down Expand Up @@ -64,12 +63,12 @@ export const Chatbot = () => {
for (const txt of responses) {
if (i % 2 == 0) {
res.push(
<p
dangerouslySetInnerHTML={{
__html : sanitize(marked(txt), {USE_PROFILES: {html: true}})
}}
<p
dangerouslySetInnerHTML={{
__html: sanitize(marked(txt), { USE_PROFILES: { html: true } }),
}}
/>
)
);
} else {
res.push(<SyntaxHighlighter style={oneLight}>{txt}</SyntaxHighlighter>);
}
Expand Down Expand Up @@ -171,9 +170,7 @@ export const Chatbot = () => {
<Comment.Content>
<Comment.Author as="b">{m.role}</Comment.Author>
<Comment.Metadata>
<span className="timestamp">
{m.timestamp}
</span>
<span className="timestamp">{m.timestamp}</span>
</Comment.Metadata>
<Comment.Text>{processResponse(m.message)}</Comment.Text>
{m.data
Expand All @@ -187,9 +184,8 @@ export const Chatbot = () => {
<i>
Note: The content of OpenCRE could not be used to answer your question, as
no matching standard was found. The answer therefore has no reference and
needs to be regarded as less reliable. Try rephrasing your question,
use similar topics, or{' '}
<a href="https://opencre.org">OpenCRE search</a>.
needs to be regarded as less reliable. Try rephrasing your question, use
similar topics, or <a href="https://opencre.org">OpenCRE search</a>.
</i>
)}
</Comment.Content>
Expand Down
8 changes: 5 additions & 3 deletions application/tests/web_main_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -557,7 +557,7 @@ def test_smartlink(self) -> None:
self.assertEqual(location, "/node/standard/ASVS/section/v0.1.2")
self.assertEqual(302, response.status_code)

# negative test, this cwe does not exist, therefore there is nowhere to redirect to
# negative test, this cwe does not exist, therefore we redirect to Mitre!
response = client.get(
"/smartlink/standard/CWE/999",
headers={"Content-Type": "application/json"},
Expand All @@ -566,5 +566,7 @@ def test_smartlink(self) -> None:
for head in response.headers:
if head[0] == "Location":
location = head[1]
self.assertEqual(location, "")
self.assertEqual(404, response.status_code)
self.assertEqual(
location, "https://cwe.mitre.org/data/definitions/999.html"
)
self.assertEqual(302, response.status_code)
10 changes: 5 additions & 5 deletions application/web/web_main.py
Original file line number Diff line number Diff line change
Expand Up @@ -290,13 +290,13 @@ def smartlink(
name: str, ntype: str = defs.Credoctypes.Standard.value, section: str = ""
) -> Any:
"""if node is found, show node, else redirect"""
# ATTENTION: DO NOT MESS WITH THIS FUNCTIONALITY WITHOUT A TICKET AND CORE CONTRIBUTORS APPROVAL!
# CRITICAL FUNCTIONALITY DEPENDS ON THIS!
database = db.Node_collection()
opt_version = request.args.get("version")
# match ntype to the credoctypes case-insensitive
typ = [t for t in defs.Credoctypes if t.value.lower() == ntype.lower()]
doctype = None
if typ:
doctype = typ[0]
typ = [t.value for t in defs.Credoctypes if t.value.lower() == ntype.lower()]
doctype = None if not typ else typ[0]

page = 1
items_per_page = 1
Expand Down Expand Up @@ -327,7 +327,7 @@ def smartlink(
if found_section_id:
return redirect(f"/node/{ntype}/{name}/sectionid/{section}")
return redirect(f"/node/{ntype}/{name}/section/{section}")
elif ntype == defs.Credoctypes.Standard.value and redirectors.redirect(
elif doctype == defs.Credoctypes.Standard.value and redirectors.redirect(
name, section
):
logger.info(
Expand Down
Loading