Inline raa calculations

Dockerfile

@@ -25,8 +25,6 @@ COPY --from=clone /app/threagile /app
 
 RUN go version
 RUN go test ./...
-RUN GOOS=linux go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o raa_calc cmd/raa/main.go
-RUN GOOS=linux go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o raa_dummy cmd/raa_dummy/main.go
 RUN GOOS=linux go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o risk_demo_rule cmd/risk_demo/main.go
 RUN GOOS=linux go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o threagile
 # add the -race parameter to go build call in order to instrument with race condition detector: https://blog.golang.org/race-detector
@@ -61,8 +59,6 @@ RUN mkdir -p /app /data
 RUN chown -R 1000:1000 /app /data
 
 COPY --from=build --chown=1000:1000 /app/threagile /app/
-COPY --from=build --chown=1000:1000 /app/raa_calc /app/
-COPY --from=build --chown=1000:1000 /app/raa_dummy /app/
 COPY --from=build --chown=1000:1000 /app/risk_demo_rule /app/
 COPY --from=build --chown=1000:1000 /app/LICENSE.txt /app/
 COPY --from=build --chown=1000:1000 /app/report/template/background.pdf /app/

Dockerfile.local

@@ -19,8 +19,6 @@ RUN go version
 RUN go test ./...
 
 # build binaries
-RUN go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o raa_calc cmd/raa/main.go
-RUN go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o raa_dummy cmd/raa_dummy/main.go
 RUN go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o risk_demo_rule cmd/risk_demo/main.go
 RUN go build -ldflags="-X main.buildTimestamp=$(date '+%Y%m%d%H%M%S')" -o threagile cmd/threagile/main.go
 
@@ -68,8 +66,6 @@ RUN chown -R threagile:threagile /app /data
 USER threagile
 
 COPY --from=build --chown=threagile:threagile /app/threagile /app/
-COPY --from=build --chown=threagile:threagile /app/raa_calc /app/
-COPY --from=build --chown=threagile:threagile /app/raa_dummy /app/
 COPY --from=build --chown=threagile:threagile /app/risk_demo_rule /app/
 COPY --from=build --chown=threagile:threagile /app/LICENSE.txt /app/
 COPY --from=build --chown=threagile:threagile /app/report/template/background.pdf /app/

Makefile

@@ -10,8 +10,6 @@ ASSETS			= 							\
 	pkg/security/types/technologies.yaml	\
 	server
 BIN				= 							\
-	raa_calc 								\
-	raa_dummy 								\
 	risk_demo_rule 							\
 	threagile
 
@@ -66,12 +64,6 @@ gv: out/tmp/diagram.png
 out/tmp/diagram.png: out/tmp/diagram.gv
 	dot -Tpng $< -o $@
 
-bin/raa_calc: cmd/raa/main.go
-	$(GO) build $(GOFLAGS) -o $@ $<
-
-bin/raa_dummy: cmd/raa_dummy/main.go
-	$(GO) build $(GOFLAGS) -o $@ $<
-
 bin/risk_demo_rule: cmd/risk_demo/main.go
 	$(GO) build $(GOFLAGS) -o $@ $<
 

README.md

@@ -13,30 +13,30 @@ are checked against the architecture model.
 
