owasp / cornucopia Goto Github PK

          I'll have a look at the fuzzer test. Something strange going on there.

Originally posted by @sydseter in #306 (comment)

Is your feature request related to a problem? Please describe.

Currently the requirement list connected with each card has a tendency to become outdated. There is also too little discussions around them which means that it's not sure all of them are equally relevant for all cards.

Describe the solution you'd like

We should be able to build the requirement map on the cards by querying the OpenCRE API. This will invite to more cross-team collaboration and maintenance of the requirements connected to the cards and make the map easier to maintain.

Describe alternatives you've considered

The requirement list has been moved out of the word and indesign files, this has helped, but using OpenCRE is the next logical step.

Recommendations

Last analysis: Jun 15 | Next scheduled analysis: Jun 22

Open

✅ Nice work, you're all caught up!

Available

✅ Nothing yet, but I'm continuing to monitor your PRs.

Completed

✅ You merged improvements I recommended View
✅ I also hardened PRs for you View

Metrics

What would you like to see here? Let us know!

Resources

📚 Quick links
Pixee Docs | Codemodder by Pixee

🧰 Tools I work with
Sonar, CodeQL, Semgrep

🚀 Pixee CLI
The power of my codemods in your local development environment. Learn more

💬 Reach out
Feedback | Support

❤️ Follow, share, and engage with Pixee: GitHub | LinkedIn | Slack

The old wiki deck contains the 3.0 ASVS requirements. see: https://wiki.owasp.org/index.php/Cornucopia_-_Ecommerce_Website_-_VE_2

The wiki deck should be updated to account for the 4.0 ASVS requirements.

Is your feature request related to a problem? Please describe.

A lot of the inspiration behind Cornucopia comes from EoP. There is even a EoP card list added to a yaml file in our repository, but the EoP edition was never finalized.

Describe the solution you'd like

We should strive to maintain the EoP deck as well, perhaps in order to add the possibility to translate EoP into multiple languages and create print-ready print-on-demand files for the deck that started it all.

Is your feature request related to a problem? Please describe.

In order to drive the project further and create print ready proofs for print-on-demand we need to be able to script the idml to pdf convertion.

Describe the solution you'd like
A clear and concise description of what you want to happen.

Scribus looks promising: https://wiki.scribus.net/canvas/Command_line_scripts#Usefull_'Create_PDF_out_of_existing_scribus_document'_script

Perhaps we could create a github action for doing the convertion or a python module.

Describe alternatives you've considered

Indesign server is an alternative, but it’s a commercial product.

Additional context

Currently we are not delivering print ready design files. A designer always have install the fonts, open the idml document, clone the back of the card 79 times to the correct place and export to pdf.
Instead we should just be able to deliver final pdfs and not idml with embedded art works.

As a middle step we could look into correctly add the links to the graphics from python, but I am afraid it won’t be platform dependent.

Is your feature request related to a problem? Please describe.

We now have the decks translated into 6 languages, but we have not done a proper review of the language. The English, Norwegian and Dutch versions are probably fine, but what about the rest?

Describe the solution you'd like

Get someone that has been working as a native language teacher or translator to have a look at the translations in order to make sure the translations are properly done.

Describe the bug
I started reviewing the idml files in Indesign and noticed that there is a hardcoded link to a eps file which provides the background for the card. I can't find it in the repository which lead me to believe that it is missing and hasn't been provided in the original template.

We should find a way to include the graphics in a way so that it is either embedded or properly linked to during the idml conversion.
please have a look at the screenshot from Indesign with the error and the pdf that I printed after opening the file in Indesign.

To Reproduce
Steps to reproduce the behavior:

1. Open any of the idml files in Indesign and try to print the deck
2. Choose Windows -> Links to get the list of errors

Expected behavior
The graphics should not be missing if they are needed in order to print the cards.

Screenshots

Error:
Name cornocopia back of card elements.eps
Format EPS
Page 1
Status Missing
Size 2.8 MB (2896558 bytes)
Title Print
Creator Adobe Illustrator CS6 (Macintosh)
Place Date Monday, July 11, 2016 1:38 PM
Layer Default
Path \Users\agb\Downloads\cornucopia-ecom-1v20en-owasp\Cards\Links\cornocopia back of card elements.eps
Creation Date Thursday, October 10, 2013 5:22 PM
Scale 100%

Desktop (please complete the following information):

• OS: Windows
• Version Cornucopia ecommerce edition 1.30

Additional context
Pdf output from Indesign: cornucopia.pdf

Hi guys,
after a workshop at the OOP 2022 in Germany with the topic of security games, I put together an online version of the cornucopia card game last summer.
It's ugly but somewhat functional, might be interesting to look at for you guys: https://github.com/steff-wink/owasp_cornucopia_online

Or are there other online versions already out there? Haven't seen any so far.
Greetings

In order to be able to print the instructions as a leaflet into multiple languages, we will need to make the InDesign leaflet into a template and add a feature for generating it from the translations.

The final solution would be an option in convert.py that would print the leaflet into all languages.

Hi, if you like I could create Norwegian and German translations since I am proficient in those two languages. I could also look over the Spanish translation and see if I can improve the language a bit. My wife is a Spanish language teacher so I am sure I can get some support there.

Is your feature request related to a problem? Please describe.
QR codes will make it easier to find requirements related to Cornucopia while playing the game. Commercial web shops are already selling decks with these online: https://webshop.dotnetlab.eu/

Describe the solution you'd like
QR codes should be added to the Cornucopia cards.

Any interest out there for creating a version of the game for ASVS 4.0?
We are using the game internally to be able to help in defining security constraints for our epics and user-stories (ASVS v4, 1.1.3), but I find that I end up translating the ASVS v3 requirements into v4. I am realizing that creating additional cards for a ASVS 4.0 version would be the best.

Describe the bug
Apple Braille Outline 6 Dot is one of the fonts used in the idml file. There are no suitable alternative to this font on any windows system. To simplify the printing process. We should use fonts that can be installed on both systems when needed. The Myriad Pro Semibold font is also not a font that is available, but it can at least be bought from adobe, still, I would recommend finding a suitable open source substitution for this font as well as it would simplify development and printing.

To Reproduce
Steps to reproduce the behavior:

1. Open any idml file in Indesign on a windows system
2. Missing Fonts will get reported

Expected behavior
Ideally we should choose fonts that are easy to require on both windows and mac os x

Screenshots

Desktop (please complete the following information):

• OS: Windows 10