heimdall2 icon indicating copy to clipboard operation
heimdall2 copied to clipboard

Published 20 hours ago verified publisher icon mitre

Checklist Editor for Heimdall

Open Rlin232 opened this issue 2 years ago • 37 comments

  • [x] UI/UX:

    • [x] Fix small table view
    • [x] Address #4734
    • [x] Make left-right column height match up
    • [x] Drop down list on the sidebar should be radio buttons instead of checkboxes
    • [X] When you filter and manage to exclude all the stig rules, it still shows the last viewed rule on the right side {Fixed in checklistView-Filtering}
    • [X] Make aesthetics match (rules table dropdown is blue for some reason) {Fixed in checklistView-Filtering}
    • [X] Other UI issues (selected columns tag buttons don't fit properly at certain resolutions/scales) {Fixed in checklistView-Filtering}

  • [X] Improve filtering (Completed in checklistView-Filtering):

    • [X] Add search parsing for new attributes (vul id, rule id, stig id, classification, groupname, CCIs)
    • [X] Can filter rules by vul id, rule id, stig id, classification, groupname, CCIs, status, severity in search bar
    • [X] Can filter by inclusive and exclusive
    • [X] Implement new query parsing dependency
    • [X] Improve user experience with toggle filtering on status and severity with switches
    • [X] Document functions that are used or created
    • [X] Create test file for Checklist view
    • [X] Update test file for Sidebar component to test filtering
    • [X] Move filtering functionality into the Vuex Store
    • [X] Update help modal to reflect functionality of new query parser (e.g., exclusive filtering, handling white space, no more need for quotes around the whole term)
    • [X] Fix any errors that arise from changing how filters are stored (e.g., Compare view)
    • [x] Start documentation generation process

  • [ ] Fix These

    • [ ] When the Results, Profiles, or Checklist folding group is click, it opens the Panel (displays the Heimdall for the selected group) this is not the expected behavior - expect the group panel to open.

    • [ ] Update the Quick Filters (I would change the name to Common Filter Options and center the title) to be more informative that the filters belong to all types of scans (Results, Profiles, and Checklists) - Make a border around the panel to distinguished that the filter is common to all group selections.

    • [x] When opening the Checklist panel the two panels displayed are not aligned top. image

    • [x] When opening the Checklist panel nothing is displayed until you click on the Short ID slider (see image above).

    • [ ] Make the Rules display panel high to match the Heimdall main frame (minus some padding for good aesthetics)

    • [ ] Ensure that the horizontal scrollbar is displayed after fixing the vertical high an scrolling

    • [ ] Unable to read bottom potion of the STIG control image image image

    • [x] No STIG information is displayed (STIG ID, Bule ID, Group Name, etc) image

    • [ ] Visual bug with filtering rules by keywords logic - adding two filters whose filter "keyword" is the same but each is an inclusive filter and an exclusive filter. Selecting one of the filters to remove results in both being selected, but only the "truly" selected filter is removed. Attempting to click "Remove filter" with the remaining formerly-duplicate-word filter does not work, as if it were not "truly" selected. Deselecting one of the two "duplicates" deselects both "duplicates". In STIGViewer 2.18, adding an exclusive filter and attempting to add an inclusive filter (or vice versa) with the same keyword is not allowed. In Vue, this causes a warning: hook.js:608 [Vue warn]: Duplicate keys detected: '<duplicate string>'. This may cause an update error.

    • [ ] Bug with filtering rules by keywords logic - Not selecting a filter property in either the Checklist Filters or Category Filters uses a default filter property of "keywords", even though "keywords" is not selectable in Checklist Filters. However, the search bar will show a key:value comma-separated string indicating that the key is missing if the filter property wasn't selected.

    • [ ] ChecklistSeverityOverride.vue - gets

ChecklistSeverityOverride.vue:48 
 [Vue warn]: Missing required prop: "severityOverrideSelection"

found in

---> <ChecklistSeverityOverride> at src/components/global/checklist/ChecklistSeverityOverride.vue
       <VThemeProvider>
         <VBottomSheet>
           <VMain>
             <Base> at src/views/Base.vue
               <Checklist> at src/views/Checklist.vue
                 <VApp>
                   <App> at src/App.vue
                     <Root>
Promise.then		
validateSecurityJustification	@	ChecklistSeverityOverride.vue:48
Show 31 more frames
hook.js:608 
 [Vue warn]: Error in v-on handler: "TypeError: Cannot read properties of undefined (reading 'valueOf')"

found in

---> <VSelect>
       <VCard>
         <ChecklistRuleInfoBody> at src/components/global/checklist/ChecklistRuleEdit.vue
           <VMain>
             <Base> at src/views/Base.vue
               <Checklist> at src/views/Checklist.vue
                 <VApp>
                   <App> at src/App.vue
                     <Root>
Show 24 more frames

when selecting a severity override different from default on first load of a control

  • [ ] The following error
hook.js:608  TypeError: Cannot read properties of undefined (reading 'valueOf')
    at VueComponent.promptSeverityJustification (ChecklistRuleEdit.vue:105:1)
    at invokeWithErrorHandling (vue.runtime.esm.js:3033:1)
    at VueComponent.invoker (vue.runtime.esm.js:1832:1)
    at invokeWithErrorHandling (vue.runtime.esm.js:3033:1)
    at Vue.$emit (vue.runtime.esm.js:3732:1)
    at VueComponent.setValue (VSelect.js:813:1)
    at VueComponent.selectItem (VSelect.js:767:1)
    at invokeWithErrorHandling (vue.runtime.esm.js:3033:1)
    at VueComponent.invoker (vue.runtime.esm.js:1832:1)
    at invokeWithErrorHandling (vue.runtime.esm.js:3033:1)

happens when you pick a severity override that is equal to the default (after you select a severity override at first that is different from the default) AND under Misc Data, the Severity Override Justification: does not reset when you select the default severity override.

  • [ ] Tests:

    • [ ] Cypress tests
    • [ ] HDF converters tests

  • [ ] Other Improvements

    • [ ] Verify if saving to the database works correctly
    • [ ] Export ckl to csv
    • [ ] Move jsonix generated mapping into hdf converters
    • [ ] Severity override should make it '$severity (default)' not just '(default)'
    • [ ] Split hdf converters part into two in order to match typical converter structure

  • [ ] Move To Separate PR

    • [ ] Input validation for 'target data' fields (Make sure to sanitize string input) {Move to seperate PR}
    • [ ] Add modal to let user know their changes were saved (debounce typing, show modal after a little bit. keep the same save behavior where it just saves continuously tho, this is just a convenience thing for the user) {Move to seperate PR}

  • [ ] Support "Must match: All" filter matching from STIGViewer 2.18. Having more than 1 exclusive filter on Category Filters > Filter Properties breaks both exclusive filters. e.g. Keyword 366, Filter cci and Keyword 68, Filter cci results in the list of rules now containing those whose CCIs have 366 and 68. If there is only 1 exclusive filter in the list, then it works again. In the STIGViewer 2.18, the same filtering logic is found when selecting the "Must match: Any" option, but not in the "Must match: All" option. image image

Rlin232 avatar Jul 11 '22 22:07 Rlin232

This pull request introduces 3 alerts when merging fc051a840e36655aa4cafed8facc4bcf13d5a067 into eee1cb17e08f1da49dd167da6d8a892d68cabeb2 - view on LGTM.com

new alerts:

  • 3 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 19 '22 22:07 lgtm-com[bot]

This pull request introduces 3 alerts when merging a6a2f79b59866a9f55eca3aa491920a7f27058a4 into eee1cb17e08f1da49dd167da6d8a892d68cabeb2 - view on LGTM.com

new alerts:

  • 3 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 19 '22 23:07 lgtm-com[bot]

This pull request introduces 4 alerts when merging 77ec2cb6156345fd47d3e719aea4323fcad5a281 into 57f603fbdcc115f0ecaea23e979bed8f9b5a1c49 - view on LGTM.com

new alerts:

  • 4 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 20 '22 18:07 lgtm-com[bot]

This pull request introduces 4 alerts when merging 4ad6979dcd38400584c42a4ec633d9f2a1e53be9 into 57f603fbdcc115f0ecaea23e979bed8f9b5a1c49 - view on LGTM.com

new alerts:

  • 4 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 20 '22 18:07 lgtm-com[bot]

This pull request introduces 3 alerts when merging ede31f43977d26686e3542d97971824054cf70ae into b394c65ceb423ab816ab37c91915468a1a259f6c - view on LGTM.com

new alerts:

  • 3 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 21 '22 19:07 lgtm-com[bot]

This pull request introduces 1 alert when merging d11ca3504475c6365e042c2ffdc369a4f56945dc into d27d295c66b054755afcacf6a021a288ebb88ba5 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 22 '22 18:07 lgtm-com[bot]

This pull request has a conflict. Could you fix it @Rlin232?

mergify[bot] avatar Jul 22 '22 19:07 mergify[bot]

This pull request introduces 1 alert when merging c487e1e90e3adb26fcdf41b289bbe13c2ac134fe into a47500a4b51e8ab4dd453b0373159ea4d49286fe - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 29 '22 19:07 lgtm-com[bot]

This pull request introduces 1 alert when merging 10d5773f3988408bbbc7ad0ad61b2f51d7ba02f5 into a47500a4b51e8ab4dd453b0373159ea4d49286fe - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 29 '22 19:07 lgtm-com[bot]

This pull request introduces 1 alert when merging e5a69d3ef6d40675895fcdbdb77a59396993da1d into a47500a4b51e8ab4dd453b0373159ea4d49286fe - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 29 '22 19:07 lgtm-com[bot]

This pull request introduces 1 alert when merging 5e597f1e0d5990f348ad5f8c935b96f8c4cb24ec into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 30 '22 05:07 lgtm-com[bot]

This pull request introduces 1 alert when merging 04d2d0acf8cbfb4aacbb3b182fb2ab32e2b8b94b into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 30 '22 05:07 lgtm-com[bot]

This pull request introduces 1 alert when merging 026733b49cae7a9d6d057e4e0d9772fd56168a36 into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Jul 30 '22 05:07 lgtm-com[bot]

This pull request introduces 1 alert when merging d4c9e5a83b5ec29391510f43c444b372a0577696 into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Aug 01 '22 20:08 lgtm-com[bot]

This pull request introduces 1 alert when merging f5299cdc9219ebcf175b23c2ff9e85f135ad4094 into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Aug 01 '22 20:08 lgtm-com[bot]

This pull request introduces 1 alert when merging c4c4ccf99c9dcad3d4a99c04eb0b5525c0ed4fd7 into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Aug 01 '22 21:08 lgtm-com[bot]

This pull request introduces 1 alert when merging a1a70d234fa6a5168b0ab7ecfec91d719d9db3ad into b5ee02fce68289876bf70926336ed7fdedaaef74 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Aug 02 '22 00:08 lgtm-com[bot]

This pull request introduces 1 alert when merging b91e7b19ce366831edadfcfb94fc49dc505588ac into 06ac9f3d731eab2279440b07e70a8d1140f1386c - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Aug 02 '22 01:08 lgtm-com[bot]

This pull request introduces 1 alert when merging 1c9cd791dba0f1c6c4bbab5f99644d6895fc802b into 75e076ab5d71d8b255852df2bb58fcc9543cb061 - view on LGTM.com

new alerts:

  • 1 for Unused variable, import, function or class

lgtm-com[bot] avatar Aug 02 '22 16:08 lgtm-com[bot]

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
1.4% 1.4% Duplication

sonarqubecloud[bot] avatar Aug 24 '22 19:08 sonarqubecloud[bot]

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
1.4% 1.4% Duplication

sonarqubecloud[bot] avatar Oct 26 '22 18:10 sonarqubecloud[bot]

Are future features going to include:

  • loading any supported security data into the main "results" view, then being able to simply switch it over into checklist viewer instead of having to export it to .ckl and then reload it?
  • be able to export any of those samples in Heimdall to ckl and have them properly view in checklist viewer? Currently they don't seem to work...

ejaronne avatar Nov 02 '22 18:11 ejaronne

@ejaronne Can you make the first bullet point a new issue? W/r to the second one, there's definitely issues with the hdf2ckl mappers that I haven't had an opportunity to fix.

Amndeep7 avatar Nov 03 '22 17:11 Amndeep7

https://github.com/mitre/heimdall2/issues/3719

ejaronne avatar Nov 03 '22 17:11 ejaronne

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 4 Code Smells

No Coverage information No Coverage information
1.2% 1.2% Duplication

sonarqubecloud[bot] avatar Nov 10 '22 21:11 sonarqubecloud[bot]

Not sure if this is being tracked, but are we ensuring that the filter panel we implement in Heimdall operates the same way it does in STIG Viewer. In STIG Viewer, a separate filter panel is provided for each sub-window, i.e., the STIG explorer, and each checklist window that is opened. It is not one filter applied to every view.

ejaronne avatar Dec 01 '22 18:12 ejaronne

This pull request has a conflict. Could you fix it @Rlin232?

mergify[bot] avatar Feb 24 '23 17:02 mergify[bot]

This pull request has a conflict. Could you fix it @Rlin232?

mergify[bot] avatar Feb 25 '23 02:02 mergify[bot]

This pull request has a conflict. Could you fix it @Rlin232?

mergify[bot] avatar Feb 28 '23 05:02 mergify[bot]

This pull request has a conflict. Could you fix it @Rlin232?

mergify[bot] avatar Jun 24 '23 01:06 mergify[bot]

SonarCloud Quality Gate failed.    Quality Gate failed

Bug D 2 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 1 Security Hotspot
Code Smell A 40 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

sonarqubecloud[bot] avatar Sep 18 '23 19:09 sonarqubecloud[bot]