feat(cra): two-lane breadth — CRA-specific corpus + technical depth
All 6 security use_cases are atom-grain now. Per finding we draw two lanes: the CRA corpus (use_case=cra, the most on-point CRA obligations) + the technical depth (code_security for secure-dev, else network_security). Controls merged, deduped, each tagged with its use_case (shown in the best-practice depth). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -38,27 +38,26 @@ _REQ_TO_SUBTOPIC = {
|
||||
}
|
||||
|
||||
|
||||
# Which atom-grain use_case is most relevant per sub_topic. Both network_security
|
||||
# and code_security are atom-grain; secure-dev is best served by code_security.
|
||||
_SUBTOPIC_TO_USECASE = {
|
||||
"secure_development": "code_security",
|
||||
}
|
||||
_DEFAULT_USECASE = "network_security"
|
||||
# Two breadth lanes per finding: the CRA-specific corpus (always — most on-point
|
||||
# for a CRA assessment) + the technical-depth corpus for the sub_topic
|
||||
# (code_security for secure-dev, else network_security). All atom-grain.
|
||||
# isms/dora/kritis are also atom-grain — available for future per-regime routing.
|
||||
_TECHNICAL_USECASE = {"secure_development": "code_security"} # default: network_security
|
||||
|
||||
|
||||
def subtopic_for(req_id: str):
|
||||
return _REQ_TO_SUBTOPIC.get(req_id)
|
||||
|
||||
|
||||
def usecase_for(sub_topic: str) -> str:
|
||||
return _SUBTOPIC_TO_USECASE.get(sub_topic, _DEFAULT_USECASE)
|
||||
def usecases_for(sub_topic: str) -> list:
|
||||
return ["cra", _TECHNICAL_USECASE.get(sub_topic, "network_security")]
|
||||
|
||||
|
||||
def enrich_findings_with_breadth(mapped: list, db, limit: int = 5) -> None:
|
||||
"""Attach `sub_topic` + `regulatory_breadth` (atom controls) to each finding.
|
||||
|
||||
Queries network_security once per distinct sub_topic (cached). Best-effort:
|
||||
on any error a finding just gets an empty breadth — never breaks the assessment.
|
||||
def enrich_findings_with_breadth(mapped: list, db, per_use_case: int = 3) -> None:
|
||||
"""Attach `sub_topic` + `regulatory_breadth` (atom controls from the CRA corpus
|
||||
+ the technical-depth corpus) to each finding, each control tagged with its
|
||||
use_case. Queries are cached per (use_case, sub_topic). Best-effort: on any
|
||||
error a finding just gets fewer/empty breadth — never breaks the assessment.
|
||||
"""
|
||||
svc = UseCaseControlsService(db)
|
||||
cache: dict = {}
|
||||
@@ -67,19 +66,23 @@ def enrich_findings_with_breadth(mapped: list, db, limit: int = 5) -> None:
|
||||
m["sub_topic"] = st
|
||||
if not st:
|
||||
m["regulatory_breadth"] = []
|
||||
m["breadth_use_case"] = None
|
||||
continue
|
||||
uc = usecase_for(st)
|
||||
m["breadth_use_case"] = uc
|
||||
key = (uc, st)
|
||||
if key not in cache:
|
||||
try:
|
||||
res = svc.controls_for_use_case(uc, sub_topic=st, limit=limit)
|
||||
cache[key] = [
|
||||
{"control_id": c.get("control_id"), "title": c.get("title"),
|
||||
"source_regulation": c.get("source_regulation"), "severity": c.get("severity")}
|
||||
for c in res.get("controls", [])
|
||||
]
|
||||
except Exception:
|
||||
cache[key] = []
|
||||
m["regulatory_breadth"] = cache[key]
|
||||
merged, seen = [], set()
|
||||
for uc in usecases_for(st):
|
||||
key = (uc, st)
|
||||
if key not in cache:
|
||||
try:
|
||||
res = svc.controls_for_use_case(uc, sub_topic=st, limit=per_use_case)
|
||||
cache[key] = [
|
||||
{"control_id": c.get("control_id"), "title": c.get("title"),
|
||||
"source_regulation": c.get("source_regulation"),
|
||||
"severity": c.get("severity"), "use_case": uc}
|
||||
for c in res.get("controls", [])
|
||||
]
|
||||
except Exception:
|
||||
cache[key] = []
|
||||
for c in cache[key]:
|
||||
if c["control_id"] and c["control_id"] not in seen:
|
||||
seen.add(c["control_id"])
|
||||
merged.append(c)
|
||||
m["regulatory_breadth"] = merged
|
||||
|
||||
Reference in New Issue
Block a user