Merge pull request #437 from kac89/dev

add owasp top 10 mobile 2024

Author: kac89

package-lock.json

@@ -28,7 +28,7 @@
     "core-js": "^3.39.0",
     "crypto-js": "^4.1.1",
     "docx": "^8.5.0",
-    "dompurify": "^3.1.6",
+    "dompurify": "^3.2.2",
     "events": "^3.2.0",
     "gulp-clone": "^2.0.1",
     "highlight.js": "^11.10.0",

package.json

@@ -12,7 +12,7 @@
         <mat-form-field appearance="outline" color="accent" class="example-full-width">
           <mat-label>Templates source</mat-label>
           <mat-select [(value)]="sourceSelect" (selectionChange)="changeselect()">
-            <mat-option value="VULNREPO">VULNRΞPO</mat-option>
+            <mat-option value="VULNREPO"><img with="20" height="20" src="/favicon-32x32.png"> VULNRΞPO</mat-option>
             <mat-option value="CVE"><mat-icon color="accent">public</mat-icon> CVE (ONLINE Database)</mat-option>
             <mat-option value="CWE">CWE Research Concepts</mat-option>
             <mat-option value="MENTERPRISE">MITRE ATT&CK Enterprise</mat-option>
@@ -22,6 +22,7 @@
             <mat-option value="OWASPTOP2017">OWASP Top 10 2017 Web Application Security Risks</mat-option>
             <mat-option value="OWASPTOP10CICD">OWASP Top 10 CI/CD Security Risks</mat-option>
             <mat-option value="OWASPTOP10k8s">OWASP Kubernetes Top 10</mat-option>
+            <mat-option value="OWASP_mobile">OWASP Mobile Top 10 2024</mat-option>
           </mat-select>
         </mat-form-field>
       </div>
@@ -227,6 +228,36 @@
       <span fxLayoutAlign="flex-end"><small><a class="active-link" target="_blank" href="https://owasp.org/www-project-kubernetes-top-ten/">owasp.org</a></small></span>
     </div>
 
+    <div *ngIf="sourceSelect == 'OWASP_mobile'">
+      <mat-form-field class="example-full-width" color="accent">
+        <mat-label>OWASP Mobile Top 10 2024</mat-label>
+
+        <mat-chip-grid #mobilechipGrid aria-label="Issue title" [formControl]="mobilegridaction">
+          <mat-chip-row *ngFor="let isitemw of mobilechipsissue" (removed)="removemobile(isitemw)">
+            {{isitemw}}
+            <button matChipRemove [attr.aria-label]="'remove ' + isitemw">
+              <mat-icon>cancel</mat-icon>
+            </button>
+          </mat-chip-row>
+        </mat-chip-grid>
+
+        <input cdkFocusInitial type="text" matInput placeholder="e.g.: insecure validation" [formControl]="mobilecustomissueform" [matAutocomplete]="auto10" [matChipInputFor]="mobilechipGrid" [matChipInputSeparatorKeyCodes]="separatorKeysCodes" (matChipInputTokenEnd)="addmobile($event)">
+        <mat-autocomplete #auto10="matAutocomplete" (optionSelected)="mobileselected($event)">
+          <mat-option [title]="option.title" *ngFor="let option of filteredOptionsmobile | async" [value]="option.title">
+            {{option.title}}
+          </mat-option>
+          </mat-autocomplete>
+        <mat-error *ngIf="mobilecustomissueform.hasError('notempty')">
+          <strong>Title must not be empty!</strong>
+        </mat-error>
+        <mat-error *ngIf="mobilecustomissueform.hasError('cantfind')">
+          <strong>Can not be found!</strong>
+        </mat-error>
+      </mat-form-field>
+
+      <span fxLayoutAlign="flex-end"><small><a class="active-link" target="_blank" href="https://owasp.org/www-project-mobile-top-10/">owasp.org</a></small></span>
+  </div>
+
     <div *ngIf="show">Please wait...<mat-progress-bar color="accent" mode="indeterminate"></mat-progress-bar></div>
         <span style="color: red;">{{err_msg}}</span>
     </div>
@@ -241,6 +272,7 @@
       <button *ngIf="sourceSelect == 'OWASPTOP2021'" mat-raised-button color="accent" (click)="addOWASPtop2021()"><mat-icon class="vertical-align-middle padding-bottom-3">add</mat-icon> Add OWASP Top 10 2021</button>
       <button *ngIf="sourceSelect == 'OWASPTOP10CICD'" mat-raised-button color="accent" (click)="addOWASPTOP10CICD()"><mat-icon class="vertical-align-middle padding-bottom-3">add</mat-icon> Add OWASP Top 10 CI/CD Security Risks</button>
       <button *ngIf="sourceSelect == 'OWASPTOP10k8s'" mat-raised-button color="accent" (click)="addOWASPTOP10k8s()"><mat-icon class="vertical-align-middle padding-bottom-3">add</mat-icon> Add OWASP Kubernetes Top 10</button>
+      <button *ngIf="sourceSelect == 'OWASP_mobile'" mat-raised-button color="accent" (click)="addOWASP_mobile()"><mat-icon class="vertical-align-middle padding-bottom-3">add</mat-icon> Add OWASP Mobile Top 10</button>
       &nbsp;
       <button mat-raised-button color="primary" (click)="cancel()">Cancel</button>
     </div>

src/app/dialog-addissue/dialog-addissue.component.html

@@ -55,7 +55,9 @@ export interface PCITesting {
 })
 export class DialogAddissueComponent implements OnInit {
   customissueform = new UntypedFormControl();
+  mobilecustomissueform = new UntypedFormControl();
   gridaction = new UntypedFormControl();
+  mobilegridaction = new UntypedFormControl();
   cwecontrol = new UntypedFormControl();
   mycve = new UntypedFormControl();
   mymobilemitre = new UntypedFormControl();
@@ -66,6 +68,7 @@ export class DialogAddissueComponent implements OnInit {
   myOWASPTOP10CICD = new UntypedFormControl();
   myOWASPTOP10k8s = new UntypedFormControl();
   options: Vulns[] = [];
+  mobileoptions: Vulns[] = [];
   optionsv = [];
   cwe: Vulns[] = [];
   mitremobile: Vulns[] = [];
@@ -76,6 +79,7 @@ export class DialogAddissueComponent implements OnInit {
   OWASPTOP10CICD: Vulns[] = [];
   OWASPTOP10k8s: Vulns[] = [];
   filteredOptions: Observable<Vulns[]>;
+  filteredOptionsmobile: Observable<Vulns[]>;
   filteredOptionsCWE: Observable<Vulns[]>;
   filteredOptionsmitremobile: Observable<Vulns[]>;
   filteredOptionsmitreenterprise: Observable<Vulns[]>;
@@ -90,6 +94,7 @@ export class DialogAddissueComponent implements OnInit {
   separatorKeysCodes: number[] = [ENTER, COMMA];
   announcer = inject(LiveAnnouncer);
   chipsissue: string[] = [];
+  mobilechipsissue: string[] = [];
   reportTemplateList_int = [];
 
   constructor(public router: Router,
@@ -104,7 +109,12 @@ export class DialogAddissueComponent implements OnInit {
         map(value => typeof value === 'string' ? value : value.title),
         map(title => title ? this._filter(title) : this.options.slice())
       );
-
+      this.filteredOptionsmobile = this.mobilecustomissueform.valueChanges
+      .pipe(
+        startWith<string | Vulns>(''),
+        map(value => typeof value === 'string' ? value : value.title),
+        map(title => title ? this._filtermobile(title) : this.mobileoptions.slice())
+      );
     this.filteredOptionsCWE = this.cwecontrol.valueChanges
       .pipe(
         startWith<string | Vulns>(''),
@@ -165,6 +175,10 @@ export class DialogAddissueComponent implements OnInit {
     const filterValue = name.toLowerCase();
     return this.options.filter(option => option.title.toLowerCase().indexOf(filterValue) >= 0);
   }
+  private _filtermobile(name: string): Vulns[] {
+    const filterValue = name.toLowerCase();
+    return this.mobileoptions.filter(option => option.title.toLowerCase().indexOf(filterValue) >= 0);
+  }
   private _filterCWE(name: string): Vulns[] {
     const filterValue = name.toLowerCase();
     return this.cwe.filter(option => option.title.toLowerCase().indexOf(filterValue) >= 0);
@@ -228,6 +242,10 @@ export class DialogAddissueComponent implements OnInit {
       }
     });
 
