Automative threat generation for LLM-agent based systems

.gitignore

@@ -118,6 +118,7 @@
 !td.vue/**/*.scss
 !td.vue/public/
 !td.vue/public/*
+!td.vue/public/**
 !td.vue/src/
 !td.vue/src/*.js
 !td.vue/src/*.vue
@@ -166,6 +167,9 @@
 !td.vue/src/service/threats/models/*.js
 !td.vue/src/service/threats/oats/
 !td.vue/src/service/threats/oats/*.js
+!td.vue/src/service/threats/analyzer/
+!td.vue/src/service/threats/analyzer/*.js
+!td.vue/src/service/threats/analyzer/*.json
 !td.vue/src/service/x6/
 !td.vue/src/service/x6/*.js
 !td.vue/src/service/x6/graph/

td.vue/src/components/GraphButtons.vue

@@ -1,5 +1,12 @@
 <template>
     <b-btn-group>
+
+        <td-form-button
+            :onBtnClick="generateThreats"
+            icon="magic-wand-sparkles"
+            :title="$t('threatmodel.buttons.generateThreats')"
+            text="" />
+
         <td-form-button
             :onBtnClick="deleteSelected"
             icon="trash"
@@ -73,14 +80,25 @@
 import { mapState } from 'vuex';
 
 import TdFormButton from '@/components/FormButton.vue';
+import { completeGraphAgentThreats } from '@/service/threats/analyzer/index.js';
+
 
 export default {
     name: 'TdGraphButtons',
     components: {
         TdFormButton
     },
     computed: mapState({
+        cellRef: (state) => state.cell.ref,
+        threats: (state) => state.cell.threats,
         diagram: (state) => state.threatmodel.selectedDiagram,
+        threatTop: (state) => state.threatmodel.data.detail.threatTop,
+        disableNewThreat: function (state) {
+            if (!state.cell?.ref?.data) {
+                return true;
+            }
+            return state.cell.ref.data.outOfScope || state.cell.ref.data.isTrustBoundary || state.cell.ref.data.type === 'tm.Text';
+        }
     }),
     data() {
         return {
@@ -93,6 +111,9 @@ export default {
         }
     },
     methods: {
+        generateThreats() {
+            completeGraphAgentThreats(this.graph, this.$store);
+        },
         save() {
             this.$emit('saved');
         },

td.vue/src/components/GraphProperties.vue

@@ -242,6 +242,22 @@
             >
           </b-form-group>
         </b-col>
+
+        <!-- Auto properties -->
+        <b-col 
+            v-if="cellRef.data.type in properties"
+            v-for="prop in properties[cellRef.data.type]" 
+            :key="`${cellRef.data.type}_${prop.key}`">
+          <b-form-group label-cols="auto" :id="`${prop.key}-group`">
+            <component
+              :is="propertyTypeComponents[prop.type]"
+              :id="prop.key"
+              v-model="cellRef.data[prop.key]"
+              @change="onChangeProperties()"
+              >{{ $t(`threatmodel.properties.${prop.key}`) }}</component>
+          </b-form-group>
+        </b-col>
+
       </b-form-row>
     </b-form>
   </div>
@@ -259,6 +275,45 @@ import dataChanged from '@/service/x6/graph/data-changed.js';
 
 export default {
     name: 'TdGraphProperties',
+    data: () => ({
+        properties: {
+            'tm.Agent': [
+                { key: 'hasConstraints', type: 'bool' },
+                { key: 'hasLogging', type: 'bool' },
+                { key: 'hasDynamicAdminPrivileges', type: 'bool' },
+                { key: 'hasMultiDomainAccess', type: 'bool' },
+                { key: 'canBeRegisteredByUser', type: 'bool' },
+                { key: 'inheritsPrivileges', type: 'bool' },
+                { key: 'usesAuth', type: 'bool' },
+                { key: 'usesBehavioralAuth', type: 'bool' },
+                { key: 'isSecurity', type: 'bool' },
+                { key: 'isAuthenticator', type: 'bool' },
+            ],
+            'tm.Tool': [
+                { key: 'isDangerous', type: 'bool' },
+                { key: 'isApi', type: 'bool' },
+                { key: 'usingParameters', type: 'bool' },
+                { key: 'isAutomated', type: 'bool' },
+                { key: 'requiresAdmin', type: 'bool' },
+                { key: 'isResourceIntensive', type: 'bool' },
+                { key: 'hasQuota', type: 'bool' },
+                { key: 'executesAgentGeneratedCode', type: 'bool' },
+            ],
+            'tm.Flow': [
+                { key: 'hasUserPrompt', type: 'bool' },
+                { key: 'mayContainMedia', type: 'bool' },
+            ],
+            'tm.Store': [
+                { key: 'isLongTermAgentMemory', type: 'bool' },
+            ],
+            'tm.Process': [
+                { key: 'usesHII', type: 'bool' },
+            ]
+        },
+        propertyTypeComponents: {
+            bool: 'b-form-checkbox'
+        }
+    }),
     computed: mapState({
         cellRef: (state) => state.cell.ref
     }),

