Package pytm
-Expand source code -
-__all__ = [
- "Action",
- "Actor",
- "Assumption",
- "Boundary",
- "Classification",
- "TLSVersion",
- "Data",
- "Dataflow",
- "Datastore",
- "DatastoreType",
- "Element",
- "ExternalEntity",
- "Finding",
- "Lambda",
- "Lifetime",
- "load",
- "loads",
- "Process",
- "Server",
- "SetOfProcesses",
- "Threat",
- "TM",
-]
-
-import sys
-
-from .json import load, loads
-from .pytm import (
- TM,
- Action,
- Actor,
- Assumption,
- Boundary,
- Classification,
- Data,
- Dataflow,
- Datastore,
- DatastoreType,
- Element,
- ExternalEntity,
- Finding,
- Lambda,
- Lifetime,
- Process,
- Server,
- SetOfProcesses,
- Threat,
- TLSVersion,
- var,
-)
-
-
-def pdoc_overrides():
- result = {"pytm": False, "json": False, "template_engine": False}
- mod = sys.modules[__name__]
- for name, klass in mod.__dict__.items():
- if not isinstance(klass, type):
- continue
- for i in dir(klass):
- if i in ("check", "dfd", "seq"):
- result[f"{name}.{i}"] = False
- attr = getattr(klass, i, {})
- if isinstance(attr, var) and attr.doc != "":
- result[f"{name}.{i}"] = attr.doc
- return result
-
-
-__pdoc__ = pdoc_overrides()Sub-modules
-
+
pytm.flows
+- + +
pytm.report_util-
@@ -115,7 +59,6 @@
Functions
def load(fp)- -
Load a TM object from an open file containing JSON.
+Expand source code @@ -127,12 +70,12 @@
Functions
raise ValueError("Failed to decode JSON input as TM") return resultLoad a TM object from an open file containing JSON.
- -
def loads(s)-
-
Load a TM object from a JSON string s.
+Expand source code @@ -144,6 +87,7 @@
Functions
raise ValueError("Failed to decode JSON input as TM") return resultLoad a TM object from a JSON string s.
Classes
class Action -(value, names=None, *, module=None, qualname=None, type=None, start=1) +(*args, **kwds)-
-
Action taken when validating a threat model.
+Expand source code @@ -167,6 +110,7 @@
Classes
RESTRICT = "RESTRICT" IGNORE = "IGNORE"Action taken when validating a threat model.
Ancestors
- enum.Enum @@ -175,15 +119,15 @@
var IGNORE-
-
+
The type of the None singleton.
var NO_ACTION-
-
+
The type of the None singleton.
var RESTRICT-
-
+
The type of the None singleton.
Class variables
@@ -192,7 +136,6 @@ -
-
An entity usually initiating actions
+Expand source code @@ -211,6 +154,7 @@
Class variables
super().__init__(name, **kwargs) TM._actors.append(self)An entity usually initiating actions
Ancestors
- pytm.pytm.Element @@ -219,7 +163,6 @@
var data-
-
pytm.Data object(s) in outgoing data flows
+Expand source code @@ -232,10 +175,10 @@
Instance variables
return self return self.data.get(instance, self.default)pytm.Data object(s) in outgoing data flows
var inputs-
-
incoming Dataflows
+Expand source code @@ -248,10 +191,10 @@
Instance variables
return self return self.data.get(instance, self.default)incoming Dataflows
var isAdmin-
-
+
Expand source code @@ -264,10 +207,10 @@
Instance variables
return self return self.data.get(instance, self.default) var outputs-
-
outgoing Dataflows
+Expand source code @@ -280,10 +223,10 @@
Instance variables
return self return self.data.get(instance, self.default)outgoing Dataflows
var port-
-
Default TCP port for outgoing data flows
+Expand source code @@ -296,10 +239,10 @@
Instance variables
return self return self.data.get(instance, self.default)Default TCP port for outgoing data flows
var protocol-
-
Default network protocol for outgoing data flows
+Expand source code @@ -312,6 +255,7 @@
Instance variables
return self return self.data.get(instance, self.default)Default network protocol for outgoing data flows
Instance variables
@@ -320,8 +264,6 @@ -
-
Assumption used by an Element. -Used to exclude threats on a per-element basis.
+Expand source code @@ -338,13 +280,17 @@
Instance variables
def __init__(self, name, **kwargs): for key, value in kwargs.items(): setattr(self, key, value) - self.name = name + self.name = name + + def __str__(self): + return self.nameAssumption used by an Element. +Used to exclude threats on a per-element basis.
Instance variables
var description-
-
An additional description of the assumption
+Expand source code @@ -357,10 +303,10 @@
Instance variables
return self return self.data.get(instance, self.default)An additional description of the assumption
var exclude-
-
A list of threat SIDs to exclude for this assumption. For example: INP01
+Expand source code @@ -373,10 +319,10 @@
Instance variables
return self return self.data.get(instance, self.default)A list of threat SIDs to exclude for this assumption. For example: INP01
var name-
-
+
Expand source code @@ -389,6 +335,7 @@
Instance variables
return self return self.data.get(instance, self.default)
@@ -397,7 +344,6 @@ -
-
Trust boundary groups elements and data with the same trust level.
+Expand source code @@ -458,6 +404,7 @@
Instance variables
parent = parent.inBoundary return resultTrust boundary groups elements and data with the same trust level.
Ancestors
- pytm.pytm.Element @@ -468,7 +415,6 @@
-
-
+
Expand source code @@ -481,15 +427,15 @@
Methods
parent = parent.inBoundary return result
Methods
def parents(self)
Class variables
(name, **kwargs)Instance variables
(name, **kwargs)Instance variables
(name, **kwargs)
class Classification
-(value, names=None, *, module=None, qualname=None, type=None, start=1)
+(*args, **kwds)
An enumeration.
Expand source code
@@ -502,6 +448,56 @@ Methods
SECRET = 4
TOP_SECRET = 5
Create a collection of name/value pairs.
+Example enumeration:
+>>> class Color(Enum):
+... RED = 1
+... BLUE = 2
+... GREEN = 3
+Access them by:
+-
+
- attribute access: +
++++++Color.RED +
+
-
+
- value lookup: +
++++++Color(1) +
+
-
+
- name lookup: +
++++++Color['RED'] +
+
Enumerations can be iterated over, and know how many members they have:
+>>> len(Color)
+3
+>>> list(Color)
+[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]
+Methods can be added to enumerations, and members can have their own +attributes – see the documentation for details.
Ancestors
- pytm.pytm.OrderedEnum @@ -511,27 +507,27 @@
var PUBLIC-
-
+
The type of the None singleton.
var RESTRICTED-
-
+
The type of the None singleton.
var SECRET-
-
+
The type of the None singleton.
var SENSITIVE-
-
+
The type of the None singleton.
var TOP_SECRET-
-
+
The type of the None singleton.
var UNKNOWN-
-
+
The type of the None singleton.
Class variables
Class variables
(name, **kwargs)Represents a single piece of data that traverses the system
Expand source code
@@ -611,11 +606,11 @@ Class variables
except ValueError:
pass
Represents a single piece of data that traverses the system
Instance variables
var carriedBy-
-
Dataflows that carries this piece of data
+Expand source code @@ -628,10 +623,10 @@
Instance variables
return self return self.data.get(instance, self.default)Dataflows that carries this piece of data
var classification-
-
Level of classification for this piece of data
+Expand source code @@ -644,19 +639,10 @@
Instance variables
return self return self.data.get(instance, self.default)Level of classification for this piece of data
var credentialsLife-
-
Credentials lifetime, describing if and how -credentials can be revoked. One of: -* NONE - not applicable -* UNKNOWN - unknown lifetime -* SHORT - relatively short expiration date, with an allowed maximum -* LONG - long or no expiration date -* AUTO - no expiration date but can be revoked/invalidated automatically -in some conditions -* MANUAL - no expiration date but can be revoked/invalidated manually -* HARDCODED - cannot be invalidated at all
+Expand source code @@ -669,10 +655,19 @@
Instance variables
return self return self.data.get(instance, self.default)Credentials lifetime, describing if and how +credentials can be revoked. One of: +* NONE - not applicable +* UNKNOWN - unknown lifetime +* SHORT - relatively short expiration date, with an allowed maximum +* LONG - long or no expiration date +* AUTO - no expiration date but can be revoked/invalidated automatically +in some conditions +* MANUAL - no expiration date but can be revoked/invalidated manually +* HARDCODED - cannot be invalidated at all
var description-
-
+
Expand source code @@ -685,10 +680,10 @@
Instance variables
return self return self.data.get(instance, self.default) var format-
-
+
Expand source code @@ -701,13 +696,10 @@
Instance variables
return self return self.data.get(instance, self.default) var isCredentials-
-
Does the data contain authentication information, -like passwords or cryptographic keys, with or without expiration date. -Should always be encrypted in transmission. If stored, they should be hashed -using a cryptographic hash function.
+Expand source code @@ -720,10 +712,13 @@
Instance variables
return self return self.data.get(instance, self.default)Does the data contain authentication information, +like passwords or cryptographic keys, with or without expiration date. +Should always be encrypted in transmission. If stored, they should be hashed +using a cryptographic hash function.
var isDestEncryptedAtRest-
-
Is data encrypted at rest at dest
+Expand source code @@ -736,11 +731,10 @@
Instance variables
return self return self.data.get(instance, self.default)Is data encrypted at rest at dest
var isPII-
-
Does the data contain personally identifyable information. -Should always be encrypted both in transmission and at rest.
