Skip to content

Commit

Permalink
Merge pull request #43 from Thorsten-Sick/list_custom_plugins
Browse files Browse the repository at this point in the history
added loadCustomRiskRules() to display list of custom plugins
  • Loading branch information
cschneider4711 authored Nov 4, 2023
2 parents 9a8ced5 + 0125ea3 commit 6bb114e
Showing 1 changed file with 59 additions and 57 deletions.
116 changes: 59 additions & 57 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,61 +15,6 @@ import (
"errors"
"flag"
"fmt"
"github.com/gin-gonic/gin"
"github.com/google/uuid"
"github.com/threagile/threagile/colors"
"github.com/threagile/threagile/macros/built-in/add-build-pipeline"
"github.com/threagile/threagile/macros/built-in/add-vault"
"github.com/threagile/threagile/macros/built-in/pretty-print"
"github.com/threagile/threagile/macros/built-in/remove-unused-tags"
"github.com/threagile/threagile/macros/built-in/seed-risk-tracking"
"github.com/threagile/threagile/macros/built-in/seed-tags"
"github.com/threagile/threagile/model"
"github.com/threagile/threagile/report"
"github.com/threagile/threagile/risks/built-in/accidental-secret-leak"
"github.com/threagile/threagile/risks/built-in/code-backdooring"
"github.com/threagile/threagile/risks/built-in/container-baseimage-backdooring"
"github.com/threagile/threagile/risks/built-in/container-platform-escape"
"github.com/threagile/threagile/risks/built-in/cross-site-request-forgery"
"github.com/threagile/threagile/risks/built-in/cross-site-scripting"
"github.com/threagile/threagile/risks/built-in/dos-risky-access-across-trust-boundary"
"github.com/threagile/threagile/risks/built-in/incomplete-model"
"github.com/threagile/threagile/risks/built-in/ldap-injection"
"github.com/threagile/threagile/risks/built-in/missing-authentication"
"github.com/threagile/threagile/risks/built-in/missing-authentication-second-factor"
"github.com/threagile/threagile/risks/built-in/missing-build-infrastructure"
"github.com/threagile/threagile/risks/built-in/missing-cloud-hardening"
"github.com/threagile/threagile/risks/built-in/missing-file-validation"
"github.com/threagile/threagile/risks/built-in/missing-hardening"
"github.com/threagile/threagile/risks/built-in/missing-identity-propagation"
"github.com/threagile/threagile/risks/built-in/missing-identity-provider-isolation"
"github.com/threagile/threagile/risks/built-in/missing-identity-store"
"github.com/threagile/threagile/risks/built-in/missing-network-segmentation"
"github.com/threagile/threagile/risks/built-in/missing-vault"
"github.com/threagile/threagile/risks/built-in/missing-vault-isolation"
"github.com/threagile/threagile/risks/built-in/missing-waf"
"github.com/threagile/threagile/risks/built-in/mixed-targets-on-shared-runtime"
"github.com/threagile/threagile/risks/built-in/path-traversal"
"github.com/threagile/threagile/risks/built-in/push-instead-of-pull-deployment"
"github.com/threagile/threagile/risks/built-in/search-query-injection"
"github.com/threagile/threagile/risks/built-in/server-side-request-forgery"
"github.com/threagile/threagile/risks/built-in/service-registry-poisoning"
"github.com/threagile/threagile/risks/built-in/sql-nosql-injection"
"github.com/threagile/threagile/risks/built-in/unchecked-deployment"
"github.com/threagile/threagile/risks/built-in/unencrypted-asset"
"github.com/threagile/threagile/risks/built-in/unencrypted-communication"
"github.com/threagile/threagile/risks/built-in/unguarded-access-from-internet"
"github.com/threagile/threagile/risks/built-in/unguarded-direct-datastore-access"
"github.com/threagile/threagile/risks/built-in/unnecessary-communication-link"
"github.com/threagile/threagile/risks/built-in/unnecessary-data-asset"
"github.com/threagile/threagile/risks/built-in/unnecessary-data-transfer"
"github.com/threagile/threagile/risks/built-in/unnecessary-technical-asset"
"github.com/threagile/threagile/risks/built-in/untrusted-deserialization"
"github.com/threagile/threagile/risks/built-in/wrong-communication-link-content"
"github.com/threagile/threagile/risks/built-in/wrong-trust-boundary-content"
"github.com/threagile/threagile/risks/built-in/xml-external-entity"
"golang.org/x/crypto/argon2"
"gopkg.in/yaml.v3"
"hash/fnv"
"io"
"io/ioutil"
Expand All @@ -85,6 +30,62 @@ import (
"strings"
"sync"
"time"

"github.com/gin-gonic/gin"
"github.com/google/uuid"
"github.com/threagile/threagile/colors"
add_build_pipeline "github.com/threagile/threagile/macros/built-in/add-build-pipeline"
add_vault "github.com/threagile/threagile/macros/built-in/add-vault"
pretty_print "github.com/threagile/threagile/macros/built-in/pretty-print"
remove_unused_tags "github.com/threagile/threagile/macros/built-in/remove-unused-tags"
seed_risk_tracking "github.com/threagile/threagile/macros/built-in/seed-risk-tracking"
seed_tags "github.com/threagile/threagile/macros/built-in/seed-tags"
"github.com/threagile/threagile/model"
"github.com/threagile/threagile/report"
accidental_secret_leak "github.com/threagile/threagile/risks/built-in/accidental-secret-leak"
code_backdooring "github.com/threagile/threagile/risks/built-in/code-backdooring"
container_baseimage_backdooring "github.com/threagile/threagile/risks/built-in/container-baseimage-backdooring"
container_platform_escape "github.com/threagile/threagile/risks/built-in/container-platform-escape"
cross_site_request_forgery "github.com/threagile/threagile/risks/built-in/cross-site-request-forgery"
cross_site_scripting "github.com/threagile/threagile/risks/built-in/cross-site-scripting"
dos_risky_access_across_trust_boundary "github.com/threagile/threagile/risks/built-in/dos-risky-access-across-trust-boundary"
incomplete_model "github.com/threagile/threagile/risks/built-in/incomplete-model"
ldap_injection "github.com/threagile/threagile/risks/built-in/ldap-injection"
missing_authentication "github.com/threagile/threagile/risks/built-in/missing-authentication"
missing_authentication_second_factor "github.com/threagile/threagile/risks/built-in/missing-authentication-second-factor"
missing_build_infrastructure "github.com/threagile/threagile/risks/built-in/missing-build-infrastructure"
missing_cloud_hardening "github.com/threagile/threagile/risks/built-in/missing-cloud-hardening"
missing_file_validation "github.com/threagile/threagile/risks/built-in/missing-file-validation"
missing_hardening "github.com/threagile/threagile/risks/built-in/missing-hardening"
missing_identity_propagation "github.com/threagile/threagile/risks/built-in/missing-identity-propagation"
missing_identity_provider_isolation "github.com/threagile/threagile/risks/built-in/missing-identity-provider-isolation"
missing_identity_store "github.com/threagile/threagile/risks/built-in/missing-identity-store"
missing_network_segmentation "github.com/threagile/threagile/risks/built-in/missing-network-segmentation"
missing_vault "github.com/threagile/threagile/risks/built-in/missing-vault"
missing_vault_isolation "github.com/threagile/threagile/risks/built-in/missing-vault-isolation"
missing_waf "github.com/threagile/threagile/risks/built-in/missing-waf"
mixed_targets_on_shared_runtime "github.com/threagile/threagile/risks/built-in/mixed-targets-on-shared-runtime"
path_traversal "github.com/threagile/threagile/risks/built-in/path-traversal"
push_instead_of_pull_deployment "github.com/threagile/threagile/risks/built-in/push-instead-of-pull-deployment"
search_query_injection "github.com/threagile/threagile/risks/built-in/search-query-injection"
server_side_request_forgery "github.com/threagile/threagile/risks/built-in/server-side-request-forgery"
service_registry_poisoning "github.com/threagile/threagile/risks/built-in/service-registry-poisoning"
sql_nosql_injection "github.com/threagile/threagile/risks/built-in/sql-nosql-injection"
unchecked_deployment "github.com/threagile/threagile/risks/built-in/unchecked-deployment"
unencrypted_asset "github.com/threagile/threagile/risks/built-in/unencrypted-asset"
unencrypted_communication "github.com/threagile/threagile/risks/built-in/unencrypted-communication"
unguarded_access_from_internet "github.com/threagile/threagile/risks/built-in/unguarded-access-from-internet"
unguarded_direct_datastore_access "github.com/threagile/threagile/risks/built-in/unguarded-direct-datastore-access"
unnecessary_communication_link "github.com/threagile/threagile/risks/built-in/unnecessary-communication-link"
unnecessary_data_asset "github.com/threagile/threagile/risks/built-in/unnecessary-data-asset"
unnecessary_data_transfer "github.com/threagile/threagile/risks/built-in/unnecessary-data-transfer"
unnecessary_technical_asset "github.com/threagile/threagile/risks/built-in/unnecessary-technical-asset"
untrusted_deserialization "github.com/threagile/threagile/risks/built-in/untrusted-deserialization"
wrong_communication_link_content "github.com/threagile/threagile/risks/built-in/wrong-communication-link-content"
wrong_trust_boundary_content "github.com/threagile/threagile/risks/built-in/wrong-trust-boundary-content"
xml_external_entity "github.com/threagile/threagile/risks/built-in/xml-external-entity"
"golang.org/x/crypto/argon2"
"gopkg.in/yaml.v3"
)

const keepDiagramSourceFiles = false
Expand Down Expand Up @@ -3709,6 +3710,7 @@ func parseCommandlineArgs() {
fmt.Println("------------------")
fmt.Println("Custom risk rules:")
fmt.Println("------------------")
loadCustomRiskRules()
for id, customRule := range customRiskRules {
fmt.Println(id, "-->", customRule.Category().Title, "--> with tags:", customRule.SupportedTags())
}
Expand Down Expand Up @@ -5490,7 +5492,7 @@ func makeTechAssetNode(technicalAsset model.TechnicalAsset, simplified bool) str
color = "#444444" // since black is too dark here as fill color
}
}
return " " + hash(technicalAsset.Id) + ` [ shape="box" style="filled" fillcolor="` + color + `"
return " " + hash(technicalAsset.Id) + ` [ shape="box" style="filled" fillcolor="` + color + `"
label=<<b>` + encode(technicalAsset.Title) + `</b>> penwidth="3.0" color="` + color + `" ];
`
} else {
Expand Down Expand Up @@ -5531,7 +5533,7 @@ func makeTechAssetNode(technicalAsset model.TechnicalAsset, simplified bool) str

return " " + hash(technicalAsset.Id) + ` [
label=<<table border="0" cellborder="` + compartmentBorder + `" cellpadding="2" cellspacing="0"><tr><td><font point-size="15" color="` + colors.DarkBlue + `">` + lineBreak + technicalAsset.Technology.String() + `</font><br/><font point-size="15" color="` + colors.LightGray + `">` + technicalAsset.Size.String() + `</font></td></tr><tr><td><b><font color="` + technicalAsset.DetermineLabelColor() + `">` + encode(title) + `</font></b><br/></td></tr><tr><td>` + attackerAttractivenessLabel + `</td></tr></table>>
shape=` + shape + ` style="` + technicalAsset.DetermineShapeBorderLineStyle() + `,` + technicalAsset.DetermineShapeStyle() + `" penwidth="` + technicalAsset.DetermineShapeBorderPenWidth() + `" fillcolor="` + technicalAsset.DetermineShapeFillColor() + `"
shape=` + shape + ` style="` + technicalAsset.DetermineShapeBorderLineStyle() + `,` + technicalAsset.DetermineShapeStyle() + `" penwidth="` + technicalAsset.DetermineShapeBorderPenWidth() + `" fillcolor="` + technicalAsset.DetermineShapeFillColor() + `"
peripheries=` + strconv.Itoa(technicalAsset.DetermineShapePeripheries()) + `
color="` + technicalAsset.DetermineShapeBorderColor() + "\"\n ]; "
}
Expand Down

0 comments on commit 6bb114e

Please sign in to comment.