model

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 30, 2024 License: MIT Imports: 8 Imported by: 108

Documentation

Index

Constants

View Source
const NoMoreQuestionsID = ""
View Source
const TempFolder = "/dev/shm" // TODO: make configurable via cmdline arg?
View Source
const ThreagileVersion = "1.0.0" // Also update into example and stub model files and openapi.yaml

Variables

View Source
var AllSupportedTags map[string]bool
View Source
var AuthenticationTypeDescription = [...]TypeDescription{
	{"none", "No authentication"},
	{"credentials", "Username and password, pin or passphrase"},
	{"session-id", "A server generated session id with limited life span"},
	{"token", "A server generated token. Containing session id, other data and is cryptographically signed"},
	{"client-certificate", "A certificate file stored on the client identifying this specific client"},
	{"two-factor", "Credentials plus another factor like a physical object (card) or biometrics"},
	{"externalized", "Some external company handles authentication"},
}
View Source
var AuthorizationTypeDescription = [...]TypeDescription{
	{"none", "No authorization"},
	{"technical-user", "Technical user (service-to-service) like DB user credentials"},
	{"enduser-identity-propagation", "Identity of end user propagates to this service"},
}
View Source
var CommunicationLinks map[string]CommunicationLink // TODO as part of "ParsedModelRoot"?
View Source
var ConfidentialityTypeDescription = [...]TypeDescription{
	{"public", "Public available information"},
	{"internal", "(Company) internal information - but all people in the institution can access it"},
	{"restricted", "Internal and with restricted access"},
	{"confidential", "Only a few selected people have access"},
	{"strictly-confidential", "Highest secrecy level"},
}
View Source
var CriticalityTypeDescription = [...]TypeDescription{
	{"archive", "Stored, not active"},
	{"operational", "If this fails, people will just have an ad-hoc coffee break until it is back"},
	{"important", "Issues here results in angry people"},
	{"critical", "Failure is really expensive or crippling"},
	{"mission-critical", "This must not fail"},
}
View Source
var DataBreachProbabilityTypeDescription = [...]TypeDescription{
	{"improbable", "Improbable"},
	{"possible", "Possible"},
	{"probable", "Probable"},
}
View Source
var DataFormatTypeDescription = [...]TypeDescription{
	{"json", "JSON"},
	{"xml", "XML"},
	{"serialization", "Serialized program objects"},
	{"file", "Specific file types for data"},
	{"csv", "CSV"},
}
View Source
var DirectContainingSharedRuntimeMappedByTechnicalAssetId map[string]SharedRuntime
View Source
var DirectContainingTrustBoundaryMappedByTechnicalAssetId map[string]TrustBoundary
View Source
var EncryptionStyleTypeDescription = [...]TypeDescription{
	{"none", "No encryption"},
	{"transparent", "Encrypted data at rest"},
	{"data-with-symmetric-shared-key", "Both communication partners have the same key. This must be kept secret"},
	{"data-with-asymmetric-shared-key", "The key is split into public and private. Those two are shared between partners"},
	{"data-with-enduser-individual-key", "The key is (managed) by the end user"},
}
View Source
var GeneratedRisksByCategory map[RiskCategory][]Risk
View Source
var GeneratedRisksBySyntheticId map[string]Risk
View Source
var IncomingTechnicalCommunicationLinksMappedByTargetId map[string][]CommunicationLink
View Source
var ProtocolTypeDescription = [...]TypeDescription{
	{"unknown-protocol", "Unknown protocol"},
	{"http", "HTTP protocol"},
	{"https", "HTTPS protocol (encrypted)"},
	{"ws", "WebSocket"},
	{"wss", "WebSocket but encrypted"},
	{"reverse-proxy-web-protocol", "Protocols used by reverse proxies"},
	{"reverse-proxy-web-protocol-encrypted", "Protocols used by reverse proxies but encrypted"},
	{"mqtt", "MQTT Message protocol. Encryption via TLS is optional"},
	{"jdbc", "Java Database Connectivity"},
	{"jdbc-encrypted", "Java Database Connectivity but encrypted"},
	{"odbc", "Open Database Connectivity"},
	{"odbc-encrypted", "Open Database Connectivity but encrypted"},
	{"sql-access-protocol", "SQL access protocol"},
	{"sql-access-protocol-encrypted", "SQL access protocol but encrypted"},
	{"nosql-access-protocol", "NOSQL access protocol"},
	{"nosql-access-protocol-encrypted", "NOSQL access protocol but encrypted"},
	{"binary", "Some other binary protocol"},
	{"binary-encrypted", "Some other binary protocol, encrypted"},
	{"text", "Some other text protocol"},
	{"text-encrypted", "Some other text protocol, encrypted"},
	{"ssh", "Secure Shell to execute commands"},
	{"ssh-tunnel", "Secure Shell as a tunnel"},
	{"smtp", "Mail transfer protocol (sending)"},
	{"smtp-encrypted", "Mail transfer protocol (sending), encrypted"},
	{"pop3", "POP 3 mail fetching"},
	{"pop3-encrypted", "POP 3 mail fetching, encrypted"},
	{"imap", "IMAP mail sync protocol"},
	{"imap-encrypted", "IMAP mail sync protocol, encrypted"},
	{"ftp", "File Transfer Protocol"},
	{"ftps", "FTP with TLS"},
	{"sftp", "FTP on SSH"},
	{"scp", "Secure Shell to copy files"},
	{"ldap", "Lightweight Directory Access Protocol - User directories"},
	{"ldaps", "Lightweight Directory Access Protocol - User directories on TLS"},
	{"jms", "Jakarta Messaging"},
	{"nfs", "Network File System"},
	{"smb", "Server Message Block"},
	{"smb-encrypted", "Server Message Block, but encrypted"},
	{"local-file-access", "Data files are on the local system"},
	{"nrpe", "Nagios Remote Plugin Executor"},
	{"xmpp", "Extensible Messaging and Presence Protocol"},
	{"iiop", "Internet Inter-ORB Protocol "},
	{"iiop-encrypted", "Internet Inter-ORB Protocol , encrypted"},
	{"jrmp", "Java Remote Method Protocol"},
	{"jrmp-encrypted", "Java Remote Method Protocol, encrypted"},
	{"in-process-library-call", "Call to local library"},
	{"container-spawning", "Spawn a container"},
}
View Source
var QuantityTypeDescription = [...]TypeDescription{
	{"very-few", "Very few"},
	{"few", "Few"},
	{"many", "Many"},
	{"very-many", "Very many"},
}
View Source
var RiskExploitationImpactTypeDescription = [...]TypeDescription{
	{"low", "Low"},
	{"medium", "Medium"},
	{"high", "High"},
	{"very-high", "Very High"},
}
View Source
var RiskExploitationLikelihoodTypeDescription = [...]TypeDescription{
	{"unlikely", "Unlikely"},
	{"likely", "Likely"},
	{"very-likely", "Very-Likely"},
	{"frequent", "Frequent"},
}
View Source
var RiskFunctionTypeDescription = [...]TypeDescription{
	{"business-side", "Business"},
	{"architecture", "Architecture"},
	{"development", "Development"},
	{"operations", "Operations"},
}
View Source
var RiskSeverityTypeDescription = [...]TypeDescription{
	{"low", "Low"},
	{"medium", "Medium"},
	{"elevated", "Elevated"},
	{"high", "High"},
	{"critical", "Critical"},
}
View Source
var RiskStatusTypeDescription = [...]TypeDescription{
	{"unchecked", "Risk has not yet been reviewed"},
	{"in-discussion", "Risk is currently being discussed (during review)"},
	{"accepted", "Risk has been accepted (as possibly a corporate risk acceptance process defines)"},
	{"in-progress", "Risk mitigation is currently in progress"},
	{"mitigated", "Risk has been mitigated"},
	{"false-positive", "Risk is a false positive (i.e. no risk at all or not applicable)"},
}
View Source
var StrideTypeDescription = [...]TypeDescription{
	{"spoofing", "Spoofing - Authenticity"},
	{"tampering", "Tampering - Integrity"},
	{"repudiation", "Repudiation - Non-repudiability"},
	{"information-disclosure", "Information disclosure - Confidentiality"},
	{"denial-of-service", "Denial of service - Availability"},
	{"elevation-of-privilege", "Elevation of privilege - Authorization"},
}
View Source
var TechnicalAssetMachineTypeDescription = [...]TypeDescription{
	{"physical", "A physical machine"},
	{"virtual", "A virtual machine"},
	{"container", "A container"},
	{"serverless", "A serverless application"},
}
View Source
var TechnicalAssetSizeDescription = [...]TypeDescription{
	{"system", "A system consists of several services"},
	{"service", "A specific service (web, mail, ...)"},
	{"application", "A single application"},
	{"component", "A component of an application (smaller unit like a microservice)"},
}
View Source
var TechnicalAssetTechnologyTypeDescription = [...]TypeDescription{
	{"unknown-technology", "Unknown technology"},
	{"client-system", "A client system"},
	{"browser", "A web browser"},
	{"desktop", "A desktop system (or laptop)"},
	{"mobile-app", "A mobile app (smartphone, tablet)"},
	{"devops-client", "A client used for DevOps"},
	{"web-server", "A web server"},
	{"web-application", "A web application"},
	{"application-server", "An application server (Apache Tomcat, ...)"},
	{"database", "A database"},
	{"file-server", "A file server"},
	{"local-file-system", "The local file system"},
	{"erp", "Enterprise-Resource-Planning"},
	{"cms", "Content Management System"},
	{"web-service-rest", "A REST web service (API)"},
	{"web-service-soap", "A SOAP web service (API)"},
	{"ejb", "Jakarta Enterprise Beans fka Enterprise JavaBeans"},
	{"search-index", "The index database of a search engine"},
	{"search-engine", "A search engine"},
	{"service-registry", "A central place where data schemas can be found and distributed"},
	{"reverse-proxy", "A proxy hiding internal infrastructure from caller making requests. Can also reduce load"},
	{"load-balancer", "A load balancer directing incoming requests to available internal infrastructure"},
	{"build-pipeline", "A software build pipeline"},
	{"sourcecode-repository", "Git or similar"},
	{"artifact-registry", "A registry to store build artifacts"},
	{"code-inspection-platform", "(Static) Code Analysis)"},
	{"monitoring", "A monitoring system (SIEM, logs)"},
	{"ldap-server", "A LDAP server"},
	{"container-platform", "A platform for hosting and executing containers"},
	{"batch-processing", "A set of tools automatically processing data"},
	{"event-listener", "An event listener waiting to be triggered and spring to action"},
	{"identity-provider", "A authentication provider"},
	{"identity-store-ldap", "Authentication data as LDAP"},
	{"identity-store-database", "Authentication data as database"},
	{"tool", "A specific tool"},
	{"cli", "A command line tool"},
	{"task", "A specific task"},
	{"function", "A specific function (maybe RPC ?)"},
	{"gateway", "A gateway connecting two systems or trust boundaries"},
	{"iot-device", "An IoT device"},
	{"message-queue", "A message queue (like MQTT)"},
	{"stream-processing", "Data stream processing"},
	{"service-mesh", "Infrastructure for service-to-service communication"},
	{"data-lake", "A huge database"},
	{"big-data-platform", "Storage for big data"},
	{"report-engine", "Software for report generation"},
	{"ai", "An Artificial Intelligence service"},
	{"mail-server", "A Mail server"},
	{"vault", "Encryption and key management"},
	{"hsm", "Hardware Security Module"},
	{"waf", "Web Application Firewall"},
	{"ids", "Intrusion Detection System"},
	{"ips", "Intrusion Prevention System"},
	{"scheduler", "Scheduled tasks"},
	{"mainframe", "A central, big computer"},
	{"block-storage", "SAN or similar central file storage"},
	{"library", "A software library"},
}
View Source
var TechnicalAssetTypeDescription = [...]TypeDescription{
	{"external-entity", "This asset is hosted and managed by a third party"},
	{"process", "A software process"},
	{"datastore", "This asset stores data"},
}
View Source
var TrustBoundaryTypeDescription = [...]TypeDescription{
	{"network-on-prem", "The whole network is on prem"},
	{"network-dedicated-hoster", "The network is at a dedicated hoster"},
	{"network-virtual-lan", "Network is a VLAN"},
	{"network-cloud-provider", "Network is at a cloud provider"},
	{"network-cloud-security-group", "Cloud rules controlling network traffic"},
	{"network-policy-namespace-isolation", "Segregation in a Kubernetes cluster"},
	{"execution-environment", "Logical group of items (not a protective network boundary in that sense). More like a namespace or another logical group of items"},
}
View Source
var UsageTypeDescription = [...]TypeDescription{
	{"business", "This system is operational and does business tasks"},
	{"devops", "This system is for development and/or deployment or other operational tasks"},
}

