-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expanding seq diagrams #142
Comments
Go with seq_line and arrow_style. Lifelines should be a separate issue. I haven't used seq diagrams too much but I'm excited to see new contributions 😊 |
First of all thanks for coming up with the suggestions! My use of sequence diagrams has been limited, mostly to understand, well, the sequence of events. I wonder if with this proposal we are not breaking the philosophy of "one small tool doing well what it is supposed to do" and overloading pytm with plantuml functionality. In other words, what do these additions represent in terms of a threat model, and how would they lead to the elicitation of new threats? In other words, are there threat rules that map to the usage of these symbols? |
Hello! Yeah it has been fun wrapping my head around pytm. To be honest, I was hesitant to suggest adding sequence functionality because it doesn't add directly to threat modelling and was having the same internal debate with myself as well about this very thing (does one thing well). For me, the use case is we have some asynchronous calls and some producer-consumer patterns that we wanted to highlight differently in the sequence diagrams then the standard calls that were being made. Visually, at least to me, it calls attention and maybe is a signal to add more controls around these calls or scrutinize implementation but I'll admit, I am struggling to find strong argument for any producer-consumer or asynchronous threats (e.g. DoS or privileged execution) which wouldn't already be covered by |
I think sequence diagrams (And the more detailed, expressive the better) are an excellent threat modelling resource. While I like DFDs for understanding transitions between trust domains, it's the sequence diagrams that really help me understand exactly what is going on in a given subsytem or in response to a particular command. +1 to improvements here. |
First apologies for the long winded issue...
tl;dr - Are there any plans in extending out some plantuml sequence diagram functionality?
I've been using pytm for about a week now and have found it to be a pretty good tool. Coming more from a security side I am more focused on the dataflow diagram and threat modelling report however I had a lot of requests to add bits and pieces to the the seq diagram as well (e.g. lifelines, queue participants, dividers, arrow style).
I'm happy to make a pull request with a few suggested changes (still wrapping my head around how it all ties together)
Queues
The easiest being:
I think the more robust, and probably more extensible way would be another attribute and, ideally, a new method to handle the line that will be formatted / printed in
seq()
Dataflow arrows
I think the simplest would be to add new attribute
arrowStyle
, implement the suggestedseq_line
from above and instantiate a dataflow the following way to get a dotted blue, open arrow line for the lines in the sequence digramt:Lifelines
This one I am still exploring and not confident in any implementation yet but maybe something like
Or introduce a concept of
SeqLifelines
, again not happy with the exploration I've done so far but quick back of a napkins code:Other ideas
varNote
class that allows defining shape, color, location see Notes on messages for attributes we could declareSeqNewPage
and the ability writeseq()
out to separate fileshide unlinked
(would only work with new page)SeqDivider
see Divider or speratorThe text was updated successfully, but these errors were encountered: