Merge pull request #5 from DFE-Digital/ssphp-yaml-read

Give data assets via ssphp yaml
DFE-Digital · May 21, 2024 · 260906c · 260906c
2 parents 7cc3116 + 23d6128
commit 260906c
Show file tree

Hide file tree

Showing 9 changed files with 164 additions and 83 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,6 +6,7 @@ WORKDIR /app
 
 RUN mkdir /app/yaml-templates && chown 1000:1000 /app/yaml-templates
 
+COPY --chown=1000:1000 requirements.txt /app/
 COPY --chown=1000:1000 build_data_assets.py /app/
 COPY --chown=1000:1000 build_tech_assets.py /app/
 COPY --chown=1000:1000 dfe_threagile.py /app/
@@ -22,6 +23,6 @@ RUN python3 -m ensurepip
 
 RUN pip3 install --no-cache --upgrade pip setuptools
 
-RUN pip3 install jinja2
+RUN pip3 install -r requirements.txt
 
 USER 1000:1000
diff --git a/dfe_threagile.py b/dfe_threagile.py
@@ -2,6 +2,7 @@
 import argparse
 import os
 import sys
+import yaml
 
 from jinja2 import Template
 
@@ -122,6 +123,52 @@ def produce_assets() -> list:
     return yaml_list, all_tech_tags
 
 
+def data_assets_ssphp_yaml(file: str) -> list:
+    dicts = []
+    with open(file, "r") as yaml_file:
+        file_contents = yaml_file.read()
+    data_assets_yaml = yaml.load(file_contents, Loader=yaml.Loader)
+
+    if "teacher_pii" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["teacher_pii"]:
+            print(data_assets_yaml["data_types"]["teacher_pii"])
+            dicts.append(dict(name="teacher-pii", present=data_assets_yaml["data_types"]["teacher_pii"]))
+
+    if "student_pii" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["student_pii"]:
+            dicts.append(dict(name="student-pii", present=data_assets_yaml["data_types"]["student_pii"]))
+
+    if "client_app_code" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["client_app_code"]:
+            dicts.append(dict(name="client-application-code", present=data_assets_yaml["data_types"]["client_app_code"]))
+
+    if "server_app_code" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["server_app_code"]:
+            dicts.append(dict(name="server-application-code", present=data_assets_yaml["data_types"]["server_app_code"]))
+
+    if "vulnerable_children_data" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["vulnerable_children_data"]:
+            dicts.append(dict(name="vulnerable-children-data", present=data_assets_yaml["data_types"]["vulnerable_children_data"]))
+
+    if "job_information" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["job_information"]:
+            dicts.append(dict(name="job-information", present=data_assets_yaml["data_types"]["job_information"]))
+
+    if "school_data" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["school_data"]:
+            dicts.append(dict(name="school-data", present=data_assets_yaml["data_types"]["school_data"]))
+
+    if "payment_details" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["payment_details"]:
+            dicts.append(dict(name="payment-details", present=data_assets_yaml["data_types"]["payment_details"]))
+
+    if "secrets_and_keys" in data_assets_yaml["data_types"]:
+        if data_assets_yaml["data_types"]["secrets_and_keys"]:
+            dicts.append(dict(name="secrets-and-api-keys", present=data_assets_yaml["data_types"]["secrets_and_keys"]))
+
+    return dicts
+
+
 def data_assets() -> list:
     answers = ["y", "n"]
     dicts = []
@@ -253,7 +300,7 @@ def template_inject(
 ) -> str:
     with open("yaml-templates/threagile-example-model-template.yaml") as template_file:
         template_str = template_file.read()
-    tech_asset_template = Template(template_str, autoescape=True)
+    tech_asset_template = Template(template_str, autoescape=autoescape)
 
     final_yaml = tech_asset_template.render(
         yaml_list=yaml_list, data_list=data_list, all_tags=all_tags, risks=risks
@@ -327,10 +374,13 @@ def produce_data_assets(chosen_data_asset_dicts: list) -> list:
     return built_data_assets, all_data_tags
 
 
-def produce_asset_lists() -> tuple:
+def produce_asset_lists(ssphp_yaml=None) -> tuple:
     yaml_list, all_tech_tags = produce_assets()
 
-    chosen_data_assets_dicts = data_assets()
+    if ssphp_yaml is not None:
+        chosen_data_assets_dicts = data_assets_ssphp_yaml(ssphp_yaml)
+    else:
+        chosen_data_assets_dicts = data_assets()
 
     data_list, all_data_tags = produce_data_assets(chosen_data_assets_dicts)
 
@@ -355,7 +405,13 @@ def produce_asset_lists() -> tuple:
         "--risks-json",
         nargs="?",
         default="output/risks.json",
-        help="The file path for you risks json file.",
+        help="The file path for your risks json file.",
+    )
+    parser.add_argument(
+        "--ssphp-yaml",
+        nargs="?",
+        default="yaml-templates/ssphp_test.yaml",
+        help="The file path for the Continuous Assurance yaml file.",
     )
 
     args = parser.parse_args()
@@ -367,10 +423,13 @@ def produce_asset_lists() -> tuple:
     else:
 
         # Writes initial threat model and produces risks.json
+        if args.ssphp_yaml:
+            ssphp_yaml = args.ssphp_yaml
+            yaml_list, data_list, all_tags = produce_asset_lists(ssphp_yaml)
+        else:
+            yaml_list, data_list, all_tags = produce_asset_lists()
 
-        yaml_list, data_list, all_tags = produce_asset_lists()
-
-        final_yaml = template_inject(yaml_list, data_list, all_tags)
+        final_yaml = template_inject(yaml_list, data_list, all_tags, autoescape=False)
 
         print(final_yaml)
 

diff --git a/output/report.pdf b/output/report.pdf
diff --git a/output/risks.json b/output/risks.json
diff --git a/output/risks.xlsx b/output/risks.xlsx
diff --git a/output/tags.xlsx b/output/tags.xlsx
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,2 @@
-Jinja2==3.1.4
+Jinja2==3.1.4
+PyYAML==6.0.1