Initial commit

.cdktg.out/ModelStub.yml

@@ -0,0 +1,86 @@
+# Generated by cdk-threagile - 1655592350544
+
+threagile_version: 1.0.0
+title: Model Stub
+data: 2020-03-31
+author:
+  name: John Doe
+  homepage: null
+business_criticality: important
+data_assets:
+  Some Data Asset:
+    id: 4d95c95c-8dbc-4738-a635-4b374ad7725c
+    description: Some Description
+    usage: business
+    origin: Some Origin
+    owner: Some Owner
+    quantity: many
+    confidentiality: public
+    integrity: archive
+    availability: archive
+technical_assets:
+  Some Technical Asset:
+    id: 93cb2d87-7ccf-4d2a-9bf9-a5e19e0ae9c8
+    description: Some Description
+    type: process
+    usage: business
+    used_as_client_by_human: false
+    out_of_scope: false
+    justification_out_of_scope: null
+    size: component
+    technology: web-service-rest
+    internet: false
+    machine: virtual
+    encryption: none
+    owner: Some Owner
+    confidentiality: public
+    integrity: archive
+    availability: archive
+    multitenant: false
+    redundant: true
+    data_assets_processed:
+      - 4d95c95c-8dbc-4738-a635-4b374ad7725c
+    data_assets_stored: []
+    communication_links:
+      Some Traffic:
+        target: 58e957a6-20b2-455e-9f27-6bc1e056b3c7
+        description: Some Description
+        protocol: https
+        authentication: none
+        authorization: none
+        vpn: false
+        ipFiltered: false
+        readonly: false
+        usage: business
+        data_assets_sent: []
+        data_assets_received: []
+  Some Other Technical Asset:
+    id: 58e957a6-20b2-455e-9f27-6bc1e056b3c7
+    description: Some Description
+    type: process
+    usage: business
+    used_as_client_by_human: false
+    out_of_scope: false
+    justification_out_of_scope: null
+    size: component
+    technology: web-service-rest
+    internet: false
+    machine: virtual
+    encryption: none
+    owner: Some Owner
+    confidentiality: public
+    integrity: archive
+    availability: archive
+    multitenant: false
+    redundant: true
+    data_assets_processed:
+      - 4d95c95c-8dbc-4738-a635-4b374ad7725c
+    data_assets_stored: []
+trust_boundaries:
+  Some Trust Boundary:
+    id: 7436a8c6-612e-49ec-834c-c6c98bb2526c
+    description: Some Description
+    type: network-dedicated-hoster
+    technical_assets_inside:
+      - 93cb2d87-7ccf-4d2a-9bf9-a5e19e0ae9c8
+    trust_boundaries_nested: []

.cdktg.out/manifest.json

@@ -0,0 +1,3 @@
+{
+    "Model Stub": "ModelStub"
+}

.env.example

@@ -0,0 +1 @@
+CDKTG_THREAGILE_BASE_URL=https://your-threagile-base-url

.gitignore

@@ -102,3 +102,8 @@ dist
 
 # TernJS port file
 .tern-port
+
+!.cdktg.out
+!dist
+.env
+.DS_Store

dist/Model Stub/risks.json

@@ -0,0 +1 @@
+[{"category":"server-side-request-forgery","risk_status":"unchecked","severity":"medium","exploitation_likelihood":"likely","exploitation_impact":"low","title":"\u003cb\u003eServer-Side Request Forgery (SSRF)\u003c/b\u003e risk at \u003cb\u003eSome Technical Asset\u003c/b\u003e server-side web-requesting the target \u003cb\u003eSome Other Technical Asset\u003c/b\u003e via \u003cb\u003eSome Traffic\u003c/b\u003e","synthetic_id":"server-side-request-forgery@14a25d63-7fb2-47ef-837f-3a31247dacd0@57845c50-5ca4-454d-a226-e5834a80e8de@14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"14a25d63-7fb2-47ef-837f-3a31247dacd0","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic","data_breach_probability":"possible","data_breach_technical_assets":["14a25d63-7fb2-47ef-837f-3a31247dacd0"]},{"category":"missing-vault","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Vault (Secret Storage)\u003c/b\u003e in the threat model (referencing asset \u003cb\u003e\u003c/b\u003e as an example)","synthetic_id":"missing-vault@","most_relevant_data_asset":"","most_relevant_technical_asset":"","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":[]},{"category":"missing-waf","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eMissing Web Application Firewall (WAF)\u003c/b\u003e risk at \u003cb\u003eSome Other Technical Asset\u003c/b\u003e","synthetic_id":"missing-waf@57845c50-5ca4-454d-a226-e5834a80e8de","most_relevant_data_asset":"","most_relevant_technical_asset":"57845c50-5ca4-454d-a226-e5834a80e8de","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"","data_breach_probability":"improbable","data_breach_technical_assets":["57845c50-5ca4-454d-a226-e5834a80e8de"]},{"category":"wrong-communication-link-content","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eWrong Communication Link Content\u003c/b\u003e (data assets sent/received not matching the communication link's readonly flag) at \u003cb\u003eSome Technical Asset\u003c/b\u003e regarding communication link \u003cb\u003eSome Traffic\u003c/b\u003e","synthetic_id":"wrong-communication-link-content@14a25d63-7fb2-47ef-837f-3a31247dacd0@14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic","most_relevant_data_asset":"","most_relevant_technical_asset":"14a25d63-7fb2-47ef-837f-3a31247dacd0","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic","data_breach_probability":"improbable","data_breach_technical_assets":[]},{"category":"unnecessary-communication-link","risk_status":"unchecked","severity":"low","exploitation_likelihood":"unlikely","exploitation_impact":"low","title":"\u003cb\u003eUnnecessary Communication Link\u003c/b\u003e titled \u003cb\u003eSome Traffic\u003c/b\u003e at technical asset \u003cb\u003eSome Technical Asset\u003c/b\u003e","synthetic_id":"unnecessary-communication-link@14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic@14a25d63-7fb2-47ef-837f-3a31247dacd0","most_relevant_data_asset":"","most_relevant_technical_asset":"14a25d63-7fb2-47ef-837f-3a31247dacd0","most_relevant_trust_boundary":"","most_relevant_shared_runtime":"","most_relevant_communication_link":"14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic","data_breach_probability":"improbable","data_breach_technical_assets":["14a25d63-7fb2-47ef-837f-3a31247dacd0"]}]

dist/Model Stub/stats.json

@@ -0,0 +1 @@
+{"risks":{"critical":{"accepted":0,"false-positive":0,"in-discussion":0,"in-progress":0,"mitigated":0,"unchecked":0},"elevated":{"accepted":0,"false-positive":0,"in-discussion":0,"in-progress":0,"mitigated":0,"unchecked":0},"high":{"accepted":0,"false-positive":0,"in-discussion":0,"in-progress":0,"mitigated":0,"unchecked":0},"low":{"accepted":0,"false-positive":0,"in-discussion":0,"in-progress":0,"mitigated":0,"unchecked":4},"medium":{"accepted":0,"false-positive":0,"in-discussion":0,"in-progress":0,"mitigated":0,"unchecked":1}}}

dist/Model Stub/technical-assets.json

@@ -0,0 +1 @@
+{"14a25d63-7fb2-47ef-837f-3a31247dacd0":{"Id":"14a25d63-7fb2-47ef-837f-3a31247dacd0","Title":"Some Technical Asset","Description":"Some Description","Usage":0,"Type":1,"Size":3,"Technology":14,"Machine":1,"Internet":false,"MultiTenant":false,"Redundant":true,"CustomDevelopedParts":false,"OutOfScope":false,"UsedAsClientByHuman":false,"Encryption":0,"JustificationOutOfScope":"","Owner":"Some Owner","Confidentiality":0,"Integrity":0,"Availability":0,"JustificationCiaRating":"","Tags":[],"DataAssetsProcessed":["6dd44b9a-0dda-432a-b551-231d906c8970"],"DataAssetsStored":[],"DataFormatsAccepted":[],"CommunicationLinks":[{"Id":"14a25d63-7fb2-47ef-837f-3a31247dacd0\u003esome-traffic","SourceId":"14a25d63-7fb2-47ef-837f-3a31247dacd0","TargetId":"57845c50-5ca4-454d-a226-e5834a80e8de","Title":"Some Traffic","Description":"Some Description","Protocol":2,"Tags":[],"VPN":false,"IpFiltered":false,"Readonly":false,"Authentication":0,"Authorization":0,"Usage":0,"DataAssetsSent":null,"DataAssetsReceived":null,"DiagramTweakWeight":1,"DiagramTweakConstraint":true}],"DiagramTweakOrder":0,"RAA":1},"57845c50-5ca4-454d-a226-e5834a80e8de":{"Id":"57845c50-5ca4-454d-a226-e5834a80e8de","Title":"Some Other Technical Asset","Description":"Some Description","Usage":0,"Type":1,"Size":3,"Technology":14,"Machine":1,"Internet":false,"MultiTenant":false,"Redundant":true,"CustomDevelopedParts":false,"OutOfScope":false,"UsedAsClientByHuman":false,"Encryption":0,"JustificationOutOfScope":"","Owner":"Some Owner","Confidentiality":0,"Integrity":0,"Availability":0,"JustificationCiaRating":"","Tags":[],"DataAssetsProcessed":["6dd44b9a-0dda-432a-b551-231d906c8970"],"DataAssetsStored":[],"DataFormatsAccepted":[],"CommunicationLinks":[],"DiagramTweakOrder":0,"RAA":1}}

dist/Model Stub/threagile.yaml

@@ -0,0 +1,86 @@
+# Generated by cdk-threagile - 1655590203027
+
+threagile_version: 1.0.0
+title: Model Stub
+data: 2020-03-31
+author:
+  name: John Doe
+  homepage: null
+business_criticality: important
+data_assets:
+  Some Data Asset:
+    id: 6dd44b9a-0dda-432a-b551-231d906c8970
+    description: Some Description
+    usage: business
+    origin: Some Origin
+    owner: Some Owner
+    quantity: many
+    confidentiality: public
+    integrity: archive
+    availability: archive
+technical_assets:
+  Some Technical Asset:
+    id: 14a25d63-7fb2-47ef-837f-3a31247dacd0
+    description: Some Description
+    type: process
+    usage: business
+    used_as_client_by_human: false
+    out_of_scope: false
+    justification_out_of_scope: null
+    size: component
+    technology: web-service-rest
+    internet: false
+    machine: virtual
+    encryption: none
+    owner: Some Owner
+    confidentiality: public
+    integrity: archive
+    availability: archive
+    multitenant: false
+    redundant: true
+    data_assets_processed:
+      - 6dd44b9a-0dda-432a-b551-231d906c8970
+    data_assets_stored: []
+    communication_links:
+      Some Traffic:
+        target: 57845c50-5ca4-454d-a226-e5834a80e8de
+        description: Some Description
+        protocol: https
+        authentication: none
+        authorization: none
+        vpn: false
+        ipFiltered: false
+        readonly: false
+        usage: business
+        data_assets_sent: []
+        data_assets_received: []
+  Some Other Technical Asset:
+    id: 57845c50-5ca4-454d-a226-e5834a80e8de
+    description: Some Description
+    type: process
+    usage: business
+    used_as_client_by_human: false
+    out_of_scope: false
+    justification_out_of_scope: null
+    size: component
+    technology: web-service-rest
+    internet: false
+    machine: virtual
+    encryption: none
+    owner: Some Owner
+    confidentiality: public
+    integrity: archive
+    availability: archive
+    multitenant: false
+    redundant: true
+    data_assets_processed:
+      - 6dd44b9a-0dda-432a-b551-231d906c8970
+    data_assets_stored: []
+trust_boundaries:
+  Some Trust Boundary:
+    id: 93ae8a4d-a612-4e4b-99b4-ace41baea6b8
+    description: Some Description
+    type: network-dedicated-hoster
+    technical_assets_inside:
+      - 14a25d63-7fb2-47ef-837f-3a31247dacd0
+    trust_boundaries_nested: []

package.json

@@ -0,0 +1,20 @@
+{
+  "name": "cdk-threagile-example",
+  "private": true,
+  "version": "1.0.0",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hupe1980/cdk-threagile-example.git"
+  },
+  "scripts": {
+    "cdktg": "cdktg",
+    "synth": "cdktg synth src/main.ts",
+    "ping": "cdktg ping",
+    "model:check": "cdktg check",
+    "model:analyse": "cdktg analyse"
+  },
+  "dependencies": {
+    "cdktg": "latest"
+  }
+}

