compliance

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 11 Imported by: 0

README

OWASP LLM Compliance Mapping Module

This module provides functionality for mapping test results to compliance standards, specifically OWASP LLM Top 10 and ISO/IEC 42001 requirements. It enables comprehensive compliance reporting based on test results.

Features

  • Map test results to OWASP LLM Top 10 categories
  • Map test results to ISO/IEC 42001 requirements
  • Generate detailed compliance reports
  • Export reports in various formats (currently JSON, expandable to others)
  • Calculate compliance percentages and statistics
  • Provide remediation recommendations

Components

Types and Interfaces
  • ComplianceStandard: Represents a compliance standard (e.g., OWASP-LLM, ISO-42001)
  • ComplianceRequirement: Represents a specific requirement within a standard
  • ComplianceMapping: Maps vulnerability types to compliance requirements
  • ComplianceReport: Contains comprehensive compliance information for a test suite
  • StandardComplianceResult: Contains compliance results for a specific standard
  • RequirementComplianceResult: Contains compliance results for a specific requirement
Core Interfaces
  • ComplianceMapper: Maps test results to compliance requirements
  • ComplianceReporter: Generates compliance reports
  • ComplianceService: Combines mapping and reporting capabilities
Implementations
  • BaseComplianceMapper: Base implementation of the ComplianceMapper interface
  • ComplianceReporterImpl: Implementation of the ComplianceReporter interface
  • ComplianceServiceImpl: Implementation of the ComplianceService interface
  • ComplianceServiceFactory: Factory for creating compliance services

Usage

Creating a Compliance Service
// Create a new compliance service
service := compliance.NewComplianceService()
Mapping Test Results to Compliance Requirements
// Map a test result to compliance requirements
mappings, err := service.MapTestResult(ctx, testResult)
if err != nil {
    // Handle error
}

// Map a test suite to compliance requirements
mappings, err := service.MapTestSuite(ctx, testSuite)
if err != nil {
    // Handle error
}
Generating Compliance Reports
// Create report options
options := &compliance.ComplianceReportOptions{
    Standards:              []compliance.ComplianceStandard{compliance.OWASPLM, compliance.ISO42001},
    IncludeRecommendations: true,
    IncludeTestResults:     true,
    Format:                 "json",
    Title:                  "OWASP LLM Compliance Report",
}

// Generate a compliance report
report, err := service.GenerateReport(ctx, testSuite, options)
if err != nil {
    // Handle error
}

// Export the report to a file
err = service.ExportReport(ctx, report, "json", "compliance_report.json")
if err != nil {
    // Handle error
}
Getting Compliance Status
// Get compliance status for a specific standard
status, err := service.GetComplianceStatus(ctx, testSuite, compliance.OWASPLM)
if err != nil {
    // Handle error
}

// Check overall compliance percentage
fmt.Printf("Overall compliance: %.2f%%\n", status.OverallCompliance)

Extending the Module

Adding New Compliance Standards

To add a new compliance standard:

  1. Add a new constant in types.go
  2. Create requirements for the standard in base_mapper.go
  3. Map vulnerability types to the new requirements
Adding New Report Formats

To add a new report format:

  1. Add a new export method in reporter.go
  2. Update the ExportReport method to handle the new format

Testing

Run the tests using:

go test -v ./src/testing/owasp/compliance

Documentation

Overview

Package compliance provides mapping between test results and compliance standards

Package compliance provides mapping between test results and compliance standards

Package compliance provides mapping between test results and compliance standards

Package compliance provides compliance mapping and reporting functionality

Package compliance provides mapping between test results and compliance standards

Package compliance provides mapping between test results and compliance standards

Package compliance provides compliance mapping and reporting functionality

Package compliance provides mapping between test results and compliance standards

Package compliance provides mapping between test results and compliance standards

Package compliance provides mapping between test results and compliance standards

