Documentation ¶
Index ¶
- Constants
- Variables
- func AddTagToModelInput(modelInput *ModelInput, tag string, dryRun bool, changes *[]string)
- func AddToListOfSupportedTags(tags []string)
- func Contains(a []string, x string) bool
- func ContainsCaseInsensitiveAny(a []string, x ...string) bool
- func CountRisks(risksByCategory map[RiskCategory][]Risk) int
- func FilterByModelFailures(risksByCat map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func Init()
- func IsSharingSameParentTrustBoundary(left, right TechnicalAsset) bool
- func IsTaggedWithBaseTag(tags []string, basetag string) bool
- func MakeID(val string) string
- func NormalizeTag(tag string) string
- func QuestionsUnanswered() int
- func RisksOfOnlyArchitecture(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlyBusinessSide(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlyDevelopment(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlyOperation(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlySTRIDEDenialOfService(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlySTRIDEElevationOfPrivilege(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlySTRIDEInformationDisclosure(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlySTRIDERepudiation(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlySTRIDESpoofing(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func RisksOfOnlySTRIDETampering(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
- func SortedKeysOfAbuseCases() []string
- func SortedKeysOfDataAssets() []string
- func SortedKeysOfIndividualRiskCategories() []string
- func SortedKeysOfQuestions() []string
- func SortedKeysOfSecurityRequirements() []string
- func SortedKeysOfSharedRuntime() []string
- func SortedKeysOfTechnicalAssets() []string
- func SortedKeysOfTrustBoundaries() []string
- func SortedTechnicalAssetIDs() []string
- func TagsActuallyUsed() []string
- func TotalRiskCount() int
- type Authentication
- type Author
- type Authorization
- type ByDataAssetDataBreachProbabilityAndTitleSort
- type ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk
- type ByDataAssetTitleSort
- type ByDataBreachProbabilitySort
- type ByDataFormatAcceptedSort
- type ByOrderAndIdSort
- type ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk
- type ByRiskCategoryTitleSort
- type ByRiskSeveritySort
- type BySharedRuntimeTitleSort
- type ByTechnicalAssetRAAAndTitleSort
- type ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk
- type ByTechnicalAssetTitleSort
- type ByTechnicalCommunicationLinkIdSort
- type ByTechnicalCommunicationLinkTitleSort
- type ByTrustBoundaryTitleSort
- type CommunicationLink
- func (what CommunicationLink) DataAssetsReceivedSorted() []DataAsset
- func (what CommunicationLink) DataAssetsSentSorted() []DataAsset
- func (what CommunicationLink) DetermineArrowColor() string
- func (what CommunicationLink) DetermineArrowLineStyle() string
- func (what CommunicationLink) DetermineArrowPenWidth() string
- func (what CommunicationLink) DetermineLabelColor() string
- func (what CommunicationLink) HighestAvailability() Criticality
- func (what CommunicationLink) HighestConfidentiality() Confidentiality
- func (what CommunicationLink) HighestIntegrity() Criticality
- func (what CommunicationLink) IsAcrossTrustBoundary() bool
- func (what CommunicationLink) IsAcrossTrustBoundaryNetworkOnly() bool
- func (what CommunicationLink) IsBidirectional() bool
- func (what CommunicationLink) IsTaggedWithAny(tags ...string) bool
- func (what CommunicationLink) IsTaggedWithBaseTag(basetag string) bool
- type Confidentiality
- func (what Confidentiality) AttackerAttractivenessForAsset() float64
- func (what Confidentiality) AttackerAttractivenessForInOutTransferredData() float64
- func (what Confidentiality) AttackerAttractivenessForProcessedOrStoredData() float64
- func (what Confidentiality) Explain() string
- func (what Confidentiality) RatingStringInScale() string
- func (what Confidentiality) String() string
- type Criticality
- func (what Criticality) AttackerAttractivenessForAsset() float64
- func (what Criticality) AttackerAttractivenessForInOutTransferredData() float64
- func (what Criticality) AttackerAttractivenessForProcessedOrStoredData() float64
- func (what Criticality) Explain() string
- func (what Criticality) RatingStringInScale() string
- func (what Criticality) String() string
- type CustomRiskRule
- type DataAsset
- func (what DataAsset) IdentifiedDataBreachProbability() DataBreachProbability
- func (what DataAsset) IdentifiedDataBreachProbabilityRisks() []Risk
- func (what DataAsset) IdentifiedDataBreachProbabilityRisksStillAtRisk() []Risk
- func (what DataAsset) IdentifiedDataBreachProbabilityStillAtRisk() DataBreachProbability
- func (what DataAsset) IdentifiedRisksByResponsibleTechnicalAssetId() map[string][]Risk
- func (what DataAsset) IsDataBreachPotentialStillAtRisk() bool
- func (what DataAsset) IsTaggedWithAny(tags ...string) bool
- func (what DataAsset) IsTaggedWithBaseTag(basetag string) bool
- func (what DataAsset) ProcessedByTechnicalAssetsSorted() []TechnicalAsset
- func (what DataAsset) ReceivedViaCommLinksSorted() []CommunicationLink
- func (what DataAsset) SentViaCommLinksSorted() []CommunicationLink
- func (what DataAsset) StoredByTechnicalAssetsSorted() []TechnicalAsset
- type DataBreachProbability
- type DataFormat
- type EncryptionStyle
- type InputCommunicationLink
- type InputDataAsset
- type InputIndividualRiskCategory
- type InputRiskIdentified
- type InputRiskTracking
- type InputSharedRuntime
- type InputTechnicalAsset
- type InputTrustBoundary
- type MacroDetails
- type MacroQuestion
- type ModelInput
- type Overview
- type ParsedModel
- type Protocol
- func (what Protocol) Explain() string
- func (what Protocol) IsEncrypted() bool
- func (what Protocol) IsPotentialDatabaseAccessProtocol(includingLaxDatabaseProtocols bool) bool
- func (what Protocol) IsPotentialWebAccessProtocol() bool
- func (what Protocol) IsProcessLocal() bool
- func (what Protocol) String() string
- type Quantity
- type Risk
- func AllRisks() []Risk
- func FilteredByOnlyArchitecture() []Risk
- func FilteredByOnlyBusinessSide() []Risk
- func FilteredByOnlyCriticalRisks() []Risk
- func FilteredByOnlyDevelopment() []Risk
- func FilteredByOnlyElevatedRisks() []Risk
- func FilteredByOnlyHighRisks() []Risk
- func FilteredByOnlyLowRisks() []Risk
- func FilteredByOnlyMediumRisks() []Risk
- func FilteredByOnlyOperation() []Risk
- func FilteredByRiskTrackingAccepted() []Risk
- func FilteredByRiskTrackingFalsePositive() []Risk
- func FilteredByRiskTrackingInDiscussion() []Risk
- func FilteredByRiskTrackingInProgress() []Risk
- func FilteredByRiskTrackingMitigated() []Risk
- func FilteredByRiskTrackingUnchecked() []Risk
- func FilteredByStillAtRisk() []Risk
- func FlattenRiskSlice(risksByCat map[RiskCategory][]Risk) []Risk
- func ReduceToOnlyHighRisk(risks []Risk) []Risk
- func ReduceToOnlyLowRisk(risks []Risk) []Risk
- func ReduceToOnlyMediumRisk(risks []Risk) []Risk
- func ReduceToOnlyRiskTrackingAccepted(risks []Risk) []Risk
- func ReduceToOnlyRiskTrackingFalsePositive(risks []Risk) []Risk
- func ReduceToOnlyRiskTrackingInDiscussion(risks []Risk) []Risk
- func ReduceToOnlyRiskTrackingInProgress(risks []Risk) []Risk
- func ReduceToOnlyRiskTrackingMitigated(risks []Risk) []Risk
- func ReduceToOnlyRiskTrackingUnchecked(risks []Risk) []Risk
- func ReduceToOnlyStillAtRisk(risks []Risk) []Risk
- func SortedRisksOfCategory(category RiskCategory) []Risk
- type RiskCategory
- func CategoriesOfOnlyCriticalRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
- func CategoriesOfOnlyElevatedRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
- func CategoriesOfOnlyHighRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
- func CategoriesOfOnlyLowRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
- func CategoriesOfOnlyMediumRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
- func CategoriesOfOnlyRisksStillAtRisk(risksByCategory map[RiskCategory][]Risk) []RiskCategory
- func SortedRiskCategories() []RiskCategory
- type RiskExploitationImpact
- type RiskExploitationLikelihood
- type RiskFunction
- type RiskRule
- type RiskSeverity
- type RiskStatistics
- type RiskStatus
- type RiskTracking
- type STRIDE
- type SharedRuntime
- func (what SharedRuntime) HighestAvailability() Criticality
- func (what SharedRuntime) HighestConfidentiality() Confidentiality
- func (what SharedRuntime) HighestIntegrity() Criticality
- func (what SharedRuntime) IsTaggedWithAny(tags ...string) bool
- func (what SharedRuntime) IsTaggedWithBaseTag(basetag string) bool
- func (what SharedRuntime) TechnicalAssetWithHighestRAA() TechnicalAsset
- type TechnicalAsset
- func InScopeTechnicalAssets() []TechnicalAsset
- func OutOfScopeTechnicalAssets() []TechnicalAsset
- func SortedTechnicalAssetsByRAAAndTitle() []TechnicalAsset
- func SortedTechnicalAssetsByRiskSeverityAndTitle() []TechnicalAsset
- func SortedTechnicalAssetsByTitle() []TechnicalAsset
- func TechnicalAssetsTaggedWithAny(tags ...string) []TechnicalAsset
- func (what TechnicalAsset) CommunicationLinksSorted() []CommunicationLink
- func (what TechnicalAsset) DataAssetsProcessedSorted() []DataAsset
- func (what TechnicalAsset) DataAssetsStoredSorted() []DataAsset
- func (what TechnicalAsset) DataFormatsAcceptedSorted() []DataFormat
- func (what TechnicalAsset) DetermineLabelColor() string
- func (what TechnicalAsset) DetermineShapeBorderColor() string
- func (what TechnicalAsset) DetermineShapeBorderLineStyle() string
- func (what TechnicalAsset) DetermineShapeBorderPenWidth() string
- func (what TechnicalAsset) DetermineShapeFillColor() string
- func (what TechnicalAsset) DetermineShapePeripheries() int
- func (what TechnicalAsset) DetermineShapeStyle() string
- func (what TechnicalAsset) GeneratedRisks() []Risk
- func (what TechnicalAsset) GetTrustBoundaryId() string
- func (what TechnicalAsset) HasDirectConnection(otherAssetId string) bool
- func (what TechnicalAsset) HighestAvailability() Criticality
- func (what TechnicalAsset) HighestConfidentiality() Confidentiality
- func (what TechnicalAsset) HighestIntegrity() Criticality
- func (what TechnicalAsset) HighestSensitivityScore() float64
- func (what TechnicalAsset) IsSameExecutionEnvironment(otherAssetId string) bool
- func (what TechnicalAsset) IsSameTrustBoundary(otherAssetId string) bool
- func (what TechnicalAsset) IsSameTrustBoundaryNetworkOnly(otherAssetId string) bool
- func (what TechnicalAsset) IsTaggedWithAny(tags ...string) bool
- func (what TechnicalAsset) IsTaggedWithAnyTraversingUp(tags ...string) bool
- func (what TechnicalAsset) IsTaggedWithBaseTag(basetag string) bool
- func (what TechnicalAsset) IsZero() bool
- func (what TechnicalAsset) ProcessesOrStoresDataAsset(dataAssetId string) bool
- type TechnicalAssetMachine
- type TechnicalAssetSize
- type TechnicalAssetTechnology
- func (what TechnicalAssetTechnology) Explain() string
- func (what TechnicalAssetTechnology) IsClient() bool
- func (what TechnicalAssetTechnology) IsCloseToHighValueTargetsTolerated() bool
- func (what TechnicalAssetTechnology) IsDevelopmentRelevant() bool
- func (what TechnicalAssetTechnology) IsEmbeddedComponent() bool
- func (what TechnicalAssetTechnology) IsExclusivelyBackendRelated() bool
- func (what TechnicalAssetTechnology) IsExclusivelyFrontendRelated() bool
- func (what TechnicalAssetTechnology) IsIdentityRelated() bool
- func (what TechnicalAssetTechnology) IsLessProtectedType() bool
- func (what TechnicalAssetTechnology) IsSecurityControlRelated() bool
- func (what TechnicalAssetTechnology) IsTrafficForwarding() bool
- func (what TechnicalAssetTechnology) IsUnnecessaryDataTolerated() bool
- func (what TechnicalAssetTechnology) IsUnprotectedCommsTolerated() bool
- func (what TechnicalAssetTechnology) IsUsuallyAbleToPropagateIdentityToOutgoingTargets() bool
- func (what TechnicalAssetTechnology) IsUsuallyProcessingEnduserRequests() bool
- func (what TechnicalAssetTechnology) IsUsuallyStoringEnduserData() bool
- func (what TechnicalAssetTechnology) IsWebApplication() bool
- func (what TechnicalAssetTechnology) IsWebService() bool
- func (what TechnicalAssetTechnology) String() string
- type TechnicalAssetType
- type TrustBoundary
- func (what TrustBoundary) AllParentTrustBoundaryIDs() []string
- func (what TrustBoundary) HighestAvailability() Criticality
- func (what TrustBoundary) HighestConfidentiality() Confidentiality
- func (what TrustBoundary) HighestIntegrity() Criticality
- func (what TrustBoundary) IsTaggedWithAny(tags ...string) bool
- func (what TrustBoundary) IsTaggedWithAnyTraversingUp(tags ...string) bool
- func (what TrustBoundary) IsTaggedWithBaseTag(basetag string) bool
- func (what TrustBoundary) ParentTrustBoundaryID() string
- func (what TrustBoundary) RecursivelyAllTechnicalAssetIDsInside() []string
- type TrustBoundaryType
- type TypeDescription
- type TypeEnum
- func AuthenticationValues() []TypeEnum
- func AuthorizationValues() []TypeEnum
- func ConfidentialityValues() []TypeEnum
- func CriticalityValues() []TypeEnum
- func DataBreachProbabilityValues() []TypeEnum
- func DataFormatValues() []TypeEnum
- func EncryptionStyleValues() []TypeEnum
- func ProtocolValues() []TypeEnum
- func QuantityValues() []TypeEnum
- func RiskExploitationImpactValues() []TypeEnum
- func RiskExploitationLikelihoodValues() []TypeEnum
- func RiskFunctionValues() []TypeEnum
- func RiskSeverityValues() []TypeEnum
- func RiskStatusValues() []TypeEnum
- func STRIDEValues() []TypeEnum
- func TechnicalAssetMachineValues() []TypeEnum
- func TechnicalAssetSizeValues() []TypeEnum
- func TechnicalAssetTechnologyValues() []TypeEnum
- func TechnicalAssetTypeValues() []TypeEnum
- func TrustBoundaryTypeValues() []TypeEnum
- func UsageValues() []TypeEnum
- type Usage
Constants ¶
const NoMoreQuestionsID = ""
const TempFolder = "/dev/shm" // TODO: make configurable via cmdline arg?
const ThreagileVersion = "1.0.0" // Also update into example and stub model files and openapi.yaml
Variables ¶
var AllSupportedTags map[string]bool
var AuthenticationTypeDescription = [...]TypeDescription{
{"none", "No authentication"},
{"credentials", "Username and password, pin or passphrase"},
{"session-id", "A server generated session id with limited life span"},
{"token", "A server generated token. Containing session id, other data and is cryptographically signed"},
{"client-certificate", "A certificate file stored on the client identifying this specific client"},
{"two-factor", "Credentials plus another factor like a physical object (card) or biometrics"},
{"externalized", "Some external company handles authentication"},
}
var AuthorizationTypeDescription = [...]TypeDescription{
{"none", "No authorization"},
{"technical-user", "Technical user (service-to-service) like DB user credentials"},
{"enduser-identity-propagation", "Identity of end user propagates to this service"},
}
var CommunicationLinks map[string]CommunicationLink // TODO as part of "ParsedModelRoot"?
var ConfidentialityTypeDescription = [...]TypeDescription{
{"public", "Public available information"},
{"internal", "(Company) internal information - but all people in the institution can access it"},
{"restricted", "Internal and with restricted access"},
{"confidential", "Only a few selected people have access"},
{"strictly-confidential", "Highest secrecy level"},
}
var CriticalityTypeDescription = [...]TypeDescription{
{"archive", "Stored, not active"},
{"operational", "If this fails, people will just have an ad-hoc coffee break until it is back"},
{"important", "Issues here results in angry people"},
{"critical", "Failure is really expensive or crippling"},
{"mission-critical", "This must not fail"},
}
var DataBreachProbabilityTypeDescription = [...]TypeDescription{
{"improbable", "Improbable"},
{"possible", "Possible"},
{"probable", "Probable"},
}
var DataFormatTypeDescription = [...]TypeDescription{
{"json", "JSON"},
{"xml", "XML"},
{"serialization", "Serialized program objects"},
{"file", "Specific file types for data"},
{"csv", "CSV"},
}
var DirectContainingTrustBoundaryMappedByTechnicalAssetId map[string]TrustBoundary
var EncryptionStyleTypeDescription = [...]TypeDescription{
{"none", "No encryption"},
{"transparent", "Encrypted data at rest"},
{"data-with-symmetric-shared-key", "Both communication partners have the same key. This must be kept secret"},
{"data-with-asymmetric-shared-key", "The key is split into public and private. Those two are shared between partners"},
{"data-with-enduser-individual-key", "The key is (managed) by the end user"},
}
var GeneratedRisksByCategory map[RiskCategory][]Risk
var GeneratedRisksBySyntheticId map[string]Risk
var IncomingTechnicalCommunicationLinksMappedByTargetId map[string][]CommunicationLink
var ProtocolTypeDescription = [...]TypeDescription{
{"unknown-protocol", "Unknown protocol"},
{"http", "HTTP protocol"},
{"https", "HTTPS protocol (encrypted)"},
{"ws", "WebSocket"},
{"wss", "WebSocket but encrypted"},
{"reverse-proxy-web-protocol", "Protocols used by reverse proxies"},
{"reverse-proxy-web-protocol-encrypted", "Protocols used by reverse proxies but encrypted"},
{"mqtt", "MQTT Message protocol. Encryption via TLS is optional"},
{"jdbc", "Java Database Connectivity"},
{"jdbc-encrypted", "Java Database Connectivity but encrypted"},
{"odbc", "Open Database Connectivity"},
{"odbc-encrypted", "Open Database Connectivity but encrypted"},
{"sql-access-protocol", "SQL access protocol"},
{"sql-access-protocol-encrypted", "SQL access protocol but encrypted"},
{"nosql-access-protocol", "NOSQL access protocol"},
{"nosql-access-protocol-encrypted", "NOSQL access protocol but encrypted"},
{"binary", "Some other binary protocol"},
{"binary-encrypted", "Some other binary protocol, encrypted"},
{"text", "Some other text protocol"},
