Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Adding uniqueId and includeOrder #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
izar merged 13 commits into from
Apr 28, 2022
Merged

Adding uniqueId and includeOrder #190

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
c458cae
Adding includeOrder property to Element and adds order to name when true
per-oestergaard Feb 7, 2022
d416824
Adding uniqueId to Finding
per-oestergaard Feb 7, 2022
1531a89
expose uniqueId to html rendering
per-oestergaard Feb 7, 2022
bf51d1f
Let dataflow arrows use includeOrder syntax
per-oestergaard Feb 7, 2022
429b82f
Ignore .dccache and not-in-git
per-oestergaard Mar 13, 2022
f6c1cd1
Make datastore a rounded rectangle
per-oestergaard Mar 13, 2022
790bfbe
Remove not-in-git again
per-oestergaard Mar 23, 2022
ea1c722
Merge branch 'master' of https://github.com/izar/pytm into per-oester…
per-oestergaard Mar 28, 2022
42b64c0
Delete .dccache
per-oestergaard Mar 28, 2022
5da9f10
Reset shape to none
per-oestergaard Mar 28, 2022
d2be260
Add not -1 to help text
per-oestergaard Mar 28, 2022
400255a
Adding test cases
per-oestergaard Mar 28, 2022
13598a2
Remove test file x
per-oestergaard Mar 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,3 +130,6 @@ tm/
/tests/1.txt
/tests/0.txt
/tests/.config.pytm

# Snyk cache
.dccache
25 changes: 20 additions & 5 deletions pytm/pytm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -652,6 +652,8 @@ class Finding:
""",
)
cvss = varString("", required=False, doc="The CVSS score and/or vector")
uniqueId = varString(
"", doc="When order is present and includeOrder is true on the object, this will be formatted as findingId:order. E.g. if finding is INP01 and order is 123, the value becomes INP01:123.")

def __init__(
self,
Expand Down Expand Up @@ -809,7 +811,12 @@ def resolve(self):
continue

finding_count += 1
f = Finding(e, id=str(finding_count), threat=t)
if e.includeOrder is True and e.order != -1:
uniqueId="{}:{}".format(t.id,e.order)
else:
uniqueId=str(finding_count)

f = Finding(e, id=str(finding_count), threat=t, uniqueId=uniqueId)
logger.debug(f"new finding: {f}")
findings.append(f)
elements[e].append(f)
Expand Down Expand Up @@ -1295,11 +1302,15 @@ class Element:
doc="Location of the source code that describes this element relative to the directory of the model script.",
)
controls = varControls(None)
includeOrder = varBool(
False, doc="If True and Order is set (not -1), the displayed name will be formatted as 'order:name'. If you make Order unique, this will give you a stable reference you can use for synchronization etc.")
order = varInt(-1, doc="Number of this element in the threat model")

def __init__(self, name, **kwargs):
for key, value in kwargs.items():
setattr(self, key, value)
self.name = name
if self.includeOrder is True:
self.name = "{}:{}".format(self.order, name)
self.controls = Controls()
self.uuid = uuid.UUID(int=random.getrandbits(128))
self._is_drawn = False
Expand Down Expand Up @@ -1717,7 +1728,10 @@ def __init__(self, source, sink, name, **kwargs):
def display_name(self):
if self.order == -1:
return self.name
return "({}) {}".format(self.order, self.name)
elif self.includeOrder is True: # order is already included in name
return self.name
else:
return "({}) {}".format(self.order, self.name)

def _dfd_template(self):
return """{source} -> {sink} [
Expand Down Expand Up @@ -1890,8 +1904,8 @@ def encode_element_threat_data(obj):
v = getattr(o, a)
if (type(v) is not list or (type(v) is list and len(v) != 0)):
c._safeset(a, v)
encoded_elements.append(c)

encoded_elements.append(c)

return encoded_elements

Expand All @@ -1909,6 +1923,7 @@ def encode_threat_data(obj):
"threat_id",
"references",
"condition",
"uniqueId"
]

if type(obj) is Finding or (len(obj) != 0 and type(obj[0]) is Finding):
Expand Down
35 changes: 35 additions & 0 deletions tests/test_pytmfunc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,41 @@ def test_dfd_duplicates_raise(self):
with self.assertRaisesRegex(ValueError, e):
tm.check()

def test_order_in_finding(self):
random.seed(0)

TM.reset()
order=1234
threat_name = "INP03"
formatted_name="{0}:{1}".format(threat_name,order)

tm = TM("my test tm", description="aaa")
web = Server("Web")
web.includeOrder= True
web.order=order

tm.resolve()

self.assertIn(formatted_name, [t.uniqueId for t in tm.findings])

def test_order_not_in_finding_no_includeorder(self):
random.seed(0)

TM.reset()
order=1234
threat_name = "INP03"
formatted_name="{0}:{1}".format(threat_name,order)

tm = TM("my test tm", description="aaa")
web = Server("Web")
web.includeOrder= False
web.order=order

tm.resolve()

self.assertIn(("1","INP03"), [(t.uniqueId,t.threat_id) for t in tm.findings])
self.assertNotIn((formatted_name,"INP03"), [(t.uniqueId,t.threat_id) for t in tm.findings])

def test_exclude_threats_ignore(self):
random.seed(0)

Expand Down