vpc = Boundary("AWS VPC")
user = Actor("User")
user.inBoundary = internet
web = Server("Web Server")
web.OS = "Ubuntu"
web.isHardened = True
web.sanitizesInput = False
web.encodesOutput = True
web.authorizesSource = False
db = Datastore("SQL Database")
db.OS = "CentOS"
db.isHardened = False
db.inBoundary = server_db
db.isSQL = True
db.inScope = True
my_lambda = Lambda("AWS Lambda")
my_lambda.hasAccessControl = True
my_lambda.inBoundary = vpc
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTP"
user_to_web.dstPort = 80
user_to_web.data = 'Comments in HTML or Markdown'
user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments."
web_to_db = Dataflow(web, db, "Insert query with comments")
web_to_db.protocol = "MySQL"
buy_api = Server("Buy<br/>API-y")
buy_api.inBoundary = Web
rent_api = Server("Rent<br/>API-y")
rent_api.inBoundary = Web
alert_api = Server("Alert<br/>API-y")
alert_api.inBoundary = Web
cloud = Server("Phone Provider Cloud")
cloud.inBoundary = external_web
alert_api_to_cloud = Dataflow(alert_api, cloud, "push")
cloud_to_app = Dataflow(cloud, app, " ")
db_b = Datastore("Oracle Table B")
db_b.inBoundary = Web
buy_api_to_db = Dataflow(buy_api, db_b, " ")
db_r = Datastore("Oracle Table R")
db_r.inBoundary = Web
rent_api_to_db = Dataflow(rent_api, db_r, " ")
db_t = Datastore("Oracle Table Tenants")
db_t.inBoundary = Web
rent_api_to_db_t = Dataflow(rent_api, db_t, " ")
buy_api_to_db_t = Dataflow(buy_api, db_t, " ")
alert_api_to_db_t = Dataflow(alert_api, db_t, " ")
auth = Server("Auth<br/>API-y")
auth.inBoundary = Web
Dataflow(auth, db_t, 'auth')
alertApi = Server("Alert<br/>API-y")
alertApi.inBoundary = internet
authApi = Server("Auth<br/>API-y")
authApi.inBoundary = internet
allAuth = Server("All Auth")
allAuth.inBoundary = internet
phoneCloud = Server("Phone<br/>Provider<br/>Cloud")
firensurfCloud = Server("Fire n' Surf .gov")
dbB = Datastore("Oracle Table B")
dbB.inBoundary = internet
dbR = Datastore("Oracle Table R")
dbR.inBoundary = internet
dbT = Datastore("Oracle Table T")
dbT.inBoundary = internet
user_to_app = Dataflow(user, app, "use")
app_to_buyapi = Dataflow(app, buyApi, "HTTPS<br/>JSON")
app_to_phonecloud = Dataflow(app, phoneCloud, " ")
app_to_rentapi = Dataflow(app, rentApi, "HTTPS<br/>JSON")
app_to_authapi = Dataflow(app, authApi, "HTTPS<br/>JSON")
app_to_dbt = Dataflow(authApi, dbT, "Token-y")
allauth_to_dbt = Dataflow(allAuth, dbT, " ")
buyapi_to_dbt = Dataflow(buyApi, dbT, " ")
dev = Actor("Developer")
eu = Actor("End User")
# Server & OS Components
etcd = Datastore("N-ary etcd servers")
apiserver = Server("kube-apiserver")
kubelet = Server("kubelet")
kubeproxy = Server("kube-proxy")
scheduler = Server("kube-scheduler")
controllers = Server("CCM/KCM")
pods = Server("Pods")
iptables = Process("iptables")
# Component <> Boundary Relations
etcd.inBoundary = mcdata
mcdata.inBoundary = apisrv
apiserver.inBoundary = apisrv
kubelet.inBoundary = worker
kubeproxy.inBoundary = worker
pods.inBoundary = contain
scheduler.inBoundary = mcomps
controllers.inBoundary = mcomps
pods.inBoundary = contain
iptables.inBoundary = worker
miu.inBoundary = apisrv
ia.inBoundary = contain
ea.inBoundary = inet
admin.inBoundary = apisrv
dev.inBoundary = inet
eu.inBoundary = inet
tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats."
User_Web = Boundary("User/Web")
Web_DB = Boundary("Web/DB")
user = Actor("User")
user.inBoundary = User_Web
web = Server("Web Server")
web.OS = "CloudOS"
web.isHardened = True
db = Datastore("SQL Database (*)")
db.OS = "CentOS"
db.isHardened = False
db.inBoundary = Web_DB
db.isSql = True
db.inScope = False
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTP"
user_to_web.dstPort = 80
user_to_web.data = 'Comments in HTML or Markdown'
user_to_web.order = 1
user_to_web.note = "This is a note\nmulti-line"
web_to_user = Dataflow(web, user, "Comments saved (*)")
web_to_user.protocol = "HTTP"
web_to_user.data = 'Ack of saving or error message, in JSON'
web_to_user.order = 2
# Define components
api_search = Server("api_search")
api_search.inBoundary = API
api_search.inScope = True
api_search.providesConfidentiality = True
api_reservation = Server("api_reservation")
api_reservation.inBoundary = API
api_reservation.inScope = True
api_rating = Server("api_rating")
api_rating.inBoundary = API
api_rating.inScope = True
db_search = Datastore("Restaurants")
db_search.inBoundary = DB
db_search.inScope = True
db_search.authenticatesSource = True
db_rating = Datastore("Ratings")
db_rating.inBoundary = DB
db_rating.inScope = False
db_reservations = Datastore("Reservations")
db_reservations.inBoundary = DB
db_reservations.inScope = False
# Define flows
search_user_to_api = Dataflow(user, api_search, "User enters search")
search_user_to_api.isEncrypted = True #JIRA TEST-0001
search_user_to_api.order =1
from pytm.pytm import TM, Boundary, Server, Actor, Datastore, Dataflow, SetOfProcesses
tm = TM("Generic CMS example")
tm.description = "This is a sample threat model for the Threat Model Cookbook."
internet = Boundary("Internet")
user = Actor("Generic/Privilege User")
webserver = Server("Web Server")
webserver.inBoundary = internet
user_to_webserver = Dataflow(user, webserver, "HTTPS")
db = Datastore("db")
db.inBoundary = internet
db_to_webserver = Dataflow(webserver, db, " ")
adminuser = Actor(" admin ")
admin_to_webserver = Dataflow(adminuser, db,
"unsecure<br/>mysql<br/>connection")
cdn = SetOfProcesses("CDN network")
user_to_cdn = Dataflow(user, cdn, "HTTP")
webserver_to_cdn = Dataflow(webserver, cdn, "Push to Bucket")
tm.process()