src/main.ts

@@ -0,0 +1,88 @@
+import * as cdktg from 'cdktg'
+
+const project = new cdktg.Project();
+
+const model = new cdktg.Model(project, 'Model Stub', {
+  version: '1.0.0',
+  date: new Date('2020-03-31'),
+  author: new cdktg.Author({
+    name: 'John Doe',
+  }),
+  businessCriticality: cdktg.BusinessCriticality.IMPORTANT,
+});
+
+const someData = new cdktg.DataAsset(model, 'Some Data Asset', {
+  description: 'Some Description',
+  usage: cdktg.Usage.BUSINESS,
+  origin: 'Some Origin',
+  owner: 'Some Owner',
+  quantity: cdktg.Quantity.MANY,
+  ciaTriad: new cdktg.CIATriad({
+    confidentiality: cdktg.Confidentiality.CONFIDENTIAL,
+    integrity: cdktg.Integrity.CRITICAL,
+    availability: cdktg.Availability.OPERATIONAL,
+  }),
+});
+
+const someTrustBoundary = new cdktg.TrustBoundary(model, 'Some Trust Boundary', {
+  description: 'Some Description',
+  type: cdktg.TrustBoundaryType.NETWORK_DEDICATED_HOSTER,
+});
+
+const someTechnicalAsset = new cdktg.TechnicalAsset(model, 'Some Technical Asset', {
+  trustBoundary: someTrustBoundary,
+  description: 'Some Description',
+  assetType: cdktg.AssetType.PROCESS,
+  usage: cdktg.Usage.BUSINESS,
+  humanUse: false,
+  size: cdktg.Size.COMPONENT,
+  technology: cdktg.Technology.WEB_SERVICE_REST,
+  internet: false,
+  machine: cdktg.Machine.VIRTUAL,
+  encryption: cdktg.Encryption.NONE,
+  owner: 'Some Owner',
+  ciaTriad: new cdktg.CIATriad({
+    confidentiality: cdktg.Confidentiality.CONFIDENTIAL,
+    integrity: cdktg.Integrity.CRITICAL,
+    availability: cdktg.Availability.CRITICAL,
+  }),
+  multiTenant: false,
+  redundant: true,
+});
+
+someTechnicalAsset.processed(someData);
+
+const someOtherTechnicalAsset = new cdktg.TechnicalAsset(model, 'Some Other Technical Asset', {
+  description: 'Some Description',
+  assetType: cdktg.AssetType.PROCESS,
+  usage: cdktg.Usage.BUSINESS,
+  humanUse: false,
+  size: cdktg.Size.COMPONENT,
+  technology: cdktg.Technology.WEB_SERVICE_REST,
+  internet: false,
+  machine: cdktg.Machine.VIRTUAL,
+  encryption: cdktg.Encryption.NONE,
+  owner: 'Some Owner',
+  ciaTriad: new cdktg.CIATriad({
+    confidentiality: cdktg.Confidentiality.CONFIDENTIAL,
+    integrity: cdktg.Integrity.IMPORTANT,
+    availability: cdktg.Availability.IMPORTANT,
+  }),
+  multiTenant: false,
+  redundant: true,
+});
+
+someOtherTechnicalAsset.processed(someData);
+
+const someTraffic = someTechnicalAsset.communicatedWith('Some Traffic', someOtherTechnicalAsset, {
+  description: 'Some Description',
+  protocol: cdktg.Protocol.HTTPS,
+  authentication: cdktg.Authentication.NONE,
+  authorization: cdktg.Authorization.NONE,
+  vpn: false,
+  ipFiltered: false,
+  readonly: false,
+  usage: cdktg.Usage.BUSINESS,
+});
+
+project.synth();

yarn.lock

@@ -0,0 +1,21 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+cdktg@^0.0.5:
+  version "0.0.5"
+  resolved "https://registry.yarnpkg.com/cdktg/-/cdktg-0.0.5.tgz#86e22392239d04d329b99f1524f0524b88ccf4e1"
+  integrity sha512-ZI0cUNhP6+Qz0Wlx9DX66q9kZmobiSqktH75HvpxIVzaPdI/FYh1u0NeZcdSWS4GBx+7ZG4ApIkScIxnPz3yHg==
+  dependencies:
+    uuid "^8.3.2"
+    yaml "^2.1.1"
+
+uuid@^8.3.2:
+  version "8.3.2"
+  resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
+  integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
+
+yaml@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.1.1.tgz#1e06fb4ca46e60d9da07e4f786ea370ed3c3cfec"
+  integrity sha512-o96x3OPo8GjWeSLF+wOAbrPfhFOGY0W00GNaxCDv+9hkcDJEnev1yh8S7pgHF0ik6zc8sQLuL8hjHjJULZp8bw==