diff --git a/docs/pytm/index.html b/docs/pytm/index.html index 30cb0a5..25d09c8 100644 --- a/docs/pytm/index.html +++ b/docs/pytm/index.html @@ -3,7 +3,7 @@ - + pytm API documentation @@ -2218,7 +2218,7 @@

Instance variables

) def __str__(self): - return f"{self.target}: {self.description}\n{self.details}\n{self.severity}" + return f"'{self.target}': {self.description}\n{self.details}\n{self.severity}"

Instance variables

@@ -3548,6 +3548,11 @@

Class variables

doc="""How to handle duplicate Dataflow with same properties, except name and notes""", ) + assumptions = varStrings( + [], + required=False, + doc="A list of assumptions about the design/model.", + ) def __init__(self, name, **kwargs): for key, value in kwargs.items(): @@ -3603,6 +3608,7 @@

Class variables

finding_count += 1 f = Finding(e, id=str(finding_count), threat=t) + logger.debug(f"new finding: {f}") findings.append(f) elements[e].append(f) self.findings = findings @@ -3839,6 +3845,9 @@

Class variables

if result.describe is not None: _describe_classes(result.describe.split()) + if result.list_elements: + _list_elements() + if result.list is True: [print("{} - {}".format(t.id, t.description)) for t in TM._threats] @@ -3961,6 +3970,22 @@

Static methods

Instance variables

+
var assumptions
+
+

A list of assumptions about the design/model.

+
+ +Expand source code + +
def __get__(self, instance, owner):
+    # when x.d is called we get here
+    # instance = x
+    # owner = type(x)
+    if instance is None:
+        return self
+    return self.data.get(instance, self.default)
+
+
var description

Model description

@@ -4160,6 +4185,9 @@

Methods

if result.describe is not None: _describe_classes(result.describe.split()) + if result.list_elements: + _list_elements() + if result.list is True: [print("{} - {}".format(t.id, t.description)) for t in TM._threats] @@ -4231,6 +4259,7 @@

Methods

finding_count += 1 f = Finding(e, id=str(finding_count), threat=t) + logger.debug(f"new finding: {f}") findings.append(f) elements[e].append(f) self.findings = findings @@ -4768,6 +4797,7 @@

TLSVersion

TM

    +
  • assumptions
  • description
  • findings
  • get_table
    • @@ -4805,7 +4835,7 @@

    Threat

    \ No newline at end of file diff --git a/docs/template.md b/docs/template.md index 55a7a03..76a1a09 100644 --- a/docs/template.md +++ b/docs/template.md @@ -7,6 +7,19 @@   +{tm.assumptions:if: + +|Assumptions| +|-----------| +{tm.assumptions:repeat:|{{item}}| +} + +  +  +  +} + + ## Dataflow Diagram - Level 0 DFD ![](sample.png) diff --git a/pytm/pytm.py b/pytm/pytm.py index 9791b7a..977e3a8 100644 --- a/pytm/pytm.py +++ b/pytm/pytm.py @@ -720,6 +720,11 @@ class TM: doc="""How to handle duplicate Dataflow with same properties, except name and notes""", ) + assumptions = varStrings( + [], + required=False, + doc="A list of assumptions about the design/model.", + ) def __init__(self, name, **kwargs): for key, value in kwargs.items(): diff --git a/tests/output.json b/tests/output.json index 0adee11..4008d50 100644 --- a/tests/output.json +++ b/tests/output.json @@ -264,6 +264,7 @@ "validatesInput": false } ], + "assumptions": [], "boundaries": [ { "description": "", @@ -801,4 +802,4 @@ "onDuplicates": "Action.NO_ACTION", "threatsExcluded": [], "threatsFile": "pytm/threatlib/threats.json" -} +} \ No newline at end of file diff --git a/tests/output.md b/tests/output.md index d838249..e019932 100644 --- a/tests/output.md +++ b/tests/output.md @@ -7,6 +7,9 @@ aaa   + + + ## Dataflow Diagram - Level 0 DFD ![](sample.png) diff --git a/tm.py b/tm.py index 8c59864..2a207a0 100755 --- a/tm.py +++ b/tm.py @@ -16,6 +16,9 @@ tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." tm.isOrdered = True tm.mergeResponses = True +tm.assumptions = [ +"Here you can document a list of assumptions about the system", +] internet = Boundary("Internet") server_db = Boundary("Server/DB")