Closed peterdew closed 10 months ago
Hello @peterdew - thanks for raising this point. What we implement is STRIDE per Element, which follows this table:
According to the type of diagram (STRIDE, LINDDUN and CIA), Threat Dragon will restrict the threat type according to the element chosen. If you find this too restrictive then change the diagram type to ‘Generic’ and this will allow you to select any threat type for any type of element; you can always change the diagram back to STRIDE, LINDDUN or CIA later on.
I think it is good that the documentation is changed to emphasis this, probably on this page: https://owasp.org/www-project-threat-dragon/docs-2/threats/
Hi, i see the documentation is changed to emphasize what youve written. But the issue is still open. Is there any help required in editing the documentation? Happy to help!
hello @Atharva-Kanherkar , yes absolutely, if you would like to create a pull request in the documentation repo with changes for the page /docs-2/threats/ that would be great
hello @Atharva-Kanherkar , yes absolutely, if you would like to create a pull request in the documentation repo with changes for for page /docs-2/threats/ that would be great
Thank you! I want to help related this issue, it would be very helpful if you may provide some more details what i can change in the documentation.
@peterdew and @Atharva-Kanherkar this is related to a blocking bug #786
If a diagram node is selected when a dataflow is added, data-flow attributes are wrongly applied to the selected node. This has the consequences that :
this happens when either a dataflow is added by double click or when the dataflow is added from the pick area - all it needs is that a node is selected when a dataflow is added
Describe the bug: In the Threat Dragon tool, while trying to add a new threat to a dataflow, I noticed that I can only select from three STRIDE types (Tampering, Information disclosure, Denial of Service) instead of the expected six STRIDE threat types.
Expected behaviour: When adding a new threat, I expect to see all six STRIDE threat types (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of Privilege) available for selection.
Environment:
Version: 2.0.9 Platform: DesktopApp OS: Windows 10 Browser: NVT
To Reproduce:
Open the Threat Dragon tool. Navigate to the section to add a new threat to a dataflow. Click on the STRIDE type dropdown. Observe that only three types (Tampering, Information disclosure, Denial of Service) are available for selection.
Any additional context, screenshots, etc: I've attached a screenshot showcasing the issue.