{"text-encrypted", "Some other text protocol, encrypted"},
{"ssh", "Secure Shell to execute commands"},
{"ssh-tunnel", "Secure Shell as a tunnel"},
{"smtp", "Mail transfer protocol (sending)"},
{"smtp-encrypted", "Mail transfer protocol (sending), encrypted"},
{"pop3", "POP 3 mail fetching"},
{"pop3-encrypted", "POP 3 mail fetching, encrypted"},
{"imap", "IMAP mail sync protocol"},
{"imap-encrypted", "IMAP mail sync protocol, encrypted"},
{"ftp", "File Transfer Protocol"},
{"ftps", "FTP with TLS"},
{"sftp", "FTP on SSH"},
{"scp", "Secure Shell to copy files"},
{"ldap", "Lightweight Directory Access Protocol - User directories"},
{"ldaps", "Lightweight Directory Access Protocol - User directories on TLS"},
{"jms", "Jakarta Messaging"},
{"nfs", "Network File System"},
{"smb", "Server Message Block"},
{"smb-encrypted", "Server Message Block, but encrypted"},
{"local-file-access", "Data files are on the local system"},
{"nrpe", "Nagios Remote Plugin Executor"},
{"xmpp", "Extensible Messaging and Presence Protocol"},
{"iiop", "Internet Inter-ORB Protocol "},
{"iiop-encrypted", "Internet Inter-ORB Protocol , encrypted"},
{"jrmp", "Java Remote Method Protocol"},
{"jrmp-encrypted", "Java Remote Method Protocol, encrypted"},
{"in-process-library-call", "Call to local library"},
{"container-spawning", "Spawn a container"},
}
var QuantityTypeDescription = [...]TypeDescription{
{"very-few", "Very few"},
{"few", "Few"},
{"many", "Many"},
{"very-many", "Very many"},
}
var RiskExploitationImpactTypeDescription = [...]TypeDescription{
{"low", "Low"},
{"medium", "Medium"},
{"high", "High"},
{"very-high", "Very High"},
}
var RiskExploitationLikelihoodTypeDescription = [...]TypeDescription{
{"unlikely", "Unlikely"},
{"likely", "Likely"},
{"very-likely", "Very-Likely"},
{"frequent", "Frequent"},
}
var RiskFunctionTypeDescription = [...]TypeDescription{
{"business-side", "Business"},
{"architecture", "Architecture"},
{"development", "Development"},
{"operations", "Operations"},
}
var RiskSeverityTypeDescription = [...]TypeDescription{
{"low", "Low"},
{"medium", "Medium"},
{"elevated", "Elevated"},
{"high", "High"},
{"critical", "Critical"},
}
var RiskStatusTypeDescription = [...]TypeDescription{
{"unchecked", "Risk has not yet been reviewed"},
{"in-discussion", "Risk is currently being discussed (during review)"},
{"accepted", "Risk has been accepted (as possibly a corporate risk acceptance process defines)"},
{"in-progress", "Risk mitigation is currently in progress"},
{"mitigated", "Risk has been mitigated"},
{"false-positive", "Risk is a false positive (i.e. no risk at all or not applicable)"},
}
var StrideTypeDescription = [...]TypeDescription{
{"spoofing", "Spoofing - Authenticity"},
{"tampering", "Tampering - Integrity"},
{"repudiation", "Repudiation - Non-repudiability"},
{"information-disclosure", "Information disclosure - Confidentiality"},
{"denial-of-service", "Denial of service - Availability"},
{"elevation-of-privilege", "Elevation of privilege - Authorization"},
}
var TechnicalAssetMachineTypeDescription = [...]TypeDescription{
{"physical", "A physical machine"},
{"virtual", "A virtual machine"},
{"container", "A container"},
{"serverless", "A serverless application"},
}
var TechnicalAssetSizeDescription = [...]TypeDescription{
{"system", "A system consists of several services"},
{"service", "A specific service (web, mail, ...)"},
{"application", "A single application"},
{"component", "A component of an application (smaller unit like a microservice)"},
}
var TechnicalAssetTechnologyTypeDescription = [...]TypeDescription{
{"unknown-technology", "Unknown technology"},
{"client-system", "A client system"},
{"browser", "A web browser"},
{"desktop", "A desktop system (or laptop)"},
{"mobile-app", "A mobile app (smartphone, tablet)"},
{"devops-client", "A client used for DevOps"},
{"web-server", "A web server"},
{"web-application", "A web application"},
{"application-server", "An application server (Apache Tomcat, ...)"},
{"database", "A database"},
{"file-server", "A file server"},
{"local-file-system", "The local file system"},
{"erp", "Enterprise-Resource-Planning"},
{"cms", "Content Management System"},
{"web-service-rest", "A REST web service (API)"},
{"web-service-soap", "A SOAP web service (API)"},
{"ejb", "Jakarta Enterprise Beans fka Enterprise JavaBeans"},
{"search-index", "The index database of a search engine"},
{"search-engine", "A search engine"},
{"service-registry", "A central place where data schemas can be found and distributed"},
{"reverse-proxy", "A proxy hiding internal infrastructure from caller making requests. Can also reduce load"},
{"load-balancer", "A load balancer directing incoming requests to available internal infrastructure"},
{"build-pipeline", "A software build pipeline"},
{"sourcecode-repository", "Git or similar"},
{"artifact-registry", "A registry to store build artifacts"},
{"code-inspection-platform", "(Static) Code Analysis)"},
{"monitoring", "A monitoring system (SIEM, logs)"},
{"ldap-server", "A LDAP server"},
{"container-platform", "A platform for hosting and executing containers"},
{"batch-processing", "A set of tools automatically processing data"},
{"event-listener", "An event listener waiting to be triggered and spring to action"},
{"identity-provider", "A authentication provider"},
{"identity-store-ldap", "Authentication data as LDAP"},
{"identity-store-database", "Authentication data as database"},
{"tool", "A specific tool"},
{"cli", "A command line tool"},
{"task", "A specific task"},
{"function", "A specific function (maybe RPC ?)"},
{"gateway", "A gateway connecting two systems or trust boundaries"},
{"iot-device", "An IoT device"},
{"message-queue", "A message queue (like MQTT)"},
{"stream-processing", "Data stream processing"},
{"service-mesh", "Infrastructure for service-to-service communication"},
{"data-lake", "A huge database"},
{"big-data-platform", "Storage for big data"},
{"report-engine", "Software for report generation"},
{"ai", "An Artificial Intelligence service"},
{"mail-server", "A Mail server"},
{"vault", "Encryption and key management"},
{"hsm", "Hardware Security Module"},
{"waf", "Web Application Firewall"},
{"ids", "Intrusion Detection System"},
{"ips", "Intrusion Prevention System"},
{"scheduler", "Scheduled tasks"},
{"mainframe", "A central, big computer"},
{"block-storage", "SAN or similar central file storage"},
{"library", "A software library"},
}
var TechnicalAssetTypeDescription = [...]TypeDescription{
{"external-entity", "This asset is hosted and managed by a third party"},
{"process", "A software process"},
{"datastore", "This asset stores data"},
}
var TrustBoundaryTypeDescription = [...]TypeDescription{
{"network-on-prem", "The whole network is on prem"},
{"network-dedicated-hoster", "The network is at a dedicated hoster"},
{"network-virtual-lan", "Network is a VLAN"},
{"network-cloud-provider", "Network is at a cloud provider"},
{"network-cloud-security-group", "Cloud rules controlling network traffic"},
{"network-policy-namespace-isolation", "Segregation in a Kubernetes cluster"},
{"execution-environment", "Logical group of items (not a protective network boundary in that sense). More like a namespace or another logical group of items"},
}
var UsageTypeDescription = [...]TypeDescription{
{"business", "This system is operational and does business tasks"},
{"devops", "This system is for development and/or deployment or other operational tasks"},
}
Functions ¶
func AddTagToModelInput ¶
func AddTagToModelInput(modelInput *ModelInput, tag string, dryRun bool, changes *[]string)
func AddToListOfSupportedTags ¶
func AddToListOfSupportedTags(tags []string)
func CountRisks ¶
func CountRisks(risksByCategory map[RiskCategory][]Risk) int
func FilterByModelFailures ¶
func FilterByModelFailures(risksByCat map[RiskCategory][]Risk) map[RiskCategory][]Risk
func IsSharingSameParentTrustBoundary ¶
func IsSharingSameParentTrustBoundary(left, right TechnicalAsset) bool
func IsTaggedWithBaseTag ¶
func NormalizeTag ¶
func QuestionsUnanswered ¶
func QuestionsUnanswered() int
func RisksOfOnlyArchitecture ¶
func RisksOfOnlyArchitecture(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlyBusinessSide ¶
func RisksOfOnlyBusinessSide(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlyDevelopment ¶
func RisksOfOnlyDevelopment(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlyOperation ¶
func RisksOfOnlyOperation(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlySTRIDEDenialOfService ¶
func RisksOfOnlySTRIDEDenialOfService(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlySTRIDEElevationOfPrivilege ¶
func RisksOfOnlySTRIDEElevationOfPrivilege(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlySTRIDEInformationDisclosure ¶
func RisksOfOnlySTRIDEInformationDisclosure(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlySTRIDERepudiation ¶
func RisksOfOnlySTRIDERepudiation(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlySTRIDESpoofing ¶
