Open oleh-mykytyuk opened 7 months ago
Included this situation in tests
hey, thanks for the PR. I am a bit full this week but will be taking a look asap.
hey, thanks for the PR. I am a bit full this week but will be taking a look asap.
Greetings! Sorry for disturbing, but how about this PR?
sorry, still prioritizing work, but i have not forgotten this!
Hey, thanks for working on this! I am using pytm, and just noticed this 'elementinvalid" issue on my diagram, when using findings.
I've tried a couple of workarounds, but I still have two problems (with 1.3.1), the elementinvalid issue, and the text of my "response" member that I add to my Findings, not appearing in the report. I added a response field to my template like this:
<details>
<summary> {{{{item.id}}}} -- {{{{item.threat_id}}}} -- {{{{item.description}}}}</summary>
<h6> Targeted Element </h6>
<p> {{{{item.target}}}} </p>
<h6> Severity </h6>
<p>{{{{item.severity}}}}</p>
<h6>Example Instances</h6>
<p>{{{{item.example}}}}</p>
<h6>Mitigations</h6>
<p>{{{{item.mitigations}}}}</p>
<h6>References</h6>
<p>{{{{item.references}}}}</p>
<h6>Response</h6>
<p>{{{{item.response}}}}</p>
 
</details>
but in the html, that item.response is empty, even though I supply a response="""To Mitigate: foo""", in my Finding().
One of the workarounds I thought I'd try for the invalid element issue, is to redirect the model.py --dfd-colormap
output to jq to try to use jq to edit-out the elementinvalid elements, but this output is not json. It's close to json, but jq won't deal with it.
ho @oleh-mykytiuk will you be able to address @neilpvirtualitics comment or should i review/merge as is ?
Hey, thanks for working on this! I am using pytm, and just noticed this 'elementinvalid" issue on my diagram, when using findings.
I've tried a couple of workarounds, but I still have two problems (with 1.3.1), the elementinvalid issue, and the text of my "response" member that I add to my Findings, not appearing in the report. I added a response field to my template like this:
<details> <summary> {{{{item.id}}}} -- {{{{item.threat_id}}}} -- {{{{item.description}}}}</summary> <h6> Targeted Element </h6> <p> {{{{item.target}}}} </p> <h6> Severity </h6> <p>{{{{item.severity}}}}</p> <h6>Example Instances</h6> <p>{{{{item.example}}}}</p> <h6>Mitigations</h6> <p>{{{{item.mitigations}}}}</p> <h6>References</h6> <p>{{{{item.references}}}}</p> <h6>Response</h6> <p>{{{{item.response}}}}</p>   </details>
but in the html, that item.response is empty, even though I supply a response="""To Mitigate: foo""", in my Finding().
One of the workarounds I thought I'd try for the invalid element issue, is to redirect the
model.py --dfd-colormap
output to jq to try to use jq to edit-out the elementinvalid elements, but this output is not json. It's close to json, but jq won't deal with it.
Hi! This is another issue. I saw the same. It can be overridden by using the property example
in the template and Finding. this is because not all fields are used during report generation.
e.g.:
fundings.py
finding_DO01_api_gw_used = Finding(
threat_id="DO01",
example="Optional API Gateway can be used to check and limit requests",
)
template.md:
## Findings
{elements:repeat:{{item.findings:if:
### {{item.name}}
{{item.findings:repeat:
---
{{{{item.description}}}}
| # | ThreatID | Severity | Description |Status |
|:-:|:--------:|------------------------|:-------------------------|:----------------------|
| {{{{item.id}}}} | {{{{item.threat_id}}}} | {{{{item.severity}}}} | {{{{item.description}}}} | {{{{item.example}}}} |
**Mitigations**: {{{{item.mitigations}}}}
**References**: {{{{item.references}}}}
}}}}}
I may open another PR to fix this. This PR should not affect other issues or problems.
ho @oleh-mykytiuk will you be able to address @neilpvirtualitics comment or should i review/merge as is ?
Hi @izar ! I replied ;) I think that this is another issue and should be fixed by another PR.
In the issue #222 was mentioned creation of the spurious "invalid" elements. Also, in the PR #223 tried to override the name of auto-generated elements.
This PR goal is to skip using "invalid" elements on DFD and SEQ diagrams. Such elements can be a problem when a lot of Finding used for overriding findings (add additional information to the threats). This approach is mentioned in the official documentation (README file), but leads to problems on the diagrams.
What is done: