Proposal: Generate asciidoc files for STRIDE proposals #12
Description
UNDER CONSTRUCTION:
Stride proposal files (empty) + description asciidoc files having includes
With the information from sttk model, we know which parts of model do correspond to which part of S T R I D E
see https://en.wikipedia.org/wiki/STRIDE_(security)
So we can generate for each of the
- External entity
- Process
- Data flow
- Data storage
dedicated, but empty asciidoc files
Example 1
sttk/common/asciidoc/common_sttk_config.adoc
/sttk/stride/asciidoc/my_webapplication/spoofing.adoc
/sttk/stride/asciidoc/my_webapplication/tampering.adoc
/sttk/stride/asciidoc/my_webapplication/repuiation.adoc
/sttk/stride/asciidoc/my_webapplication/information_disclosure.adoc
Example 2
sttk/stride/threat/spoofing-description.adoc
sttk/stride/threat/tampering-description.adoc
sttk/stride/threat/spoofing/my_webbaplication_integrity.adoc
sttk/stride/threat/tampering/my_webbaplication_authenticity.adoc
...
All of those threat asciidoc files are generated empty - and do also NOT overwrite existing files
so normally ignored by git and also when used as includes inside asciidoc
in sttk_config.adoc all identifiers are available as variables:
sttk_name_my_webapplication="My Webapplication"
sttk_desc_my_webapplication="Description of web application..."
sttk_stride_desc_r_xyz=...default_parts to describe a problem, so reusable...
When developer edits
/sttk/stride/asciidoc/my_webapplication/s.adoc
he/she will be able to write
=== {sttk_name_my_webapplication}
sttk_desc_my_webapplication
sttk_stride_desc_r_xyz
So after a new generation, all files are available.
We need a stride.adoc file which is generated and includes all files from sttk/stride/asciidoc subfolders
(when empty they will be ignored by asciidoc)