Skip to content

Latest commit

 

History

History
84 lines (67 loc) · 3.52 KB

README.md

File metadata and controls

84 lines (67 loc) · 3.52 KB
Raw

Threat Report Generator

This project generates a threat report for a product based on its components and associated threats and countermeasures using IriusRisk APIs. The report is generated in HTML format and contains information about the product's threats and their countermeasures.

Requirements

  • Python 3
  • requests library
  • Pandas library
  • Jinja2 library
  • matplotlib library
  • A product ID and API token for the product to be analyzed

Usage

  1. Install the needed libraries by calling python3 -m pip install -r requirements.txt
  2. Set up the credentials.json file with the API token
  3. Set up the tmp_config.json file with the base url and the product ID for the product to be analyzed
  4. Set up the tmp_config.json file with required component tags that you want in the report. Leave required_tags empty if you don't use tags
  5. Run the get_product_info.py script to retrieve the product's information and save it to a file called product_info.json.
  6. Run the generate_report.py script to generate the threat report. The report will be saved to a file called report.html.

An HTML page is used because descriptions generated by IriusRisk have HTML formatting and it looks like a mess in all other tools. (Say hi to XSS :))

Generated HTML reports can be copied to Google Docs and edited there. It's not super convenient and hopefully will be fixed in the future, but still better than standard reporting.

Files

  • get_product_info.py: Retrieves the product's information from an API and saves it to a file.
  • generate_report.py: Generates the threat report based on the product's information and saves it to a file.
  • report_template.html: HTML template used to generate the report.
  • tmp_config.json: Configuration file containing the product ID, IriusRisk endpoint, and list of tags.
  • credentials.json: Configuration file for API token.

Google Doc hints

If you copied out HTLM doc to Google Docs, you may need to adjust Table Columns Widths to fit the screen. The following script will do it for you

function adjustTableColumnWidths() {
  // Get the active Google Document
  var doc = DocumentApp.getActiveDocument();
  
  // Get the body of the document
  var body = doc.getBody();
  
  // Get all tables in the document
  var tables = body.getTables();
  
  // Loop through all the tables
  for (var i = 0; i < tables.length; i++) {
    // Get the current table
    var table = tables[i];
    
   var numColumns = table.getRow(0).getNumCells();
    
    // Set the column widths based on the number of columns
    if (numColumns == 3) {
      setColumnWidth(table, 0, 2.5 * 72); // Column #1: 2.5 inches
      setColumnWidth(table, 1, 5 * 72);   // Column #2: 5 inches
      setColumnWidth(table, 2, 2 * 72);   // Column #3: 2 inches
    } else if (numColumns == 4) {
      setColumnWidth(table, 0, 2.5 * 72);  // Column #1: 2.5 inches
      setColumnWidth(table, 1, 1 * 72);   // Column #2: 1 inches
      setColumnWidth(table, 2, 4 * 72);   // Column #3: 4 inches
      setColumnWidth(table, 3, 2 * 72);   // Column #4: 2 inch
    }
  }
}
function setColumnWidth(table, columnIndex, widthInPoints) {
  // Get the number of rows in the table
  var numRows = table.getNumRows();
  
  // Loop through each row
  for (var i = 0; i < numRows; i++) {
    // Get the cell in the current row and column
    var cell = table.getCell(i, columnIndex);
    
    // Set the width of the cell
    cell.setWidth(widthInPoints);
  }
}

License

This project is licensed under the MIT License. See the LICENSE file for more information.