db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments." web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306 web_to_db.data = 'MySQL insert statement, all literals' web_to_db.note = "Web server inserts user comments\ninto it's SQL query and stores them in the DB." db_to_web = Dataflow(db, web, "Retrieve comments") db_to_web.protocol = "MySQL" db_to_web.dstPort = 80 db_to_web.data = 'Web server retrieves comments from DB' db_to_web.responseTo = web_to_db web_to_user = Dataflow(web, user, "Show comments (*)") web_to_user.protocol = "HTTP"
secretDb.inScope = True secretDb.storesPII = True secretDb.maxClassification = Classification.TOP_SECRET my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc my_lambda.levels = [1, 2] token_user_identity = Data("Token verifying user identity", classification=Classification.SECRET) db_to_secretDb = Dataflow(db, secretDb, "Database verify real user identity") db_to_secretDb.protocol = "RDA-TCP" db_to_secretDb.dstPort = 40234 db_to_secretDb.data = token_user_identity db_to_secretDb.note = "Verifying that the user is who they say they are." db_to_secretDb.maxClassification = Classification.SECRET comments_in_text = Data("Comments in HTML or Markdown", classification=Classification.PUBLIC) user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = comments_in_text user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments." web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306 # this is a BAD way of defining a data object, here for a demo on how it # will appear on the sample report. Use Data objects.
db.OS = "CentOS" db.isHardened = False db.inBoundary = Web_DB db.isSQL = True db.inScope = False my_lambda_to_db = Dataflow(my_lambda, db, "(λ)Periodically cleans DB") my_lambda_to_db.protocol = "SQL" my_lambda_to_db.dstPort = 3306 user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.order = 1 user_to_web.note = "This is a note\nmulti-line" web_to_user = Dataflow(web, user, "Comments saved (*)") web_to_user.protocol = "HTTP" web_to_user.data = 'Ack of saving or error message, in JSON' web_to_user.order = 2 web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306 web_to_db.data = 'MySQL insert statement, all literals' web_to_db.order = 3 web_to_db.note = "another note\nin a different place" db_to_web = Dataflow(db, web, "Comments contents") db_to_web.protocol = "MySQL"