From 21699021cb37c98e5096b23d6fd918fe446283d0 Mon Sep 17 00:00:00 2001
From: Sudhir Verma <sudhirvvermaa@gmail.com>
Date: Tue, 8 Jul 2025 17:56:46 +0530
Subject: [PATCH 1/2] Added Quantum Threat and Mitigation in Cbom (#727)

---
 src/apiDetailsConfig.json                     |   2 +-
 .../AssessmentReport/index.tsx                |  84 ++++++++++-
 src/resources/crypto-assets.json              | 130 ++++++++++++++++++
 3 files changed, 208 insertions(+), 8 deletions(-)
 create mode 100644 src/resources/crypto-assets.json

diff --git a/src/apiDetailsConfig.json b/src/apiDetailsConfig.json
index e193ccc1..8addd4cb 100644
--- a/src/apiDetailsConfig.json
+++ b/src/apiDetailsConfig.json
@@ -13,6 +13,6 @@
         "token": ""
     },
     "activeTool": "github",
-    "version": "0.28.7",
+    "version": "0.28.8",
     "labName": "Be-Secure Community Lab"
 }
diff --git a/src/pages/BesVersionHistory/AssessmentReport/index.tsx b/src/pages/BesVersionHistory/AssessmentReport/index.tsx
index 3df84009..bfe97319 100644
--- a/src/pages/BesVersionHistory/AssessmentReport/index.tsx
+++ b/src/pages/BesVersionHistory/AssessmentReport/index.tsx
@@ -39,11 +39,25 @@ import FetchSastReport from './FetchSastReport';
 import { PieChart, Pie, Legend, Cell, Tooltip, Sector } from 'recharts';
 
 import cryptoDictionary from '../../../resources/crypto-dictionary.json';
+import rawCryptoAsset from '../../../resources/crypto-assets.json';
+
 import * as d3 from 'd3';
 import { ArrowBackIos, ArrowForwardIos } from '@mui/icons-material';
 
 type CryptoPrimitive = keyof typeof cryptoDictionary
 
+type CryptoAssetEntry = {
+  "Quantum Threat": string;
+  Mitigation: string;
+};
+
+type CryptoAssetMap = {
+  [key: string]: CryptoAssetEntry; // index signature
+};
+
+const cryptoAsset = rawCryptoAsset as CryptoAssetMap;
+
+
 export const fetchJsonData = async (link: any, setJsonData: any, defaultJson?: any) => {
   try {
     const response = await fetchJsonReport(link, defaultJson);
@@ -522,6 +536,8 @@ const TABLE_HEAD = [
   },
   { id: 'Primitive', label: 'Primitive', alignRight: false },
   { id: 'Location', label: 'Location', alignRight: false },
+  { id: 'Quantum Threat', label: 'Quantum Threat', alignRight: false },
+  { id: 'Mitigation', label: 'Mitigation', alignRight: false },
 ];
 
 type BubbleData = {
@@ -946,6 +962,52 @@ const SortedLegend = ({
   );
 };
 
