web.encodesOutput = True
web.authorizesSource = False
db = Datastore("SQL Database")
db.OS = "CentOS"
db.isHardened = False
db.inBoundary = server_db
db.isSQL = True
db.inScope = True
my_lambda = Lambda("AWS Lambda")
my_lambda.hasAccessControl = True
my_lambda.inBoundary = vpc
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTP"
user_to_web.dstPort = 80
user_to_web.data = 'Comments in HTML or Markdown'
user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments."
web_to_db = Dataflow(web, db, "Insert query with comments")
web_to_db.protocol = "MySQL"
web_to_db.dstPort = 3306
web_to_db.data = 'MySQL insert statement, all literals'
web_to_db.note = "Web server inserts user comments\ninto it's SQL query and stores them in the DB."
db_to_web = Dataflow(db, web, "Retrieve comments")
db_to_web.protocol = "MySQL"
db_to_web.dstPort = 80
db_to_web.data = 'Web server retrieves comments from DB'
db_to_web.responseTo = web_to_db
scheduler.inBoundary = mcomps
controllers.inBoundary = mcomps
pods.inBoundary = contain
iptables.inBoundary = worker
miu.inBoundary = apisrv
ia.inBoundary = contain
ea.inBoundary = inet
admin.inBoundary = apisrv
dev.inBoundary = inet
eu.inBoundary = inet
# Dataflows
apiserver2etcd = Dataflow(apiserver, etcd, "All kube-apiserver data")
apiserver2etcd.isEncrypted = True
apiserver2etcd.protocol = "HTTPS"
apiserver2kubelet = Dataflow(apiserver, kubelet,
"kubelet Health, Status, &c.")
apiserver2kubelet.isEncrypted = False
apiserver2kubelet.protocol = "HTTP"
apiserver2kubeproxy = Dataflow(apiserver, kubeproxy,
"kube-proxy Health, Status, &c.")
apiserver2kubeproxy.isEncrypted = False
apiserver2kubeproxy.protocol = "HTTP"
apiserver2scheduler = Dataflow(apiserver, scheduler,
"kube-scheduler Health, Status, &c.")
apiserver2scheduler.isEncrypted = False
apiserver2scheduler.protocol = "HTTP"
from_webserver = Dataflow(nginx_backend_server, entity,
"Responses to {}".format(entity.name))
from_webserver.responseTo = to_webserver
# web_user
# administrator
# mobile_client
# direct_api
# browser
webapp_to_nginx = Dataflow(react_webapp, nginx_backend_server,
"Webclient to Gateway")
nginx_to_webapp = Dataflow(nginx_backend_server, react_webapp,
"Gatway to Webclient")
nginx_to_webapp.responseTo = webapp_to_nginx
webapp_to_nginx.protocol = "https"
identity_to_sendgrid = Dataflow(identity_service, sendgrid,
"Request to email server")
for service in flask_services:
dataflow_request = Dataflow(nginx_backend_server, service, "Requests")
dataflow_response = Dataflow(service, nginx_backend_server, "Responses")
dataflow_request.protocol = "HTTPS"
dataflow_response.protocol = "HTTPS"
dataflow_request.dstPort = 80
dataflow_response.dstPort = 540
dataflow_request.data = "Requests and Responses"
dataflow_response.data = "Requests and Responses"
dataflow_response.responseTo = dataflow_request
search_to_elastic = Dataflow(search_service, elastic_search_resources,
user = Actor("User")
user.inBoundary = User_Web
web = Server("Web Server")
web.OS = "CloudOS"
web.isHardened = True
db = Datastore("SQL Database (*)")
db.OS = "CentOS"
db.isHardened = False
db.inBoundary = Web_DB
db.isSql = True
db.inScope = False
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTP"
user_to_web.dstPort = 80
user_to_web.data = 'Comments in HTML or Markdown'
user_to_web.order = 1
user_to_web.note = "This is a note\nmulti-line"
web_to_user = Dataflow(web, user, "Comments saved (*)")
web_to_user.protocol = "HTTP"
web_to_user.data = 'Ack of saving or error message, in JSON'
web_to_user.order = 2
web_to_db = Dataflow(web, db, "Insert query with comments")
web_to_db.protocol = "MySQL"
web_to_db.dstPort = 3306
web_to_db.data = 'MySQL insert statement, all literals'
web_to_db.order = 3