OWASP · sydseter · Jan 15, 2026 · Jan 15, 2026 · Jan 15, 2026 · Jan 16, 2026
@@ -53,6 +53,10 @@ export class MappingController {
 
     public getCardMappings(card : string, addition : number = 0) : Mapping
     {
+        if (!this.mapping || !this.mapping.suits) {
+            return {} as Mapping;
+        }
+
         for(let i = 0 ; i < this.mapping.suits.length ; i++)
         {
             for(let j = 0 ; j < this.mapping.suits[i].cards.length ; j++)

@@ -56,10 +56,10 @@
   <a title="How to play OWASP Cornucopia" class="link" href="/how-to-play">{$t('cards.cardFound.a')}</a>
   <Concept card={card}></Concept>
   <Explanation card={card}></Explanation>
-  {#if card.edition == 'webapp' &&  card.value != 'A' && card.value != 'B'}
+  {#if card.edition == 'webapp'}
   <WebAppCardTaxonomy bind:card={card} {mappingData} {routes}></WebAppCardTaxonomy>
   {/if}
-  {#if card.edition == 'mobileapp' &&  card.value != 'A' && card.value != 'B'}
+  {#if card.edition == 'mobileapp'}
   <MobileAppCardTaxonomy bind:card={card} {mappingData} {routes}></MobileAppCardTaxonomy>
   {/if}
     {#key card}

@@ -53,10 +53,10 @@
         {#if mapping}
         <span class="property-card-number{previewStyle} {getTextColor(card?.suit, card?.suitId)}-text {getRoyalTextColor(card?.suit, card?.suitId, card?.value)}">{card?.card ?? card?.value}</span>
         <p class="property-card-description{previewStyle}">{card?.desc}</p>
-            {#if card?.edition == 'webapp' && card?.value != 'A' && card?.value != 'B'}
+            {#if card?.edition == 'webapp'}
                 <WebAppCardMapping {mapping} {style}></WebAppCardMapping>
             {/if}
-            {#if card?.edition == 'mobileapp' && card?.value != 'A' && card?.value != 'B'}
+            {#if card?.edition == 'mobileapp'}
                 <MobileAppCardMapping {mapping}  {style}></MobileAppCardMapping>
             {/if}
         {:else if card?.suitName == 'WILD CARD'}

@@ -57,33 +57,37 @@
 
   </script>
 
-    {#if card.value != 'A' && card.value != 'B'}
+    {#if mappings }
       <h1 class="title">{$t('cards.mobileAppCardTaxonomy.h1.1')}</h1>
+      {#if mappings.owasp_masvs}
       <MappingsList
-        title="OWASP MASVS (2.1):"
+        title="OWASP MASVS:"
         mappings={mappings.owasp_masvs}
         linkFunction={linkMASVS}
       />
+      {/if}
+      {#if mappings.owasp_mastg}
       <MappingsList 
-        title="OWASP MASTG (1.7):" 
+        title="OWASP MASTG:" 
         mappings={mappings.owasp_mastg}
         linkFunction={linkMASTG}
       />
+      {/if}
+      {#if mappings.capec}
       <MappingsList
         title="CAPEC:"
         mappings={mappings.capec}
         linkFunction={linkCapec}
       />
-      <MappingsList title="SAFECode:" mappings={mappings.safecode} />
       {/if}
-      <!--<h1 class="title">Cheatsheetseries Index</h1>-->
-      {#if card.value != 'A' && card.value != 'B'}
-      <!--<MASVSOverview mappings={[...new Set (mappings.owasp_masvs.map(s => +String(s).split('.').slice(0, 2).join('.')))]}></MASVSOverview>-->
+      {#if mappings.safecode}
+      <MappingsList title="SAFECode:" mappings={mappings.safecode} />
       {/if}
       <h1 class="title">{$t('cards.mobileAppCardTaxonomy.h1.2')}</h1>
-      {#if card.value != 'A' && card.value != 'B'}
+      {#if attacks }
       <Attacks {mappings} {attacks}></Attacks>
       {/if}
+    {/if}
 
 
 

@@ -61,48 +61,62 @@
     }
     let mappings: WebAppMapping = $state(controller.getWebAppCardMappings(card.id));
     let attacks: Attack[] = $state(GetCardAttacks(card.id));
+
+    let hasMappings = $derived(mappings && Object.keys(mappings).length > 1); 
 
     run(() => {
       mappings = controller.getWebAppCardMappings(card.id);
       attacks = GetCardAttacks(card.id);
     });
   </script>
 
-    {#if card.value != 'A' && card.value != 'B'}
+    {#if hasMappings }
       <h2 class="title clicable" id="mapping">{$t('cards.webAppCardTaxonomy.h1.1')}</h2>
+      {#if mappings.stride}
       <MappingsList 
         title="STRIDE:" 
         mappings={mappings.stride}
         linkFunction={linkSTRIDE}
         textFunction={textSTRIDE}
       />
+      {/if}
+      {#if mappings.owasp_asvs}
       <MappingsList
-        title="OWASP ASVS (4.0):"
+        title="OWASP ASVS:"
         mappings={mappings.owasp_asvs}
         linkFunction={linkASVS}
       />
+      {/if}
+      {#if mappings.capec}
       <MappingsList
         title="CAPEC:"
         mappings={mappings.capec}
         linkFunction={linkCapec}
       />
+      {/if}
+      {#if mappings.owasp_dev_guide}
       <MappingsList title="OWASP DevGuide:"
         mappings={mappings.owasp_dev_guide} 
         linkFunction={DevGuideMapping.getUrl}  
       />
+      {/if}
+      {#if mappings.owasp_appsensor}
       <MappingsList
         title="OWASP AppSensor:"
         mappings={mappings.owasp_appsensor}
       />
+      {/if}
+      {#if mappings.safecode}
       <MappingsList 
         title="SAFECode:"
         mappings={mappings.safecode} 
         linkFunction={(input: string) => "https://safecode.org/publication/SAFECode_Agile_Dev_Security0712.pdf"}
       />
+      {/if}
     {/if}
 
     <h1 class="title">ASVS (4.0) Cheat Sheet Series Index</h1>
-    {#if card.value != 'A' && card.value != 'B'}
+    {#if hasMappings && mappings.owasp_asvs}
       <ASVSOverview mappings={[...new Set (mappings.owasp_asvs.map(s => +String(s).split('.').slice(0, 2).join('.')))]}></ASVSOverview>
     {/if}
     <h1 class="title">{$t('cards.webAppCardTaxonomy.h1.2')}</h1>

@@ -115,11 +115,29 @@ export class DeckService {
     {
         const decks = new Map<string, any>();
         const editions = DeckService.decks;
+
+        // Load all mappings if not already loaded
+        if (DeckService.mappings.length === 0) {
+            this.getCardMappingDataAllVersions();
+        }
+
         editions.forEach((deck) => {
-            decks.set(
-                `${deck.edition}-${deck.version}`, DeckService.mappings.find((mapping) => mapping?.version == deck.version && mapping?.edition == deck.edition)?.data || this.getCardMappingDataAllVersions()
-            );
+            let mappingData = DeckService.mappings.find((mapping) => mapping?.version == deck.version && mapping?.edition == deck.edition)?.data;
 
+            // If not found in cache, try to load it
+            if (!mappingData) {
+                try {
+                    const yamlData = fs.readFileSync(`${__dirname}${DeckService.path}${DeckService.getEdition(deck.edition)}-mappings-${deck.version}.yaml`, 'utf8');
+                    mappingData = yaml.load(yamlData);
+                    DeckService.mappings.push({edition: deck.edition, version: deck.version, data: mappingData});
+                } catch (e) {
+                    console.error(`Failed to load mapping for ${deck.edition}-${deck.version}:`, e);
+                }
+            }
+
+            if (mappingData) {
+                decks.set(`${deck.edition}-${deck.version}`, mappingData);
+            }
         });
         return decks;
     }

