Bidirectional data flow has unidirectional arrow

Threagile / threagile

Agile Threat Modeling Toolkit

https://threagile.io

MIT License

622 stars 128 forks source link

Bidirectional data flow has unidirectional arrow #94

Open srcnuzn opened 3 months ago

srcnuzn commented 3 months ago

Version Version: 1.0.0 (20240730113903)

Steps to reproduce

Have technical assets with communication link where data assets are sent and received.

    communication_links:
      Compile Model:
        target: my-server
        description: Server processing stuff...
        protocol: https
        . . .
        data_assets_sent:
          - some-asset
        data_assets_received:
          - some-other-asset

Expected:

If I define data_assets_sent and data_assets_receive, I expect a bidirectional arrow.

Actual:

Arrow is unidirectional.

srcnuzn commented 2 months ago

Any thought on whether or not my expectation is valid?

ezavgorodniy commented 2 months ago

I'd say your expectation sounds valid and I'd personally vote to the implementation of bidirectional arrow. Hasn't had a chance to dig into details of implementation of generating data flow diagram and whether those comment is actual:

https://github.com/Threagile/threagile/blob/master/pkg/report/graphviz.go#L223

https://github.com/Threagile/threagile/blob/master/pkg/report/graphviz.go#L33-L56

srcnuzn commented 2 months ago

The comments are definitely a good hint for implementation. If the bug in the comment still persists and is difficult to resolve, we could at least enable bidirectional flows for other layouts than ortho.

cjj884 commented 2 months ago

I would recommend leaving the convention as it is which includes the notion of a 'target' found in model definition. Once the arrows become drawn as bidirectional in DFD there will not be a means to know who initiated the communication or on which technical asset to find the communication link definition.