+const interpolate = (template: string, context: Record<string, any>) => {
+  return template.replace(/\$\{(\w+)\}/g, (_, key) =>
+    context[key] !== undefined && context[key] !== null ? context[key] : 'unknown'
+  );
+};
+
+const getBaseName = (str: string) =>
+  str.split('@')[0] || str;
+
+const getMatchKey = (name: string, cryptoGraphyAsset: any) => {
+  const baseName = getBaseName(name).toLowerCase();
+  return (
+    Object.keys(cryptoGraphyAsset).find(
+      (key) => key.toLowerCase() === baseName
+    ) || 'Unspecified'
+  );
+};
+
+const renderThreatInfo = (row: any, cryptoGraphyAsset: any) => {
+  const props = row.cryptoProperties || {};
+  const algProps = props.algorithmProperties || {};
+  const relProps = props.relatedCryptoMaterialProperties || {};
+  const primitive = algProps.primitive || relProps.type || '';
+  const curve = algProps.curve || '';
+  const keySize = algProps.parameterSetIdentifier || 'unknown';
+  const usage = (algProps.cryptoFunctions || []).join(', ') || '';
+
+  const matchKey = getMatchKey(row.name, cryptoGraphyAsset);
+  const threatInfo = cryptoGraphyAsset[matchKey];
+
+  const context = { keySize, curve, usage, primitive };
+  if (matchKey === "Unspecified") {
+    return {
+      threat: "Quantum threat unknown or not assessed.",
+      mitigation: "Review cryptographic asset for quantum-safe alternatives.",
+      isKnown: false
+    };
+  }
+
+  return {
+    threat: interpolate(threatInfo["Quantum Threat"], context),
+    mitigation: interpolate(threatInfo["Mitigation"], context),
+    isKnown: true
+  };
+};
+
 const CryptographyModal = ({ cryptography }: any) => {
   const cryptoPrimitivesData = generateCryptoStats(cryptography);
   const cryptoFunctionsData = generateCryptoFunctionsData(cryptography);
@@ -1172,9 +1234,10 @@ const CryptographyModal = ({ cryptography }: any) => {
                   (occurrence: any) => ({
                     name: component.name.toUpperCase(),
                     primitive:
-                                            component.cryptoProperties?.algorithmProperties?.primitive.toUpperCase() ||
-                                            'Unspecified',
+                      component.cryptoProperties?.algorithmProperties?.primitive.toUpperCase() ||
+                      'Unspecified',
                     filename: `${occurrence.location.split('/').pop()}:${occurrence.line}`,
+                    cryptoProperties: component.cryptoProperties,
                   })
                 )
               )
@@ -1182,20 +1245,27 @@ const CryptographyModal = ({ cryptography }: any) => {
                 page * rowsPerPage,
                 page * rowsPerPage + rowsPerPage
               ) // <-- Apply pagination here
-              .map((row: any, index: any) => (
-                <TableRow key={ index }>
+              .map((row: any, index: any) => {
+                const threat = renderThreatInfo(row, cryptoAsset);
+                return (<TableRow key={ index }>
                   <TableCell>{ row.name }</TableCell>
                   <TableCell>
                     <div>{ row.primitive }</div>
                     <div style={ { color: '#888' } }>
                       { cryptoDictionary?.[
-                                                row.primitive.toLowerCase() as CryptoPrimitive
+                        row.primitive.toLowerCase() as CryptoPrimitive
                       ]?.fullName || '' }
                     </div>
                   </TableCell>
                   <TableCell>{ row.filename }</TableCell>
-                </TableRow>
-              )) }
+                  <TableCell style={ { color: threat.isKnown ? '#c9302c' : '#d9534f' } }>
+                    { threat.threat }
+                  </TableCell>
+                  <TableCell style={ { color: threat.isKnown ? '#449d44' : '#5cb85c' } }>
+                    { threat.mitigation }
+                  </TableCell>
+                </TableRow>);
+              }) }
           </TableBody>
         </Table>
         <TablePagination
diff --git a/src/resources/crypto-assets.json b/src/resources/crypto-assets.json
new file mode 100644
index 00000000..890e65e9
--- /dev/null
+++ b/src/resources/crypto-assets.json
@@ -0,0 +1,130 @@
+{
+    "ECDH": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can recover private keys).",
+        "Mitigation": "Transition to post-quantum key exchange (e.g., Kyber) or hybrid key exchange."
+    },
+    "SHA1": {
+        "Quantum Threat": "Weak against classical and quantum attacks. Grover’s algorithm halves security.",
+        "Mitigation": "Replace with SHA-256 or SHA-3 for better quantum and classical resistance."
+    },
+    "EC": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can recover private keys).",
+        "Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
+    },
+    "EC-secp521r1": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: secp521r1.",
+        "Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
+    },
+    "key": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "RAW": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "EdDSA": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can break signatures).",
+        "Mitigation": "Use post-quantum signature algorithms (e.g., Dilithium, Falcon)."
+    },
+    "HMAC-SHA256": {
+        "Quantum Threat": "Grover’s algorithm halves effective key security.",
+        "Mitigation": "Use longer keys (e.g., 256 bits) and quantum-resistant hash functions."
+    },
+    "RSA-2048": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can factor 2048-bit keys).",
+        "Mitigation": "Transition to post-quantum public key algorithms (e.g., lattice-based)."
+    },
+    "DSA": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can break signatures).",
+        "Mitigation": "Transition to post-quantum signature algorithms."
+    },
+    "Ed25519": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can break signatures).",
+        "Mitigation": "Use post-quantum signature algorithms."
+    },
+    "secret-key": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "EC-secp384r1": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: ${curve}. Key size: ${keySize};",
+        "Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
+    },
+    "AES": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "SHA512": {
+        "Quantum Threat": "Hash Function: Reduces security margin with the usage of a quantum computer",
+        "Mitigation": "Shift to SHA3-512 or SPHINCS+ to remain secure in quantum era"
+    },
+    "TLS": {
+        "Quantum Threat": "Protocol: TLS 1.2 uses RSA which is a threat due to Shor’s Algorithm",
+        "Mitigation": "Move to post-quantum or hybrid key exchange schemes, TLS 1.3 with Kyber 512(PQC)"
+    },
+    "HMACSHA2": {
+        "Quantum Threat": "Hash Function with Secret: Vulnerable due to Grover’s algorithm quadratic speed up.",
+        "Mitigation": "For long term confidentiality, it's good to have HMAC with PQC safe key exchange."
+    },
+    "MGF1": {
+        "Quantum Threat": "Mask Generation Function: Vulnerable due to Grover’s algorithm quadratic speed up.",
+        "Mitigation": "Move to post-quantum or hybrid key exchange schemes"
+    },
+    "AES128-CBC-PKCS5": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length.",
+        "Mitigation": "Move to post-quantum or hybrid key exchange schemes"
+    },
+    "AES128-GCM": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "ConcatenationKDF": {
+        "Quantum Threat": "Key Derivation Function: Due to Grover’s algorithm for the underlying hash function.",
+        "Mitigation": "Move to post-quantum or hybrid key exchange schemes."
+    },
+    "SHA256": {
+        "Quantum Threat": "Hash Function: Reduces security margin with the usage of a quantum computer",
+        "Mitigation": "Shift to SHA3-512 or SPHINCS+ to remain secure in quantum era"
+    },
+    "AES128": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "RSASSA-PSS": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can factor ${keySize}-bit keys).",
+        "Mitigation": "Transition to post-quantum public key algorithms (e.g., lattice-based);"
+    },
+    "EC-secp256r1": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: ${curve}. Key size: ${keySize};",
+        "Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
+    },
+    "RSA-4096": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm (quantum computers can factor ${keySize}-bit keys).",
+        "Mitigation": "Transition to post-quantum public key algorithms (e.g., lattice-based);"
+    },
+    "MD5": {
+        "Quantum Threat": "Hash Function: Not even safe in classical context;",
+        "Mitigation": "Shift to SHA3-512 or SPHINCS+ to remain secure in quantum era"
+    },
+    "HMAC-SHA512": {
+        "Quantum Threat": "Hash Function with Secret: Partially safe to quantum computer;",
+        "Mitigation": "For long term confidentiality, it's good to have HMAC with PQC safe key exchange."
+    },
+    "ELGAMAL": {
+        "Quantum Threat": "Vulnerable to Shor’s algorithm. Curve: ${curve}. Key size: ${keySize};",
+        "Mitigation": "Move to post-quantum or hybrid signature/key exchange schemes."
+    },
+    "PBES2": {
+        "Quantum Threat": "KDF Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "AES256": {
+        "Quantum Threat": "Symmetric keys: Grover’s algorithm halves effective key length (e.g., AES-256 → 128 bits).",
+        "Mitigation": "Use 256-bit symmetric keys or higher for long-term security."
+    },
+    "PBKDF2-HMAC-SHA512": {
+        "Quantum Threat": "Hash Function with Secret: Partially safe to quantum computer;",
+        "Mitigation": "For long term confidentiality, it's good to have HMAC with PQC safe key exchange."
+    }
+}
\ No newline at end of file

From 37c84e489583a2612a6b2efdfd0ab9b77e16e63a Mon Sep 17 00:00:00 2001
From: Sudhir Verma <sudhirvvermaa@gmail.com>
Date: Tue, 8 Jul 2025 18:04:03 +0530
Subject: [PATCH 2/2] Added Quantum Threat and Mitigation in Cbom (#729)

---
 src/pages/BesVersionHistory/AssessmentReport/index.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pages/BesVersionHistory/AssessmentReport/index.tsx b/src/pages/BesVersionHistory/AssessmentReport/index.tsx
index bfe97319..a25e8a86 100644
--- a/src/pages/BesVersionHistory/AssessmentReport/index.tsx
+++ b/src/pages/BesVersionHistory/AssessmentReport/index.tsx
@@ -1003,7 +1003,7 @@ const renderThreatInfo = (row: any, cryptoGraphyAsset: any) => {
 
   return {
     threat: interpolate(threatInfo["Quantum Threat"], context),
-    mitigation: interpolate(threatInfo["Mitigation"], context),
+    mitigation: interpolate(threatInfo.Mitigation, context),
     isKnown: true
   };
 };