Closed scottbrown closed 4 years ago
When running threagile -list-types, the output does not includes the list of accepted encryption types.
threagile -list-types
Bug
$ docker run --rm threagile/threagile -list-types _____ _ _ _ |_ _| |__ _ __ ___ __ _ __ _(_) | ___ | | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \ | | | | | | | | __/ (_| | (_| | | | __/ |_| |_| |_|_| \___|\__,_|\__, |_|_|\___| |___/ Threagile - Agile Threat Modeling Documentation: https://threagile.io Docker Images: https://hub.docker.com/r/threagile Sourcecode: https://github.com/threagile License: Open-Source (MIT License) Version: 1.0.0 () The following types are available (can be extended for custom rules): Quantity: [very-few few many very-many] Confidentiality: [public internal restricted confidential strictly-confidential] Criticality (for integrity and availability): [archive operational important critical mission-critical] Technical Asset Type: [external-entity process datastore] Technical Asset Size: [system service application component] Authorization: [none technical-user enduser-identity-propagation] Authentication: [none credentials session-id token client-certificate two-factor externalized] Usage: [business devops] Data Format: [json xml serialization file csv] Protocol: [unknown-protocol http https ws wss reverse-proxy-web-protocol reverse-proxy-web-protocol-encrypted mqtt jdbc jdbc-encrypted odbc odbc-encrypted sql-access-protocol sql-access-protocol-encrypted nosql-access-protocol nosql-access-protocol-encrypted binary binary-encrypted text text-encrypted ssh ssh-tunnel smtp smtp-encrypted pop3 pop3-encrypted imap imap-encrypted ftp ftps sftp scp ldap ldaps jms nfs smb smb-encrypted local-file-access nrpe xmpp iiop iiop-encrypted jrmp jrmp-encrypted in-process-library-call container-spawning] Technical Asset Technology: [unknown-technology client-system browser desktop mobile-app devops-client web-server web-application application-server database file-server local-file-system erp cms web-service-rest web-service-soap ejb search-index search-engine service-registry reverse-proxy load-balancer build-pipeline sourcecode-repository artifact-registry code-inspection-platform monitoring ldap-server container-platform batch-processing event-listener identity-provider identity-store-ldap identity-store-database tool cli task function gateway iot-device message-queue stream-processing service-mesh data-lake big-data-platform report-engine ai mail-server vault hsm waf ids ips scheduler mainframe block-storage library] Technical Asset Machine: [physical virtual container serverless] Trust Boundary Type: [network-on-prem network-dedicated-hoster network-virtual-lan network-cloud-provider network-cloud-security-group network-policy-namespace-isolation execution-environment] Data Loss Probability: [improbable possible probable] Risk Severity: [low medium elevated high critical] Risk Exploitation Likelihood: [unlikely likely very-likely frequent] Risk Exploitation Impact: [low medium high very-high] Risk Function: [business-side architecture development operations] Risk Status: [unchecked in-discussion accepted in-progress mitigated false-positive] STRIDE: [spoofing tampering repudiation information-disclosure denial-of-service elevation-of-privilege] Encryption: [none transparent data-with-symmetric-shared-key data-with-asymmetric-shared-key data-with-enduser-individual-key]
```bash $ docker run --rm threagile/threagile -list-types _____ _ _ _ |_ _| |__ _ __ ___ __ _ __ _(_) | ___ | | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \ | | | | | | | | __/ (_| | (_| | | | __/ |_| |_| |_|_| \___|\__,_|\__, |_|_|\___| |___/ Threagile - Agile Threat Modeling Documentation: https://threagile.io Docker Images: https://hub.docker.com/r/threagile Sourcecode: https://github.com/threagile License: Open-Source (MIT License) Version: 1.0.0 () The following types are available (can be extended for custom rules): Quantity: [very-few few many very-many] Confidentiality: [public internal restricted confidential strictly-confidential] Criticality (for integrity and availability): [archive operational important critical mission-critical] Technical Asset Type: [external-entity process datastore] Technical Asset Size: [system service application component] Authorization: [none technical-user enduser-identity-propagation] Authentication: [none credentials session-id token client-certificate two-factor externalized] Usage: [business devops] Data Format: [json xml serialization file csv] Protocol: [unknown-protocol http https ws wss reverse-proxy-web-protocol reverse-proxy-web-protocol-encrypted mqtt jdbc jdbc-encrypted odbc odbc-encrypted sql-access-protocol sql-access-protocol-encrypted nosql-access-protocol nosql-access-protocol-encrypted binary binary-encrypted text text-encrypted ssh ssh-tunnel smtp smtp-encrypted pop3 pop3-encrypted imap imap-encrypted ftp ftps sftp scp ldap ldaps jms nfs smb smb-encrypted local-file-access nrpe xmpp iiop iiop-encrypted jrmp jrmp-encrypted in-process-library-call container-spawning] Technical Asset Technology: [unknown-technology client-system browser desktop mobile-app devops-client web-server web-application application-server database file-server local-file-system erp cms web-service-rest web-service-soap ejb search-index search-engine service-registry reverse-proxy load-balancer build-pipeline sourcecode-repository artifact-registry code-inspection-platform monitoring ldap-server container-platform batch-processing event-listener identity-provider identity-store-ldap identity-store-database tool cli task function gateway iot-device message-queue stream-processing service-mesh data-lake big-data-platform report-engine ai mail-server vault hsm waf ids ips scheduler mainframe block-storage library] Technical Asset Machine: [physical virtual container serverless] Trust Boundary Type: [network-on-prem network-dedicated-hoster network-virtual-lan network-cloud-provider network-cloud-security-group network-policy-namespace-isolation execution-environment] Data Loss Probability: [improbable possible probable] Risk Severity: [low medium elevated high critical] Risk Exploitation Likelihood: [unlikely likely very-likely frequent] Risk Exploitation Impact: [low medium high very-high] Risk Function: [business-side architecture development operations] Risk Status: [unchecked in-discussion accepted in-progress mitigated false-positive] STRIDE: [spoofing tampering repudiation information-disclosure denial-of-service elevation-of-privilege]
Issue
When running
threagile -list-types
, the output does not includes the list of accepted encryption types.Type
Bug
Expected Results
Actual Results