@@ -3,7 +3,6 @@ import { error } from '@sveltejs/kit';
 import { SuitController } from '$domain/suit/suitController';
 import { FileSystemHelper } from '$lib/filesystem/fileSystemHelper';
 
-const editions = ["webapp", "mobileapp"];
 export const load = (({ params }) => {
   const edition = params?.edition;
   if (!DeckService.hasEdition(edition)) error(

@@ -3,8 +3,6 @@ import { error } from '@sveltejs/kit';
 import { DeckService } from "$lib/services/deckService";
 import type { Route } from "$domain/routes/route";
 
-const editions = ["webapp", "mobileapp"];
-
 export const load = (({ params }) => {
     const edition =  params?.edition;
     const version =  edition == 'webapp' ? '2.2' : '1.1';

@@ -3,10 +3,6 @@ import { error } from '@sveltejs/kit';
 import { DeckService } from "$lib/services/deckService";
 import type { Route } from "$domain/routes/route";
 
-const editions = ["webapp", "mobileapp"];
-const languages = ["en", "no_nb", "nl", "es", "pt_pt", "pt_br", "ru", "fr", "it", "hu"];
-const versions = ["3.0", "2.2", "1.0"];
-
 export const load = (({ params }) => {
     const edition =  params?.edition;
     const version =  params?.version;

@@ -3,10 +3,6 @@ import { DeckService } from "$lib/services/deckService";
 import { error } from '@sveltejs/kit';
 import type { Route } from "$domain/routes/route";
 
-const editions = ["webapp", "mobileapp"];
-const languages = ["en", "no_nb", "nl", "es", "pt_pt", "pt_br", "ru", "fr", "it", "hu"];
-const versions = ["3.0", "2.2", "1.0"];
-
 export const load = (({ params }) => {
     const edition =  params?.edition;
     const version =  params?.version;

@@ -93,7 +93,26 @@ export default {
 				'/api/cre/webapp/pt_pt',
 				'/api/cre/webapp/pt_br',
 				'/api/cre/webapp/no_nb',
-				'/api/cre/mobileapp/en'
+				'/api/cre/mobileapp/en',
+				'/card/mobileapp/PC2/1.1/en',
+				'/card/webapp/VE2/2.2/es',
+				'/card/webapp/VE2/2.2/it',
+				'/card/webapp/VE2/2.2/nl',
+				'/card/webapp/VE2/2.2/fr',
+				'/card/webapp/VE2/2.2/pt_pt',
+				'/card/webapp/VE2/2.2/pt_br',
+				'/card/webapp/VE2/2.2/no_nb',
+				'/card/webapp/VE2/2.2/ru',
+				'/card/webapp/VE2/3.0',
+				'/card/webapp/VE2/3.0/en',
+				'/card/webapp/VE2/3.0/es',
+				'/card/webapp/VE2/3.0/it',
+				'/card/webapp/VE2/3.0/nl',
+				'/card/webapp/VE2/3.0/fr',
+				'/card/webapp/VE2/3.0/pt_pt',
+				'/card/webapp/VE2/3.0/pt_br',
+				'/card/webapp/VE2/3.0/no_nb',
+				'/card/webapp/VE2/3.0/ru',
 			]
 		},
 		csrf: {

