Colormap

[izar]

Added --colormap as a companion to --dfd: paints elements green/yellow/red according to the severity of their findings.

[colesmj]

Is this setting the color of the entire dfd, or of a specific Element?

[izar]

element

[colesmj]

A general comment: How do you want to address setting the color for an Element when multiple Findings / Threats are associated with it where each has differing severities?

Also, when a Finding has a CVSS score, which translates to None, Low, Medium, High, Critical by the CVSS spec, can these be used instead?

[izar]

right now the final color of the element is the highest severity found among its findings, and right now i am ignoring the cvss score in favor of the severity hardcoded in the finding (from threats.json)

[colesmj]

Did you have any tests that used a non-zero severity? What about tests that tested the severity-setting logic on pytm.py:1498 (added)?

[izar]

I did, but this specific one I think appears here because it is an element without a finding (so it defaults to 0)

[colesmj]

Please check - all severity in this file are 0. Please be sure to add non-zero severity tests (you are using severity to determine color, correct?).

[izar]

ready for re-review

[izar]

good catch.

[colesmj]

The output.json still shows only 0 severity outcomes. I see your test code should generate High severity, did the output file not get updated?

[izar]

The colormap testing is looking straight into the generated dot file, not on output.json - check dfd_colormap.dot, you'll see it has different colors compared with dfd.dot, those represent the severities.