+Expand source code @@ -753,10 +747,11 @@
Instance variables
return self return self.data.get(instance, self.default)Does the data contain personally identifyable information. +Should always be encrypted both in transmission and at rest.
var isSourceEncryptedAtRest-
-
Is data encrypted at rest at source
+Expand source code @@ -769,11 +764,10 @@
Instance variables
return self return self.data.get(instance, self.default)Is data encrypted at rest at source
var isStored-
-
Is the data going to be stored by the target or only processed. -If only derivative data is stored (a hash) it can be set to False.
+Expand source code @@ -786,10 +780,11 @@
Instance variables
return self return self.data.get(instance, self.default)Is the data going to be stored by the target or only processed. +If only derivative data is stored (a hash) it can be set to False.
var name-
-
+
Expand source code @@ -802,10 +797,10 @@
Instance variables
return self return self.data.get(instance, self.default) var processedBy-
-
Elements that store/process this piece of data
+Expand source code @@ -818,6 +813,7 @@
Instance variables
return self return self.data.get(instance, self.default)Elements that store/process this piece of data
Instance variables
(source, sink, name, **kwargs)A data flow from a source to a sink
Expand source code
@@ -913,6 +908,7 @@ Instance variables
for d in self.data
)
A data flow from a source to a sink
Ancestors
- pytm.pytm.Element @@ -921,14 +917,13 @@
var severity-
-
+
The type of the None singleton.
var data-
-
pytm.Data object(s) in incoming data flows
+Expand source code @@ -941,10 +936,10 @@
Instance variables
return self return self.data.get(instance, self.default)pytm.Data object(s) in incoming data flows
var dstPort-
-
Destination TCP port
+Expand source code @@ -957,10 +952,10 @@
Instance variables
return self return self.data.get(instance, self.default)Destination TCP port
var implementsCommunicationProtocol-
-
+
Expand source code @@ -973,10 +968,10 @@
Instance variables
return self return self.data.get(instance, self.default) var isResponse-
-
Is a response to another data flow
+Expand source code @@ -989,10 +984,10 @@
Instance variables
return self return self.data.get(instance, self.default)Is a response to another data flow
var note-
-
+
Expand source code @@ -1005,10 +1000,10 @@
Instance variables
return self return self.data.get(instance, self.default) var order-
-
Number of this data flow in the threat model
+Expand source code @@ -1021,10 +1016,10 @@
Instance variables
return self return self.data.get(instance, self.default)Number of this data flow in the threat model
var protocol-
-
Protocol used in this data flow
+Expand source code @@ -1037,10 +1032,10 @@
Instance variables
return self return self.data.get(instance, self.default)Protocol used in this data flow
var response-
-
Another data flow that is a response to this one
+Expand source code @@ -1053,10 +1048,10 @@
Instance variables
return self return self.data.get(instance, self.default)Another data flow that is a response to this one
var responseTo-
-
Is a response to this data flow
+Expand source code @@ -1069,10 +1064,10 @@
Instance variables
return self return self.data.get(instance, self.default)Is a response to this data flow
var sink-
-
+
Expand source code @@ -1085,10 +1080,10 @@
Instance variables
return self return self.data.get(instance, self.default) var source-
-
+
Expand source code @@ -1101,10 +1096,10 @@
Instance variables
return self return self.data.get(instance, self.default) var srcPort-
-
Source TCP port
+Expand source code @@ -1117,10 +1112,10 @@
Instance variables
return self return self.data.get(instance, self.default)Source TCP port
var tlsVersion-
-
TLS version used.
+Expand source code @@ -1133,10 +1128,10 @@
Instance variables
return self return self.data.get(instance, self.default)TLS version used.
var usesSessionTokens-
-
+
Expand source code @@ -1149,10 +1144,10 @@
Instance variables
return self return self.data.get(instance, self.default) var usesVPN-
-
+
Expand source code @@ -1165,6 +1160,7 @@
Instance variables
return self return self.data.get(instance, self.default) -
-
+
Expand source code @@ -1183,12 +1178,12 @@
Methods
return self.name return "({}) {}".format(self.order, self.name) def hasDataLeaks(self)-
-
+
Expand source code @@ -1201,6 +1196,7 @@
Methods
for d in self.data )
Class variables
Instance variables
Methods
@@ -1173,7 +1169,6 @@Methods
def display_name(self)Methods
(name, **kwargs)An entity storing data
Expand source code
@@ -1281,6 +1276,7 @@ Methods
),
)
An entity storing data
Ancestors
- pytm.pytm.Asset @@ -1290,7 +1286,6 @@
var hasWriteAccess-
-
+
Expand source code @@ -1303,10 +1298,10 @@
Instance variables
return self return self.data.get(instance, self.default) var isSQL-
-
+
Expand source code @@ -1319,10 +1314,10 @@
Instance variables
return self return self.data.get(instance, self.default) -
-
+
Expand source code @@ -1335,10 +1330,10 @@
Instance variables
return self return self.data.get(instance, self.default) var onRDS-
-
+
Expand source code @@ -1351,10 +1346,10 @@
Instance variables
return self return self.data.get(instance, self.default) var storesLogData-
-
+
Expand source code @@ -1367,11 +1362,10 @@
Instance variables
return self return self.data.get(instance, self.default) var storesPII-
-
Personally Identifiable Information -is any information relating to an identifiable person.
+Expand source code @@ -1384,10 +1378,11 @@
Instance variables
return self return self.data.get(instance, self.default)Personally Identifiable Information +is any information relating to an identifiable person.
var storesSensitiveData-
-
+
Expand source code @@ -1400,16 +1395,10 @@
Instance variables
return self return self.data.get(instance, self.default) var type-
-
The -type of Datastore, values may be one of: -* UNKNOWN - unknown applicable -* FILE_SYSTEM - files on a file system -* SQL - A SQL Database -* LDAP - An LDAP Server -* AWS_S3 - An S3 Bucket within AWS
+Expand source code @@ -1422,15 +1411,21 @@
Instance variables
return self return self.data.get(instance, self.default)The +type of Datastore, values may be one of: +* UNKNOWN - unknown applicable +* FILE_SYSTEM - files on a file system +* SQL - A SQL Database +* LDAP - An LDAP Server +* AWS_S3 - An S3 Bucket within AWS
Instance variables
class DatastoreType
-(value, names=None, *, module=None, qualname=None, type=None, start=1)
+(*args, **kwds)
An enumeration.
Expand source code
@@ -1445,6 +1440,56 @@ Instance variables
def label(self):
return self.value.lower().replace("_", " ")
Create a collection of name/value pairs.
+Example enumeration:
+>>> class Color(Enum):
+... RED = 1
+... BLUE = 2
+... GREEN = 3
+Access them by:
+-
+
- attribute access: +
++++++Color.RED +
+
-
+
- value lookup: +
++++++Color(1) +
+
-
+
- name lookup: +
++++++Color['RED'] +
+
Enumerations can be iterated over, and know how many members they have:
+>>> len(Color)
+3
+>>> list(Color)
+[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]
+Methods can be added to enumerations, and members can have their own +attributes – see the documentation for details.
Ancestors
- enum.Enum @@ -1453,23 +1498,23 @@
var AWS_S3-
-
+
The type of the None singleton.
var FILE_SYSTEM-
-
+
The type of the None singleton.
var LDAP-
-
+
The type of the None singleton.
var SQL-
-
+
The type of the None singleton.
var UNKNOWN-
-
+
The type of the None singleton.
-
-
+
Expand source code @@ -1486,6 +1530,7 @@
Methods
def label(self): return self.value.lower().replace("_", " ")
Class variables
Methods
@@ -1478,7 +1523,6 @@Methods
def label(self)Methods
(name, **kwargs)A generic element
Expand source code
@@ -1696,6 +1740,7 @@ Methods
self.severity = sevs[sev.lower()]
return
A generic element
Subclasses
- pytm.pytm.Actor @@ -1707,14 +1752,13 @@
var severity-
-
+
The type of the None singleton.
var assumptions-
-
Assumptions about the element. These optionally allow to exclude threats with the given SIDs.
+Expand source code @@ -1727,10 +1771,10 @@
Instance variables
return self return self.data.get(instance, self.default)Assumptions about the element. These optionally allow to exclude threats with the given SIDs.
var controls-
-
+
Expand source code @@ -1743,10 +1787,10 @@
Instance variables
return self return self.data.get(instance, self.default) var description-
-
+
Expand source code @@ -1759,10 +1803,10 @@
Instance variables
return self return self.data.get(instance, self.default) var findings-
-
Threats that apply to this element
+Expand source code @@ -1775,10 +1819,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threats that apply to this element
var inBoundary-
-
Trust boundary this element exists in
+Expand source code @@ -1791,10 +1835,10 @@
Instance variables
return self return self.data.get(instance, self.default)Trust boundary this element exists in
var inScope-
-
Is the element in scope of the threat model
+Expand source code @@ -1807,10 +1851,10 @@
Instance variables
return self return self.data.get(instance, self.default)Is the element in scope of the threat model
var levels-
-
List of levels (0, 1, 2, …) to be drawn in the model.
+Expand source code @@ -1823,10 +1867,10 @@
Instance variables
return self return self.data.get(instance, self.default)List of levels (0, 1, 2, …) to be drawn in the model.
var maxClassification-
-
Maximum data classification this element can handle.
+Expand source code @@ -1839,10 +1883,10 @@
Instance variables
return self return self.data.get(instance, self.default)Maximum data classification this element can handle.
var minTLSVersion-
-
Minimum TLS version required.
+Expand source code @@ -1855,10 +1899,10 @@
Instance variables
return self return self.data.get(instance, self.default)Minimum TLS version required.
var name-
-
+
Expand source code @@ -1871,11 +1915,10 @@
Instance variables
return self return self.data.get(instance, self.default) var overrides-
-
Overrides to findings, allowing to set -a custom response, CVSS score or override other attributes.
+Expand source code @@ -1888,10 +1931,11 @@
Instance variables
return self return self.data.get(instance, self.default)Overrides to findings, allowing to set +a custom response, CVSS score or override other attributes.
var sourceFiles-
-
Location of the source code that describes this element relative to the directory of the model script.
+Expand source code @@ -1904,6 +1948,7 @@
Instance variables
return self return self.data.get(instance, self.default)Location of the source code that describes this element relative to the directory of the model script.
-
-
+
Expand source code @@ -1920,12 +1964,12 @@
Methods
def checkTLSVersion(self, flows): return any(f.tlsVersion < self.minTLSVersion for f in flows) def crosses(self, *boundaries)-
-
Does self (dataflow) cross any of the list of boundaries
+Expand source code @@ -1954,12 +1998,12 @@
Methods
return True return FalseDoes self (dataflow) cross any of the list of boundaries
def display_name(self)-
-
+
Expand source code @@ -1967,12 +2011,12 @@
Methods
def display_name(self): return self.name def enters(self, *boundaries)-
-
does self (dataflow) enter into one of the list of boundaries
+Expand source code @@ -1981,12 +2025,12 @@
Methods
"""does self (dataflow) enter into one of the list of boundaries""" return self.source.inBoundary is None and self.sink.inside(*boundaries)does self (dataflow) enter into one of the list of boundaries
def exits(self, *boundaries)-
-
does self (dataflow) exit one of the list of boundaries
+Expand source code @@ -1995,12 +2039,12 @@
Methods
"""does self (dataflow) exit one of the list of boundaries""" return self.source.inside(*boundaries) and self.sink.inBoundary is Nonedoes self (dataflow) exit one of the list of boundaries
def inside(self, *boundaries)-
-
is self inside of one of the list of boundaries
+Expand source code @@ -2015,12 +2059,12 @@
Methods
return True return Falseis self inside of one of the list of boundaries
def oneOf(self, *elements)-
-
Is self one of a list of Elements
+Expand source code @@ -2035,6 +2079,7 @@
Methods
return True return FalseIs self one of a list of Elements
Class variables
Instance variables
Methods
@@ -1912,7 +1957,6 @@Methods
def checkTLSVersion(self, flows)Methods
(name, **kwargs)An asset with outgoing or incoming dataflows
Expand source code
@@ -2054,6 +2098,7 @@ Methods
def __init__(self, name, **kwargs):
super().__init__(name, **kwargs)
An asset with outgoing or incoming dataflows
Ancestors
- pytm.pytm.Asset @@ -2063,7 +2108,6 @@
var hasPhysicalAccess-
-
+
Expand source code @@ -2076,6 +2120,7 @@
Instance variables
return self return self.data.get(instance, self.default)
Instance variables
Instance variables
(*args, **kwargs)Represents a Finding - the element in question -and a description of the finding
Expand source code
@@ -2181,11 +2224,12 @@ Instance variables
def __str__(self):
return f"'{self.target}': {self.description}\n{self.details}\n{self.severity}"
Represents a Finding - the element in question +and a description of the finding
Instance variables
var assumption-
-
The assumption, that caused this finding to be excluded
+Expand source code @@ -2198,10 +2242,10 @@
Instance variables
return self return self.data.get(instance, self.default)The assumption, that caused this finding to be excluded
var condition-
-
Threat condition
+Expand source code @@ -2214,10 +2258,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat condition
var cvss-
-
The CVSS score and/or vector
+Expand source code @@ -2230,10 +2274,10 @@
Instance variables
return self return self.data.get(instance, self.default)The CVSS score and/or vector
var description-
-
Threat description
+Expand source code @@ -2246,10 +2290,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat description
var details-
-
Threat details
+Expand source code @@ -2262,10 +2306,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat details
var element-
-
Element this finding applies to
+Expand source code @@ -2278,10 +2322,10 @@
Instance variables
return self return self.data.get(instance, self.default)Element this finding applies to
var example-
-
Threat example
+Expand source code @@ -2294,10 +2338,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat example
var id-
-
Finding ID
+Expand source code @@ -2310,10 +2354,10 @@
Instance variables
return self return self.data.get(instance, self.default)Finding ID
var mitigations-
-
Threat mitigations
+Expand source code @@ -2326,10 +2370,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat mitigations
var references-
-
Threat references
+Expand source code @@ -2342,15 +2386,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat references
var response-
-
Describes how this threat matching this particular asset or dataflow is being handled. -Can be one of: -* mitigated - there were changes made in the modeled system to reduce the probability of this threat occurring or the impact when it does, -* transferred - users of the system are required to mitigate this threat, -* avoided - this asset or dataflow is removed from the system, -* accepted - no action is taken as the probability and/or impact is very low
+Expand source code @@ -2363,10 +2402,15 @@
Instance variables
return self return self.data.get(instance, self.default)Describes how this threat matching this particular asset or dataflow is being handled. +Can be one of: +* mitigated - there were changes made in the modeled system to reduce the probability of this threat occurring or the impact when it does, +* transferred - users of the system are required to mitigate this threat, +* avoided - this asset or dataflow is removed from the system, +* accepted - no action is taken as the probability and/or impact is very low
var severity-
-
Threat severity
+Expand source code @@ -2379,10 +2423,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threat severity
var target-
-
Name of the element this finding applies to
+Expand source code @@ -2395,10 +2439,10 @@
Instance variables
return self return self.data.get(instance, self.default)Name of the element this finding applies to
var threat_id-
-
Threat ID
+Expand source code @@ -2411,6 +2455,7 @@
Instance variables
return self return self.data.get(instance, self.default)Threat ID
Instance variables
(name, **kwargs)A lambda function running in a Function-as-a-Service (FaaS) environment
Expand source code
@@ -2470,6 +2514,7 @@ Instance variables
def _shape(self):
return "rectangle; style=rounded"
A lambda function running in a Function-as-a-Service (FaaS) environment
Ancestors
- pytm.pytm.Asset @@ -2479,7 +2524,6 @@
var environment-
-
+
Expand source code @@ -2492,10 +2536,10 @@
Instance variables
return self return self.data.get(instance, self.default) var implementsAPI-
-
+
Expand source code @@ -2508,10 +2552,10 @@
Instance variables
return self return self.data.get(instance, self.default) var onAWS-
-
+
Expand source code @@ -2524,15 +2568,15 @@
Instance variables
return self return self.data.get(instance, self.default)
Instance variables
class Lifetime
-(value, names=None, *, module=None, qualname=None, type=None, start=1)
+(*args, **kwds)
An enumeration.
Expand source code
@@ -2556,6 +2600,56 @@ Instance variables
def label(self):
return self.value.lower().replace("_", " ")
Create a collection of name/value pairs.
+Example enumeration:
+>>> class Color(Enum):
+... RED = 1
+... BLUE = 2
+... GREEN = 3
+Access them by:
+-
+
- attribute access: +
++++++Color.RED +
+
-
+
- value lookup: +
++++++Color(1) +
+
-
+
- name lookup: +
++++++Color['RED'] +
+
Enumerations can be iterated over, and know how many members they have:
+>>> len(Color)
+3
+>>> list(Color)
+[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]
+Methods can be added to enumerations, and members can have their own +attributes – see the documentation for details.
Ancestors
- enum.Enum @@ -2564,31 +2658,31 @@
var AUTO-
-
+
The type of the None singleton.
var HARDCODED-
-
+
The type of the None singleton.
var LONG-
-
+
The type of the None singleton.
var MANUAL-
-
+
The type of the None singleton.
var NONE-
-
+
The type of the None singleton.
var SHORT-
-
+
The type of the None singleton.
var UNKNOWN-
-
+
The type of the None singleton.
-
-
+
Expand source code @@ -2605,6 +2698,7 @@
Methods
def label(self): return self.value.lower().replace("_", " ")
Class variables
Methods
@@ -2597,7 +2691,6 @@Methods
def label(self)Methods
(name, **kwargs)An entity processing data
Expand source code
@@ -2634,6 +2727,7 @@ Methods
def _shape(self):
return "circle"
An entity processing data
Ancestors
- pytm.pytm.Asset @@ -2647,7 +2741,6 @@
var allowsClientSideScripting-
-
+
Expand source code @@ -2660,10 +2753,10 @@
Instance variables
return self return self.data.get(instance, self.default) var codeType-
-
+
Expand source code @@ -2676,10 +2769,10 @@
Instance variables
return self return self.data.get(instance, self.default) var environment-
-
+
Expand source code @@ -2692,10 +2785,10 @@
Instance variables
return self return self.data.get(instance, self.default) var implementsAPI-
-
+
Expand source code @@ -2708,10 +2801,10 @@
Instance variables
return self return self.data.get(instance, self.default) var implementsCommunicationProtocol-
-
+
Expand source code @@ -2724,10 +2817,10 @@
Instance variables
return self return self.data.get(instance, self.default) var tracksExecutionFlow-
-
+
Expand source code @@ -2740,6 +2833,7 @@
Instance variables
return self return self.data.get(instance, self.default)
Instance variables
Instance variables
(name, **kwargs)An entity processing data
Expand source code
@@ -2767,6 +2860,7 @@ Instance variables
def _shape(self):
return "circle"
An entity processing data
Ancestors
- pytm.pytm.Asset @@ -2776,7 +2870,6 @@
var usesCache-
-
+
Expand source code @@ -2789,10 +2882,10 @@
Instance variables
return self return self.data.get(instance, self.default) var usesSessionTokens-
-
+
Expand source code @@ -2805,10 +2898,10 @@
Instance variables
return self return self.data.get(instance, self.default) var usesVPN-
-
+
Expand source code @@ -2821,10 +2914,10 @@
Instance variables
return self return self.data.get(instance, self.default) var usesXMLParser-
-
+
Expand source code @@ -2837,6 +2930,7 @@
Instance variables
return self return self.data.get(instance, self.default)
Instance variables
Instance variables
(name, **kwargs)An entity processing data
Expand source code
@@ -2857,6 +2950,7 @@ Instance variables
def _shape(self):
return "doublecircle"
An entity processing data
Ancestors
- pytm.pytm.Process @@ -2866,10 +2960,9 @@
Ancestors
class TLSVersion
-(value, names=None, *, module=None, qualname=None, type=None, start=1)
+(*args, **kwds)
An enumeration.
Expand source code
@@ -2884,6 +2977,56 @@ Ancestors
TLSv12 = 6
TLSv13 = 7
Create a collection of name/value pairs.
+Example enumeration:
+>>> class Color(Enum):
+... RED = 1
+... BLUE = 2
+... GREEN = 3
+Access them by:
+-
+
- attribute access: +
++++++Color.RED +
+
-
+
- value lookup: +
++++++Color(1) +
+
-
+
- name lookup: +
++++++Color['RED'] +
+
Enumerations can be iterated over, and know how many members they have:
+>>> len(Color)
+3
+>>> list(Color)
+[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]
+Methods can be added to enumerations, and members can have their own +attributes – see the documentation for details.
Ancestors
- pytm.pytm.OrderedEnum @@ -2893,35 +3036,35 @@
var NONE-
-
+
The type of the None singleton.
var SSLv1-
-
+
The type of the None singleton.
var SSLv2-
-
+
The type of the None singleton.
var SSLv3-
-
+
The type of the None singleton.
var TLSv10-
-
+
The type of the None singleton.
var TLSv11-
-
+
The type of the None singleton.
var TLSv12-
-
+
The type of the None singleton.
var TLSv13-
-
+
The type of the None singleton.
Class variables
Class variables
(name, **kwargs)Describes the threat model administratively, -and holds all details during a run
Expand source code
@@ -2978,7 +3119,7 @@ Class variables
doc="""How to handle duplicate Dataflow
with same properties, except name and notes""",
)
- assumptions = varStrings(
+ assumptions = varAssumptions(
[],
required=False,
doc="A list of assumptions about the design/model.",
@@ -3017,18 +3158,21 @@ Class variables
raise UIError(
e, f"while trying to open the the threat file ({self.threatsFile})."
)
-
- for i in threats_json:
- TM._threats.append(Threat(**i))
+ active_threats = (threat for threat in threats_json if "DEPRECATED" not in threat)
+ for threat in active_threats:
+ TM._threats.append(Threat(**threat))
def resolve(self):
finding_count = 0
excluded_finding_count = 0
findings = []
excluded_findings = []
+ # We just need the assumptions with SIDs to exclude
+ global_assumptions = [a for a in self.assumptions if len(a.exclude) > 0]
elements = defaultdict(list)
for e in TM._elements:
if not e.inScope:
+ e.findings = findings
continue
override_ids = set(f.threat_id for f in e.overrides)
@@ -3049,7 +3193,7 @@ Class variables
continue
_continue = False
- for assumption in e.assumptions: # type: Assumption
+ for assumption in e.assumptions + global_assumptions: # type: Assumption
if t.id in assumption.exclude:
excluded_finding_count += 1
f = Finding(e, id=str(excluded_finding_count), threat=t, assumption=assumption)
@@ -3446,6 +3590,8 @@ Class variables
db.close()
Describes the threat model administratively, +and holds all details during a run
Static methods
@@ -3453,28 +3599,12 @@Static methods
-
--
-Expand source code -
-
-@classmethod -def reset(cls): - cls._flows = [] - cls._elements = [] - cls._actors = [] - cls._assets = [] - cls._threats = [] - cls._boundaries = [] - cls._data = [] - cls._threatsExcluded = []
Instance variables
var assumptions-
-
A list of assumptions about the design/model.
