Initial commit

.github/workflows/release.yml

@@ -0,0 +1,38 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  push:
+    branches: [ "main" ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+      - name: Generate excel
+        run: |
+          python3 -m pip install -r requirements.txt
+          python3 main.py -i resources/OWASP.Application.Security.Verification.Standard.4.0.3-en.json
+      # Runs a single command using the runners shell
+      - name: Create Release
+        uses:  softprops/action-gh-release@v1
+        with:
+          files: ASVS-Checklist-v4.0.3.xlsx
+          tag_name: v4.0.3
+          release_name: ASVS Checklist v4.0.3
+          body: New release with ASVS Checklist v4.0.3
+          draft: false
+          prerelease: false

.gitignore

@@ -0,0 +1,177 @@
+*.xlsx
+.DS_Store
+
+# VSCode settings
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+# Byte-compiled / optimiz:ed / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/

README.md

@@ -0,0 +1,22 @@
+# OWASP Application Security Verification Standard Project (ASVS) Checklist
+
+This is a parallel repository that covers the need to have a checklist for ASVS inspired by the MASVS checklist.
+
+It contains a overview page with details about the progress.
+
+![](docs/img/overview.png)
+
+Each section has its own page with all the controls where you can track compliance.
+
+![](docs/img/control.png)
+
+## Usage
+
+The python script takes a json as an input which contains all the controls.
+
+You can obtains these from the official ASVS repository. Usually you can found them in the realeases page.
+
+Once you have a json with the full list of ASVS controls you can generate your own excel file like this:
+
+`python3 main.py -i <asvs-controls>.json`
+

main.py

@@ -0,0 +1,31 @@
+from json import loads
+from worksheet_generator import WorkSheetGenerator
+from overview_worksheet import OverviewWorksheet
+from xlsxwriter import Workbook
+import argparse
+
+parser =  argparse.ArgumentParser()
+parser.add_argument('-i', '--input-json', help='JSON input file with the ASVS controls', required=True)
+parser.add_argument('-o', '--output', help='Output filename')
+args = parser.parse_args()
+
+def readCSV(filename):
+    f = open(filename, "r")
+    data = loads(f.read())
+    f.close()
+    return data
+
+if __name__ == "__main__":
+    data = readCSV(args.input_json)
+    if not args.output:
+        args.output = f'ASVS-Checklist-v{data["Version"]}'
+
+    workbook = Workbook(f'{args.output}.xlsx')
+
+    OverviewWorksheet(workbook=workbook,worksheet_title="Overview", categories=[(x['Name'], x['ShortName']) for x in data['Requirements']])
+
+    for category in data['Requirements']:
+        worksheet = WorkSheetGenerator(workbook=workbook,worksheet_title=data['Name'], worksheet_name=category["Name"], worksheet_shortname=category["ShortName"], name=data["ShortName"], version=data["Version"])
+        worksheet.generateWorksheet(category['Items'])
+
+    workbook.close()

overview_styles.py

@@ -0,0 +1,8 @@
+from enum import Enum
+
+class OverviewStyles(Enum):
+    TABLE_TITLES = {'bold': True, 'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'align': 'center', 'bg_color': '#23548D'}
+    TABLE_CATEGORY_TITLE = {'bold': True, 'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'bg_color': '#23548D'}
+    TABLE_CATEGORIES = {'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'bg_color': '#23548D'}
+    TABLE_DATA = {'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'align': 'center', 'bg_color': '#347ED4'}
+    TABLE_DATA_PERCENTAGE = {'font_name': 'Avenir', 'font_size': 11, 'font_color': 'white', 'valign': 'vcenter', 'align': 'center', 'bg_color': '#347ED4', 'num_format': 10}

