From 5ef30676287ed2adcd25f4636dff576d9b962fd5 Mon Sep 17 00:00:00 2001 From: Nick Ozmore Date: Fri, 2 Apr 2021 12:06:22 -0400 Subject: [PATCH 1/3] Expose list with only Assets to report template --- pytm/pytm.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pytm/pytm.py b/pytm/pytm.py index aaae8ce..0ff9296 100644 --- a/pytm/pytm.py +++ b/pytm/pytm.py @@ -609,6 +609,7 @@ class TM: _flows = [] _elements = [] + _assets = [] _threats = [] _boundaries = [] _data = [] @@ -645,6 +646,7 @@ def __init__(self, name, **kwargs): def reset(cls): cls._flows = [] cls._elements = [] + cls._assets = [] cls._threats = [] cls._boundaries = [] cls._data = [] @@ -869,6 +871,7 @@ def report(self, template_path): "threats": TM._threats, "findings": self.findings, "elements": TM._elements, + "assets": TM._assets, "boundaries": TM._boundaries, "data": TM._data, } @@ -1237,6 +1240,9 @@ class Asset(Element): OS = varString("") providesIntegrity = varBool(False) + def __init__(self, name, **kwargs): + super().__init__(name, **kwargs) + TM._assets.append(self) class Lambda(Asset): """A lambda function running in a Function-as-a-Service (FaaS) environment""" From 3b0662bde4f9823c4090e55d4052b721e4cfee9f Mon Sep 17 00:00:00 2001 From: Nick Ozmore Date: Fri, 2 Apr 2021 12:37:09 -0400 Subject: [PATCH 2/3] Updated json output test data to include asset list --- tests/output.json | 228 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 228 insertions(+) diff --git a/tests/output.json b/tests/output.json index 6ba40ae..800ef45 100644 --- a/tests/output.json +++ b/tests/output.json @@ -1,4 +1,232 @@ { + "assets": [ + { + "OS": "", + "__class__": "Server", + "authenticatesDestination": false, + "authenticatesSource": false, + "authenticationScheme": "", + "authorizesSource": false, + "checksDestinationRevocation": false, + "checksInputBounds": false, + "data": [], + "definesConnectionTimeout": false, + "description": "", + "disablesDTD": false, + "encodesHeaders": false, + "encodesOutput": false, + "findings": [], + "handlesResourceConsumption": false, + "handlesResources": false, + "hasAccessControl": false, + "implementsAuthenticationScheme": false, + "implementsCSRFToken": false, + "implementsNonce": false, + "implementsPOLP": false, + "implementsServerSideValidation": false, + "implementsStrictHTTPValidation": false, + "inBoundary": null, + "inScope": true, + "inputs": [ + "User enters comments (*)", + "Retrieve comments" + ], + "invokesScriptFilters": false, + "isEncrypted": false, + "isHardened": false, + "isResilient": false, + "levels": [ + 0 + ], + "maxClassification": "Classification.UNKNOWN", + "name": "Web Server", + "onAWS": false, + "outputs": [ + "Insert query with comments", + "Call func", + "Show comments (*)" + ], + "overrides": [], + "port": -1, + "protocol": "", + "providesConfidentiality": false, + "providesIntegrity": false, + "sanitizesInput": false, + "usesCache": false, + "usesCodeSigning": false, + "usesEncryptionAlgorithm": "", + "usesEnvironmentVariables": false, + "usesLatestTLSversion": false, + "usesSessionTokens": false, + "usesStrongSessionIdentifiers": false, + "usesVPN": false, + "usesXMLParser": false, + "validatesContentType": false, + "validatesHeaders": false, + "validatesInput": false + }, + { + "OS": "", + "__class__": "Lambda", + "authenticatesDestination": false, + "authenticatesSource": false, + "authenticationScheme": "", + "authorizesSource": false, + "checksDestinationRevocation": false, + "checksInputBounds": false, + "data": [], + "definesConnectionTimeout": false, + "description": "", + "encodesOutput": false, + "environment": "", + "findings": [], + "handlesResourceConsumption": false, + "handlesResources": false, + "hasAccessControl": false, + "implementsAPI": false, + "implementsAuthenticationScheme": false, + "implementsNonce": false, + "inBoundary": null, + "inScope": true, + "inputs": [ + "Call func" + ], + "isEncrypted": false, + "isHardened": false, + "levels": [ + 0 + ], + "maxClassification": "Classification.UNKNOWN", + "name": "Lambda func", + "onAWS": true, + "outputs": [], + "overrides": [], + "port": -1, + "protocol": "", + "providesIntegrity": false, + "sanitizesInput": false, + "usesEnvironmentVariables": false, + "validatesInput": false + }, + { + "OS": "", + "__class__": "Process", + "allowsClientSideScripting": false, + "authenticatesDestination": false, + "authenticatesSource": false, + "authenticationScheme": "", + "authorizesSource": false, + "checksDestinationRevocation": false, + "checksInputBounds": false, + "codeType": "Unmanaged", + "data": [], + "definesConnectionTimeout": false, + "description": "", + "disablesiFrames": false, + "encodesOutput": false, + "encryptsCookies": false, + "encryptsSessionData": false, + "environment": "", + "findings": [], + "handlesCrashes": false, + "handlesInterruptions": false, + "handlesResourceConsumption": false, + "handlesResources": false, + "hasAccessControl": false, + "implementsAPI": false, + "implementsAuthenticationScheme": false, + "implementsCSRFToken": false, + "implementsCommunicationProtocol": false, + "implementsNonce": false, + "implementsPOLP": false, + "inBoundary": null, + "inScope": true, + "inputs": [], + "isEncrypted": false, + "isHardened": false, + "isResilient": false, + "levels": [ + 0 + ], + "maxClassification": "Classification.UNKNOWN", + "name": "Task queue worker", + "onAWS": false, + "outputs": [ + "Query for tasks" + ], + "overrides": [], + "port": -1, + "protocol": "", + "providesConfidentiality": false, + "providesIntegrity": false, + "sanitizesInput": false, + "tracksExecutionFlow": false, + "usesEnvironmentVariables": false, + "usesMFA": false, + "usesParameterizedInput": false, + "usesSecureFunctions": false, + "usesStrongSessionIdentifiers": false, + "validatesInput": false, + "verifySessionIdentifiers": false + }, + { + "OS": "", + "__class__": "Datastore", + "authenticatesDestination": false, + "authenticatesSource": false, + "authenticationScheme": "", + "authorizesSource": false, + "checksDestinationRevocation": false, + "checksInputBounds": false, + "data": [], + "definesConnectionTimeout": false, + "description": "", + "encodesOutput": false, + "findings": [], + "handlesInterruptions": false, + "handlesResourceConsumption": false, + "handlesResources": false, + "hasAccessControl": false, + "hasWriteAccess": false, + "implementsAuthenticationScheme": false, + "implementsNonce": false, + "implementsPOLP": false, + "inBoundary": "Server/DB", + "inScope": true, + "inputs": [ + "Insert query with comments", + "Query for tasks" + ], + "isEncrypted": false, + "isEncryptedAtRest": false, + "isHardened": false, + "isResilient": false, + "isSQL": true, + "isShared": false, + "levels": [ + 0 + ], + "maxClassification": "Classification.UNKNOWN", + "name": "SQL Database", + "onAWS": false, + "onRDS": false, + "outputs": [ + "Retrieve comments" + ], + "overrides": [], + "port": -1, + "protocol": "", + "providesConfidentiality": false, + "providesIntegrity": false, + "sanitizesInput": false, + "storesLogData": false, + "storesPII": false, + "storesSensitiveData": false, + "usesEncryptionAlgorithm": "", + "usesEnvironmentVariables": false, + "validatesInput": false + } + ], "boundaries": [ { "description": "", From 3e85351e714ddab762f366dc12b23bf4b75122c8 Mon Sep 17 00:00:00 2001 From: Nick Ozmore Date: Tue, 6 Apr 2021 17:24:03 -0400 Subject: [PATCH 3/3] Added global _actors list, exposed 'actors' to report template and updated json test --- pytm/pytm.py | 4 ++++ tests/output.json | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/pytm/pytm.py b/pytm/pytm.py index 0ff9296..f42fee0 100644 --- a/pytm/pytm.py +++ b/pytm/pytm.py @@ -609,6 +609,7 @@ class TM: _flows = [] _elements = [] + _actors = [] _assets = [] _threats = [] _boundaries = [] @@ -646,6 +647,7 @@ def __init__(self, name, **kwargs): def reset(cls): cls._flows = [] cls._elements = [] + cls._actors = [] cls._assets = [] cls._threats = [] cls._boundaries = [] @@ -872,6 +874,7 @@ def report(self, template_path): "findings": self.findings, "elements": TM._elements, "assets": TM._assets, + "actors": TM._actors, "boundaries": TM._boundaries, "data": TM._data, } @@ -1410,6 +1413,7 @@ class Actor(Element): def __init__(self, name, **kwargs): super().__init__(name, **kwargs) + TM._actors.append(self) class Process(Asset): diff --git a/tests/output.json b/tests/output.json index 800ef45..9246faa 100644 --- a/tests/output.json +++ b/tests/output.json @@ -1,4 +1,32 @@ { + "actors": [ + { + "__class__": "Actor", + "authenticatesDestination": false, + "checksDestinationRevocation": false, + "data": [], + "description": "", + "findings": [], + "inBoundary": "Internet", + "inScope": true, + "inputs": [ + "Show comments (*)" + ], + "isAdmin": false, + "levels": [ + 0 + ], + "maxClassification": "Classification.UNKNOWN", + "name": "User", + "outputs": [ + "User enters comments (*)" + ], + "overrides": [], + "port": -1, + "protocol": "", + "providesIntegrity": false + } + ], "assets": [ { "OS": "",