Functions

func AddTagToModelInput

func AddTagToModelInput(modelInput *ModelInput, tag string, dryRun bool, changes *[]string)

func AddToListOfSupportedTags

func AddToListOfSupportedTags(tags []string)

func Contains

func Contains(a []string, x string) bool

Contains tells whether a contains x (in an unsorted slice)

func ContainsCaseInsensitiveAny

func ContainsCaseInsensitiveAny(a []string, x ...string) bool

func CountRisks

func CountRisks(risksByCategory map[RiskCategory][]Risk) int

func FilterByModelFailures

func FilterByModelFailures(risksByCat map[RiskCategory][]Risk) map[RiskCategory][]Risk

func Init

func Init()

func IsSharingSameParentTrustBoundary

func IsSharingSameParentTrustBoundary(left, right TechnicalAsset) bool

func IsTaggedWithBaseTag

func IsTaggedWithBaseTag(tags []string, basetag string) bool

func MakeID

func MakeID(val string) string

func NormalizeTag

func NormalizeTag(tag string) string

func QuestionsUnanswered

func QuestionsUnanswered() int

func RisksOfOnlyArchitecture

func RisksOfOnlyArchitecture(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlyBusinessSide

func RisksOfOnlyBusinessSide(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlyDevelopment

func RisksOfOnlyDevelopment(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlyOperation

func RisksOfOnlyOperation(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlySTRIDEDenialOfService

func RisksOfOnlySTRIDEDenialOfService(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlySTRIDEElevationOfPrivilege

func RisksOfOnlySTRIDEElevationOfPrivilege(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlySTRIDEInformationDisclosure

func RisksOfOnlySTRIDEInformationDisclosure(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlySTRIDERepudiation

func RisksOfOnlySTRIDERepudiation(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlySTRIDESpoofing

func RisksOfOnlySTRIDESpoofing(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func RisksOfOnlySTRIDETampering

func RisksOfOnlySTRIDETampering(risksByCategory map[RiskCategory][]Risk) map[RiskCategory][]Risk

func SortedKeysOfAbuseCases

func SortedKeysOfAbuseCases() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfDataAssets

func SortedKeysOfDataAssets() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfIndividualRiskCategories

func SortedKeysOfIndividualRiskCategories() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfQuestions

func SortedKeysOfQuestions() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfSecurityRequirements

func SortedKeysOfSecurityRequirements() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfSharedRuntime

func SortedKeysOfSharedRuntime() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfTechnicalAssets

func SortedKeysOfTechnicalAssets() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedKeysOfTrustBoundaries

func SortedKeysOfTrustBoundaries() []string

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedTechnicalAssetIDs

func SortedTechnicalAssetIDs() []string

func TagsActuallyUsed

func TagsActuallyUsed() []string

func TotalRiskCount

func TotalRiskCount() int

Types

type Authentication

type Authentication int
const (
	NoneAuthentication Authentication = iota
	Credentials
	SessionId
	Token
	ClientCertificate
	TwoFactor
	Externalized
)

func (Authentication) Explain

func (what Authentication) Explain() string

func (Authentication) String

func (what Authentication) String() string

type Author

type Author struct {
	Name     string `json:"name"`
	Homepage string `json:"homepage"`
}

type Authorization

type Authorization int
const (
	NoneAuthorization Authorization = iota
	TechnicalUser
	EnduserIdentityPropagation
)

func (Authorization) Explain

func (what Authorization) Explain() string

func (Authorization) String

func (what Authorization) String() string

type ByDataAssetDataBreachProbabilityAndTitleSort

type ByDataAssetDataBreachProbabilityAndTitleSort []DataAsset

func (ByDataAssetDataBreachProbabilityAndTitleSort) Len

func (ByDataAssetDataBreachProbabilityAndTitleSort) Less

func (ByDataAssetDataBreachProbabilityAndTitleSort) Swap

type ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk

type ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk []DataAsset

func (ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Len

func (ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Less

func (ByDataAssetDataBreachProbabilityAndTitleSortStillAtRisk) Swap

type ByDataAssetTitleSort

type ByDataAssetTitleSort []DataAsset

func (ByDataAssetTitleSort) Len

func (what ByDataAssetTitleSort) Len() int

func (ByDataAssetTitleSort) Less

func (what ByDataAssetTitleSort) Less(i, j int) bool

func (ByDataAssetTitleSort) Swap

func (what ByDataAssetTitleSort) Swap(i, j int)

