Skip to content

Commit

Permalink
Merge branch 'intuitem:main' into nzism
Browse files Browse the repository at this point in the history
  • Loading branch information
@Coffee-007
Coffee-007 authored Aug 3, 2024
2 parents 0d4f578 + baa612d commit 83e9c50
Show file tree
Hide file tree
Showing 138 changed files with 55,003 additions and 22,488 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/frontend-coverage.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,15 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Install latest npm
- name: Install latest pnpm
working-directory: ${{env.working-directory}}
run: |
npm install -g npm &&
npm --version &&
npm list -g --depth 0
npm install -g pnpm &&
pnpm --version &&
pnpm list -g --depth 0
- name: Install dependencies
working-directory: ${{env.working-directory}}
run: npm ci
run: pnpm i --frozen-lockfile
- name: Run coverage
working-directory: ${{env.working-directory}}
run: npm run coverage
run: pnpm run coverage
10 changes: 5 additions & 5 deletions .github/workflows/frontend-unit-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,12 @@ jobs:
- name: Install latest npm
working-directory: ${{env.working-directory}}
run: |
npm install -g npm &&
npm --version &&
npm list -g --depth 0
npm install -g pnpm &&
pnpm --version &&
pnpm list -g --depth 0
- name: Install dependencies
working-directory: ${{env.working-directory}}
run: npm ci
run: pnpm i --frozen-lockfile
- name: Run tests
working-directory: ${{env.working-directory}}
run: npm run test:ci
run: pnpm run test:ci
4 changes: 2 additions & 2 deletions .github/workflows/functional-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ jobs:
- name: Install dependencies
working-directory: ${{ env.working-directory }}
run: |
npm install
npm ci
npm install -g pnpm
pnpm i --frozen-lockfile
- name: Install Playwright browser ${{ matrix.playwright-browser }}
working-directory: ${{ env.working-directory }}
run: npx playwright install --with-deps ${{ matrix.playwright-browser }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/startup-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ jobs:
- name: Install dependencies
working-directory: ${{ env.working-directory }}
run: |
npm install
npm ci
npm install -g pnpm
pnpm i --frozen-lockfile
- name: Install Playwright Browsers
working-directory: ${{ env.working-directory }}
run: npx playwright install --with-deps
Expand Down Expand Up @@ -101,8 +101,8 @@ jobs:
- name: Install dependencies
working-directory: ${{ env.working-directory }}
run: |
npm install
npm ci
npm install -g pnpm
pnpm i --frozen-lockfile
- name: Install Playwright Browsers
working-directory: ${{ env.working-directory }}
run: npx playwright install --with-deps
Expand Down
10 changes: 7 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant
6. PCI DSS 4.0 💳
7. CMMC v2 🇺🇸
8. PSPF 🇦🇺
9. GDPR checklist from GDPR.EU 🇪🇺
9. General Data Protection Regulation (GDPR): Full text and checklist from GDPR.EU 🇪🇺
10. Essential Eight 🇦🇺
11. NYDFS 500 with 2023-11 amendments 🇺🇸
12. DORA 🇪🇺
Expand Down Expand Up @@ -141,7 +141,10 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant
47. Operational Technology Cybersecurity Controls (OTCC) 🇸🇦
48. Secure Controls Framework (SCF) 🇺🇸🌐
49. NCSC Cyber Assessment Framework (CAF) 🇬🇧
50. California Consumer Privacy Act (CCPA) 🇺🇸☀️
50. California Consumer Privacy Act (CCPA) 🇺🇸
51. California Consumer Privacy Act Regulations 🇺🇸
52. NCSC Cyber Essentials 🇬🇧
53. Directive Nationale de la Sécurité des Systèmes d'Information (DNSSI) Maroc 🇲🇦

### Community contributions

Expand All @@ -163,7 +166,6 @@ Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the

### Coming soon

- NCSC Cyber Essentials
- Part-IS
- NIST 800-82
- Korea ISA: ISMS-P
Expand All @@ -179,6 +181,8 @@ Take a look at the `tools` directory and its dedicated readme. The `convert_libr

You can also find some specific converters in the tools directory (e.g. for CIS or CCM Controls).

There is also a tool to facilitate the creation of mappings, called `prepare_mapping.py` that will create an Excel file based on two framework libraries in yaml. Once properly filled, this Excel file can be processed by the `convert_library.py` tool to get the resulting mapping library.

