from pytm import (
TM,
Actor,
Boundary,
Classification,
Data,
Dataflow,
Datastore,
Lambda,
Server,
)
tm = TM("my test tm")
tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats."
tm.isOrdered = True
tm.mergeResponses = True
internet = Boundary("Internet")
server_db = Boundary("Server/DB")
server_db.levels = [2]
vpc = Boundary("AWS VPC")
user = Actor("User")
user.inBoundary = internet
user.levels = [2]
web = Server("Web Server")
web.OS = "Ubuntu"
web.isHardened = True
web.sanitizesInput = False
web.encodesOutput = True
# https://github.com/izar/pytm
from pytm import (TM, Server, Dataflow, Boundary, Actor, ExternalEntity,
Process)
payment_online = TM("stripe")
payment_online.description = "stripe payment"
payment_online.isOrdered = True
payment_online.mergeResponses = True
Customer_Client_Web = Boundary("Customer/Internet")
Merchant_Web = Boundary("Merchant/Web")
Stripe_API = Boundary("Stripe/Web")
customer = Actor("Customer")
customer_client = ExternalEntity("Customer Client")
customer_client.inBoundary = Customer_Client_Web
# user.levels = [2]
merchant_web = Server("Merchant Web Server")
merchant_web.inBoundary = Merchant_Web
merchant_web.OS = "Ubuntu"
merchant_web.isHardened = True
merchant_web.onAWS = True
# web.levels = [2]
stripe_api = ExternalEntity("Stripe API service")
stripe_api.inBoundary = Stripe_API
stripe_api.onAWS = False
stripe_process = Process("Stripe Payment Service")
