Skip to content

HTML Reports based on filter data #5595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
em-c-rod merged 23 commits into from
Mar 21, 2024
Merged

HTML Reports based on filter data #5595

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
0355520
work in progress
georgedias Mar 1, 2024
ee70c3e
Completed filtered html report
georgedias Mar 1, 2024
11933bf
SonarCloud fix
georgedias Mar 1, 2024
15fcf8c
Merge branch 'master' into htmlFilteredReports
georgedias Mar 1, 2024
1716018
Removed copy package file
georgedias Mar 1, 2024
4f3d77f
Merge branch 'htmlFilteredReports' of github.com:mitre/heimdall2 into…
georgedias Mar 1, 2024
ebb6630
remove ssl certs from pr
em-c-rod Mar 4, 2024
ee2d83c
Revert "remove ssl certs from pr"
em-c-rod Mar 4, 2024
fb5cae2
try removing the certs again because the test may have errored for a …
em-c-rod Mar 4, 2024
ad7e902
reset yarn.lock to what master has and set the package.json setting b…
em-c-rod Mar 4, 2024
6fcd9f7
Merge branch 'master' into htmlFilteredReports
aaronlippold Mar 10, 2024
6d0d602
Added capability to filter reports on status and severity
georgedias Mar 14, 2024
c9da6b9
Sonar cloud fixes
georgedias Mar 14, 2024
16debd8
Update apps/frontend/src/components/global/ExportHTMLModal.vue
em-c-rod Mar 14, 2024
c685143
Update apps/frontend/src/components/global/ExportHTMLModal.vue
em-c-rod Mar 14, 2024
2eb1c5f
Update apps/frontend/src/components/global/ExportHTMLModal.vue
em-c-rod Mar 14, 2024
27d54f7
linting
em-c-rod Mar 14, 2024
ef73c42
Only display files that have selected controls
georgedias Mar 15, 2024
942b798
Merge branch 'htmlFilteredReports' of github.com:mitre/heimdall2 into…
georgedias Mar 15, 2024
9876542
Only display files that have selected controls
georgedias Mar 15, 2024
22455aa
Merge branch 'master' into htmlFilteredReports
georgedias Mar 15, 2024
a490685
Added wait cursor while loading files and generating HTML report
georgedias Mar 16, 2024
bccfbbc
Merge branch 'master' into htmlFilteredReports
em-c-rod Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 40 additions & 2 deletions apps/frontend/src/components/global/ExportHTMLModal.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,22 +119,60 @@ export default class ExportHTMLModal extends Vue {
}

const files = [];
const filteredOn = this.filter.status;

for (const fileId of this.filter.fromFile) {
const file = InspecDataModule.allEvaluationFiles.find(
(f) => f.uniqueId === fileId
);

if (file) {
const data = file.evaluation;

/**
* NOTE: The filterControls array is used to specify which
* controls are selected.
* If we use the approach of filtering the content from the data object
* (e.g.
* data.data.profiles[0].controls =
* data.data.profiles[0].controls.filter((control) => {
* if (filteredControls.includes(control.id)) {
* return filteredControls.includes(control.id);
* }
* });
* )
* the contextualize object does not get updated and the results
* in data_store get out of sync, there is when utilizing the
* ".contains" it returns ann results where the file.evaluations
* returns the filtered controls.
*/
let filteredControls: string[] = [];
Copy link
Contributor

@Amndeep7 Amndeep7 Mar 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the way that this is implemented will not satisfy the issue where it was stated that we should be able to handle any of the filters that the user specifies. this will only filter on pass/fail/whatever.

heimdall2/apps/frontend/src/components/global/ExportCaat.vue

Line 43 in dc5cddd

const controls = FilteredDataModule.controls({

use this example for how to get all the filter-passing controls. it should also mean that we don't need basically all of what're currently lines 122-123 and 150-164 since it'll just be a simple assignment directly onto 'filteredControls' (which can also then be made const).

Copy link
Contributor Author

@georgedias georgedias Mar 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Absolutely unequivocally disagree that the implementations does not satisfy the requirements. It works on all possible filtered permutations, did you even tried, apparently not if you're making this statement.
"the way that this is implemented will not satisfy the issue where it was stated that we should be able to handle any of the filters that the user specifies. this will only filter on pass/fail/whatever."

Regarding the second opinion, the code that is being referenced (from the ExportCaat.vue) will not work. If you take a look at the reverse-html-mapper.ts it uses the file.data, which is the file.evaluation being set in ExportHTMLModule.vue and you are comparing to this code in the ExportCaat,vue const data = file?.evaluation ?? ''; now how does that filters the proper evaluations? it doesn't. The code on both are accomplishing different tasks.

Copy link
Contributor

@Amndeep7 Amndeep7 Mar 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

image

Here I've filtered it down to a single control using the nist filters. The html export does not only include that single control. Consequently, it does not meet the requirement of the original ticket according to my reading of it. Like I said elsewhere, we should get @em-c-rod or @ejaronne's opinions on which of our interpretations is correct.

Copy link
Contributor

@Amndeep7 Amndeep7 Mar 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

w/r to your second paragraph, I'm only talking about extracting out the set of controls that pass the filtering. You can use the store to get that set I'm hoping.

Copy link
Contributor

@em-c-rod em-c-rod Mar 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may be a use case, but the ask for this is just to be able to show only the failed controls (aka filter on status). If this becomes an additional ask, we can make another PR.