func RisksOfOnlySTRIDESpoofing(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func RisksOfOnlySTRIDETampering ¶
func RisksOfOnlySTRIDETampering(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk
func SortedKeysOfAbuseCases ¶
func SortedKeysOfAbuseCases() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfDataAssets ¶
func SortedKeysOfDataAssets() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfIndividualRiskCategories ¶
func SortedKeysOfIndividualRiskCategories() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfQuestions ¶
func SortedKeysOfQuestions() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfSecurityRequirements ¶
func SortedKeysOfSecurityRequirements() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfSharedRuntime ¶
func SortedKeysOfSharedRuntime() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfTechnicalAssets ¶
func SortedKeysOfTechnicalAssets() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedKeysOfTrustBoundaries ¶
func SortedKeysOfTrustBoundaries() []string
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedTechnicalAssetIDs ¶
func SortedTechnicalAssetIDs() []string
func TagsActuallyUsed ¶
func TagsActuallyUsed() []string
func TotalRiskCount ¶
func TotalRiskCount() int
Types ¶
type Authentication ¶
type Authentication int
const ( NoneAuthentication Authentication = iota Credentials SessionId Token ClientCertificate TwoFactor Externalized )
func (Authentication) Explain ¶
func (what Authentication) Explain() string
func (Authentication) String ¶
func (what Authentication) String() string
type Authorization ¶
type Authorization int
const ( NoneAuthorization Authorization = iota TechnicalUser EnduserIdentityPropagation )
func (Authorization) Explain ¶
func (what Authorization) Explain() string
func (Authorization) String ¶
func (what Authorization) String() string
type ByDataAssetDataBreachProbabilityAndTitleSort ¶
type ByDataAssetDataBreachProbabilityAndTitleSort []DataAsset
func (ByDataAssetDataBreachProbabilityAndTitleSort) Len ¶
func (what ByDataAssetDataBreachProbabilityAndTitleSort) Len() int
func (ByDataAssetDataBreachProbabilityAndTitleSort) Less ¶
func (what ByDataAssetDataBreachProbabilityAndTitleSort) Less(i, j int) bool
func (ByDataAssetDataBreachProbabilityAndTitleSort) Swap ¶
func (what ByDataAssetDataBreachProbabilityAndTitleSort) Swap(i, j int)
type ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk ¶
type ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk []DataAsset
func (ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Len ¶
func (what ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Len() int
func (ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Less ¶
func (what ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Less(i, j int) bool
func (ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Swap ¶
func (what ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Swap(i, j int)
type ByDataAssetTitleSort ¶
type ByDataAssetTitleSort []DataAsset
func (ByDataAssetTitleSort) Len ¶
func (what ByDataAssetTitleSort) Len() int
func (ByDataAssetTitleSort) Less ¶
func (what ByDataAssetTitleSort) Less(i, j int) bool
func (ByDataAssetTitleSort) Swap ¶
func (what ByDataAssetTitleSort) Swap(i, j int)
type ByDataBreachProbabilitySort ¶
type ByDataBreachProbabilitySort []Risk
func (ByDataBreachProbabilitySort) Len ¶
func (what ByDataBreachProbabilitySort) Len() int
func (ByDataBreachProbabilitySort) Less ¶
func (what ByDataBreachProbabilitySort) Less(i, j int) bool
func (ByDataBreachProbabilitySort) Swap ¶
func (what ByDataBreachProbabilitySort) Swap(i, j int)
type ByDataFormatAcceptedSort ¶
type ByDataFormatAcceptedSort []DataFormat
func (ByDataFormatAcceptedSort) Len ¶
func (what ByDataFormatAcceptedSort) Len() int
func (ByDataFormatAcceptedSort) Less ¶
func (what ByDataFormatAcceptedSort) Less(i, j int) bool
func (ByDataFormatAcceptedSort) Swap ¶
func (what ByDataFormatAcceptedSort) Swap(i, j int)
type ByOrderAndIdSort ¶
type ByOrderAndIdSort []TechnicalAsset
func (ByOrderAndIdSort) Len ¶
func (what ByOrderAndIdSort) Len() int
func (ByOrderAndIdSort) Less ¶
func (what ByOrderAndIdSort) Less(i, j int) bool
func (ByOrderAndIdSort) Swap ¶
func (what ByOrderAndIdSort) Swap(i, j int)
type ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk ¶
type ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk []RiskCategory
func (ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Len ¶
func (what ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Len() int
func (ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Less ¶
func (what ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Less(i, j int) bool
func (ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Swap ¶
func (what ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Swap(i, j int)
type ByRiskCategoryTitleSort ¶
type ByRiskCategoryTitleSort []RiskCategory
func (ByRiskCategoryTitleSort) Len ¶
func (what ByRiskCategoryTitleSort) Len() int
func (ByRiskCategoryTitleSort) Less ¶
func (what ByRiskCategoryTitleSort) Less(i, j int) bool
func (ByRiskCategoryTitleSort) Swap ¶
func (what ByRiskCategoryTitleSort) Swap(i, j int)
type ByRiskSeveritySort ¶
type ByRiskSeveritySort []Risk
func (ByRiskSeveritySort) Len ¶
func (what ByRiskSeveritySort) Len() int
func (ByRiskSeveritySort) Less ¶
func (what ByRiskSeveritySort) Less(i, j int) bool
func (ByRiskSeveritySort) Swap ¶
func (what ByRiskSeveritySort) Swap(i, j int)
type BySharedRuntimeTitleSort ¶
type BySharedRuntimeTitleSort []SharedRuntime
func (BySharedRuntimeTitleSort) Len ¶
func (what BySharedRuntimeTitleSort) Len() int
func (BySharedRuntimeTitleSort) Less ¶
func (what BySharedRuntimeTitleSort) Less(i, j int) bool
func (BySharedRuntimeTitleSort) Swap ¶
func (what BySharedRuntimeTitleSort) Swap(i, j int)
type ByTechnicalAssetRAAAndTitleSort ¶
type ByTechnicalAssetRAAAndTitleSort []TechnicalAsset
func (ByTechnicalAssetRAAAndTitleSort) Len ¶
func (what ByTechnicalAssetRAAAndTitleSort) Len() int
func (ByTechnicalAssetRAAAndTitleSort) Less ¶
func (what ByTechnicalAssetRAAAndTitleSort) Less(i, j int) bool
func (ByTechnicalAssetRAAAndTitleSort) Swap ¶
func (what ByTechnicalAssetRAAAndTitleSort) Swap(i, j int)
type ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk ¶
type ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk []TechnicalAsset
func (ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Len ¶
func (what ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Len() int
func (ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Less ¶
func (what ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Less(i, j int) bool
func (ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Swap ¶
func (what ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Swap(i, j int)
type ByTechnicalAssetTitleSort ¶
type ByTechnicalAssetTitleSort []TechnicalAsset
func (ByTechnicalAssetTitleSort) Len ¶
func (what ByTechnicalAssetTitleSort) Len() int
func (ByTechnicalAssetTitleSort) Less ¶
func (what ByTechnicalAssetTitleSort) Less(i, j int) bool
func (ByTechnicalAssetTitleSort) Swap ¶
func (what ByTechnicalAssetTitleSort) Swap(i, j int)
type ByTechnicalCommunicationLinkIdSort ¶
type ByTechnicalCommunicationLinkIdSort []CommunicationLink
func (ByTechnicalCommunicationLinkIdSort) Len ¶
func (what ByTechnicalCommunicationLinkIdSort) Len() int
func (ByTechnicalCommunicationLinkIdSort) Less ¶
func (what ByTechnicalCommunicationLinkIdSort) Less(i, j int) bool
func (ByTechnicalCommunicationLinkIdSort) Swap ¶
func (what ByTechnicalCommunicationLinkIdSort) Swap(i, j int)
type ByTechnicalCommunicationLinkTitleSort ¶
type ByTechnicalCommunicationLinkTitleSort []CommunicationLink
func (ByTechnicalCommunicationLinkTitleSort) Len ¶
func (what ByTechnicalCommunicationLinkTitleSort) Len() int
func (ByTechnicalCommunicationLinkTitleSort) Less ¶
func (what ByTechnicalCommunicationLinkTitleSort) Less(i, j int) bool
func (ByTechnicalCommunicationLinkTitleSort) Swap ¶
func (what ByTechnicalCommunicationLinkTitleSort) Swap(i, j int)
type ByTrustBoundaryTitleSort ¶
type ByTrustBoundaryTitleSort []TrustBoundary
func (ByTrustBoundaryTitleSort) Len ¶
func (what ByTrustBoundaryTitleSort) Len() int
func (ByTrustBoundaryTitleSort) Less ¶
func (what ByTrustBoundaryTitleSort) Less(i, j int) bool
func (ByTrustBoundaryTitleSort) Swap ¶
func (what ByTrustBoundaryTitleSort) Swap(i, j int)
type CommunicationLink ¶
type CommunicationLink struct {
Id, SourceId, TargetId, Title, Description string
Protocol Protocol
Tags []string
VPN, IpFiltered, Readonly bool
Authentication Authentication
Authorization Authorization
Usage Usage
DataAssetsSent, DataAssetsReceived []string
DiagramTweakWeight int
DiagramTweakConstraint bool
}
func CommunicationLinksTaggedWithAny ¶
func CommunicationLinksTaggedWithAny(tags ...string) []CommunicationLink
func (CommunicationLink) DataAssetsReceivedSorted ¶
