-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 4df77a4
Showing
14 changed files
with
13,910 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# This is a basic workflow to help you get started with Actions | ||
|
||
name: CI | ||
|
||
# Controls when the workflow will run | ||
on: | ||
# Triggers the workflow on push or pull request events but only for the "main" branch | ||
push: | ||
branches: [ "main" ] | ||
|
||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: | ||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
# This workflow contains a single job called "build" | ||
build: | ||
# The type of runner that the job will run on | ||
runs-on: ubuntu-latest | ||
|
||
# Steps represent a sequence of tasks that will be executed as part of the job | ||
steps: | ||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | ||
- uses: actions/checkout@v3 | ||
- name: Generate excel | ||
run: | | ||
python3 -m pip install -r requirements.txt | ||
python3 main.py -i resources/OWASP.Application.Security.Verification.Standard.4.0.3-en.json | ||
# Runs a single command using the runners shell | ||
- name: Create Release | ||
uses: softprops/action-gh-release@v1 | ||
with: | ||
files: ASVS-Checklist-v4.0.3.xlsx | ||
tag_name: v4.0.3 | ||
release_name: ASVS Checklist v4.0.3 | ||
body: New release with ASVS Checklist v4.0.3 | ||
draft: false | ||
prerelease: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,177 @@ | ||
*.xlsx | ||
.DS_Store | ||
|
||
# VSCode settings | ||
.vscode/* | ||
!.vscode/settings.json | ||
!.vscode/tasks.json | ||
!.vscode/launch.json | ||
!.vscode/extensions.json | ||
!.vscode/*.code-snippets | ||
|
||
# Local History for Visual Studio Code | ||
.history/ | ||
|
||
# Built Visual Studio Code Extensions | ||
*.vsix | ||
|
||
# Byte-compiled / optimiz:ed / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
lib/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
cover/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
.pybuilder/ | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
# For a library or package, you might want to ignore these files since the code is | ||
# intended to run in multiple environments; otherwise, check them in: | ||
# .python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# poetry | ||
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. | ||
# This is especially recommended for binary packages to ensure reproducibility, and is more | ||
# commonly ignored for libraries. | ||
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control | ||
#poetry.lock | ||
|
||
# pdm | ||
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. | ||
#pdm.lock | ||
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it | ||
# in version control. | ||
# https://pdm.fming.dev/#use-with-ide | ||
.pdm.toml | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ | ||
|
||
# pytype static type analyzer | ||
.pytype/ | ||
|
||
# Cython debug symbols | ||
cython_debug/ | ||
|
||
# PyCharm | ||
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can | ||
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore | ||
# and can be added to the global gitignore or merged into this file. For a more nuclear | ||
# option (not recommended) you can uncomment the following to ignore the entire idea folder. | ||
#.idea/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# OWASP Application Security Verification Standard Project (ASVS) Checklist | ||
|
||
This is a parallel repository that covers the need to have a checklist for ASVS inspired by the MASVS checklist. | ||
|
||
It contains a overview page with details about the progress. | ||
|
||
![](docs/img/overview.png) | ||
|
||
Each section has its own page with all the controls where you can track compliance. | ||
|
||
![](docs/img/control.png) | ||
|
||
## Usage | ||
|
||
The python script takes a json as an input which contains all the controls. | ||
|
||
You can obtains these from the official ASVS repository. Usually you can found them in the realeases page. | ||
|
||
Once you have a json with the full list of ASVS controls you can generate your own excel file like this: | ||
|
||
`python3 main.py -i <asvs-controls>.json` | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
from json import loads | ||
from worksheet_generator import WorkSheetGenerator | ||
from overview_worksheet import OverviewWorksheet | ||
from xlsxwriter import Workbook | ||
import argparse | ||
|
||
parser = argparse.ArgumentParser() | ||
parser.add_argument('-i', '--input-json', help='JSON input file with the ASVS controls', required=True) | ||
parser.add_argument('-o', '--output', help='Output filename') | ||
args = parser.parse_args() | ||
|
||
def readCSV(filename): | ||
f = open(filename, "r") | ||
data = loads(f.read()) | ||
f.close() | ||
return data | ||
|
||
if __name__ == "__main__": | ||
data = readCSV(args.input_json) | ||
if not args.output: | ||
args.output = f'ASVS-Checklist-v{data["Version"]}' | ||
|
||
workbook = Workbook(f'{args.output}.xlsx') | ||
|
||
OverviewWorksheet(workbook=workbook,worksheet_title="Overview", categories=[(x['Name'], x['ShortName']) for x in data['Requirements']]) | ||
|
||
for category in data['Requirements']: | ||
worksheet = WorkSheetGenerator(workbook=workbook,worksheet_title=data['Name'], worksheet_name=category["Name"], worksheet_shortname=category["ShortName"], name=data["ShortName"], version=data["Version"]) | ||
worksheet.generateWorksheet(category['Items']) | ||
|
||
workbook.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
from enum import Enum | ||
|
||
class OverviewStyles(Enum): | ||
TABLE_TITLES = {'bold': True, 'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'align': 'center', 'bg_color': '#23548D'} | ||
TABLE_CATEGORY_TITLE = {'bold': True, 'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'bg_color': '#23548D'} | ||
TABLE_CATEGORIES = {'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'bg_color': '#23548D'} | ||
TABLE_DATA = {'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'align': 'center', 'bg_color': '#347ED4'} | ||
TABLE_DATA_PERCENTAGE = {'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'align': 'center', 'bg_color': '#347ED4', 'num_format': 10} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
from xlsxwriter.workbook import Workbook | ||
from overview_styles import OverviewStyles | ||
|
||
class OverviewWorksheet: | ||
|
||
def __init__(self, workbook: Workbook, worksheet_title, categories): | ||
self.workbook = workbook | ||
self.worksheet_title = worksheet_title | ||
self.categories = categories | ||
self.worksheet = self.workbook.add_worksheet(worksheet_title) | ||
self.generateOverviewWorksheet() | ||
|
||
def generateChart(self): | ||
chart = self.workbook.add_chart({'type': 'radar', 'subtype': 'filled'}) | ||
chart.add_series({'name_font': {'color':'#595959'},'name':'Percentage (total/completed)', 'categories': f'={self.worksheet_title}!$A$2:$A$15', 'values': f'={self.worksheet_title}!$J$2:$J$15','line': {'color': '#4F81BD', "width": 4, 'transparency': 70}, 'marker': {'type': 'circle', 'size': 4}, "fill": {"none": True}}) | ||
chart.set_y_axis( | ||
{'min': 0.0, 'max': 1.0, | ||
'major_gridlines': { | ||
'visible': True, | ||
'line': {'color': '#D9D9D9', 'width': 0.75} | ||
}, | ||
'line': {'none': True}, | ||
'num_font':{'color': '#595959'} | ||
} | ||
) | ||
chart.set_chartarea({'name_font':{'color': '#595959'}}) | ||
chart.set_x_axis( | ||
{'num_font':{'color': '#595959'}} | ||
) | ||
chart.set_size({'width': 1458, 'height': 415 }) | ||
chart.set_legend({'position': 'bottom', 'font':{'color': '#595959'}}) | ||
chart.set_title({'name': 'Passed requirements', 'name_font':{'color': '#595959'}}) | ||
self.worksheet.insert_chart('A16', chart) | ||
|
||
def generateOverviewWorksheet(self): | ||
self.worksheet.set_column("A:A", 50) | ||
self.worksheet.set_column("B:K", 15) | ||
|
||
self.worksheet.write("A1", "Section", self.workbook.add_format(OverviewStyles.TABLE_CATEGORY_TITLE.value)) | ||
self.worksheet.write("B1", "L1", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("C1", "L2", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("D1", "L3", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("E1", "Total", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("F1", "L1 (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("G1", "L2 (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("H1", "L3 (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("I1", "Total (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("J1", "Pecentage", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
self.worksheet.write("K1", "Current Level", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value)) | ||
|
||
for index in range(2,len(self.categories)+1): | ||
self.worksheet.write(f"A{index}", self.categories[index-2][0], self.workbook.add_format(OverviewStyles.TABLE_CATEGORIES.value)) | ||
self.worksheet.write_formula(f"B{index}", f'=COUNTIFS({self.categories[index-2][1]}!D:D, "✓", {self.categories[index-2][1]}!G:G, "<>N/A")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"C{index}", f'=COUNTIFS({self.categories[index-2][1]}!E:E, "✓", {self.categories[index-2][1]}!G:G, "<>N/A")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"D{index}", f'=COUNTIFS({self.categories[index-2][1]}!F:F, "✓", {self.categories[index-2][1]}!G:G, "<>N/A")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"E{index}", f'=MAX(B{index}:D{index})', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"F{index}", f'=COUNTIFS({self.categories[index-2][1]}!D:D, "✓", {self.categories[index-2][1]}!G:G, "Pass")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"G{index}", f'=COUNTIFS({self.categories[index-2][1]}!E:E, "✓", {self.categories[index-2][1]}!G:G, "Pass")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"H{index}", f'=COUNTIFS({self.categories[index-2][1]}!F:F, "✓", {self.categories[index-2][1]}!G:G, "Pass")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"I{index}", f'=MAX(F{index}:H{index})', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
self.worksheet.write_formula(f"J{index}", f'=I{index}/E{index}', self.workbook.add_format(OverviewStyles.TABLE_DATA_PERCENTAGE.value)) | ||
self.worksheet.write_formula(f"K{index}", f'=_xlfn.IFS(AND(D{index}<>0,D{index}=H{index}),"L3",AND(C{index}<>0,C{index}=G{index}),"L2",AND(B{index}<>0,B{index}=F{index}), "L1", TRUE, "")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value)) | ||
|
||
self.generateChart() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
xlsxwriter == 3.0.3 |
Oops, something went wrong.