@@ -6,7 +6,7 @@ meta:
   version: "1.1"
   layouts: ["cards", "leaflet"]
   templates: ["bridge_qr", "bridge", "tarot", "tarot_qr"]
-  languages: ["en"]
+  languages: ["en", "ru"]
 suits:
 -
   id: "PC"
@@ -655,4 +655,24 @@ suits:
     owasp_masvs: [ "-" ]
     owasp_mastg: [ "-" ]
     capec: [ "-" ]
+    safecode: [ "-" ]
+-
+  id: "WC"
+  name: "WILD CARD"
+  cards:
+  -
+    id: "JOAM"
+    value: "A"
+    url: "https://cornucopia.owasp.org/cards/JOAM"
+    owasp_masvs: [ "-" ]
+    owasp_mastg: [ "-" ]
+    capec: [ "-" ]
+    safecode: [ "-" ]
+  -
+    id: "JOBM"
+    value: "A"
+    url: "https://cornucopia.owasp.org/cards/JOBM"
+    owasp_masvs: [ "-" ]
+    owasp_mastg: [ "-" ]
+    capec: [ "-" ]
     safecode: [ "-" ]
@@ -1298,3 +1298,31 @@ suits:
     owasp_appsensor: [ "-" ]
     capec: [ "-" ]
     safecode: [ "-" ]
+-
+  id: "WC"
+  name: "WILD CARD"
+  cards:
+  -
+    id: "JOA"
+    value: "A"
+    url: "https://cornucopia.owasp.org/cards/JOA"
+    stride: []
+    stride_print: [ ]
+    owasp_dev_guide: [ "-" ]
+    owasp_dev_guide_print: [ "-" ]
+    owasp_asvs: [ "-" ]
+    owasp_asvs_print: [ "-" ]
+    capec: [ 184, 242, 248, 441, 444, 523, 549, 636, 691 ]
+    safecode: [ "-" ]
+  -
+    id: "JOB"
+    value: "B"
+    url: "https://cornucopia.owasp.org/cards/JOB"
+    stride: []
+    stride_print: [ ]
+    owasp_dev_guide: [ "-" ]
+    owasp_dev_guide_print: [ "-" ]
+    owasp_asvs: [ "-" ]
+    owasp_asvs_print: [ "-" ]
+    capec: [ 184, 242, 416, 438, 441, 444, 523, 518, 519, 548, 636, 691 ]
+    safecode: [ "-" ]
@@ -1880,12 +1880,12 @@ suits:
     stride_print: [ 'Information Disclosure' ]
     owasp_dev_guide: [ SC1, SC2, SC3, SC4, SC5, SC6, SC7, SC8, SC9, SC10, SC11, SC12, SC13, SFL1, SFL2, SFL14, SFL15, SDC2, SDC3, SDC4, SDC5, SDC6, SDA1, PDT1, PDT2, PDT3, PDT4, PDT5, PDT6, PDT7, PDT8, PDT9, PDT10, PDT11 ]
     owasp_dev_guide_print: [ SC1-13, SFL1-2, SFL14-15, SDC2-6, SDA1, PDT1-11 ]
-    owasp_asvs: [ 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.2.1, 12.2.2, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 13.2.1, 13.2.2, 13.2.3, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.3.5, 13.4.1, 13.4.2, 13.4.3, 13.4.4, 13.4.5, 13.4.6, 13.4.7, 15.1.1, 15.1.2, 15.2.1, 15.2.4, 16.3.3, 16.3.4 ]
-    owasp_asvs_print: [ 12.1.1-5, 12.2.1-2, 12.3.1-5, 13.2.1-3, 13.3.1-5, 13.4.1-7, 15.1.1-2, 15.2.1, 15.2.4, 16.3.3-4 ]
+    owasp_asvs: [ 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.2.1, 12.2.2, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 13.2.1, 13.2.2, 13.2.3, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.4.1, 13.4.2, 13.4.3, 13.4.4, 13.4.5, 13.4.6, 13.4.7, 15.1.1, 15.1.2, 15.2.1, 15.2.4, 16.3.3, 16.3.4 ]
+    owasp_asvs_print: [ 12.1.1-5, 12.2.1-2, 12.3.1-5, 13.2.1-3, 13.3.1-4, 13.4.1-7, 15.1.1-2, 15.2.1, 15.2.4, 16.3.3-4 ]
     capec: [ 37, 121, 159, 169, 217, 220, 310, 446 ]
     capec_map:
       37:
-        owasp_asvs: [ 13.2.1, 13.2.2, 13.2.3, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.3.5, 13.4.1, 13.4.7 ]
+        owasp_asvs: [ 13.2.1, 13.2.2, 13.2.3, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.4.1, 13.4.7 ]
       121: 
         owasp_asvs: [ 13.4.2 ]
       169: