Merged in release/1.3.0 (pull request #53)

Release/1.3.0

Author: dfernandezvigo

.gitignore

@@ -118,4 +118,7 @@ caret
 **/threatmodel.otm
 startleft/*.otm
 customerexamples
+/tmp/
 /.run/
+/bin/
+/startleft/bin/

startleft/config/default-cloudformation-mapping.yaml renamed to examples/cloudformation/iriusrisk-cft-mapping.yaml

@@ -4,46 +4,48 @@ project:
   name: Manual ThreatModel
   id:   manual-threatmodel
 
-trustzones:
-  - id:   internet
+trustZones:
+  - id:   f0ba7722-39b6-4c81-8290-a30a248bb8d9
     name: Internet
-    type: internet
+    risk:
+      trustRating: 1
 
-  - id:   web
-    name: Web
-    type: private
+  - id:   6376d53e-6461-412b-8e04-7b3fe2b397de
+    name: Public
+    risk:
+      trustRating: 1
 
-  - id:   data
-    name: Data
-    type: private
+  - id:   2ab4effa-40b7-4cd2-ba81-8247d29a6f2d
+    name: Private Secured
+    risk:
+      trustRating: 100
 
 components:
   - id:     user
     name:   User
-    type:   user
-    parent: internet
+    type:   generic-client
+    parent:
+      trustZone: f0ba7722-39b6-4c81-8290-a30a248bb8d9
 
   - id:     web-server
     name:   Web server
-    type:   webapp
-    parent: web
+    type:   web-application-server-side
+    parent:
+      trustZone: 6376d53e-6461-412b-8e04-7b3fe2b397de
 
   - id:     database
     name:   Database
-    type:   postgres
-    parent: data
+    type:   postgresql
+    parent:
+      trustZone: 2ab4effa-40b7-4cd2-ba81-8247d29a6f2d
 
 dataflows:
   - id:     client-connection
     name:   Client connection
-    type:   network
-    from:   user
-    to:     web-server
+    source:   user
+    destination:   web-server
 
   - id:     database-connection
     name:   Database connection
-    type:   network
-    from:   web-server
-    to:     database
-
-
+    source:   web-server
+    destination:     database

examples/manual/manual.otm

@@ -0,0 +1,35 @@
+trustzones:
+  - label:  Public Cloud
+    type:   Public Cloud
+    id:     b61d6911-338d-46a8-9f39-8dcd24abfe91
+
+  - label:  Private Secured Cloud
+    type:   Private Secured
+    id:     2ab4effa-40b7-4cd2-ba81-8247d29a6f2d
+
+components:
+  - label:  Amazon EC2
+    type:   ec2
+
+  - label:  Amazon CloudWatch
+    type:   cloudwatch
+
+  - label:  Database
+    type:   rds
+
+  - label:  Amazon Athena
+    type:   athena
+
+  - label:  Amazon MQ
+    type:   CD-MQ
+
+  - label:  Amazon API Gateway Endpoint
+    type:   api-gateway
+
+  - label:  Amazon CloudFront
+    type:   cf-cloudfront
+
+  - label:  Bucket
+    type:   s3
+
+dataflows: []

startleft/config/default-terraform-mapping.yaml renamed to examples/terraform/iriusrisk-tf-aws-mapping.yaml

@@ -24,7 +24,10 @@
         'fastapi',
         'python-multipart',
         'click',
-        'uvicorn'
+        'uvicorn',
+        'shapely',
+        'vsdx',
+        'python-magic'
     ],
     use_scm_version=True,
     extras_require={

