raghav1030
commented
8 months ago hey @jgadsden! how can we get a generalized schema for threat models?
Closed jgadsden closed 8 months ago
raghav1030
commented
8 months ago hey @jgadsden! how can we get a generalized schema for threat models?
jgadsden
commented
8 months ago Hello @raghav1030 , thanks for taking this on. The threat model schema is here: https://github.com/OWASP/www-project-threat-dragon/blob/main/assets/schemas/owasp.threat-dragon.schema.json
but it may be out of date, last worked on it late 2022
raghav1030
commented
8 months ago Hey @jgadsden, should I proceed with the schema you provided, or do we have an updated version?
jgadsden
commented
8 months ago the updates will be very minor, and probably won't stop the existing models from being loaded I would go ahead with the existing schema and I can update it if necessary 👍🏾
jgadsden
commented
8 months ago If it helps the suggested place to do this check is in ImportModel.vue :
onImportClick(fileName) {
let jsonModel;
// check for JSON syntax errors, schema errors come later
try {
jsonModel = JSON.parse(this.tmJson);
} catch (e) {
this.$toast.error(this.$t('threatmodel.errors.invalidJson'));
console.error(e);
return;
}
// ToDo: need to catch invalid threat model schemas, possibly using npmjs.com/package/ajv
// Identify if threat model is in OTM format and if so, convert OTM back to dragon format
if (Object.hasOwn(jsonModel, 'otmVersion')) {
jsonModel = openThreatModel.convertOTMtoTD(jsonModel);
}
Describe what problem your feature request solves It would be good to apply the Threat Dragon json schema to threat models when they are being opened. This couls be an added check - at present we check for valid JSON, but we could also check for valid threat model contents
Describe the solution you'd like When opening a threat model, apply
ajvto check that it follows the schemaAdditional context