func (what CommunicationLink) DataAssetsReceivedSorted() []DataAsset
func (CommunicationLink) DataAssetsSentSorted ¶
func (what CommunicationLink) DataAssetsSentSorted() []DataAsset
func (CommunicationLink) DetermineArrowColor ¶
func (what CommunicationLink) DetermineArrowColor() string
pink when model forgery attempt (i.e. nothing being sent and received)
func (CommunicationLink) DetermineArrowLineStyle ¶
func (what CommunicationLink) DetermineArrowLineStyle() string
dotted when model forgery attempt (i.e. nothing being sent and received)
func (CommunicationLink) DetermineArrowPenWidth ¶
func (what CommunicationLink) DetermineArrowPenWidth() string
func (CommunicationLink) DetermineLabelColor ¶
func (what CommunicationLink) DetermineLabelColor() string
func (CommunicationLink) HighestAvailability ¶
func (what CommunicationLink) HighestAvailability() Criticality
func (CommunicationLink) HighestConfidentiality ¶
func (what CommunicationLink) HighestConfidentiality() Confidentiality
func (CommunicationLink) HighestIntegrity ¶
func (what CommunicationLink) HighestIntegrity() Criticality
func (CommunicationLink) IsAcrossTrustBoundary ¶
func (what CommunicationLink) IsAcrossTrustBoundary() bool
func (CommunicationLink) IsAcrossTrustBoundaryNetworkOnly ¶
func (what CommunicationLink) IsAcrossTrustBoundaryNetworkOnly() bool
func (CommunicationLink) IsBidirectional ¶
func (what CommunicationLink) IsBidirectional() bool
func (CommunicationLink) IsTaggedWithAny ¶
func (what CommunicationLink) IsTaggedWithAny(tags ...string) bool
func (CommunicationLink) IsTaggedWithBaseTag ¶
func (what CommunicationLink) IsTaggedWithBaseTag(basetag string) bool
type Confidentiality ¶
type Confidentiality int
const ( Public Confidentiality = iota Internal Restricted Confidential StrictlyConfidential )
func ParseConfidentiality ¶
func ParseConfidentiality(value string) (confidentiality Confidentiality, err error)
func (Confidentiality) AttackerAttractivenessForAsset ¶
func (what Confidentiality) AttackerAttractivenessForAsset() float64
func (Confidentiality) AttackerAttractivenessForInOutTransferredData ¶
func (what Confidentiality) AttackerAttractivenessForInOutTransferredData() float64
func (Confidentiality) AttackerAttractivenessForProcessedOrStoredData ¶
func (what Confidentiality) AttackerAttractivenessForProcessedOrStoredData() float64
func (Confidentiality) Explain ¶
func (what Confidentiality) Explain() string
func (Confidentiality) RatingStringInScale ¶
func (what Confidentiality) RatingStringInScale() string
func (Confidentiality) String ¶
func (what Confidentiality) String() string
type Criticality ¶
type Criticality int
const ( Archive Criticality = iota Operational Important Critical MissionCritical )
func ParseCriticality ¶
func ParseCriticality(value string) (criticality Criticality, err error)
func (Criticality) AttackerAttractivenessForAsset ¶
func (what Criticality) AttackerAttractivenessForAsset() float64
func (Criticality) AttackerAttractivenessForInOutTransferredData ¶
func (what Criticality) AttackerAttractivenessForInOutTransferredData() float64
func (Criticality) AttackerAttractivenessForProcessedOrStoredData ¶
func (what Criticality) AttackerAttractivenessForProcessedOrStoredData() float64
func (Criticality) Explain ¶
func (what Criticality) Explain() string
func (Criticality) RatingStringInScale ¶
func (what Criticality) RatingStringInScale() string
func (Criticality) String ¶
func (what Criticality) String() string
type CustomRiskRule ¶
type CustomRiskRule interface { Category() RiskCategory SupportedTags() []string GenerateRisks() []Risk }
type DataAsset ¶
type DataAsset struct { Id string `json:"id"` // TODO: tag here still required? Title string `json:"title"` // TODO: tag here still required? Description string `json:"description"` // TODO: tag here still required? Usage Usage Tags []string Origin, Owner string Quantity Quantity Confidentiality Confidentiality Integrity, Availability Criticality JustificationCiaRating string }
func DataAssetsTaggedWithAny ¶
func SortedDataAssetsByDataBreachProbabilityAndTitle ¶
func SortedDataAssetsByDataBreachProbabilityAndTitle() []DataAsset
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedDataAssetsByDataBreachProbabilityAndTitleStillAtRisk ¶
func SortedDataAssetsByDataBreachProbabilityAndTitleStillAtRisk() []DataAsset
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedDataAssetsByTitle ¶
func SortedDataAssetsByTitle() []DataAsset
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func (DataAsset) IdentifiedDataBreachProbability ¶
func (what DataAsset) IdentifiedDataBreachProbability() DataBreachProbability
func (DataAsset) IdentifiedDataBreachProbabilityRisks ¶
func (DataAsset) IdentifiedDataBreachProbabilityRisksStillAtRisk ¶
func (DataAsset) IdentifiedDataBreachProbabilityStillAtRisk ¶
func (what DataAsset) IdentifiedDataBreachProbabilityStillAtRisk() DataBreachProbability
func (DataAsset) IdentifiedRisksByResponsibleTechnicalAssetId ¶
func (what DataAsset) IsAtRisk() bool { for _, techAsset := range what.ProcessedByTechnicalAssetsSorted() { if len(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks())) > 0 { return true } } for _, techAsset := range what.StoredByTechnicalAssetsSorted() { if len(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks())) > 0 { return true } } return false }
func (what DataAsset) IdentifiedRiskSeverityStillAtRisk() RiskSeverity { highestRiskSeverity := Low for _, techAsset := range what.ProcessedByTechnicalAssetsSorted() { candidateSeverity := HighestSeverityStillAtRisk(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks())) if candidateSeverity > highestRiskSeverity { highestRiskSeverity = candidateSeverity } } for _, techAsset := range what.StoredByTechnicalAssetsSorted() { candidateSeverity := HighestSeverityStillAtRisk(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks())) if candidateSeverity > highestRiskSeverity { highestRiskSeverity = candidateSeverity } } return highestRiskSeverity }
func (DataAsset) IsDataBreachPotentialStillAtRisk ¶
func (DataAsset) IsTaggedWithAny ¶
func (DataAsset) IsTaggedWithBaseTag ¶
func (DataAsset) ProcessedByTechnicalAssetsSorted ¶
func (what DataAsset) ProcessedByTechnicalAssetsSorted() []TechnicalAsset
func (DataAsset) ReceivedViaCommLinksSorted ¶
func (what DataAsset) ReceivedViaCommLinksSorted() []CommunicationLink
func (DataAsset) SentViaCommLinksSorted ¶
func (what DataAsset) SentViaCommLinksSorted() []CommunicationLink
func (DataAsset) StoredByTechnicalAssetsSorted ¶
func (what DataAsset) StoredByTechnicalAssetsSorted() []TechnicalAsset
type DataBreachProbability ¶
type DataBreachProbability int
const ( Improbable DataBreachProbability = iota Possible Probable )
func (DataBreachProbability) Explain ¶
func (what DataBreachProbability) Explain() string
func (DataBreachProbability) MarshalJSON ¶
func (what DataBreachProbability) MarshalJSON() ([]byte, error)
func (DataBreachProbability) String ¶
func (what DataBreachProbability) String() string
func (DataBreachProbability) Title ¶
func (what DataBreachProbability) Title() string
type DataFormat ¶
type DataFormat int
const ( JSON DataFormat = iota XML Serialization File CSV )
func (DataFormat) Description ¶
func (what DataFormat) Description() string
func (DataFormat) Explain ¶
func (what DataFormat) Explain() string
func (DataFormat) String ¶
func (what DataFormat) String() string
func (DataFormat) Title ¶
func (what DataFormat) Title() string
type EncryptionStyle ¶
type EncryptionStyle int
const ( NoneEncryption EncryptionStyle = iota Transparent DataWithEnduserIndividualKey )
func ParseEncryptionStyle ¶
func ParseEncryptionStyle(value string) (encryptionStyle EncryptionStyle, err error)
func (EncryptionStyle) Explain ¶
func (what EncryptionStyle) Explain() string
func (EncryptionStyle) String ¶
func (what EncryptionStyle) String() string
func (EncryptionStyle) Title ¶
func (what EncryptionStyle) Title() string
type InputCommunicationLink ¶
type InputCommunicationLink struct { Target string `json:"target"` Description string `json:"description"` Protocol string `json:"protocol"` Authentication string `json:"authentication"` Authorization string `json:"authorization"` Tags []string `json:"tags"` VPN bool `json:"vpn"` IP_filtered bool `json:"ip_filtered"` Readonly bool `json:"readonly"` Usage string `json:"usage"` Data_assets_sent []string `json:"data_assets_sent"` Data_assets_received []string `json:"data_assets_received"` Diagram_tweak_weight int `json:"diagram_tweak_weight"` Diagram_tweak_constraint bool `json:"diagram_tweak_constraint"` }
type InputDataAsset ¶
type InputDataAsset struct { ID string `json:"id"` Description string `json:"description"` Usage string `json:"usage"` Tags []string `json:"tags"` Origin string `json:"origin"` Owner string `json:"owner"` Quantity string `json:"quantity"` Confidentiality string `json:"confidentiality"` Integrity string `json:"integrity"` Availability string `json:"availability"` Justification_cia_rating string `json:"justification_cia_rating"` }
type InputIndividualRiskCategory ¶
type InputIndividualRiskCategory struct { ID string `json:"id"` Description string `json:"description"` Impact string `json:"impact"` ASVS string `json:"asvs"` Cheat_sheet string `json:"cheat_sheet"` Action string `json:"action"` Mitigation string `json:"mitigation"` Check string `json:"check"` Function string `json:"function"` STRIDE string `json:"stride"` Detection_logic string `json:"detection_logic"` Risk_assessment string `json:"risk_assessment"` False_positives string `json:"false_positives"` Model_failure_possible_reason bool `json:"model_failure_possible_reason"` CWE int `json:"cwe"` Risks_identified map[string]InputRiskIdentified `json:"risks_identified"` }
type InputRiskIdentified ¶
type InputRiskIdentified struct { Severity string `json:"severity"` Exploitation_likelihood string `json:"exploitation_likelihood"` Exploitation_impact string `json:"exploitation_impact"` Data_breach_probability string `json:"data_breach_probability"` Data_breach_technical_assets []string `json:"data_breach_technical_assets"` Most_relevant_data_asset string `json:"most_relevant_data_asset"` Most_relevant_technical_asset string `json:"most_relevant_technical_asset"` Most_relevant_communication_link string `json:"most_relevant_communication_link"` Most_relevant_trust_boundary string `json:"most_relevant_trust_boundary"` }
type InputRiskTracking ¶
type InputSharedRuntime ¶
type InputSharedRuntime struct {}
type InputTechnicalAsset ¶
type InputTechnicalAsset struct { ID string `json:"id"` Description string `json:"description"` Type string `json:"type"` Usage string `json:"usage"` Used_as_client_by_human bool `json:"used_as_client_by_human"` Out_of_scope bool `json:"out_of_scope"` Justification_out_of_scope string `json:"justification_out_of_scope"` Size string `json:"size"` Technology string `json:"technology"` Tags []string `json:"tags"` Internet bool `json:"internet"` Machine string `json:"machine"` Encryption string `json:"encryption"` Owner string `json:"owner"` Confidentiality string `json:"confidentiality"` Integrity string `json:"integrity"` Availability string `json:"availability"` Justification_cia_rating string `json:"justification_cia_rating"` Multi_tenant bool `json:"multi_tenant"` Redundant bool `json:"redundant"` Custom_developed_parts bool `json:"custom_developed_parts"` Data_assets_processed []string `json:"data_assets_processed"` Data_assets_stored []string `json:"data_assets_stored"` Data_formats_accepted []string `json:"data_formats_accepted"` Diagram_tweak_order int `json:"diagram_tweak_order"` Communication_links map[string]InputCommunicationLink `json:"communication_links"` }
type InputTrustBoundary ¶
type MacroDetails ¶
type MacroDetails struct {
ID, Title, Description string
}
type MacroQuestion ¶
type MacroQuestion struct {
ID, Title, Description string
PossibleAnswers []string
MultiSelect bool
DefaultAnswer string
}
func NoMoreQuestions ¶
func NoMoreQuestions() MacroQuestion
func (MacroQuestion) IsMatchingValueConstraint ¶
func (what MacroQuestion) IsMatchingValueConstraint(answer string) bool
func (MacroQuestion) IsValueConstrained ¶
func (what MacroQuestion) IsValueConstrained() bool
func (MacroQuestion) NoMoreQuestions ¶
func (what MacroQuestion) NoMoreQuestions() bool
type ModelInput ¶
type ModelInput struct { Threagile_version string Title string Author Author Date string Business_overview Overview Technical_overview Overview Business_criticality string Management_summary_comment string Questions map[string]string Abuse_cases map[string]string Security_requirements map[string]string Tags_available []string Data_assets map[string]InputDataAsset Technical_assets map[string]InputTechnicalAsset Trust_boundaries map[string]InputTrustBoundary Individual_risk_categories map[string]InputIndividualRiskCategory Risk_tracking map[string]InputRiskTracking Diagram_tweak_nodesep, Diagram_tweak_ranksep int Diagram_tweak_edge_layout string Diagram_tweak_suppress_edge_labels bool Diagram_tweak_layout_left_to_right bool Diagram_tweak_invisible_connections_between_assets []string Diagram_tweak_same_rank_assets []string }
type ParsedModel ¶
type ParsedModel struct { Author Author Title string Date time.Time ManagementSummaryComment string BusinessOverview Overview TechnicalOverview Overview BusinessCriticality Criticality SecurityRequirements map[string]string Questions map[string]string AbuseCases map[string]string TagsAvailable []string DataAssets map[string]DataAsset TechnicalAssets map[string]TechnicalAsset TrustBoundaries map[string]TrustBoundary IndividualRiskCategories map[string]RiskCategory RiskTracking map[string]RiskTracking DiagramTweakNodesep, DiagramTweakRanksep int DiagramTweakEdgeLayout string DiagramTweakSuppressEdgeLabels bool DiagramTweakLayoutLeftToRight bool DiagramTweakInvisibleConnectionsBetweenAssets []string DiagramTweakSameRankAssets []string }
var ParsedModelRoot ParsedModel
type Protocol ¶
type Protocol int
const ( UnknownProtocol Protocol = iota HTTP HTTPS WS WSS Reverse_proxy_web_protocol Reverse_proxy_web_protocol_encrypted MQTT JDBC JDBC_encrypted ODBC ODBC_encrypted SQL_access_protocol SQL_access_protocol_encrypted NoSQL_access_protocol NoSQL_access_protocol_encrypted BINARY BINARY_encrypted TEXT TEXT_encrypted SSH SSH_tunnel SMTP SMTP_encrypted POP3 POP3_encrypted IMAP IMAP_encrypted FTP FTPS SFTP SCP LDAP LDAPS JMS NFS SMB SMB_encrypted LocalFileAccess NRPE XMPP IIOP IIOP_encrypted JRMP JRMP_encrypted InProcessLibraryCall ContainerSpawning )
func (Protocol) IsEncrypted ¶
func (Protocol) IsPotentialDatabaseAccessProtocol ¶
func (Protocol) IsPotentialWebAccessProtocol ¶
func (Protocol) IsProcessLocal ¶
type Risk ¶
type Risk struct { Category RiskCategory `json:"-"` // just for navigational convenience... not JSON marshalled CategoryId string `json:"category"` // used for better JSON marshalling, is assigned in risk evaluation phase automatically RiskStatus RiskStatus `json:"risk_status"` // used for better JSON marshalling, is assigned in risk evaluation phase automatically Severity RiskSeverity `json:"severity"` ExploitationLikelihood RiskExploitationLikelihood `json:"exploitation_likelihood"` ExploitationImpact RiskExploitationImpact `json:"exploitation_impact"` Title string `json:"title"` SyntheticId string `json:"synthetic_id"` MostRelevantDataAssetId string `json:"most_relevant_data_asset"` MostRelevantTechnicalAssetId string `json:"most_relevant_technical_asset"` MostRelevantTrustBoundaryId string `json:"most_relevant_trust_boundary"` MostRelevantCommunicationLinkId string `json:"most_relevant_communication_link"` DataBreachProbability DataBreachProbability `json:"data_breach_probability"` DataBreachTechnicalAssetIDs []string `json:"data_breach_technical_assets"` }
func FilteredByOnlyArchitecture ¶
func FilteredByOnlyArchitecture() []Risk
func FilteredByOnlyBusinessSide ¶
func FilteredByOnlyBusinessSide() []Risk
func FilteredByOnlyCriticalRisks ¶
func FilteredByOnlyCriticalRisks() []Risk
func FilteredByOnlyDevelopment ¶
func FilteredByOnlyDevelopment() []Risk
func FilteredByOnlyElevatedRisks ¶
func FilteredByOnlyElevatedRisks() []Risk
func FilteredByOnlyHighRisks ¶
func FilteredByOnlyHighRisks() []Risk
func FilteredByOnlyLowRisks ¶
func FilteredByOnlyLowRisks() []Risk
func FilteredByOnlyMediumRisks ¶
func FilteredByOnlyMediumRisks() []Risk
func FilteredByOnlyOperation ¶
func FilteredByOnlyOperation() []Risk
func FilteredByRiskTrackingAccepted ¶
func FilteredByRiskTrackingAccepted() []Risk
func FilteredByRiskTrackingFalsePositive ¶
func FilteredByRiskTrackingFalsePositive() []Risk
func FilteredByRiskTrackingInDiscussion ¶
func FilteredByRiskTrackingInDiscussion() []Risk
func FilteredByRiskTrackingInProgress ¶
func FilteredByRiskTrackingInProgress() []Risk
func FilteredByRiskTrackingMitigated ¶
func FilteredByRiskTrackingMitigated() []Risk
func FilteredByRiskTrackingUnchecked ¶
func FilteredByRiskTrackingUnchecked() []Risk
func FilteredByStillAtRisk ¶
func FilteredByStillAtRisk() []Risk
func FlattenRiskSlice ¶
func FlattenRiskSlice(risksByCat map[RiskCategory][]Risk) []Risk
func ReduceToOnlyHighRisk ¶
func ReduceToOnlyLowRisk ¶
func ReduceToOnlyMediumRisk ¶
func ReduceToOnlyStillAtRisk ¶
func SortedRisksOfCategory ¶
func SortedRisksOfCategory(category RiskCategory) []Risk
func (Risk) GetRiskTracking ¶
func (what Risk) GetRiskTracking() RiskTracking
func (Risk) GetRiskTrackingStatusDefaultingUnchecked ¶
func (what Risk) GetRiskTrackingStatusDefaultingUnchecked() RiskStatus
func (Risk) IsRiskTracked ¶
type RiskCategory ¶
type RiskCategory struct { // TODO: refactor all "Id" here and elsewhere to "ID" Id string Title string Description string Impact string ASVS string CheatSheet string Action string Mitigation string Check string DetectionLogic string RiskAssessment string FalsePositives string Function RiskFunction STRIDE STRIDE ModelFailurePossibleReason bool CWE int }
func CategoriesOfOnlyCriticalRisks ¶
func CategoriesOfOnlyCriticalRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
func CategoriesOfOnlyElevatedRisks ¶
func CategoriesOfOnlyElevatedRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
func CategoriesOfOnlyHighRisks ¶
func CategoriesOfOnlyHighRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
func CategoriesOfOnlyLowRisks ¶
func CategoriesOfOnlyLowRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
func CategoriesOfOnlyMediumRisks ¶
func CategoriesOfOnlyMediumRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory
func CategoriesOfOnlyRisksStillAtRisk ¶
func CategoriesOfOnlyRisksStillAtRisk(risksByCategory map[RiskCategory][]Risk) []RiskCategory
func SortedRiskCategories ¶
func SortedRiskCategories() []RiskCategory
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
type RiskExploitationImpact ¶
type RiskExploitationImpact int
const ( LowImpact RiskExploitationImpact = iota MediumImpact HighImpact VeryHighImpact )
func HighestExploitationImpact ¶
func HighestExploitationImpact(risks []Risk) RiskExploitationImpact
func (RiskExploitationImpact) Explain ¶
func (what RiskExploitationImpact) Explain() string
func (RiskExploitationImpact) MarshalJSON ¶
func (what RiskExploitationImpact) MarshalJSON() ([]byte, error)
func (RiskExploitationImpact) String ¶
func (what RiskExploitationImpact) String() string
func (RiskExploitationImpact) Title ¶
func (what RiskExploitationImpact) Title() string
func (RiskExploitationImpact) Weight ¶
func (what RiskExploitationImpact) Weight() int
type RiskExploitationLikelihood ¶
type RiskExploitationLikelihood int
const ( Unlikely RiskExploitationLikelihood = iota Likely VeryLikely Frequent )
func HighestExploitationLikelihood ¶
func HighestExploitationLikelihood(risks []Risk) RiskExploitationLikelihood
func (RiskExploitationLikelihood) Explain ¶
func (what RiskExploitationLikelihood) Explain() string
func (RiskExploitationLikelihood) MarshalJSON ¶
func (what RiskExploitationLikelihood) MarshalJSON() ([]byte, error)
func (RiskExploitationLikelihood) String ¶
func (what RiskExploitationLikelihood) String() string
func (RiskExploitationLikelihood) Title ¶
func (what RiskExploitationLikelihood) Title() string
func (RiskExploitationLikelihood) Weight ¶
func (what RiskExploitationLikelihood) Weight() int
type RiskFunction ¶
type RiskFunction int
const ( BusinessSide RiskFunction = iota Architecture Development Operations )
func (RiskFunction) Explain ¶
func (what RiskFunction) Explain() string
func (RiskFunction) MarshalJSON ¶
func (what RiskFunction) MarshalJSON() ([]byte, error)
func (RiskFunction) String ¶
func (what RiskFunction) String() string
func (RiskFunction) Title ¶
func (what RiskFunction) Title() string
type RiskRule ¶
type RiskRule interface { Category() RiskCategory GenerateRisks(parsedModel ParsedModel) []Risk }
type RiskSeverity ¶
type RiskSeverity int
const ( LowSeverity RiskSeverity = iota MediumSeverity ElevatedSeverity HighSeverity CriticalSeverity )
func CalculateSeverity ¶
func CalculateSeverity(likelihood RiskExploitationLikelihood, impact RiskExploitationImpact) RiskSeverity
func HighestSeverity ¶
func HighestSeverity(risks []Risk) RiskSeverity
func HighestSeverityStillAtRisk ¶
func HighestSeverityStillAtRisk(risks []Risk) RiskSeverity
func (RiskSeverity) Explain ¶
func (what RiskSeverity) Explain() string
func (RiskSeverity) MarshalJSON ¶
func (what RiskSeverity) MarshalJSON() ([]byte, error)
func (RiskSeverity) String ¶
func (what RiskSeverity) String() string
func (RiskSeverity) Title ¶
func (what RiskSeverity) Title() string
type RiskStatistics ¶
type RiskStatistics struct { // TODO add also some more like before / after (i.e. with mitigation applied) Risks map[string]map[string]int `json:"risks"` }
func OverallRiskStatistics ¶
func OverallRiskStatistics() RiskStatistics
type RiskStatus ¶
type RiskStatus int
const ( Unchecked RiskStatus = iota InDiscussion Accepted InProgress Mitigated FalsePositive )
func (RiskStatus) Explain ¶
func (what RiskStatus) Explain() string
func (RiskStatus) IsStillAtRisk ¶
func (what RiskStatus) IsStillAtRisk() bool
func (RiskStatus) MarshalJSON ¶
func (what RiskStatus) MarshalJSON() ([]byte, error)
func (RiskStatus) String ¶
func (what RiskStatus) String() string
func (RiskStatus) Title ¶
func (what RiskStatus) Title() string
type RiskTracking ¶
type RiskTracking struct {
SyntheticRiskId, Justification, Ticket, CheckedBy string
Status RiskStatus
Date time.Time
}
type SharedRuntime ¶
type SharedRuntime struct {
func SharedRuntimesTaggedWithAny ¶
func SharedRuntimesTaggedWithAny(tags ...string) []SharedRuntime
func SortedSharedRuntimesByTitle ¶
func SortedSharedRuntimesByTitle() []SharedRuntime
func (SharedRuntime) HighestAvailability ¶
func (what SharedRuntime) HighestAvailability() Criticality
func (SharedRuntime) HighestConfidentiality ¶
func (what SharedRuntime) HighestConfidentiality() Confidentiality
func (SharedRuntime) HighestIntegrity ¶
func (what SharedRuntime) HighestIntegrity() Criticality
func (SharedRuntime) IsTaggedWithAny ¶
func (what SharedRuntime) IsTaggedWithAny(tags ...string) bool
func (SharedRuntime) IsTaggedWithBaseTag ¶
func (what SharedRuntime) IsTaggedWithBaseTag(basetag string) bool
func (SharedRuntime) TechnicalAssetWithHighestRAA ¶
func (what SharedRuntime) TechnicalAssetWithHighestRAA() TechnicalAsset
type TechnicalAsset ¶
type TechnicalAsset struct {
Id, Title, Description string
Usage Usage
Type TechnicalAssetType
Size TechnicalAssetSize
Technology TechnicalAssetTechnology
Machine TechnicalAssetMachine
Internet, MultiTenant, Redundant, CustomDevelopedParts, OutOfScope, UsedAsClientByHuman bool
Encryption EncryptionStyle
JustificationOutOfScope string
Owner string
Confidentiality Confidentiality
Integrity, Availability Criticality
JustificationCiaRating string
Tags, DataAssetsProcessed, DataAssetsStored []string
DataFormatsAccepted []DataFormat
CommunicationLinks []CommunicationLink
DiagramTweakOrder int
// will be set by separate calculation step:
RAA float64
}
func InScopeTechnicalAssets ¶
func InScopeTechnicalAssets() []TechnicalAsset
func OutOfScopeTechnicalAssets ¶
func OutOfScopeTechnicalAssets() []TechnicalAsset
func SortedTechnicalAssetsByRAAAndTitle ¶
func SortedTechnicalAssetsByRAAAndTitle() []TechnicalAsset
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedTechnicalAssetsByRiskSeverityAndTitle ¶
func SortedTechnicalAssetsByRiskSeverityAndTitle() []TechnicalAsset
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func SortedTechnicalAssetsByTitle ¶
func SortedTechnicalAssetsByTitle() []TechnicalAsset
as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:
func TechnicalAssetsTaggedWithAny ¶
func TechnicalAssetsTaggedWithAny(tags ...string) []TechnicalAsset
func (TechnicalAsset) CommunicationLinksSorted ¶
func (what TechnicalAsset) CommunicationLinksSorted() []CommunicationLink
func (TechnicalAsset) DataAssetsProcessedSorted ¶
func (what TechnicalAsset) DataAssetsProcessedSorted() []DataAsset
func (TechnicalAsset) DataAssetsStoredSorted ¶
func (what TechnicalAsset) DataAssetsStoredSorted() []DataAsset
func (TechnicalAsset) DataFormatsAcceptedSorted ¶
func (what TechnicalAsset) DataFormatsAcceptedSorted() []DataFormat
func (TechnicalAsset) DetermineLabelColor ¶
func (what TechnicalAsset) DetermineLabelColor() string
red when >= confidential data stored in unencrypted technical asset
func (TechnicalAsset) DetermineShapeBorderColor ¶
func (what TechnicalAsset) DetermineShapeBorderColor() string
red when mission-critical integrity, but still unauthenticated (non-readonly) channels access it amber when critical integrity, but still unauthenticated (non-readonly) channels access it pink when model forgery attempt (i.e. nothing being processed or stored)
func (TechnicalAsset) DetermineShapeBorderLineStyle ¶
func (what TechnicalAsset) DetermineShapeBorderLineStyle() string
dotted when model forgery attempt (i.e. nothing being processed or stored)
func (TechnicalAsset) DetermineShapeBorderPenWidth ¶
func (what TechnicalAsset) DetermineShapeBorderPenWidth() string
func (TechnicalAsset) DetermineShapeFillColor ¶
func (what TechnicalAsset) DetermineShapeFillColor() string
func (TechnicalAsset) DetermineShapePeripheries ¶
func (what TechnicalAsset) DetermineShapePeripheries() int
3 when redundant
func (TechnicalAsset) DetermineShapeStyle ¶
func (what TechnicalAsset) DetermineShapeStyle() string
func (TechnicalAsset) GeneratedRisks ¶
func (what TechnicalAsset) GeneratedRisks() []Risk
func (TechnicalAsset) GetTrustBoundaryId ¶
func (what TechnicalAsset) GetTrustBoundaryId() string
func (TechnicalAsset) HasDirectConnection ¶
func (what TechnicalAsset) HasDirectConnection(otherAssetId string) bool
func (TechnicalAsset) HighestAvailability ¶
func (what TechnicalAsset) HighestAvailability() Criticality
func (TechnicalAsset) HighestConfidentiality ¶
func (what TechnicalAsset) HighestConfidentiality() Confidentiality
func (TechnicalAsset) HighestIntegrity ¶
func (what TechnicalAsset) HighestIntegrity() Criticality
func (TechnicalAsset) HighestSensitivityScore ¶
func (what TechnicalAsset) HighestSensitivityScore() float64
func (TechnicalAsset) IsSameExecutionEnvironment ¶
func (what TechnicalAsset) IsSameExecutionEnvironment(otherAssetId string) bool
func (TechnicalAsset) IsSameTrustBoundary ¶
func (what TechnicalAsset) IsSameTrustBoundary(otherAssetId string) bool
func (TechnicalAsset) IsSameTrustBoundaryNetworkOnly ¶
func (what TechnicalAsset) IsSameTrustBoundaryNetworkOnly(otherAssetId string) bool
func (TechnicalAsset) IsTaggedWithAny ¶
func (what TechnicalAsset) IsTaggedWithAny(tags ...string) bool
func (TechnicalAsset) IsTaggedWithAnyTraversingUp ¶
func (what TechnicalAsset) IsTaggedWithAnyTraversingUp(tags ...string) bool
first use the tag(s) of the asset itself, then their trust boundaries (recursively up) and then their shared runtime
func (TechnicalAsset) IsTaggedWithBaseTag ¶
func (what TechnicalAsset) IsTaggedWithBaseTag(basetag string) bool
func (TechnicalAsset) IsZero ¶
func (what TechnicalAsset) IsZero() bool
func (TechnicalAsset) ProcessesOrStoresDataAsset ¶
func (what TechnicalAsset) ProcessesOrStoresDataAsset(dataAssetId string) bool
type TechnicalAssetMachine ¶
type TechnicalAssetMachine int
const ( Physical TechnicalAssetMachine = iota Virtual Container Serverless )
func (TechnicalAssetMachine) Explain ¶
func (what TechnicalAssetMachine) Explain() string
func (TechnicalAssetMachine) String ¶
func (what TechnicalAssetMachine) String() string
type TechnicalAssetSize ¶
type TechnicalAssetSize int
const ( System TechnicalAssetSize = iota Service Application Component )
func (TechnicalAssetSize) Explain ¶
func (what TechnicalAssetSize) Explain() string
func (TechnicalAssetSize) String ¶
func (what TechnicalAssetSize) String() string
type TechnicalAssetTechnology ¶
type TechnicalAssetTechnology int
const ( UnknownTechnology TechnicalAssetTechnology = iota ClientSystem Browser Desktop MobileApp DevOpsClient WebServer WebApplication ApplicationServer Database FileServer LocalFileSystem ERP CMS WebServiceREST WebServiceSOAP EJB SearchIndex SearchEngine ServiceRegistry ReverseProxy LoadBalancer BuildPipeline SourcecodeRepository ArtifactRegistry CodeInspectionPlatform Monitoring LDAPServer ContainerPlatform BatchProcessing EventListener IdentityProvider IdentityStoreLDAP IdentityStoreDatabase Tool CLI Task Function Gateway // TODO rename to API-Gateway to be more clear? IoTDevice MessageQueue StreamProcessing ServiceMesh DataLake BigDataPlatform ReportEngine AI MailServer Vault HSM WAF IDS IPS Scheduler Mainframe BlockStorage Library )
func (TechnicalAssetTechnology) Explain ¶
func (what TechnicalAssetTechnology) Explain() string
func (TechnicalAssetTechnology) IsClient ¶
func (what TechnicalAssetTechnology) IsClient() bool
func (TechnicalAssetTechnology) IsCloseToHighValueTargetsTolerated ¶
func (what TechnicalAssetTechnology) IsCloseToHighValueTargetsTolerated() bool
func (TechnicalAssetTechnology) IsDevelopmentRelevant ¶
func (what TechnicalAssetTechnology) IsDevelopmentRelevant() bool
func (TechnicalAssetTechnology) IsEmbeddedComponent ¶
func (what TechnicalAssetTechnology) IsEmbeddedComponent() bool
func (TechnicalAssetTechnology) IsExclusivelyBackendRelated ¶
func (what TechnicalAssetTechnology) IsExclusivelyBackendRelated() bool
func (TechnicalAssetTechnology) IsExclusivelyFrontendRelated ¶
func (what TechnicalAssetTechnology) IsExclusivelyFrontendRelated() bool
func (TechnicalAssetTechnology) IsIdentityRelated ¶
func (what TechnicalAssetTechnology) IsIdentityRelated() bool
func (TechnicalAssetTechnology) IsLessProtectedType ¶
func (what TechnicalAssetTechnology) IsLessProtectedType() bool
func (TechnicalAssetTechnology) IsSecurityControlRelated ¶
func (what TechnicalAssetTechnology) IsSecurityControlRelated() bool
func (TechnicalAssetTechnology) IsTrafficForwarding ¶
func (what TechnicalAssetTechnology) IsTrafficForwarding() bool
func (TechnicalAssetTechnology) IsUnnecessaryDataTolerated ¶
func (what TechnicalAssetTechnology) IsUnnecessaryDataTolerated() bool
func (TechnicalAssetTechnology) IsUnprotectedCommsTolerated ¶
func (what TechnicalAssetTechnology) IsUnprotectedCommsTolerated() bool
func (TechnicalAssetTechnology) IsUsuallyAbleToPropagateIdentityToOutgoingTargets ¶
func (what TechnicalAssetTechnology) IsUsuallyAbleToPropagateIdentityToOutgoingTargets() bool
func (TechnicalAssetTechnology) IsUsuallyProcessingEnduserRequests ¶
func (what TechnicalAssetTechnology) IsUsuallyProcessingEnduserRequests() bool
func (TechnicalAssetTechnology) IsUsuallyStoringEnduserData ¶
func (what TechnicalAssetTechnology) IsUsuallyStoringEnduserData() bool
func (TechnicalAssetTechnology) IsWebApplication ¶
func (what TechnicalAssetTechnology) IsWebApplication() bool
func (TechnicalAssetTechnology) IsWebService ¶
func (what TechnicalAssetTechnology) IsWebService() bool
func (TechnicalAssetTechnology) String ¶
func (what TechnicalAssetTechnology) String() string
type TechnicalAssetType ¶
type TechnicalAssetType int
const ( ExternalEntity TechnicalAssetType = iota Process Datastore )
func (TechnicalAssetType) Explain ¶
func (what TechnicalAssetType) Explain() string
func (TechnicalAssetType) String ¶
func (what TechnicalAssetType) String() string
type TrustBoundary ¶
type TrustBoundary struct {
Id, Title, Description string
Type TrustBoundaryType
Tags []string
TechnicalAssetsInside []string
TrustBoundariesNested []string
}
func SortedTrustBoundariesByTitle ¶
func SortedTrustBoundariesByTitle() []TrustBoundary
func TrustBoundariesTaggedWithAny ¶
func TrustBoundariesTaggedWithAny(tags ...string) []TrustBoundary
func (TrustBoundary) AllParentTrustBoundaryIDs ¶
func (what TrustBoundary) AllParentTrustBoundaryIDs() []string
func (TrustBoundary) HighestAvailability ¶
func (what TrustBoundary) HighestAvailability() Criticality
func (TrustBoundary) HighestConfidentiality ¶
func (what TrustBoundary) HighestConfidentiality() Confidentiality
func (TrustBoundary) HighestIntegrity ¶
func (what TrustBoundary) HighestIntegrity() Criticality
func (TrustBoundary) IsTaggedWithAny ¶
func (what TrustBoundary) IsTaggedWithAny(tags ...string) bool
func (TrustBoundary) IsTaggedWithAnyTraversingUp ¶
func (what TrustBoundary) IsTaggedWithAnyTraversingUp(tags ...string) bool
func (TrustBoundary) IsTaggedWithBaseTag ¶
func (what TrustBoundary) IsTaggedWithBaseTag(basetag string) bool
func (TrustBoundary) ParentTrustBoundaryID ¶
func (what TrustBoundary) ParentTrustBoundaryID() string
func (TrustBoundary) RecursivelyAllTechnicalAssetIDsInside ¶
func (what TrustBoundary) RecursivelyAllTechnicalAssetIDsInside() []string
type TrustBoundaryType ¶
type TrustBoundaryType int
const ( NetworkOnPrem TrustBoundaryType = iota NetworkDedicatedHoster NetworkVirtualLAN NetworkCloudProvider NetworkCloudSecurityGroup NetworkPolicyNamespaceIsolation ExecutionEnvironment )
func (TrustBoundaryType) Explain ¶
func (what TrustBoundaryType) Explain() string
func (TrustBoundaryType) IsNetworkBoundary ¶
func (what TrustBoundaryType) IsNetworkBoundary() bool
func (TrustBoundaryType) IsWithinCloud ¶
func (what TrustBoundaryType) IsWithinCloud() bool
func (TrustBoundaryType) String ¶
func (what TrustBoundaryType) String() string
type TypeDescription ¶
TypeDescription contains a name for a type and its description
type TypeEnum ¶
func AuthenticationValues ¶
func AuthenticationValues() []TypeEnum
func AuthorizationValues ¶
func AuthorizationValues() []TypeEnum
func ConfidentialityValues ¶
func ConfidentialityValues() []TypeEnum
func CriticalityValues ¶
func CriticalityValues() []TypeEnum
func DataBreachProbabilityValues ¶
func DataBreachProbabilityValues() []TypeEnum
func DataFormatValues ¶
func DataFormatValues() []TypeEnum
func EncryptionStyleValues ¶
func EncryptionStyleValues() []TypeEnum
func ProtocolValues ¶
func ProtocolValues() []TypeEnum
func QuantityValues ¶
func QuantityValues() []TypeEnum
func RiskExploitationImpactValues ¶
func RiskExploitationImpactValues() []TypeEnum
func RiskExploitationLikelihoodValues ¶
func RiskExploitationLikelihoodValues() []TypeEnum
func RiskFunctionValues ¶
func RiskFunctionValues() []TypeEnum
func RiskSeverityValues ¶
func RiskSeverityValues() []TypeEnum
func RiskStatusValues ¶
func RiskStatusValues() []TypeEnum
func STRIDEValues ¶
func STRIDEValues() []TypeEnum
func TechnicalAssetMachineValues ¶
func TechnicalAssetMachineValues() []TypeEnum
func TechnicalAssetSizeValues ¶
func TechnicalAssetSizeValues() []TypeEnum
func TechnicalAssetTechnologyValues ¶
func TechnicalAssetTechnologyValues() []TypeEnum
func TechnicalAssetTypeValues ¶
func TechnicalAssetTypeValues() []TypeEnum
func TrustBoundaryTypeValues ¶
func TrustBoundaryTypeValues() []TypeEnum
func UsageValues ¶
func UsageValues() []TypeEnum