feat(iace): Hazard-Library v2, Controls-Library, SEPA Avoidance, CE RAG-Ingest
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 35s
CI / test-python-backend-compliance (push) Successful in 33s
CI / test-python-document-crawler (push) Successful in 21s
CI / test-python-dsms-gateway (push) Successful in 19s
All checks were successful
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-ai-compliance (push) Successful in 35s
CI / test-python-backend-compliance (push) Successful in 33s
CI / test-python-document-crawler (push) Successful in 21s
CI / test-python-dsms-gateway (push) Successful in 19s
- Hazard-Library: +79 neue Eintraege in 12 Kategorien (software_fault, hmi_error, mechanical_hazard, electrical_hazard, thermal_hazard, emc_hazard, configuration_error, safety_function_failure, logging_audit_failure, integration_error, environmental_hazard, maintenance_hazard) — Gesamtanzahl: ~116 Eintraege in 24 Kategorien - Controls-Library: neue Datei controls_library.go mit 200 Eintraegen in 6 Domaenen (REQ/ARCH/SWDEV/VER/CYBER/DOC) - Handler: GET /sdk/v1/iace/controls-library (?domain=, ?category=) - SEPA: CalculateInherentRisk() + 4. Param Avoidance (0=disabled, 1-5: 3=neutral); RiskComputeInput.Avoidance, RiskAssessment.Avoidance, AssessRiskRequest.Avoidance — backward-kompatibel (A=0 → S×E×P) - Tests: engine_test.go + hazard_library_test.go aktualisiert - Scripts: ingest-ce-corpus.sh — 15 CE/Safety-Dokumente (EUR-Lex, NIST, ENISA, NASA, OWASP, MITRE CWE) in bp_compliance_ce und bp_compliance_datenschutz - Docs: docs-src/services/sdk-modules/iace.md + mkdocs.yml Nav-Eintrag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -680,6 +680,35 @@ func (h *IACEHandler) ListHazardLibrary(c *gin.Context) {
|
||||
})
|
||||
}
|
||||
|
||||
// ListControlsLibrary handles GET /controls-library
|
||||
// Returns the built-in controls library, optionally filtered by ?domain and ?category.
|
||||
func (h *IACEHandler) ListControlsLibrary(c *gin.Context) {
|
||||
domain := c.Query("domain")
|
||||
category := c.Query("category")
|
||||
|
||||
all := iace.GetControlsLibrary()
|
||||
|
||||
var filtered []iace.ControlLibraryEntry
|
||||
for _, entry := range all {
|
||||
if domain != "" && entry.Domain != domain {
|
||||
continue
|
||||
}
|
||||
if category != "" && !containsString(entry.MapsToHazardCategories, category) {
|
||||
continue
|
||||
}
|
||||
filtered = append(filtered, entry)
|
||||
}
|
||||
|
||||
if filtered == nil {
|
||||
filtered = []iace.ControlLibraryEntry{}
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"controls": filtered,
|
||||
"total": len(filtered),
|
||||
})
|
||||
}
|
||||
|
||||
// containsString checks if a string slice contains the given value.
|
||||
func containsString(slice []string, val string) bool {
|
||||
for _, s := range slice {
|
||||
@@ -885,7 +914,7 @@ func (h *IACEHandler) AssessRisk(c *gin.Context) {
|
||||
userID := rbac.GetUserID(c)
|
||||
|
||||
// Calculate risk using the engine
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability)
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability, req.Avoidance)
|
||||
controlEff := h.engine.CalculateControlEffectiveness(req.ControlMaturity, req.ControlCoverage, req.TestEvidenceStrength)
|
||||
residualRisk := h.engine.CalculateResidualRisk(req.Severity, req.Exposure, req.Probability, controlEff)
|
||||
riskLevel := h.engine.DetermineRiskLevel(residualRisk)
|
||||
@@ -902,6 +931,7 @@ func (h *IACEHandler) AssessRisk(c *gin.Context) {
|
||||
Severity: req.Severity,
|
||||
Exposure: req.Exposure,
|
||||
Probability: req.Probability,
|
||||
Avoidance: req.Avoidance,
|
||||
InherentRisk: inherentRisk,
|
||||
ControlMaturity: req.ControlMaturity,
|
||||
ControlCoverage: req.ControlCoverage,
|
||||
@@ -1094,7 +1124,7 @@ func (h *IACEHandler) ReassessRisk(c *gin.Context) {
|
||||
userID := rbac.GetUserID(c)
|
||||
|
||||
// Calculate risk using the engine
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability)
|
||||
inherentRisk := h.engine.CalculateInherentRisk(req.Severity, req.Exposure, req.Probability, req.Avoidance)
|
||||
controlEff := h.engine.CalculateControlEffectiveness(req.ControlMaturity, req.ControlCoverage, req.TestEvidenceStrength)
|
||||
residualRisk := h.engine.CalculateResidualRisk(req.Severity, req.Exposure, req.Probability, controlEff)
|
||||
riskLevel := h.engine.DetermineRiskLevel(residualRisk)
|
||||
@@ -1122,6 +1152,7 @@ func (h *IACEHandler) ReassessRisk(c *gin.Context) {
|
||||
Severity: req.Severity,
|
||||
Exposure: req.Exposure,
|
||||
Probability: req.Probability,
|
||||
Avoidance: req.Avoidance,
|
||||
InherentRisk: inherentRisk,
|
||||
ControlMaturity: req.ControlMaturity,
|
||||
ControlCoverage: req.ControlCoverage,
|
||||
|
||||
Reference in New Issue
Block a user