From 16386fdd272c7837080d89cd0808a0750c60c701 Mon Sep 17 00:00:00 2001 From: Willem van Heemstra Date: Wed, 18 Dec 2024 14:42:52 +0100 Subject: [PATCH] Initial commit --- .github/CODEOWNERS | 67 ++ .github/CODE_OF_CONDUCT.md | 79 ++ .github/CONTRIBUTING.md | 1 + .github/ISSUE_TEMPLATE/bug_report.md | 27 + .github/ISSUE_TEMPLATE/feature_request.md | 20 + .github/workflows/documentation.yml | 36 + .github/workflows/readme.yml | 50 + .gitignore | 156 +++ .gitpod.yml | 4 + .readthedocs.yaml | 13 + .threagile/live-templates.txt | 265 +++++ .threagile/openapi.yaml | 321 ++++++ .threagile/schema.json | 1244 +++++++++++++++++++++ .vscode/extensions.json | 8 + 100/README.md | 1 + 200/README.md | 1 + 300/README.md | 1 + 400/README.md | 1 + DOCUMENTATION.md | 3 + GLOSSARY.md | 3 + IMAGES.md | 5 + LICENSE | 21 + README.ar.md | 31 + README.de.md | 31 + README.es.md | 31 + README.fr.md | 31 + README.hi.md | 31 + README.md | 30 + README.nl.md | 31 + README.rst | 15 + README.zh-CN.md | 31 + README.zh-TW.md | 31 + REFERENCES.md | 3 + TELEMETRY.md | 13 + docs/Makefile | 20 + docs/make.bat | 35 + docs/requirements.txt | 2 + docs/source/api.rst | 7 + docs/source/conf.py | 35 + docs/source/index.rst | 22 + docs/source/usage.rst | 33 + pyproject.toml | 8 + schemas/.schemastore | 1 + threagile.bat | 1 + threagile.sh | 3 + threagile.yaml | 3 + 46 files changed, 2806 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/CODE_OF_CONDUCT.md create mode 100644 .github/CONTRIBUTING.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/workflows/documentation.yml create mode 100644 .github/workflows/readme.yml create mode 100644 .gitignore create mode 100644 .gitpod.yml create mode 100644 .readthedocs.yaml create mode 100644 .threagile/live-templates.txt create mode 100644 .threagile/openapi.yaml create mode 100644 .threagile/schema.json create mode 100644 .vscode/extensions.json create mode 100644 100/README.md create mode 100644 200/README.md create mode 100644 300/README.md create mode 100644 400/README.md create mode 100644 DOCUMENTATION.md create mode 100644 GLOSSARY.md create mode 100644 IMAGES.md create mode 100644 LICENSE create mode 100644 README.ar.md create mode 100644 README.de.md create mode 100644 README.es.md create mode 100644 README.fr.md create mode 100644 README.hi.md create mode 100644 README.md create mode 100644 README.nl.md create mode 100644 README.rst create mode 100644 README.zh-CN.md create mode 100644 README.zh-TW.md create mode 100644 REFERENCES.md create mode 100644 TELEMETRY.md create mode 100644 docs/Makefile create mode 100644 docs/make.bat create mode 100644 docs/requirements.txt create mode 100644 docs/source/api.rst create mode 100644 docs/source/conf.py create mode 100644 docs/source/index.rst create mode 100644 docs/source/usage.rst create mode 100644 pyproject.toml create mode 100644 schemas/.schemastore create mode 100644 threagile.bat create mode 100644 threagile.sh create mode 100644 threagile.yaml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..72a089b --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,67 @@ +# This is a comment. +# Each line is a file pattern followed by one or more owners. + +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# @vanHeemstraSystems/global-owners will be requested for +# review when someone opens a pull request. +* @vanHeemstraSystems/global-owners + +# Order is important; the last matching pattern takes the most +# precedence. When someone opens a pull request that only +# modifies JS files, only @vanHeemstraSystems/js-owners and not the global +# owner(s) will be requested for a review. +*.js @vanHeemstraSystems/js-owners #This is an inline comment. + +# You can also use email addresses if you prefer. They'll be +# used to look up users just like we do for commit author +# emails. +*.go docs@example.com + +# Teams can be specified as code owners as well. Teams should +# be identified in the format @org/team-name. Teams must have +# explicit write access to the repository. In this example, +# the vanHeemstraSystems team in the vanHeemstraSystems organization owns all .txt files. +*.txt @vanHeemstraSystems/vanHeemstraSystems + +# In this example, @vanHeemstraSystems/log-owners own any files in the build/logs +# directory at the root of the repository and any of its +# subdirectories. +/build/logs/ @vanHeemstraSystems/log-owners + +# The `docs/*` pattern will match files like +# `docs/getting-started.md` but not further nested files like +# `docs/build-app/troubleshooting.md`. +docs/* docs@vanheemstrasystems.com + +# In this example, @vanHeemstraSystems owns any file in an apps directory +# anywhere in your repository. +apps/ @vanHeemstraSystems + +# In this example, @vanHeemstraSystems/docs-owners owns any file in the `/docs` +# directory in the root of your repository and any of its +# subdirectories. +/docs/ @vanHeemstraSystems/docs-owners + +# In this example, any change inside the `/scripts` directory +# will require approval from @vanHeemstraSystems/docs-owners or @vanHeemstraSystems. +/scripts/ @vanHeemstraSystems/docs-owners @vanHeemstraSystems + +# In this example, @vanHeemstraSystems owns any file in a `/logs` directory such as +# `/build/logs`, `/scripts/logs`, and `/deeply/nested/logs`. Any changes +# in a `/logs` directory will require approval from @vanHeemstraSystems. +**/logs @vanHeemstraSystems + +# In this example, @vanHeemstraSystems owns any file in the `/apps` +# directory in the root of your repository except for the `/apps/github` +# subdirectory, as its owners are left empty. Without an owner, changes +# to `apps/github` can be made with the approval of any user who has +# write access to the repository. +/apps/ @vanHeemstraSystems +/apps/github + +# In this example, @vanHeemstraSystems owns any file in the `/apps` +# directory in the root of your repository except for the `/apps/github` +# subdirectory, as this subdirectory has its own owner @vanHeemstraSystems/docs-owners +/apps/ @vanHeemstraSystems +/apps/github @vanHeemstraSystems/docs-owners diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..8c6428b --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,79 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +nationality, personal appearance, race, religion, or sexual identity and +orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or +advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at [safety@vanheemstrasystems.com][email]. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available [here][version]. + +## Adoption + +This Code of Conduct was first adopted December 15th, 2021. + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ +[email]: mailto:wvanheemstra@icloud.com diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..c15a101 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1 @@ +all commit messages must follow [Semantic Commit Messages](https://gist.github.com/wvanheemstra/376206ed6fcadadbd451a1e277151cb9) or they will not trigger a release. diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..1c3f619 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'Bug' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..bbcbbe7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml new file mode 100644 index 0000000..78db6ff --- /dev/null +++ b/.github/workflows/documentation.yml @@ -0,0 +1,36 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: Translate DOCUMENTATION + +on: + push: + branches: + - main + - master + +jobs: + translate: + runs-on: ubuntu-latest + strategy: + matrix: + language: + - { code: zh-CN, name: Chinese Simplified } + - { code: zh-TW, name: Chinese Traditional } + - { code: hi, name: Hindi } + - { code: ar, name: Arabic } + - { code: fr, name: French } + - { code: en, name: English } + - { code: de, name: German } + - { code: nl, name: Dutch } + - { code: es, name: Spanish } + + steps: + - uses: actions/checkout@v4 + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20.x # Updated to a more recent LTS version + + - name: Adding DOCUMENTATION - ${{ matrix.language.name }} + uses: vanHeemstraSystems/translate-documentation@main + with: + LANG: ${{ matrix.language.code }} diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml new file mode 100644 index 0000000..c2abfc4 --- /dev/null +++ b/.github/workflows/readme.yml @@ -0,0 +1,50 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: Translate README + +on: + push: + branches: + - main + - master +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Setup Node.js + uses: actions/setup-node@v1 + with: + node-version: 12.x + # ISO Language Codes: https://cloud.google.com/translate/docs/languages + - name: Adding README - Chinese Simplified + uses: dephraiim/translate-readme@main + with: + LANG: zh-CN + - name: Adding README - Chinese Traditional + uses: dephraiim/translate-readme@main + with: + LANG: zh-TW + - name: Adding README - Hindi + uses: dephraiim/translate-readme@main + with: + LANG: hi + - name: Adding README - Arabic + uses: dephraiim/translate-readme@main + with: + LANG: ar + - name: Adding README - French + uses: dephraiim/translate-readme@main + with: + LANG: fr + - name: Adding README - German + uses: dephraiim/translate-readme@main + with: + LANG: de + - name: Adding README - Dutch + uses: dephraiim/translate-readme@main + with: + LANG: nl + - name: Adding README - Spanish + uses: dephraiim/translate-readme@main + with: + LANG: es diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a9b7dc7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,156 @@ + +# Created by https://www.toptal.com/developers/gitignore/api/python,jupyternotebooks +# Edit at https://www.toptal.com/developers/gitignore?templates=python,jupyternotebooks + +### JupyterNotebooks ### +# gitignore template for Jupyter Notebooks +# website: http://jupyter.org/ + +.ipynb_checkpoints +*/.ipynb_checkpoints/* + +# IPython +profile_default/ +ipython_config.py + +# Remove previous ipynb_checkpoints +# git rm -r .ipynb_checkpoints/ + +### Python ### +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook + +# IPython + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# End of https://www.toptal.com/developers/gitignore/api/python,jupyternotebooks diff --git a/.gitpod.yml b/.gitpod.yml new file mode 100644 index 0000000..dc5f4a4 --- /dev/null +++ b/.gitpod.yml @@ -0,0 +1,4 @@ + +vscode: + extensions: + - ms-vscode.makefile-tools diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 0000000..9138a7f --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,13 @@ +version: "2" + +build: + os: "ubuntu-22.04" + tools: + python: "3.10" + +python: + install: + - requirements: docs/requirements.txt + +sphinx: + configuration: docs/source/conf.py diff --git a/.threagile/live-templates.txt b/.threagile/live-templates.txt new file mode 100644 index 0000000..61c0c2c --- /dev/null +++ b/.threagile/live-templates.txt @@ -0,0 +1,265 @@ +Nice live templates for your IDE: + +For IntelliJ IDE see for example: https://blog.jetbrains.com/webstorm/2018/01/using-and-creating-code-snippets/ +Other IDEs like Eclipse, Visual Studio and YAML-supporting text editors like Atom and Sublime have similar template features. + + + +==================================================== +Live template for a model base: +==================================================== + +threagile_version: 1.0.0 + +title: $title$ + +date: + +author: + name: $name$ + homepage: + + +management_summary_comment: + +business_criticality: $business_criticality$ + + +business_overview: + description: Some more demo text here and even images... + images: +# - custom-image-1.png: Some dummy image 1 +# - custom-image-2.png: Some dummy image 2 + + +technical_overview: + description: Some more demo text here and even images... + images: +# - custom-image-1.png: Some dummy image 1 +# - custom-image-2.png: Some dummy image 2 + + +questions: # simply use "" as answer to signal "unanswered" +# Some question without an answer?: "" +# Some question with an answer?: Some answer + + +abuse_cases: + Denial-of-Service: > + As a hacker I want to disturb the functionality of the backend system in order to cause indirect + financial damage via unusable features. + CPU-Cycle Theft: > + As a hacker I want to steal CPU cycles in order to transform them into money via installed crypto currency miners. + Ransomware: > + As a hacker I want to encrypt the storage and file systems in order to demand ransom. + Identity Theft: > + As a hacker I want to steal identity data in order to reuse credentials and/or keys on other targets of the same company or outside. + PII Theft: > + As a hacker I want to steal PII (Personally Identifiable Information) data in order to blackmail the company and/or damage + their repudiation by publishing the stolen data. + + +security_requirements: + Input Validation: Strict input validation is required to reduce the overall attack surface. + EU-GDPR: Mandatory EU-GDPR + + +# Tags can be used for anything, it's just a tag. Also risk rules can act based on tags if you like. +tags_available: + + +data_assets: + +$END$ + + +technical_assets: + + +trust_boundaries: + + +shared_runtimes: + + +individual_risk_categories: + + +# NOTE: +# For risk tracking each risk-id needs to be defined (the string with the @ sign in it). These unique risk IDs +# are visible in the PDF report (the small grey string under each risk), the Excel (column "ID"), as well as the JSON responses. +# Some risk IDs have only one @ sign in them, while others multiple. The idea is to allow for unique but still speaking IDs. +# Therefore each risk instance creates its individual ID by taking all affected elements causing the risk to be within an @-delimited part. +# Using wildcards (the * sign) for parts delimited by @ signs allows to handle groups of certain risks at once. Best is to lookup the IDs +# to use in the created Excel file. Alternatively a model macro "seed-risk-tracking" is available that helps in initially +# seeding the risk tracking part here based on already identified and not yet handled risks. +risk_tracking: + + + + + +==================================================== +Live template for a data asset: +==================================================== + + $DataAssetName$: + id: $id$ + description: $END$ + usage: $usage$ + tags: + origin: + owner: + quantity: $quantity$ + confidentiality: $confidentiality$ + integrity: $integrity$ + availability: $availability$ + justification_cia_rating: + + + + + +==================================================== +Live template for a technical asset: +==================================================== + + $TechnicalAssetName$: + id: $id$ + description: $END$ + type: $type$ + usage: $usage$ + used_as_client_by_human: $used_as_client_by_human$ + out_of_scope: false + justification_out_of_scope: + size: $size$ + technology: $technology$ + tags: $tags$ + internet: $internet$ + machine: $machine$ + encryption: $encryption$ + owner: + confidentiality: $confidentiality$ + integrity: $integrity$ + availability: $availability$ + justification_cia_rating: + multi_tenant: $multi_tenant$ + redundant: $redundant$ + custom_developed_parts: $custom_developed_parts$ + data_assets_processed: # sequence of IDs to reference + data_assets_stored: # sequence of IDs to reference + data_formats_accepted: + communication_links: + + + + + +==================================================== +Live template for a communication link: +==================================================== + + $CommunicationLinkName$: + target: $target_id$ + description: $END$ + protocol: $protocol$ + authentication: $authentication$ + authorization: $authorization$ + tags: $tags$ + vpn: $vpn$ + ip_filtered: $ip_filtered$ + readonly: $readonly$ + usage: $usage$ + data_assets_sent: # sequence of IDs to reference + data_assets_received: # sequence of IDs to reference + + + + + +==================================================== +Live template for a trust boundary: +==================================================== + + $TrustBoundaryName$: + id: $id$ + description: $END$ + type: $type$ + tags: $tags$ + technical_assets_inside: # sequence of IDs to reference + trust_boundaries_nested: # sequence of IDs to reference + + + + + +==================================================== +Live template for a shared runtime: +==================================================== + + $SharedRuntimeName$: + id: $id$ + description: $END$ + tags: $tags$ + technical_assets_running: # sequence of IDs to reference + + + + + +==================================================== +Live template for an individual risk category: +==================================================== + + $IndividualRiskCategoryName$: + id: $id$ + description: $END$ + impact: + asvs: + cheat_sheet: + action: + mitigation: + check: + function: $function$ + stride: $stride$ + detection_logic: + risk_assessment: + false_positives: + model_failure_possible_reason: $model_failure_possible_reason$ + cwe: $cwe$ + risks_identified: + + + + + +==================================================== +Live template for an individual risk instance: +==================================================== + + $IndividualRiskInstanceName$: + severity: $severity$ + exploitation_likelihood: $exploitation_likelihood$ + exploitation_impact: $exploitation_impact$ + data_breach_probability: $data_breach_probability$ + data_breach_technical_assets: # list of technical asset IDs which might have data breach + $END$ + most_relevant_data_asset: $most_relevant_data_asset$ + most_relevant_technical_asset: $most_relevant_technical_asset$ + most_relevant_trust_boundary: $most_relevant_trust_boundary$ + most_relevant_shared_runtime: $most_relevant_shared_runtime$ + + + + + +==================================================== +Live template for a risk tracking: +==================================================== + + $RiskID$: # wildcards "*" between the @ characters are possible + status: $status$ + justification: $END$ + ticket: + date: + checked_by: diff --git a/.threagile/openapi.yaml b/.threagile/openapi.yaml new file mode 100644 index 0000000..1f288b9 --- /dev/null +++ b/.threagile/openapi.yaml @@ -0,0 +1,321 @@ +openapi: 3.0.3 + +info: + title: Threagile API + description: "Threagile API for Agile Threat Modeling: visit https://threagile.io for more information." + version: 1.0.0 + +servers: + - url: / + description: Threagile Server + +tags: + - name: "direct" + description: "Direct one-shot calls for on-the-fly analyzing and checking of models" + - name: "meta" + description: "Meta infos about types and version" + - name: "auth" + description: "Auth calls for crypto key and token management" + - name: "models" + description: "Persistent model creation and handling stuff" + +paths: + /meta/ping: + get: + tags: + - "meta" + summary: Simple health check ping + description: Used as health check in docker container as well + responses: + '200': + description: Simple pong response + content: + application/json: + schema: + type: object + properties: + message: + type: string + example: pong + /meta/version: + get: + tags: + - "meta" + summary: Version number + description: Version number + responses: + '200': + description: Version number + content: + application/json: + schema: + type: object + properties: + version: + type: string + example: 1.0.0 + build_timestamp: + type: string + example: 20200518160456 + /meta/types: + get: + tags: + - "meta" + summary: Listing of all enum type values + description: Listing of all enum type values + responses: + '200': + description: Listing of all enum type values (example here shows just one) + content: + application/json: + schema: + type: object + properties: + confidentiality: + type: array + items: + type: string + example: [public, internal, restricted, confidential, strictly-confidential] + /meta/stats: + get: + tags: + - "meta" + summary: Model statistics + description: Model statistics + responses: + '200': + description: Model statistics + content: + application/json: + schema: + type: object + properties: + key_count: + type: integer + example: 13 + model_count: + type: integer + example: 42 + success_count: + type: integer + example: 123 + error_count: + type: integer + example: 0 + /direct/stub: + get: + tags: + - "direct" + summary: Stub model file + description: Stub model file (as a starting point) + responses: + '200': + description: Stub model file + content: + application/x-yaml: + schema: + type: string + /direct/check: + post: + tags: + - "direct" + summary: Direct model check call + description: Direct model check call + requestBody: + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Model ok response + content: + application/json: + schema: + type: object + properties: + message: + type: string + example: model is ok + '400': + description: Model not ok response + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: "Missing referenced data asset target: some-stuff" + /direct/analyze: + post: + tags: + - "direct" + summary: Direct model analyze call + description: Direct model analyze call + parameters: + - in: query + name: dpi + required: false + example: 120 + schema: + type: integer + description: The DPI (resolution) to use for the diagram generation + requestBody: + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Model analyzing result response (zipped) + content: + application/zip: + schema: + type: string + format: binary + '400': + description: Model not ok response + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: "Missing referenced data asset target: some-stuff" + /auth/keys: + post: + tags: + - "auth" + summary: Create a new auth key + description: Create a new auth key + responses: + '201': + description: Key successfully created + content: + application/json: + schema: + type: object + properties: + key: + type: string + example: BtM1Q7V47d4B3TrVSw1133CIyL1NUpUM2tJ92vfZMMQ + '500': + description: Error + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: unable to create key + delete: + tags: + - "auth" + summary: Delete an auth key + description: Delete an auth key + parameters: + - in: header + name: key + schema: + type: string + required: true + example: BtM1Q7V47d4B3TrVSw1133CIyL1NUpUM2tJ92vfZMMQ + responses: + '200': + description: Key successfully deleted + content: + application/json: + schema: + type: object + properties: + message: + type: string + example: key deleted + '404': + description: Error + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: key not found + /auth/tokens: + post: + tags: + - "auth" + summary: Create a new (time limited) token from an auth key + description: Create a new (time limited) token from an auth key + parameters: + - in: header + name: key + schema: + type: string + required: true + example: BtM1Q7V47d4B3TrVSw1133CIyL1NUpUM2tJ92vfZMMQ + responses: + '201': + description: Token successfully created + content: + application/json: + schema: + type: object + properties: + token: + type: string + example: QrlcoMOtjy_h38T2N6JjrWpb4Kodg3Y7NnLN2yiDb69 + '500': + description: Error + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: unable to create token + delete: + tags: + - "auth" + summary: Delete a token + description: Delete a token + parameters: + - in: header + name: token + schema: + type: string + required: true + example: QrlcoMOtjy_h38T2N6JjrWpb4Kodg3Y7NnLN2yiDb69 + responses: + '200': + description: Token successfully deleted + content: + application/json: + schema: + type: object + properties: + message: + type: string + example: token deleted + '404': + description: Error + content: + application/json: + schema: + type: object + properties: + error: + type: string + example: token not found diff --git a/.threagile/schema.json b/.threagile/schema.json new file mode 100644 index 0000000..a028d78 --- /dev/null +++ b/.threagile/schema.json @@ -0,0 +1,1244 @@ +{ + "$schema": "https://threagile.io/schema#", + "id": "https://threagile.io/schema.json", + "title": "Threagile", + "description": "Agile Threat Modeling", + "type": "object", + "properties": { + "threagile_version": { + "description": "Version of the Threagile toolkit", + "type": "string" + }, + "title": { + "description": "Title of the model", + "type": "string" + }, + "date": { + "description": "Date of the model", + "type": [ + "string", + "null" + ], + "format": "date" + }, + "author": { + "description": "Author of the model", + "type": "object", + "properties": { + "name": { + "description": "Author name", + "type": [ + "string", + "null" + ] + }, + "contact": { + "description": "Author contact info", + "type": [ + "string", + "null" + ] + }, + "homepage": { + "description": "Author homepage", + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "name" + ] + }, + "contributors": { + "description": "Contributors to the model", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "object", + "properties": { + "name": { + "description": "Contributor name", + "type": [ + "string", + "null" + ] + }, + "contact": { + "description": "Contributor contact info", + "type": [ + "string", + "null" + ] + }, + "homepage": { + "description": "Contributor homepage", + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "name" + ] + } + }, + "management_summary_comment": { + "description": "Individual management summary for the report", + "type": [ + "string", + "null" + ] + }, + "business_criticality": { + "description": "Business criticality of the target", + "type": "string", + "enum": [ + "archive", + "operational", + "important", + "critical", + "mission-critical" + ] + }, + "application_description": { + "description": "General description of the application, its purpose and functionality.", + "type": "object", + "properties": { + "description": { + "description": "Application description for the report", + "type": [ + "string", + "null" + ] + }, + "images": { + "description": "Application images for the report", + "type": [ + "array", + "null" + ], + "uniqueItems": true + } + } + }, + "business_overview": { + "description": "Individual business overview for the report", + "type": "object", + "properties": { + "description": { + "description": "Individual business overview for the report", + "type": [ + "string", + "null" + ] + }, + "images": { + "description": "Custom images for the report", + "type": [ + "array", + "null" + ], + "uniqueItems": true + } + } + }, + "technical_overview": { + "description": "Individual technical overview for the report", + "type": "object", + "properties": { + "description": { + "description": "Individual technical overview for the report", + "type": [ + "string", + "null" + ] + }, + "images": { + "description": "Custom images for the report", + "type": [ + "array", + "null" + ], + "uniqueItems": true + } + } + }, + "questions": { + "description": "Custom questions for the report", + "type": [ + "object", + "null" + ], + "uniqueItems": true + }, + "abuse_cases": { + "description": "Custom abuse cases for the report", + "type": [ + "object", + "null" + ], + "uniqueItems": true + }, + "security_requirements": { + "description": "Custom security requirements for the report", + "type": [ + "object", + "null" + ], + "uniqueItems": true + }, + "tags_available": { + "description": "Tags available", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "data_assets": { + "description": "Data assets", + "type": "object", + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "id": { + "description": "ID", + "type": "string" + }, + "description": { + "description": "Description", + "type": [ + "string", + "null" + ] + }, + "usage": { + "description": "Usage", + "type": "string", + "enum": [ + "business", + "devops" + ] + }, + "tags": { + "description": "Tags", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "origin": { + "description": "Origin", + "type": [ + "string", + "null" + ] + }, + "owner": { + "description": "Owner", + "type": [ + "string", + "null" + ] + }, + "quantity": { + "description": "Quantity", + "type": "string", + "enum": [ + "very-few", + "few", + "many", + "very-many" + ] + }, + "confidentiality": { + "description": "Confidentiality", + "type": "string", + "enum": [ + "public", + "internal", + "restricted", + "confidential", + "strictly-confidential" + ] + }, + "integrity": { + "description": "Integrity", + "type": "string", + "enum": [ + "archive", + "operational", + "important", + "critical", + "mission-critical" + ] + }, + "availability": { + "description": "Availability", + "type": "string", + "enum": [ + "archive", + "operational", + "important", + "critical", + "mission-critical" + ] + }, + "justification_cia_rating": { + "description": "Justification of the rating", + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "id", + "description", + "usage", + "quantity", + "confidentiality", + "integrity", + "availability" + ] + } + }, + "technical_assets": { + "description": "Technical assets", + "type": "object", + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "id": { + "description": "ID", + "type": "string" + }, + "description": { + "description": "Description", + "type": [ + "string", + "null" + ] + }, + "type": { + "description": "Type", + "type": "string", + "enum": [ + "external-entity", + "process", + "datastore" + ] + }, + "usage": { + "description": "Usage", + "type": "string", + "enum": [ + "business", + "devops" + ] + }, + "used_as_client_by_human": { + "description": "Used as client by human", + "type": "boolean" + }, + "out_of_scope": { + "description": "Out of scope", + "type": "boolean" + }, + "justification_out_of_scope": { + "description": "Justification of out of scope", + "type": [ + "string", + "null" + ] + }, + "size": { + "description": "Size", + "type": "string", + "enum": [ + "system", + "service", + "application", + "component" + ] + }, + "technology": { + "description": "Technology", + "type": "string", + "enum": [ + "unknown-technology", + "client-system", + "browser", + "desktop", + "mobile-app", + "devops-client", + "web-server", + "web-application", + "application-server", + "database", + "file-server", + "local-file-system", + "erp", + "cms", + "web-service-rest", + "web-service-soap", + "ejb", + "search-index", + "search-engine", + "service-registry", + "reverse-proxy", + "load-balancer", + "build-pipeline", + "sourcecode-repository", + "artifact-registry", + "code-inspection-platform", + "monitoring", + "ldap-server", + "container-platform", + "batch-processing", + "event-listener", + "identity-provider", + "identity-store-ldap", + "identity-store-database", + "tool", + "cli", + "task", + "function", + "gateway", + "iot-device", + "message-queue", + "stream-processing", + "service-mesh", + "data-lake", + "report-engine", + "ai", + "mail-server", + "vault", + "hsm", + "waf", + "ids", + "ips", + "scheduler", + "mainframe", + "block-storage", + "library" + ] + }, + "tags": { + "description": "Tags", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "internet": { + "description": "Internet", + "type": "boolean" + }, + "machine": { + "description": "Machine", + "type": "string", + "enum": [ + "physical", + "virtual", + "container", + "serverless" + ] + }, + "encryption": { + "description": "Encryption", + "type": "string", + "enum": [ + "none", + "transparent", + "data-with-symmetric-shared-key", + "data-with-asymmetric-shared-key", + "data-with-end-user-individual-key" + ] + }, + "owner": { + "description": "Owner", + "type": [ + "string", + "null" + ] + }, + "confidentiality": { + "description": "Confidentiality", + "type": "string", + "enum": [ + "public", + "internal", + "restricted", + "confidential", + "strictly-confidential" + ] + }, + "integrity": { + "description": "Integrity", + "type": "string", + "enum": [ + "archive", + "operational", + "important", + "critical", + "mission-critical" + ] + }, + "availability": { + "description": "Availability", + "type": "string", + "enum": [ + "archive", + "operational", + "important", + "critical", + "mission-critical" + ] + }, + "justification_cia_rating": { + "description": "Justification of the rating", + "type": [ + "string", + "null" + ] + }, + "multi_tenant": { + "description": "Multi tenant", + "type": "boolean" + }, + "redundant": { + "description": "Redundant", + "type": "boolean" + }, + "custom_developed_parts": { + "description": "Custom developed parts", + "type": "boolean" + }, + "data_assets_processed": { + "description": "Data assets processed; ; all data assets stored or sent or received via a communication link (be it as a source or a target) are implicitly also processed and do not need to be listed here.", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "data_assets_stored": { + "description": "Data assets stored", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "data_formats_accepted": { + "description": "Data formats accepted", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string", + "enum": [ + "json", + "xml", + "serialization", + "file", + "csv", + "yaml" + ] + } + }, + "diagram_tweak_order": { + "description": "diagram tweak order (affects left to right positioning)", + "type": "integer" + }, + "communication_links": { + "description": "Communication links", + "type": [ + "object", + "null" + ], + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "target": { + "description": "Target", + "type": "string" + }, + "description": { + "description": "Description", + "type": [ + "string", + "null" + ] + }, + "protocol": { + "description": "Protocol", + "type": "string", + "enum": [ + "unknown-protocol", + "http", + "https", + "ws", + "wss", + "reverse-proxy-web-protocol", + "reverse-proxy-web-protocol-encrypted", + "mqtt", + "jdbc", + "jdbc-encrypted", + "odbc", + "odbc-encrypted", + "sql-access-protocol", + "sql-access-protocol-encrypted", + "nosql-access-protocol", + "nosql-access-protocol-encrypted", + "binary", + "binary-encrypted", + "text", + "text-encrypted", + "ssh", + "ssh-tunnel", + "smtp", + "smtp-encrypted", + "pop3", + "pop3-encrypted", + "imap", + "imap-encrypted", + "ftp", + "ftps", + "sftp", + "scp", + "ldap", + "ldaps", + "jms", + "nfs", + "smb", + "smb-encrypted", + "local-file-access", + "nrpe", + "xmpp", + "iiop", + "iiop-encrypted", + "jrmp", + "jrmp-encrypted", + "in-process-library-call", + "inter-process-communication", + "container-spawning" + ] + }, + "authentication": { + "description": "Authentication", + "type": "string", + "enum": [ + "none", + "credentials", + "session-id", + "token", + "client-certificate", + "two-factor", + "externalized" + ] + }, + "authorization": { + "description": "Authorization", + "type": "string", + "enum": [ + "none", + "technical-user", + "end-user-identity-propagation" + ] + }, + "tags": { + "description": "Tags", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "vpn": { + "description": "VPN", + "type": "boolean" + }, + "ip_filtered": { + "description": "IP filtered", + "type": "boolean" + }, + "readonly": { + "description": "readonly", + "type": "boolean" + }, + "usage": { + "description": "Usage", + "type": "string", + "enum": [ + "business", + "devops" + ] + }, + "data_assets_sent": { + "description": "Data assets sent", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "data_assets_received": { + "description": "Data assets received", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "diagram_tweak_weight": { + "description": "diagram tweak weight", + "type": "integer" + }, + "diagram_tweak_constraint": { + "description": "diagram tweak