def load_threat_library_data_from_path(self, paths, parent):
for config_path in paths:
abs_path = data.abs_path(parent, config_path.path)
if abs_path == data.cwd():
continue # Skip current directory as this was handled earlier
if abs_path in self.loaded_library_paths:
logger.debug(
"Skipping library path {} as we've processed it before".
format(abs_path))
continue # Skip as we've seen this path before
self.loaded_library_paths[abs_path] = True # We've seen it now
if data.is_threatspec_path(abs_path):
logger.debug(
"Found threatspec.yaml, loading library from {}".format(
abs_path))
self.load_threat_library(abs_path)
self.load_control_library(abs_path)
self.load_component_library(abs_path)
new_config_file = data.abs_path(abs_path, "threatspec.yaml")
new_config = config.Config()
logger.debug("Validating {}".format(new_config_file))
(valid, error) = data.validate_yaml_file(
new_config_file, os.path.join("data",
"config_schema.json"))
if not valid:
logger.error(
"Couldn't validate the configation file {}: {}".format(
"threatspec.yaml", error))
sys.exit(0)
new_config.load(data.read_yaml(new_config_file))
self.load_threat_library_data_from_path(
new_config.paths, abs_path)
def run(self):
logger.info("Running threatspec...")
config_path = data.abs_path(data.cwd(), "threatspec.yaml")
(valid, error) = data.validate_yaml_file(
config_path, os.path.join("data", "config_schema.json"))
if not valid:
logger.error(
"Couldn't validate the configation file {}: {}".format(
"threatspec.yaml", error))
sys.exit(0)
self.config.load(data.read_yaml(config_path))
self.load_threat_library_data()
self.parse_source(self.config.paths, data.cwd())
self.save_threat_library_data()
self.save_threat_model_data()
logger.info("""
Threatspec has been run against the source files. The following threat mode file
has been created and contains the mitigations, acceptances, connections etc. for
the project:
threatmodel/threatmodel.json
The following library files have also been create:
threatmodel/threats.json threatmodel/controls.json threatmodel/components.json
""")
def load_threat_models(self):
self.load_threat_model(data.cwd())
for import_path in self.config.imports:
abs_import_path = data.abs_path(import_path.path)
if abs_import_path == data.cwd():
continue # Local path processed above
self.load_threat_model(abs_import_path)
def parse_source(self, paths, parent):
for config_path in paths:
abs_path = data.abs_path(parent, config_path.path)
if data.blacklisted_path(abs_path):
logger.debug(
"Skipping path {} as it is blacklisted".format(abs_path))
continue
logger.debug("Processing source path {}".format(abs_path))
if abs_path in self.loaded_source_paths:
logger.debug(
"Skipping source path {} as it has already been processed".
format(abs_path))
continue
self.loaded_source_paths[abs_path] = True # We've seen it now
if data.is_threatspec_path(abs_path):
logger.debug(
"Found threatspec.yaml, loading source configuration from {}"
.format(abs_path))
new_config = config.Config()
new_config_file = data.abs_path(abs_path, "threatspec.yaml")
(valid, error) = data.validate_yaml_file(
new_config_file, os.path.join("data",
"config_schema.json"))
if not valid:
logger.error(
"Couldn't validate the configation file {}: {}".format(
abs_path, error))
sys.exit(1)
new_config.load(data.read_yaml(new_config_file))
self.parse_source(new_config.paths, abs_path)
for path in data.recurse_path(abs_path):
if data.path_ignored(path, config_path.ignore):
logger.debug("Skipping ignored file path: {}".format(path))
continue
logger.debug("Parsing source files in path {}".format(path))
if os.path.isfile(path):
self.parser = self.get_parser_for_path(path, config_path)
if self.parser:
self.parser.parse_file(path)
def load_libraries(self):
self.load_threat_library(data.cwd(), local=True)
self.load_control_library(data.cwd(), local=True)
self.load_component_library(data.cwd(), local=True)
for import_path in self.config.imports:
abs_import_path = data.abs_path(import_path.path)
if abs_import_path == data.cwd():
continue # Local path processed above
self.load_threat_library(abs_import_path, local=False)
self.load_control_library(abs_import_path, local=False)
self.load_component_library(abs_import_path, local=False)
def load_local_config(self):
logger.debug("Loading local threatspec.yaml configuration file")
config_path = data.abs_path(data.cwd(), "threatspec.yaml")
(valid, error) = data.validate_yaml_file(
config_path, os.path.join("data", "config_schema.json"))
if not valid:
logger.error(
"Couldn't validate the configation file {}: {}".format(
"threatspec.yaml", error))
sys.exit(1)
self.config.load(data.read_yaml(config_path))
def load_threat_model(self, path):
filename = data.abs_path(path, "threatmodel", "threatmodel.json")
logger.debug("Validating {}".format(filename))
(valid, error) = data.validate_yaml_file(
filename, os.path.join("data", "threatmodel_schema.json"))
if not valid:
logger.error(
"Couldn't validate the threat model file {}: {}".format(
filename, error))
sys.exit(0)
try:
self.threatmodel.load(data.read_json(filename))
logger.debug("Loaded threat model from {}".format(filename))
except FileNotFoundError:
pass
def load_threat_library(self, path, local=False):
filename = data.abs_path(path, "threatmodel", "threats.json")
logger.debug("Validating {}".format(filename))
(valid, error) = data.validate_yaml_file(
filename, os.path.join("data", "threats_schema.json"))
if not valid:
logger.error(
"Couldn't validate the threat library file {}: {}".format(
filename, error))
sys.exit(0)
try:
if local:
run_id = self.threatmodel.run_id
else:
run_id = None
self.threat_library.load(data.read_json(filename), run_id)
logger.debug("Loaded threat library from {}".format(filename))
except FileNotFoundError:
pass
def init(self):
logger.info("Initialising threatspec...")
logger.debug("Creating default configuration file")
try:
data.copy_pkg_file(os.path.join("data", "default_config.yaml"),
"threatspec.yaml")
except FileExistsError as e:
logger.error(
"Configuration file already exists, it looks like threatspec has already been initiated here."
)
sys.exit(0)
config_file = data.abs_path(data.cwd(), "threatspec.yaml")
logger.debug("Validating {}".format(config_file))
(valid, error) = data.validate_yaml_file(
config_file, os.path.join("data", "config_schema.json"))
if not valid:
logger.error(
"Couldn't validate the configation file {}: {}".format(
config_file, error))
sys.exit(0)
logger.debug("Loading configuration")
self.config.load(data.read_yaml(config_file))
logger.debug("Creating directories")
try:
data.create_directories(["threatmodel"])
except IOError as e:
logger.error("Failed to create directories: {}".format(str(e)))
raise
logger.info("""
Threatspec has been initialised. You can now configure the project in this
repository by editing the following file:
threatspec.yaml.
""")
