Skip to content

Commit ba40087

Browse files
committed
fix(lab2): shorten Threagile model title to fit Excel 31-char sheet-name limit
Threagile uses the model title as the risks.xlsx sheet name; the shipped 41-char title crashed report generation at the Excel step ('the sheet name length exceeds the 31 characters limit'), leaving JSONs/diagrams but no risks.xlsx or report.pdf. Verified full output with threagile/threagile:0.9.1. Also documented the pitfall in lab2.md. Signed-off-by: Dmitrii Creed <creeed22@gmail.com>
1 parent 1ffc819 commit ba40087

2 files changed

Lines changed: 2 additions & 1 deletion

File tree

β€Žlabs/lab2.mdβ€Ž

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -369,6 +369,7 @@ PR checklist body:
369369
- 🚨 **`docker: invalid reference format`** β€” make sure you wrote `threagile/threagile:0.9.1` not `threagile:v0.9.1` (no namespace).
370370
- 🚨 **Output directory empty after run** β€” Threagile needs write access. Verify the volume mount `-v "$(pwd)/labs/lab2":/app/work` and that `output/` exists with write perms before running.
371371
- 🚨 **`undefined protocol: xyz`** β€” Threagile validates protocol enums. Common typo: `JDBC-encrypted` (capitalized) β€” use lowercase `jdbc-encrypted`.
372+
- 🚨 **`the sheet name length exceeds the 31 characters limit`** β€” Threagile uses your model's `title:` as the Excel sheet name in `risks.xlsx`; Excel caps sheet names at 31 characters. Keep `title:` short (≀ 31 chars). The run dies at the Excel step, so you get JSONs and diagrams but no `risks.xlsx`/`report.pdf`. (The `Fontconfig error` lines are harmless noise β€” ignore them.)
372373
- 🚨 **PDF is huge / slow to open** β€” that's normal. Use `risks.json` + `jq` for fast iteration; open the PDF only for the final report.
373374
- 🚨 **Secure variant has MORE risks than baseline** β€” usually means you added a new asset without declaring its security requirements. Threagile rules can fire on new assets you accidentally introduced; review your diff carefully.
374375
- 🚨 **"My auth-flow model has 50 risks!"** β€” that's usually because you copied the baseline model and trimmed it. Build the auth model **from scratch** β€” minimum viable assets + links + data. Threagile rules multiply on under-specified models.

β€Žlabs/lab2/threagile-model.yamlβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
threagile_version: 1.0.0
22

3-
title: OWASP Juice Shop β€” Local Lab Threat Model
3+
title: OWASP Juice Shop Threat Model
44
date: 2025-09-18
55

66
author:

0 commit comments

Comments
Β (0)