threat-dragon icon indicating copy to clipboard operation
threat-dragon copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Schema committed to repo as JSON schema

Open johnandersen777 opened this issue 2 years ago • 2 comments

Describe what problem your feature request solves

Would like to be able to validate conformity of serialized threat models using standard tooling (JSON schema validation).

Describe the solution you'd like

If there could be a docs/development/schema/owasp.threat-dragon.schema.json would be great, then we could do validation.

Additional context

The Open Architecture Working Group would like to consume threat models from Threat Dragon, and one of the core principles of the Open Architecture is to understand the schema of data being referenced within each domain specific format. The Open Architecture is a proxy format for domain specific representations of architecture. Threat Dragon's format is among one of the first we are targeting.

  • https://github.com/intel/dffml/discussions/1369#discussioncomment-2929379
  • https://github.com/intel/dffml/tree/alice/docs/tutorials/rolling_alice

johnandersen777 avatar Jun 11 '22 17:06 johnandersen777

Hello @pdxjohnny

Apologies for not responding sooner, I was on vacation in a place without internet (hard to find, but they still exist :)

This looks a good addition to Threat Dragon, and it is great that Threat Dragon is among the first you would like to target.

Do you have a solution that you would like to see, a suggested owasp.threat-dragon.schema.json ?

jgadsden avatar Jun 26 '22 08:06 jgadsden

Hey no worries at all hope you had fun!

Yes, that would be a perfect filename. Our goal is to have the file URL include both the format name and format version, this way we can validate contents with the schema respective to its version. When releases are tagged we’ll be able to grab the version from the tagged raw URL to the schema file.

Thank you!

johnandersen777 avatar Jun 26 '22 12:06 johnandersen777

beginning work on this because is it will help with Threat Dragon version 2.0 backward compatibility with version 1.x models

The schema format definition at docs/development/schema.md should follow the schema shown in the Open Threat Model github project.

The json schema itself is following Understanding JSON Schema

jgadsden avatar Sep 04 '22 19:09 jgadsden

Hello @pdxjohnny Just checking what you need from Threat Dragon. We have the following, which one did you need?

  1. Docs type markdown (in progress)
  2. JSON schema definition (in progress)
  3. Various existing threat models, for example

jgadsden avatar Sep 04 '22 21:09 jgadsden

(2) was the original intent of this issue’s scope.

Thank you!

johnandersen777 avatar Sep 05 '22 03:09 johnandersen777

Cool, thanks @pdxjohnny - will work on this schema and the .md docs can follow in their own time Once the pull request is ready I will put you down as a reviewer

jgadsden avatar Sep 05 '22 05:09 jgadsden

Hello @pdxjohnny, the the completed json schema is in #508 . Is this looking OK? I have put it all in one 400 line file ... hope that is normal thing to do

jgadsden avatar Sep 06 '22 11:09 jgadsden

Thank you! It looks great. I’ll run some code today and play around with it and get back to you in the PR to confirm.

johnandersen777 avatar Sep 06 '22 13:09 johnandersen777