constraint", + "type": "boolean" + } + }, + "required": [ + "target", + "description", + "protocol", + "authentication", + "authorization", + "vpn", + "ip_filtered", + "readonly", + "usage" + ] + } + } + }, + "required": [ + "id", + "description", + "type", + "usage", + "used_as_client_by_human", + "out_of_scope", + "size", + "technology", + "internet", + "machine", + "encryption", + "owner", + "confidentiality", + "integrity", + "availability", + "multi_tenant", + "redundant", + "custom_developed_parts", + "data_assets_processed", + "data_assets_stored", + "data_formats_accepted", + "communication_links" + ] + } + }, + "trust_boundaries": { + "description": "Trust boundaries", + "type": "object", + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "id": { + "description": "ID", + "type": "string" + }, + "description": { + "description": "Description", + "type": [ + "string", + "null" + ] + }, + "type": { + "description": "Type", + "type": "string", + "enum": [ + "network-on-prem", + "network-dedicated-hoster", + "network-virtual-lan", + "network-cloud-provider", + "network-cloud-security-group", + "network-policy-namespace-isolation", + "execution-environment" + ] + }, + "tags": { + "description": "Tags", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "technical_assets_inside": { + "description": "Technical assets inside", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "trust_boundaries_nested": { + "description": "Trust boundaries nested", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + } + }, + "required": [ + "id", + "description", + "type", + "technical_assets_inside", + "trust_boundaries_nested" + ] + } + }, + "shared_runtimes": { + "description": "Shared runtimes", + "type": "object", + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "id": { + "description": "ID", + "type": "string" + }, + "description": { + "description": "Description", + "type": [ + "string", + "null" + ] + }, + "tags": { + "description": "Tags", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "technical_assets_running": { + "description": "Technical assets running", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + } + }, + "required": [ + "id", + "description", + "technical_assets_running" + ] + } + }, + "individual_risk_categories": { + "description": "Individual risk categories", + "type": [ + "object", + "null" + ], + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "id": { + "description": "ID", + "type": "string" + }, + "description": { + "description": "Description", + "type": [ + "string", + "null" + ] + }, + "impact": { + "description": "Impact", + "type": "string" + }, + "asvs": { + "description": "ASVS", + "type": "string" + }, + "cheat_sheet": { + "description": "Cheat sheet", + "type": "string" + }, + "action": { + "description": "Action", + "type": "string" + }, + "mitigation": { + "description": "Mitigation", + "type": "string" + }, + "check": { + "description": "Check", + "type": "string" + }, + "function": { + "description": "Function", + "type": "string", + "enum": [ + "business-side", + "architecture", + "development", + "operations" + ] + }, + "stride": { + "description": "STRIDE", + "type": "string", + "enum": [ + "spoofing", + "tampering", + "repudiation", + "information-disclosure", + "denial-of-service", + "elevation-of-privilege" + ] + }, + "detection_logic": { + "description": "Detection logic", + "type": "string" + }, + "risk_assessment": { + "description": "Risk assessment", + "type": "string" + }, + "false_positives": { + "description": "False positives", + "type": "string" + }, + "model_failure_possible_reason": { + "description": "Model failure possible reason", + "type": "boolean" + }, + "cwe": { + "description": "CWE", + "type": "integer" + }, + "risks_identified": { + "description": "Risks identified", + "type": "object", + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "severity": { + "description": "Severity", + "type": "string", + "enum": [ + "low", + "medium", + "elevated", + "high", + "critical" + ] + }, + "exploitation_likelihood": { + "description": "Exploitation likelihood", + "type": "string", + "enum": [ + "unlikely", + "likely", + "very-likely", + "frequent" + ] + }, + "exploitation_impact": { + "description": "Exploitation impact", + "type": "string", + "enum": [ + "low", + "medium", + "high", + "very-high" + ] + }, + "data_breach_probability": { + "description": "Data breach probability", + "type": "string", + "enum": [ + "improbable", + "possible", + "probable" + ] + }, + "data_breach_technical_assets": { + "description": "Data breach technical assets", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "most_relevant_data_asset": { + "description": "Most relevant data asset", + "type": [ + "string", + "null" + ] + }, + "most_relevant_technical_asset": { + "description": "Most relevant technical asset", + "type": [ + "string", + "null" + ] + }, + "most_relevant_communication_link": { + "description": "Most relevant communication link", + "type": [ + "string", + "null" + ] + }, + "most_relevant_trust_boundary": { + "description": "Most relevant trust boundary", + "type": [ + "string", + "null" + ] + }, + "most_relevant_shared_runtime": { + "description": "Most relevant shared runtime", + "type": [ + "string", + "null" + ] + } + } + } + } + }, + "required": [ + "id", + "description", + "impact", + "asvs", + "cheat_sheet", + "action", + "mitigation", + "check", + "function", + "stride", + "detection_logic", + "risk_assessment", + "false_positives", + "model_failure_possible_reason", + "cwe", + "risks_identified" + ] + } + }, + "risk_tracking": { + "description": "Risk tracking", + "type": [ + "object", + "null" + ], + "uniqueItems": true, + "additionalProperties": { + "type": "object", + "properties": { + "status": { + "description": "Status", + "type": "string", + "enum": [ + "unchecked", + "in-discussion", + "accepted", + "in-progress", + "mitigated", + "false-positive" + ] + }, + "justification": { + "description": "Justification", + "type": [ + "string", + "null" + ] + }, + "ticket": { + "description": "Ticket", + "type": [ + "string", + "null" + ] + }, + "date": { + "description": "Date", + "type": [ + "string", + "null" + ], + "format": "date" + }, + "checked_by": { + "description": "Checked by", + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "status", + "justification", + "ticket", + "date", + "checked_by" + ] + } + }, + "diagram_tweak_suppress_edge_labels": { + "description": "Diagram tweak suppress edge labels", + "type": [ + "boolean", + "null" + ] + }, + "diagram_tweak_layout_left_to_right": { + "description": "Diagram tweak layout left to right", + "type": [ + "boolean", + "null" + ] + }, + "diagram_tweak_edge_layout": { + "description": "Diagram tweak edge layout", + "type": [ + "string", + "null" + ], + "enum": [ + "", + "ortho", + "spline", + "polyline", + "false", + "curved" + ] + }, + "diagram_tweak_nodesep": { + "description": "Diagram tweak nodesep", + "type": [ + "integer", + "null" + ] + }, + "diagram_tweak_ranksep": { + "description": "Diagram tweak ranksep", + "type": [ + "integer", + "null" + ] + }, + "diagram_tweak_invisible_connections_between_assets": { + "description": "Diagram tweak invisible connections between assets", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "diagram_tweak_same_rank_assets": { + "description": "Diagram tweak same rank assets", + "type": [ + "array", + "null" + ], + "uniqueItems": true, + "items": { + "type": "string" + } + } + }, + "required": [ + "threagile_version", + "title", + "author", + "business_criticality", + "tags_available", + "data_assets", + "technical_assets", + "shared_runtimes" + ] +} diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..71de926 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,8 @@ +{ + "recommendations": [ + "ckolkman.vscode-postgres" + ] + "yaml.schemas": { + "./.threagile/schema.json": ["threagile.yaml"] + } +} diff --git a/100/README.md b/100/README.md new file mode 100644 index 0000000..4ab52b0 --- /dev/null +++ b/100/README.md @@ -0,0 +1 @@ +# 100 - Introduction diff --git a/200/README.md b/200/README.md new file mode 100644 index 0000000..feee683 --- /dev/null +++ b/200/README.md @@ -0,0 +1 @@ +# 200 - Requirements diff --git a/300/README.md b/300/README.md new file mode 100644 index 0000000..80ab99f --- /dev/null +++ b/300/README.md @@ -0,0 +1 @@ +# 300 - Building Our Application diff --git a/400/README.md b/400/README.md new file mode 100644 index 0000000..fd99805 --- /dev/null +++ b/400/README.md @@ -0,0 +1 @@ +# 400 - Conclusion diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md new file mode 100644 index 0000000..c95fe76 --- /dev/null +++ b/DOCUMENTATION.md @@ -0,0 +1,3 @@ +# Documentation + +Read the Docs: [REPOSITORY-NAME](https://vanheemstrasystems-REPOSITORY-NAME.readthedocs.io/en/latest/) diff --git a/GLOSSARY.md b/GLOSSARY.md new file mode 100644 index 0000000..9a7779c --- /dev/null +++ b/GLOSSARY.md @@ -0,0 +1,3 @@ +# Glossary + +- **OTLP**: OpenTelemetry Protocol diff --git a/IMAGES.md b/IMAGES.md new file mode 100644 index 0000000..e8f9539 --- /dev/null +++ b/IMAGES.md @@ -0,0 +1,5 @@ +# Images + +## Docker Images + +- MyImage: https://hub.docker.com/repository/docker/vanheemstrasystems/myimage diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2b5f777 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 van Heemstra Systems + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.ar.md b/README.ar.md new file mode 100644 index 0000000..395c1e1 --- /dev/null +++ b/README.ar.md @@ -0,0 +1,31 @@ +اسم المستودع + +# اسم المستودع + +> سلوجلاين + +- [التوثيق](./DOCUMENTATION.md) +- [مسرد](./GLOSSARY.md) +- [الصور](./IMAGES.md) +- [مراجع](./REFERENCES.md) +- [القياس عن بعد](./TELEMETRY.md) + +**ملخص تنفيذي** + +نص + +## 100- مقدمة + +يرى[README.md](./100/README.md) + +## 200 - المتطلبات + +يرى[README.md](./200/README.md) + +## 300 – بناء تطبيقنا + +يرى[README.md](./300/README.md) + +## 400 - الخاتمة + +يرى[README.md](./400/README.md) diff --git a/README.de.md b/README.de.md new file mode 100644 index 0000000..63bfc7b --- /dev/null +++ b/README.de.md @@ -0,0 +1,31 @@ +Repository-Name + +# Repository-Name + +> Slugline + +- [Documentation](./DOCUMENTATION.md) +- [Glossar](./GLOSSARY.md) +- [Bilder](./IMAGES.md) +- [Referenzen](./REFERENCES.md) +- [Telemetrie](./TELEMETRY.md) + +**Zusammenfassung** + +Text + +## 100 - Einführung + +Sehen[README.md](./100/README.md) + +## 200 – Anforderungen + +Sehen[README.md](./200/README.md) + +## 300 – Erstellen unserer Anwendung + +Sehen[README.md](./300/README.md) + +## 400 – Fazit + +Sehen[README.md](./400/README.md) diff --git a/README.es.md b/README.es.md new file mode 100644 index 0000000..ede097d --- /dev/null +++ b/README.es.md @@ -0,0 +1,31 @@ +nombre-repositorio + +# Nombre del repositorio + +> línea de bala + +- [Documentación](./DOCUMENTATION.md) +- [Glosario](./GLOSSARY.md) +- [Imágenes](./IMAGES.md) +- [Referencias](./REFERENCES.md) +- [Telemetria](./TELEMETRY.md) + +**Resumen ejecutivo** + +Text + +## 100 - Introducción + +Ver[README.md](./100/README.md) + +## 200 - Requisitos + +Ver[README.md](./200/README.md) + +## 300 - Construyendo nuestra aplicación + +Ver[README.md](./300/README.md) + +## 400 - Conclusión + +Ver[README.md](./400/README.md) diff --git a/README.fr.md b/README.fr.md new file mode 100644 index 0000000..c74d060 --- /dev/null +++ b/README.fr.md @@ -0,0 +1,31 @@ +nom du référentiel + +# Nom du référentiel + +> Slugline + +- [Documentation](./DOCUMENTATION.md) +- [Glossaire](./GLOSSARY.md) +- [Images](./IMAGES.md) +- [Références](./REFERENCES.md) +- [Télémétrie](./TELEMETRY.md) + +**Résumé exécutif** + +Texte + +## 100 - Introduction + +Voir[README.md](./100/README.md) + +## 200 - Exigences + +Voir[README.md](./200/README.md) + +## 300 - Construire notre application + +Voir[README.md](./300/README.md) + +## 400 - Conclusion + +Voir[README.md](./400/README.md) diff --git a/README.hi.md b/README.hi.md new file mode 100644 index 0000000..10fe7d0 --- /dev/null +++ b/README.hi.md @@ -0,0 +1,31 @@ +भंडार-नाम + +# भंडार का नाम + +> स्लगलाइन + +- [प्रलेखन](./DOCUMENTATION.md) +- [शब्दकोष](./GLOSSARY.md) +- [इमेजिस](./IMAGES.md) +- [संदर्भ](./REFERENCES.md) +- [टेलीमेटरी](./TELEMETRY.md) + +**कार्यकारी सारांश** + +मूलपाठ + +## 100 - परिचय + +देखना[README.md](./100/README.md) + +## 200 - आवश्यकताएँ + +देखना[README.md](./200/README.md) + +## 300 - हमारे एप्लिकेशन का निर्माण + +देखना[README.md](./300/README.md) + +## 400 - निष्कर्ष + +देखना[README.md](./400/README.md) diff --git a/README.md b/README.md new file mode 100644 index 0000000..fc9433d --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +repository-name +# Repository Name + +> Slugline + +- [Documentation](./DOCUMENTATION.md) +- [Glossary](./GLOSSARY.md) +- [Images](./IMAGES.md) +- [References](./REFERENCES.md) +- [Telemetry](./TELEMETRY.md) + +**Executive Summary** + +Text + +## 100 - Introduction + +See [README.md](./100/README.md) + +## 200 - Requirements + +See [README.md](./200/README.md) + +## 300 - Building Our Application + +See [README.md](./300/README.md) + +## 400 - Conclusion + +See [README.md](./400/README.md) diff --git a/README.nl.md b/README.nl.md new file mode 100644 index 0000000..a1f8fbe --- /dev/null +++ b/README.nl.md @@ -0,0 +1,31 @@ +repositorynaam + +# Naam van opslagplaats + +> Slaklijn + +- [Documentatie](./DOCUMENTATION.md) +- [Glossarium](./GLOSSARY.md) +- [Afbeeldingen](./IMAGES.md) +- [Referenties](./REFERENCES.md) +- [Telemetrie](./TELEMETRY.md) + +**Samenvatting** + +Tekst + +## 100 - Inleiding + +Zien[README.md](./100/README.md) + +## 200 - Vereisten + +Zien[README.md](./200/README.md) + +## 300 - Onze applicatie bouwen + +Zien[README.md](./300/README.md) + +## 400 - Conclusie + +Zien[README.md](./400/README.md) diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..c7c3a90 --- /dev/null +++ b/README.rst @@ -0,0 +1,15 @@ +Readme +======================================= + +SLUGLINE + +Description + +https://github.com/vanHeemstraSystems/REPOSITORY_NAME + +Read-the-Docs + +- Read: https://vanheemstrasystems-REPOSITORY-NAME.readthedocs.io/en/latest/ + +- Manage (NEW): https://app.readthedocs.org/projects/vanheemstrasystems-REPOSITORY-NAME/ +- Manage (OLD): https://readthedocs.org/dashboard/ diff --git a/README.zh-CN.md b/README.zh-CN.md new file mode 100644 index 0000000..066f837 --- /dev/null +++ b/README.zh-CN.md @@ -0,0 +1,31 @@ +存储库名称 + +# 存储库名称 + +> 斯拉格莱恩 + +- [文档](./DOCUMENTATION.md) +- [词汇表](./GLOSSARY.md) +- [图片](./IMAGES.md) +- [参考](./REFERENCES.md) +- [遥测](./TELEMETRY.md) + +**执行摘要** + +文本 + +## 100 - 简介 + +看[README.md](./100/README.md) + +## 200 - 要求 + +看[README.md](./200/README.md) + +## 300 - 构建我们的应用程序 + +看[README.md](./300/README.md) + +## 400 - 结论 + +看[README.md](./400/README.md) diff --git a/README.zh-TW.md b/README.zh-TW.md new file mode 100644 index 0000000..484dfbf --- /dev/null +++ b/README.zh-TW.md @@ -0,0 +1,31 @@ +儲存庫名稱 + +# 儲存庫名稱 + +> 斯拉格萊恩 + +- [文件](./DOCUMENTATION.md) +- [Glossary](./GLOSSARY.md) +- [Images](./IMAGES.md) +- [參考](./REFERENCES.md) +- [遙測](./TELEMETRY.md) + +**執行摘要** + +文字 + +## 100 - 簡介 + +看[README.md](./100/README.md) + +## 200 - 要求 + +看[README.md](./200/README.md) + +## 300 - 建立我們的應用程式 + +看[README.md](./300/README.md) + +## 400 - 結論 + +看[README.md](./400/README.md) diff --git a/REFERENCES.md b/REFERENCES.md new file mode 100644 index 0000000..9fe19f4 --- /dev/null +++ b/REFERENCES.md @@ -0,0 +1,3 @@ +# References + +- [Reference Name](https://example.com) diff --git a/TELEMETRY.md b/TELEMETRY.md new file mode 100644 index 0000000..28dbe6a --- /dev/null +++ b/TELEMETRY.md @@ -0,0 +1,13 @@ +# Telemetry + +https://app.uptrace.dev/ + +To start sending tracing data to Uptrace, you need to configure OpenTelemetry Tracing SDK. To view and collect metrics, see the Metrics navigation section on the right. + +Use the following DSN to configure OpenTelemetry for your programming language: + +``` +export UPTRACE_DSN="https://4u5UnSF8ck63yJD33QZTrg@api.uptrace.dev?grpc=4317" +``` + +See [Monitor Flask performance with OpenTelemetry](https://uptrace.dev/get/instrument/opentelemetry-flask.html) diff --git a/docs/Makefile b/docs/Makefile new file mode 100644 index 0000000..d0c3cbf --- /dev/null +++ b/docs/Makefile @@ -0,0 +1,20 @@ +# Minimal makefile for Sphinx documentation +# + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXOPTS ?= +SPHINXBUILD ?= sphinx-build +SOURCEDIR = source +BUILDDIR = build + +# Put it first so that "make" without argument is like "make help". +help: + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +.PHONY: help Makefile + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/docs/make.bat b/docs/make.bat new file mode 100644 index 0000000..9534b01 --- /dev/null +++ b/docs/make.bat @@ -0,0 +1,35 @@ +@ECHO OFF + +pushd %~dp0 + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set SOURCEDIR=source +set BUILDDIR=build + +if "%1" == "" goto help + +%SPHINXBUILD% >NUL 2>NUL +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.http://sphinx-doc.org/ + exit /b 1 +) + +%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% +goto end + +:help +%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% + +:end +popd diff --git a/docs/requirements.txt b/docs/requirements.txt new file mode 100644 index 0000000..53fc1f3 --- /dev/null +++ b/docs/requirements.txt @@ -0,0 +1,2 @@ +sphinx==7.1.2 +sphinx-rtd-theme==1.3.0rc1 diff --git a/docs/source/api.rst b/docs/source/api.rst new file mode 100644 index 0000000..5244001 --- /dev/null +++ b/docs/source/api.rst @@ -0,0 +1,7 @@ +API +=== + +.. autosummary:: + :toctree: generated + + PROJECT_NAME diff --git a/docs/source/conf.py b/docs/source/conf.py new file mode 100644 index 0000000..a6a420c --- /dev/null +++ b/docs/source/conf.py @@ -0,0 +1,35 @@ +# Configuration file for the Sphinx documentation builder. + +# -- Project information + +project = 'PROJECT_NAME' +copyright = '2024 - present, van Heemstra Systems' +author = 'Willem van Heemstra' + +release = '0.1' +version = '0.1.0' + +# -- General configuration + +extensions = [ + 'sphinx.ext.duration', + 'sphinx.ext.doctest', + 'sphinx.ext.autodoc', + 'sphinx.ext.autosummary', + 'sphinx.ext.intersphinx', +] + +intersphinx_mapping = { + 'python': ('https://docs.python.org/3/', None), + 'sphinx': ('https://www.sphinx-doc.org/en/master/', None), +} +intersphinx_disabled_domains = ['std'] + +templates_path = ['_templates'] + +# -- Options for HTML output + +html_theme = 'sphinx_rtd_theme' + +# -- Options for EPUB output +epub_show_urls = 'footnote' diff --git a/docs/source/index.rst b/docs/source/index.rst new file mode 100644 index 0000000..6a1e131 --- /dev/null +++ b/docs/source/index.rst @@ -0,0 +1,22 @@ +Welcome to PROJECT_NAME's documentation! +=================================== + +**PROJECT_NAME** (/pro'ject/) is a NOUN for PURPOSE +that LIST_OF_FEATURES. +See EXTERNAL_RELATIONS at `LINK_TITLE `_ +and offers a *ADJECTIVE* and *ADJECTIVE* BENEFIT. + +Check out the :doc:`usage` section for further information, including +how to :ref:`installation` the project. + +.. note:: + + This project is under active development. + +Contents +-------- + +.. toctree:: + + usage + api diff --git a/docs/source/usage.rst b/docs/source/usage.rst new file mode 100644 index 0000000..f74c995 --- /dev/null +++ b/docs/source/usage.rst @@ -0,0 +1,33 @@ +Usage +===== + +.. _installation: + +Installation +------------ + +To use APPLICATION_NAME, first install it using pip: + +.. code-block:: console + + (.venv) $ pip install PACKAGE_NAME + +Getting Started +---------------- + +To retrieve a list of random ingredients, +you can use the ``PACKAGE_NAME.get_random_ingredients()`` function: + +.. autofunction:: PACKAGE_NAME.get_random_ingredients + +The ``kind`` parameter should be either ``"meat"``, ``"fish"``, +or ``"veggies"``. Otherwise, :py:func:`PACKAGE_NAME.get_random_ingredients` +will raise an exception. + +.. autoexception:: PACKAGE_NAME.InvalidKindError + +For example: + +>>> import PACKAGE_NAME +>>> PACKAGE_NAME.get_random_ingredients() +['shells', 'gorgonzola', 'parsley'] diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..8470b4e --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,8 @@ +[build-system] +requires = ["flit_core >=3.2,<4"] +build-backend = "flit_core.buildapi" + +[project] +name = "YOUR_PROJECT_NAME" +authors = [{name = "Willem van Heemstra", email = "wvanheemstra@icloud.com"}] +dynamic = ["version", "description"] diff --git a/schemas/.schemastore b/schemas/.schemastore new file mode 100644 index 0000000..e115e63 --- /dev/null +++ b/schemas/.schemastore @@ -0,0 +1 @@ +https://www.schemastore.org/ diff --git a/threagile.bat b/threagile.bat new file mode 100644 index 0000000..e55987c --- /dev/null +++ b/threagile.bat @@ -0,0 +1 @@ +docker run --rm -it -v %cd%:/app/work threagile/threagile %* diff --git a/threagile.sh b/threagile.sh new file mode 100644 index 0000000..6ebc25e --- /dev/null +++ b/threagile.sh @@ -0,0 +1,3 @@ +#!/bin/bash +sudo chmod a+rwx -R "$(pwd)" +docker run --rm -it -v "$(pwd)":/app/work threagile/threagile "$@" diff --git a/threagile.yaml b/threagile.yaml new file mode 100644 index 0000000..491170d --- /dev/null +++ b/threagile.yaml @@ -0,0 +1,3 @@ +threagile_version: 1.0.0 + +title: