mimic

Author SHA1 Message Date

Author	SHA1	Message	Date
Knacky	7335b9f2c6	refactor(export): switch render output to fixed 7-column schema (Scénario, Test, ...) All three renderers (MD, CSV, PDF) now emit a uniform 7-column table with French headers matching the RT↔SOC handoff contract locked in SPEC.md `fdab324`. Helpers added: - _format_execution(sim): canonical 3-part concat (executed_at / commands / execution_result) - _MD_HEADERS / _HTML_HEADERS / _CSV_HEADERS unified to the same 7 FR strings Helpers removed (no longer called): - _tactic_names() — MITRE tactics dropped from export - _enrich_sim_techniques() — MITRE techniques dropped from export Fields dropped from export: status, techniques, tactic_ids, prerequisites, id, created_at, updated_at (intentional — focused RT↔SOC handoff, see SPEC §Export). _csv_safe() still applied to all 7 user-controlled cells including Exécution concat. Tests updated: 255 passed, ruff clean, mypy clean. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-08 19:15:49 +02:00
Knacky	3725d4415e	chore: code-review cleanups (NITs + filename defense-in-depth test) - NIT-1: remove dead _technique_names() and _technique_ids() helpers (no callers) - NIT-2: rename engagement → _engagement in render_engagement_csv signature - NIT-4: remove duplicate inline User import in test_export_csv_escapes_special_characters - NIT-5: add comment on _CSV_FORMULA_TRIGGERS explaining \t and \r inclusion - REUSE: replace custom _html_escape with stdlib html.escape (quote=True default) - Remove now-unnecessary type: ignore comments on weasyprint (stubs resolve cleanly) - Add test_export_filename_never_contains_quote_or_crlf defense-in-depth test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-08 18:23:39 +02:00
Knacky	5471c8fd89	test: add export endpoint + render unit tests (226 → 249 passing) - test_export_engagement.py: 13 endpoint tests — RBAC (admin/redteam ok, SOC 403, 401 unauthenticated), CSV column contract, CSV special char escaping, PDF magic bytes, 400 on missing/unknown format, 404 on missing engagement, zero-simulations edge case, filename slugification. - test_export_render.py: 10 unit tests on pure render functions — header fields, simulation order, techniques/tactics enrichment, SOC fields always rendered, backtick safety in commands, CSV header row, multi-technique pipe join, PDF magic bytes, MITRE bundle not loaded does not crash. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-08 17:57:40 +02:00

Knacky

7335b9f2c6

refactor(export): switch render output to fixed 7-column schema (Scénario, Test, ...)

All three renderers (MD, CSV, PDF) now emit a uniform 7-column table with
French headers matching the RT↔SOC handoff contract locked in SPEC.md fdab324.

Helpers added:
- _format_execution(sim): canonical 3-part concat (executed_at / commands / execution_result)
- _MD_HEADERS / _HTML_HEADERS / _CSV_HEADERS unified to the same 7 FR strings

Helpers removed (no longer called):
- _tactic_names() — MITRE tactics dropped from export
- _enrich_sim_techniques() — MITRE techniques dropped from export

Fields dropped from export: status, techniques, tactic_ids, prerequisites, id,
created_at, updated_at (intentional — focused RT↔SOC handoff, see SPEC §Export).

_csv_safe() still applied to all 7 user-controlled cells including Exécution concat.

Tests updated: 255 passed, ruff clean, mypy clean.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 19:15:49 +02:00

Knacky

3725d4415e

chore: code-review cleanups (NITs + filename defense-in-depth test)

- NIT-1: remove dead _technique_names() and _technique_ids() helpers (no callers)
- NIT-2: rename engagement → _engagement in render_engagement_csv signature
- NIT-4: remove duplicate inline User import in test_export_csv_escapes_special_characters
- NIT-5: add comment on _CSV_FORMULA_TRIGGERS explaining \t and \r inclusion
- REUSE: replace custom _html_escape with stdlib html.escape (quote=True default)
- Remove now-unnecessary type: ignore comments on weasyprint (stubs resolve cleanly)
- Add test_export_filename_never_contains_quote_or_crlf defense-in-depth test

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 18:23:39 +02:00

Knacky

5471c8fd89

test: add export endpoint + render unit tests (226 → 249 passing)

- test_export_engagement.py: 13 endpoint tests — RBAC (admin/redteam ok, SOC 403,
  401 unauthenticated), CSV column contract, CSV special char escaping, PDF magic bytes,
  400 on missing/unknown format, 404 on missing engagement, zero-simulations edge case,
  filename slugification.
- test_export_render.py: 10 unit tests on pure render functions — header fields,
  simulation order, techniques/tactics enrichment, SOC fields always rendered,
  backtick safety in commands, CSV header row, multi-technique pipe join, PDF magic
  bytes, MITRE bundle not loaded does not crash.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 17:57:40 +02:00

3 Commits