examples/visio/aws-with-tz-and-vpc.vsdx

@@ -0,0 +1,43 @@
+import logging
+
+from fastapi import APIRouter, File, UploadFile, Form, Response
+
+from startleft.api.controllers.otm_controller import RESPONSE_STATUS_CODE, PREFIX, controller_responses
+from startleft.diagram.diagram_type import DiagramType
+from startleft.otm.otm_project import OtmProject
+
+URL = '/diagram'
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(
+    prefix=PREFIX,
+    responses=controller_responses
+)
+
+
+@router.post(URL, status_code=RESPONSE_STATUS_CODE, description="Generates an OTM threat model from an Diagram file",
+             tags=['Diagram'])
+def diagram(diag_file: UploadFile = File(..., description="File that contains the Iac definition"),
+            diag_type: DiagramType = Form(..., description="Type of Diagram File: VISIO"),
+            id: str = Form(..., description="ID of the new project"),
+            name: str = Form(..., description="Name of the new project"),
+            default_mapping_file: UploadFile = File(..., description="File that contains the default mapping file"),
+            custom_mapping_file: UploadFile = File(None, description="File that contains the user custom mapping file")):
+    logger.info(
+        f"POST request received for creating new project with id {id} and name {name} from Diagram {diag_type} file")
+
+    logger.info("Parsing Diagram file to OTM")
+
+    mapping_data_list = []
+
+    with default_mapping_file.file as f:
+        mapping_data_list.append(f.read())
+
+    if custom_mapping_file:
+        with custom_mapping_file.file as f:
+            mapping_data_list.append(f.read())
+
+    otm_project = OtmProject.from_diag_file_to_otm_stream(id, name, diag_type, [diag_file.file], mapping_data_list)
+
+    return Response(status_code=201, media_type="application/json", content=otm_project.get_otm_as_json())

examples/visio/iriusrisk-visio-aws-mapping.yaml

@@ -1,9 +1,11 @@
 from fastapi import APIRouter
 from fastapi.responses import JSONResponse
 
+from startleft.version import version
+
 PREFIX = ''
 URL = '/health'
-RESPONSE_BODY_STARTLEFT_OK = {"status": "OK", "components": {"StartLeft": "OK"}}
+RESPONSE_BODY_STARTLEFT_OK = {"status": "OK", "version": version, "components": {"StartLeft": "OK"}}
 
 router = APIRouter(prefix=PREFIX)
 

setup.py

@@ -1,34 +1,19 @@
 import logging
 
-from http import HTTPStatus
-
 from fastapi import APIRouter, File, UploadFile, Form, Response
 
-from startleft.api.controllers.iac.iac_type import IacType
-from startleft.api.error_response import ErrorResponse
-from startleft.messages import messages
-from startleft.project.otm_project import OtmProject
+from startleft.api.controllers.otm_controller import RESPONSE_STATUS_CODE, PREFIX, controller_responses
+from startleft.iac.iac_type import IacType
+from startleft.otm.otm_project import OtmProject
 
-PREFIX = '/api/v1/startleft/iac'
-URL = ''
-RESPONSE_STATUS_CODE = HTTPStatus.CREATED
+URL = '/iac'
 
 logger = logging.getLogger(__name__)
 
 router = APIRouter(
     prefix=PREFIX,
     tags=["IaC"],
-    responses={
-        201: {"description": messages.OTM_SUCCESSFULLY_CREATED},
-        400: {"description": messages.BAD_REQUEST,
-              "model": ErrorResponse},
-        401: {"description": messages.UNAUTHORIZED_EXCEPTION,
-              "model": ErrorResponse},
-        403: {"description": messages.FORBIDDEN_OPERATION,
-              "model": ErrorResponse},
-        'default': {"description": messages.UNEXPECTED_API_ERROR,
-                    "model": ErrorResponse}
-    }
+    responses=controller_responses
 )
 
 
@@ -42,8 +27,13 @@ def iac(iac_file: UploadFile = File(..., description="File that contains the Iac
     logger.info(f"POST request received for creating new project with id {id} and name {name} from IaC {iac_type} file")
 
     logger.info("Parsing IaC file to OTM")
-    otm_project = OtmProject.from_iac_file_to_otm_stream(id, name, iac_type, [iac_file.file]
-                                                         , [mapping_file.file] if mapping_file else [])
+    with iac_file.file as f:
+        iac_data = f.read()
 
