controllers = Server("CCM/KCM") pods = Server("Pods") iptables = Process("iptables") # Component <> Boundary Relations etcd.inBoundary = mcdata mcdata.inBoundary = apisrv apiserver.inBoundary = apisrv kubelet.inBoundary = worker kubeproxy.inBoundary = worker pods.inBoundary = contain scheduler.inBoundary = mcomps controllers.inBoundary = mcomps pods.inBoundary = contain iptables.inBoundary = worker miu.inBoundary = apisrv ia.inBoundary = contain ea.inBoundary = inet admin.inBoundary = apisrv dev.inBoundary = inet eu.inBoundary = inet # Dataflows apiserver2etcd = Dataflow(apiserver, etcd, "All kube-apiserver data") apiserver2etcd.isEncrypted = True apiserver2etcd.protocol = "HTTPS" apiserver2kubelet = Dataflow(apiserver, kubelet, "kubelet Health, Status, &c.") apiserver2kubelet.isEncrypted = False
# make sure generated diagrams do not change, makes sense if they're commited random.seed(0) tm = TM("my test tm") tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." tm.isOrdered = True tm.mergeResponses = True internet = Boundary("Internet") server_db = Boundary("Server/DB") vpc = Boundary("AWS VPC") user = Actor("User") user.inBoundary = internet web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True
#!/usr/bin/env python3 from pytm.pytm import TM, Server, Datastore, Dataflow, Boundary, Actor tm = TM("my test tm") tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." User_Web = Boundary("User/Web") Web_DB = Boundary("Web/DB") user = Actor("User") user.inBoundary = User_Web web = Server("Web Server") web.OS = "CloudOS" web.isHardened = True db = Datastore("SQL Database (*)") db.OS = "CentOS" db.isHardened = False db.inBoundary = Web_DB db.isSql = True db.inScope = False user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.order = 1 user_to_web.note = "This is a note\nmulti-line"