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterDefaultWithTestFactory

func RegisterDefaultWithTestFactory(factory types.TestFactory, complianceService ComplianceService) error

RegisterDefaultWithTestFactory registers the provided compliance service with the test factory

func RegisterWithTestFactory

func RegisterWithTestFactory(factory types.TestFactory, complianceService ComplianceService) error

RegisterWithTestFactory registers the compliance service with a test factory

Types

type BaseComplianceMapper

type BaseComplianceMapper struct {
	// contains filtered or unexported fields
}

BaseComplianceMapper provides a base implementation of the ComplianceMapper interface

func NewBaseComplianceMapper

func NewBaseComplianceMapper() *BaseComplianceMapper

NewBaseComplianceMapper creates a new base compliance mapper

func (*BaseComplianceMapper) GetRequirementsForStandard

func (m *BaseComplianceMapper) GetRequirementsForStandard(ctx context.Context, standard ComplianceStandard) ([]*ComplianceRequirement, error)

GetRequirementsForStandard returns all requirements for a specific compliance standard

func (*BaseComplianceMapper) GetRequirementsForVulnerability

func (m *BaseComplianceMapper) GetRequirementsForVulnerability(ctx context.Context, vulnerabilityType types.VulnerabilityType) ([]*ComplianceRequirement, error)

GetRequirementsForVulnerability returns compliance requirements for a specific vulnerability type

func (*BaseComplianceMapper) GetSupportedStandards

func (m *BaseComplianceMapper) GetSupportedStandards(ctx context.Context) ([]ComplianceStandard, error)

GetSupportedStandards returns all supported compliance standards

func (*BaseComplianceMapper) MapTestResult

func (m *BaseComplianceMapper) MapTestResult(ctx context.Context, testResult *types.TestResult) ([]*ComplianceMapping, error)

MapTestResult maps a test result to compliance requirements

func (*BaseComplianceMapper) MapTestSuite

MapTestSuite maps a test suite to compliance requirements

func (*BaseComplianceMapper) RegisterMapping

func (m *BaseComplianceMapper) RegisterMapping(vulnerabilityType types.VulnerabilityType, requirements []*ComplianceRequirement) error

RegisterMapping registers a mapping between a vulnerability type and compliance requirements

func (*BaseComplianceMapper) RegisterRequirement

func (m *BaseComplianceMapper) RegisterRequirement(requirement *ComplianceRequirement) error

RegisterRequirement registers a compliance requirement

type ComplianceIntegration

type ComplianceIntegration struct {
	// contains filtered or unexported fields
}

ComplianceIntegration handles the integration of compliance mapping with the testing framework

func NewComplianceIntegration

func NewComplianceIntegration(complianceService ComplianceService) *ComplianceIntegration

NewComplianceIntegration creates a new compliance integration

func (*ComplianceIntegration) ConvertToTestResults

func (ci *ComplianceIntegration) ConvertToTestResults(
	verificationResult *security.VerificationResult,
	complianceReport *ComplianceReport,
) []*common.TestResult

func (*ComplianceIntegration) VerifyTemplateAndGenerateReport

func (ci *ComplianceIntegration) VerifyTemplateAndGenerateReport(
	ctx context.Context,
	templatePath string,
	testSuite *types.TestSuite,
	options *security.VerificationOptions,
	reportOptions *ComplianceReportOptions,
) (*security.VerificationResult, *ComplianceReport, error)

VerifyTemplateAndGenerateReport verifies a template and generates a compliance report

func (*ComplianceIntegration) VerifyTemplateFile

func (ci *ComplianceIntegration) VerifyTemplateFile(ctx context.Context, templatePath string, options *security.VerificationOptions) (*security.VerificationResult, error)

VerifyTemplateFile verifies a template file for security issues

type ComplianceMapper

type ComplianceMapper interface {
	// MapTestResult maps a test result to compliance requirements
	MapTestResult(ctx context.Context, testResult *types.TestResult) ([]*ComplianceMapping, error)

	// MapTestSuite maps a test suite to compliance requirements
	MapTestSuite(ctx context.Context, testSuite *types.TestSuite) (map[types.VulnerabilityType][]*ComplianceMapping, error)

	// GetRequirementsForVulnerability returns compliance requirements for a specific vulnerability type
	GetRequirementsForVulnerability(ctx context.Context, vulnerabilityType types.VulnerabilityType) ([]*ComplianceRequirement, error)

	// GetRequirementsForStandard returns all requirements for a specific compliance standard
	GetRequirementsForStandard(ctx context.Context, standard ComplianceStandard) ([]*ComplianceRequirement, error)

	// GetSupportedStandards returns all supported compliance standards
	GetSupportedStandards(ctx context.Context) ([]ComplianceStandard, error)
}

ComplianceMapper is an interface for mapping test results to compliance standards

type ComplianceMapping

type ComplianceMapping struct {
	// VulnerabilityType is the type of vulnerability
	VulnerabilityType types.VulnerabilityType `json:"vulnerability_type"`
	// Requirements is a list of compliance requirements that this vulnerability maps to
	Requirements []*ComplianceRequirement `json:"requirements"`
}

ComplianceMapping represents a mapping between a vulnerability type and compliance requirements

type ComplianceReport

type ComplianceReport struct {
	// Title is the title of the report
	Title string `json:"title"`
	// TestSuite is the test suite the report is based on
	TestSuite *types.TestSuite `json:"test_suite"`
	// Standards is a list of compliance standards covered in the report
	Standards []ComplianceStandard `json:"standards"`
	// Results contains the compliance results for each standard
	Results map[ComplianceStandard]*StandardComplianceResult `json:"results"`
	// StandardResults is an alias for Results for backward compatibility
	StandardResults map[ComplianceStandard]*StandardComplianceResult `json:"standard_results"`
	// GeneratedAt is the time the report was generated
	GeneratedAt string `json:"generated_at"`
	// Metadata contains additional metadata for the report
	Metadata map[string]interface{} `json:"metadata"`
	// OverallCompliance is the overall compliance percentage across all standards
	OverallCompliance float64 `json:"overall_compliance"`
	// Options contains the options used to generate the report
	Options *ComplianceReportOptions `json:"options,omitempty"`
}

ComplianceReport represents a compliance report for a test suite

type ComplianceReportOptions

type ComplianceReportOptions struct {
	// Standards is a list of compliance standards to include in the report
	Standards []ComplianceStandard `json:"standards"`
	// IncludeRecommendations indicates whether to include recommendations in the report
	IncludeRecommendations bool `json:"include_recommendations"`
	// IncludeTestResults indicates whether to include detailed test results in the report
	IncludeTestResults bool `json:"include_test_results"`
	// Format is the format of the report
	Format string `json:"format"`
	// OutputPath is the path to save the report to
	OutputPath string `json:"output_path"`
	// Title is the title of the report
	Title string `json:"title"`
	// Metadata contains additional metadata for the report
	Metadata map[string]interface{} `json:"metadata"`
}

ComplianceReportOptions represents options for generating a compliance report

type ComplianceReporter

type ComplianceReporter interface {
	// GenerateReport generates a compliance report for a test suite
	GenerateReport(ctx context.Context, testSuite *types.TestSuite, options *ComplianceReportOptions) (*ComplianceReport, error)

	// ExportReport exports a compliance report to a file
	ExportReport(ctx context.Context, report *ComplianceReport, format string, outputPath string) error

	// GetComplianceStatus returns the compliance status for a test suite
	GetComplianceStatus(ctx context.Context, testSuite *types.TestSuite, standard ComplianceStandard) (*StandardComplianceResult, error)
}

ComplianceReporter is an interface for generating compliance reports

type ComplianceReporterImpl

type ComplianceReporterImpl struct {
	// contains filtered or unexported fields
}

