search

crocs-muni / sec-certs

Tool for analysis of security certificates and their security targets (Common Criteria, NIST FIPS140-2...).
https://sec-certs.org
MIT License
12 stars 8 forks source link

DependencyFinder outputs weird #237

Closed J08nY closed 1 year ago

J08nY commented 2 years ago

Describe the bug The DependencyFinder class from model subpackage produces weird output. It includes ids with maintenance suffixes in the output and in general finds connections different to that which are found by independently expanding the direct references in the seccerts.org page.

To Reproduce Compute the full CC dataset and look at the outputs of DependencyFinder in the st_references and report_references heuristics.

J08nY commented 2 years ago

DependencyFinder produces the following direct references for 10b17081dd7cad8f (ANSSI-CC-2018/41). Screenshot from 2022-06-22 18-02-35

While the site produces this graph component (including indirect and both directions of references). Note no -M01 ids. Screenshot from 2022-06-22 18-03-58

J08nY commented 2 years ago

TBH I do not know why we even have the DependencyFinder class. What it does can be better done on demand by using the direct references directly to build a graph object in networkx or wherever and then querying that object.

@adamjanovsky @GeorgeFI Can you elaborate on the uses of this class?

J08nY commented 2 years ago

One more example: https://seccerts.org/cc/6ed3cd21c6a2c9d0/ Both the st_references and report_references are empty yet the certificate ID appears in "directly_referencing" entry of another three certificates (see the graph display).