diff --git a/.gitbook/assets/dfd.png b/.gitbook/assets/dfd.png deleted file mode 100644 index 6e5cc469..00000000 Binary files a/.gitbook/assets/dfd.png and /dev/null differ diff --git a/.gitbook/assets/sample.png b/.gitbook/assets/sample.png deleted file mode 100644 index 09a328e6..00000000 Binary files a/.gitbook/assets/sample.png and /dev/null differ diff --git a/.gitbook/assets/seq.png b/.gitbook/assets/seq.png deleted file mode 100644 index 6c7bfea8..00000000 Binary files a/.gitbook/assets/seq.png and /dev/null differ diff --git a/.gitignore b/.gitignore index 73f7be44..315b6559 100644 --- a/.gitignore +++ b/.gitignore @@ -51,6 +51,7 @@ coverage.xml *.cover .hypothesis/ .pytest_cache/ +.ruff_cache/ # Translations *.mo diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 4f47e28f..00000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,105 +0,0 @@ -# Unreleased - -## Breaking changes - -- Removed SQLite dump functionality (`--sqldump` option) and associated `pydal` dependency - -# 1.2.0 - -## Breaking changes - -- Replace `usesLatestTLSversion` with `minTLSVersion` in assets and `tlsVersion` in data flows [#123](https://github.com/izar/pytm/pull/123) -- When the `data` attribute of elements is initialied with a string, convert it to a `Data` object with `undefined` as name and the string as description; change the default classification from `PUBLIC` to `UNKNOWN` [#148](https://github.com/izar/pytm/pull/148) - -## New features - -- Separate actors and assets from elements when dumping the model to JSON [#150](https://github.com/izar/pytm/pull/150) -- Add unique Finding ids [#154](https://github.com/izar/pytm/pull/154) -- Allow to associate the threat model script with source code files and check their age difference [#145](https://github.com/izar/pytm/pull/145) -- Adapt [the DFD3 notation](https://github.com/adamshostack/DFD3) [#143](https://github.com/izar/pytm/pull/143) -- Allow to override findings (threats) attributes [#137](https://github.com/izar/pytm/pull/137) -- Allow to mark data as PII or credentials and check if it's protected [#127](https://github.com/izar/pytm/pull/127) -- Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering -- Added HTML docs using pdoc [#110](https://github.com/izar/pytm/pull/110) -- Added `checksDestinationRevocation` attribute to account for certificate revocation checks [#109](https://github.com/izar/pytm/pull/109) - -## Bug fixes - -- Escape HTML entities in Threat attributes [#149](https://github.com/izar/pytm/pull/149) -- Fix generating reports for models with a `Datastore` that has `isEncryptedAtRest` set and a `Data` that has `isStored` set [#141](https://github.com/izar/pytm/pull/141) -- Fix condition on the `Data Leak` threat so it does not always match [#139](https://github.com/izar/pytm/pull/139) -- Fixed printing the data attribute in reports [#123](https://github.com/izar/pytm/pull/123) -- Added a markdown file with threats [#126](https://github.com/izar/pytm/pull/126) -- Fixed drawing nested boudnaries [#117](https://github.com/izar/pytm/pull/117) -- Add missing `provideIntegrity` attribute in `Actor` and `Asset` classes [#116](https://github.com/izar/pytm/pull/116) - -# 1.1.2 - -- Added Poetry [#108](https://github.com/izar/pytm/pull/108) -- Fix drawing DFDs for nested Boundaries [#107](https://github.com/izar/pytm/pull/107) - -# 1.1.1 - -- Fix pydal dependencies install on pip [#106](https://github.com/izar/pytm/pull/106) - -# 1.1.0 - -## Breaking changes - -- Removed `HandlesResources` attribute from the `Process` class, which duplicates `handlesResources` -- Change default `Dataflow.dstPort` attribute value from `10000` to `-1` - -## New features - - -- Add dump of elements and findings to sqlite database using "--sqldump " (with result in ./sqldump/) [#103](https://github.com/izar/pytm/pull/103) -- Add Data element and DataLeak finding to support creation of a data dictionary separate from the model [#104](https://github.com/izar/pytm/pull/104) -- Add JSON input [#105](https://github.com/izar/pytm/pull/105) -- Add JSON output [#102](https://github.com/izar/pytm/pull/102) -- Use numbered dataflow labels in sequence diagram [#94](https://github.com/izar/pytm/pull/94) -- Move authenticateDestination to base Element [#88](https://github.com/izar/pytm/pull/88) -- Assign inputs and outputs to all elements [#89](https://github.com/izar/pytm/pull/89) -- Allow detecting and/or hiding duplicate dataflows by setting `TM.onDuplicates` [#100](https://github.com/izar/pytm/pull/100) -- Ignore unused elements if `TM.ignoreUnused` is True [#84](https://github.com/izar/pytm/pull/84) -- Assign findings to elements [#86](https://github.com/izar/pytm/pull/86) -- Add description to class attributes [#91](https://github.com/izar/pytm/pull/91) -- New Element methods to be used in threat conditions [#82](https://github.com/izar/pytm/pull/82) -- Provide a Docker image and allow running make targets in a container [#87](https://github.com/izar/pytm/pull/87) -- Dataflow inherits source and/or sink attribute values [#79](https://github.com/izar/pytm/pull/79) -- Merge edges in DFD when `TM.mergeResponses` is True; allow marking `Dataflow` as responses [#76](https://github.com/izar/pytm/pull/76) -- Automatic ordering of dataflows when `TM.isOrdered` is True [#66](https://github.com/izar/pytm/pull/66) -- Loading a custom threats file by setting `TM.threatsFile` [#68](https://github.com/izar/pytm/pull/68) -- Setting properties on init [#67](https://github.com/izar/pytm/pull/67) -- Wrap long labels in DFDs [#65](https://github.com/izar/pytm/pull/65) - -## Bug fixes - -- Ensure all items have correct color, based on scope [#93](https://github.com/izar/pytm/pull/93) -- Add missing server isResilient property [#63](https://github.com/izar/pytm/issues/63) -- Advanced templates in repeat blocks [#81](https://github.com/izar/pytm/pull/81) -- Produce stable diagrams [#79](https://github.com/izar/pytm/pull/79) -- Allow overriding classes [#64](https://github.com/izar/pytm/pull/64) - -# 1.0.0 - -## New features - -- New threats [#61](https://github.com/izar/pytm/pull/61) - -## Bug fixes - -- UnicodeDecodeError: 'charmap' codec can't decode byte 0x9d [#57](https://github.com/izar/pytm/pull/57) -- `_uniq_name` missing 1 required positional argument [#60](https://github.com/izar/pytm/pull/60) -- Render objects with duplicate names [#45](https://github.com/izar/pytm/issues/45) - -# 0.8.1 - -## Bug fixes - -- Draw nested boundaries [#54](https://github.com/izar/pytm/pull/54), [#55](https://github.com/izar/pytm/pull/55) - -# 0.8.0 - -## New features - -- Draw nested boundaries [#52](https://github.com/izar/pytm/pull/52) diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 7d2087a9..00000000 --- a/CODEOWNERS +++ /dev/null @@ -1,2 +0,0 @@ -# Default code owners for the entire repository -* @izar @colesmj diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index 247c40ad..00000000 --- a/MANIFEST.in +++ /dev/null @@ -1,2 +0,0 @@ -include images/lambda.png -include threatlib/threats.json diff --git a/ROADMAP.md b/ROADMAP.md deleted file mode 100644 index 360dcbc0..00000000 --- a/ROADMAP.md +++ /dev/null @@ -1,27 +0,0 @@ -# To the end of 2021 - -* add more threat rules -* add debugging capability to threat rules -* merge/close existing PRs - -# 1H2022 - -* add more rules -* move to a more complete rule evaluation engine -* export/import other popular TM tools data formats -* lower barrier of entry by adding a new, natural way of describing systems - -# 2H2022 - -* total world domination via threat modeling - -# 2H2025 - -* world domination was not reached - but we got a nice slice of it -* integration of TM-BOM format -* additional diagramming formats -* incorporation of AI capabilities - * prioritization of findings - * creation of threat scenarios - - diff --git a/SUMMARY.md b/SUMMARY.md deleted file mode 100644 index a5a4b34b..00000000 --- a/SUMMARY.md +++ /dev/null @@ -1,4 +0,0 @@ -# Table of contents - -* [pytm](README.md) - diff --git a/pyproject.toml b/pyproject.toml index 1fd3a275..f52a42b2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,8 +2,25 @@ name = "pytm" version = "1.3.1" description = "A Pythonic framework for threat modeling" -authors = ["pytm Team"] +authors = ["pytm Team "] license = "MIT License" +readme = "README.md" +homepage = "https://github.com/OWASP/pytm" +packages = [{include = "pytm"}] +include = [ + "pytm/images/*.png", + "pytm/threatlib/threats.json", +] +classifiers = [ + "Programming Language :: Python :: 3", + "License :: OSI Approved :: MIT License", + "Operating System :: OS Independent", + "Development Status :: 5 - Production/Stable", + "Environment :: Console", + "Intended Audience :: Developers", + "Topic :: Security", + "Natural Language :: English", +] [tool.poetry.dependencies] python = "^3.9 || ^3.10 || ^3.11 || ^3.12 || ^3.13 || ^3.14" diff --git a/requirements-dev.txt b/requirements-dev.txt deleted file mode 100644 index 432090a0..00000000 --- a/requirements-dev.txt +++ /dev/null @@ -1,3 +0,0 @@ --r requirements.txt -pdoc3 -black diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/setup.py b/setup.py deleted file mode 100644 index 0ccf3fc2..00000000 --- a/setup.py +++ /dev/null @@ -1,42 +0,0 @@ -import setuptools - -with open("README.md", "r", encoding="utf-8") as f: - long_description = f.read() - -setuptools.setup( - name="pytm", - version="1.3.1", - packages=["pytm"], - description="A Python-based framework for threat modeling.", - long_description=long_description, - long_description_content_type="text/markdown", - author="pytm team", - author_email="please_use_github_issues@nowhere.com", - license="MIT License", - url="https://github.com/izar/pytm", - classifiers=[ - "Programming Language :: Python :: 3", - "License :: OSI Approved :: MIT License", - "Operating System :: OS Independent", - "Development Status :: 5 - Production/Stable", - "Environment :: Console", - "Intended Audience :: Developers", - "Topic :: Security", - "Natural Language :: English", - ], - python_requires=">=3", - install_requires=[], - package_data={ - "pytm": [ - "images/datastore.png", - "images/lambda.png", - "images/datastore_black.png", - "images/datastore_darkgreen.png", - "images/datastore_firebrick3.png", - "images/datastore_gold.png", - "threatlib/threats.json", - ], - }, - exclude_package_data={"": ["report.html"]}, - include_package_data=True, -)