## Community

Join our [open Discord community](https://discord.gg/qvkaMdQ8da) to interact with the team and other GRC experts.
Expand Down
220 changes: 134 additions & 86 deletions backend/app_tests/api/test_api_risk_scenarios.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,50 +18,98 @@
RISK_SCENARIO_DESCRIPTION = "Test Description"
RISK_SCENARIO_existing_controls = "Test Existing Controls"
RISK_SCENARIO_existing_controls2 = "Test New Existing Controls"
RISK_SCENARIO_CURRENT_PROBABILITIES = (2, "High")
RISK_SCENARIO_CURRENT_PROBABILITIES2 = (1, "Medium")
RISK_SCENARIO_CURRENT_IMPACT = (2, "High")
RISK_SCENARIO_CURRENT_IMPACT2 = (1, "Medium")
RISK_SCENARIO_CURRENT_LEVEL = (
2,
{
"abbreviation": "H",
"name": "High",
"description": "unacceptable risk",
"hexcolor": "#FF0000",
},
)
RISK_SCENARIO_CURRENT_LEVEL2 = (
1,
{
"abbreviation": "M",
"name": "Medium",
"description": "risk requiring mitigation within 2 years",
"hexcolor": "#FFFF00",
},
)
RISK_SCENARIO_RESIDUAL_PROBABILITIES = (1, "Medium")
RISK_SCENARIO_RESIDUAL_PROBABILITIES2 = (0, "Low")
RISK_SCENARIO_RESIDUAL_IMPACT = (1, "Medium")
RISK_SCENARIO_RESIDUAL_IMPACT2 = (0, "Low")
RISK_SCENARIO_RESIDUAL_LEVEL = (
1,
{
"abbreviation": "M",
"name": "Medium",
"description": "risk requiring mitigation within 2 years",
"hexcolor": "#FFFF00",
},
)
RISK_SCENARIO_RESIDUAL_LEVEL2 = (
0,
{
"abbreviation": "L",
"name": "Low",
"description": "acceptable risk",
"hexcolor": "#00FF00",
},
)
RISK_SCENARIO_CURRENT_PROBABILITIES = {
"value": 2,
"abbreviation": "H",
"name": "High",
"description": "Frequent event",
"hexcolor": "#FF0000",
}

RISK_SCENARIO_CURRENT_PROBABILITIES2 = {
"value": 1,
"abbreviation": "M",
"name": "Medium",
"description": "Occasional event",
"hexcolor": "#FFFF00",
}

RISK_SCENARIO_CURRENT_IMPACT = {
"value": 2,
"abbreviation": "H",
"name": "High",
"description": "High impact",
"hexcolor": "#FF0000",
}

RISK_SCENARIO_CURRENT_IMPACT2 = {
"value": 1,
"abbreviation": "M",
"name": "Medium",
"description": "Medium impact",
"hexcolor": "#FFFF00",
}

RISK_SCENARIO_CURRENT_LEVEL = {
"value": 2,
"abbreviation": "H",
"name": "High",
"description": "unacceptable risk",
"hexcolor": "#FF0000",
}
RISK_SCENARIO_CURRENT_LEVEL2 = {
"value": 1,
"abbreviation": "M",
"name": "Medium",
"description": "risk requiring mitigation within 2 years",
"hexcolor": "#FFFF00",
}

RISK_SCENARIO_RESIDUAL_PROBABILITIES = {
"value": 1,
"abbreviation": "M",
"name": "Medium",
"description": "Occasional event",
"hexcolor": "#FFFF00",
}
RISK_SCENARIO_RESIDUAL_PROBABILITIES2 = {
"value": 0,
"abbreviation": "L",
"name": "Low",
"description": "Unfrequent event",
"hexcolor": "#92D050",
}

RISK_SCENARIO_RESIDUAL_IMPACT = {
"value": 1,
"abbreviation": "M",
"name": "Medium",
"description": "Medium impact",
"hexcolor": "#FFFF00",
}

RISK_SCENARIO_RESIDUAL_IMPACT2 = {
"value": 0,
"abbreviation": "L",
"name": "Low",
"description": "Low impact",
"hexcolor": "#92D050",
}

