From 10873a987d6e83aaf16cca16a5d536c23851d66a Mon Sep 17 00:00:00 2001 From: Nassim Tabchiche Date: Wed, 24 Apr 2024 09:26:31 +0200 Subject: [PATCH] chore: Run pre-commit --- .github/workflows/docker-build-and-push.yml | 8 ++--- .github/workflows/functional-tests.yml | 2 +- LICENSE | 2 +- README.md | 2 +- SECURITY.md | 2 +- backend/.dockerignore | 2 +- backend/.gitignore | 2 +- backend/.meta | 2 +- backend/app_tests/test_file.txt | 2 +- backend/ciso_assistant/.meta | 2 +- .../scripts/generate_build_file.sh | 2 +- backend/core/templates/core/base_pdf.html | 2 +- backend/core/templates/core/mp_pdf.html | 2 +- backend/core/templates/core/ra_pdf.html | 2 +- .../registration/first_connexion_email.html | 4 +-- .../registration/password_reset_email.html | 2 +- backend/core/templates/snippets/mp_data.html | 18 +++++----- backend/core/templates/snippets/ra_data.html | 2 +- .../core/templates/snippets/risk_matrix.html | 2 +- .../library/libraries/owasp-top-10-web.yaml | 2 +- docker-compose-build.sh | 2 +- documentation/architecture/data-model.md | 33 +++++++++---------- frontend/project.inlang/project_id | 2 +- frontend/src/lib/assets/ciso.svg | 2 +- .../components/ModelTable/ModelTable.svelte | 2 +- frontend/tests/Dockerfile | 2 +- frontend/tests/utils/test_file.txt | 2 +- git_hooks/post-commit | 2 +- git_hooks/post-merge | 2 +- tools/README.md | 4 +-- tools/aircyber/aircyber.py | 8 ++--- tools/ccm/convert_ccm.py | 4 +-- tools/cis/convert_cis.py | 4 +-- tools/convert_framework.py | 12 +++---- tools/nist/sp-800-66/nist-sp-800-66.py | 2 -- tools/tisax/convert_tisax.py | 12 +++---- 36 files changed, 76 insertions(+), 83 deletions(-) diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 5119fec5b..21bbd018d 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -36,14 +36,14 @@ jobs: run: | echo "VERSION=$(git describe --tags --always)" >> $GITHUB_ENV echo "BUILD=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - + echo "CISO_ASSISTANT_VERSION=$(git describe --tags --always)" > .meta echo "CISO_ASSISTANT_BUILD=$(git rev-parse --short HEAD)" >> .meta - + cp .meta ./backend/ cp .meta ./backend/ciso_assistant/ - - + + - name: Build and Push Backend Docker Image uses: docker/build-push-action@v5 with: diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml index 6564f4ffa..d23126764 100644 --- a/.github/workflows/functional-tests.yml +++ b/.github/workflows/functional-tests.yml @@ -28,7 +28,7 @@ jobs: mailhog: image: mailhog/mailhog ports: [ - "1025:1025", + "1025:1025", "8025:8025" ] diff --git a/LICENSE b/LICENSE index 29ebfa545..0ad25db4b 100644 --- a/LICENSE +++ b/LICENSE @@ -658,4 +658,4 @@ specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see -. \ No newline at end of file +. diff --git a/README.md b/README.md index 706080e7b..5d69bee85 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant
> [!NOTE] -> `*` These frameworks require an extra manual step of getting the latest Excel sheet through their website as their license prevent direct usage. +> `*` These frameworks require an extra manual step of getting the latest Excel sheet through their website as their license prevent direct usage.