ComplianceReporterImpl implements the ComplianceReporter interface

func NewComplianceReporter

func NewComplianceReporter(mapper ComplianceMapper) *ComplianceReporterImpl

NewComplianceReporter creates a new compliance reporter

func (*ComplianceReporterImpl) ExportReport

func (r *ComplianceReporterImpl) ExportReport(ctx context.Context, report *ComplianceReport, format string, outputPath string) error

ExportReport exports a compliance report to a file

func (*ComplianceReporterImpl) GenerateReport

func (r *ComplianceReporterImpl) GenerateReport(ctx context.Context, testSuite *types.TestSuite, options *ComplianceReportOptions) (*ComplianceReport, error)

GenerateReport generates a compliance report for a test suite

func (*ComplianceReporterImpl) GetComplianceStatus

func (r *ComplianceReporterImpl) GetComplianceStatus(ctx context.Context, testSuite *types.TestSuite, standard ComplianceStandard) (*StandardComplianceResult, error)

GetComplianceStatus returns the compliance status for a test suite

type ComplianceRequirement

type ComplianceRequirement struct {
	// ID is the identifier of the requirement (e.g., "LLM01", "8.2.3")
	ID string `json:"id"`
	// Standard is the compliance standard this requirement belongs to
	Standard ComplianceStandard `json:"standard"`
	// Name is the name of the requirement
	Name string `json:"name"`
	// Description is a description of the requirement
	Description string `json:"description"`
	// Category is the category of the requirement within the standard
	Category string `json:"category"`
	// References contains links to additional information about the requirement
	References []string `json:"references"`
}

ComplianceRequirement represents a specific requirement within a compliance standard

type ComplianceService

type ComplianceService interface {
	ComplianceMapper
	ComplianceReporter
}

ComplianceService is an interface that combines mapping and reporting capabilities

func GetComplianceService

func GetComplianceService(factory types.TestFactory) (ComplianceService, error)

GetComplianceService gets the compliance service from a test factory

type ComplianceServiceFactory

type ComplianceServiceFactory struct {
	// contains filtered or unexported fields
}

ComplianceServiceFactory is a factory for creating compliance services

func NewComplianceServiceFactory

func NewComplianceServiceFactory() *ComplianceServiceFactory

NewComplianceServiceFactory creates a new compliance service factory

func (*ComplianceServiceFactory) GetAllServices

func (f *ComplianceServiceFactory) GetAllServices() map[string]ComplianceService

GetAllServices returns all registered compliance services

func (*ComplianceServiceFactory) GetCustomService

func (f *ComplianceServiceFactory) GetCustomService(name string) (ComplianceService, bool)

GetCustomService returns a custom compliance service by name

func (*ComplianceServiceFactory) GetDefaultService

func (f *ComplianceServiceFactory) GetDefaultService() ComplianceService

GetDefaultService returns the default compliance service

func (*ComplianceServiceFactory) RegisterCustomService

func (f *ComplianceServiceFactory) RegisterCustomService(name string, service ComplianceService)

RegisterCustomService registers a custom compliance service

type ComplianceServiceImpl

type ComplianceServiceImpl struct {
	// contains filtered or unexported fields
}

ComplianceServiceImpl implements the ComplianceService interface

func NewComplianceService

func NewComplianceService() *ComplianceServiceImpl

NewComplianceService creates a new compliance service

func (*ComplianceServiceImpl) ExportReport

func (s *ComplianceServiceImpl) ExportReport(ctx context.Context, report *ComplianceReport, format string, outputPath string) error

ExportReport exports a compliance report to a file

func (*ComplianceServiceImpl) GenerateReport

func (s *ComplianceServiceImpl) GenerateReport(ctx context.Context, testSuite *types.TestSuite, options *ComplianceReportOptions) (*ComplianceReport, error)

