From 23288ce683c4d5e39006707aed4c36b4c595dc3a Mon Sep 17 00:00:00 2001 From: David Antolin Alvarez Date: Mon, 9 Dec 2024 11:47:31 +0100 Subject: [PATCH 1/3] [BLAZ-975] Size of name and tags controlled in trustzones, dataflows and tags --- otm/otm/entity/component.py | 21 +++++++++++++++++ otm/otm/entity/dataflow.py | 23 +++++++++++++++++++ otm/otm/entity/trustzone.py | 12 ++++++++++ sl_util/sl_util/str_utils.py | 3 +++ .../unit/load/test_diagram_dataflow_loader.py | 2 +- .../tests/unit/map/test_tfplan_mapper.py | 4 ++-- 6 files changed, 62 insertions(+), 3 deletions(-) diff --git a/otm/otm/entity/component.py b/otm/otm/entity/component.py index 9a6c4d5c..7fef30ef 100644 --- a/otm/otm/entity/component.py +++ b/otm/otm/entity/component.py @@ -3,6 +3,11 @@ from otm.otm.entity.parent_type import ParentType from otm.otm.entity.representation import RepresentationElement from otm.otm.entity.threat import ThreatInstance +from sl_util.sl_util.str_utils import truncate + + +MAX_NAME_SIZE = 255 +MAX_TAG_SIZE = 255 class Component: @@ -19,6 +24,22 @@ def __init__(self, component_id, name, component_type=None, parent=None, parent_ self.threats: [ThreatInstance] = threats or [] self.representations: List[RepresentationElement] = representations + @property + def name(self): + return self._name + + @name.setter + def name(self, value): + self._name = truncate(value, MAX_NAME_SIZE) + + @property + def tags (self): + return self._tags + + @tags.setter + def tags(self, value): + self._tags = [tag for tag in value if tag and len(tag) <= MAX_TAG_SIZE] if value else None + def add_threat(self, threat: ThreatInstance): self.threats.append(threat) diff --git a/otm/otm/entity/dataflow.py b/otm/otm/entity/dataflow.py index 9c65ae79..94260956 100644 --- a/otm/otm/entity/dataflow.py +++ b/otm/otm/entity/dataflow.py @@ -1,3 +1,10 @@ +from sl_util.sl_util.str_utils import truncate + + +MAX_NAME_SIZE = 255 +MAX_TAG_SIZE = 255 + + class Dataflow: def __init__(self, dataflow_id, name, source_node, destination_node, bidirectional: bool = None, source=None, attributes=None, tags=None): @@ -10,6 +17,22 @@ def __init__(self, dataflow_id, name, source_node, destination_node, bidirection self.attributes = attributes self.tags = tags + @property + def name(self): + return self._name + + @name.setter + def name(self, value): + self._name = truncate(value, MAX_NAME_SIZE) + + @property + def tags (self): + return self._tags + + @tags.setter + def tags(self, value): + self._tags = [tag for tag in value if tag and len(tag) <= MAX_TAG_SIZE] if value else None + def json(self): json = { "id": self.id, diff --git a/otm/otm/entity/trustzone.py b/otm/otm/entity/trustzone.py index f997dcb5..8d56ad73 100644 --- a/otm/otm/entity/trustzone.py +++ b/otm/otm/entity/trustzone.py @@ -1,4 +1,8 @@ from otm.otm.entity.parent_type import ParentType +from sl_util.sl_util.str_utils import truncate + + +MAX_NAME_SIZE = 255 class Trustzone: @@ -14,6 +18,14 @@ def __init__(self, trustzone_id, name, parent=None, parent_type: ParentType = No self.trustrating = trustrating self.representations = representations + @property + def name(self): + return self._name + + @name.setter + def name(self, value): + self._name = truncate(value, MAX_NAME_SIZE) + def __eq__(self, other): return type(other) == Trustzone and self.id == other.id diff --git a/sl_util/sl_util/str_utils.py b/sl_util/sl_util/str_utils.py index e379a433..0d4cc284 100644 --- a/sl_util/sl_util/str_utils.py +++ b/sl_util/sl_util/str_utils.py @@ -21,3 +21,6 @@ def to_number(input, default_value: int = 0) -> int: return w2n.word_to_num(input) except ValueError: return default_value + +def truncate(s: str, max_length: int) -> str: + return s[:max_length] if s else s \ No newline at end of file diff --git a/slp_drawio/tests/unit/load/test_diagram_dataflow_loader.py b/slp_drawio/tests/unit/load/test_diagram_dataflow_loader.py index bbfae0f9..d592515b 100644 --- a/slp_drawio/tests/unit/load/test_diagram_dataflow_loader.py +++ b/slp_drawio/tests/unit/load/test_diagram_dataflow_loader.py @@ -32,7 +32,7 @@ def test_load(self, get_dataflow_tags_wrapper): assert diagram_dataflows[1].otm.name == 'pt2kyrPXSm7H56EBWWGj-8-dataflow' assert diagram_dataflows[1].otm.source_node == 'pt2kyrPXSm7H56EBWWGj-7' assert diagram_dataflows[1].otm.destination_node == 'pt2kyrPXSm7H56EBWWGj-7' - assert len(diagram_dataflows[1].otm.tags) == 0 + assert not diagram_dataflows[1].otm.tags # AND the method get_dataflow_tags has been called once for each dataflow assert get_dataflow_tags_wrapper.call_count == len(diagram_dataflows) diff --git a/slp_tfplan/tests/unit/map/test_tfplan_mapper.py b/slp_tfplan/tests/unit/map/test_tfplan_mapper.py index db6bfaaf..1fa69a51 100644 --- a/slp_tfplan/tests/unit/map/test_tfplan_mapper.py +++ b/slp_tfplan/tests/unit/map/test_tfplan_mapper.py @@ -111,8 +111,8 @@ def test_mapping_by_type(self): @mark.parametrize('regex,resource_type', [ param(r'^aws_\w*$','aws_vpc', id='aws_vpc'), - param(r'^a+$','a'*256, id='long_string'), - param(r'^(a+)+$','a'*256, id='redos_attack'), + param(r'^a+$','a'*255, id='long_string'), + param(r'^(a+)+$','a'*255, id='redos_attack'), ]) def test_mapping_by_regex(self,regex,resource_type:str): # GIVEN a resource of some TF type From afcdaedc172d392693e894520b953cd6b26f4de1 Mon Sep 17 00:00:00 2001 From: David Antolin Alvarez Date: Tue, 10 Dec 2024 09:05:40 +0100 Subject: [PATCH 2/3] [BLAZ-975] Dockerfile.application modified to pin C-related package versions in the base image --- deployment/Dockerfile.application | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deployment/Dockerfile.application b/deployment/Dockerfile.application index 57415ac9..20415de4 100644 --- a/deployment/Dockerfile.application +++ b/deployment/Dockerfile.application @@ -4,8 +4,9 @@ WORKDIR /usr/src/app RUN apk update && \ apk upgrade && \ - apk --no-cache add geos geos-dev git graphviz-dev lapack libmagic libstdc++ && \ - apk --no-cache add --virtual .builddeps g++ gcc gfortran lapack-dev musl-dev py3-pybind11-dev re2 re2-dev + apk add --repository=http://dl-cdn.alpinelinux.org/alpine/v3.20/main --repository=http://dl-cdn.alpinelinux.org/alpine/v3.20/community \ + g++~=13.2 gcc~=13.2 gfortran~=13.2 libgcc~=13.2 libstdc++~=13.2 && \ + apk --no-cache add geos geos-dev git graphviz-dev lapack lapack-dev libmagic musl-dev py3-pybind11-dev re2 re2-dev COPY . . From acd20d93764ef71e99ba09a42e0fc14fd4734607 Mon Sep 17 00:00:00 2001 From: David Antolin Alvarez Date: Wed, 11 Dec 2024 09:55:52 +0100 Subject: [PATCH 3/3] [BLAZ-975] Used https to connect to alpine repos --- deployment/Dockerfile.application | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/Dockerfile.application b/deployment/Dockerfile.application index 20415de4..223d529f 100644 --- a/deployment/Dockerfile.application +++ b/deployment/Dockerfile.application @@ -4,7 +4,7 @@ WORKDIR /usr/src/app RUN apk update && \ apk upgrade && \ - apk add --repository=http://dl-cdn.alpinelinux.org/alpine/v3.20/main --repository=http://dl-cdn.alpinelinux.org/alpine/v3.20/community \ + apk add --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/main --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/community \ g++~=13.2 gcc~=13.2 gfortran~=13.2 libgcc~=13.2 libstdc++~=13.2 && \ apk --no-cache add geos geos-dev git graphviz-dev lapack lapack-dev libmagic musl-dev py3-pybind11-dev re2 re2-dev