mehaase
commented
2 years ago Hi @lcarson-2002, thank you for taking the time to report this. I just merged PR #43 which fixes a lot of issues with the graphviz output. Can you check it out and let me know if it addresses all of your concerns?
lcarson-2002
When running the graphviz script the Action nodes are coming out correctly labelled using the Name field but not the Asset nodes. Asset nodes are all labelled "http://flow-1/asset-##" where ## is a unique incremental value, starting with "1" and counting up for all of the Assets given; State is not used at all. I am not able to get any Object Property Target, nor Data Property to even show up on the graph in any way, let alone their Target value. Relationship flows are also not showing up with the output. e.g. if I put a Relationship from an Asset to an Action with the Type set to "State", nothing shows up on the graph, at least not that I can discern.
I've looked at the JSON output from the attack_flow_designer tool and the the "http://flow-1/asset-##" is coming from the "id:" of the assets list. It's obvious that I can modify the graphviz.py script to get a different output (as can be seen below in the addition of ",label="{asset["state"]}"") but the question is should I? Am I doing something wrong?
def convert(attack_flow): """ Convert an Attack Flow object into Graphviz format. """ graph = ["digraph {"] graph.extend([f' "{act["id"]}" [shape=box,label="{act["name"]}"]' for act in attack_flow['actions']]) graph.append("") graph.extend([f' "{asset["id"]}" [shape=oval,label="{asset["state"]}"]' for asset in attack_flow['assets']]) graph.append("") graph.extend([f' "{rel["source"]}" -> "{rel["target"]}"' for rel in attack_flow['relationships']]) graph.append("}") return "\n".join(graph)