'owaspTop10-2021': ['a', 'b'],
'pciDss-3.2': ['a', 'b'],
'pciDss-4.0': ['a', 'b'],
+ 'owaspAsvs-4.0': ['2'],
projects: ['a', 'b'],
resolutions: ['a', 'b'],
resolved: true,
'owaspTop10-2021': 'a,b',
'pciDss-3.2': 'a,b',
'pciDss-4.0': 'a,b',
+ 'owaspAsvs-4.0': '2',
projects: 'a,b',
resolutions: 'a,b',
rules: 'a,b',
"inNewCodePeriod": false,
"issues": Array [],
"languages": Array [],
+ "owaspAsvs-4.0": Array [],
"owaspTop10": Array [],
"owaspTop10-2021": Array [],
"pciDss-3.2": Array [],
cwe: {},
sonarsourceSecurity: {},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
}
};
cwe,
sonarsourceSecurity,
'pciDss-3.2': pciDss3_2,
- 'pciDss-4.0': pciDss4_0
+ 'pciDss-4.0': pciDss4_0,
+ 'owaspAsvs-4.0': owaspAsvs4_0
}: Standards) => {
if (this.mounted) {
this.setState({
cwe,
sonarsourceSecurity,
'pciDss-3.2': pciDss3_2,
- 'pciDss-4.0': pciDss4_0
+ 'pciDss-4.0': pciDss4_0,
+ 'owaspAsvs-4.0': owaspAsvs4_0
}
});
}
import { Dict, Issue, Paging, RawQuery } from '../../types/types';
import { UserBase } from '../../types/users';
+const OWASP_ASVS_4_0 = 'owaspAsvs-4.0';
+
export interface Query {
assigned: boolean;
assignees: string[];
'owaspTop10-2021': string[];
'pciDss-3.2': string[];
'pciDss-4.0': string[];
+ [OWASP_ASVS_4_0]: string[];
projects: string[];
resolutions: string[];
resolved: boolean;
'owaspTop10-2021': parseAsArray(query['owaspTop10-2021'], parseAsString),
'pciDss-3.2': parseAsArray(query['pciDss-3.2'], parseAsString),
'pciDss-4.0': parseAsArray(query['pciDss-4.0'], parseAsString),
+ [OWASP_ASVS_4_0]: parseAsArray(query[OWASP_ASVS_4_0], parseAsString),
projects: parseAsArray(query.projects, parseAsString),
resolutions: parseAsArray(query.resolutions, parseAsString),
resolved: parseAsBoolean(query.resolved),
'owaspTop10-2021': serializeStringArray(query['owaspTop10-2021']),
'pciDss-3.2': serializeStringArray(query['pciDss-3.2']),
'pciDss-4.0': serializeStringArray(query['pciDss-4.0']),
+ [OWASP_ASVS_4_0]: serializeStringArray(query[OWASP_ASVS_4_0]),
projects: serializeStringArray(query.projects),
resolutions: serializeStringArray(query.resolutions),
resolved: query.resolved ? undefined : 'false',
locations.length >= selectedLocationIndex
) {
return locations[selectedLocationIndex];
- } else {
- return undefined;
}
+ return undefined;
}
export function allLocationsEmpty(
[SecurityStandard.SONARSOURCE]: {},
[SecurityStandard.CWE]: {},
[SecurityStandard.PCI_DSS_3_2]: {},
- [SecurityStandard.PCI_DSS_4_0]: {}
+ [SecurityStandard.PCI_DSS_4_0]: {},
+ [SecurityStandard.OWASP_ASVS_4_0]: {}
},
filters: {
...this.constructFiltersFromProps(props),
[SecurityStandard.OWASP_TOP10_2021]: undefined,
[SecurityStandard.PCI_DSS_3_2]: undefined,
[SecurityStandard.PCI_DSS_4_0]: undefined,
+ [SecurityStandard.OWASP_ASVS_4_0]: undefined,
file: undefined
}
});
standards={
Object {
"cwe": Object {},
+ "owaspAsvs-4.0": Object {},
"owaspTop10": Object {},
"owaspTop10-2021": Object {},
"pciDss-3.2": Object {},
"title": "No CWE associated",
},
},
+ "owaspAsvs-4.0": Object {
+ "1": Object {
+ "title": "New OWASP ASVS cat 1",
+ },
+ },
"owaspTop10": Object {
"a1": Object {
"title": "Injection",
"title": "No CWE associated",
},
},
+ "owaspAsvs-4.0": Object {
+ "1": Object {
+ "title": "New OWASP ASVS cat 1",
+ },
+ },
"owaspTop10": Object {
"a1": Object {
"title": "Injection",
sansTop25: {},
sonarsourceSecurity: {},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
}}
{...props}
/>
import { flatten, groupBy, sortBy } from 'lodash';
import {
renderCWECategory,
+ renderOwaspAsvs40Category,
renderOwaspTop102021Category,
renderOwaspTop10Category,
renderPciDss32Category,
SecurityStandard.SANS_TOP25,
SecurityStandard.CWE,
SecurityStandard.PCI_DSS_3_2,
- SecurityStandard.PCI_DSS_4_0
+ SecurityStandard.PCI_DSS_4_0,
+ SecurityStandard.OWASP_ASVS_4_0
];
export const SECURITY_STANDARD_RENDERER = {
[SecurityStandard.SONARSOURCE]: renderSonarSourceSecurityCategory,
[SecurityStandard.CWE]: renderCWECategory,
[SecurityStandard.PCI_DSS_3_2]: renderPciDss32Category,