+Expand source code @@ -3487,10 +3617,10 @@
Instance variables
return self return self.data.get(instance, self.default)A list of assumptions about the design/model.
var description-
-
Model description
+Expand source code @@ -3503,10 +3633,10 @@
Instance variables
return self return self.data.get(instance, self.default)Model description
var excluded_findings-
-
Threats found for elements of this model, that were excluded on a per-element basis, using the Assumptions class
+Expand source code @@ -3519,10 +3649,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threats found for elements of this model, that were excluded on a per-element basis, using the Assumptions class
var findings-
-
Threats found for elements of this model
+Expand source code @@ -3535,10 +3665,10 @@
Instance variables
return self return self.data.get(instance, self.default)Threats found for elements of this model
var ignoreUnused-
-
Ignore elements not used in any Dataflow
+Expand source code @@ -3551,10 +3681,10 @@
Instance variables
return self return self.data.get(instance, self.default)Ignore elements not used in any Dataflow
var isOrdered-
-
Automatically order all Dataflows
+Expand source code @@ -3567,10 +3697,10 @@
Instance variables
return self return self.data.get(instance, self.default)Automatically order all Dataflows
var mergeResponses-
-
Merge response edges in DFDs
+Expand source code @@ -3583,10 +3713,10 @@
Instance variables
return self return self.data.get(instance, self.default)Merge response edges in DFDs
var name-
-
Model name
+Expand source code @@ -3599,11 +3729,10 @@
Instance variables
return self return self.data.get(instance, self.default)Model name
var onDuplicates-
-
How to handle duplicate Dataflow -with same properties, except name and notes
+Expand source code @@ -3616,10 +3745,11 @@
Instance variables
return self return self.data.get(instance, self.default)How to handle duplicate Dataflow +with same properties, except name and notes
var threatsFile-
-
JSON file with custom threats
+Expand source code @@ -3632,6 +3762,7 @@
Instance variables
return self return self.data.get(instance, self.default)JSON file with custom threats
Methods
@@ -3640,7 +3771,6 @@Methods
def process(self)
Expand source code
@@ -3656,12 +3786,12 @@ Methods
sys.stderr.write(erromsg)
sys.exit(127)
def report(self, template_path)
Expand source code
@@ -3698,12 +3828,12 @@ Methods
return self._sf.format(template, **data)
def resolve(self)
Expand source code
@@ -3713,9 +3843,12 @@ Methods
excluded_finding_count = 0
findings = []
excluded_findings = []
+ # We just need the assumptions with SIDs to exclude
+ global_assumptions = [a for a in self.assumptions if len(a.exclude) > 0]
elements = defaultdict(list)
for e in TM._elements:
if not e.inScope:
+ e.findings = findings
continue
override_ids = set(f.threat_id for f in e.overrides)
@@ -3736,7 +3869,7 @@ Methods
continue
_continue = False
- for assumption in e.assumptions: # type: Assumption
+ for assumption in e.assumptions + global_assumptions: # type: Assumption
if t.id in assumption.exclude:
excluded_finding_count += 1
f = Finding(e, id=str(excluded_finding_count), threat=t, assumption=assumption)
@@ -3756,12 +3889,12 @@ Methods
for e, findings in elements.items():
e.findings = findings
def sqlDump(self, filename)
Expand source code
@@ -3825,6 +3958,7 @@ Methods
db.close()
Methods
(**kwargs)Represents a possible threat
Expand source code
@@ -3894,19 +4027,18 @@ Methods
return None
return eval(self.condition)
Represents a possible threat
Class variables
var target-
-
+
The type of the None singleton.
Instance variables
var condition-
-
a Python expression that should evaluate -to a boolean True or False
+Expand source code @@ -3919,10 +4051,11 @@
Instance variables
return self return self.data.get(instance, self.default)a Python expression that should evaluate +to a boolean True or False
var description-
-
+
Expand source code @@ -3935,10 +4068,10 @@
Instance variables
return self return self.data.get(instance, self.default) var details-
-
+
Expand source code @@ -3951,10 +4084,10 @@
Instance variables
return self return self.data.get(instance, self.default) var example-
-
+
Expand source code @@ -3967,10 +4100,10 @@
Instance variables
return self return self.data.get(instance, self.default) var id-
-
+
Expand source code @@ -3983,10 +4116,10 @@
Instance variables
return self return self.data.get(instance, self.default) var likelihood-
-
+
Expand source code @@ -3999,10 +4132,10 @@
Instance variables
return self return self.data.get(instance, self.default) var mitigations-
-
+
Expand source code @@ -4015,10 +4148,10 @@
Instance variables
return self return self.data.get(instance, self.default) var prerequisites-
-
+
Expand source code @@ -4031,10 +4164,10 @@
Instance variables
return self return self.data.get(instance, self.default) var references-
-
+
Expand source code @@ -4047,10 +4180,10 @@
Instance variables
return self return self.data.get(instance, self.default) var severity-
-
+
Expand source code @@ -4063,6 +4196,7 @@
Instance variables
return self return self.data.get(instance, self.default)