Merge pull request #388 from iriusrisk/release/1.26.0

Release/1.26.0 to main

.github/actions/install-startleft/action.yml

@@ -15,7 +15,7 @@ runs:
           python-version: ${{ inputs.python-version }}
 
       - name: Update pip version to 23.0.1
-        run: python -m pip install --upgrade pip==23.0.1
+        run: python -m pip install --use-pep517 --upgrade pip==23.0.1
         shell: bash
 
       - name: Setup Graphviz

deployment/Dockerfile.application

@@ -13,6 +13,8 @@ RUN apk --no-cache add lapack libstdc++ libmagic geos-dev && \
 
 COPY . .
 
+RUN pip install --upgrade pip
+
 RUN pip install .
 
 
@@ -21,12 +23,7 @@ FROM python:3.8-alpine
 WORKDIR /app
 
 RUN apk update && \
-    apk add libmagic && \
-    apk add re2 && \
-    apk add graphviz && \
-    apk add lapack && \
-    apk add cblas && \
-    apk add geos
+    apk add libmagic re2 lapack cblas geos graphviz-dev
 
 COPY --from=startleft-base /usr/local/lib/python3.8/site-packages /usr/local/lib/python3.8/site-packages
 

otm/otm/trustzone_representation_calculator.py

@@ -9,7 +9,7 @@
 TZ_PADDING = 30
 
 
-def _get_trustzone_components(trustzone_id: str, components: List[Component]):
+def _get_trustzone_components(trustzone_id: str, components: List[Union[Component, Trustzone]]):
     return list(filter(lambda component: component.parent == trustzone_id, components))
 
 
@@ -20,7 +20,7 @@ def _get_first_representation(component: Component):
 def calculate_missing_trustzones_representations(otm: OTM, representation_id):
     for trustzone in otm.trustzones:
         if not trustzone.representations:
-            tz_components = _get_trustzone_components(trustzone.id, otm.components)
+            tz_components = _get_trustzone_components(trustzone.id, otm.trustzones + otm.components)
             TrustZoneRepresentationCalculator(representation_id, trustzone, tz_components).calculate()
 
 

otm/tests/unit/test_trustzone_representation_calculator.py

@@ -70,7 +70,8 @@ def test_calculate_missing_trustzones_representations(self, trustzone_calculator
             calculate_missing_trustzones_representations(otm, REPRESENTATION_ID)
 
         # THEN the components are retrieved for the trustzone_without_representation
-        get_trustzone_components_mock.assert_called_with(trustzone_without_representation.id, trustzone_components)
+        get_trustzone_components_mock.assert_called_with(
+            trustzone_without_representation.id, otm.trustzones + trustzone_components)
 
         # AND the trustzone representation is calculated for the trustzone_without_representation
         trustzone_calculator_mock.assert_called_with(REPRESENTATION_ID,

setup.py

@@ -20,24 +20,27 @@
         'deepmerge==1.1.0',
         'jmespath==1.0.1',
         'python-hcl2==4.3.2',
-        'requests==2.31.0',
+        'requests==2.32.3',
         'fastapi==0.109.2',
         'python-multipart==0.0.7',
         'click==8.1.7',
         'uvicorn==0.23.2',
         'shapely==2.0.1',
         'vsdx==0.5.13',
         'python-magic==0.4.27',
-        'setuptools==67.8.0',
-        'setuptools-scm==8.0.2',
+        'setuptools==70.3.0',
+        'setuptools-scm==8.1.0',
         'defusedxml==0.7.1',
         'networkx==3.1',
         'dependency-injector==4.41.0',
         'google-re2==1.0',
         'xmlschema==2.5.0',
         'word2number==1.1',
         # Do not upgrade pygraphviz unless security issues because it is heavily dependent on the underlying OS
-        'pygraphviz==1.10'
+        'pygraphviz==1.10',
+        # Numpy is a transitive dependency of fastapi, requests and python-multipart
+        # They require different v1 versions, while v2 versions lead to import errors
+        'numpy<2.0'
     ],
     use_scm_version={
         'write_to': 'startleft/version.py',

slp_mtmt/slp_mtmt/mtmt_loader.py

@@ -38,12 +38,12 @@ def __read(self):
         model_ = json_['ThreatModel']
         list_ = model_['DrawingSurfaceList']
         surface_model_ = list_['DrawingSurfaceModel']
-        surface_model_array \
-            = surface_model_ if isinstance(surface_model_, collections.abc.Sequence) else [surface_model_]
+        surface_model_ \
+            = surface_model_[0] if isinstance(surface_model_, collections.abc.Sequence) else surface_model_
 
-        for surface_model in surface_model_array:
-            self.add_borders(surface_model)
-            self.add_lines(surface_model)
+        # Only the first tab of the MTMT file is processed
+        self.add_borders(surface_model_)
+        self.add_lines(surface_model_)
 
         self.add_threats(model_)
         self.know_base = MTMKnowledge(model_['KnowledgeBase'])

slp_mtmt/slp_mtmt/mtmt_parser.py

@@ -11,6 +11,7 @@
 from slp_mtmt.slp_mtmt.parse.mtmt_connector_parser import MTMTConnectorParser
 from slp_mtmt.slp_mtmt.parse.mtmt_threat_parser import MTMThreatParser
 from slp_mtmt.slp_mtmt.parse.mtmt_trustzone_parser import MTMTTrustzoneParser
+from otm.otm.trustzone_representation_calculator import calculate_missing_trustzones_representations
 
 
 class MTMTParser(ProviderParser):
@@ -62,14 +63,17 @@ def __get_mtmt_representations(self) -> list:
 
     def build_otm(self) -> OTM:
         threats, mitigations = self.__get_mtmt_threats_and_mitigations(self.__get_mtmt_components())
+        otm_representations = self.__get_mtmt_representations()
 
         otm = OTMBuilder(self.project_id, self.project_name, EtmType.MTMT) \
-            .add_representations(self.__get_mtmt_representations()) \
+            .add_representations(otm_representations) \
             .add_trustzones(self.__get_mtmt_trustzones()) \
             .add_components(self.__get_mtmt_components()) \
             .add_dataflows(self.__get_mtmt_dataflows()) \
             .add_threats(threats) \
             .add_mitigations(mitigations) \
             .build()
 
+        calculate_missing_trustzones_representations(otm, otm_representations[0].id)
+
         return otm

slp_mtmt/slp_mtmt/parse/mtmt_general_parser.py

@@ -1,3 +1,5 @@
+from typing import Union
+
 from slp_mtmt.slp_mtmt.entity.mtmt_entity_border import MTMBorder
 from slp_mtmt.slp_mtmt.entity.mtmt_entity_line import MTMLine
 from slp_mtmt.slp_mtmt.mtmt_entity import MTMT
@@ -16,7 +18,7 @@ def is_parent(parent, child):
     return False
 
 
-def get_the_child(parents):
+def get_the_child(parents) -> Union[MTMBorder, MTMLine, None]:
     if len(parents) == 0:
         return None
     if len(parents) == 1:
@@ -43,7 +45,7 @@ def __init__(self, source: MTMT, mapping: MTMTMapping, diagram_representation: s
         self.mapping = mapping
         self.diagram_representation = diagram_representation
 
-    def _get_parent(self, border: MTMBorder):
+    def _get_parent(self, border: MTMBorder)  -> Union[MTMBorder, MTMLine, None]:
         parents = []
         for candidate in self.source.borders + self.source.lines:
             if is_parent(candidate, border):

slp_mtmt/slp_mtmt/parse/mtmt_trustzone_parser.py

@@ -45,7 +45,7 @@ def create_trustzone(self, border) -> Trustzone:
             parent_id, parent_type = None, None
         mtmt_type = self.__calculate_otm_type(border)
         if mtmt_type is not None:
-            calculator = TrustzoneRepresentationCalculator(self.diagram_representation, border)
+            calculator = TrustzoneRepresentationCalculator(self.diagram_representation, border, parent)
             representations = calculator.calculate_representation()
             tz = Trustzone(trustzone_id=border.id,
                            name=border.name or border.stencil_name,

slp_mtmt/slp_mtmt/util/component_representation_calculator.py

@@ -5,15 +5,13 @@
 class ComponentRepresentationCalculator(RepresentationCalculator):
 
     def get_position(self) -> (int, int):
-        if isinstance(self.parent, MTMBorder):
-            return self.__get_border_position()
-        return None, None
+        return self.__get_border_position()
 
     def get_size(self) -> (int, int):
         return self.element.width, self.element.height
 
     def __get_border_position(self):
-        if self.parent:
+        if isinstance(self.parent, MTMBorder):
             x = self.element.left - self.parent.left
             y = self.element.top - self.parent.top
         else:

slp_mtmt/slp_mtmt/util/trustzone_representation_calculator.py

@@ -5,14 +5,18 @@
 class TrustzoneRepresentationCalculator(RepresentationCalculator):
 
     def get_position(self) -> (int, int):
-        if isinstance(self.element, MTMBorder):
-            return self.__get_border_position()
-        return None, None
+        if not isinstance(self.element, MTMBorder):
+            return None, None
+
+        return self.__get_relative_position() if isinstance(self.parent, MTMBorder) else self.__get_absolute_position()
 
     def get_size(self) -> (int, int):
         if isinstance(self.element, MTMBorder):
             return self.element.width, self.element.height
         return None, None
 
-    def __get_border_position(self):
+    def __get_absolute_position(self):
         return self.element.left, self.element.top
+
+    def __get_relative_position(self):
+        return self.element.left - self.parent.left, self.element.top - self.parent.top