type ByDataBreachProbabilitySort

type ByDataBreachProbabilitySort []Risk

func (ByDataBreachProbabilitySort) Len

func (what ByDataBreachProbabilitySort) Len() int

func (ByDataBreachProbabilitySort) Less

func (what ByDataBreachProbabilitySort) Less(i, j int) bool

func (ByDataBreachProbabilitySort) Swap

func (what ByDataBreachProbabilitySort) Swap(i, j int)

type ByDataFormatAcceptedSort

type ByDataFormatAcceptedSort []DataFormat

func (ByDataFormatAcceptedSort) Len

func (what ByDataFormatAcceptedSort) Len() int

func (ByDataFormatAcceptedSort) Less

func (what ByDataFormatAcceptedSort) Less(i, j int) bool

func (ByDataFormatAcceptedSort) Swap

func (what ByDataFormatAcceptedSort) Swap(i, j int)

type ByOrderAndIdSort

type ByOrderAndIdSort []TechnicalAsset

func (ByOrderAndIdSort) Len

func (what ByOrderAndIdSort) Len() int

func (ByOrderAndIdSort) Less

func (what ByOrderAndIdSort) Less(i, j int) bool

func (ByOrderAndIdSort) Swap

func (what ByOrderAndIdSort) Swap(i, j int)

type ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk

type ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk []RiskCategory

func (ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Len

func (ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Less

func (ByRiskCategoryHighestContainingRiskSeveritySortStillAtRisk) Swap

type ByRiskCategoryTitleSort

type ByRiskCategoryTitleSort []RiskCategory

func (ByRiskCategoryTitleSort) Len

func (what ByRiskCategoryTitleSort) Len() int

func (ByRiskCategoryTitleSort) Less

func (what ByRiskCategoryTitleSort) Less(i, j int) bool

func (ByRiskCategoryTitleSort) Swap

func (what ByRiskCategoryTitleSort) Swap(i, j int)

type ByRiskSeveritySort

type ByRiskSeveritySort []Risk

func (ByRiskSeveritySort) Len

func (what ByRiskSeveritySort) Len() int

func (ByRiskSeveritySort) Less

func (what ByRiskSeveritySort) Less(i, j int) bool

func (ByRiskSeveritySort) Swap

func (what ByRiskSeveritySort) Swap(i, j int)

type BySharedRuntimeTitleSort

type BySharedRuntimeTitleSort []SharedRuntime

func (BySharedRuntimeTitleSort) Len

func (what BySharedRuntimeTitleSort) Len() int

func (BySharedRuntimeTitleSort) Less

func (what BySharedRuntimeTitleSort) Less(i, j int) bool

func (BySharedRuntimeTitleSort) Swap

func (what BySharedRuntimeTitleSort) Swap(i, j int)

type ByTechnicalAssetRAAAndTitleSort

type ByTechnicalAssetRAAAndTitleSort []TechnicalAsset

func (ByTechnicalAssetRAAAndTitleSort) Len

func (ByTechnicalAssetRAAAndTitleSort) Less

func (what ByTechnicalAssetRAAAndTitleSort) Less(i, j int) bool

func (ByTechnicalAssetRAAAndTitleSort) Swap

func (what ByTechnicalAssetRAAAndTitleSort) Swap(i, j int)

type ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk

type ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk []TechnicalAsset

func (ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Len

func (ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Less

func (ByTechnicalAssetRiskSeverityAndTitleSortStillAtRisk) Swap

type ByTechnicalAssetTitleSort

type ByTechnicalAssetTitleSort []TechnicalAsset

func (ByTechnicalAssetTitleSort) Len

func (what ByTechnicalAssetTitleSort) Len() int

func (ByTechnicalAssetTitleSort) Less

func (what ByTechnicalAssetTitleSort) Less(i, j int) bool

func (ByTechnicalAssetTitleSort) Swap

func (what ByTechnicalAssetTitleSort) Swap(i, j int)

type ByTechnicalCommunicationLinkIdSort

type ByTechnicalCommunicationLinkIdSort []CommunicationLink

func (ByTechnicalCommunicationLinkIdSort) Len

func (ByTechnicalCommunicationLinkIdSort) Less

func (ByTechnicalCommunicationLinkIdSort) Swap

func (what ByTechnicalCommunicationLinkIdSort) Swap(i, j int)

type ByTechnicalCommunicationLinkTitleSort

type ByTechnicalCommunicationLinkTitleSort []CommunicationLink

func (ByTechnicalCommunicationLinkTitleSort) Len

func (ByTechnicalCommunicationLinkTitleSort) Less

func (ByTechnicalCommunicationLinkTitleSort) Swap

type ByTrustBoundaryTitleSort

type ByTrustBoundaryTitleSort []TrustBoundary

func (ByTrustBoundaryTitleSort) Len

func (what ByTrustBoundaryTitleSort) Len() int

func (ByTrustBoundaryTitleSort) Less

func (what ByTrustBoundaryTitleSort) Less(i, j int) bool

func (ByTrustBoundaryTitleSort) Swap

func (what ByTrustBoundaryTitleSort) Swap(i, j int)
type CommunicationLink struct {
	Id, SourceId, TargetId, Title, Description string
	Protocol                                   Protocol
	Tags                                       []string
	VPN, IpFiltered, Readonly                  bool
	Authentication                             Authentication
	Authorization                              Authorization
	Usage                                      Usage
	DataAssetsSent, DataAssetsReceived         []string
	DiagramTweakWeight                         int
	DiagramTweakConstraint                     bool
}

func CommunicationLinksTaggedWithAny

func CommunicationLinksTaggedWithAny(tags ...string) []CommunicationLink

func (CommunicationLink) DataAssetsReceivedSorted

func (what CommunicationLink) DataAssetsReceivedSorted() []DataAsset

func (CommunicationLink) DataAssetsSentSorted

func (what CommunicationLink) DataAssetsSentSorted() []DataAsset

func (CommunicationLink) DetermineArrowColor

func (what CommunicationLink) DetermineArrowColor() string

pink when model forgery attempt (i.e. nothing being sent and received)

func (CommunicationLink) DetermineArrowLineStyle

func (what CommunicationLink) DetermineArrowLineStyle() string

dotted when model forgery attempt (i.e. nothing being sent and received)

func (CommunicationLink) DetermineArrowPenWidth

func (what CommunicationLink) DetermineArrowPenWidth() string

func (CommunicationLink) DetermineLabelColor

func (what CommunicationLink) DetermineLabelColor() string

func (CommunicationLink) HighestAvailability

func (what CommunicationLink) HighestAvailability() Criticality

func (CommunicationLink) HighestConfidentiality

func (what CommunicationLink) HighestConfidentiality() Confidentiality

func (CommunicationLink) HighestIntegrity

func (what CommunicationLink) HighestIntegrity() Criticality

func (CommunicationLink) IsAcrossTrustBoundary

func (what CommunicationLink) IsAcrossTrustBoundary() bool

func (CommunicationLink) IsAcrossTrustBoundaryNetworkOnly

func (what CommunicationLink) IsAcrossTrustBoundaryNetworkOnly() bool

func (CommunicationLink) IsBidirectional

func (what CommunicationLink) IsBidirectional() bool

func (CommunicationLink) IsTaggedWithAny

func (what CommunicationLink) IsTaggedWithAny(tags ...string) bool

func (CommunicationLink) IsTaggedWithBaseTag

func (what CommunicationLink) IsTaggedWithBaseTag(basetag string) bool

type Confidentiality

type Confidentiality int
const (
	Public Confidentiality = iota
	Internal
	Restricted
	Confidential
	StrictlyConfidential
)

func ParseConfidentiality

func ParseConfidentiality(value string) (confidentiality Confidentiality, err error)

func (Confidentiality) AttackerAttractivenessForAsset

func (what Confidentiality) AttackerAttractivenessForAsset() float64

func (Confidentiality) AttackerAttractivenessForInOutTransferredData

func (what Confidentiality) AttackerAttractivenessForInOutTransferredData() float64

func (Confidentiality) AttackerAttractivenessForProcessedOrStoredData

func (what Confidentiality) AttackerAttractivenessForProcessedOrStoredData() float64

func (Confidentiality) Explain

func (what Confidentiality) Explain() string

func (Confidentiality) RatingStringInScale

func (what Confidentiality) RatingStringInScale() string

func (Confidentiality) String

func (what Confidentiality) String() string

type Criticality

type Criticality int
const (
	Archive Criticality = iota
	Operational
	Important
	Critical
	MissionCritical
)

func ParseCriticality

func ParseCriticality(value string) (criticality Criticality, err error)

