Integrate Cornucopia cards

[gerardocanedoUCU]

Summary:
Implementation between OWASP Cornucopia (CC) and Threat Dragon.

Description for the changelog:
Added a new type of diagram EoP integrated with deck of CC cards.
Supports English, Spanish, Russian and French. If CC where to add more languages, they can easily be added to this implementation.

Declaration:

• appropriate unit tests have been created / modified
• functional tests created / modified for changes in functionality
• any use of AI has been declared in this pull request

Other info:

This Feature is the product of a Coding Challenge of the Universidad Católica del Uruguay (UCU). Thanks to all the students who have contributed!

Closes #1373

[sydseter]

@gerardocanedoUCU Thank you so much for your work. We really appreciate all the effort you are putting in.

The image combined with the text is, as you probably know, slightly misleading. I have a logo here that you can use instead of the cornucopia logo.

The svg might be preferable to use, but I have provided the png as well. Regarding the text for the diagram. Would it be possible to have it be: "EoP Games"?

I understand EoP is shorter, but this way, it may become more clear that there will be more than one and that EoP, eventually, will be among he options.

[gerardocanedoUCU]

Got it!

…

________________________________ De: Uncle Joe ***@***.***> Enviado: jueves, 18 de diciembre de 2025 09:21 Para: OWASP/threat-dragon ***@***.***> Cc: GERARDO CANEDO ***@***.***>; Mention ***@***.***> Asunto: Re: [OWASP/threat-dragon] Integrate Cornucopia cards (PR #1414) [PRECAUCIÓN: CORREO EXTERNO] [https://avatars.githubusercontent.com/u/1244005?s=20&v=4]sydseter left a comment (OWASP/threat-dragon#1414)<#1414 (comment)> @gerardocanedoUCU<https://github.com/gerardocanedoUCU> Thank you so much for your work. We really appreciate all the effort you are putting in. The image combined with the text is, as you probably know, slightly misleading. I have a logo here that you can use instead of the cornucopia logo. eop.svg (view on web)<https://github.com/user-attachments/assets/2eb1ce89-f816-494a-be4a-f17675a4caf8> eop.png (view on web)<https://github.com/user-attachments/assets/4867c395-f020-4865-855a-4a646b2280cb> The svg might be preferable to use, but I have provided the png as well. Regarding the text for the diagram. Would it be possible to have it be: "EoP Games"? I understand EoP is shorter, but this way, it may become more clear that there will be more than one and that EoP, eventually, will be among he options. — Reply to this email directly, view it on GitHub<#1414 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BM22YY7T4DWHJXQAP6KMQBT4CKL4LAVCNFSM6AAAAACPHY4OP6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMNZQGAZDKMRTGI>. You are receiving this because you were mentioned.Message ID: ***@***.***>

________________________________

-Nota de Confidencialidad- El texto de este correo electrónico está dirigido exclusivamente al destinatario que figura en el mismo. Se advierte que puede contener información de carácter reservada, secreta o confidencial, así como datos de carácter personal. Por tanto, su utilización o divulgación sólo está permitida a las personas autorizadas. El contenido está alcanzado y regulado por la normativa de la República Oriental del Uruguay respecto a la Protección de los Datos Personales, en particular por la Ley No. 18.331 de 11-08-08, sus decretos reglamentarios No. 664/008 de 22-12-08 y No. 414/09 de 31-08-09, y por la restante que se sancione con posterioridad sobre el tema. Si el mensaje no está destinado a usted y lo ha recibido por error o por otras circunstancias, deberá abstenerse de leer, reproducir o difundir el contenido del mismo en forma alguna ni bajo ningún concepto. Le solicitamos además que lo comunique en forma inmediata por este medio al remitente y que lo elimine de manera segura e irrecuperable. Las comunicaciones por Internet no pueden garantizarse de ser oportunamente seguras, o libres de error o virus. El remitente no acepta responsabilidad por cualquier error u omisión.

-Disclaimer- The text of this email is intended solely for the addressee shown herein. Note that it may contain confidential, proprietary or confidential information, as well as personal data. Therefore, its use or disclosure is permitted only to the authorized persons. The content is scoped and regulated by the rules of the Oriental Republic of Uruguay on the Protection of Personal Data, in particular by Law No. 18,331 of 11-08-08, its Regulatory Decree No. 664/008 of 22/12/08 and No. 414/09 of 31-08-09, and the remaining to be approved later on the subject. If the message is not aimed at you and you have received it by mistake or other circumstances, you must refrain from reading, copying or disseminating the contents thereof in any form or by any means. We further request that you immediately communicate by this means the sender and delete it safely and unrecoverable. Internet communications cannot be guaranteed to be timely secure, error or virus-free. Sender does not accept liability for any errors or omissions.

[gerardocanedoUCU]

Can you please approve the fixes for e2e testing? Also. we have changed the image, changed the titles and removed the script header

[gerardocanedoUCU]

can you approve the test changes ?

[sydseter]

@gerardocanedoUCU Just had a look at the solution. Fantastic!
I have one question regarding extendability. Are we making it easy to add more games within the diagram?
E.g: what happens if we add the Moible app edition https://cornucopia.owasp.org/api/cre/mobileapp/en?
Could that become problematic, or would adding it only mean that you need to add a new select box and ensure the right categories and card codes are populated into the form?

[javiermorenov1203]

@sydseter Thank you for the feedback. As you mentioned, the initial idea was to have a dropdown which would allow to select the EoP game when creating a threat and populate the categories and numbers with the corresponding information depending on the selected game. However, due to time limitations, we decided to focus mainly on cornucopia for this first version.

We have a preliminary version which is more extendable and includes the dropdown in our repository. In case we are able to finish it, we will be adding it to this PR.

[sydseter]

@sydseter Thank you for the feedback. As you mentioned, the initial idea was to have a dropdown which would allow to select the EoP game when creating a threat and populate the categories and numbers with the corresponding information depending on the selected game. However, due to time limitations, we decided to focus mainly on cornucopia for this first version.

We have a preliminary version which is more extendable and includes the dropdown in our repository. In case we are able to finish it, we will be adding it to this PR.

That is fine, I would, however make sure to no use cornucopia-en.json as file name. Just changing the name to cornucopia-webapp-en.json would be a great improvement.

[jgadsden]

There may be final work to do with the docker build action in the github workflows
This cna be split out as a separate issue if you wish to go ahead and merge anyway @gerardocanedoUCU ?