search

ThalesGroup / security-risk-assessment-tool

The ISRA security-risk-assessment-tool project is an Electron based application used to do security risk assessments at a technical level
BSD 4-Clause "Original" or "Old" License
24 stars 8 forks source link

[Issue]: Improve save validation error message when vuln and risk does not have matching supporting assets #286

Open Alvin-JohnPagente opened 4 months ago

Alvin-JohnPagente commented 4 months ago

Issue Description

A risk which contains a vuln with a non-matching supporting asset triggers an error on save but the error message does not tell you the exact issue.

Duplicate Steps

  1. Open the attached sra, navigate to the Risks tab, go to the attack paths of the risk. The vuln is highlighted by a red box which indicates there is an issue with the vuln image
  2. Go to the Vulnerabilities tab. Notice that there is no visible issues with the vulnerabilities image
  3. Save the file (Ctrl-S). The error message says that the issue is in the risk evaluation section. The issue is actually the vuln supporting asset does not match the risk supporting asset. The user either have to: update the risk's supporting asset or the vuln supporting asset or remove the vuln. image

Expected Results

The error message can indicate that the Risk ID n contains a vuln in the attack path x that has a non-matching supporting asset

Version Detected

1.2.0

Attachments

non_matching_supporting_assets.zip

No response

Alvin-JohnPagente commented 4 months ago

Duplicate of https://github.com/ThalesGroup/security-risk-assessment-tool/issues/247