include out of scope reason and element properties in reports

README.md

@@ -11,14 +11,13 @@
 
 # OWASP Threat Dragon
 
-[OWASP](https://www.owasp.org) Threat Dragon is a free, open-source, cross-platform threat modeling application.
+[OWASP][owasp] [Threat Dragon][project] is a free, open-source, cross-platform threat modeling application.
 It is used to draw threat modeling diagrams and to list threats for elements in the diagram.
 [Mike Goodwin](https://github.com/mike-goodwin) created Threat Dragon as an open source community project
 that provides an intuitive and accessible way to model threats.
 
 Threat Dragon is designed to be accessible for various types of teams, with an emphasis on flexibility and simplicity.
-It is an [OWASP Lab Project](https://owasp.org/www-project-threat-dragon/)
-and follows the values and principles of the [threat modeling manifesto][manifesto].
+It is an [OWASP Lab Project][project] and follows the values and principles of the [threat modeling manifesto][manifesto].
 
 This program is free software: you can redistribute it and/or modify it
 under the terms of the [Apache 2.0 License][license].
@@ -149,8 +148,7 @@ Using http port 8080 and accessing Threat Dragon on `http://localhost:8080/`.
 Pull requests, feature requests, bug reports and feedback of any kind are very welcome,
 please refer to the page for [contributors](contributing.md).
 
-There are some [developer notes](https://owasp.org/www-project-threat-dragon/docs-2/local-development/)
-to help get started with this project.
+There are some [developer notes][notes] to help get started with this project.
 We are trying to keep the test coverage relatively high so include tests in your pull requests.
 
 The easiest way to get in contact with the Threat Dragon community is via the OWASP Slack
@@ -178,4 +176,7 @@ Threat Dragon: _making threat modeling less threatening_
 [gitlab]: https://owasp.org/www-project-threat-dragon/docs-2/gitlab-repo/
 [license]: https://github.com/OWASP/threat-dragon/blob/v2.2.0/license.txt
 [manifesto]: https://www.threatmodelingmanifesto.org/
+[notes]: https://owasp.org/www-project-threat-dragon/docs-2/local-development/
+[owasp]: https://www.owasp.org
+[project]: https://owasp.org/www-project-threat-dragon
 [releases]: https://github.com/OWASP/threat-dragon/releases

td.server/package.json

@@ -81,6 +81,7 @@
     "@pm2/agent": ">=2.0.4",
     "body-parser": ">=1.20.3",
     "braces": ">=3.0.3",
+    "cookie": ">=0.7.0",
     "debug@<3.1.0": ">=4.3.4",
     "follow-redirects": ">=1.15.6",
     "got": ">=11.8.5",

td.vue/package.json

@@ -152,6 +152,7 @@
     "@babel/traverse": ">=7.23.2",
     "body-parser": ">=1.20.3",
     "braces": ">=3.0.3",
+    "cookie": ">=0.7.0",
     "debug@<3.1.0": ">=4.3.4",
     "electron-builder@<23.0.3": ">=23.0.3",
     "ejs@<3.1.10": ">=3.1.10",

