OWASP · sydseter · Jan 20, 2026 · Jan 20, 2026 · Jan 20, 2026 · Jan 20, 2026
@@ -14,3 +14,8 @@ vite.config.ts.timestamp-*
 /.vs
 package-lock.json
 coverage/**
+
+# SvelteKit files
+/.svelte
+**/.svelte-kit
+**/coverage
@@ -0,0 +1,6 @@
+export type Deck =
+{
+    edition : string,
+    version : string,
+    lang : string[]
+}
@@ -0,0 +1,84 @@
+import {expect, describe, it} from 'vitest';
+import { MappingController } from './mappingController';
+
+
+describe('MappingController tests', () => {
+    it("should return web app card mapping data.", async () => {
+
+        const mappingData = {
+            suits: [
+                {
+                    name: "Test Suit",
+                    cards: [
+                        {
+                            id: "webapp-1",
+                            owasp_asvs: ["1.1", "1.2"],
+                            name: "Test Card"
+                        }
+                    ]
+                }
+            ]
+        };
+        const controller = new MappingController(mappingData);
+
+        const webAppMapping = controller.getWebAppCardMappings("webapp-1");
+        expect(webAppMapping).toBeDefined();
+        expect(webAppMapping.id).toBe("webapp-1");
+        expect(webAppMapping.owasp_asvs).toEqual(["1.1", "1.2"]);
+    });
+
+    it("should return mobile app card mapping data.", async () => {
+
+        const mappingData = {
+            suits: [
+                {
+                    name: "Test Suit",
+                    cards: [
+                        {
+                            id: "mobileapp-1",
+                            owasp_masvs: ["MASVS-1", "MASVS-2"],
+                            owasp_mastg: ["MASTG-1"],
+                            capec: [1, 2],
+                            safecode: [101, 102]
+                        }
+                    ]
+                }
+            ]
+        };
+        const controller = new MappingController(mappingData);
+        const mobileAppMapping = controller.getMobileAppCardMappings("mobileapp-1");
+        expect(mobileAppMapping).toBeDefined();
+        expect(mobileAppMapping.id).toBe("mobileapp-1");
+        expect(mobileAppMapping.owasp_masvs).toEqual(["MASVS-1", "MASVS-2"]);
+        expect(mobileAppMapping.capec).toEqual([1, 2]);
+        expect(mobileAppMapping.safecode).toEqual([101, 102]);
+
+    });
+
+    it("should return empty mapping for non-existing card.", async () => {
+        const mappingData = {
+            suits: []
+        };
+        const controller = new MappingController(mappingData);
+        const webAppMapping = controller.getWebAppCardMappings("non-existing-card");
+        expect(webAppMapping).toBeDefined();
+        expect(Object.keys(webAppMapping).length).toBe(0);
+
+        const controller2 = new MappingController({});
+        const webAppMapping2 = controller2.getWebAppCardMappings("non-existing-card");
+        expect(webAppMapping2).toBeDefined();
+        expect(Object.keys(webAppMapping2).length).toBe(0);
+    });
+
+    it("should return meta information.", async () => {
+        const mappingData = {
+            meta: { version: "1.0", date: "2024-01-01" },
+            suits: []
+        };
+        const controller = new MappingController(mappingData);
+        const meta = controller.getMeta();
+        expect(meta).toBeDefined();
+        expect(meta.version).toBe("1.0");
+        expect(meta.date).toBe("2024-01-01");
+    });
+});
@@ -15,6 +15,13 @@ export type WebAppMapping  =
     owasp_appsensor : string[],
     capec : number[],
     safecode : number[],
+    capec_map : {
+    [key: number]: {
+        owasp_asvs: (string)[],
+        name: string,
+        id: number
+        }
+    };
 
 }
 
@@ -34,13 +41,6 @@ export class MappingController {
         this.mapping = mapping;
     }
 
-    private static parseSuit(suit : string) : string
-    {
-        suit = suit.replaceAll("-" , " ");
-        return suit;
-
-    }
-
     public getWebAppCardMappings(card : string) : WebAppMapping
     {
         return this.getCardMappings(card) as WebAppMapping;

@@ -0,0 +1,14 @@
+import {expect, describe, it} from 'vitest';
+import { MASTG_TESTS_MAPPING } from './mastg';
+
+describe('MASTG_TESTS_MAPPING tests', () => {
+    it("should have correct mapping for TEST-0001 to TEST-0059.", async () => {
+        expect(MASTG_TESTS_MAPPING["TEST-0001"]).toBe("STORAGE"); 
+        expect(MASTG_TESTS_MAPPING["TEST-0025"]).toBe("CODE");
+
+        expect(MASTG_TESTS_MAPPING["TEST-0038"]).toBe("RESILIENCE");
+        expect(MASTG_TESTS_MAPPING["TEST-0059"]).toBe("PLATFORM");
+        expect(MASTG_TESTS_MAPPING["TEST-00600"]).toBeUndefined();
+        expect(Object.keys(MASTG_TESTS_MAPPING).length).toBe(93); 
+    });
+});
@@ -9,7 +9,7 @@
 
     let { blogpost }: Props = $props();
 
-    let authorLink : string = '/author/' + blogpost.author;
+    let authorLink = $derived('/author/' + blogpost.author);
 </script>
 
 <div class="metadata">

@@ -13,8 +13,8 @@
 
     let { card = $bindable(), cards, mappingData }: Props = $props();
     let t = readTranslation();
-    let nextCard = cards.get(card.next);
-    let previousCard = cards.get(card.prevous);
+    let nextCard = $derived(cards.get(card.next));
+    let previousCard = $derived(cards.get(card.prevous));
     function checkKey(event : any) 
     {
         const KEYCODE_RIGHT = 39;

@@ -33,7 +33,7 @@
     language
   }: Props = $props();
 
-  const controller: MappingController = new MappingController(mappingData);
+  const controller = $derived(new MappingController(mappingData));
   let t = readTranslation();
   let mappings = $state(controller.getCardMappings(card.id));
   let attacks: Attack[] = $state(GetCardAttacks(card.id));

@@ -11,11 +11,7 @@
     }
 
     let { card = $bindable(), mapping, style = '' }: Props = $props();
-    let previewStyle = $state('');
-
-    if (style) {
-        previewStyle = ' ' + style;
-    }
+    let previewStyle = $derived(style ? ' ' + style : '');
 
     function getSuitColor(suit : string, id: string)
     {

@@ -12,7 +12,7 @@
 
     // Manual selection of cards to display on the frontpage 
     let selectedCards : string[] =  ["JOA","C7","CR6","AZ5","SM4","VE3","AT2",]  
-    let mappingData : any[] = mapping.suits.map((suit: { cards: any[]; }) => suit.cards[0]).reverse();
+    let mappingData : any[] = $derived(mapping.suits.map((suit: { cards: any[]; }) => suit.cards[0]).reverse());
 
     mappingData.unshift({
         id: "JOA",

@@ -10,7 +10,6 @@
     }
 
     let { timestamp, content }: Props = $props();
-    let source = content;
     let timeAgo : string = $state('');
 
     function doOnMount()
@@ -51,8 +50,8 @@
     <div class="flex-container">
         <div class="box">
             <p class="title">OWASP Cornucopia</p>
-            {#if source != ''}
-                <SvelteMarkdown {renderers} {source}></SvelteMarkdown>
+            {#if content != ''}
+                <SvelteMarkdown {renderers} source={content}></SvelteMarkdown>
             {/if}
         </div>
     </div>

@@ -6,11 +6,7 @@
 
     let { mapping, style }: Props = $props();
 
-    let mappingStyle = $state('');
-
-    if (style) {
-        mappingStyle = ' ' + style;
-    }
+    let mappingStyle = $derived(style ? ' ' + style : '');
 
 </script>
         <p class="mapping-title{mappingStyle}">OWASP MASVS</p>

@@ -20,7 +20,7 @@
 
     let { mappingData, card = $bindable(), routes }: Props = $props();
 
-    const controller: MappingController = new MappingController(mappingData);
+    const controller = $derived(new MappingController(mappingData));
     let t = readTranslation();
     function linkMASVS(requirement: string) {
       let parts = String(requirement).split("-");

@@ -13,29 +13,14 @@
     children
   }: Props = $props();
 
-    let target : string = $state("_blank");
-    let rel : string = $state('');
-    let clazz : string = $state("");
-    let style : string = $state("");
-
-    if(href.startsWith('/') || href.startsWith('#'))
-      target = '_self';
-
-    if (raw.includes('[internal]')) {
-      rel = 'noopener';
-    }
-
-    if (raw.includes('[external]')) {
-      rel = 'noopener nofollow';
-    }
-
-    if (raw.includes('[inline]')) {
-      clazz = 'inline';
-    }
-
-    if (raw.includes('[white]')) {
-      style = ' white';
-    }
+    let target = $derived(href.startsWith('/') || href.startsWith('#') ? '_self' : '_blank');
+    let rel = $derived.by(() => {
+      if (raw.includes('[internal]')) return 'noopener';
+      if (raw.includes('[external]')) return 'noopener nofollow';
+      return '';
+    });
+    let clazz = $derived(raw.includes('[inline]') ? 'inline' : '');
+    let style = $derived(raw.includes('[white]') ? ' white' : '');
   </script>
 
   <a {rel} {target} {href} {title} class="{clazz} link-with-external-indicator{style}">{@render children?.()}</a>

@@ -5,11 +5,7 @@
     }
 
     let { mapping, style = '' }: Props = $props();
-    let mappingStyle = $state('');
-
-    if (style) {
-        mappingStyle = ' ' + style;
-    }
+    let mappingStyle = $derived(style ? ' ' + style : '');
 
 </script>
         <p class="mapping-title{mappingStyle}">STRIDE</p>

@@ -17,7 +17,7 @@
   }
 
   let { mappingData, card = $bindable(), routes }: Props = $props();
-    const controller: MappingController = new MappingController(mappingData);
+    const controller = $derived(new MappingController(mappingData));
     let t = readTranslation();
 
     function linkASVS(input: string) {