fix: Display GDAF scenarios in global project report#21
fix: Display GDAF scenarios in global project report#21ellipse2v merged 2 commits intoellipse2v:mainfrom
Conversation
- 在 report_generator.py 中添加 GDAF 运行代码(项目模式) - 添加辅助方法 _resolve_gdaf_context 和 _resolve_bom_directory - 在 generate_global_project_report 中复制 gdaf_scenarios 到 dummy_model - 在 export_service.py 中删除重复的 GDAF 代码(已移到 report_generator)
zhangtianqi-james
changed the title
| ) | ||
| logging.info(f"✅ Generated global project report with {len(all_threats_details)} total threats at {output_dir / 'global_threat_report.html'}") | ||
|
|
||
| def _resolve_gdaf_context(self, threat_model) -> Optional[str]: |
There was a problem hiding this comment.
Hello, @zhangtianqi-james thank you very much for your help in finding and fixing the bugs
The fix is structurally correct — GDAF now runs before the global report is generated, which resolves the original bug.
One technical debt item worth addressing: _resolve_gdaf_context() and _resolve_bom_directory() are now duplicated across ExportService and ReportGenerator. The commit message
describes a "move" but the originals were not removed from ExportService (they are still called there for single-model exports).
Suggested fix: extract both methods to threat_analysis/utils.py and import from both services:
in threat_analysis/utils.py
def resolve_gdaf_context(threat_model) -> Optional[str]: ...
def resolve_bom_directory(threat_model) -> Optional[str]: ...
Then in both ExportService and ReportGenerator:
from threat_analysis.utils import resolve_gdaf_context, resolve_bom_directory
This keeps a single source of truth and avoids the two copies drifting over time.
Also a minor note: generate_global_project_report() assumes all_models[0] is main_threat_model to copy gdaf_scenarios. This is correct today but fragile — worth adding a comment
documenting the ordering invariant, or passing main_threat_model explicitly as a parameter.
please could you move in utils.py these methods ?
Addresses code duplication identified in PR ellipse2v#21 review. The _resolve_gdaf_context() and _resolve_bom_directory() methods were duplicated across ExportService and ReportGenerator. This change extracts both methods to threat_analysis/utils.py as standalone functions and updates both services to import from there. Benefits: - Single source of truth for path resolution logic - Easier maintenance - changes apply to both services - Prevents future drift between duplicate implementations - Follows DRY principle The generate_global_project_report() method now includes a comment documenting the ordering invariant for all_models[0] being the main threat model, as recommended in the review. Also updated AIService._load_model_context() docstring to reference the new location of the resolution logic. Refs: PR ellipse2v#21
|
Hi, @ellipse2v thank you very much for the feedback on PR #21. I've addressed the code duplication issue:
Please review commit "refactor: extract GDAF resolution utilities to avoid duplication" (5b6ad26) and let me know if this looks good. |
2 participants
Problem
GDAF (Goal-Driven Attack Flow) scenarios were generated but not displayed in global_threat_report.html for project mode.
Root Cause
In
generate_global_project_report(), a newdummy_modelwas created butgdaf_scenariosfrommain_threat_modelwere not copied to it.Solution
export_service.pytoreport_generator.py(before global report generation)_resolve_gdaf_context()and_resolve_bom_directory()toReportGeneratorgdaf_scenariosfrommain_threat_modeltodummy_modelingenerate_global_project_report()Files Changed
threat_analysis/generation/report_generator.py(+106 lines)threat_analysis/server/export_service.py(-23 lines)Testing