From 99c2c7785550f9d14d7350f8fd151fff25879dfa Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Wed, 12 Nov 2025 13:55:01 +0100 Subject: [PATCH 1/3] feat: add activties.yaml with new breaking format, not breaking now because the old still exists --- .github/workflows/main.yml | 8 +- .gitignore | 8 +- README.md | 6 + src/assets/script.bash | 148 +++++++++++++++++++++++++ yaml-generation/generateDimensions.php | 23 +++- 5 files changed, 189 insertions(+), 4 deletions(-) create mode 100755 src/assets/script.bash diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9092663..4f70d0e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -57,8 +57,12 @@ jobs: run: | docker run -d --name=yaml --entrypoint="/bin/sleep" wurstbrot/dsomm-yaml-generation:${{ steps.get-version.outputs.version }} 60 docker cp yaml:/var/www/html/src/assets/YAML/generated/generated.yaml src/assets/YAML/generated/generated.yaml - # Commit all changed files back to the repository - - uses: planetscale/ghcommit-action@v0.1.6 + + - name: Replace version placeholder in generated.yaml + run: | + sed -i "s/__VERSION_PLACEHOLDER__/${{ steps.get-version.outputs.version }}/g" src/assets/YAML/generated/generated.yaml + - name: Commit all changed files back to the repository + uses: planetscale/ghcommit-action@v0.1.6 with: commit_message: "🤖 fmt" repo: ${{ github.repository }} diff --git a/.gitignore b/.gitignore index 70387d7..6c64515 100644 --- a/.gitignore +++ b/.gitignore @@ -43,5 +43,11 @@ testem.log .DS_Store Thumbs.db /yaml-generation/vendor/ -# Generated YAML + +/src/assets/YAML/teams.yaml +/src/assets/YAML/meta.yaml + +# Generated /src/assets/YAML/generated/generated.yaml +/src/assets/YAML/activities.yaml +src/assets/YAML/generated/dependency-tree.md \ No newline at end of file diff --git a/README.md b/README.md index 5a3d944..c46d81b 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,12 @@ docker run -ti -v $(pwd)/src/assets/YAML/default:/var/www/html/src/assets/YAML/d docker run -v $(pwd)/src/assets/YAML/generated/generated.yaml:/srv/assets/YAML/generated/generated.yaml -p 8080:8080 wurstbrot/dsomm ``` +## Development +cd yaml-generation +docker run --rm -v $(pwd):/app composer install +cd .. +docker run -ti -v $(pwd)/yaml-generation:/var/www/html/yaml-generation -v $(pwd)/src/assets/YAML/:/var/www/html/src/assets/YAML/ wurstbrot/dsomm-yaml-generation + ## Credits * The dimension _Test and Verification_ is based on Christian Schneiders [Security DevOps Maturity Model (SDOMM)](https://www.christian-schneider.net/SecurityDevOpsMaturityModel.html). _Application tests_ and _Infrastructure tests_ are added by Timo Pagel. Also, the sub-dimension _Static depth_ has been evaluated by security experts at [OWASP Stammtisch Hamburg](https://www.owasp.org/index.php/OWASP_German_Chapter_Stammtisch_Initiative/Hamburg). diff --git a/src/assets/script.bash b/src/assets/script.bash new file mode 100755 index 0000000..4138f6e --- /dev/null +++ b/src/assets/script.bash @@ -0,0 +1,148 @@ +#!/bin/bash + +# Funktion zur Konvertierung von DSOMM zu SAMM Format +convert_dsomm_to_samm() { + local input_file="$1" + local output_file="$2" + + if [[ -z "$input_file" ]]; then + echo "Verwendung: convert_dsomm_to_samm [output_file]" + echo "Beispiel: convert_dsomm_to_samm document.txt converted_document.txt" + return 1 + fi + + if [[ ! -f "$input_file" ]]; then + echo "Fehler: Datei '$input_file' nicht gefunden!" + return 1 + fi + + # Wenn keine Output-Datei angegeben, verwende Input-Datei mit _converted Suffix + if [[ -z "$output_file" ]]; then + output_file="${input_file%.*}_converted.${input_file##*.}" + fi + + echo "Konvertiere DSOMM Referenzen zu SAMM Format..." + echo "Input: $input_file" + echo "Output: $output_file" + + # Sed-Befehl zur Umwandlung: + # Sucht nach Pattern: BUCHSTABE-BUCHSTABEN-ZAHL-BUCHSTABE + # Wandelt um zu: BUCHSTABE-BUCHSTABEN-BUCHSTABE-ZAHL + sed -E 's/([A-Z]+-[A-Z]+)-([0-9]+)-([A-Z]+)/\1-\3-\2/g' "$input_file" > "$output_file" + + echo "Konvertierung abgeschlossen!" + echo "Überprüfe die ersten konvertierten Zeilen:" + head -10 "$output_file" | grep -E '[A-Z]+-[A-Z]+-[A-Z]+-[0-9]+' || echo "Keine konvertierten Referenzen in den ersten 10 Zeilen gefunden." +} + +# Direkte Verwendung für eine einzelne Zeile (für Tests): +convert_single_reference() { + local ref="$1" + echo "$ref" | sed -E 's/([A-Z]+-[A-Z]+)-([0-9]+)-([A-Z]+)/\1-\3-\2/g' +} + +# Beispiel-Test mit den von Ihnen bereitgestellten Referenzen: +echo "=== Test der Konvertierung ===" +echo "Original → Konvertiert:" +echo "G-SM-1-A → $(convert_single_reference 'G-SM-1-A')" +echo "D-TA-2-B → $(convert_single_reference 'D-TA-2-B')" +echo "V-RT-3-A → $(convert_single_reference 'V-RT-3-A')" +echo "O-OM-1-B → $(convert_single_reference 'O-OM-1-B')" + +# Funktion zum Suchen und Konvertieren aller YAML-Dateien +process_all_yaml_files() { + echo "Suche nach YAML-Dateien im aktuellen Verzeichnis und Unterverzeichnissen..." + + # Finde alle .yaml Dateien + mapfile -t yaml_files < <(find . -name "*.yaml" -type f) + + if [[ ${#yaml_files[@]} -eq 0 ]]; then + echo "Keine YAML-Dateien gefunden." + return 1 + fi + + echo "Gefundene YAML-Dateien: ${#yaml_files[@]}" + + # Bestätigung vom Benutzer einholen + echo "" + echo "Folgende YAML-Dateien wurden gefunden:" + printf '%s\n' "${yaml_files[@]}" + echo "" + read -p "Möchten Sie alle diese Dateien konvertieren? (y/N): " -n 1 -r + echo "" + + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + echo "Abgebrochen." + return 0 + fi + + # Backup-Verzeichnis erstellen + backup_dir="./backup_$(date +%Y%m%d_%H%M%S)" + mkdir -p "$backup_dir" + echo "Backups werden in '$backup_dir' erstellt..." + + # Konvertierung durchführen + local converted_count=0 + local total_count=${#yaml_files[@]} + + for yaml_file in "${yaml_files[@]}"; do + echo "Verarbeite: $yaml_file" + + # Backup erstellen + backup_file="$backup_dir/${yaml_file#./}" + mkdir -p "$(dirname "$backup_file")" + cp "$yaml_file" "$backup_file" + + # Prüfen ob DSOMM Referenzen vorhanden sind + if grep -qE '[A-Z]+-[A-Z]+-[0-9]+-[A-Z]+' "$yaml_file"; then + # Konvertierung durchführen (in-place) + sed -i.tmp -E 's/([A-Z]+-[A-Z]+)-([0-9]+)-([A-Z]+)/\1-\3-\2/g' "$yaml_file" + rm "$yaml_file.tmp" 2>/dev/null + ((converted_count++)) + echo " ✓ Konvertiert" + else + echo " - Keine DSOMM Referenzen gefunden" + fi + done + + echo "" + echo "=== Konvertierung abgeschlossen ===" + echo "Verarbeitete Dateien: $total_count" + echo "Konvertierte Dateien: $converted_count" + echo "Backups gespeichert in: $backup_dir" + + if [[ $converted_count -gt 0 ]]; then + echo "" + echo "Beispiele konvertierter Referenzen:" + find . -name "*.yaml" -type f -exec grep -H -E '[A-Z]+-[A-Z]+-[A-Z]+-[0-9]+' {} \; | head -5 + fi +} + +# Hauptfunktion aufrufen wenn Argumente übergeben wurden +if [[ $# -gt 0 ]]; then + if [[ "$1" == "--all-yaml" || "$1" == "-a" ]]; then + process_all_yaml_files + else + convert_dsomm_to_samm "$@" + fi +else + echo "DSOMM zu SAMM Referenz Konverter" + echo "================================" + echo "" + echo "Verwendung:" + echo " $0 [output_file] # Einzelne Datei konvertieren" + echo " $0 --all-yaml | -a # Alle YAML-Dateien konvertieren" + echo "" + echo "Beispiele:" + echo " $0 document.txt" + echo " $0 document.txt converted_document.txt" + echo " $0 --all-yaml # Alle .yaml Dateien im Verzeichnis" + echo "" + echo "Das Script konvertiert DSOMM Referenzen im Format:" + echo "

---" + echo "zu SAMM Format:" + echo "

---" + echo "" + echo "Bei --all-yaml wird automatisch nach .yaml Dateien gesucht und" + echo "Backups vor der Konvertierung erstellt." +fi diff --git a/yaml-generation/generateDimensions.php b/yaml-generation/generateDimensions.php index 71d5c20..cc47a3c 100644 --- a/yaml-generation/generateDimensions.php +++ b/yaml-generation/generateDimensions.php @@ -193,12 +193,33 @@ } -// Store generated data +// Store generated data with meta document first +$metaDocument = array( + 'meta' => array( + 'version' => '__VERSION_PLACEHOLDER__', + 'released' => date('Y-m-d'), + 'publisher' => 'https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/' + ) +); + +$metaString = yaml_emit($metaDocument); $dimensionsString = yaml_emit($dimensionsAggregated); + +// Combine both documents with proper YAML document separators +// Remove trailing ... from meta document and add proper separator +$metaString = rtrim($metaString); +if (substr($metaString, -3) === '...') { + $metaString = substr($metaString, 0, -3); +} + $targetGeneratedFile = getcwd() . "/src/assets/YAML/generated/generated.yaml"; echo "\nStoring to $targetGeneratedFile\n"; file_put_contents($targetGeneratedFile, $dimensionsString); +$combinedYaml = $metaString . $dimensionsString; +$targetGeneratedFile = getcwd() . "/src/assets/YAML/activities.yaml"; +echo "\nStoring to $targetGeneratedFile\n"; +file_put_contents($targetGeneratedFile, $combinedYaml); // Store dependency graph $graphFilename = getcwd() . "/src/assets/YAML/generated/dependency-tree.md"; From 10f08d5f98f1a8eb011b3b310cddf7760105f21a Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Wed, 12 Nov 2025 13:56:47 +0100 Subject: [PATCH 2/3] fix: fix path --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4f70d0e..5533545 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,9 +58,9 @@ jobs: docker run -d --name=yaml --entrypoint="/bin/sleep" wurstbrot/dsomm-yaml-generation:${{ steps.get-version.outputs.version }} 60 docker cp yaml:/var/www/html/src/assets/YAML/generated/generated.yaml src/assets/YAML/generated/generated.yaml - - name: Replace version placeholder in generated.yaml + - name: Replace version placeholder in activities.yaml run: | - sed -i "s/__VERSION_PLACEHOLDER__/${{ steps.get-version.outputs.version }}/g" src/assets/YAML/generated/generated.yaml + sed -i "s/__VERSION_PLACEHOLDER__/${{ steps.get-version.outputs.version }}/g" src/assets/YAML/activities.yaml - name: Commit all changed files back to the repository uses: planetscale/ghcommit-action@v0.1.6 with: From 9ed68a4231236bb524ac4f451b37052fbb9d280f Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Wed, 12 Nov 2025 13:58:21 +0100 Subject: [PATCH 3/3] fix: add activities.yaml to git after generation --- .github/workflows/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5533545..db0d101 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -53,10 +53,11 @@ jobs: file: Dockerfile platforms: linux/amd64,linux/arm64 tags: wurstbrot/dsomm-yaml-generation:${{ steps.get-version.outputs.version }},wurstbrot/dsomm-yaml-generation:latest - - name: Extract generated.yaml + - name: Extract generated.yaml and activities.yaml run: | docker run -d --name=yaml --entrypoint="/bin/sleep" wurstbrot/dsomm-yaml-generation:${{ steps.get-version.outputs.version }} 60 - docker cp yaml:/var/www/html/src/assets/YAML/generated/generated.yaml src/assets/YAML/generated/generated.yaml + docker cp yaml:/var/www/html/src/assets/YAML/generated/generated.yaml src/assets/YAML/generated/generated.yaml # TODO: Remove + docker cp yaml:/var/www/html/src/assets/YAML/activities.yaml src/assets/YAML/activities.yaml - name: Replace version placeholder in activities.yaml run: |