Releases: iriusrisk/startleft
1.8.0
Released on 2022-12-01
Common
- Startleft component identifier generation. Generation of deterministic component IDs that are essential for incremental updates of an OTM project.
- Handle not present parents in CFT and TF files
CloudFormation Template
- Handle the function "ref" for retrieving name's in Cloudformation.
Terraform
- Process variable references to external files in TF.
Visio
- Adjust Visio handling of an empty diagram.
MS Threat Modeling Tool (MTMT) Mappings for IriusRisk
- Create public documentation for MTMT focused on creating your own MTMT mappings.
- Map MTMT lines boundaries.
Fixes
- StartLeft does not work locally installed.
Others
- Added GitHub workflow action for startleft unit and integration tests.
- Update jsonschema library to 4.17.0 version.
- Update fastapi library to 0.86.0 version.
- Update responses library to 0.22.0 version.
- Update deepdiff library to 6.2.1 version.
1.7.0
Released on 2022-11-10
CloudFormation Template
- Enhance CFT ec2 mapping (subnetId) for EC2 instances as web servers
- Handle not present parents in CFT files
- OTM file has inconsistent IDs when parsing SecurityGroupIngress Resource
Terraform
- Create a threat model for the Terraform IriusRisk use case
Visio
- Add support for Visio AWS complex stencils shapes
- Give Visio custom mapping file higher priority than default mapping file
- Review DeprecatedWarning of Visio methods
MS Threat Modeling Tool (MTMT) MVP
- MTMT Components
- MTMT Trustzones
- MTMT Dataflows
- Modify Representation type and url of External Threat Model
- MTMT component creation error on the core
MTMT mappings for IriusRisk
- Map MTMT Stencils to IriusRisk components
Others
- Support multiple IaC files in Startleft API
- Create CHANGELOG.md file
- Update jsonschema library to 4.16.0 version
- Update tox and pytest dependencies
- Fix some tests not using validate and diff check correctly
1.6.1
Released on 2022-11-03
Fixes
- Restore the location of the version.py file in StartLeft
1.6.0
Released on 2022-10-13
Fixes
- Fix Description tag field inside a Security Group Egress mapping (for Cloudformation and Terraform processors)
Terraform
- Create a threat model for the Terraform IriusRisk use case
Visio
- Implement bidirectional dataflows for Visio diagrams
- Add file size validation for Visio files in CLI option
MS Threat Modeling Tool (MTMT) MVP
MVP in progress
- MS Threat Modeling Tool (MTMT) empty parser
- MTMT mapping files
Code refactor
- Create unit tests for Startleft API and CLI modes
- Start the first refactor trying to clean up the code
- Refactor Visio parsing logic as a modularized processor
- Refactor Terraform parsing logic as a modularized processor
- Add OTM schema validation to the base otm_processor logic
Others
- Improve descriptiveness of some errorMessages
- Check Startleft outdated dependencies
- Change startleft entrypoint to the new cli.py ubication
1.5.1
Released on 2022-09-01
Fixed:
Startleft ID inconsistency: subnet generated with the same Id as its parent VPC
- Fixed elb.tf example deduplicating component names
- Fix broken reference to component
1.5.0
Released on 2022-09-01
Terraform
Process Terraform modules as IriusRisk components
- added basic mapping for TF modules (as OTM components)
- first test with 'rds' IriusRisk component type
- added test cases with example files
- added new custom jmespath function 'get_terraform_module'
Code refactor
Refactor startleft to segregate different conversion formats in packages and interfaces
- Added interfaces to be implemented for each provider format
- Fixed package name collision
- Renamed packages
- process method must not be abstract and must not be overridden
Cleanup existing Startleft tests and update Confluence page
- Remove deprecated BAT tests
- Move tests to the correct directory
Create tests missing for one IaC type
- Deleted duplicated test methods
- test modified for otm_project (from_iac_file_to_otm_stream method)
Create missing integration tests for Startleft API and CLI modes
Create integration tests for checking JMESpath functions
- Create tests covering all JMESPATH custom functions
- Fix the tail function not returning the last n characters of a string but removing the first n characters instead
Check startleft outdated dependencies
- jmespath 1.0.1
- jsonschema 4.7.2
- lxml 4.9.1
- requests 2.28.1
- click 8.1.3
- uvicorn 0.18.2
- vsdx 0.5.9
Other tasks
Fix FastApi - Swagger UI Startleft page
- Changed "diag_file" description tag and "http 201" description
1.4.1
Released on 2022-08-25
Fixed:
- Terraform alt_source parsing result in OTM schema validation error
- Wrong parent calculation for VPCEndpoint in CFT
1.4.0
Released on 2022-08-04
Terraform
Create a threat model from a Terraform file equivalent to another from Cloudformation
- Build Terraform mapping definitions using $altsource action: Adding altsource components to Terraform and aligning the number of components between Cloudformation and Terraform
- Build Terraform mapping definitions for security groups using $hub and $ip actions: Adding security groups and dataflows support to Terraform
- Created multinetwork_security_groups_with_lb terraform equivalent
- Fixed aws_ecs_service task_definition
Fix error when a terraform file has no resources at all
Visio
Implement boundary based trustzones processing in Visio
- Refactored Visio parser and factories to support different component representation calculations
- Boundray trustzones processed with no total precision yet
- Fixed previous problems with trustzone processing and parent calculation
- Support for unbounded Visio diagrams
- Refactored zone components representations
- Added some diagram to otm integration tests
- Added more diagram to otm tests
- Added simple_component_representer unit tests
- Fixed minor problem for corner cases in parent calculator
More components for Visio
- Add to visio default mapping file the AWS stencils that match AWS IriusRisk components
Error when processing diagram with incomplete connectors
Code refactor
Make the URL for the OTM standard in the wiki link to the OTM project README instead of the wiki
Fixes
Startleft control unexpected errors on building OTM steps don't return OTM_BUILDING_ERROR
Fix error importing NeoLoad visio file
Other tasks
Set version to all libraries defined in setup.py available in Startleft
Improve error processing in Startleft to avoid generic 500 errors
- Removed unnecessary exception handlers
- Default str method for enum and adding return statement
Integration tests for Startleft CLI
- Initial Bitbucket Pipelines configuration
- bitbucket-pipelines.yml edited online with Bitbucket
- Added deepdiff new lib to setup.py
- Revert added deepdiff Modified pipeline to install extras_require
- Modified pipeline to install extras_require
- Modified pipeline. Added deepdiff manually
- Create use cases for integration tests in Startleft CLI
Update startleft library lxml from 4.8.0 to 4.9.1
1.3.0
Added tag 1.3.0 for changeset 8599ed9c059c
1.2.0
[OPT-108] - Health endpoint included the Startleft service status