overview_worksheet.py

@@ -0,0 +1,64 @@
+from xlsxwriter.workbook import Workbook 
+from overview_styles import OverviewStyles
+
+class OverviewWorksheet:
+
+    def __init__(self, workbook: Workbook, worksheet_title, categories):
+        self.workbook = workbook
+        self.worksheet_title = worksheet_title
+        self.categories = categories
+        self.worksheet = self.workbook.add_worksheet(worksheet_title)
+        self.generateOverviewWorksheet()
+
+    def generateChart(self):
+        chart = self.workbook.add_chart({'type': 'radar', 'subtype': 'filled'})
+        chart.add_series({'name_font': {'color':'#595959'},'name':'Percentage (total/completed)', 'categories': f'={self.worksheet_title}!$A$2:$A$15', 'values': f'={self.worksheet_title}!$J$2:$J$15','line': {'color': '#4F81BD', "width": 4, 'transparency': 70}, 'marker': {'type': 'circle', 'size': 4}, "fill": {"none": True}})
+        chart.set_y_axis(
+            {'min': 0.0, 'max': 1.0, 
+                'major_gridlines': {
+                    'visible': True,
+                    'line': {'color': '#D9D9D9', 'width': 0.75}
+                },
+                'line': {'none': True},
+                'num_font':{'color': '#595959'}
+            }
+        )
+        chart.set_chartarea({'name_font':{'color': '#595959'}})
+        chart.set_x_axis(
+            {'num_font':{'color': '#595959'}}
+        )
+        chart.set_size({'width': 1458, 'height': 415 })
+        chart.set_legend({'position': 'bottom', 'font':{'color': '#595959'}})
+        chart.set_title({'name': 'Passed requirements', 'name_font':{'color': '#595959'}})
+        self.worksheet.insert_chart('A16', chart)
+
+    def generateOverviewWorksheet(self):
+        self.worksheet.set_column("A:A", 50)
+        self.worksheet.set_column("B:K", 15)
+
+        self.worksheet.write("A1", "Section", self.workbook.add_format(OverviewStyles.TABLE_CATEGORY_TITLE.value))
+        self.worksheet.write("B1", "L1", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("C1", "L2", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("D1", "L3", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("E1", "Total", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("F1", "L1 (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("G1", "L2 (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("H1", "L3 (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("I1", "Total (Pass)", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("J1", "Pecentage", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+        self.worksheet.write("K1", "Current Level", self.workbook.add_format(OverviewStyles.TABLE_TITLES.value))
+
+        for index in range(2,len(self.categories)+1):
+            self.worksheet.write(f"A{index}", self.categories[index-2][0], self.workbook.add_format(OverviewStyles.TABLE_CATEGORIES.value))
+            self.worksheet.write_formula(f"B{index}", f'=COUNTIFS({self.categories[index-2][1]}!D:D, "✓", {self.categories[index-2][1]}!G:G, "<>N/A")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"C{index}", f'=COUNTIFS({self.categories[index-2][1]}!E:E, "✓", {self.categories[index-2][1]}!G:G, "<>N/A")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"D{index}", f'=COUNTIFS({self.categories[index-2][1]}!F:F, "✓", {self.categories[index-2][1]}!G:G, "<>N/A")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"E{index}", f'=MAX(B{index}:D{index})', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"F{index}", f'=COUNTIFS({self.categories[index-2][1]}!D:D, "✓", {self.categories[index-2][1]}!G:G, "Pass")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"G{index}", f'=COUNTIFS({self.categories[index-2][1]}!E:E, "✓", {self.categories[index-2][1]}!G:G, "Pass")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"H{index}", f'=COUNTIFS({self.categories[index-2][1]}!F:F, "✓", {self.categories[index-2][1]}!G:G, "Pass")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"I{index}", f'=MAX(F{index}:H{index})', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+            self.worksheet.write_formula(f"J{index}", f'=I{index}/E{index}', self.workbook.add_format(OverviewStyles.TABLE_DATA_PERCENTAGE.value))
+            self.worksheet.write_formula(f"K{index}", f'=_xlfn.IFS(AND(D{index}<>0,D{index}=H{index}),"L3",AND(C{index}<>0,C{index}=G{index}),"L2",AND(B{index}<>0,B{index}=F{index}), "L1", TRUE, "")', self.workbook.add_format(OverviewStyles.TABLE_DATA.value))
+
+        self.generateChart()

requirements.txt

@@ -0,0 +1 @@
+xlsxwriter == 3.0.3