Skip to content

Automative threat generation for LLM-agent based systems #1261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@
!td.vue/**/*.scss
!td.vue/public/
!td.vue/public/*
!td.vue/public/**
!td.vue/src/
!td.vue/src/*.js
!td.vue/src/*.vue
Expand Down Expand Up @@ -166,6 +167,9 @@
!td.vue/src/service/threats/models/*.js
!td.vue/src/service/threats/oats/
!td.vue/src/service/threats/oats/*.js
!td.vue/src/service/threats/analyzer/
!td.vue/src/service/threats/analyzer/*.js
!td.vue/src/service/threats/analyzer/*.json
!td.vue/src/service/x6/
!td.vue/src/service/x6/*.js
!td.vue/src/service/x6/graph/
Expand Down
5 changes: 5 additions & 0 deletions td.vue/public/assets/agent-tool.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 8 additions & 0 deletions td.vue/public/assets/agent.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
21 changes: 21 additions & 0 deletions td.vue/src/components/GraphButtons.vue
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
<template>
<b-btn-group>

<td-form-button
:onBtnClick="generateThreats"
icon="magic-wand-sparkles"
:title="$t('threatmodel.buttons.generateThreats')"
text="" />

<td-form-button
:onBtnClick="deleteSelected"
icon="trash"
Expand Down Expand Up @@ -73,14 +80,25 @@
import { mapState } from 'vuex';

import TdFormButton from '@/components/FormButton.vue';
import { completeGraphAgentThreats } from '@/service/threats/analyzer/index.js';


export default {
name: 'TdGraphButtons',
components: {
TdFormButton
},
computed: mapState({
cellRef: (state) => state.cell.ref,
threats: (state) => state.cell.threats,
diagram: (state) => state.threatmodel.selectedDiagram,
threatTop: (state) => state.threatmodel.data.detail.threatTop,
disableNewThreat: function (state) {
if (!state.cell?.ref?.data) {
return true;
}
return state.cell.ref.data.outOfScope || state.cell.ref.data.isTrustBoundary || state.cell.ref.data.type === 'tm.Text';
}
}),
data() {
return {
Expand All @@ -93,6 +111,9 @@ export default {
}
},
methods: {
generateThreats() {
completeGraphAgentThreats(this.graph, this.$store);
},
save() {
this.$emit('saved');
},
Expand Down
55 changes: 55 additions & 0 deletions td.vue/src/components/GraphProperties.vue
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,22 @@
>
</b-form-group>
</b-col>

<!-- Auto properties -->
<b-col
v-if="cellRef.data.type in properties"
v-for="prop in properties[cellRef.data.type]"
:key="`${cellRef.data.type}_${prop.key}`">
<b-form-group label-cols="auto" :id="`${prop.key}-group`">
<component
:is="propertyTypeComponents[prop.type]"
:id="prop.key"
v-model="cellRef.data[prop.key]"
@change="onChangeProperties()"
>{{ $t(`threatmodel.properties.${prop.key}`) }}</component>
</b-form-group>
</b-col>

</b-form-row>
</b-form>
</div>
Expand All @@ -259,6 +275,45 @@ import dataChanged from '@/service/x6/graph/data-changed.js';

export default {
name: 'TdGraphProperties',
data: () => ({
properties: {
'tm.Agent': [
{ key: 'hasConstraints', type: 'bool' },
{ key: 'hasLogging', type: 'bool' },
{ key: 'hasDynamicAdminPrivileges', type: 'bool' },
{ key: 'hasMultiDomainAccess', type: 'bool' },
{ key: 'canBeRegisteredByUser', type: 'bool' },
{ key: 'inheritsPrivileges', type: 'bool' },
{ key: 'usesAuth', type: 'bool' },
{ key: 'usesBehavioralAuth', type: 'bool' },
{ key: 'isSecurity', type: 'bool' },
{ key: 'isAuthenticator', type: 'bool' },
],
'tm.Tool': [
{ key: 'isDangerous', type: 'bool' },
{ key: 'isApi', type: 'bool' },
{ key: 'usingParameters', type: 'bool' },
{ key: 'isAutomated', type: 'bool' },
{ key: 'requiresAdmin', type: 'bool' },
{ key: 'isResourceIntensive', type: 'bool' },
{ key: 'hasQuota', type: 'bool' },
{ key: 'executesAgentGeneratedCode', type: 'bool' },
],
'tm.Flow': [
{ key: 'hasUserPrompt', type: 'bool' },
{ key: 'mayContainMedia', type: 'bool' },
],
'tm.Store': [
{ key: 'isLongTermAgentMemory', type: 'bool' },
],
'tm.Process': [
{ key: 'usesHII', type: 'bool' },
]
},
propertyTypeComponents: {
bool: 'b-form-checkbox'
}
}),
computed: mapState({
cellRef: (state) => state.cell.ref
}),
Expand Down
4 changes: 3 additions & 1 deletion td.vue/src/components/Navbar.vue
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
v-b-tooltip.hover :title="$t('nav.logOut')"
></font-awesome-icon>
</b-nav-item>

<b-nav-item
href="https://www.threatdragon.com/docs/"
target="_blank"
Expand Down Expand Up @@ -136,7 +137,8 @@ export default {
throw error;
}
});
}
},

}
};
</script>
27 changes: 26 additions & 1 deletion td.vue/src/i18n/en.js
Original file line number Diff line number Diff line change
Expand Up @@ -181,10 +181,33 @@ const eng = {
protocol: 'Protocol',
publicNetwork: 'Public Network',
storesCredentials: 'Stores Credentials',
storesInventory: 'Stores Inventory'
storesInventory: 'Stores Inventory',
hasConstraints: 'Has Constraints',
hasLogging: 'Has Logging',
hasDynamicAdminPrivileges: 'Has Dynamic Admin Privileges',
hasMultiDomainAccess: 'Has Multi-Domain Access',
canBeRegisteredByUser: 'Can be registered by user',
inheritsPrivileges: 'Inherits Privileges',
usesAuth: 'Uses Auth',
usesBehavioralAuth: 'Uses Behavioral Auth',
isSecurity: 'Is Security',
isAuthenticator: 'Is Authenticator',
isDangerous: 'Is Dangerous',
usingParameters: 'Using Parameters',
isApi: 'Is API',
isAutomated: 'Is Automated',
requiresAdmin: 'Requires Admin Privileges',
isResourceIntensive: 'Is Resource Intensive',
hasQuota: 'Has Quota',
executesAgentGeneratedCode: 'Executes Agent Generated Code',
usesHII: 'Uses HII',
isLongTermAgentMemory: 'Is Long Term Agent Memory',
hasUserPrompt: 'Has User Prompt',
mayContainMedia: 'May Contain Media',
},
buttons: {
delete: 'Delete selected',
generateThreats: 'Generate threats',
redo: 'Redo edit',
shortcuts: 'Keyboard shortcuts',
toggleGrid: 'Toggle grid',
Expand Down Expand Up @@ -241,6 +264,8 @@ const eng = {
},
shapes: {
actor: 'Actor',
agent: 'Agent',
tool: 'Tool',
flow: 'Data Flow',
flowStencil: 'Data Flow',
process: 'Process',
Expand Down
3 changes: 3 additions & 0 deletions td.vue/src/i18n/ru.js
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,7 @@ const rus = {
},
buttons: {
delete: 'Delete selected',
generateThreats: 'Generate threats',
redo: 'Redo edit',
shortcuts: 'Keyboard shortcuts',
toggleGrid: 'Toggle grid',
Expand Down Expand Up @@ -236,6 +237,8 @@ const rus = {
},
shapes: {
actor: 'Actor',
agent: 'Agent',
tool: 'Tool',
flow: 'Data Flow',
flowStencil: 'Data Flow',
process: 'Process',
Expand Down
6 changes: 4 additions & 2 deletions td.vue/src/plugins/fontawesome-vue.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ import {
faPrint,
faProjectDiagram,
faDiagramProject,
faLock
faLock,
faMagicWandSparkles
} from '@fortawesome/free-solid-svg-icons';

import {faBitbucket, faGithub, faGitlab, faVuejs, faGoogle, faGoogleDrive} from '@fortawesome/free-brands-svg-icons';
Expand Down Expand Up @@ -70,7 +71,8 @@ library.add(
faDiagramProject,
faGoogle,
faGoogleDrive,
faLock
faLock,
faMagicWandSparkles
);

Vue.component('font-awesome-icon', FontAwesomeIcon);
Loading