GenerateReport generates a compliance report for a test suite

func (*ComplianceServiceImpl) GetComplianceStatus

func (s *ComplianceServiceImpl) GetComplianceStatus(ctx context.Context, testSuite *types.TestSuite, standard ComplianceStandard) (*StandardComplianceResult, error)

GetComplianceStatus returns the compliance status for a test suite

func (*ComplianceServiceImpl) GetRequirementsForStandard

func (s *ComplianceServiceImpl) GetRequirementsForStandard(ctx context.Context, standard ComplianceStandard) ([]*ComplianceRequirement, error)

GetRequirementsForStandard returns all requirements for a specific compliance standard

func (*ComplianceServiceImpl) GetRequirementsForVulnerability

func (s *ComplianceServiceImpl) GetRequirementsForVulnerability(ctx context.Context, vulnerabilityType types.VulnerabilityType) ([]*ComplianceRequirement, error)

GetRequirementsForVulnerability returns compliance requirements for a specific vulnerability type

func (*ComplianceServiceImpl) GetSupportedStandards

func (s *ComplianceServiceImpl) GetSupportedStandards(ctx context.Context) ([]ComplianceStandard, error)

GetSupportedStandards returns all supported compliance standards

func (*ComplianceServiceImpl) MapTestResult

func (s *ComplianceServiceImpl) MapTestResult(ctx context.Context, testResult *types.TestResult) ([]*ComplianceMapping, error)

MapTestResult maps a test result to compliance requirements

func (*ComplianceServiceImpl) MapTestSuite

MapTestSuite maps a test suite to compliance requirements

type ComplianceStandard

type ComplianceStandard string

ComplianceStandard represents a compliance standard

const (
	OWASPLM        ComplianceStandard = "OWASP-LLM"
	OWASPLLMTop10  ComplianceStandard = "OWASP-LLM-TOP-10"
	ISO42001       ComplianceStandard = "ISO-42001"
	NIST800        ComplianceStandard = "NIST-800"
	GDPR           ComplianceStandard = "GDPR"
	HIPAA          ComplianceStandard = "HIPAA"
	SOC2           ComplianceStandard = "SOC2"
	CustomStandard ComplianceStandard = "CUSTOM"
)

Supported compliance standards

func (ComplianceStandard) ID

func (s ComplianceStandard) ID() string

ID returns the ID of the compliance standard

func (ComplianceStandard) Name

func (s ComplianceStandard) Name() string

Name returns the name of the compliance standard

type MockTestFactory

type MockTestFactory struct {
	// contains filtered or unexported fields
}

MockTestFactory is a mock implementation of the TestFactory interface for testing

func NewMockTestFactory

func NewMockTestFactory() *MockTestFactory

NewMockTestFactory creates a new mock test factory

func (*MockTestFactory) CreateTestCase

func (f *MockTestFactory) CreateTestCase(vulnerabilityType types.VulnerabilityType, id string, name string, description string) (*types.TestCase, error)

CreateTestCase creates a new test case

func (*MockTestFactory) CreateTestSuite

func (f *MockTestFactory) CreateTestSuite(id string, name string, description string) (*types.TestSuite, error)

CreateTestSuite creates a new test suite

func (*MockTestFactory) GetComplianceService

func (f *MockTestFactory) GetComplianceService() (interface{}, error)

GetComplianceService returns the registered compliance service

func (*MockTestFactory) GetValidator

func (f *MockTestFactory) GetValidator(vulnerabilityType types.VulnerabilityType) (interface{}, error)

GetValidator returns a validator for a specific vulnerability type

func (*MockTestFactory) RegisterComplianceService

func (f *MockTestFactory) RegisterComplianceService(service interface{}) error

RegisterComplianceService registers a compliance service with the test factory

func (*MockTestFactory) RegisterValidator

func (f *MockTestFactory) RegisterValidator(validator interface{}) error

RegisterValidator registers a validator with the test factory

type ReportingIntegration

type ReportingIntegration struct {
	// contains filtered or unexported fields
}

ReportingIntegration handles the integration between compliance mapping and reporting

func NewReportingIntegration

func NewReportingIntegration(complianceService ComplianceService, templateVerifier security.TemplateVerifier) *ReportingIntegration