Copy link
Contributor

@em-c-rod em-c-rod Mar 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think it is relevant to consider severity filters here. Looking at severity filters as well was not explicitly the ask, but seems like it is paired in the same use case.

if (filteredOn!.length > 0) {
data.contains.map((profile) => {
profile.contains.map((result) => {
if (filteredOn?.includes(result.root.hdf.status)) {
filteredControls.push(result.data.id);
}
});
});
} else {
data.contains.map((profile) => {
profile.contains.map((result) => {
filteredControls.push(result.data.id);
});
});
}

const fileName = file.filename;
const fileID = file.uniqueId;
files.push({data, fileName, fileID});
files.push({data, fileName, fileID, filteredControls});
}
}

// Generate and export HTML file
const body = await new FromHDFToHTMLMapper(files, this.exportType).toHTML(
'/static/export/'
);

saveAs(
new Blob([s2ab(body)], {type: 'application/octet-stream'}),
`${this.exportType}_Report_${new Date().toString()}.html`.replace(
Expand Down
2 changes: 1 addition & 1 deletion libs/hdf-converters/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,4 +75,4 @@
"^.+\\.ts$": "ts-jest"
}
}
}
}
23 changes: 18 additions & 5 deletions libs/hdf-converters/src/converters-from-hdf/html/reverse-html-mapper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,14 @@ type InputData = {
data: ContextualizedEvaluation | string;
fileName: string;
fileID: string;
filteredControls: string[];
Copy link
Contributor

@Amndeep7 Amndeep7 Mar 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we make this optional? i don't think we expose filtered stuff in the saf cli so it'd be annoying to have to modify it to accept this new parameter.

Copy link
Contributor Author

@georgedias georgedias Mar 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no problems making this optional, but I don't think this is used by the SAF CLI! Well at least, I was not under that impression.

Copy link
Contributor

@Amndeep7 Amndeep7 Mar 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mitre/saf#1689

work has stalled but the PR exists

};

type ProcessedData = {
data: ContextualizedEvaluation;
fileName: string;
fileID: string;
filteredControls: string[];
};

// All selectable export types for an HTML export
Expand Down Expand Up @@ -174,7 +176,12 @@ export class FromHDFToHTMLMapper {
}

this.addFiledata(
{data: file.data, fileName: file.fileName, fileID: file.fileID},
{
data: file.data,
fileName: file.fileName,
fileID: file.fileID,
filteredControls: file.filteredControls
},
exportType
);
}
Expand All @@ -201,7 +208,11 @@ export class FromHDFToHTMLMapper {
const allResultLevels: ContextualizedControl[] = [];
file.data.contains.map((profile) => {
profile.contains.map((result) => {
allResultLevels.push(result);
file.filteredControls.forEach((element) => {
if (element === result.data.id) {
allResultLevels.push(result);
}
});
});
});

Expand Down Expand Up @@ -310,7 +321,7 @@ export class FromHDFToHTMLMapper {
};

// Calculate & set compliance level and color from result statuses
// Set default complaince level and color
// Set default compliance level and color
this.outputData.compliance.level = '0.00%';
this.outputData.compliance.color = 'low';

Expand All @@ -324,7 +335,9 @@ export class FromHDFToHTMLMapper {
100
);
// Set compliance level
this.outputData.compliance.level = complianceLevel;
this.outputData.compliance.level = complianceLevel.includes('NaN')
? '0.00%'
: complianceLevel;
// Determine color of compliance level
// High compliance is green, medium is yellow, low is red
this.outputData.compliance.color = translateCompliance(complianceLevel);
Expand Down Expand Up @@ -495,7 +508,7 @@ export class FromHDFToHTMLMapper {
return text;
}

// Prompt HTML generation from data pulled from file during constructor intialization
// Prompt HTML generation from data pulled from file during constructor initialization
// Requires path to prompt location of needed files relative to function call location
async toHTML(path: string): Promise<string> {
// Pull export template + styles and create outputData object containing data to fill template with
Expand Down
6 changes: 4 additions & 2 deletions libs/inspecjs/src/compat_wrappers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,12 +109,14 @@ export interface HDFControl {
*/
parsedNistRevision: NistRevision | null;

/** Get the start time of this control's run, as determiend by the time of the first test.
/**
* Get the start time of this control's run, as determined by the time of the first test.
* If no tests were run, (it is a profile-json or has no tests) returns undefined
*/
start_time?: string;

/** Get the results of this control's control segments as a list.
/**
* Get the results of this control's control segments as a list.
* If no tests were run, (this is a profile-json) returns undefined.
* Can be empty in the rare case that no control segments exist/were run.
*/
Expand Down
4 changes: 2 additions & 2 deletions libs/inspecjs/src/context.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Provides general utilities for articulating associations beteen evaluations, profiles, and controls.
* Provides general utilities for articulating associations between evaluations, profiles, and controls.
* Especially useful for handling overlay/wrapper profiles.
*/

Expand Down Expand Up @@ -206,7 +206,7 @@ export function contextualizeEvaluation(

// Link each contextualized control
for (const cc of allControls) {
// Behaviour changes based on if we have well-formed or malformed profile dependency
// Behavior changes based on if we have well-formed or malformed profile dependency
if (cc.sourcedFrom.extendsFrom.length || cc.sourcedFrom.extendedBy.length) {
// Our profile is a baseline! No need to continue - children will make connections for us
// If we aren't extended from something we just drop. Our children will make connections for us
Expand Down