def test_dfd(self): dir_path = os.path.dirname(os.path.realpath(__file__)) install_path = os.path.dirname(os.path.realpath(pytm.__file__)) with open(os.path.join(dir_path, "dfd.dot")) as x: expected = (x.read().strip().replace( "INSTALL_PATH", os.path.dirname(install_path))) random.seed(0) TM.reset() tm = TM("my test tm", description="aaa") internet = Boundary("Internet") net = Boundary("Company net") dmz = Boundary("dmz", inBoundary=net) backend = Boundary("backend", inBoundary=net) user = Actor("User", inBoundary=internet) gw = Server("Gateway", inBoundary=dmz) web = Server("Web Server", inBoundary=backend) db = Datastore("SQL Database", inBoundary=backend, isEncryptedAtRest=True) comment = Data("Comment", isStored=True) Dataflow(user, gw, "User enters comments (*)") Dataflow(gw, web, "Request") Dataflow(web, db, "Insert query with comments", data=[comment]) Dataflow(db, web, "Retrieve comments") Dataflow(web, gw, "Response") Dataflow(gw, user, "Show comments (*)") self.assertTrue(tm.check()) output = tm.dfd() self.maxDiff = None self.assertEqual(output, expected)
def test_dfd_duplicates_raise(self): random.seed(0) TM.reset() tm = TM("my test tm", description="aaa", onDuplicates=Action.RESTRICT) internet = Boundary("Internet") server_db = Boundary("Server/DB") user = Actor("User", inBoundary=internet) web = Server("Web Server") db = Datastore("SQL Database", inBoundary=server_db) Dataflow(user, web, "User enters comments (*)") Dataflow(user, web, "User views comments") Dataflow(web, db, "Insert query with comments") Dataflow(web, db, "Select query") Dataflow(db, web, "Retrieve comments") Dataflow(web, user, "Show comments (*)") e = re.escape( "Duplicate Dataflow found between Actor(User) " "and Server(Web Server): Dataflow(User enters comments (*)) " "is same as Dataflow(User views comments)") with self.assertRaisesRegex(ValueError, e): tm.check()
Datastore, Lambda, Server, ) tm = TM("my test tm") tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." tm.isOrdered = True tm.mergeResponses = True internet = Boundary("Internet") server_db = Boundary("Server/DB") server_db.levels = [2] vpc = Boundary("AWS VPC") user = Actor("User") user.inBoundary = internet user.levels = [2] web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False web.sourceFiles = ["pytm/json.py", "docs/template.md"] db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db
#!/usr/bin/env python3 from pytm import TM, Actor, Boundary, Dataflow, Datastore, Lambda, Server tm = TM("my test tm") tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." tm.isOrdered = True tm.mergeResponses = True internet = Boundary("Internet") server_db = Boundary("Server/DB") vpc = Boundary("AWS VPC") user = Actor("User") user.inBoundary = internet web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True my_lambda = Lambda("AWS Lambda")
#!/usr/bin/env python3 from pytm import TM, Server, Datastore, Dataflow, Boundary, Actor, Lambda tm = TM("my test tm") tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." User_Web = Boundary("User/Web") Web_DB = Boundary("Web/DB") VPC = Boundary("AWS VPC") user = Actor("User") user.inBoundary = User_Web web = Server("Web Server") web.OS = "CloudOS" web.isHardened = True my_lambda = Lambda("cleanDBevery6hours") my_lambda.hasAccessControl = True my_lambda.inBoundary = Web_DB #my_lambda.inBoundary = VPC # TODO: need multiple boundaries capability for these situations db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = Web_DB db.isSQL = True db.inScope = False my_lambda_to_db = Dataflow(my_lambda, db, "(λ)Periodically cleans DB")
#!/usr/bin/env python3 from pytm import TM, Server, Datastore, Dataflow, Boundary, Actor, Element tm = TM("Apps") tm.description = "Apps threat modeling" internet = Boundary("Internet") machine = Boundary("User's machine") apps_vpc = Boundary("Apps VPC") rds_boundary = Boundary("RDS security group") cache_boundary = Boundary("ElastiCache security group") user = Actor("User/Browser") user.inBoundary = machine apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True server = Server("Apps Server") server.inBoundary = apps_vpc server.isHardened = True server.hasAccessControl = True server.encodesOutput = True db = Datastore("MySQL DB") db.isHardened = True
# https://github.com/izar/pytm from pytm import (TM, Server, Dataflow, Boundary, Actor, ExternalEntity, Process) payment_online = TM("stripe") payment_online.description = "stripe payment" payment_online.isOrdered = True payment_online.mergeResponses = True Customer_Client_Web = Boundary("Customer/Internet") Merchant_Web = Boundary("Merchant/Web") Stripe_API = Boundary("Stripe/Web") customer = Actor("Customer") customer_client = ExternalEntity("Customer Client") customer_client.inBoundary = Customer_Client_Web # user.levels = [2] merchant_web = Server("Merchant Web Server") merchant_web.inBoundary = Merchant_Web merchant_web.OS = "Ubuntu" merchant_web.isHardened = True merchant_web.onAWS = True # web.levels = [2] stripe_api = ExternalEntity("Stripe API service") stripe_api.inBoundary = Stripe_API stripe_api.onAWS = False stripe_process = Process("Stripe Payment Service")