feat: tagged threats in srtm in-scope

Author: maxneuvians

valentine/lib/valentine_web/live/workspace_live/srtm/index.ex

@@ -60,9 +60,9 @@ defmodule ValentineWeb.WorkspaceLive.SRTM.Index do
     |> assign(:page_title, gettext("Security Requirements Traceability Matrix"))
   end
 
-  defp allocated_controls(controls, assumed, mitigated) do
-    assumed_ids = Map.keys(assumed)
-    mitigated_ids = Map.keys(mitigated)
+  defp allocated_controls(controls, assumed, mitigated, threats) do
+    out_of_scope_ids = Map.keys(assumed)
+    in_scope_ids = (Map.keys(mitigated) ++ Map.keys(threats)) |> Enum.uniq()
 
     initial_acc = %{
       not_allocated: %{},
@@ -72,18 +72,18 @@ defmodule ValentineWeb.WorkspaceLive.SRTM.Index do
 
     Enum.reduce(controls, initial_acc, fn control, acc ->
       cond do
-        control.nist_id in assumed_ids ->
+        control.nist_id in out_of_scope_ids ->
           put_in(
             acc,
             [:out_of_scope, control.nist_id],
             [{control, assumed[control.nist_id]}]
           )
 
-        control.nist_id in mitigated_ids ->
+        control.nist_id in in_scope_ids ->
           put_in(
             acc,
             [:in_scope, control.nist_id],
-            [{control, mitigated[control.nist_id]}]
+            [{control, (mitigated[control.nist_id] || []) ++ (threats[control.nist_id] || [])}]
           )
 
         true ->
@@ -124,10 +124,14 @@ defmodule ValentineWeb.WorkspaceLive.SRTM.Index do
     )
   end
 
+  defp item_content(item = %Composer.Threat{}), do: Composer.Threat.show_statement(item)
+  defp item_content(item), do: item.content
+
   defp map_controls(controls, workspace) do
     assumed_controls = get_tagged_controls(workspace.assumptions)
     mitigated_controls = get_tagged_controls(workspace.mitigations)
-    allocated_controls(controls, assumed_controls, mitigated_controls)
+    threat_controls = get_tagged_controls(workspace.threats)
+    allocated_controls(controls, assumed_controls, mitigated_controls, threat_controls)
   end
 
   defp calculate_percentage(controls, scope) do

valentine/lib/valentine_web/live/workspace_live/srtm/index.html.heex

@@ -132,9 +132,14 @@
                           <% :out_of_scope -> %>
                             {gettext("Covered by assumption")}:
                           <% :in_scope -> %>
-                            {gettext("Mitigated by")}:
+                            <%= case item do %>
+                              <% _ = %Valentine.Composer.Threat{} -> %>
+                                {gettext("Threatened by")}:
+                              <% _ -> %>
+                                {gettext("Mitigated by")}:
+                            <% end %>
                         <% end %>
-                        {item.content}
+                        {item_content(item)}
                       </summary>
                       <%= if item.comments do %>
                         <div class="mt-1 pl-4">

valentine/test/valentine_web/live/workspace/srtm/index_test.exs

@@ -96,6 +96,28 @@ defmodule ValentineWeb.WorkspaceLive.SRTM.IndexTest do
       assert assigned_mitigation.id == mitigation.id
       assert socket.assigns.workspace.id == workspace.id
     end
+
+    test "mounts threats into the correct category", %{
+      workspace: workspace,
+      socket: socket
+    } do
+      threat =
+        threat_fixture(%{
+          tags: ["AC-1"],
+          workspace_id: workspace.id
+        })
+
+      {:ok, socket} =
+        ValentineWeb.WorkspaceLive.SRTM.Index.mount(
+          %{"workspace_id" => workspace.id},
+          nil,
+          socket
+        )
+
+      [{_, [assigned_threat]}] = socket.assigns.controls[:in_scope]["AC-1"]
+      assert assigned_threat.id == threat.id
+      assert socket.assigns.workspace.id == workspace.id
+    end
   end
 
   describe "handle_event/3" do