Added SAMA Compliance related changes and show nist and sama based on the ProfilePreferences

Author: sammyjeng

appknox/analyses.go

@@ -107,6 +107,7 @@ type Analysis struct {
 	Masvs           []string                `json:"masvs,omitempty"`
 	Nistsp80053     []string                `json:"nistsp80053,omitempty"`
 	Nistsp800171    []string                `json:"nistsp800171,omitempty"`
+	Sama            []string                `json:"sama,omitempty"`
 	Owaspmobile2024 []string                `json:"owaspmobile2024,omitempty"`
 	Findings        []Finding               `json:"findings,omitempty"`
 	UpdatedOn       *time.Time              `json:"updated_on,omitempty"`

appknox/analyses_test.go

@@ -49,6 +49,7 @@ func TestAnalysesCompliance_marshall(t *testing.T) {
 		Masvs:           []string{"MASVS_6_3"},
 		Nistsp80053:     []string{"AC_3", "RA_2"},
 		Nistsp800171:    []string{"3_1_1", "3_1_3"},
+		Sama:            []string{"3_3_6"},
 		Owaspmobile2024: []string{"M6_2024"},
 		VulnerabilityID: 1,
 	}
@@ -65,6 +66,7 @@ func TestAnalysesCompliance_marshall(t *testing.T) {
 		"masvs": ["MASVS_6_3"],
 		"nistsp80053": ["AC_3", "RA_2"],
 		"nistsp800171": ["3_1_1", "3_1_3"],
+		"sama": ["3_3_6"],
 		"owaspmobile2024": ["M6_2024"],
 		"vulnerability": 1
 	}`

appknox/project_profile.go

@@ -18,6 +18,8 @@ type ProjectProfileReportPreference struct {
 	ShowPcidss RegulatoryPreference `json:"show_pcidss,omitempty"`
 	ShowHipaa  RegulatoryPreference `json:"show_hipaa,omitempty"`
 	ShowGdpr   RegulatoryPreference `json:"show_gdpr,omitempty"`
+	ShowNist   RegulatoryPreference `json:"show_nist,omitempty"`
+	ShowSama   RegulatoryPreference `json:"show_sama,omitempty"`
 }
 
 // CurrentAuthenticatedUser is used to get the details about the current

appknox/project_profile_test.go

@@ -18,17 +18,21 @@ func TestRegulatoryPreference_marshall(t *testing.T) {
 }
 func TestProjectProfileReportPreference_marshall(t *testing.T) {
 	testJSONMarshal(t, &ProjectProfileReportPreference{},
-		`{"show_pcidss":{}, "show_hipaa":{}, "show_gdpr":{}}`)
+		`{"show_pcidss":{}, "show_hipaa":{}, "show_gdpr":{}, "show_nist":{}, "show_sama":{}}`)
 
 	u := &ProjectProfileReportPreference{
 		ShowPcidss: RegulatoryPreference{Value: true},
 		ShowHipaa:  RegulatoryPreference{Value: true},
 		ShowGdpr:   RegulatoryPreference{Value: true},
+		ShowNist:   RegulatoryPreference{Value: true},
+		ShowSama:   RegulatoryPreference{Value: true},
 	}
 	want := `{
 		"show_pcidss": {"value": true},
 		"show_hipaa": {"value": true},
-		"show_gdpr": {"value": true}
+		"show_gdpr": {"value": true},
+		"show_nist": {"value": true},
+		"show_sama": {"value": true}
 	}`
 	testJSONMarshal(t, u, want)
 }
@@ -46,7 +50,9 @@ func TestProjectProfilesService_GetProjectProfileReportPreference(t *testing.T)
 		fmt.Fprint(w, `{
 			"show_pcidss": {"value": true},
 			"show_hipaa": {"value": true},
-			"show_gdpr": {"value": false}
+			"show_gdpr": {"value": false},
+			"show_nist": {"value": false},
+			"show_sama": {"value": false}
 		}`)
 	})
 
@@ -59,6 +65,8 @@ func TestProjectProfilesService_GetProjectProfileReportPreference(t *testing.T)
 		ShowPcidss: RegulatoryPreference{Value: true},
 		ShowHipaa:  RegulatoryPreference{Value: true},
 		ShowGdpr:   RegulatoryPreference{Value: false},
+		ShowNist:   RegulatoryPreference{Value: false},
+		ShowSama:   RegulatoryPreference{Value: false},
 	}
 	if !reflect.DeepEqual(profileReportPreference, want) {
 		t.Errorf("ProjectProfiles.GetProjectProfileReportPreference returned %+v, want %+v",

helper/analyses.go

@@ -36,7 +36,7 @@ func ProcessAnalyses(fileID int) {
 	// header is an interface because t.AddHeader only supports
 	// interface elements
 	header := []interface{}{"ID", "RISK", "STATUS", "CVSS-VECTOR", "CVSS-BASE", "CVSS-VERSION", "OWASP", "ASVS", "CWE",
-		"MSTG", "OWASP API 2023", "OWASP MASVS (v2)", "NIST SP 800-53", "NIST SP 800-171", "OWASP MOBILE 2024"}
+		"MSTG", "OWASP API 2023", "OWASP MASVS (v2)", "OWASP MOBILE 2024"}
 	if profileReportPref.ShowPcidss.Value {
 		header = append(header, "PCI-DSS")
 	}
@@ -46,6 +46,13 @@ func ProcessAnalyses(fileID int) {
 	if profileReportPref.ShowGdpr.Value {
 		header = append(header, "GDPR")
 	}
+	if profileReportPref.ShowNist.Value {
+		header = append(header, "NIST SP 800-53")
+		header = append(header, "NIST SP 800-171")
+	}
+	if profileReportPref.ShowSama.Value {
+		header = append(header, "SAMA")
+	}
 	header = append(header, "UPDATED-ON", "VULNERABILITY-ID")
 	t.AddHeader(header...)
 	for i := 0; i < len(finalAnalyses); i++ {
@@ -64,8 +71,6 @@ func ProcessAnalyses(fileID int) {
 			finalAnalyses[i].Mstg,
 			finalAnalyses[i].Owaspapi2023,
 			finalAnalyses[i].Masvs,
-			finalAnalyses[i].Nistsp80053,
-			finalAnalyses[i].Nistsp800171,
 			finalAnalyses[i].Owaspmobile2024,
 		}
 		if profileReportPref.ShowPcidss.Value {
@@ -77,6 +82,13 @@ func ProcessAnalyses(fileID int) {
 		if profileReportPref.ShowGdpr.Value {
 			row = append(row, finalAnalyses[i].Gdpr)
 		}
+		if profileReportPref.ShowNist.Value {
+			row = append(row, finalAnalyses[i].Nistsp80053)
+			row = append(row, finalAnalyses[i].Nistsp800171)
+		}
+		if profileReportPref.ShowSama.Value {
+			row = append(row, finalAnalyses[i].Sama)
+		}
 		row = append(row, *finalAnalyses[i].UpdatedOn,
 			finalAnalyses[i].VulnerabilityID)
 		t.AddLine(row...)