- [SecurityStandard.PCI_DSS_4_0]: renderPciDss40Category
+ [SecurityStandard.PCI_DSS_4_0]: renderPciDss40Category,
+ [SecurityStandard.OWASP_ASVS_4_0]: renderOwaspAsvs40Category
};
export function mapRules(rules: Array<{ key: string; name: string }>): Dict<string> {
import { Standards } from '../../types/security';
import {
renderCWECategory,
+ renderOwaspAsvs40Category,
renderOwaspTop102021Category,
renderOwaspTop10Category,
renderPciDss32Category,
sansTop25: {},
sonarsourceSecurity: {},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
};
it('should render cwe categories correctly', () => {
expect(renderCWECategory(standards, '1004')).toEqual(
sansTop25: {},
sonarsourceSecurity: {},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
};
it('should render owasp categories correctly', () => {
expect(renderOwaspTop10Category(standards, 'a1')).toEqual('A1 - Injection');
sansTop25: {},
sonarsourceSecurity: {},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
};
it('should render owasp categories correctly', () => {
expect(renderOwaspTop102021Category(standards, 'a1')).toEqual('A1 - Injection');
title: 'Install and maintain a firewall configuration to protect cardholder data'
}
},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
};
it('should render Pci Dss 3.2 correctly', () => {
expect(renderPciDss32Category(standards, '1')).toEqual(
'1': {
title: 'Install and maintain a firewall configuration to protect cardholder data'
}
- }
+ },
+ 'owaspAsvs-4.0': {}
};
it('should render Pci Dss 4.0 correctly', () => {
expect(renderPciDss40Category(standards, '1')).toEqual(
});
});
+describe('renderOwaspAsvs40Category', () => {
+ const standards: Standards = {
+ cwe: {},
+ owaspTop10: {},
+ 'owaspTop10-2021': {},
+ sansTop25: {},
+ sonarsourceSecurity: {},
+ 'pciDss-3.2': {},
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {
+ '1': {
+ title: 'Main category'
+ },
+ '1.1': {
+ title: 'Sub category',
+ level: '2'
+ }
+ }
+ };
+ it('should render OwaspAsvs 4.0 correctly', () => {
+ expect(renderOwaspAsvs40Category(standards, '1')).toEqual('1 - Main category');
+ expect(renderOwaspAsvs40Category(standards, '1.1')).toEqual('1.1 - Sub category (Level 2)');
+ });
+});
+
describe('renderSansTop25Category', () => {
const standards: Standards = {
cwe: {},
},
sonarsourceSecurity: {},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
};
it('should render sans categories correctly', () => {
expect(renderSansTop25Category(standards, 'insecure-interaction')).toEqual(
}
},
'pciDss-3.2': {},
- 'pciDss-4.0': {}
+ 'pciDss-4.0': {},
+ 'owaspAsvs-4.0': {}
};
it('should render sonarsource categories correctly', () => {
expect(renderSonarSourceSecurityCategory(standards, 'xss')).toEqual(
'2': {
title: 'This is useless...'
}
+ },
+ 'owaspAsvs-4.0': {
+ '1': {
+ title: 'New OWASP ASVS cat 1'
+ }
}
};
}
return `${category} - ${record.title}`;
}
+export function renderOwaspAsvs40Category(standards: Standards, category: string): string {
+ const record = standards['owaspAsvs-4.0'][category];
+ if (!record) {
+ return category;
+ }
+ const levelInfo = record.level ? ` (Level ${record.level})` : '';
+ return `${category} - ${record.title}${levelInfo}`;
+}
+
function addPrefix(title: string, prefix: string, withPrefix: boolean) {
return withPrefix ? `${prefix} ${title}` : title;
}
SecurityStandard.SANS_TOP25,
SecurityStandard.CWE,
SecurityStandard.PCI_DSS_3_2,
- SecurityStandard.PCI_DSS_4_0
+ SecurityStandard.PCI_DSS_4_0,
+ SecurityStandard.OWASP_ASVS_4_0
])
}),
hash: ''
SONARSOURCE = 'sonarsourceSecurity',
CWE = 'cwe',
PCI_DSS_3_2 = 'pciDss-3.2',
- PCI_DSS_4_0 = 'pciDss-4.0'
+ PCI_DSS_4_0 = 'pciDss-4.0',
+ OWASP_ASVS_4_0 = 'owaspAsvs-4.0'
}
export type StandardType = SecurityStandard;
export type Standards = {
- [key in StandardType]: Dict<{ title: string; description?: string }>;
+ [key in StandardType]: Dict<{ title: string; description?: string; level?: string }>;
};
projects / sonarqube.git / commitdiff