Skip to content

Commit

Permalink
Merge pull request #240 from izar/revealjs
Browse files Browse the repository at this point in the history 
Revealjs & update scorecard action version
  • Loading branch information
@colesmj
colesmj authored Apr 20, 2024
2 parents 03a4747 + 1295915 commit b0c4388
Show file tree
Hide file tree
Showing 2 changed files with 195 additions and 0 deletions.
10 changes: 10 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,16 @@ the `target.input` and `target.output` attributes. For example, to match a threa
servers with incoming traffic, use `any(target.inputs)`. A more advanced example,
matching elements connecting to SQL datastores, would be `any(f.sink.oneOf(Datastore) and f.sink.isSQL for f in target.outputs)`.

## Making slides!

Once a threat model is done and ready, the dreaded presentation stage comes in - and now pytm can help you there as well, with a template that expresses your threat model in slides, using the power of (RevealMD)[https://github.com/webpro/reveal-md]! Just use the template docs/revealjs.md and you will get some pretty slides, fully configurable, that you can present and share from your browser.



https://github.com/izar/pytm/assets/368769/30218241-c7cc-4085-91e9-bbec2843f838



## Currently supported threats

```text
Expand Down
185 changes: 185 additions & 0 deletions docs/reveal.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
# {tm.name}

---

## System Description

{tm.description}

---

## Dataflow Diagram

![](sample.png)

---

## Dataflows

----

{dataflows:repeat:

- **name** : {{item.display_name:call:}}
- **from** : {{item.source.name}}
- **to** : {{item.sink.name}}:{{item.dstPort}}
- **data** : {{item.data}}
- **protocol** : {{item.protocol}}

----
}

---

## Data Dictionary

----

{data:repeat:

- **name** : {{item.name}}
- **description** : {{item.description}}
- **classification** : {{item.classification.name}}
- **carried by** : {{item.carriedBy:repeat:{{{{item.name}}}}<br>}}
- **processed by** : {{item.processedBy:repeat:{{{{item.name}}}}<br>}}

----
}


---

## Actors

----

{actors:repeat:
- **name** : {{item.name}}
- **description** : {{item.description}}
- **is Admin** : {{item.isAdmin}}
- **# of findings** : {{item:call:getFindingCount}}

{{item.findings:not:
---
}}

{{item.findings:if:
----
**Findings**

----

{{item.findings:repeat:
<summary>{{{{item.id}}}} -- {{{{item.description}}}}</summary>

- **Targeted Element** : {{{{item.target}}}}
- **Severity** : {{{{item.severity}}}}
- **References** : {{{{item.references}}}}

----

}}
}}
}

## Trust Boundaries

----

{boundaries:repeat:
- **name** : {{item.name}}
- **description** : {{item.description}}
- **in scope** : {{item.inScope}}
- **immediate parent** : {{item.parents:if:{{item:call:getParentName}}}}{{item.parents:not:N/A, primary boundary}}
- **all parents** : {{item.parents:call:{{{{item.display_name:call:}}}}, }}
- **classification** : {{item.maxClassification}}
- **finding count** : {{item:call:getFindingCount}}

{{item.findings:not:
---
}}

{{item.findings:if:
----
**Findings**

----

{{item.findings:repeat:
<summary>{{{{item.id}}}} - {{{{item.description}}}}</summary>

- **Targeted Element** : {{{{item.target}}}}
- **Severity** : {{{{item.severity}}}}
- **References** : {{{{item.references}}}}
----

}}
}}
}

## Assets

{assets:repeat:

- **name** : {{item.name}}
- **description** : {{item.description}}
- **in scope** : {{item.inScope}}
- **type** : {{item:call:getElementType}}
- **# of findings** : {{item:call:getFindingCount}}

{{item.findings:not:
---
}}

{{item.findings:if:
----
**Findings**

----

{{item.findings:repeat:
<summary>{{{{item.id}}}} - {{{{item.description}}}}</summary>

- **Targeted Element** : {{{{item.target}}}}
- **Severity** : {{{{item.severity}}}}
- **References** : {{{{item.references}}}}
----

}}
}}
}

## Data Flows

{dataflows:repeat:
Name|{{item.name}}
|:----|:----|
Description|{{item.description}}|
Sink|{{item.sink}}|
Source|{{item.source}}|
Is Response|{{item.isResponse}}|
In Scope|{{item.inScope}}|
Finding Count|{{item:call:getFindingCount}}|

{{item.findings:not:
---
}}

{{item.findings:if:
----
**Findings**

----

{{item.findings:repeat:
<summary>{{{{item.id}}}} - {{{{item.description}}}}</summary>

- **Targeted Element** : {{{{item.target}}}}
- **Severity** : {{{{item.severity}}}}
- **References** : {{{{item.references}}}}
----

}}
}}
}

0 comments on commit b0c4388

Please sign in to comment.