diff --git a/SECURITY.md b/SECURITY.md index 47513640c..460a86f3f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,4 +10,4 @@ We typically and primarily support the latest releases of our products for maint If you discover any issue regarding security, please disclose the information responsibly by sending an email to security@intuitem.com and not by creating a GitHub issue. We'll get back to you ASAP and work with you to confirm and plan a fix for the issue. -Please note that we do not currently offer a bug bounty program. \ No newline at end of file +Please note that we do not currently offer a bug bounty program. diff --git a/backend/.dockerignore b/backend/.dockerignore index 320c6e5dd..752f2f3c2 100644 --- a/backend/.dockerignore +++ b/backend/.dockerignore @@ -6,4 +6,4 @@ .pytest* .idea* .dockerignore -Dockerfile \ No newline at end of file +Dockerfile diff --git a/backend/.gitignore b/backend/.gitignore index 2ba5b3ed8..b09bf6396 100644 --- a/backend/.gitignore +++ b/backend/.gitignore @@ -17,4 +17,4 @@ db/django_secret_key db/pg_password.txt ./db/ .coverage -pytest-report.html \ No newline at end of file +pytest-report.html diff --git a/backend/.meta b/backend/.meta index ade2090c5..3c01d68cb 100644 --- a/backend/.meta +++ b/backend/.meta @@ -1,2 +1,2 @@ CISO_ASSISTANT_VERSION=dev -CISO_ASSISTANT_BUILD=dev \ No newline at end of file +CISO_ASSISTANT_BUILD=dev diff --git a/backend/app_tests/test_file.txt b/backend/app_tests/test_file.txt index 9944a9f24..9f4b6d8bf 100644 --- a/backend/app_tests/test_file.txt +++ b/backend/app_tests/test_file.txt @@ -1 +1 @@ -This is a test file \ No newline at end of file +This is a test file diff --git a/backend/ciso_assistant/.meta b/backend/ciso_assistant/.meta index ade2090c5..3c01d68cb 100644 --- a/backend/ciso_assistant/.meta +++ b/backend/ciso_assistant/.meta @@ -1,2 +1,2 @@ CISO_ASSISTANT_VERSION=dev -CISO_ASSISTANT_BUILD=dev \ No newline at end of file +CISO_ASSISTANT_BUILD=dev diff --git a/backend/ciso_assistant/scripts/generate_build_file.sh b/backend/ciso_assistant/scripts/generate_build_file.sh index e3f32f8bb..d1dab073f 100755 --- a/backend/ciso_assistant/scripts/generate_build_file.sh +++ b/backend/ciso_assistant/scripts/generate_build_file.sh @@ -37,4 +37,4 @@ main() { }" } -main "$@" \ No newline at end of file +main "$@" diff --git a/backend/core/templates/core/base_pdf.html b/backend/core/templates/core/base_pdf.html index d9fdaa609..60517e7fb 100644 --- a/backend/core/templates/core/base_pdf.html +++ b/backend/core/templates/core/base_pdf.html @@ -290,4 +290,4 @@ {% block content %}{% endblock %} - \ No newline at end of file + diff --git a/backend/core/templates/core/mp_pdf.html b/backend/core/templates/core/mp_pdf.html index 06f71a746..fb547de38 100644 --- a/backend/core/templates/core/mp_pdf.html +++ b/backend/core/templates/core/mp_pdf.html @@ -1,4 +1,4 @@ {% extends 'core/base_pdf.html' %} {% block content %} {% include 'snippets/mp_data.html' %} -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/backend/core/templates/core/ra_pdf.html b/backend/core/templates/core/ra_pdf.html index 563c5bcb8..995bb6eb0 100644 --- a/backend/core/templates/core/ra_pdf.html +++ b/backend/core/templates/core/ra_pdf.html @@ -1,4 +1,4 @@ {% extends 'core/base_pdf.html' %} {% block content %} {% include 'snippets/ra_data.html' with pdf=True scenarios=context %} -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/backend/core/templates/registration/first_connexion_email.html b/backend/core/templates/registration/first_connexion_email.html index ca3c65625..328c4fbd5 100644 --- a/backend/core/templates/registration/first_connexion_email.html +++ b/backend/core/templates/registration/first_connexion_email.html @@ -35,7 +35,7 @@

