Skip to content

Commit

Permalink
Document available commands
Browse files Browse the repository at this point in the history
  • Loading branch information
Yevhen Zavhorodnii committed Nov 11, 2024
1 parent e52aa5a commit 29ea563
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 0 deletions.
16 changes: 16 additions & 0 deletions docs/commands.md
View file
Original file line number Diff line number Diff line change
@@ -1 +1,17 @@
# Commands

| Command | Description | Alliases |
|--------------------------|------------------------------------------------------------------------------------------------| -------------------------------------------- |
| `help` | Print out help | |
| `server` | Run program in [server mode](./mode-server.md) | | |
| `analyze-model` | Run program in [analyze mode](./mode-analyze.md) | `analyze`, `analyse`, `run`, `analyse-model` |
| `create-editing-support` | Create yaml [schema file](../support/schema.json) which may be used in file editors | |
| `create-example-model` | Create example Threagile model yaml file to demonstrate the tool | |
| `create-stub-model` | Create a simple Threagile model yaml file to get started with building model | |
| `list-model-macros` | List all available [macros](./macros.md) to run on the model | |
| `execute-model-macro` | Execute [macros](./macros.md) on the model | |
| `list-risk-rules` | List all available [risk rules](./risk-rules.md) | |
| `list-types` | Allow to override file with [technologies file](./technologies.yaml) | |
| `print-license` | Print license | |
| `quit` | When program is in [interactive mode](./mode-interactive.md) quitting from execution | `exit`, `bye`, `x`, `q` |
| `explain` | Looks very similar to `list-model-macro`, `list-risk-rules`, `list-types`. To be defined later | |
50 changes: 50 additions & 0 deletions docs/risk-rules.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Risk rules

Based on risk rules Threagile will analyze model and identify potential risks.

There are a lot of built in rules.

- DoS-risky Access Across Trust-Boundary;
- Incomplete Model;
- Missing Build Infrastructure;
- Missing File Validation;
- Accidental Secret Leak;
- Missing Cloud Hardening;
- Missing Network Segmentation;
- Missing Vault Isolation;
- Unnecessary Data Transfer;
- Missing Authentication;
- Missing Identity Propagation;
- Missing Web Application Firewall (WAF);
- Search-Query Injection;
- Unencrypted Communication;
- Unguarded Access From Internet;
- Container Base Image Backdooring;
- Container Platform Escape;
- Cross-Site Request Forgery (CSRF);
- Cross-Site Scripting (XSS);
- Push instead of Pull Deployment;
- XML External Entity (XXE);
- Code Backdooring;
- LDAP-Injection;
- Missing Hardening;
- Missing Identity Store;
- Path-Traversal;
- Unchecked Deployment;
- Wrong Communication Link Content;
- Missing Two-Factor Authentication (2FA);
- Missing Vault (Secret Storage);
- Mixed Targets on Shared Runtime;
- SQL/NoSQL-Injection;
- Unguarded Direct Datastore Access;
- Unnecessary Data Asset;
- Unnecessary Communication Link;
- Untrusted Deserialization;
- Wrong Trust Boundary Content;
- Missing Identity Provider Isolation;
- Server-Side Request Forgery (SSRF);
- Service Registry Poisoning;
- Unencrypted Technical Assets;
- Unnecessary Technical Asset.

Also there is available creation of [custom risk rules](./custom-risk-rules.md).

0 comments on commit 29ea563

Please sign in to comment.