+    this.http.get<any>('/assets/owasp_mobile_2024.json?v=' + + new Date()).subscribe(res => {
+      this.mobileoptions = res;
+    });
+    
     this.http.get<any>('/assets/CWE_V.4.3.json?v=' + + new Date()).subscribe(res => {
       this.cwe = res;
     });
@@ -852,6 +870,104 @@ export class DialogAddissueComponent implements OnInit {
   }
 
 
+  addOWASP_mobile() {
+
+    if (this.mobilecustomissueform.value !== "" && this.mobilecustomissueform.value !== null) {
+      this.mobilechipsissue.push(this.mobilecustomissueform.value);
+    }
+
+    let exitel = [];
+    if (this.mobilechipsissue.length > 0) {
+      for (var datael of this.mobilechipsissue) {
+
+        const found = this.mobileoptions.find((obj) => {
+          return obj.title === datael;
+        });
+
+        if (found !== undefined) {
+
+          if (found.title === datael) {
+            const def = {
+              title: found.title,
+              poc: found.poc,
+              files: [],
+              desc: found.desc,
+              severity: found.severity,
+              status: 1,
+              ref: found.ref,
+              cvss: found.cvss,
+              cvss_vector: found.cvss_vector,
+              cve: found.cve,
+              tags: found.tags,
+              bounty: [],
+              date: this.getcurrentDate()
+            };
+            exitel.push(def);
+
+          }
+
+
+        } else {
+
+          const def = {
+            title: datael,
+            poc: '',
+            files: [],
+            desc: '',
+            severity: 'High',
+            status: 1,
+            ref: '',
+            cvss: 7,
+            cvss_vector: '',
+            cve: '',
+            tags: [],
+            bounty: [],
+            date: this.getcurrentDate()
+          };
+          exitel.push(def);
+        }
+      }
+
+      this.dialogRef.close(exitel);
+
+
+    } else {
+      this.customissueform.setErrors({ 'notempty': true });
+      this.gridaction.setErrors({ 'notempty': true });
+    }
+
+  }
+
+  addmobile(event: MatChipInputEvent): void {
+    const value = (event.value || '').trim();
+
+    // Add our fruit
+    if (value) {
+      this.mobilechipsissue.push(value);
+    }
+
+    // Clear the input value
+    event.chipInput!.clear();
+
+    this.mobilecustomissueform.setValue('');
+  }
+
+  removemobile(item: string): void {
+    const index = this.mobilechipsissue.indexOf(item);
+
+    if (index >= 0) {
+      this.mobilechipsissue.splice(index, 1);
+
+      this.announcer.announce(`Removed ${item}`);
+    }
+  }
+
+  mobileselected(event: MatAutocompleteSelectedEvent): void {
+    this.mobilechipsissue.push(event.option.viewValue);
+    //this.fruitInput.nativeElement.value = '';
+    this.mobilecustomissueform.setValue('');
+  }
+
   add(event: MatChipInputEvent): void {
     const value = (event.value || '').trim();
 
@@ -876,6 +992,8 @@ export class DialogAddissueComponent implements OnInit {
     }
   }
 
+
+
   selected(event: MatAutocompleteSelectedEvent): void {
     this.chipsissue.push(event.option.viewValue);
     //this.fruitInput.nativeElement.value = '';

src/app/dialog-addissue/dialog-addissue.component.ts

@@ -1,8 +1,8 @@
 import { Component, Inject, OnInit, ElementRef, ViewChild } from '@angular/core';
 import { MatDialogRef, MAT_DIALOG_DATA } from '@angular/material/dialog';
 import { UntypedFormControl } from '@angular/forms';
-import { marked } from 'marked'
-import * as DOMPurify from 'dompurify';
+
+import DOMPurify from 'dompurify';
 import { markedHighlight } from "marked-highlight";
 import hljs from 'highlight.js';
 import { Marked } from "marked";

src/app/dialog-editor-fullscreen/dialog-editor-fullscreen.component.ts

@@ -30,7 +30,7 @@ import { COMMA, ENTER } from '@angular/cdk/keycodes';
 import { HttpClient } from '@angular/common/http';
 import * as Crypto from 'crypto-js';
 import { v4 as uuid } from 'uuid';
-import * as DOMPurify from 'dompurify';
+import DOMPurify from 'dompurify';
 import { ApiService } from '../api.service';
 import { MatCalendar, MatCalendarCellCssClasses, DateRange } from '@angular/material/datepicker';
 import { SessionstorageserviceService } from "../sessionstorageservice.service"