secretDb.inBoundary = server_db secretDb.isSQL = True secretDb.inScope = True secretDb.storesPII = True secretDb.maxClassification = Classification.TOP_SECRET my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc my_lambda.levels = [1, 2] token_user_identity = Data("Token verifying user identity", classification=Classification.SECRET) db_to_secretDb = Dataflow(db, secretDb, "Database verify real user identity") db_to_secretDb.protocol = "RDA-TCP" db_to_secretDb.dstPort = 40234 db_to_secretDb.data = token_user_identity db_to_secretDb.note = "Verifying that the user is who they say they are." db_to_secretDb.maxClassification = Classification.SECRET comments_in_text = Data("Comments in HTML or Markdown", classification=Classification.PUBLIC) user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = comments_in_text user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments." web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306
web.authorizesSource = False db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments." web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306 web_to_db.data = 'MySQL insert statement, all literals' web_to_db.note = "Web server inserts user comments\ninto it's SQL query and stores them in the DB." db_to_web = Dataflow(db, web, "Retrieve comments") db_to_web.protocol = "MySQL" db_to_web.dstPort = 80 db_to_web.data = 'Web server retrieves comments from DB' db_to_web.responseTo = web_to_db
secretDb = Datastore("Real Identity Database") secretDb.OS = "CentOS" secretDb.isHardened = True secretDb.inBoundary = server_db secretDb.isSQL = True secretDb.inScope = True secretDb.storesPII = True secretDb.maxClassification = Classification.TOP_SECRET my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc db_to_secretDb = Dataflow(db, secretDb, "Database verify real user identity") db_to_secretDb.protocol = "RDA-TCP" db_to_secretDb.dstPort = 40234 db_to_secretDb.data = 'Token to verify user identity' db_to_secretDb.note = "Verifying that the user is who they say they are." db_to_secretDb.maxClassification = Classification.SECRET user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.note = "This is a simple web app\nthat stores and retrieves user comments." web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL" web_to_db.dstPort = 3306 web_to_db.data = 'MySQL insert statement, all literals' web_to_db.note = "Web server inserts user comments\ninto it's SQL query and stores them in the DB."
my_lambda = Lambda("cleanDBevery6hours") my_lambda.hasAccessControl = True my_lambda.inBoundary = Web_DB #my_lambda.inBoundary = VPC # TODO: need multiple boundaries capability for these situations db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = Web_DB db.isSQL = True db.inScope = False my_lambda_to_db = Dataflow(my_lambda, db, "(λ)Periodically cleans DB") my_lambda_to_db.protocol = "SQL" my_lambda_to_db.dstPort = 3306 user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.dstPort = 80 user_to_web.data = 'Comments in HTML or Markdown' user_to_web.order = 1 user_to_web.note = "This is a note\nmulti-line" web_to_user = Dataflow(web, user, "Comments saved (*)") web_to_user.protocol = "HTTP" web_to_user.data = 'Ack of saving or error message, in JSON' web_to_user.order = 2 web_to_db = Dataflow(web, db, "Insert query with comments") web_to_db.protocol = "MySQL"
db.onAWS = True db.isShared = False db.storesSensitiveData = False third_party = Element("3rd party services") third_party.inBoundary = internet third_party_bim = Element("3rd party BIM360 services") third_party_bim.inBoundary = internet user_to_apigee = Dataflow(user, apigee, "User sends API request to Apps service") user_to_apigee.protocol = "HTTPS" user_to_apigee.isEncrypted = True user_to_apigee.authenticatedWith = True user_to_apigee.dstPort = 443 user_to_apigee.data = 'JSON' user_to_apigee.order = 1 apigee_to_server = Dataflow(apigee, server, "Apigee forwards API request to Apps server") apigee_to_server.protocol = "HTTPS" apigee_to_server.isEncrypted = True apigee_to_server.authenticatedWith = True apigee_to_server.dstPort = 443 apigee_to_server.data = 'JSON' apigee_to_server.order = 2 server_to_third_party = Dataflow( server, third_party, "Apps server communicates with 3rd party services") server_to_third_party.authenticatedWith = True
merchant_web.OS = "Ubuntu" merchant_web.isHardened = True merchant_web.onAWS = True # web.levels = [2] stripe_api = ExternalEntity("Stripe API service") stripe_api.inBoundary = Stripe_API stripe_api.onAWS = False stripe_process = Process("Stripe Payment Service") stripe_process.inBoundary = Stripe_API customer_to_customer_client = Dataflow( customer, customer_client, "Customer logs into the merchant site (*)") customer_to_customer_client.protocol = "HTTPS" customer_to_customer_client.dstPort = 443 customer_to_customer_client.data = 'OAuth' customer_to_customer_client = Dataflow( customer, customer_client, "Customer proceeds to payment page to make a purchase (*)") customer_to_customer_client.protocol = "HTTPS" customer_to_customer_client.dstPort = 443 customer_client_to_merchant_web = Dataflow( customer_client, merchant_web, "Customer Client sends order intent, including order amount (*)") customer_client_to_merchant_web.protocol = "HTTPS" customer_client_to_merchant_web.dstPort = 443 merchant_web_to_stripe_api = Dataflow(