dfetch-org
diff --git a/‎security/README.md‎
Lines changed: 21 additions & 0 deletions b/‎security/README.md‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎security/__init__.py‎ b/‎security/__init__.py‎
diff --git a/‎security/report_template.md‎
Lines changed: 180 additions & 0 deletions b/‎security/report_template.md‎
Lines changed: 180 additions & 0 deletions
@@ -0,0 +1,21 @@
+# Security
+
+This folder contains the threat models. They depend on features not yet in a
+pytm release; install a pinned commit until an official release is available:
+
+`pip install git+https://github.com/OWASP/pytm.git@279ed14aa13ea8f0b989717812fd4626bfcddf3d`
+
+To update the pin, verify the new commit in the upstream repository and replace
+the SHA above.
+
+After this you can generate various reports using:
+
+```bash
+python -m security.tm_supply_chain --report security/report_template.md > report.md
+python -m security.tm_supply_chain --dfd
+python -m security.tm_supply_chain --seq
+
+python -m security.tm_usage --report security/report_template.md > report_usage.md
+python -m security.tm_usage --dfd
+python -m security.tm_usage --seq
+```
@@ -0,0 +1,180 @@
+## System Description
+
+{tm.description}
+
+## Dataflow Diagram - Level 0 DFD
+
+{tm.dfd}
+
+## Dataflows
+
+Name|From|To |Data|Protocol|Port
+|:----:|:----:|:---:|:----:|:--------:|:----:|
+{dataflows:repeat:|{{item.display_name:call:}}|{{item.source.name}}|{{item.sink.name}}|{{item.data}}|{{item.protocol}}|{{item.dstPort}}|
+}
+
+## Data Dictionary
+
+Name|Description|Classification|Carried|Processed
+|:----:|:--------:|:----:|:----|:----|
+{data:repeat:|{{item.name}}|{{item.description}}|{{item.classification.name}}|{{item.carriedBy:repeat:{{{{item.name}}}}<br>}}|{{item.processedBy:repeat:{{{{item.name}}}}<br>}}|
+}
+
+## Actors
+
+{actors:repeat:
+Name|{{item.name}}
+|:----|:----|
+Description|{{item.description}}|
+Is Admin|{{item.isAdmin}}|
+Finding Count|{{item:call:getFindingCount}}|
+
+{{item:call:getInScopeFindings:
+**Threats**
+
+<details>
+  <summary>
+   {{item:call:getThreatId}} — {{item:call:getFindingDescription}}
+  </summary>
+
+  <h6> Targeted Element </h6>
+  <p>{{item:call:getFindingTarget}}</p>
+  <h6> Severity </h6>
+  <p>{{item:call:getFindingSeverity}}</p>
+  <h6>Example Instances</h6>
+  <p>{{item:call:getFindingExample}}</p>
+  <h6>Mitigations</h6>
+  <p>{{item:call:getFindingMitigations}}</p>
+  <h6>References</h6>
+  <p>{{item:call:getFindingReferences}}</p>
+  &emsp;
+</details>
+}}
+}
+
+## Boundaries
+
+{boundaries:repeat:
+Name|{{item.name}}
+|:----|:----|
+Description|{{item.description}}|
+In Scope|{{item.inScope}}|
+Immediate Parent|{{item.parents:if:{{item:call:getParentName}}}}{{item.parents:not:N/A, primary boundary}}|
+All Parents|{{item.parents:call:{{{{item.display_name:call:}}}}, }}|
+Classification|{{item.maxClassification}}|
+Finding Count|{{item:call:getFindingCount}}|
+
+{{item:call:getInScopeFindings:
+**Threats**
+
+<details>
+  <summary>
+    {{item:call:getThreatId}} — {{item:call:getFindingDescription}}
+  </summary>
+  <h6>Targeted Element</h6>
+  <p>{{item:call:getFindingTarget}}</p>
+  <h6>Severity</h6>
+  <p>{{item:call:getFindingSeverity}}</p>
+  <h6>Example Instances</h6>
+  <p>{{item:call:getFindingExample}}</p>
+  <h6>Mitigations</h6>
+  <p>{{item:call:getFindingMitigations}}</p>
+  <h6>References</h6>
+  <p>{{item:call:getFindingReferences}}</p>
+</details>
+}}
+}
+
+
+## Assets
+
+{assets:repeat:
+Name|{{item.name}}|
+|:----|:----|
+Description|{{item.description}}|
+In Scope|{{item.inScope}}|
+Type|{{item:call:getElementType}}|
+Finding Count|{{item:call:getFindingCount}}|
+
+{{item:call:getInScopeFindings:
+**Threats**
+
+<details>
+  <summary>
+    {{item:call:getThreatId}} — {{item:call:getFindingDescription}}
+  </summary>
+  <h6>Targeted Element</h6>
+  <p>{{item:call:getFindingTarget}}</p>
+  <h6>Severity</h6>
+  <p>{{item:call:getFindingSeverity}}</p>
+  <h6>Example Instances</h6>
+  <p>{{item:call:getFindingExample}}</p>
+  <h6>Mitigations</h6>
+  <p>{{item:call:getFindingMitigations}}</p>
+  <h6>References</h6>
+  <p>{{item:call:getFindingReferences}}</p>
+</details>
+}}
+}
+
+
+## Data Flows
+
+{dataflows:repeat:
+Name|{{item.name}}
+|:----|:----|
+Description|{{item.description}}|
+Sink|{{item.sink}}|
+Source|{{item.source}}|
+Is Response|{{item.isResponse}}|
+In Scope|{{item.inScope}}|
+Finding Count|{{item:call:getFindingCount}}|
+
+{{item:call:getInScopeFindings:
+**Threats**
+
+<details>
+  <summary>
+    {{item:call:getThreatId}} — {{item:call:getFindingDescription}}
+  </summary>
+  <h6>Targeted Element</h6>
+  <p>{{item:call:getFindingTarget}}</p>
+  <h6>Severity</h6>
+  <p>{{item:call:getFindingSeverity}}</p>
+  <h6>Example Instances</h6>
+  <p>{{item:call:getFindingExample}}</p>
+  <h6>Mitigations</h6>
+  <p>{{item:call:getFindingMitigations}}</p>
+  <h6>References</h6>
+  <p>{{item:call:getFindingReferences}}</p>
+</details>
+}}
+}
+
+
+{tm.excluded_findings:if:
+# Excluded Threats
+}
+
+{tm.excluded_findings:repeat:
+<details>
+  <summary>
+    {{item:call:getThreatId}} — {{item:call:getFindingDescription}}
+  </summary>
+  <p>
+    <b>{{item:call:getThreatId}}</b> was excluded for
+    <b>{{item:call:getFindingTarget}}</b>
+    because of the assumption "{{item.assumption.name}}"
+  </p>
+  {{item.assumption.description:if:
+  <h6>Assumption description</h6>
+  <p>{{item.assumption.description}}</p>
+  }}
+  <h6>Severity</h6>
+  <p>{{item:call:getFindingSeverity}}</p>
+  <h6>Example Instances</h6>
+  <p>{{item:call:getFindingExample}}</p>
+  <h6>References</h6>
+  <p>{{item:call:getFindingReferences}}</p>
+</details>
+}