td.vue/src/components/Navbar.vue

@@ -22,6 +22,7 @@
             v-b-tooltip.hover :title="$t('nav.logOut')"
           ></font-awesome-icon>
         </b-nav-item>
+
         <b-nav-item
           href="https://www.threatdragon.com/docs/"
           target="_blank"
@@ -136,7 +137,8 @@ export default {
                     throw error;
                 }
             });
-        }
+        },
+
     }
 };
 </script>

td.vue/src/i18n/en.js

@@ -181,10 +181,33 @@ const eng = {
             protocol: 'Protocol',
             publicNetwork: 'Public Network',
             storesCredentials: 'Stores Credentials',
-            storesInventory: 'Stores Inventory'
+            storesInventory: 'Stores Inventory',
+            hasConstraints: 'Has Constraints',
+            hasLogging: 'Has Logging',
+            hasDynamicAdminPrivileges: 'Has Dynamic Admin Privileges',
+            hasMultiDomainAccess: 'Has Multi-Domain Access',
+            canBeRegisteredByUser: 'Can be registered by user',
+            inheritsPrivileges: 'Inherits Privileges',
+            usesAuth: 'Uses Auth',
+            usesBehavioralAuth: 'Uses Behavioral Auth',
+            isSecurity: 'Is Security',
+            isAuthenticator: 'Is Authenticator',
+            isDangerous: 'Is Dangerous',
+            usingParameters: 'Using Parameters',
+            isApi: 'Is API',
+            isAutomated: 'Is Automated',
+            requiresAdmin: 'Requires Admin Privileges',
+            isResourceIntensive: 'Is Resource Intensive',
+            hasQuota: 'Has Quota',
+            executesAgentGeneratedCode: 'Executes Agent Generated Code',
+            usesHII: 'Uses HII',
+            isLongTermAgentMemory: 'Is Long Term Agent Memory',
+            hasUserPrompt: 'Has User Prompt',
+            mayContainMedia: 'May Contain Media',
         },
         buttons: {
             delete: 'Delete selected',
+            generateThreats: 'Generate threats',
             redo: 'Redo edit',
             shortcuts: 'Keyboard shortcuts',
             toggleGrid: 'Toggle grid',
@@ -241,6 +264,8 @@ const eng = {
         },
         shapes: {
             actor: 'Actor',
+            agent: 'Agent',
+            tool: 'Tool',
             flow: 'Data Flow',
             flowStencil: 'Data Flow',
             process: 'Process',

td.vue/src/i18n/ru.js

@@ -180,6 +180,7 @@ const rus = {
         },
         buttons: {
             delete: 'Delete selected',
+            generateThreats: 'Generate threats',
             redo: 'Redo edit',
             shortcuts: 'Keyboard shortcuts',
             toggleGrid: 'Toggle grid',
@@ -236,6 +237,8 @@ const rus = {
         },
         shapes: {
             actor: 'Actor',
+            agent: 'Agent',
+            tool: 'Tool',
             flow: 'Data Flow',
             flowStencil: 'Data Flow',
             process: 'Process',

td.vue/src/plugins/fontawesome-vue.js

@@ -31,7 +31,8 @@ import {
     faPrint,
     faProjectDiagram,
     faDiagramProject,
-    faLock
+    faLock,
+    faMagicWandSparkles
 } from '@fortawesome/free-solid-svg-icons';
 
 import {faBitbucket, faGithub, faGitlab, faVuejs, faGoogle, faGoogleDrive} from '@fortawesome/free-brands-svg-icons';
@@ -70,7 +71,8 @@ library.add(
     faDiagramProject,
     faGoogle,
     faGoogleDrive,
-    faLock
+    faLock,
+    faMagicWandSparkles
 );
 
 Vue.component('font-awesome-icon', FontAwesomeIcon);