Skip to content

Commit

Permalink
Merge branch 'main' into AggregatedModel
Browse files Browse the repository at this point in the history
  • Loading branch information
hyakuhei authored Jul 19, 2021
2 parents 9a2ef2b + aef1d31 commit 731132b
Show file tree
Hide file tree
Showing 10 changed files with 373 additions and 50 deletions.
6 changes: 5 additions & 1 deletion .github/workflows/python-app.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,12 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8 pytest
pip install flake8 pytest black
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Check black formatting
run: |
black --diff fluentm.py tests/
black --check fluentm.py tests/
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -127,3 +127,6 @@ dmypy.json

# Pyre type checker
.pyre/

# vim
.*.swp
72 changes: 72 additions & 0 deletions example_tinkerbell.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
from fluentm import (
Actor,
Process,
DataFlow,
HTTP,
MTLS,
TLS,
DHCP,
)
from fluentm import report

scenes = {
# Example using variables, which is fine for small things but gets hard with longer flows
"Tink API traffic": [
DataFlow(
Actor("tink-cli"),
Process("Tink API").inBoundary("Tink Control Plane Network"),
MTLS(HTTP("API request")),
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("boots").inBoundary("Tink Control Plane Network"),
DHCP("IP Request"),
),
DataFlow(
Process("boots").inBoundary("Tink Control Plane Network"),
Process("Tink API").inBoundary("Tink Control Plane Network"),
MTLS(HTTP("API request")),
"Boots queries for IP",
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("boots").inBoundary("Tink Control Plane Network"),
DHCP("PXE Location Request"),
),
DataFlow(
Process("boots").inBoundary("Tink Control Plane Network"),
Process("Tink API").inBoundary("Tink Control Plane Network"),
MTLS(HTTP("API request")),
"Boots queries for PXE OS location",
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("Nginx").inBoundary("Tink Control Plane Network"),
HTTP("Boot OS Request"),
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("Tink API").inBoundary("Tink Control Plane Network"),
TLS(HTTP("Workflow")),
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("Container Registry").inBoundary("Tink Control Plane Network"),
TLS(HTTP("Container Images")),
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("Hegel").inBoundary("Tink Control Plane Network"),
TLS(HTTP("Machine metadata")),
"Metadata request",
),
DataFlow(
Process("Machine").inBoundary("On Premise Network"),
Process("Nginx").inBoundary("Tink Control Plane Network"),
HTTP("Workload OS"),
),
]
}

if __name__ == "__main__":
report(scenes, outputDir="examples/tinkerbell", dfdLabels=True)
185 changes: 185 additions & 0 deletions examples/tinkerbell/ThreatModel.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
<html>
<head>
<title>
Threat Models
</title>
<style>
#dataFlowTable {
font-family: Arial, Helvetica, sans-serif;
border-collapse: collapse;
width: 100%;
}

#dataFlowTable td, #dataFlowTable th {
border: 1px solid #ddd;
padding: 8px;
}

#dataFlowTable tr:nth-child(even){background-color: #f2f2f2;}

#dataFlowTable tr:hover {background-color: #ddd;}

#dataFlowTable th {
padding-top: 12px;
padding-bottom: 12px;
text-align: left;
background-color: #a34a4a;
color: white;
}
</style>
</head>
<body>
<hr />

<h2> Tink API traffic </h2>
<img src="Tink API traffic-dfd.png">
<table id="dataFlowTable">
<tr>

<th>Flow ID</th>

<th>Pitcher</th>

<th>Catcher</th>

<th>Data Flow</th>

</tr>

<tr>

<td>1</td>

<td>tink-cli</td>

<td>Tink API</td>

<td>MTLS( HTTP( API request ) )</td>

</tr>


<tr>

<td>2</td>

<td>Machine</td>

<td>boots</td>

<td>DHCP( IP Request )</td>

</tr>


<tr>

<td>3</td>

<td>boots</td>

<td>Tink API</td>

<td>MTLS( HTTP( API request ) )</td>

</tr>


<tr>

<td>4</td>

<td>Machine</td>

<td>boots</td>

<td>DHCP( PXE Location Request )</td>

</tr>


<tr>

<td>5</td>

<td>boots</td>

<td>Tink API</td>

<td>MTLS( HTTP( API request ) )</td>

</tr>


<tr>

<td>6</td>

<td>Machine</td>

<td>Nginx</td>

<td>HTTP( Boot OS Request )</td>

</tr>


<tr>

<td>7</td>

<td>Machine</td>

<td>Tink API</td>

<td>TLS( HTTP( Workflow ) )</td>

</tr>


<tr>

<td>8</td>

<td>Machine</td>

<td>Container Registry</td>

<td>TLS( HTTP( Container Images ) )</td>

</tr>


<tr>

<td>9</td>

<td>Machine</td>

<td>Hegel</td>

<td>TLS( HTTP( Machine metadata ) )</td>

</tr>


<tr>

<td>10</td>

<td>Machine</td>

<td>Nginx</td>

<td>HTTP( Workload OS )</td>

</tr>


</table>


<hr />

</body>
</html>
27 changes: 27 additions & 0 deletions examples/tinkerbell/Tink API traffic-dfd
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
digraph "Tink API traffic" {
color=blue rankdir=LR
node [fontname=Arial fontsize=14]
"tink-cli"
subgraph "cluster_Tink Control Plane Network" {
graph [color=red fontname=Arial fontsize=12 label="Tink Control Plane Network" line=dotted]
"Tink API"
boots
Nginx
"Container Registry"
Hegel
}
subgraph "cluster_On Premise Network" {
graph [color=red fontname=Arial fontsize=12 label="On Premise Network" line=dotted]
Machine
}
"tink-cli" -> "Tink API" [label="(1) API request"]
Machine -> boots [label="(2) IP Request"]
boots -> "Tink API" [label="(3) Boots queries for IP"]
Machine -> boots [label="(4) PXE Location Request"]
boots -> "Tink API" [label="(5) Boots queries for PXE OS location"]
Machine -> Nginx [label="(6) Boot OS Request"]
Machine -> "Tink API" [label="(7) Workflow"]
Machine -> "Container Registry" [label="(8) Container Images"]
Machine -> Hegel [label="(9) Metadata request"]
Machine -> Nginx [label="(10) Workload OS"]
}
Binary file added examples/tinkerbell/Tink API traffic-dfd.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
19 changes: 18 additions & 1 deletion fluentm.py
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,11 @@ def __init__(self, toWrap):
)


class DHCP(Plaintext):
def __init__(self, toWrap):
super().__init__(toWrap)


class Internal(WrappableProtocol):
def __init__(self, toWrap):
super().__init__(
Expand Down Expand Up @@ -163,6 +168,19 @@ def __init__(self, toWrap):
)


class MTLS(WrappableProtocol):
def __init__(self, toWrap):
super().__init__(
toWrap,
encrypted=True,
version=None,
serverAuthenticated=True,
clientAuthenticated=True,
serverCredential="x509",
clientCredential="x509",
)


class MTLSVPN(WrappableProtocol):
def __init__(self, toWrap):
super().__init__(
Expand Down Expand Up @@ -540,7 +558,6 @@ def renderDfd(graph: Digraph, title: str, outputDir: str):
print(graph)
return f"{title}-dfd.png"


def dfd(scenes: dict, title: str, dfdLabels=True, render=False, simplified=False):
graph = Digraph(title)
graph.attr(rankdir="LR", color="blue")
Expand Down
Loading

0 comments on commit 731132b

Please sign in to comment.