nozmore
nozmore
This is just a draft to help the discussion, a lot more changes are needed. If I can pull others over to the darkside : ) then I will work...
Add custom_properties dict for custom data to be inserted into the model which does not currently exist in pytm's data model. This can be used for internal values that may...
…rides The idea here is after working with a dev team and threats are identified which does not exist in the pytm threatlib they can be manually added to the...
I would like to have better support for client/non-listening processes. Today Process contain annotations (also inherited from Asset) which applies to Listening/Server Processes or Actor could be used but you...
When using pytm to find threats I found most threats do not apply which would require me to re-write conditions to detect applicable components. Instead to address this I added...
I was mocking up a sample DFD with a Process and some local files datastores and I am getting a DF1 threat (Dataflow not authn'd) which isn't the beast threat...
... well it was anyway. https://github.com/izar/pytm/commit/9bccd8f45d5ce440b1f42f40ef8d62097cd45823 I added a python script to take a CSV with pairs of elements. I then create generic Element definitions for each unique name and...
I've been thinking about this and relates to a few issues I've added recently. I think the logic is going to get messy as we add more Threats, Mitigations, and...
Does it make sense to have two conditions and inclusion and exclusion? I think this will simplify more complex conditional logic. Rather than having to make a complex logic to...