Merge branch 'main' into model/ebios-rm-study-meta-field

backend/ebios_rm/models.py

@@ -16,6 +16,7 @@
 )
 from iam.models import FolderMixin, User
 from tprm.models import Entity
+import json
 
 INITIAL_META = {
     "workshops": [
@@ -333,6 +334,13 @@ def get_pertinence(self):
             PERTINENCE_MATRIX[self.motivation - 1][self.resources - 1]
         ).label
 
+    def get_gravity(self):
+        gravity = -1
+        for feared_event in self.feared_events.all():
+            if feared_event.gravity > gravity:
+                gravity = feared_event.gravity
+        return gravity
+
 
 class Stakeholder(AbstractBaseModel, FolderMixin):
     class Category(models.TextChoices):
@@ -497,6 +505,10 @@ def save(self, *args, **kwargs):
         self.folder = self.ebios_rm_study.folder
         super().save(*args, **kwargs)
 
+    @property
+    def gravity(self):
+        return self.ro_to_couple.get_gravity()
+
 
 class OperationalScenario(AbstractBaseModel, FolderMixin):
     ebios_rm_study = models.ForeignKey(
@@ -545,16 +557,67 @@ def risk_matrix(self):
     def parsed_matrix(self):
         return self.risk_matrix.parse_json_translated()
 
+    @property
+    def ref_id(self):
+        sorted_operational_scenarios = list(
+            OperationalScenario.objects.filter(
+                ebios_rm_study=self.ebios_rm_study
+            ).order_by("created_at")
+        )
+        return sorted_operational_scenarios.index(self) + 1
+
+    @property
+    def gravity(self):
+        return self.attack_path.gravity
+
+    @property
+    def stakeholders(self):
+        return self.attack_path.stakeholders.all()
+
+    @property
+    def ro_to(self):
+        return self.attack_path.ro_to_couple
+
     def get_likelihood_display(self):
         if self.likelihood < 0:
             return {
                 "abbreviation": "--",
                 "name": "--",
                 "description": "not rated",
                 "value": -1,
+                "hexcolor": "#f9fafb",
             }
         risk_matrix = self.parsed_matrix
         return {
             **risk_matrix["probability"][self.likelihood],
             "value": self.likelihood,
         }
+
+    def get_gravity_display(self):
+        if self.gravity < 0:
+            return {
+                "abbreviation": "--",
+                "name": "--",
+                "description": "not rated",
+                "value": -1,
+            }
+        risk_matrix = self.parsed_matrix
+        return {
+            **risk_matrix["impact"][self.gravity],
+            "value": self.gravity,
+        }
+
+    def get_risk_level_display(self):
+        if self.likelihood < 0 or self.gravity < 0:
+            return {
+                "abbreviation": "--",
+                "name": "--",
+                "description": "not rated",
+                "value": -1,
+            }
+        risk_matrix = self.parsed_matrix
+        risk_index = risk_matrix["grid"][self.likelihood][self.gravity]
+        return {
+            **risk_matrix["risk"][risk_index],
+            "value": risk_index,
+        }

backend/ebios_rm/serializers.py

@@ -165,9 +165,14 @@ class OperationalScenarioReadSerializer(BaseModelSerializer):
     str = serializers.CharField(source="__str__")
     ebios_rm_study = FieldsRelatedField()
     folder = FieldsRelatedField()
-    attack_path = FieldsRelatedField()
+    attack_path = FieldsRelatedField(["id", "name", "description"])
+    stakeholders = FieldsRelatedField(many=True)
+    ro_to = FieldsRelatedField(["risk_origin", "target_objective"])
     threats = FieldsRelatedField(many=True)
     likelihood = serializers.JSONField(source="get_likelihood_display")
+    gravity = serializers.JSONField(source="get_gravity_display")
+    risk_level = serializers.JSONField(source="get_risk_level_display")
+    ref_id = serializers.CharField()
 
     class Meta:
         model = OperationalScenario

backend/ebios_rm/views.py

@@ -1,3 +1,4 @@
+import django_filters as df
 from core.serializers import RiskMatrixReadSerializer
 from core.views import BaseModelViewSet as AbstractBaseModelViewSet
 from core.serializers import RiskMatrixReadSerializer
@@ -140,12 +141,23 @@ def category(self, request):
         return Response(dict(Stakeholder.Category.choices))
 
 
+class AttackPathFilter(df.FilterSet):
+    used = df.BooleanFilter(method="is_used", label="Used")
+
+    def is_used(self, queryset, name, value):
+        if value:
+            return queryset.filter(operational_scenario__isnull=False)
+        return queryset.filter(operational_scenario__isnull=True)
+
+    class Meta:
+        model = AttackPath
+        fields = ["ebios_rm_study", "is_selected", "used"]
+
+
 class AttackPathViewSet(BaseModelViewSet):
     model = AttackPath
 
-    filterset_fields = [
-        "ebios_rm_study",
-    ]
+    filterset_class = AttackPathFilter
 
 
 class OperationalScenarioViewSet(BaseModelViewSet):

backend/library/libraries/risk-matrix-6x6-detailed.yaml

@@ -0,0 +1,204 @@
+urn: urn:intuitem:risk:library:risk-matrix-6x6-detailed
+locale: fr
+ref_id: risk-matrix-6x6-detailed
+name: 6x6 detailed
+description: 6x6 detailed example
+copyright: domaine public
+version: 1
+provider: intuitem
+packager: intuitem
+objects:
+  risk_matrix:
+  - urn: urn:intuitem:risk:matrix:6x6-detailed
+    ref_id: risk-matrix-6x6-detailed
+    name: 6x6 detailed
+    description: 6x6 detailed example
+    probability:
+    - id: 0
+      abbreviation: EX
+      name: Exceptionnel
+      description: Une fois tous les 5 ans ou 1 tous les 10.000 (< 1%)
+      translations:
+        en:
+          name: Exceptional
+          description: Once every 5 years or every 10,000 days (< 1%)
+      hexcolor: '#00B050'
+    - id: 1
+      abbreviation: RA
+      name: Rare
+      description: Une fois par an ou 1 tous les 1.000 (< 5%)
+      translations:
+        en:
+          name: Rare
+          description: Once per year or every 1,000 days (< 5%)
+      hexcolor: '#FFFF00'
+    - id: 2
+      abbreviation: UL
+      name: "Peu fr\xE9quent"
+      description: Une fois par trimestre ou 1 tous les 100 (< 10%)
+      translations:
+        en:
+          name: Uncommon
+          description: Once per quarter or every 100 days (< 10%)
+      hexcolor: '#FFC000'
+    - id: 3
+      abbreviation: LI
+      name: "Fr\xE9quent"
+      description: Une fois par mois ou 1 tous les 50 (< 20%)
+      translations:
+        en:
+          name: Common
+          description: Once per month or every 50 days (< 20%)
+      hexcolor: '#FF0000'
+    - id: 4
+      abbreviation: VF
+      name: "Tr\xE8s fr\xE9quent"
+      description: Une fois par semaine ou 1 tous les 10 (<90%)
+      translations:
+        en:
+          name: Very frequent
+          description: Once per week or every 10 days (< 90%)
+      hexcolor: '#FF0000'
+    - id: 5
+      abbreviation: RE
+      name: "R\xE9current"
+      description: Une fois par jour 1 tous les 2 (> 90%)
+      translations:
+        en:
+          name: Recurrent
+          description: Once per day or every 2 days (> 90%)
+      hexcolor: '#FF0000'
+    impact:
+    - id: 0
+      abbreviation: LO
+      name: 'Faible '
+      description: "<10k\u20AC "
+      translations:
+        en:
+          name: 'Low '
+          description: "<10k\u20AC "
+      hexcolor: '#00B050'
+    - id: 1
+      abbreviation: MI
+      name: "Mod\xE9r\xE9 "
+      description: " entre 10 et 50k\u20AC "
+      translations:
+        en:
+          name: Moderate
+          description: " from 10 to 50k\u20AC "
+      hexcolor: '#FFFF00'
+    - id: 2
+      abbreviation: SI
+      name: 'Significatif '
+      description: " entre 50 et 100k\u20AC "
+      translations:
+        en:
+          name: 'Significant '
+          description: " from 50 to 100k\u20AC "
+      hexcolor: '#FFC000'
+    - id: 3
+      abbreviation: SE
+      name: "S\xE9rieux "
+      description: "entre 100 et 500 k\u20AC"
+      translations:
+        en:
+          name: Serious
+          description: "from 100 to 500 k\u20AC"
+      hexcolor: '#FF0000'
+    - id: 4
+      abbreviation: CR
+      name: 'Critique '
+      description: "entre 500 et 1 000 k\u20AC"
+      translations:
+        en:
+          name: 'Critical '
+          description: "from 500 to 1 000 k\u20AC"
+      hexcolor: '#FF0000'
+    - id: 5
+      abbreviation: CA
+      name: 'Catastrophique '
+      description: "> 1 000 k\u20AC"
+      translations:
+        en:
+          name: 'Catastrophic '
+          description: "> 1 000 k\u20AC"
+      hexcolor: '#FF0000'
+    risk:
+    - id: 0
+      abbreviation: LO
+      name: Faible
+      description: "Risque n\xE9gligeable"
+      translations:
+        en:
+          name: Low
+          description: Negligible risk
+      hexcolor: '#00B050'
+    - id: 1
+      abbreviation: MO
+      name: "Mod\xE9r\xE9"
+      description: "Risque relevant de l'activit\xE9 courante du m\xE9tier (dispositifs\
+        \ de\nma\xEEtrise inscrits dans les proc\xE9dures et outils)"
+      translations:
+        en:
+          name: Moderate
+          description: Risk related to routine business activity (control measures
+            defined in procedures and tools)
+      hexcolor: '#FFFF00'
+    - id: 2
+      abbreviation: SI
+      name: Significatif
+      description: "Risque demandant un niveau de ma\xEEtrise satisfaisant et un suivi\
+        \ par le m\xE9tier"
+      translations:
+        en:
+          name: Significant
+          description: Risk requiring satisfactory control and monitoring by the business
+      hexcolor: '#FFC000'
+    - id: 3
+      abbreviation: MA
+      name: Majeur
+      description: "Risque prioritaire dont le niveau de ma\xEEtrise doit \xEAtre\
+        \ suivi par la Direction m\xE9tier en relation avec le RSSI"
+      translations:
+        en:
+          name: Major
+          description: Priority risk where control levels must be monitored by business
+            management in coordination with the CISO.
+      hexcolor: '#FF0000'
+    grid:
+    - - 0
+      - 0
+      - 0
+      - 0
+      - 1
+      - 3
+    - - 0
+      - 0
+      - 1
+      - 1
+      - 2
+      - 3
+    - - 0
+      - 1
+      - 1
+      - 2
+      - 2
+      - 3
+    - - 0
+      - 1
+      - 2
+      - 2
+      - 2
+      - 3
+    - - 0
+      - 1
+      - 2
+      - 2
+      - 3
+      - 3
+    - - 1
+      - 2
+      - 2
+      - 3
+      - 3
+      - 3

frontend/messages/en.json

@@ -983,9 +983,6 @@
 	"currentCriticality": "Current criticality",
 	"residualCriticality": "Residual criticality",
 	"notSelected": "Not selected",
-	"identifyRoTo": "Identify RO/TO",
-	"evaluateRoTo": "Evaluate RO/TO",
-	"selectRoTo": "Select RO/TO",
 	"resetPasswordHere": "You can reset your password here.",
 	"resetPassword": "Reset password",
 	"ebiosRm": "Ebios RM",
@@ -996,6 +993,19 @@
 	"noAuthor": "No author assigned",
 	"noReviewer": "No reviewer assigned",
 	"selectAudit": "Select audit",
+	"operationalScenario": "Operational scenario",
+	"operationalScenarioRefId": "Operational scenario {refId}",
+	"operationalScenarios": "Operational scenarios",
+	"addOperationalScenario": "Add operational scenario",
+	"workshopFour": "Workshop 4",
+	"noThreat": "No threat",
+	"likely": "Likely",
+	"unlikely": "Unlikely",
+	"veryLikely": "Very likely",
+	"certain": "Certain",
+	"minor": "Minor",
+	"operatingModesDescription": "Operating modes description",
+	"noStakeholders": "No stakeholders",
 	"errorAssetGraphMustNotContainCycles": "The asset graph must not contain cycles.",
 	"addStakeholder": "Add stakeholder",
 	"markAsDone": "Mark as done",

frontend/src/lib/components/Forms/ModelForm.svelte

@@ -273,7 +273,7 @@
 	{:else if URLModel === 'attack-paths'}
 		<AttackPathForm {form} {model} {cacheLocks} {formDataCache} {initialData} />
 	{:else if URLModel === 'operational-scenarios'}
-		<OperationalScenarioForm {form} {model} {cacheLocks} {formDataCache} {initialData} />
+		<OperationalScenarioForm {form} {model} {cacheLocks} {formDataCache} {initialData} {context} />
 	{/if}
 	<div class="flex flex-row justify-between space-x-4">
 		{#if closeModal}