user = Actor("User") user.inBoundary = internet web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments." web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306
user.inBoundary = internet user.levels = [2] web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False web.sourceFiles = ["pytm/json.py", "docs/template.md"] db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True db.maxClassification = Classification.RESTRICTED db.levels = [2] secretDb = Datastore("Real Identity Database") secretDb.OS = "CentOS" secretDb.sourceFiles = ["pytm/pytm.py"] secretDb.isHardened = True secretDb.inBoundary = server_db secretDb.isSQL = True secretDb.inScope = True secretDb.storesPII = True secretDb.maxClassification = Classification.TOP_SECRET my_lambda = Lambda("AWS Lambda")
apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True server = Server("Apps Server") server.inBoundary = apps_vpc server.isHardened = True server.hasAccessControl = True server.encodesOutput = True db = Datastore("MySQL DB") db.isHardened = True db.hasAccessControl = True db.inBoundary = apps_vpc db.inBoundary = rds_boundary db.isSQL = True db.inScope = True db.onAWS = True db.isShared = True db.storesSensitiveData = False redis = Datastore("Redis") redis.isHardened = True redis.inBoundary = apps_vpc redis.inBoundary = cache_boundary redis.isSQL = False redis.inScope = True db.onAWS = True db.isShared = False db.storesSensitiveData = False