Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An empty threat model with ignoreUnused throws an error #170

Merged
merged 1 commit into from
Sep 7, 2021
Merged

An empty threat model with ignoreUnused throws an error #170

merged 1 commit into from
Sep 7, 2021

Conversation

raphaelahrens
Copy link
Contributor

If a model has only elements which will not be displayed because
ignoreUnused is set to True the function _sort_elements() fails.

This is caused by a call to max(orders.values())which then ismax([])` which is not a computable value.

The error is caused by a module like this or an empty model.

from pytm import (
    TM,
    Actor,
)

tm = TM("my test tm")
tm.ignoreUnused = True

actor = Actor('actor')

if __name__ == "__main__":
    tm.process()

@raphaelahrens
An empty threat model with ignoreUnused throws an error
7d850b0 
If a model has only elements which will not be displayed because
ignoreUnused is set to True the function _sort_elements() fails.

This is caused by a call to max(orders.values())` which then is
`max([])` which is not a computable value.

The error is caused by a module like this or an empty model.

```
from pytm import (
    TM,
    Actor,
)

tm = TM("my test tm")
tm.ignoreUnused = True

actor = Actor('actor')

if __name__ == "__main__":
    tm.process()
```
@raphaelahrens raphaelahrens requested a review from izar as a code owner September 2, 2021 12:25
@nineinchnick
Copy link
Collaborator

I'd say this should still raise an error, just with a more actionable message.

@raphaelahrens
Copy link
Contributor Author

I am not sure if the check is really sufficient, maybe it can be done in the call to max() directly.
For example `max([-1]+orders.values())

@raphaelahrens
Copy link
Contributor Author

raphaelahrens commented Sep 2, 2021
edited
Loading

I'd say this should still raise an error, just with a more actionable message.

Should an empty model also raise such an error like the following?

tm = TM("my test tm")
tm.ignoreUnused = True

if __name__ == "__main__":
    tm.process()

Because this model is not raising any errors.

tm = TM("my test tm")

if __name__ == "__main__":
    tm.process()

@izar
Copy link
Collaborator

izar commented Sep 7, 2021

Thanks!

@izar izar merged commit 904fe1a into OWASP:master Sep 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@izar izar izar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@raphaelahrens @nineinchnick @izar