senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Swaped from CIS to NIST controls

Browse Source
This commit is contained in:
Amir
2025-08-14 14:08:34 +02:00
parent aeaec99621
commit 3734a5b51b
16 changed files with 639 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/core/management/commands/export_controls.py
View File

@@ -11,15 +11,19 @@ class Command(BaseCommand):
def handle(self, *args, **options):
csv_file_path = options["csv_file"]
with open(csv_file_path, mode="w", newline="", encoding="utf-8") as csv_file:
fieldnames = ["CIS v8.1 Safeguards (Sub-Controls)"]
with open(csv_file_path, mode="w", encoding="utf-8", newline="") as csv_file:
fieldnames = ["Subcategory","Function","Category","Implementation_Examples","Effectiveness_Monitoring_Examples","Documentation_Score","Implementation_Score"]
writer = csv.DictWriter(csv_file, fieldnames=fieldnames)
writer.writeheader()
for control in Control.objects.all():
for control in Control.objects.all().order_by("subcategory"):
writer.writerow({
"CIS v8.1 Safeguards (Sub-Controls)": control.name,
"Subcategory": control.subcategory,
"Function": control.function or "",
"Category": control.category or "",
"Implementation_Examples": control.implementation_examples or "",
"Effectiveness_Monitoring_Examples": control.effectiveness_monitoring_examples or "",
"Documentation_Score": control.documentation_score if control.documentation_score is not None else "",
"Implementation_Score": control.implementation_score if control.implementation_score is not None else "",
})
self.stdout.write(self.style.SUCCESS(f"Controls exported successfully to {csv_file_path}"))

21
backend/core/management/commands/import_controls.py
View File

@@ -13,16 +13,17 @@ class Command(BaseCommand):
with open(csv_file_path, mode="r", encoding="utf-8") as csv_file:
reader = csv.DictReader(csv_file)
for row in reader:
safeguard_id = row["Safeguard ID"].strip()
safeguard = row["Name"].strip()
description = row["Description"].strip()
subcategory = (row.get("Subcategory") or "").strip()
Control.objects.update_or_create(
name=safeguard,
safeguard_id = safeguard_id,
description=description,
defaults={"name": safeguard},
subcategory=subcategory,
defaults={
"function": (row.get("Function") or "").strip() or None,
"category": (row.get("Category") or "").strip() or None,
"implementation_examples": (row.get("Implementation_Examples") or "").strip() or None,
"effectiveness_monitoring_examples": (row.get("Effectiveness_Monitoring_Examples") or "").strip() or None,
"documentation_score": int(row["Documentation_Score"]) if (row.get("Documentation_Score") or "").strip() else None,
"implementation_score": int(row["Implementation_Score"]) if (row.get("Implementation_Score") or "").strip() else None,
},
)
self.stdout.write(self.style.SUCCESS("Safeguards imported successfully!"))
self.stdout.write(self.style.SUCCESS("NIST controls imported successfully!"))

10
backend/core/management/commands/tests/test_export_controls.py
View File

@@ -6,8 +6,8 @@ from backend.core.models import Control
class ExportControlsCommandTest(TestCase):
def setUp(self):
Control.objects.create(name="Test Safeguard 1")
Control.objects.create(name="Test Safeguard 2")
Control.objects.create(subcategory="PR.AA-01", function="Identity Management")
Control.objects.create(subcategory="PR.DS-11", function="Backups")
self.csv_file_path = 'test_export_controls.csv'
@@ -26,5 +26,7 @@ class ExportControlsCommandTest(TestCase):
self.assertEqual(len(rows), 2)
self.assertEqual(rows[0]["CIS v8.1 Safeguards (Sub-Controls)"], "Test Safeguard 1")
self.assertEqual(rows[1]["CIS v8.1 Safeguards (Sub-Controls)"], "Test Safeguard 2")
self.assertIn("Subcategory", reader.fieldnames)
self.assertIn("Function", reader.fieldnames)
self.assertEqual(rows[0]["Subcategory"], "PR.AA-01")
self.assertEqual(rows[1]["Subcategory"], "PR.DS-11")

34
backend/core/management/commands/tests/test_import_controls.py
View File

@@ -7,11 +7,21 @@ from backend.core.models import Control
class ImportControlsCommandTest(TestCase):
def setUp(self):
self.csv_file_path = 'test_import_controls.csv'
with open(self.csv_file_path, mode='w', encoding='utf-8') as csv_file:
writer = csv.DictWriter(csv_file, fieldnames=["CIS v8.1 Safeguards (Sub-Controls)"])
with open(self.csv_file_path, mode='w', encoding='utf-8', newline='') as csv_file:
writer = csv.DictWriter(csv_file, fieldnames=[
"Subcategory","Function","Category",
"Implementation_Examples","Effectiveness_Monitoring_Examples",
"Documentation_Score","Implementation_Score",
])
writer.writeheader()
writer.writerow({"CIS v8.1 Safeguards (Sub-Controls)": "Test Safeguard 1"})
writer.writerow({"CIS v8.1 Safeguards (Sub-Controls)": "Test Safeguard 2"})
writer.writerow({
"Subcategory":"GV.SC-06",
"Function":"GOVERN (GV): ...",
"Category":"Cybersecurity Supply Chain Risk Management (GV.SC)",
"Implementation_Examples":"Ex1: ...",
"Effectiveness_Monitoring_Examples":"",
"Documentation_Score":"", "Implementation_Score":""
})
def tearDown(self):
if os.path.exists(self.csv_file_path):
@@ -22,19 +32,17 @@ class ImportControlsCommandTest(TestCase):
call_command('import_controls', self.csv_file_path)
self.assertEqual(Control.objects.count(), 2)
self.assertEqual(Control.objects.count(), 1)
safeguards = Control.objects.values_list('name', flat=True)
self.assertIn("Test Safeguard 1", safeguards)
self.assertIn("Test Safeguard 2", safeguards)
controls = Control.objects.all()
self.assertEqual(controls[0].subcategory, "GV.SC-06")
def test_import_controls_update(self):
Control.objects.create(name="Test Safeguard 1")
Control.objects.create(subcategory="GV.SC-06")
call_command('import_controls', self.csv_file_path)
self.assertEqual(Control.objects.count(), 2)
self.assertEqual(Control.objects.count(), 1)
safeguards = Control.objects.values_list('name', flat=True)
self.assertIn("Test Safeguard 1", safeguards)
self.assertIn("Test Safeguard 2", safeguards)
control = Control.objects.first()
self.assertEqual(control.subcategory, "GV.SC-06")