Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cra): Maßnahmen-Provenienz + Lizenzklasse je Normquelle

Browse Source 
Jede Normreferenz einer Maßnahme wird lizenzklassifiziert (eu_law /
public_domain / open / paid_reference) — paid-reference-Normen werden nur als
Verweis geführt, nie im Text gespeichert (idea/expression). Kuratierte
Maßnahmen tragen Tier 'core', KI-/Fallback-Maßnahmen 'review' (indikativ).
Frontend zeigt Quellen-Badges + "indikativ"-Kennzeichnung. Methodik in
docs-src/development/mapping-methodology.md (Szenario C, Due-Diligence).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-16 10:10:20 +02:00
parent 6c619ecc42
commit 7a4f086151
8 changed files with 204 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/tests/test_norm_sources.py
+38
View File
@@ -0,0 +1,38 @@
"""License/provenance classification of norm references — encodes the line between
freely-usable sources and paid standards we may only reference (not reproduce)."""
from compliance.data.norm_sources import (
LAW, OPEN, PAID_REFERENCE, PUBLIC_DOMAIN, classify_norm_ref,
)
from compliance.api.cra_annex_i_data import MEASURE_DETAILS
def test_eu_law_is_reproducible_class():
assert classify_norm_ref("Verordnung (EU) 2024/2847 (CRA), Anhang I") == LAW
assert classify_norm_ref("MaschinenVO Anhang III") == LAW
assert classify_norm_ref("NIS2 Art. 21") == LAW
def test_nist_is_public_domain():
assert classify_norm_ref("NIST SP 800-53: IA-5") == PUBLIC_DOMAIN
assert classify_norm_ref("NIST SP 800-218") == PUBLIC_DOMAIN
def test_open_licensed():
assert classify_norm_ref("OWASP ASVS V3") == OPEN
assert classify_norm_ref("ETSI EN 303 645") == OPEN
def test_paid_standards_reference_only():
assert classify_norm_ref("IEC 62443-4-1") == PAID_REFERENCE
assert classify_norm_ref("ISO/IEC 27002") == PAID_REFERENCE
assert classify_norm_ref("EN ISO 13849-1") == PAID_REFERENCE
def test_unknown_defaults_conservative():
assert classify_norm_ref("Irgendein Hausstandard XY") == PAID_REFERENCE
def test_curated_measures_carry_provenance():
m = MEASURE_DETAILS["M540"]
assert m.get("tier") == "core"
assert m.get("norm_sources") and all("license_class" in s for s in m["norm_sources"])