v1.3.1

• NEW: the colormap and RevealMD template features.

What's Changed

• Added a first draft for #234 by @raphaelahrens in #235
• Update scorecard.yml by @izar in #236
• Added prerequisites and likelihood to Threat by @raphaelahrens in #241
• Fixed #221 Got an error "AttributeError: 'str' ... by @raphaelahrens in #242
• Revealjs & update scorecard action version by @izar in #240

Full Changelog: v1.3.0...v1.3.1

v1.3.0

• colormap flag added to paint risk on DFDs
• many bug fixes

What's Changed

• Update docs by @nineinchnick in #161
• Added datastore.png to setup.py by @raphaelahrens in #162
• Finding.id should be a str by @nineinchnick in #158
• Add missing dependencies in Dockerfile by @nineinchnick in #164
• Fixed sample threat model in README.md by @jnk22 in #168
• [Snyk] Security upgrade python from 3.9.5-alpine3.13 to 3.10.0rc1-alpine3.13 by @snyk-bot in #166
• Added the list-element command by @raphaelahrens in #167
• Added the --list-elements command to the readme by @raphaelahrens in #169
• An empty threat model with ignoreUnused throws an error by @raphaelahrens in #170
• Removed the obsolete use of Strings as data by @raphaelahrens in #171
• HTML escaping missed the 'target' field when cleaning Findings by @izar in #173
• Added output encoding for each Element's findings data by @nozmore in #176
• Assumptions by @nozmore in #182
• Updated report test to write the generated report file to disk, simil… by @nozmore in #181
• Fix: Excluded threat IDs are ignored when using --exclude argument by @jnk22 in #174
• Add enum for DatastoreType used in Datastore objects, removed isSQL, … by @nozmore in #179
• Added Controls class as an Element instance variable, moved control b… by @nozmore in #177
• TemplateEngine improvements, updated template.md by @nozmore in #155
• [Snyk] Security upgrade python from 3.10.0rc1-alpine3.13 to 3.10-alpine3.13 by @snyk-bot in #185
• [Snyk] Security upgrade python from 3.10.0rc1-alpine3.13 to 3-alpine3.13 by @snyk-bot in #184
• [Snyk] Security upgrade python from 3-alpine3.13 to 3.11.0a5-slim-bullseye by @snyk-bot in #189
• [Snyk] Security upgrade python from 3.11.0a5-slim-bullseye to 3.11-rc-slim by @snyk-bot in #191
• Adding uniqueId and includeOrder by @per-oestergaard in #190
• Revert "Adding uniqueId and includeOrder" by @izar in #192
• Improve testing by @per-oestergaard in #193
• Correct base image to use Python's Alpine image by @xee5ch in #197
• Update LICENSE by @colesmj in #199
• Include all tests (test_*.py) by @per-oestergaard in #194
• Adding in the Controls and DatastoreType classes to documentation by @jharnois4512 in #201
• Add additional test cases for threat DE01 by @danieldavidson in #205
• [Snyk] Security upgrade python from 3.11-rc-alpine to 3.12-rc-alpine by @izar in #206
• Upgrade CodeSee workflow to version 2 in #209
• Bringing things up to snuff by @izar in #217
• Limit permissions by @izar in #210
• Fixing issue 218 by @izar in #219
• Corrected the Overide example by @raphaelahrens in #225
• Added Error handling for User errors by @raphaelahrens in #226
• fix 'make MODEL=bla' which is currently broken in master by @dglynos in #227
• README : updated the #creating-a-threat-model with an example of a Da… by @FinestMaximus in #228
• Colormap by @izar in #229

New Contributors

• @jnk22 made their first contribution in #168
• @snyk-bot made their first contribution in #166
• @per-oestergaard made their first contribution in #190
• @xee5ch made their first contribution in #197
• @jharnois4512 made their first contribution in #201
• @danieldavidson made their first contribution in #205
• @dglynos made their first contribution in #227
• @FinestMaximus made their first contribution in #228

Full Changelog: v1.2.0...v1.3.0

1.2.0

In this release, we are aiming at clearer reports and some more data-oriented facilities.

Breaking changes

• Replace usesLatestTLSversion with minTLSVersion in assets and tlsVersion in data flows #123
• When the data attribute of elements is initialied with a string, convert it to a Data object with undefined as name and the string as description; change the default classification from PUBLIC to UNKNOWN #148

New features

• Separate actors and assets from elements when dumping the model to JSON #150
• Add unique Finding ids #154
• Allow to associate the threat model script with source code files and check their age difference #145
• Adapt the DFD3 notation #143
• Allow to override findings (threats) attributes #137
• Allow to mark data as PII or credentials and check if it's protected #127
• Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering
• Added HTML docs using pdoc #110
• Added checksDestinationRevocation attribute to account for certificate revocation checks #109

Bug fixes

• Escape HTML entities in Threat attributes #149
• Fix generating reports for models with a Datastore that has isEncryptedAtRest set and a Data that has isStored set #141
• Fix condition on the Data Leak threat so it does not always match #139
• Fixed printing the data attribute in reports #123
• Added a markdown file with threats #126
• Fixed drawing nested boudnaries #117
• Add missing provideIntegrity attribute in Actor and Asset classes #116

1.1.2

• Added Poetry #108
• Fix drawing DFDs for nested Boundaries #107

1.1.0

Breaking changes

• Removed HandlesResources attribute from the Process class, which duplicates handlesResources
• Change default Dataflow.dstPort attribute value from 10000 to -1

New features

• Add dump of elements and findings to sqlite database using "--sqldump " (with result in ./sqldump/) #103
• Add Data element and DataLeak finding to support creation of a data dictionary separate from the model #104
• Add JSON input #105
• Add JSON output #102
• Use numbered dataflow labels in sequence diagram #94
• Move authenticateDestination to base Element #88
• Assign inputs and outputs to all elements #89
• Allow detecting and/or hiding duplicate dataflows by setting TM.onDuplicates #100
• Ignore unused elements if TM.ignoreUnused is True #84
• Assign findings to elements #86
• Add description to class attributes #91
• New Element methods to be used in threat conditions #82
• Provide a Docker image and allow running make targets in a container #87
• Dataflow inherits source and/or sink attribute values #79
• Merge edges in DFD when TM.mergeResponses is True; allow marking Dataflow as responses #76
• Automatic ordering of dataflows when TM.isOrdered is True #66
• Loading a custom threats file by setting TM.threatsFile #68
• Setting properties on init #67
• Wrap long labels in DFDs #65

Bug fixes

• Ensure all items have correct color, based on scope #93
• Add missing server isResilient property #63
• Advanced templates in repeat blocks #81
• Produce stable diagrams #79
• Allow overriding classes #64

pytm-1.1.0.tar.gz