 #### Execution via Docker Container
 The easiest way to execute Threagile on the commandline is via its Docker container:
-    
-    docker run --rm -it threagile/threagile --help  
-    
-      _____ _                          _ _      
-     |_   _| |__  _ __ ___  __ _  __ _(_) | ___ 
+
+    docker run --rm -it threagile/threagile --help
+
+      _____ _                          _ _
+     |_   _| |__  _ __ ___  __ _  __ _(_) | ___
        | | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
        | | | | | | | |  __/ (_| | (_| | | |  __/
        |_| |_| |_|_|  \___|\__,_|\__, |_|_|\___|
-                                 |___/        
+                                 |___/
     Threagile - Agile Threat Modeling
-    
-    
+
+
     Documentation: https://threagile.io
     Docker Images: https://hub.docker.com/r/threagile/threagile
     Sourcecode: https://github.com/threagile
     License: Open-Source (MIT License)
     Version: 1.0.0 (20231104141112)
-    
-    
+
+
     Usage: threagile [options]
-    
-    
+
+
     Options:
-    
+
       -background string
         	background pdf file (default "background.pdf")
       -create-editing-support
@@ -83,8 +83,6 @@ The easiest way to execute Threagile on the commandline is via its Docker contai
         	print 3rd-party license information
       -print-license
         	print license information
-      -raa-plugin string
-        	RAA calculation plugin (.so shared object) file name (default "raa.so")
       -server int
         	start a server (instead of commandline execution) on the given port
       -skip-risk-rules string
@@ -93,30 +91,30 @@ The easiest way to execute Threagile on the commandline is via its Docker contai
         	verbose output
       -version
         	print version
-    
-    
+
+
     Examples:
-    
-    If you want to create an example model (via docker) as a starting point to learn about Threagile just run: 
+
+    If you want to create an example model (via docker) as a starting point to learn about Threagile just run:
      docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-example-model -output /app/work
-    
-    If you want to create a minimal stub model (via docker) as a starting point for your own model just run: 
+
+    If you want to create a minimal stub model (via docker) as a starting point for your own model just run:
      docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-stub-model -output /app/work
-    
-    If you want to execute Threagile on a model yaml file (via docker): 
+
+    If you want to execute Threagile on a model yaml file (via docker):
      docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -verbose -model /app/work/threagile.yaml -output /app/work
-    
-    If you want to run Threagile as a server (REST API) on some port (here 8080): 
+
+    If you want to run Threagile as a server (REST API) on some port (here 8080):
      docker run --rm -it --shm-size=256m -p 8080:8080 --name threagile-server --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile -server 8080
-    
-    If you want to find out about the different enum values usable in the model yaml file: 
+
+    If you want to find out about the different enum values usable in the model yaml file:
      docker run --rm -it threagile/threagile -list-types
-    
-    If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE: 
+
+    If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE:
      docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-editing-support -output /app/work
-    
-    If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly): 
+
+    If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly):
      docker run --rm -it threagile/threagile -list-model-macros
-    
-    If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline): 
+
+    If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline):
      docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -model /app/work/threagile.yaml -output /app/work -execute-model-macro add-build-pipeline

internal/threagile/flags.go

@@ -22,7 +22,6 @@ const (
 	serverPortFlagName = "server-port"
 
 	inputFileFlagName = "model"
-	raaPluginFlagName = "raa-run"
 
 	customRiskRulesPluginFlagName      = "custom-risk-rules-plugin"
 	diagramDpiFlagName                 = "diagram-dpi"
@@ -49,7 +48,6 @@ type Flags struct {
 	outputDirFlag   string
 	tempDirFlag     string
 	inputFileFlag   string
-	raaPluginFlag   string
 	serverPortFlag  int
 	serverDirFlag   string
 

internal/threagile/root.go

@@ -63,7 +63,6 @@ func (what *Threagile) initRoot() *Threagile {
 	what.rootCmd.PersistentFlags().StringVar(&what.flags.tempDirFlag, tempDirFlagName, defaultConfig.TempFolder, "temporary folder location")
 
 	what.rootCmd.PersistentFlags().StringVar(&what.flags.inputFileFlag, inputFileFlagName, defaultConfig.InputFile, "input model yaml file")
-	what.rootCmd.PersistentFlags().StringVar(&what.flags.raaPluginFlag, raaPluginFlagName, defaultConfig.RAAPlugin, "RAA calculation run file name")
 
 	what.rootCmd.PersistentFlags().BoolVarP(&what.flags.interactiveFlag, interactiveFlagName, interactiveFlagShorthand, defaultConfig.Interactive, "interactive mode")
 	what.rootCmd.PersistentFlags().BoolVarP(&what.flags.verboseFlag, verboseFlagName, verboseFlagShorthand, defaultConfig.Verbose, "verbose output")
@@ -256,9 +255,6 @@ func (what *Threagile) readConfig(cmd *cobra.Command, buildTimestamp string) *co
 	if isFlagOverridden(flags, inputFileFlagName) {
 		cfg.InputFile = cfg.CleanPath(what.flags.inputFileFlag)
 	}
-	if isFlagOverridden(flags, raaPluginFlagName) {
-		cfg.RAAPlugin = what.flags.raaPluginFlag
-	}
 
 	if isFlagOverridden(flags, customRiskRulesPluginFlagName) {
 		cfg.RiskRulesPlugins = strings.Split(what.flags.customRiskRulesPluginFlag, ",")

pkg/common/config.go

@@ -37,7 +37,6 @@ type Config struct {
 	TemplateFilename            string
 	TechnologyFilename          string
 
-	RAAPlugin         string
 	RiskRulesPlugins  []string
 	SkipRiskRules     []string
 	ExecuteModelMacro string
@@ -91,7 +90,6 @@ func (c *Config) Defaults(buildTimestamp string) *Config {
 		TemplateFilename:            TemplateFilename,
 		TechnologyFilename:          "",
 
-		RAAPlugin:         RAAPluginName,
 		RiskRulesPlugins:  make([]string, 0),
 		SkipRiskRules:     make([]string, 0),
 		ExecuteModelMacro: "",
@@ -286,9 +284,6 @@ func (c *Config) Merge(config Config, values map[string]any) {
 		case strings.ToLower("TechnologyFilename"):
 			c.TechnologyFilename = config.TechnologyFilename
 
-		case strings.ToLower("RAAPlugin"):
-			c.RAAPlugin = config.RAAPlugin
-
 		case strings.ToLower("RiskRulesPlugins"):
 			c.RiskRulesPlugins = config.RiskRulesPlugins
 

pkg/common/consts.go

@@ -24,8 +24,6 @@ const (
 	DataAssetDiagramFilenameDOT = "data-asset-diagram.gv"
 	DataAssetDiagramFilenamePNG = "data-asset-diagram.png"
 
-	RAAPluginName = "raa_calc"
-
 	DefaultDiagramDPI               = 100
 	DefaultGraphvizDPI              = 120
 	MinGraphvizDPI                  = 20

cmd/raa/main.go → pkg/model/raa.go

@@ -1,81 +1,14 @@
-package main
+package model
 
 import (
-	"flag"
-	"fmt"
-	"gopkg.in/yaml.v3"
-	"io"
-	"os"
 	"sort"
 
 	"github.com/threagile/threagile/pkg/security/types"
 )
 
-// used from run caller:
+func applyRAA(input *types.Model, progressReporter types.ProgressReporter) string {
+	progressReporter.Infof("Applying RAA calculation")
 
-func main() {
-	inputFilename := flag.String("in", "", "input file")
-	outputFilename := flag.String("out", "", "output file")
-	flag.Parse()
-
-	var data []byte
-	var inputError error
-	if len(*inputFilename) > 0 {
-		data, inputError = os.ReadFile(*inputFilename)
-		if inputError != nil {
-			_, _ = fmt.Fprintf(os.Stderr, "failed to read input file %q: %v\n", *inputFilename, inputError)
-			os.Exit(-2)
-		}
-	} else {
-		data, inputError = io.ReadAll(os.Stdin)
-		if inputError != nil {
-			_, _ = fmt.Fprintf(os.Stderr, "failed to read input from stdin: %v\n", inputError)
-			os.Exit(-2)
-		}
-	}
-
-	// _ = os.WriteFile("raa_in.yaml", data, 0644)
-
-	var input types.Model
-	parseError := yaml.Unmarshal(data, &input)
-	if parseError != nil {
-		_, _ = fmt.Fprintf(os.Stderr, "failed to parse model: %v\n", parseError)
-		os.Exit(-2)
-	}
-
-	text := CalculateRAA(&input)
-	outData, marshalError := yaml.Marshal(input)
-	if marshalError != nil {
-		_, _ = fmt.Fprintf(os.Stderr, "failed to print model: %v\n", marshalError)
-		os.Exit(-2)
-	}
-
-	// _ = os.WriteFile("raa_out.yaml", outData, 0644)
-
-	var outputFile io.Writer = os.Stdout
-	if len(*outputFilename) > 0 {
-		file, outputError := os.Open(*outputFilename)
-		if outputError != nil {
-			_, _ = fmt.Fprintf(os.Stderr, "failed to open output file %q: %v\n", *outputFilename, outputError)
-			os.Exit(-2)
-		}
-
-		defer closeFile(file)
-		outputFile = file
-	}
-
-	_, _ = fmt.Fprint(outputFile, string(outData))
-	_ = text
-	//	_, _ = fmt.Fprint(os.Stderr, text)
-
-	os.Exit(0)
-}
-
-func closeFile(file io.Closer) {
-	_ = file.Close()
-}
-
-func CalculateRAA(input *types.Model) string {
 	for techAssetID, techAsset := range input.TechnicalAssets {
 		aa := calculateAttackerAttractiveness(input, techAsset)
 		aa += calculatePivotingNeighbourEffectAdjustment(input, techAsset)
@@ -92,10 +25,9 @@ func CalculateRAA(input *types.Model) string {
 		"attacker-attractive technical assets:"
 }
 
-var attackerAttractivenessMinimum, attackerAttractivenessMaximum, spread float64 = 0, 0, 0
-
 // set the concrete value in relation to the minimum and maximum of all
 func calculateRelativeAttackerAttractiveness(input *types.Model, attractiveness float64) float64 {
+	var attackerAttractivenessMinimum, attackerAttractivenessMaximum, spread float64 = 0, 0, 0
 	if attackerAttractivenessMinimum == 0 || attackerAttractivenessMaximum == 0 {
 		attackerAttractivenessMinimum, attackerAttractivenessMaximum = 9223372036854775807, -9223372036854775808
 		// determine (only one time required) the min/max of all