-    return Response(status_code=201, media_type="application/json", content=otm_project.get_otm_as_json())
+    with mapping_file.file as f:
+        mapping_data = f.read()
 
+    otm_project = OtmProject.from_iac_file_to_otm_stream(id, name, iac_type, [iac_data],
+                                                         [mapping_data] if mapping_file else [])
+
+    return Response(status_code=201, media_type="application/json", content=otm_project.get_otm_as_json())

startleft/api/controllers/diagram/diag_create_otm_controller.py

@@ -0,0 +1,20 @@
+from http import HTTPStatus
+
+from startleft import messages
+from startleft.api.error_response import ErrorResponse
+
+controller_responses = {
+    201: {"description": messages.OTM_SUCCESSFULLY_CREATED},
+    400: {"description": messages.BAD_REQUEST,
+          "model": ErrorResponse},
+    401: {"description": messages.UNAUTHORIZED_EXCEPTION,
+          "model": ErrorResponse},
+    403: {"description": messages.FORBIDDEN_OPERATION,
+          "model": ErrorResponse},
+    'default': {"description": messages.UNEXPECTED_API_ERROR,
+                "model": ErrorResponse}
+}
+
+PREFIX = '/api/v1/startleft'
+
+RESPONSE_STATUS_CODE = HTTPStatus.CREATED

startleft/api/controllers/health/health_controller.py

@@ -1,6 +1,6 @@
 from enum import Enum
 
-from startleft.messages import messages
+from startleft import messages
 
 
 class ErrorCode(Enum):
@@ -9,6 +9,7 @@ class ErrorCode(Enum):
     OTM_TO_IR_EXIT_UNEXPECTED = (3, "OtmToIrUnexpectedError")
     OTM_TO_IR_EXIT_VALIDATION_FAILED = (4, "OtmToIrValidationError")
     MAPPING_FILE_EXIT_VALIDATION_FAILED = (5, "MalformedMappingFile")
+    DIAGRAM_TO_OTM_EXIT_VALIDATION_FAILED = (6, "DiagramToOtmValidationError")
 
     def __init__(self, system_exit_status, error_type):
         self.system_exit_status = system_exit_status
@@ -61,3 +62,36 @@ class WriteThreatModelError(CommonError):
     message = messages.ERROR_WRITING_THREAT_MODEL
     http_status_code = 500
     error_code = ErrorCode.IAC_TO_OTM_EXIT_UNEXPECTED
+
+
+class UnknownDiagramType(CommonError):
+    message = messages.CANNOT_RECOGNIZE_GIVEN_DIAGRAM_TYPE
+    http_status_code = 400
+    system_exit_status = ErrorCode.IAC_TO_OTM_EXIT_UNEXPECTED
+
+
+class IacFileNotValidError(CommonError):
+    message = messages.IAC_FILE_IS_NOT_VALID
+    http_status_code = 400
+    error_code = ErrorCode.IAC_TO_OTM_EXIT_VALIDATION_FAILED
+
+    def __init__(self, message: str):
+        self.message = f"{self.message}. {message}"
+
+
+class DiagramFileNotValidError(CommonError):
+    message = messages.DIAGRAM_FILE_IS_NOT_VALID
+    http_status_code = 400
+    error_code = ErrorCode.DIAGRAM_TO_OTM_EXIT_VALIDATION_FAILED
+
+    def __init__(self, message: str):
+        self.message = f"{self.message}. {message}"
+
+
+class ParsingError(CommonError):
+    message = messages.NOT_PARSEABLE_SOURCE_FILES
+    http_status_code = 400
+
+    def __init__(self, message: str, error_code: ErrorCode):
+        self.message = f"{self.message}. {message}"
+        self.error_code = error_code