Thanks to visit codestin.com
Credit goes to github.com

Skip to content

add categories to threats #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
nineinchnick wants to merge 1 commit into from
Closed

add categories to threats #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ Name|From|To |Data|Protocol|Port
<p> {{item.target}} </p>
<h6> Severity </h6>
<p>{{item.severity}}</p>
<h6> Impacted Security Properties </h6>
<p>{{item.impactedSecurityProperties }}</p>
<h6>Example Instances</h6>
<p>{{item.example}}</p>
<h6>Mitigations</h6>
Expand Down
111 changes: 72 additions & 39 deletions pytm/pytm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,19 @@ def __set__(self, instance, value):
super().__set__(instance, value)


class varStrings(var):

def __set__(self, instance, value):
for i, e in enumerate(value):
if not isinstance(e, str):
raise ValueError(
"expecting a list of Strings, item number {} is a {}".format(
i, type(value)
)
)
super().__set__(instance, list(value))


class varBoundary(var):

def __set__(self, instance, value):
Expand Down Expand Up @@ -293,23 +306,29 @@ class Threat():
mitigations = varString("")
example = varString("")
references = varString("")
target = ()
target = var([])
impactedSecurityProperties = varStrings([])

def __init__(self, **kwargs):
self.id = kwargs['SID']
self.description = kwargs.get('description', '')
self.condition = kwargs.get('condition', 'True')
target = kwargs.get('target', 'Element')
if not isinstance(target, str) and isinstance(target, Iterable):
target = tuple(target)
else:
target = (target,)
self.id = kwargs["SID"]
self.description = kwargs.get("description", "")
self.condition = kwargs.get("condition", "True")
self.details = kwargs.get("details", "")
self.severity = kwargs.get("severity", "")
self.mitigations = kwargs.get("mitigations", "")
self.example = kwargs.get("example", "")
self.references = kwargs.get("references", "")

target = kwargs.get("target", "Element")
if isinstance(target, str) or not isinstance(target, Iterable):
target = [target]
self.target = tuple(getattr(sys.modules[__name__], x) for x in target)
self.details = kwargs.get('details', '')
self.severity = kwargs.get('severity', '')
self.mitigations = kwargs.get('mitigations', '')
self.example = kwargs.get('example', '')
self.references = kwargs.get('references', '')

impactedSecurityProperties = kwargs.get("impactedSecurityProperties", [])
if isinstance(impactedSecurityProperties, str) or not isinstance(impactedSecurityProperties, Iterable):
self.impactedSecurityProperties = [impactedSecurityProperties]
else:
self.impactedSecurityProperties = list(impactedSecurityProperties)

def __repr__(self):
return "<{0}.{1}({2}) at {3}>".format(
Expand Down Expand Up @@ -342,24 +361,47 @@ class Finding():
def __init__(
self,
element,
description=None,
details=None,
severity=None,
mitigations=None,
example=None,
id=None,
references=None,
threat=None,
**kwargs,
):
self.target = element.name
self.element = element
self.description = description
self.details = details
self.severity = severity
self.mitigations = mitigations
self.example = example
self.id = id
self.references = references
attrs = [
"description",
"details",
"severity",
"mitigations",
"example",
"id",
"references",
]
threat = kwargs.get("threat", None)
if threat:
for a in attrs:
setattr(self, a, getattr(threat, a))
setattr(self, "_impactedSecurityProperties", threat.impactedSecurityProperties)
return

for a in attrs:
if a in kwargs:
setattr(self, a, kwargs.get(a))
if "impactedSecurityProperties" in kwargs:
setattr(
self,
"_impactedSecurityProperties",
kwargs.get("impactedSecurityProperties"),
)

def __repr__(self):
return "<{0}.{1}({2}) at {3}>".format(
self.__module__, type(self).__name__, self.id, hex(id(self))
)

def __str__(self):
return "{0}({1})".format(type(self).__name__, self.id)

@property
def impactedSecurityProperties(self):
return ', '.join(self._impactedSecurityProperties)


class TM():
Expand Down Expand Up @@ -421,16 +463,7 @@ def resolve(self):
for t in TM._BagOfThreats:
if not t.apply(e):
continue
f = Finding(
e,
t.description,
t.details,
t.severity,
t.mitigations,
t.example,
t.id,
t.references,
)
f = Finding(e, threat=t)
findings.append(f)
elements[e].append(f)
self.findings = findings
Expand Down
Loading