Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Checklists Coverage for MSTG Test Cases #2084

Closed
cpholguera opened this issue Mar 9, 2022 Discussed in #2082 · 3 comments · Fixed by #2085
Closed

Fix Checklists Coverage for MSTG Test Cases #2084

cpholguera opened this issue Mar 9, 2022 Discussed in #2082 · 3 comments · Fixed by #2085
Assignees

Comments

@cpholguera
Copy link
Collaborator

Discussed in #2082

Originally posted by fujiokayu March 6, 2022
since V1.4.0, the OWASP Mobile App Security Checklists have been renewed and changed to be automatically generated.
thanks for the great works.

However, the Test Case links are fewer and noticeably blank compared to past versions.
Those already familiar with this project will have no problem.
But those who are trying to use checklist for the first time, or clients who are given a checklist as evidence of testing, may be a bit confused.

One major reason is that the Python program does not target the "0x04" document.
Fixing this will fill in most of the holes in V4 and V5, and a few in V2, V3, and V6.
if you would like to include this fix, I will send a PR soon.

  • tools/scripts/mstg_to_html.sh

    - for filename in Document/0x05*.md Document/0x06*.md; do
    + for filename in Document/0x04*.md Document/0x05*.md Document/0x06*.md; do
  • tools/scripts/yaml_to_excel.py

            # We only get the first link because there should be actually only one per platform.
            link_android = get_link_for(req["links"], "0x05")
            link_ios = get_link_for(req["links"], "0x06")
    +       link_common = get_link_for(req["links"], "0x04")
    
            if link_android:
                ws.cell(row=row, column=col_link_android).value = f'=HYPERLINK("{link_android}", "Test Case")'
                ws.cell(row=row, column=col_link_ios).value = "N/A"
                ws.cell(row=row, column=col_link_ios).style = "gray_header"
    
    +        # If a cell is null or "N/A", and a 0x04 link exists, write it in the test case.
    +        if link_common:
    +            if ws.cell(row=row, column=col_link_android).value is None or ws.cell(row=row, column=col_link_android).value == "N/A": 
    +                ws.cell(row=row, column=col_link_android).value = f'=HYPERLINK("{link_common}", "Test Case")'
    +                ws.cell(row=row, column=col_link_android).style = "Hyperlink"
    +                ws.cell(row=row, column=col_link_android).alignment = excel_styles_and_validation.align_center
    +            if ws.cell(row=row, column=col_link_ios).value is None or ws.cell(row=row, column=col_link_ios).value == "N/A": 
    +                ws.cell(row=row, column=col_link_ios).value = f'=HYPERLINK("{link_common}", "Test Case")'
    +                ws.cell(row=row, column=col_link_ios).style = "Hyperlink"
    +                ws.cell(row=row, column=col_link_ios).alignment = excel_styles_and_validation.align_center

As a sample, share the checklist that generated with this modification applied.
https://drive.google.com/drive/folders/1FI8VHUO_MJVfcwbRFUffZAI7zlxbFpGD?usp=sharing

But this is not a perfect fix, so I'd be happy to hear everyone's opinions.

@cpholguera
Copy link
Collaborator Author

Hi @fujiokayu, here's the issue, could you please open a PR including your changes? Please write Closes #2084 in the description so that it is linked to this issue.

Once it is created we can take a look at the generated files and see it it need some more fixes.

I've sent you an invitation to join our project on GitHub, once you accept it I'll assign this issue to you.

Thank you very much again, this is very helpful!

@fujiokayu
Copy link
Collaborator

Thanks @cpholguera for the invitation, I accepted.
I will clean up the code a bit and send you a PR within a few days.

@cpholguera
Copy link
Collaborator Author

どうもありがとうございます、 @fujiokayu! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants