Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
10c32d7f7c027ab3e865153a41fbbb31655ee802
breakpilot-compliance/backend-compliance/compliance/api/cra_assess_routes.py
T
Benjamin Admin 10c32d7f7c feat(cra): cyber-meets-safety bridge as real logic (step 2) 
Deterministic bridge (cra_safety_bridge.py): a cyber finding's attack capability
(remote_actuation / code_tampering / integrity_loss / auth_bypass, derived from
its CRA category) is matched against what each CE safety function is vulnerable
to. A match re-opens the mitigated hazard, flags the finding safety_impact (which
floors it to P0), and produces the cross-link. Endpoint accepts safety_functions;
frontend passes the project's safety functions and renders the LIVE cross-links
(no more hardcode). Safety functions are demo input now; come from the CE risk
assessment in production.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-14 08:59:41 +02:00

60 lines
2.1 KiB
Python
Raw Blame History

"""Standalone CRA cyber risk-assessment endpoint.
POST /api/v1/cra/assess — takes the findings the external repo-scanner already
produced and returns the deterministic CRA assessment: each finding mapped to
the CRA Annex I requirement(s) it violates, a risk level, the curated CRA
measures, and the NIST 800-53 / OWASP Top 10 golden-set crosswalk.
Project-less by design: works standalone for ANY customer — including those with
no CE risk assessment and no FMEA yet (the mandatory baseline). Reuses the fully
tested mapper; no DB, no LLM, no RAG. Same logic the MCP server exposes.
"""
from typing import Dict, List, Optional
from fastapi import APIRouter
from pydantic import BaseModel
from compliance.services.cra_finding_mapper import assess_findings_payload
router = APIRouter(prefix="/v1/cra", tags=["cra"])
class FindingIn(BaseModel):
id: str
title: Optional[str] = ""
description: Optional[str] = ""
category: Optional[str] = ""
cwe: Optional[str] = ""
severity: Optional[str] = ""
cvss: Optional[float] = None
location: Optional[str] = ""
safety_impact: Optional[bool] = False
exploited: Optional[bool] = False
class SafetyFunctionIn(BaseModel):
name: str
hazard: Optional[str] = ""
original_measure: Optional[str] = ""
kind: Optional[str] = "" # prevent_unexpected_actuation | signal_integrity
vulnerable_to: Optional[List[str]] = None
class AssessRequest(BaseModel):
findings: List[FindingIn]
# customer priorities for the discretionary tier: {objective: high|medium|low}.
# objectives: access | data | network_api | supply_updates | monitoring.
weights: Optional[Dict[str, str]] = None
# CE-risk-assessment safety functions for the cyber-meets-safety bridge.
safety_functions: Optional[List[SafetyFunctionIn]] = None
@router.post("/assess")
async def assess(body: AssessRequest):
payload = {
"findings": [f.model_dump() for f in body.findings],
"weights": body.weights,
"safety_functions": [s.model_dump() for s in body.safety_functions] if body.safety_functions else None,
}
return assess_findings_payload(payload)
Reference in New Issue View Git Blame Copy Permalink