NewReportingIntegration creates a new reporting integration

func (*ReportingIntegration) ConvertTemplateComplianceToTestResults

func (ri *ReportingIntegration) ConvertTemplateComplianceToTestResults(result *TemplateComplianceResult) []*common.TestResult

ConvertTemplateComplianceToTestResults converts a template compliance result to test results

func (*ReportingIntegration) ConvertToTestResults

func (ri *ReportingIntegration) ConvertToTestResults(report *ComplianceReport) []*common.TestResult

ConvertToTestResults converts a compliance report to test results

func (*ReportingIntegration) GenerateComplianceReport

func (ri *ReportingIntegration) GenerateComplianceReport(ctx context.Context, testSuite *types.TestSuite, options *ComplianceReportOptions) (*ComplianceReport, error)

GenerateComplianceReport generates a compliance report for a test suite

func (*ReportingIntegration) VerifyTemplateSecurityAndCompliance

func (ri *ReportingIntegration) VerifyTemplateSecurityAndCompliance(ctx context.Context, templatePath string, testSuite *types.TestSuite, options *security.VerificationOptions) (*TemplateComplianceResult, error)

VerifyTemplateSecurityAndCompliance verifies template security and compliance

type RequirementComplianceResult

type RequirementComplianceResult struct {
	// Requirement is the compliance requirement
	Requirement *ComplianceRequirement `json:"requirement"`
	// Compliant indicates if the requirement is compliant
	Compliant bool `json:"compliant"`
	// TestResults contains the test results related to this requirement
	TestResults []*types.TestResult `json:"test_results"`
	// VulnerabilityTypes contains the vulnerability types related to this requirement
	VulnerabilityTypes []types.VulnerabilityType `json:"vulnerability_types"`
	// HighestSeverity is the highest severity level found in the test results
	HighestSeverity detection.SeverityLevel `json:"highest_severity"`
	// Recommendations contains recommendations for addressing non-compliance
	Recommendations []string `json:"recommendations"`
	// Reason contains the reason for compliance or non-compliance
	Reason string `json:"reason,omitempty"`
}

RequirementComplianceResult represents compliance results for a specific requirement

type StandardComplianceResult

type StandardComplianceResult struct {
	// Standard is the compliance standard
	Standard ComplianceStandard `json:"standard"`
	// RequirementResults contains results for each requirement
	RequirementResults map[string]*RequirementComplianceResult `json:"requirement_results"`
	// OverallCompliance is the overall compliance percentage
	OverallCompliance float64 `json:"overall_compliance"`
	// CompliancePercentage is an alias for OverallCompliance for backward compatibility
	CompliancePercentage float64 `json:"compliance_percentage"`
	// PassedRequirements is the number of requirements that passed
	PassedRequirements int `json:"passed_requirements"`
	// RequirementsMet is an alias for PassedRequirements for backward compatibility
	RequirementsMet int `json:"requirements_met"`
	// TotalRequirements is the total number of requirements
	TotalRequirements int `json:"total_requirements"`
	// Summary is a summary of the compliance results
	Summary string `json:"summary"`
}

StandardComplianceResult represents compliance results for a specific standard

type TemplateComplianceResult

type TemplateComplianceResult struct {
	TemplatePath         string                       `json:"template_path"`
	TemplateID           string                       `json:"template_id"`
	TemplateName         string                       `json:"template_name"`
	SecurityResult       *security.VerificationResult `json:"security_result"`
	ComplianceReport     *ComplianceReport            `json:"compliance_report"`
	OverallCompliance    bool                         `json:"overall_compliance"`
	ComplianceByStandard map[string]bool              `json:"compliance_by_standard"`
}

TemplateComplianceResult represents the combined result of template security verification and compliance mapping

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL