Added a .sourceCode attribute to Elements, and a check for the age di… #145
Conversation
…fference (in days) between the source code and the model.
There was a problem hiding this comment.
I'm not sure the relationship between a model and the sources of a system is so simple. This will be confusing if we imply it's required to identify source files to complete a model. And the requirement to update either the model or sources should be verified during code review of either one.
|
👉 View analysis in DeepCode’s Dashboard | Configure the bot |
pytm/pytm.py
Outdated
|
|
||
| for src in e.sourceCode: | ||
| src_mtime = datetime.fromtimestamp( | ||
| os.stat(os.path.dirname(sys.argv[0]) + f"/{src}").st_mtime |
There was a problem hiding this comment.
I don't like the assumption that all source files must be in the same dir as the threat model script. Either document it, or detect and allow using absolute paths.
There was a problem hiding this comment.
I'm open to be convinced otherwise, but my intent has always been that the model lives together with the code it represents. Meanwhile I've documented it in the variable doc.
as suggested by codeql itself.
…fference (in days) between the source code and the model.
~/Src/pytm source_and_check* ❯ ./tm.py --stale 200
Checking for code 200 days older than this model.
Paths should be relative to the directory where the TM script is being run.
~/Src/pytm source_and_check* ❯ ./tm.py --stale 20
Checking for code 20 days older than this model.
Paths should be relative to the directory where the TM script is being run.
./pytm/json.py is 175 days older than this model.