td.vue/src/components/printed-report/ReportEntity.vue

@@ -1,10 +1,12 @@
 <template>
     <div class="report-box print-only">
         <div class="entity-title">
-            {{ `${entity.data.name} (${dataType})` }}
+            {{ `${entity.data.name.replaceAll('\n', ' ')} (${dataType})` }}
             <em v-if="outOfScope">- {{ $t('threatmodel.properties.outOfScope') }}</em>
         </div>
-        <p class="entity-description">{{ entity.data.description }}</p>
+        <p class="entity-description" v-if="outOfScope"><b>{{ $t('threatmodel.properties.reasonOutOfScope') }}:</b> {{ entity.data.reasonOutOfScope }}</p>
+        <p class="entity-description">{{ $t('threatmodel.properties.description') }}: {{ entity.data.description }}</p>
+        <p class="entity-description" v-if="showProperties">{{ properties }}</p>
         <table class="table">
             <thead>
                 <tr>
@@ -68,13 +70,17 @@ export default {
             type: Boolean,
             default: false
         },
-        showOutOfScope: {
+        showMitigated: {
             type: Boolean,
             default: true
         },
-        showMitigated: {
+        showOutOfScope: {
             type: Boolean,
             default: true
+        },
+        showProperties: {
+            type: Boolean,
+            default: false
         }
     },
     computed: {
@@ -84,10 +90,56 @@ export default {
         },
         threats: function () {
             return threatService.filterForDiagram(this.entity.data, {
-                showOutOfScope: this.showOutOfScope,
-                showMitigated: this.showMitigated
+                showMitigated: this.showMitigated,
+                showOutOfScope: this.showOutOfScope
             });
         },
+        properties: function () {
+            let properties = '';
+            if (this.entity.data.bidirection) {
+                properties += this.$t('threatmodel.properties.bidirection')  + ', ';
+            }
+            if (this.entity.data.handlesCardPayment) {
+                properties += this.$t('threatmodel.properties.handlesCardPayment')  + ', ';
+            }
+            if (this.entity.data.handlesGoodsOrServices) {
+                properties += this.$t('threatmodel.properties.handlesGoodsOrServices')  + ', ';
+            }
+            if (this.entity.data.isALog) {
+                properties += this.$t('threatmodel.properties.isALog')  + ', ';
+            }
+            if (this.entity.data.isEncrypted) {
+                properties += this.$t('threatmodel.properties.isEncrypted')  + ', ';
+            }
+            if (this.entity.data.isSigned) {
+                properties += this.$t('threatmodel.properties.isSigned')  + ', ';
+            }
+            if (this.entity.data.isWebApplication) {
+                properties += this.$t('threatmodel.properties.isWebApplication')  + ', ';
+            }
+            if (this.entity.data.privilegeLevel) {
+                properties += this.$t('threatmodel.properties.privilegeLevel') + ': ' + this.entity.data.privilegeLevel + ', ';
+            }
+            if (this.entity.data.providesAuthentication) {
+                properties += this.$t('threatmodel.properties.providesAuthentication')  + ', ';
+            }
+            if (this.entity.data.protocol) {
+                properties += this.$t('threatmodel.properties.protocol') + ' (' + this.entity.data.protocol  + '), ';
+            }
+            if (this.entity.data.publicNetwork) {
+                properties += this.$t('threatmodel.properties.publicNetwork')  + ', ';
+            }
+            if (this.entity.data.storesCredentials) {
+                properties += this.$t('threatmodel.properties.storesCredentials')  + ', ';
+            }
+            if (this.entity.data.storesInventory) {
+                properties += this.$t('threatmodel.properties.storesInventory')  + ', ';
+            }
+            if (properties.length > 2) {
+                properties = properties.slice(0, -2);
+            }
+            return this.$t('threatmodel.properties.title') + ': ' + properties;
+        }
     },
     methods: {
         toCamelCase(str) {

td.vue/src/components/report/DiagramDetail.vue

@@ -25,8 +25,9 @@
                 <td-report-entity
                     :entity="entity"
                     :outOfScope="entity.data.outOfScope"
-                    :showOutOfScope="showOutOfScope"
                     :showMitigated="showMitigated"
+                    :showOutOfScope="showOutOfScope"
+                    :showProperties="showProperties"
                     :showEmpty="showEmpty"
                 ></td-report-entity>
             </b-row>
@@ -41,8 +42,9 @@
                 <td-print-report-entity
                     :entity="entity"
                     :outOfScope="entity.data.outOfScope"
-                    :showOutOfScope="showOutOfScope"
                     :showMitigated="showMitigated"
+                    :showOutOfScope="showOutOfScope"
+                    :showProperties="showProperties"
                     :showEmpty="showEmpty"
                 ></td-print-report-entity>
             </div>
@@ -78,6 +80,10 @@ export default {
             type: Boolean,
             default: true
         },
+        showProperties: {
+            type: Boolean,
+            default: false
+        },
         showEmpty: {
             type: Boolean,
             default: false