func (Criticality) AttackerAttractivenessForAsset

func (what Criticality) AttackerAttractivenessForAsset() float64

func (Criticality) AttackerAttractivenessForInOutTransferredData

func (what Criticality) AttackerAttractivenessForInOutTransferredData() float64

func (Criticality) AttackerAttractivenessForProcessedOrStoredData

func (what Criticality) AttackerAttractivenessForProcessedOrStoredData() float64

func (Criticality) Explain

func (what Criticality) Explain() string

func (Criticality) RatingStringInScale

func (what Criticality) RatingStringInScale() string

func (Criticality) String

func (what Criticality) String() string

type CustomRiskRule

type CustomRiskRule interface {
	Category() RiskCategory
	SupportedTags() []string
	GenerateRisks() []Risk
}

type DataAsset

type DataAsset struct {
	Id                      string `json:"id"`          // TODO: tag here still required?
	Title                   string `json:"title"`       // TODO: tag here still required?
	Description             string `json:"description"` // TODO: tag here still required?
	Usage                   Usage
	Tags                    []string
	Origin, Owner           string
	Quantity                Quantity
	Confidentiality         Confidentiality
	Integrity, Availability Criticality
	JustificationCiaRating  string
}

func DataAssetsTaggedWithAny

func DataAssetsTaggedWithAny(tags ...string) []DataAsset

func SortedDataAssetsByDataBreachProbabilityAndTitle

func SortedDataAssetsByDataBreachProbabilityAndTitle() []DataAsset

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedDataAssetsByDataBreachProbabilityAndTitleStillAtRisk

func SortedDataAssetsByDataBreachProbabilityAndTitleStillAtRisk() []DataAsset

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedDataAssetsByTitle

func SortedDataAssetsByTitle() []DataAsset

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func (DataAsset) IdentifiedDataBreachProbability

func (what DataAsset) IdentifiedDataBreachProbability() DataBreachProbability

func (DataAsset) IdentifiedDataBreachProbabilityRisks

func (what DataAsset) IdentifiedDataBreachProbabilityRisks() []Risk

func (DataAsset) IdentifiedDataBreachProbabilityRisksStillAtRisk

func (what DataAsset) IdentifiedDataBreachProbabilityRisksStillAtRisk() []Risk

func (DataAsset) IdentifiedDataBreachProbabilityStillAtRisk

func (what DataAsset) IdentifiedDataBreachProbabilityStillAtRisk() DataBreachProbability

func (DataAsset) IdentifiedRisksByResponsibleTechnicalAssetId

func (what DataAsset) IdentifiedRisksByResponsibleTechnicalAssetId() map[string][]Risk
func (what DataAsset) IsAtRisk() bool {
	for _, techAsset := range what.ProcessedByTechnicalAssetsSorted() {
		if len(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks())) > 0 {
			return true
		}
	}
	for _, techAsset := range what.StoredByTechnicalAssetsSorted() {
		if len(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks())) > 0 {
			return true
		}
	}
	return false
}
func (what DataAsset) IdentifiedRiskSeverityStillAtRisk() RiskSeverity {
	highestRiskSeverity := Low
	for _, techAsset := range what.ProcessedByTechnicalAssetsSorted() {
		candidateSeverity := HighestSeverityStillAtRisk(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks()))
		if candidateSeverity > highestRiskSeverity {
			highestRiskSeverity = candidateSeverity
		}
	}
	for _, techAsset := range what.StoredByTechnicalAssetsSorted() {
		candidateSeverity := HighestSeverityStillAtRisk(ReduceToOnlyStillAtRisk(techAsset.GeneratedRisks()))
		if candidateSeverity > highestRiskSeverity {
			highestRiskSeverity = candidateSeverity
		}
	}
	return highestRiskSeverity
}

func (DataAsset) IsDataBreachPotentialStillAtRisk

func (what DataAsset) IsDataBreachPotentialStillAtRisk() bool

func (DataAsset) IsTaggedWithAny

func (what DataAsset) IsTaggedWithAny(tags ...string) bool

func (DataAsset) IsTaggedWithBaseTag

func (what DataAsset) IsTaggedWithBaseTag(basetag string) bool

func (DataAsset) ProcessedByTechnicalAssetsSorted

func (what DataAsset) ProcessedByTechnicalAssetsSorted() []TechnicalAsset

func (DataAsset) ReceivedViaCommLinksSorted

func (what DataAsset) ReceivedViaCommLinksSorted() []CommunicationLink

func (DataAsset) SentViaCommLinksSorted

func (what DataAsset) SentViaCommLinksSorted() []CommunicationLink

func (DataAsset) StoredByTechnicalAssetsSorted

func (what DataAsset) StoredByTechnicalAssetsSorted() []TechnicalAsset

type DataBreachProbability

type DataBreachProbability int
const (
	Improbable DataBreachProbability = iota
	Possible
	Probable
)

func (DataBreachProbability) Explain

func (what DataBreachProbability) Explain() string

func (DataBreachProbability) MarshalJSON

func (what DataBreachProbability) MarshalJSON() ([]byte, error)

func (DataBreachProbability) String

func (what DataBreachProbability) String() string

func (DataBreachProbability) Title

func (what DataBreachProbability) Title() string

type DataFormat

type DataFormat int
const (
	JSON DataFormat = iota
	XML
	Serialization
	File
	CSV
)

func (DataFormat) Description

func (what DataFormat) Description() string

func (DataFormat) Explain

func (what DataFormat) Explain() string

func (DataFormat) String

func (what DataFormat) String() string

func (DataFormat) Title

func (what DataFormat) Title() string

type EncryptionStyle

type EncryptionStyle int
const (
	NoneEncryption EncryptionStyle = iota
	Transparent
	DataWithSymmetricSharedKey
	DataWithAsymmetricSharedKey
	DataWithEnduserIndividualKey
)

func ParseEncryptionStyle

func ParseEncryptionStyle(value string) (encryptionStyle EncryptionStyle, err error)

func (EncryptionStyle) Explain

func (what EncryptionStyle) Explain() string

func (EncryptionStyle) String

func (what EncryptionStyle) String() string

func (EncryptionStyle) Title

func (what EncryptionStyle) Title() string
type InputCommunicationLink struct {
	Target                   string   `json:"target"`
	Description              string   `json:"description"`
	Protocol                 string   `json:"protocol"`
	Authentication           string   `json:"authentication"`
	Authorization            string   `json:"authorization"`
	Tags                     []string `json:"tags"`
	VPN                      bool     `json:"vpn"`
	IP_filtered              bool     `json:"ip_filtered"`
	Readonly                 bool     `json:"readonly"`
	Usage                    string   `json:"usage"`
	Data_assets_sent         []string `json:"data_assets_sent"`
	Data_assets_received     []string `json:"data_assets_received"`
	Diagram_tweak_weight     int      `json:"diagram_tweak_weight"`
	Diagram_tweak_constraint bool     `json:"diagram_tweak_constraint"`
}

type InputDataAsset

type InputDataAsset struct {
	ID                       string   `json:"id"`
	Description              string   `json:"description"`
	Usage                    string   `json:"usage"`
	Tags                     []string `json:"tags"`
	Origin                   string   `json:"origin"`
	Owner                    string   `json:"owner"`
	Quantity                 string   `json:"quantity"`
	Confidentiality          string   `json:"confidentiality"`
	Integrity                string   `json:"integrity"`
	Availability             string   `json:"availability"`
	Justification_cia_rating string   `json:"justification_cia_rating"`
}

type InputIndividualRiskCategory

type InputIndividualRiskCategory struct {
	ID                            string                         `json:"id"`
	Description                   string                         `json:"description"`
	Impact                        string                         `json:"impact"`
	ASVS                          string                         `json:"asvs"`
	Cheat_sheet                   string                         `json:"cheat_sheet"`
	Action                        string                         `json:"action"`
	Mitigation                    string                         `json:"mitigation"`
	Check                         string                         `json:"check"`
	Function                      string                         `json:"function"`
	STRIDE                        string                         `json:"stride"`
	Detection_logic               string                         `json:"detection_logic"`
	Risk_assessment               string                         `json:"risk_assessment"`
	False_positives               string                         `json:"false_positives"`
	Model_failure_possible_reason bool                           `json:"model_failure_possible_reason"`
	CWE                           int                            `json:"cwe"`
	Risks_identified              map[string]InputRiskIdentified `json:"risks_identified"`
}

type InputRiskIdentified

type InputRiskIdentified struct {
	Severity                         string   `json:"severity"`
	Exploitation_likelihood          string   `json:"exploitation_likelihood"`
	Exploitation_impact              string   `json:"exploitation_impact"`
	Data_breach_probability          string   `json:"data_breach_probability"`
	Data_breach_technical_assets     []string `json:"data_breach_technical_assets"`
	Most_relevant_data_asset         string   `json:"most_relevant_data_asset"`
	Most_relevant_technical_asset    string   `json:"most_relevant_technical_asset"`
	Most_relevant_communication_link string   `json:"most_relevant_communication_link"`
	Most_relevant_trust_boundary     string   `json:"most_relevant_trust_boundary"`
	Most_relevant_shared_runtime     string   `json:"most_relevant_shared_runtime"`
}

type InputRiskTracking

type InputRiskTracking struct {
	Status        string `json:"status"`
	Justification string `json:"justification"`
	Ticket        string `json:"ticket"`
	Date          string `json:"date"`
	Checked_by    string `json:"checked_by"`
}

type InputSharedRuntime

type InputSharedRuntime struct {
	ID                       string   `json:"id"`
	Description              string   `json:"description"`
	Tags                     []string `json:"tags"`
	Technical_assets_running []string `json:"technical_assets_running"`
}

type InputTechnicalAsset

type InputTechnicalAsset struct {
	ID                         string                            `json:"id"`
	Description                string                            `json:"description"`
	Type                       string                            `json:"type"`
	Usage                      string                            `json:"usage"`
	Used_as_client_by_human    bool                              `json:"used_as_client_by_human"`
	Out_of_scope               bool                              `json:"out_of_scope"`
	Justification_out_of_scope string                            `json:"justification_out_of_scope"`
	Size                       string                            `json:"size"`
	Technology                 string                            `json:"technology"`
	Tags                       []string                          `json:"tags"`
	Internet                   bool                              `json:"internet"`
	Machine                    string                            `json:"machine"`
	Encryption                 string                            `json:"encryption"`
	Owner                      string                            `json:"owner"`
	Confidentiality            string                            `json:"confidentiality"`
	Integrity                  string                            `json:"integrity"`
	Availability               string                            `json:"availability"`
	Justification_cia_rating   string                            `json:"justification_cia_rating"`
	Multi_tenant               bool                              `json:"multi_tenant"`
	Redundant                  bool                              `json:"redundant"`
	Custom_developed_parts     bool                              `json:"custom_developed_parts"`
	Data_assets_processed      []string                          `json:"data_assets_processed"`
	Data_assets_stored         []string                          `json:"data_assets_stored"`
	Data_formats_accepted      []string                          `json:"data_formats_accepted"`
	Diagram_tweak_order        int                               `json:"diagram_tweak_order"`
	Communication_links        map[string]InputCommunicationLink `json:"communication_links"`
}

type InputTrustBoundary

type InputTrustBoundary struct {
	ID                      string   `json:"id"`
	Description             string   `json:"description"`
	Type                    string   `json:"type"`
	Tags                    []string `json:"tags"`
	Technical_assets_inside []string `json:"technical_assets_inside"`
	Trust_boundaries_nested []string `json:"trust_boundaries_nested"`
}

type MacroDetails

type MacroDetails struct {
	ID, Title, Description string
}

type MacroQuestion

type MacroQuestion struct {
	ID, Title, Description string
	PossibleAnswers        []string
	MultiSelect            bool
	DefaultAnswer          string
}

func NoMoreQuestions

func NoMoreQuestions() MacroQuestion

func (MacroQuestion) IsMatchingValueConstraint

func (what MacroQuestion) IsMatchingValueConstraint(answer string) bool

func (MacroQuestion) IsValueConstrained

func (what MacroQuestion) IsValueConstrained() bool

func (MacroQuestion) NoMoreQuestions

func (what MacroQuestion) NoMoreQuestions() bool

type ModelInput

type ModelInput struct {
	Threagile_version                                  string
	Title                                              string
	Author                                             Author
	Date                                               string
	Business_overview                                  Overview
	Technical_overview                                 Overview
	Business_criticality                               string
	Management_summary_comment                         string
	Questions                                          map[string]string
	Abuse_cases                                        map[string]string
	Security_requirements                              map[string]string
	Tags_available                                     []string
	Data_assets                                        map[string]InputDataAsset
	Technical_assets                                   map[string]InputTechnicalAsset
	Trust_boundaries                                   map[string]InputTrustBoundary
	Shared_runtimes                                    map[string]InputSharedRuntime
	Individual_risk_categories                         map[string]InputIndividualRiskCategory
	Risk_tracking                                      map[string]InputRiskTracking
	Diagram_tweak_nodesep, Diagram_tweak_ranksep       int
	Diagram_tweak_edge_layout                          string
	Diagram_tweak_suppress_edge_labels                 bool
	Diagram_tweak_layout_left_to_right                 bool
	Diagram_tweak_invisible_connections_between_assets []string
	Diagram_tweak_same_rank_assets                     []string
}

type Overview

type Overview struct {
	Description string              `json:"description"`
	Images      []map[string]string `json:"images"` // yes, array of map here, as array keeps the order of the image keys
}

type ParsedModel

type ParsedModel struct {
	Author                                        Author
	Title                                         string
	Date                                          time.Time
	ManagementSummaryComment                      string
	BusinessOverview                              Overview
	TechnicalOverview                             Overview
	BusinessCriticality                           Criticality
	SecurityRequirements                          map[string]string
	Questions                                     map[string]string
	AbuseCases                                    map[string]string
	TagsAvailable                                 []string
	DataAssets                                    map[string]DataAsset
	TechnicalAssets                               map[string]TechnicalAsset
	TrustBoundaries                               map[string]TrustBoundary
	SharedRuntimes                                map[string]SharedRuntime
	IndividualRiskCategories                      map[string]RiskCategory
	RiskTracking                                  map[string]RiskTracking
	DiagramTweakNodesep, DiagramTweakRanksep      int
	DiagramTweakEdgeLayout                        string
	DiagramTweakSuppressEdgeLabels                bool
	DiagramTweakLayoutLeftToRight                 bool
	DiagramTweakInvisibleConnectionsBetweenAssets []string
	DiagramTweakSameRankAssets                    []string
}
var ParsedModelRoot ParsedModel

type Protocol

type Protocol int
const (
	UnknownProtocol Protocol = iota
	HTTP
	HTTPS
	WS
	WSS
	Reverse_proxy_web_protocol
	Reverse_proxy_web_protocol_encrypted
	MQTT
	JDBC
	JDBC_encrypted
	ODBC
	ODBC_encrypted
	SQL_access_protocol
	SQL_access_protocol_encrypted
	NoSQL_access_protocol
	NoSQL_access_protocol_encrypted
	BINARY
	BINARY_encrypted
	TEXT
	TEXT_encrypted
	SSH
	SSH_tunnel
	SMTP
	SMTP_encrypted
	POP3
	POP3_encrypted
	IMAP
	IMAP_encrypted
	FTP
	FTPS
	SFTP
	SCP
	LDAP
	LDAPS
	JMS
	NFS
	SMB
	SMB_encrypted
	LocalFileAccess
	NRPE
	XMPP
	IIOP
	IIOP_encrypted
	JRMP
	JRMP_encrypted
	InProcessLibraryCall
	ContainerSpawning
)

func (Protocol) Explain

func (what Protocol) Explain() string

func (Protocol) IsEncrypted

func (what Protocol) IsEncrypted() bool

func (Protocol) IsPotentialDatabaseAccessProtocol

func (what Protocol) IsPotentialDatabaseAccessProtocol(includingLaxDatabaseProtocols bool) bool

func (Protocol) IsPotentialWebAccessProtocol

func (what Protocol) IsPotentialWebAccessProtocol() bool

func (Protocol) IsProcessLocal

func (what Protocol) IsProcessLocal() bool

func (Protocol) String

func (what Protocol) String() string

type Quantity

type Quantity int
const (
	VeryFew Quantity = iota
	Few
	Many
	VeryMany
)

func ParseQuantity

func ParseQuantity(value string) (quantity Quantity, err error)

func (Quantity) Explain

func (what Quantity) Explain() string

func (Quantity) QuantityFactor

func (what Quantity) QuantityFactor() float64

func (Quantity) String

func (what Quantity) String() string

func (Quantity) Title

func (what Quantity) Title() string

type Risk

type Risk struct {
	Category                        RiskCategory               `json:"-"`           // just for navigational convenience... not JSON marshalled
	CategoryId                      string                     `json:"category"`    // used for better JSON marshalling, is assigned in risk evaluation phase automatically
	RiskStatus                      RiskStatus                 `json:"risk_status"` // used for better JSON marshalling, is assigned in risk evaluation phase automatically
	Severity                        RiskSeverity               `json:"severity"`
	ExploitationLikelihood          RiskExploitationLikelihood `json:"exploitation_likelihood"`
	ExploitationImpact              RiskExploitationImpact     `json:"exploitation_impact"`
	Title                           string                     `json:"title"`
	SyntheticId                     string                     `json:"synthetic_id"`
	MostRelevantDataAssetId         string                     `json:"most_relevant_data_asset"`
	MostRelevantTechnicalAssetId    string                     `json:"most_relevant_technical_asset"`
	MostRelevantTrustBoundaryId     string                     `json:"most_relevant_trust_boundary"`
	MostRelevantSharedRuntimeId     string                     `json:"most_relevant_shared_runtime"`
	MostRelevantCommunicationLinkId string                     `json:"most_relevant_communication_link"`
	DataBreachProbability           DataBreachProbability      `json:"data_breach_probability"`
	DataBreachTechnicalAssetIDs     []string                   `json:"data_breach_technical_assets"`
}

func AllRisks

func AllRisks() []Risk

func FilteredByOnlyArchitecture

func FilteredByOnlyArchitecture() []Risk

func FilteredByOnlyBusinessSide

func FilteredByOnlyBusinessSide() []Risk

func FilteredByOnlyCriticalRisks

func FilteredByOnlyCriticalRisks() []Risk

func FilteredByOnlyDevelopment

func FilteredByOnlyDevelopment() []Risk

func FilteredByOnlyElevatedRisks

func FilteredByOnlyElevatedRisks() []Risk

func FilteredByOnlyHighRisks

func FilteredByOnlyHighRisks() []Risk

func FilteredByOnlyLowRisks

func FilteredByOnlyLowRisks() []Risk

func FilteredByOnlyMediumRisks

func FilteredByOnlyMediumRisks() []Risk

func FilteredByOnlyOperation

func FilteredByOnlyOperation() []Risk

func FilteredByRiskTrackingAccepted

func FilteredByRiskTrackingAccepted() []Risk

func FilteredByRiskTrackingFalsePositive

func FilteredByRiskTrackingFalsePositive() []Risk

func FilteredByRiskTrackingInDiscussion

func FilteredByRiskTrackingInDiscussion() []Risk

func FilteredByRiskTrackingInProgress

func FilteredByRiskTrackingInProgress() []Risk

func FilteredByRiskTrackingMitigated

func FilteredByRiskTrackingMitigated() []Risk

func FilteredByRiskTrackingUnchecked

func FilteredByRiskTrackingUnchecked() []Risk

func FilteredByStillAtRisk

func FilteredByStillAtRisk() []Risk

func FlattenRiskSlice

func FlattenRiskSlice(risksByCat map[RiskCategory][]Risk) []Risk

func ReduceToOnlyHighRisk

func ReduceToOnlyHighRisk(risks []Risk) []Risk

func ReduceToOnlyLowRisk

func ReduceToOnlyLowRisk(risks []Risk) []Risk

func ReduceToOnlyMediumRisk

func ReduceToOnlyMediumRisk(risks []Risk) []Risk

func ReduceToOnlyRiskTrackingAccepted

func ReduceToOnlyRiskTrackingAccepted(risks []Risk) []Risk

func ReduceToOnlyRiskTrackingFalsePositive

func ReduceToOnlyRiskTrackingFalsePositive(risks []Risk) []Risk

func ReduceToOnlyRiskTrackingInDiscussion

func ReduceToOnlyRiskTrackingInDiscussion(risks []Risk) []Risk

func ReduceToOnlyRiskTrackingInProgress

func ReduceToOnlyRiskTrackingInProgress(risks []Risk) []Risk

func ReduceToOnlyRiskTrackingMitigated

func ReduceToOnlyRiskTrackingMitigated(risks []Risk) []Risk

func ReduceToOnlyRiskTrackingUnchecked

func ReduceToOnlyRiskTrackingUnchecked(risks []Risk) []Risk

func ReduceToOnlyStillAtRisk

func ReduceToOnlyStillAtRisk(risks []Risk) []Risk

func SortedRisksOfCategory

func SortedRisksOfCategory(category RiskCategory) []Risk

func (Risk) GetRiskTracking

func (what Risk) GetRiskTracking() RiskTracking

func (Risk) GetRiskTrackingStatusDefaultingUnchecked

func (what Risk) GetRiskTrackingStatusDefaultingUnchecked() RiskStatus

func (Risk) IsRiskTracked

func (what Risk) IsRiskTracked() bool

type RiskCategory

type RiskCategory struct {
	// TODO: refactor all "Id" here and elsewhere to "ID"
	Id                         string
	Title                      string
	Description                string
	Impact                     string
	ASVS                       string
	CheatSheet                 string
	Action                     string
	Mitigation                 string
	Check                      string
	DetectionLogic             string
	RiskAssessment             string
	FalsePositives             string
	Function                   RiskFunction
	STRIDE                     STRIDE
	ModelFailurePossibleReason bool
	CWE                        int
}

func CategoriesOfOnlyCriticalRisks

func CategoriesOfOnlyCriticalRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory

func CategoriesOfOnlyElevatedRisks

func CategoriesOfOnlyElevatedRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory

func CategoriesOfOnlyHighRisks

func CategoriesOfOnlyHighRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory

func CategoriesOfOnlyLowRisks

func CategoriesOfOnlyLowRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory

func CategoriesOfOnlyMediumRisks

func CategoriesOfOnlyMediumRisks(risksByCategory map[RiskCategory][]Risk, initialRisks bool) []RiskCategory

func CategoriesOfOnlyRisksStillAtRisk

func CategoriesOfOnlyRisksStillAtRisk(risksByCategory map[RiskCategory][]Risk) []RiskCategory

func SortedRiskCategories

func SortedRiskCategories() []RiskCategory

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

type RiskExploitationImpact

type RiskExploitationImpact int
const (
	LowImpact RiskExploitationImpact = iota
	MediumImpact
	HighImpact
	VeryHighImpact
)

func HighestExploitationImpact

func HighestExploitationImpact(risks []Risk) RiskExploitationImpact

func (RiskExploitationImpact) Explain

func (what RiskExploitationImpact) Explain() string

func (RiskExploitationImpact) MarshalJSON

func (what RiskExploitationImpact) MarshalJSON() ([]byte, error)

func (RiskExploitationImpact) String

func (what RiskExploitationImpact) String() string

func (RiskExploitationImpact) Title

func (what RiskExploitationImpact) Title() string

func (RiskExploitationImpact) Weight

func (what RiskExploitationImpact) Weight() int

type RiskExploitationLikelihood

type RiskExploitationLikelihood int
const (
	Unlikely RiskExploitationLikelihood = iota
	Likely
	VeryLikely
	Frequent
)

func HighestExploitationLikelihood

func HighestExploitationLikelihood(risks []Risk) RiskExploitationLikelihood

func (RiskExploitationLikelihood) Explain

func (what RiskExploitationLikelihood) Explain() string

func (RiskExploitationLikelihood) MarshalJSON

func (what RiskExploitationLikelihood) MarshalJSON() ([]byte, error)

func (RiskExploitationLikelihood) String

func (what RiskExploitationLikelihood) String() string

func (RiskExploitationLikelihood) Title

func (what RiskExploitationLikelihood) Title() string

func (RiskExploitationLikelihood) Weight

func (what RiskExploitationLikelihood) Weight() int

type RiskFunction

type RiskFunction int
const (
	BusinessSide RiskFunction = iota
	Architecture
	Development
	Operations
)

func (RiskFunction) Explain

func (what RiskFunction) Explain() string

func (RiskFunction) MarshalJSON

func (what RiskFunction) MarshalJSON() ([]byte, error)

func (RiskFunction) String

func (what RiskFunction) String() string

func (RiskFunction) Title

func (what RiskFunction) Title() string

type RiskRule

type RiskRule interface {
	Category() RiskCategory
	GenerateRisks(parsedModel ParsedModel) []Risk
}

type RiskSeverity

type RiskSeverity int
const (
	LowSeverity RiskSeverity = iota
	MediumSeverity
	ElevatedSeverity
	HighSeverity
	CriticalSeverity
)

func CalculateSeverity

func CalculateSeverity(likelihood RiskExploitationLikelihood, impact RiskExploitationImpact) RiskSeverity

func HighestSeverity

func HighestSeverity(risks []Risk) RiskSeverity

func HighestSeverityStillAtRisk

func HighestSeverityStillAtRisk(risks []Risk) RiskSeverity

func (RiskSeverity) Explain

func (what RiskSeverity) Explain() string

func (RiskSeverity) MarshalJSON

func (what RiskSeverity) MarshalJSON() ([]byte, error)

func (RiskSeverity) String

func (what RiskSeverity) String() string

func (RiskSeverity) Title

func (what RiskSeverity) Title() string

type RiskStatistics

type RiskStatistics struct {
	// TODO add also some more like before / after (i.e. with mitigation applied)
	Risks map[string]map[string]int `json:"risks"`
}

func OverallRiskStatistics

func OverallRiskStatistics() RiskStatistics

type RiskStatus

type RiskStatus int
const (
	Unchecked RiskStatus = iota
	InDiscussion
	Accepted
	InProgress
	Mitigated
	FalsePositive
)