{% trans "Your all-in-one GRC Management Platform" %}

- {% trans "Set my password" %} + {% trans "Set my password" %}

{% trans "An issue with the link? copy and paste the following in your browser" %}:

@@ -68,4 +68,4 @@

{% trans "Your all-in-one GRC Management Platform" %}

{% endautoescape %} - \ No newline at end of file + diff --git a/backend/core/templates/registration/password_reset_email.html b/backend/core/templates/registration/password_reset_email.html index ff660c8ba..d03332e08 100644 --- a/backend/core/templates/registration/password_reset_email.html +++ b/backend/core/templates/registration/password_reset_email.html @@ -64,4 +64,4 @@

{% trans "Your all-in-one GRC Management Platform" %}

- \ No newline at end of file + diff --git a/backend/core/templates/snippets/mp_data.html b/backend/core/templates/snippets/mp_data.html index 2e5bede7c..615443667 100644 --- a/backend/core/templates/snippets/mp_data.html +++ b/backend/core/templates/snippets/mp_data.html @@ -11,12 +11,12 @@

{% trans "Associated risk scenarios" %}:

- + {% if not context %} - @@ -24,7 +24,7 @@ {% for scenario in context %} {% endfor %} @@ -96,4 +96,4 @@
+ {% trans "Risk risk_assessment seems to be empty. Measure Plan cannot be generated." %}
-

{{ scenario.rid }}: {{ scenario.name }}

+

{{ scenario.rid }}: {{ scenario.name }}

{{ appliedcontrol.get_status_display|lower }} + bg-green-200 + {% endif %}">{{ appliedcontrol.get_status_display|lower }}
- \ No newline at end of file + diff --git a/backend/core/templates/snippets/ra_data.html b/backend/core/templates/snippets/ra_data.html index 3f5fb2962..4c26c57b3 100644 --- a/backend/core/templates/snippets/ra_data.html +++ b/backend/core/templates/snippets/ra_data.html @@ -17,7 +17,7 @@ {% endfor %} -
  • {% trans "Status:" %} {% if risk_assessment.is_draft %} +
  • {% trans "Status:" %} {% if risk_assessment.is_draft %} {% trans "Draft" %} {% else %} {% trans "Ready" %} {% endif %}
  • {% trans "Created at:" %} {{ risk_assessment.created_at|date }}
    • diff --git a/backend/core/templates/snippets/risk_matrix.html b/backend/core/templates/snippets/risk_matrix.html index c1013172d..9b4614c90 100644 --- a/backend/core/templates/snippets/risk_matrix.html +++ b/backend/core/templates/snippets/risk_matrix.html @@ -85,7 +85,7 @@
    {% trans "Impact" %}
    - +