td.vue/src/components/report/ReportEntity.vue

@@ -3,14 +3,20 @@
         <b-row>
             <b-col>
                 <h3 class="entity-title">
-                    {{ `${entity.data.name} (${dataType})` }}
+                    {{ `${entity.data.name.replaceAll('\n', ' ')} (${dataType})` }}
                     <em v-if="outOfScope">- {{ $t('threatmodel.properties.outOfScope') }}</em>
                 </h3>
             </b-col>
         </b-row>
+        <b-row v-if="outOfScope">
+            <b-col>
+                <p class="entity-description"><b>{{ $t('threatmodel.properties.reasonOutOfScope') }}:</b> {{ entity.data.reasonOutOfScope }}</p>
+            </b-col>
+        </b-row>
         <b-row>
             <b-col>
-                <p class="entity-description">{{ entity.data.description }}</p>
+                <p class="entity-description">{{ $t('threatmodel.properties.description') }}: {{ entity.data.description }}</p>
+                <p class="entity-description" v-if="showProperties">{{ properties }}</p>
             </b-col>
         </b-row>
         <b-row>
@@ -31,6 +37,18 @@
     width: 99%;
     white-space: pre-wrap;
 }
+
+.entity-title {
+    font-size: 24px;
+    margin-top: 50px;
+    margin-bottom: 15px;
+    font-weight: bold;
+}
+
+.entity-description {
+    padding: 15px;
+    white-space: pre-wrap;
+}
 </style>
 
 <script>
@@ -44,13 +62,17 @@ export default {
             type: Boolean,
             default: false
         },
-        showOutOfScope: {
+        showMitigated: {
             type: Boolean,
             default: true
         },
-        showMitigated: {
+        showOutOfScope: {
             type: Boolean,
             default: true
+        },
+        showProperties: {
+            type: Boolean,
+            default: false
         }
     },
     computed: {
@@ -60,8 +82,8 @@ export default {
         },
         tableData: function () {
             return threatService.filterForDiagram(this.entity.data, {
-                showOutOfScope: this.showOutOfScope,
-                showMitigated: this.showMitigated
+                showMitigated: this.showMitigated,
+                showOutOfScope: this.showOutOfScope
             }).map((threat) => {
                 return {
                     [this.$t('threats.properties.number')]: threat.number,
@@ -75,6 +97,52 @@ export default {
 
                 };
             });
+        },
+        properties: function () {
+            let properties = '';
+            if (this.entity.data.bidirection) {
+                properties += this.$t('threatmodel.properties.bidirection')  + ', ';
+            }
+            if (this.entity.data.handlesCardPayment) {
+                properties += this.$t('threatmodel.properties.handlesCardPayment')  + ', ';
+            }
+            if (this.entity.data.handlesGoodsOrServices) {
+                properties += this.$t('threatmodel.properties.handlesGoodsOrServices')  + ', ';
+            }
+            if (this.entity.data.isALog) {
+                properties += this.$t('threatmodel.properties.isALog')  + ', ';
+            }
+            if (this.entity.data.isEncrypted) {
+                properties += this.$t('threatmodel.properties.isEncrypted')  + ', ';
+            }
+            if (this.entity.data.isSigned) {
+                properties += this.$t('threatmodel.properties.isSigned')  + ', ';
+            }
+            if (this.entity.data.isWebApplication) {
+                properties += this.$t('threatmodel.properties.isWebApplication')  + ', ';
+            }
+            if (this.entity.data.privilegeLevel) {
+                properties += this.$t('threatmodel.properties.privilegeLevel') + ': ' + this.entity.data.privilegeLevel + ', ';
+            }
+            if (this.entity.data.providesAuthentication) {
+                properties += this.$t('threatmodel.properties.providesAuthentication')  + ', ';
+            }
+            if (this.entity.data.protocol) {
+                properties += this.$t('threatmodel.properties.protocol') + ' (' + this.entity.data.protocol  + '), ';
+            }
+            if (this.entity.data.publicNetwork) {
+                properties += this.$t('threatmodel.properties.publicNetwork')  + ', ';
+            }
+            if (this.entity.data.storesCredentials) {
+                properties += this.$t('threatmodel.properties.storesCredentials')  + ', ';
+            }
+            if (this.entity.data.storesInventory) {
+                properties += this.$t('threatmodel.properties.storesInventory')  + ', ';
+            }
+            if (properties.length > 2) {
+                properties = properties.slice(0, -2);
+            }
+            return this.$t('threatmodel.properties.title') + ': ' + properties;
         }
     },
     methods: {

td.vue/src/i18n/ar.js

@@ -357,6 +357,7 @@ const ara = {
             showMitigatedThreats: 'إظهار التهديدات المُخففة',
             showModelDiagrams: 'إظهار الرسوم التوضيحية للنموذج',
             showEmpty: 'إظهار العناصر الفارغة',
+            showProperties: 'Show element properties',
             showBranding: 'شعار تهديد التنين'
         },
         title: 'تقرير نموذج التهديد لـ',

td.vue/src/i18n/de.js

@@ -355,6 +355,7 @@ const deu = {
             showMitigatedThreats: 'Abgeschwächte Bedrohungen anzeigen',
             showModelDiagrams: 'Modell Diagramme anzeigen',
             showEmpty: 'Leere Elemente anzeigen',
+            showProperties: 'Show element properties',
             showBranding: 'Threat Dragon Logo'
         },
         title: 'Bedrohungsmodell Bereicht für',

td.vue/src/i18n/el.js

@@ -355,6 +355,7 @@ const ell = {
             showMitigatedThreats: 'Εμφάνιση απειλών που έχουν μετριαστεί',
             showModelDiagrams: 'Εμφάνιση διαγραμμάτων μοντέλων',
             showEmpty: 'Προβολή κενών στοιχείων',
+            showProperties: 'Show element properties',
             showBranding: 'Λογότυπο Threat Dragon'
         },
         title: 'Αναφορά μοντέλου απειλών για',

td.vue/src/i18n/en.js

@@ -360,6 +360,7 @@ const eng = {
             showMitigatedThreats: 'Show mitigated threats',
             showModelDiagrams: 'Show model diagrams',
             showEmpty: 'Show empty elements',
+            showProperties: 'Show element properties',
             showBranding: 'Threat Dragon logo'
         },
         title: 'Threat model report for',

td.vue/src/i18n/es.js

@@ -355,6 +355,7 @@ const spa = {
             showMitigatedThreats: 'Mostrar amenazas mitigadas',
             showModelDiagrams: 'Mostrar diagramas de modelo',
             showEmpty: 'Show empty elements',
+            showProperties: 'Show element properties',
             showBranding: 'Marca de Threat Dragon'
         },
         title: 'Reporte de modelo de amenaza para',

td.vue/src/i18n/fi.js

@@ -355,6 +355,7 @@ const fin = {
             showMitigatedThreats: 'Näytä hallitut uhkat',
             showModelDiagrams: 'Näytä uhkamallin kaaviot',
             showEmpty: 'Näytä tyhjät elementit',
+            showProperties: 'Show element properties',
             showBranding: 'Threat Dragon logo'
         },
         title: 'Uhkamallinnus kohteelle',

td.vue/src/i18n/fr.js

@@ -355,6 +355,7 @@ const fra = {
             showMitigatedThreats: 'Afficher les menaces mitigées',
             showModelDiagrams: 'Afficher les diagrammes du modèle',
             showEmpty: 'Show empty elements',
+            showProperties: 'Show element properties',
             showBranding: 'Icône de Threat Dragon'
         },
         title: 'Rapport sur le modèle de menace pour',