func (RiskStatus) Explain

func (what RiskStatus) Explain() string

func (RiskStatus) IsStillAtRisk

func (what RiskStatus) IsStillAtRisk() bool

func (RiskStatus) MarshalJSON

func (what RiskStatus) MarshalJSON() ([]byte, error)

func (RiskStatus) String

func (what RiskStatus) String() string

func (RiskStatus) Title

func (what RiskStatus) Title() string

type RiskTracking

type RiskTracking struct {
	SyntheticRiskId, Justification, Ticket, CheckedBy string
	Status                                            RiskStatus
	Date                                              time.Time
}

type STRIDE

type STRIDE int
const (
	Spoofing STRIDE = iota
	Tampering
	Repudiation
	InformationDisclosure
	DenialOfService
	ElevationOfPrivilege
)

func (STRIDE) Explain

func (what STRIDE) Explain() string

func (STRIDE) MarshalJSON

func (what STRIDE) MarshalJSON() ([]byte, error)

func (STRIDE) String

func (what STRIDE) String() string

func (STRIDE) Title

func (what STRIDE) Title() string

type SharedRuntime

type SharedRuntime struct {
	Id, Title, Description string
	Tags                   []string
	TechnicalAssetsRunning []string
}

func SharedRuntimesTaggedWithAny

func SharedRuntimesTaggedWithAny(tags ...string) []SharedRuntime

func SortedSharedRuntimesByTitle

func SortedSharedRuntimesByTitle() []SharedRuntime

func (SharedRuntime) HighestAvailability

func (what SharedRuntime) HighestAvailability() Criticality

func (SharedRuntime) HighestConfidentiality

func (what SharedRuntime) HighestConfidentiality() Confidentiality

func (SharedRuntime) HighestIntegrity

func (what SharedRuntime) HighestIntegrity() Criticality

func (SharedRuntime) IsTaggedWithAny

func (what SharedRuntime) IsTaggedWithAny(tags ...string) bool

func (SharedRuntime) IsTaggedWithBaseTag

func (what SharedRuntime) IsTaggedWithBaseTag(basetag string) bool

func (SharedRuntime) TechnicalAssetWithHighestRAA

func (what SharedRuntime) TechnicalAssetWithHighestRAA() TechnicalAsset

type TechnicalAsset

type TechnicalAsset struct {
	Id, Title, Description                                                                  string
	Usage                                                                                   Usage
	Type                                                                                    TechnicalAssetType
	Size                                                                                    TechnicalAssetSize
	Technology                                                                              TechnicalAssetTechnology
	Machine                                                                                 TechnicalAssetMachine
	Internet, MultiTenant, Redundant, CustomDevelopedParts, OutOfScope, UsedAsClientByHuman bool
	Encryption                                                                              EncryptionStyle
	JustificationOutOfScope                                                                 string
	Owner                                                                                   string
	Confidentiality                                                                         Confidentiality
	Integrity, Availability                                                                 Criticality
	JustificationCiaRating                                                                  string
	Tags, DataAssetsProcessed, DataAssetsStored                                             []string
	DataFormatsAccepted                                                                     []DataFormat
	CommunicationLinks                                                                      []CommunicationLink
	DiagramTweakOrder                                                                       int
	// will be set by separate calculation step:
	RAA float64
}

func InScopeTechnicalAssets

func InScopeTechnicalAssets() []TechnicalAsset

func OutOfScopeTechnicalAssets

func OutOfScopeTechnicalAssets() []TechnicalAsset

func SortedTechnicalAssetsByRAAAndTitle

func SortedTechnicalAssetsByRAAAndTitle() []TechnicalAsset

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedTechnicalAssetsByRiskSeverityAndTitle

func SortedTechnicalAssetsByRiskSeverityAndTitle() []TechnicalAsset

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func SortedTechnicalAssetsByTitle

func SortedTechnicalAssetsByTitle() []TechnicalAsset

as in Go ranging over map is random order, range over them in sorted (hence reproducible) way:

func TechnicalAssetsTaggedWithAny

func TechnicalAssetsTaggedWithAny(tags ...string) []TechnicalAsset

func (TechnicalAsset) CommunicationLinksSorted

func (what TechnicalAsset) CommunicationLinksSorted() []CommunicationLink

func (TechnicalAsset) DataAssetsProcessedSorted

func (what TechnicalAsset) DataAssetsProcessedSorted() []DataAsset

func (TechnicalAsset) DataAssetsStoredSorted

func (what TechnicalAsset) DataAssetsStoredSorted() []DataAsset

func (TechnicalAsset) DataFormatsAcceptedSorted

func (what TechnicalAsset) DataFormatsAcceptedSorted() []DataFormat

func (TechnicalAsset) DetermineLabelColor

func (what TechnicalAsset) DetermineLabelColor() string

red when >= confidential data stored in unencrypted technical asset

func (TechnicalAsset) DetermineShapeBorderColor

func (what TechnicalAsset) DetermineShapeBorderColor() string

red when mission-critical integrity, but still unauthenticated (non-readonly) channels access it amber when critical integrity, but still unauthenticated (non-readonly) channels access it pink when model forgery attempt (i.e. nothing being processed or stored)

func (TechnicalAsset) DetermineShapeBorderLineStyle

func (what TechnicalAsset) DetermineShapeBorderLineStyle() string

dotted when model forgery attempt (i.e. nothing being processed or stored)

func (TechnicalAsset) DetermineShapeBorderPenWidth

func (what TechnicalAsset) DetermineShapeBorderPenWidth() string

func (TechnicalAsset) DetermineShapeFillColor

func (what TechnicalAsset) DetermineShapeFillColor() string

func (TechnicalAsset) DetermineShapePeripheries

func (what TechnicalAsset) DetermineShapePeripheries() int

3 when redundant

func (TechnicalAsset) DetermineShapeStyle

func (what TechnicalAsset) DetermineShapeStyle() string

func (TechnicalAsset) GeneratedRisks

func (what TechnicalAsset) GeneratedRisks() []Risk

func (TechnicalAsset) GetTrustBoundaryId

func (what TechnicalAsset) GetTrustBoundaryId() string

func (TechnicalAsset) HasDirectConnection

func (what TechnicalAsset) HasDirectConnection(otherAssetId string) bool

func (TechnicalAsset) HighestAvailability

func (what TechnicalAsset) HighestAvailability() Criticality

func (TechnicalAsset) HighestConfidentiality

func (what TechnicalAsset) HighestConfidentiality() Confidentiality

func (TechnicalAsset) HighestIntegrity

func (what TechnicalAsset) HighestIntegrity() Criticality

func (TechnicalAsset) HighestSensitivityScore

func (what TechnicalAsset) HighestSensitivityScore() float64

func (TechnicalAsset) IsSameExecutionEnvironment

func (what TechnicalAsset) IsSameExecutionEnvironment(otherAssetId string) bool

func (TechnicalAsset) IsSameTrustBoundary

func (what TechnicalAsset) IsSameTrustBoundary(otherAssetId string) bool

func (TechnicalAsset) IsSameTrustBoundaryNetworkOnly

func (what TechnicalAsset) IsSameTrustBoundaryNetworkOnly(otherAssetId string) bool

func (TechnicalAsset) IsTaggedWithAny

func (what TechnicalAsset) IsTaggedWithAny(tags ...string) bool

func (TechnicalAsset) IsTaggedWithAnyTraversingUp

func (what TechnicalAsset) IsTaggedWithAnyTraversingUp(tags ...string) bool

first use the tag(s) of the asset itself, then their trust boundaries (recursively up) and then their shared runtime

func (TechnicalAsset) IsTaggedWithBaseTag

func (what TechnicalAsset) IsTaggedWithBaseTag(basetag string) bool

func (TechnicalAsset) IsZero

func (what TechnicalAsset) IsZero() bool

func (TechnicalAsset) ProcessesOrStoresDataAsset

func (what TechnicalAsset) ProcessesOrStoresDataAsset(dataAssetId string) bool

type TechnicalAssetMachine

type TechnicalAssetMachine int
const (
	Physical TechnicalAssetMachine = iota
	Virtual
	Container
	Serverless
)

func (TechnicalAssetMachine) Explain

func (what TechnicalAssetMachine) Explain() string

func (TechnicalAssetMachine) String

func (what TechnicalAssetMachine) String() string

type TechnicalAssetSize

type TechnicalAssetSize int
const (
	System TechnicalAssetSize = iota
	Service
	Application
	Component
)

func (TechnicalAssetSize) Explain

func (what TechnicalAssetSize) Explain() string

func (TechnicalAssetSize) String

func (what TechnicalAssetSize) String() string

type TechnicalAssetTechnology

type TechnicalAssetTechnology int
const (
	UnknownTechnology TechnicalAssetTechnology = iota
	ClientSystem
	Browser
	Desktop
	MobileApp
	DevOpsClient
	WebServer
	WebApplication
	ApplicationServer
	Database
	FileServer
	LocalFileSystem
	ERP
	CMS
	WebServiceREST
	WebServiceSOAP
	EJB
	SearchIndex
	SearchEngine
	ServiceRegistry
	ReverseProxy
	LoadBalancer
	BuildPipeline
	SourcecodeRepository
	ArtifactRegistry
	CodeInspectionPlatform
	Monitoring
	LDAPServer
	ContainerPlatform
	BatchProcessing
	EventListener
	IdentityProvider
	IdentityStoreLDAP
	IdentityStoreDatabase
	Tool
	CLI
	Task
	Function
	Gateway // TODO rename to API-Gateway to be more clear?
	IoTDevice
	MessageQueue
	StreamProcessing
	ServiceMesh
	DataLake
	BigDataPlatform
	ReportEngine
	AI
	MailServer
	Vault
	HSM
	WAF
	IDS
	IPS
	Scheduler
	Mainframe
	BlockStorage
	Library
)

func (TechnicalAssetTechnology) Explain

func (what TechnicalAssetTechnology) Explain() string

func (TechnicalAssetTechnology) IsClient

func (what TechnicalAssetTechnology) IsClient() bool

func (TechnicalAssetTechnology) IsCloseToHighValueTargetsTolerated

func (what TechnicalAssetTechnology) IsCloseToHighValueTargetsTolerated() bool

func (TechnicalAssetTechnology) IsDevelopmentRelevant

func (what TechnicalAssetTechnology) IsDevelopmentRelevant() bool

func (TechnicalAssetTechnology) IsEmbeddedComponent

func (what TechnicalAssetTechnology) IsEmbeddedComponent() bool

func (TechnicalAssetTechnology) IsExclusivelyBackendRelated

func (what TechnicalAssetTechnology) IsExclusivelyBackendRelated() bool

func (TechnicalAssetTechnology) IsExclusivelyFrontendRelated

func (what TechnicalAssetTechnology) IsExclusivelyFrontendRelated() bool

func (TechnicalAssetTechnology) IsIdentityRelated

func (what TechnicalAssetTechnology) IsIdentityRelated() bool

func (TechnicalAssetTechnology) IsLessProtectedType

func (what TechnicalAssetTechnology) IsLessProtectedType() bool

func (TechnicalAssetTechnology) IsSecurityControlRelated

func (what TechnicalAssetTechnology) IsSecurityControlRelated() bool

func (TechnicalAssetTechnology) IsTrafficForwarding

func (what TechnicalAssetTechnology) IsTrafficForwarding() bool

func (TechnicalAssetTechnology) IsUnnecessaryDataTolerated

func (what TechnicalAssetTechnology) IsUnnecessaryDataTolerated() bool

func (TechnicalAssetTechnology) IsUnprotectedCommsTolerated

func (what TechnicalAssetTechnology) IsUnprotectedCommsTolerated() bool

func (TechnicalAssetTechnology) IsUsuallyAbleToPropagateIdentityToOutgoingTargets

func (what TechnicalAssetTechnology) IsUsuallyAbleToPropagateIdentityToOutgoingTargets() bool

func (TechnicalAssetTechnology) IsUsuallyProcessingEnduserRequests

func (what TechnicalAssetTechnology) IsUsuallyProcessingEnduserRequests() bool

func (TechnicalAssetTechnology) IsUsuallyStoringEnduserData

func (what TechnicalAssetTechnology) IsUsuallyStoringEnduserData() bool

func (TechnicalAssetTechnology) IsWebApplication

func (what TechnicalAssetTechnology) IsWebApplication() bool

func (TechnicalAssetTechnology) IsWebService

func (what TechnicalAssetTechnology) IsWebService() bool

func (TechnicalAssetTechnology) String

func (what TechnicalAssetTechnology) String() string

type TechnicalAssetType

type TechnicalAssetType int
const (
	ExternalEntity TechnicalAssetType = iota
	Process
	Datastore
)

func (TechnicalAssetType) Explain

func (what TechnicalAssetType) Explain() string

func (TechnicalAssetType) String

func (what TechnicalAssetType) String() string

type TrustBoundary

type TrustBoundary struct {
	Id, Title, Description string
	Type                   TrustBoundaryType
	Tags                   []string
	TechnicalAssetsInside  []string
	TrustBoundariesNested  []string
}

func SortedTrustBoundariesByTitle

func SortedTrustBoundariesByTitle() []TrustBoundary

func TrustBoundariesTaggedWithAny

func TrustBoundariesTaggedWithAny(tags ...string) []TrustBoundary

func (TrustBoundary) AllParentTrustBoundaryIDs

func (what TrustBoundary) AllParentTrustBoundaryIDs() []string

func (TrustBoundary) HighestAvailability

func (what TrustBoundary) HighestAvailability() Criticality

func (TrustBoundary) HighestConfidentiality

func (what TrustBoundary) HighestConfidentiality() Confidentiality

func (TrustBoundary) HighestIntegrity

func (what TrustBoundary) HighestIntegrity() Criticality

func (TrustBoundary) IsTaggedWithAny

func (what TrustBoundary) IsTaggedWithAny(tags ...string) bool

func (TrustBoundary) IsTaggedWithAnyTraversingUp

func (what TrustBoundary) IsTaggedWithAnyTraversingUp(tags ...string) bool

func (TrustBoundary) IsTaggedWithBaseTag

func (what TrustBoundary) IsTaggedWithBaseTag(basetag string) bool

func (TrustBoundary) ParentTrustBoundaryID

func (what TrustBoundary) ParentTrustBoundaryID() string

func (TrustBoundary) RecursivelyAllTechnicalAssetIDsInside

func (what TrustBoundary) RecursivelyAllTechnicalAssetIDsInside() []string

type TrustBoundaryType

type TrustBoundaryType int
const (
	NetworkOnPrem TrustBoundaryType = iota
	NetworkDedicatedHoster
	NetworkVirtualLAN
	NetworkCloudProvider
	NetworkCloudSecurityGroup
	NetworkPolicyNamespaceIsolation
	ExecutionEnvironment
)

func (TrustBoundaryType) Explain

func (what TrustBoundaryType) Explain() string

func (TrustBoundaryType) IsNetworkBoundary

func (what TrustBoundaryType) IsNetworkBoundary() bool

func (TrustBoundaryType) IsWithinCloud

func (what TrustBoundaryType) IsWithinCloud() bool

func (TrustBoundaryType) String

func (what TrustBoundaryType) String() string

type TypeDescription

type TypeDescription struct {
	Name        string
	Description string
}

TypeDescription contains a name for a type and its description

type TypeEnum

type TypeEnum interface {
	String() string
	Explain() string
}

func AuthenticationValues

func AuthenticationValues() []TypeEnum

func AuthorizationValues

func AuthorizationValues() []TypeEnum

func ConfidentialityValues

func ConfidentialityValues() []TypeEnum

func CriticalityValues

func CriticalityValues() []TypeEnum

func DataBreachProbabilityValues

func DataBreachProbabilityValues() []TypeEnum

func DataFormatValues

func DataFormatValues() []TypeEnum

func EncryptionStyleValues

func EncryptionStyleValues() []TypeEnum

func ProtocolValues

func ProtocolValues() []TypeEnum

func QuantityValues

func QuantityValues() []TypeEnum

func RiskExploitationImpactValues

func RiskExploitationImpactValues() []TypeEnum

func RiskExploitationLikelihoodValues

func RiskExploitationLikelihoodValues() []TypeEnum

func RiskFunctionValues

func RiskFunctionValues() []TypeEnum

func RiskSeverityValues

func RiskSeverityValues() []TypeEnum

func RiskStatusValues

func RiskStatusValues() []TypeEnum

func STRIDEValues

func STRIDEValues() []TypeEnum

func TechnicalAssetMachineValues

func TechnicalAssetMachineValues() []TypeEnum

func TechnicalAssetSizeValues

func TechnicalAssetSizeValues() []TypeEnum

func TechnicalAssetTechnologyValues

func TechnicalAssetTechnologyValues() []TypeEnum

func TechnicalAssetTypeValues

func TechnicalAssetTypeValues() []TypeEnum

func TrustBoundaryTypeValues

func TrustBoundaryTypeValues() []TypeEnum

func UsageValues

func UsageValues() []TypeEnum

type Usage

type Usage int
const (
	Business Usage = iota
	DevOps
)

func ParseUsage

func ParseUsage(value string) (usage Usage, err error)

func (Usage) Explain

func (what Usage) Explain() string

func (Usage) String

func (what Usage) String() string

func (Usage) Title

func (what Usage) Title() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL