Skip to content

Commit

Permalink
feat: Adding contraint checks for old dfd blocks #29
Browse files Browse the repository at this point in the history
  • Loading branch information
xntrik authored and teamcfr committed Feb 7, 2023
1 parent 8e0e624 commit caf23f4
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 14 deletions.
28 changes: 28 additions & 0 deletions pkg/spec/parser_constraints.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ import (
)

type hcltmConstraint interface {
// You can see the format used for verConstraint() here:
// https://github.com/hashicorp/go-version
//
// Examples include:
// ">= 0.0.1"
// ">= 0.0.1, < 1.4"

verConstraint() string
msg() string
asOf() string
Expand Down Expand Up @@ -55,10 +62,31 @@ func (c *proposedControlToBlock) tmCheck(tm *Threatmodel) bool {
return false
}

type multiDfd struct{}

func (c *multiDfd) asOf() string {
return "0.1.6"
}
func (c *multiDfd) verConstraint() string {
return ">= 0.0.1"
}
func (c *multiDfd) msg() string {
return "Deprecation warning: This threat model has a defined `data_flow_diagram` block inside of a `threat` block. As of v0.1.6 it is recommended that you update these to `data_flow_diagram_v2` blocks. In the future, we may retire the old block. The new block requires a `title` label."
}
func (c *multiDfd) tmCheck(tm *Threatmodel) bool {
for _, d := range tm.DataFlowDiagrams {
if d.ShiftedFromLegacy {
return true
}
}
return false
}

func VersionConstraints(tmw *ThreatmodelWrapped, emit bool) (string, error) {
hcltmConstraints := make(map[string]hcltmConstraint)
hcltmConstraints["control_string_to_block"] = &controlStringToBlock{}
hcltmConstraints["proposed_control_to_block"] = &proposedControlToBlock{}
hcltmConstraints["multi_dfd"] = &multiDfd{}

for _, cval := range hcltmConstraints {
newConst, err := version.NewConstraint(cval.verConstraint())
Expand Down
15 changes: 8 additions & 7 deletions pkg/spec/parser_threatmodel.go
Original file line number Diff line number Diff line change
Expand Up @@ -225,13 +225,14 @@ func (tm *Threatmodel) validateInformationAssetRef(asset string) error {
func (tm *Threatmodel) shiftLegacyDfd() (error, int) {
if tm.LegacyDfd != nil {
newDfd := &DataFlowDiagram{
Name: "Legacy DFD",
Processes: tm.LegacyDfd.Processes,
ExternalElements: tm.LegacyDfd.ExternalElements,
DataStores: tm.LegacyDfd.DataStores,
Flows: tm.LegacyDfd.Flows,
TrustZones: tm.LegacyDfd.TrustZones,
ImportFile: tm.LegacyDfd.ImportFile,
Name: "Legacy DFD",
ShiftedFromLegacy: true,
Processes: tm.LegacyDfd.Processes,
ExternalElements: tm.LegacyDfd.ExternalElements,
DataStores: tm.LegacyDfd.DataStores,
Flows: tm.LegacyDfd.Flows,
TrustZones: tm.LegacyDfd.TrustZones,
ImportFile: tm.LegacyDfd.ImportFile,
}
tm.LegacyDfd = nil
tm.DataFlowDiagrams = append(tm.DataFlowDiagrams, newDfd)
Expand Down
15 changes: 8 additions & 7 deletions pkg/spec/spec.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,13 +109,14 @@ type LegacyDataFlowDiagram struct {
}

type DataFlowDiagram struct {
Name string `hcl:"name,label"`
Processes []*DfdProcess `hcl:"process,block"`
ExternalElements []*DfdExternal `hcl:"external_element,block"`
DataStores []*DfdData `hcl:"data_store,block"`
Flows []*DfdFlow `hcl:"flow,block"`
TrustZones []*DfdTrustZone `hcl:"trust_zone,block"`
ImportFile string `hcl:"import,optional"`
Name string `hcl:"name,label"`
ShiftedFromLegacy bool
Processes []*DfdProcess `hcl:"process,block"`
ExternalElements []*DfdExternal `hcl:"external_element,block"`
DataStores []*DfdData `hcl:"data_store,block"`
Flows []*DfdFlow `hcl:"flow,block"`
TrustZones []*DfdTrustZone `hcl:"trust_zone,block"`
ImportFile string `hcl:"import,optional"`
}

type Threatmodel struct {
Expand Down

0 comments on commit caf23f4

Please sign in to comment.