RISK_SCENARIO_RESIDUAL_LEVEL = {
"value": 1,
"abbreviation": "M",
"name": "Medium",
"description": "risk requiring mitigation within 2 years",
"hexcolor": "#FFFF00",
}
RISK_SCENARIO_RESIDUAL_LEVEL2 = {
"value": 0,
"abbreviation": "L",
"name": "Low",
"description": "acceptable risk",
"hexcolor": "#00FF00",
}
RISK_SCENARIO_TREATMENT_STATUS = ("accept", "Accept")
RISK_SCENARIO_TREATMENT_STATUS2 = ("mitigate", "Mitigate")
RISK_SCENARIO_JUSTIFICATION = "Test justification"
Expand Down Expand Up @@ -176,24 +224,24 @@ def test_get_risk_scenarios(self, test):
"name": RISK_SCENARIO_NAME,
"description": RISK_SCENARIO_DESCRIPTION,
"existing_controls": RISK_SCENARIO_existing_controls[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES[0],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT[0],
"current_level": RISK_SCENARIO_CURRENT_LEVEL[0],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES[0],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT[0],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES["value"],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT["value"],
"current_level": RISK_SCENARIO_CURRENT_LEVEL["value"],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES["value"],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT["value"],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL["value"],
"treatment": RISK_SCENARIO_TREATMENT_STATUS[0],
"justification": RISK_SCENARIO_JUSTIFICATION,
"risk_assessment": risk_assessment,
"threats": [threat],
},
{
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES[1],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT[1],
"current_level": RISK_SCENARIO_CURRENT_LEVEL[1],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES[1],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT[1],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL[1],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES,
"current_impact": RISK_SCENARIO_CURRENT_IMPACT,
"current_level": RISK_SCENARIO_CURRENT_LEVEL,
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES,
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT,
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL,
"treatment": RISK_SCENARIO_TREATMENT_STATUS[1],
"risk_assessment": {
"id": str(risk_assessment.id),
Expand Down Expand Up @@ -233,12 +281,12 @@ def test_create_risk_scenarios(self, test):
"name": RISK_SCENARIO_NAME,
"description": RISK_SCENARIO_DESCRIPTION,
"existing_controls": RISK_SCENARIO_existing_controls[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES[0],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT[0],
"current_level": RISK_SCENARIO_CURRENT_LEVEL[0],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES[0],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT[0],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES["value"],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT["value"],
"current_level": RISK_SCENARIO_CURRENT_LEVEL["value"],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES["value"],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT["value"],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL["value"],
"treatment": RISK_SCENARIO_TREATMENT_STATUS[0],
"justification": RISK_SCENARIO_JUSTIFICATION,
"risk_assessment": str(risk_assessment.id),
Expand All @@ -247,12 +295,12 @@ def test_create_risk_scenarios(self, test):
"applied_controls": [str(applied_controls.id)],
},
{
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES[1],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT[1],
"current_level": RISK_SCENARIO_CURRENT_LEVEL[1],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES[1],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT[1],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL[1],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES,
"current_impact": RISK_SCENARIO_CURRENT_IMPACT,
"current_level": RISK_SCENARIO_CURRENT_LEVEL,
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES,
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT,
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL,
"treatment": RISK_SCENARIO_TREATMENT_STATUS[1],
"risk_assessment": {
"id": str(risk_assessment.id),
Expand Down Expand Up @@ -302,12 +350,12 @@ def test_update_risk_scenarios(self, test):
"name": RISK_SCENARIO_NAME,
"description": RISK_SCENARIO_DESCRIPTION,
"existing_controls": RISK_SCENARIO_existing_controls[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES[0],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT[0],
"current_level": RISK_SCENARIO_CURRENT_LEVEL[0],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES[0],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT[0],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES["value"],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT["value"],
"current_level": RISK_SCENARIO_CURRENT_LEVEL["value"],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES["value"],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT["value"],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL["value"],
"treatment": RISK_SCENARIO_TREATMENT_STATUS[0],
"justification": RISK_SCENARIO_JUSTIFICATION,
"risk_assessment": risk_assessment,
Expand All @@ -317,12 +365,12 @@ def test_update_risk_scenarios(self, test):
"name": "new " + RISK_SCENARIO_NAME,
"description": "new " + RISK_SCENARIO_DESCRIPTION,
"existing_controls": RISK_SCENARIO_existing_controls2[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES2[0],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT2[0],
"current_level": RISK_SCENARIO_CURRENT_LEVEL2[0],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES2[0],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT2[0],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL2[0],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES2["value"],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT2["value"],
"current_level": RISK_SCENARIO_CURRENT_LEVEL2["value"],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES2["value"],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT2["value"],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL2["value"],
"treatment": RISK_SCENARIO_TREATMENT_STATUS2[0],
"justification": "new " + RISK_SCENARIO_JUSTIFICATION,
"risk_assessment": str(risk_assessment2.id),
Expand All @@ -331,12 +379,12 @@ def test_update_risk_scenarios(self, test):
"applied_controls": [str(applied_controls.id)],
},
{
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES[1],
"current_impact": RISK_SCENARIO_CURRENT_IMPACT[1],
"current_level": RISK_SCENARIO_CURRENT_LEVEL[1],
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES[1],
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT[1],
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL[1],
"current_proba": RISK_SCENARIO_CURRENT_PROBABILITIES,
"current_impact": RISK_SCENARIO_CURRENT_IMPACT,
"current_level": RISK_SCENARIO_CURRENT_LEVEL,
"residual_proba": RISK_SCENARIO_RESIDUAL_PROBABILITIES,
"residual_impact": RISK_SCENARIO_RESIDUAL_IMPACT,
"residual_level": RISK_SCENARIO_RESIDUAL_LEVEL,
"treatment": RISK_SCENARIO_TREATMENT_STATUS[1],
"risk_assessment": {
"id": str(risk_assessment.id),
Expand Down
Loading

0 comments on commit 83e9c50

Please sign in to comment.