Skip to content

Releases: OWASP/pytm

v1.3.1

25 Apr 15:45
b0c4388
Compare
Choose a tag to compare
  • NEW: the colormap and RevealMD template features.

What's Changed

Full Changelog: v1.3.0...v1.3.1

v1.3.0

26 Feb 23:20
4890300
Compare
Choose a tag to compare

colormap

  • colormap flag added to paint risk on DFDs
  • many bug fixes

What's Changed

New Contributors

Full Changelog: v1.2.0...v1.3.0

1.2.0

30 Apr 16:58
c3b824c
Compare
Choose a tag to compare

In this release, we are aiming at clearer reports and some more data-oriented facilities.

Breaking changes

  • Replace usesLatestTLSversion with minTLSVersion in assets and tlsVersion in data flows #123
  • When the data attribute of elements is initialied with a string, convert it to a Data object with undefined as name and the string as description; change the default classification from PUBLIC to UNKNOWN #148

New features

  • Separate actors and assets from elements when dumping the model to JSON #150
  • Add unique Finding ids #154
  • Allow to associate the threat model script with source code files and check their age difference #145
  • Adapt the DFD3 notation #143
  • Allow to override findings (threats) attributes #137
  • Allow to mark data as PII or credentials and check if it's protected #127
  • Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering
  • Added HTML docs using pdoc #110
  • Added checksDestinationRevocation attribute to account for certificate revocation checks #109

Bug fixes

  • Escape HTML entities in Threat attributes #149
  • Fix generating reports for models with a Datastore that has isEncryptedAtRest set and a Data that has isStored set #141
  • Fix condition on the Data Leak threat so it does not always match #139
  • Fixed printing the data attribute in reports #123
  • Added a markdown file with threats #126
  • Fixed drawing nested boudnaries #117
  • Add missing provideIntegrity attribute in Actor and Asset classes #116

1.1.2

24 Sep 13:26
Compare
Choose a tag to compare
  • Added Poetry #108
  • Fix drawing DFDs for nested Boundaries #107

1.1.0

17 Sep 14:10
Compare
Choose a tag to compare

Breaking changes

  • Removed HandlesResources attribute from the Process class, which duplicates handlesResources
  • Change default Dataflow.dstPort attribute value from 10000 to -1

New features

  • Add dump of elements and findings to sqlite database using "--sqldump " (with result in ./sqldump/) #103
  • Add Data element and DataLeak finding to support creation of a data dictionary separate from the model #104
  • Add JSON input #105
  • Add JSON output #102
  • Use numbered dataflow labels in sequence diagram #94
  • Move authenticateDestination to base Element #88
  • Assign inputs and outputs to all elements #89
  • Allow detecting and/or hiding duplicate dataflows by setting TM.onDuplicates #100
  • Ignore unused elements if TM.ignoreUnused is True #84
  • Assign findings to elements #86
  • Add description to class attributes #91
  • New Element methods to be used in threat conditions #82
  • Provide a Docker image and allow running make targets in a container #87
  • Dataflow inherits source and/or sink attribute values #79
  • Merge edges in DFD when TM.mergeResponses is True; allow marking Dataflow as responses #76
  • Automatic ordering of dataflows when TM.isOrdered is True #66
  • Loading a custom threats file by setting TM.threatsFile #68
  • Setting properties on init #67
  • Wrap long labels in DFDs #65

Bug fixes

  • Ensure all items have correct color, based on scope #93
  • Add missing server isResilient property #63
  • Advanced templates in repeat blocks #81
  • Produce stable diagrams #79
  • Allow overriding classes #64

pytm-1.1.0.tar.gz