    {% trans "Risk levels" %}

    diff --git a/backend/library/libraries/owasp-top-10-web.yaml b/backend/library/libraries/owasp-top-10-web.yaml index dde5d7b9c..ce1366760 100644 --- a/backend/library/libraries/owasp-top-10-web.yaml +++ b/backend/library/libraries/owasp-top-10-web.yaml @@ -47,7 +47,7 @@ objects: Insecure design is a broad category representing different weaknesses, expressed as missing or ineffective control design. - urn: urn:intuitem:risk:threat:A05 - ref_id: A05 + ref_id: A05 name: Security Misconfiguration description: "The application might be vulnerable if the application is: Missing diff --git a/docker-compose-build.sh b/docker-compose-build.sh index 0c7ed5ea7..ed5eed373 100755 --- a/docker-compose-build.sh +++ b/docker-compose-build.sh @@ -19,7 +19,7 @@ else prepare_meta_file # Build and start the containers - docker compose -f docker-compose-build.yml build + docker compose -f docker-compose-build.yml build docker compose -f docker-compose-build.yml up -d # Perform database migrations diff --git a/documentation/architecture/data-model.md b/documentation/architecture/data-model.md index 6e0909c92..e4560b90a 100644 --- a/documentation/architecture/data-model.md +++ b/documentation/architecture/data-model.md @@ -41,7 +41,7 @@ erDiagram ROOT_FOLDER ||--o{ ROLE : contains ROOT_FOLDER ||--o{ ROLE_ASSIGNMENT : contains ROOT_FOLDER_OR_DOMAIN ||--o{ EVIDENCE : contains - ROOT_FOLDER_OR_DOMAIN ||--o{ APPLIED_CONTROL : contains + ROOT_FOLDER_OR_DOMAIN ||--o{ APPLIED_CONTROL : contains ROOT_FOLDER_OR_DOMAIN ||--o{ RISK_ACCEPTANCE : contains ROOT_FOLDER_OR_DOMAIN ||--o{ ASSET : contains ROOT_FOLDER_OR_DOMAIN ||--o{ THREAT : contains @@ -112,7 +112,7 @@ erDiagram int min_score int max_score json score_definition - } + } COMPLIANCE_ASSESSMENT { string name @@ -333,8 +333,8 @@ FolderMixin <|-- UserGroup FolderMixin <|-- User AbstractBaseModel <|-- User AbstractBaseUser <|-- User -NameDescriptionMixin <|-- Role -FolderMixin <|-- Role +NameDescriptionMixin <|-- Role +FolderMixin <|-- Role NameDescriptionMixin <|-- RoleAssignment FolderMixin <|-- RoleAssignment @@ -436,8 +436,8 @@ ReferentialObjectMixin <|-- RequirementLevel ReferentialObjectMixin <|-- RequirementNode ReferentialObjectMixin <|-- Mapping NameDescriptionMixin <|-- Assessment -FolderMixin <|-- Project -NameDescriptionMixin <|-- Project +FolderMixin <|-- Project +NameDescriptionMixin <|-- Project FolderMixin <|-- Asset NameDescriptionMixin <|-- Asset FolderMixin <|-- Evidence @@ -566,7 +566,7 @@ namespace DomainObjects { +DateField expiry_date +CharField link +CharField effort - + +RiskScenario[] risk_scenarios() +RiskAssessments[] risk_assessments() +Project[] projects() @@ -609,7 +609,7 @@ class RiskAssessment { +get_scenario_count() int +quality_check() +risk_scoring(probability, impact, risk_matrix) int -} +} class ComplianceAssessment { @@ -645,7 +645,7 @@ class RiskScenario { +CharField treatment +CharField strength_of_knowledge +CharField justification - + +Project parent_project() +RiskMatrix get_matrix() +get_current_risk(s) int @@ -721,7 +721,7 @@ Threats are referential objects used to clarify the aim of a requirement node or Reference controls are templates for Applied controls. They facilitate the creation of a applied control, and help to have consistent Applied controls. They are not mandatory to create a applied control, but recommended. Reference controls have a category within the following possibilities: --/Policy/Process/Technical/Physical. - + ## Applied controls Applied controls are fundamental objects for compliance and remediation. They can derive from a reference control, which provides better consistency, or be independent. @@ -761,11 +761,11 @@ The state of a review can be: created/submitted/validated/changes requested/depr When a compliance assessment is created, each requirement of the corresponding framework is linked to a requirement assessment object. To cover a requirement, the assessor shall link it to Applied controls. -Here are the specific fields for requirement assessments: +Here are the specific fields for requirement assessments: - status: --/to do/in progress/done. - result: --/compliant/non-compliant minor/non-compliant major/not applicable - score: --/. -- ETA (Estimated Time of Arrival) date +- ETA (Estimated Time of Arrival) date - due date. This is for example useful to organize an audit plan. The compliance assessment score is a read-only field which is calculated when at least one requirement assessment is scored. We calculate the average of scored requriement assessments (ignoring requirement assessments with an undefined score). @@ -811,7 +811,7 @@ The risk evaluation is automatically done based on the selected risk matrix. ## Risk matrices -Risk matrices are referential objects that are imported from a library. +Risk matrices are referential objects that are imported from a library. The definition JSON field has the following format: @@ -835,7 +835,7 @@ The definition JSON field has the following format: {"abbreviation": "H", "name": "High", "description": "unacceptable risk", "hexcolor": "#FF0000"} ], "grid": [ - [1, 2, 2], + [1, 2, 2], [0, 1, 2], [0, 0, 1]] } @@ -895,7 +895,7 @@ Referential objects can be downloaded from a library. They are called "global re Conversely, a referential object with a null URN is called a "local referential object" has the following characteristics: - it is created by a user in a given domain (not in the root folder) -- it can be edited with proper permission. +- it can be edited with proper permission. - The URN cannot be edited and is hidden. - default_locale=True (non-localized object) @@ -908,7 +908,7 @@ Framework and risk matrix objects can only come from a library. The URN allows in particular having a threat or reference control used in several frameworks. -It is possible to mix global and local referential objects. For example, a client can use threats coming from the MITRE referential and also define custom threats directly in CISO Assistant. +It is possible to mix global and local referential objects. For example, a client can use threats coming from the MITRE referential and also define custom threats directly in CISO Assistant. Note: links to URN occur only in libraries, links in the database shall always use the UUID of the object. @@ -995,4 +995,3 @@ Built-in objects are predefined in CISO Assistant. They can be viewed following Types that can be built-in are: folders, roles, role assignments and groups. Names of built-in objects can be internationalized. - diff --git a/frontend/project.inlang/project_id b/frontend/project.inlang/project_id index b64789ba6..bb9fa73f0 100644 --- a/frontend/project.inlang/project_id +++ b/frontend/project.inlang/project_id @@ -1 +1 @@ -60a4f66cd6e3931731f3b9cda5ab2dbf6d9162025e72699c5708e0086a9c3a67 \ No newline at end of file +60a4f66cd6e3931731f3b9cda5ab2dbf6d9162025e72699c5708e0086a9c3a67 diff --git a/frontend/src/lib/assets/ciso.svg b/frontend/src/lib/assets/ciso.svg index 233210e0d..70a3ede0b 100644 --- a/frontend/src/lib/assets/ciso.svg +++ b/frontend/src/lib/assets/ciso.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/frontend/src/lib/components/ModelTable/ModelTable.svelte b/frontend/src/lib/components/ModelTable/ModelTable.svelte index b3f988d43..d0db8a120 100644 --- a/frontend/src/lib/components/ModelTable/ModelTable.svelte +++ b/frontend/src/lib/components/ModelTable/ModelTable.svelte @@ -264,7 +264,7 @@ {#if row.meta[identifierField]} {@const actionsComponent = field_component_map['actions']} - ciso_assistant/build.json \ No newline at end of file +exec ciso_assistant/scripts/generate_build_file.sh > ciso_assistant/build.json diff --git a/git_hooks/post-merge b/git_hooks/post-merge index 010b9bb5e..6aae75388 100755 --- a/git_hooks/post-merge +++ b/git_hooks/post-merge @@ -1,3 +1,3 @@ #!/usr/bin/env bash -exec ciso_assistant/scripts/generate_build_file.sh > ciso_assistant/build.json \ No newline at end of file +exec ciso_assistant/scripts/generate_build_file.sh > ciso_assistant/build.json diff --git a/tools/README.md b/tools/README.md index 9788eaf47..c305ff7b8 100644 --- a/tools/README.md +++ b/tools/README.md @@ -55,7 +55,7 @@ Conventions: For requirements: If no section_name is given, no upper group is defined, else an upper group (depth 0) with the section name is used. The first line is a header, with the following possible fields (* for required): - - assessable(*): non-empty (e.g x) if this is a requirement + - assessable(*): non-empty (e.g x) if this is a requirement - depth(*): 1/2/3/... to describe the tree - ref_id - name @@ -77,7 +77,7 @@ Conventions: - category (policy/process/techncial/physical). - annotation A library has a single locale. Translated libraries have the same urns, they are merged during import. - Dependencies are given as a comma or blank separated list of urns. + Dependencies are given as a comma or blank separated list of urns. ``` ## Caveats diff --git a/tools/aircyber/aircyber.py b/tools/aircyber/aircyber.py index e939d8738..b16600117 100644 --- a/tools/aircyber/aircyber.py +++ b/tools/aircyber/aircyber.py @@ -24,8 +24,8 @@ ''' packager = 'intuitem' -library_description = '''AirCyber is the AeroSpace and Defense official standard for Cybersecurity maturity evaluation and increase built by Airbus, Dassault Aviation, Safran and Thales to help the AeroSpace SupplyChain to be more resilient. -Their joint venture BoostAeroSpace is offering this extract of the AirCyber maturity level matrix to provide further details on this standard, the questions and the AirCyber maturity levels they are associated to. +library_description = '''AirCyber is the AeroSpace and Defense official standard for Cybersecurity maturity evaluation and increase built by Airbus, Dassault Aviation, Safran and Thales to help the AeroSpace SupplyChain to be more resilient. +Their joint venture BoostAeroSpace is offering this extract of the AirCyber maturity level matrix to provide further details on this standard, the questions and the AirCyber maturity levels they are associated to. AirCyber program uses this maturity level matrix as the base of the cyber maturity evaluation as is the evaluation activity is the very starting point for any cyber maturity progression. Being aware of the problems is the mandatory very first knowledge a company shall know to decide to launch a cybersecurity company program. Source: https://boostaerospace.com/aircyber/ ''' @@ -55,7 +55,7 @@ if devenv: question_en += '\n[Development Environment]' output_table.append(('x', 1, question_number, question_name, question_en)) - + print("generating", output_file_name) wb_output = openpyxl.Workbook() @@ -82,5 +82,3 @@ ws1.append(row) print("generate ", output_file_name) wb_output.save(output_file_name) - - diff --git a/tools/ccm/convert_ccm.py b/tools/ccm/convert_ccm.py index 258455795..0200c75bd 100644 --- a/tools/ccm/convert_ccm.py +++ b/tools/ccm/convert_ccm.py @@ -1,6 +1,6 @@ -''' +''' simple script to transform the official CCM Excel file to another Excel file for CISO assistant framework conversion tool -''' +''' import openpyxl import sys diff --git a/tools/cis/convert_cis.py b/tools/cis/convert_cis.py index 1583937fb..979d06dcb 100644 --- a/tools/cis/convert_cis.py +++ b/tools/cis/convert_cis.py @@ -1,6 +1,6 @@ -''' +''' simple script to transform the official CIS Excel file to another Excel file for CISO assistant framework conversion tool -''' +''' import openpyxl import sys diff --git a/tools/convert_framework.py b/tools/convert_framework.py index 145650e30..e216167f7 100644 --- a/tools/convert_framework.py +++ b/tools/convert_framework.py @@ -1,4 +1,4 @@ -''' +''' simple script to transform an Excel file to a yaml library for a CISO assistant framework Conventions: | means a cell separation, <> means empty cell @@ -36,7 +36,7 @@ For requirements: If no section_name is given, no upper group is defined, else an upper group (depth 0) with the section name is used. The first line is a header, with the following possible fields (* for required): - - assessable(*): non-empty (e.g x) if this is a requirement + - assessable(*): non-empty (e.g x) if this is a requirement - depth(*): 1/2/3/... to describe the tree - ref_id - name @@ -59,7 +59,7 @@ - annotation A library has a single locale. Translated libraries have the same urns, they are merged during import. Dependencies are given as a comma or blank separated list of urns. -''' +''' import openpyxl import sys @@ -68,7 +68,7 @@ from pprint import pprint from collections import defaultdict -LIBRARY_VARS = ('library_urn', 'library_version', 'library_locale', 'library_ref_id', 'library_name', 'library_description', +LIBRARY_VARS = ('library_urn', 'library_version', 'library_locale', 'library_ref_id', 'library_name', 'library_description', 'framework_urn', 'framework_ref_id', 'framework_name', 'framework_description', 'library_copyright', 'library_provider', 'library_packager', 'reference_control_base_urn', 'threat_base_urn', 'library_dependencies', 'tab') library_vars = {} @@ -232,9 +232,9 @@ def read_header(row): current_function = {} current_function['urn'] = f"{reference_controls_base_urn}:{ref_id_urn}" current_function['ref_id'] = ref_id - if name: + if name: current_function['name'] = name - if category: + if category: current_function['category'] = category if description: current_function['description'] = description diff --git a/tools/nist/sp-800-66/nist-sp-800-66.py b/tools/nist/sp-800-66/nist-sp-800-66.py index ad06f317f..268e1725c 100644 --- a/tools/nist/sp-800-66/nist-sp-800-66.py +++ b/tools/nist/sp-800-66/nist-sp-800-66.py @@ -73,5 +73,3 @@ ws1.append(row) print("generate ", output_file_name) wb_output.save(output_file_name) - - diff --git a/tools/tisax/convert_tisax.py b/tools/tisax/convert_tisax.py index 120ff5e23..8c2d43ebf 100644 --- a/tools/tisax/convert_tisax.py +++ b/tools/tisax/convert_tisax.py @@ -21,7 +21,7 @@ library_copyright = '''© 2023 ENX Association, an Association according to the French Law of 1901, registered under No. w923004198 at the Sous-préfecture of Boulogne-Billancourt, France. This work of ENX's Working Group ISA was provided to the VDA in the present version by the ENX Association for published by the VDA as the VDA ISA. It is made to all interested parties free of charge under the following licensing terms. The release in the VDA is done by the VDA's Working Group Information Security and Economic Protection. Publication takes place with the consent of the rights holder. The VDA is responsible for the publication of the VDA ISA. The Tab ""Data Protection"" is provided, owned and copyrighted by VERBAND DER AUTOMOBILINDUSTRIE e.V. (VDA, German Association of the Automotive Industry); Behrenstr. 35; 10117 Berlin" -This work has been licensed under Creative Commons Attribution - No Derivative Works 4.0 International Public License. In addition, You are granted the right to distribute derivatives under certain terms as detailed in section 9 which are not part of the Creative Commons license. The complete and valid text of the license is to be found in line 17ff. +This work has been licensed under Creative Commons Attribution - No Derivative Works 4.0 International Public License. In addition, You are granted the right to distribute derivatives under certain terms as detailed in section 9 which are not part of the Creative Commons license. The complete and valid text of the license is to be found in line 17ff. ''' packager = 'intuitem' @@ -43,18 +43,18 @@ title = tab.title if title in ("Information Security", "Prototype Protection", "Data Protection"): for row in tab: - (_, _, control_number, _, _, _, _, control_question, objective, req_must, req_should, req_high, req_very_high, req_sga, usual_resp, _, _, _, _, _, _, _, + (_, _, control_number, _, _, _, _, control_question, objective, req_must, req_should, req_high, req_very_high, req_sga, usual_resp, _, _, _, _, _, _, _, further_info, ex_normal, ex_high, ex_very_high) = (r.value for r in row[0:26]) if type(control_number) == int: control_number = str(control_number) if control_number and re.fullmatch(r'\d', control_number): level=2 print(control_number, control_question) - output_table.append(('', 1, control_number, control_question, '')) + output_table.append(('', 1, control_number, control_question, '')) if control_number and re.fullmatch(r'\d\.\d+', control_number): level=3 print(control_number, control_question) - output_table.append(('', 2, control_number, control_question, '')) + output_table.append(('', 2, control_number, control_question, '')) if control_number and re.fullmatch(r'\d\.\d+\.\d+', control_number): if re.match(r'Superseded by', control_question): print("skipping", control_number) @@ -71,7 +71,7 @@ output_table.append(('x', level+1, '', '(for Simplified Group Assessments)', req_sga)) if further_info: output_table.append(('', level+1, '', 'Further information', further_info)) - + print("generating", output_file_name) wb_output = openpyxl.Workbook() ws = wb_output.active @@ -97,5 +97,3 @@ ws1.append(row) print("generate ", output_file_name) wb_output.save(output_file_name) - -