Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-04-12 19:25:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6dd2453ef7d7dcc4f6bfb6c5708fe73ca8322f21
awesome-copilot/skills/threat-model-analyst/references/tmt-element-taxonomy.md
Vijay Chegu afba5b86b8 Add threat-model-analyst skill: STRIDE-A threat modeling for repositories (#1177) 
* Add threat-model-analyst skill: STRIDE-A threat modeling for repositories

Add a comprehensive threat model analysis skill that performs security audits
using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and
defense-in-depth analysis.

Supports two modes:
- Single analysis: full STRIDE-A threat model producing architecture overviews,
  DFD diagrams, prioritized findings, and executive assessments
- Incremental analysis: security posture diff between baseline report and current
  code, producing standalone reports with embedded comparison

Includes bundled reference assets:
- Orchestrator workflows (full and incremental)
- Analysis principles and verification checklists
- Output format specifications and skeleton templates
- DFD diagram conventions and TMT element taxonomy

* Address PR review comments from Copilot reviewer

- Fix SKILL.md description: use single-quoted scalar, rename mode (2) to
  'Incremental analysis' with accurate description
- Replace 'Compare Mode (Deprecated)' sections with 'Comparing Commits or
  Reports' redirect (no deprecated language for first release)
- Fix skeleton-findings.md: move Tier 1 table rows under header, add
  CONDITIONAL-EMPTY block after END-REPEAT (matching Tier 2/3 structure)
- Fix skeleton-threatmodel.md and skeleton-architecture.md: use 4-backtick
  outer fences to avoid nested fence conflicts with inner mermaid fences
- Fix skeleton-incremental-html.md: correct section count from 9 to 8
- Fix output-formats.md: change status 'open' to 'Open' in JSON example,
  move stride_category warning outside JSON fence as blockquote
- Fix incremental-orchestrator.md: replace stale compare-output-formats.md
  reference with inline color conventions
- Regenerate docs/README.skills.md with updated description

* Address second round of Copilot review comments

- Fix diagram-conventions.md: bidirectional flow notation now uses <-->
  matching orchestrator.md and DFD templates
- Fix tmt-element-taxonomy.md: normalize SE.DF.SSH/LDAP/LDAPS to use
  SE.DF.TMCore.* prefix consistent with all other data flow IDs
- Fix output-formats.md: correct TMT category example from SQLDatabase
  to SQL matching taxonomy, fix component type from 'datastore' to
  'data_store' matching canonical enum, remove DaprSidecar from
  inbound_from per no-standalone-sidecar rule
- Fix 5 skeleton files: clarify VERBATIM instruction to 'copy the
  template content below (excluding the outer code fence)' to prevent
  agents from wrapping output in markdown fences
- Genericize product-specific names in examples: replace edgerag with
  myapp, BitNetManager with TaskProcessor, AzureLocalMCP with MyApp.Core,
  AzureLocalInfra with OnPremInfra, MilvusVectorDB with VectorDB

* Address third round of Copilot review comments

- Fix diagram-conventions.md: second bidirectional two-arrow pattern in
  Quick Reference section now uses <-->
- Fix incremental-orchestrator.md: renumber HTML sections 5-9 to 4-8
  matching skeleton-incremental-html.md 8-section structure
- Fix output-formats.md: add incremental-comparison.html to File List
  as conditional output for incremental mode
- Fix skeleton-inventory.md: add tmt_type, sidecars, and boundary_kind
  fields to match output-formats.md JSON schema example
2026-03-30 07:58:56 +11:00

188 lines
8.5 KiB
Markdown
Raw Blame History

# TMT Element Taxonomy — Code to Threat Model DFD Reference
Complete reference for identifying DFD elements from source code analysis.
Aligns with Microsoft Threat Modeling Tool (TMT) element types for TM7 compatibility.
This is the **single authoritative file** for all TMT type classifications.
**Diagram styling & rendering rules** are in: [diagram-conventions.md](./diagram-conventions.md)
**This file covers:** What to look for in code, how to classify it, and how to name it.
---
## 1. Element Types
**NOTE:** TMT IDs (e.g., `SE.P.TMCore.OSProcess`) are for classification reference only. **Do NOT use TMT IDs as Mermaid node IDs.** Use concise, readable PascalCase IDs (e.g., `WebServer`, `SqlDatabase`).
### 1.1 Process Types
| TMT ID | Name | Code Patterns to Identify |
|--------|------|---------------------------|
| `SE.P.TMCore.OSProcess` | OS Process | Native executables, system processes, spawned processes |
| `SE.P.TMCore.Thread` | Thread | Thread pools, `Task`, `pthread`, worker threads |
| `SE.P.TMCore.WinApp` | Native Application | Win32 apps, C/C++ executables, desktop apps |
| `SE.P.TMCore.NetApp` | Managed Application | .NET apps, C# services, F# programs |
| `SE.P.TMCore.ThickClient` | Thick Client | Desktop GUI apps, WPF, WinForms, Electron |
| `SE.P.TMCore.BrowserClient` | Browser Client | SPAs, JavaScript apps, WebAssembly |
| `SE.P.TMCore.WebServer` | Web Server | IIS, Apache, Nginx, Express, Kestrel |
| `SE.P.TMCore.WebApp` | Web Application | ASP.NET, Django, Rails, Spring MVC |
| `SE.P.TMCore.WebSvc` | Web Service | REST APIs, SOAP, GraphQL endpoints |
| `SE.P.TMCore.VM` | Virtual Machine | VMs, containers, Docker |
| `SE.P.TMCore.Win32Service` | Win32 Service | Windows services, `ServiceBase` |
| `SE.P.TMCore.KernelThread` | Kernel Thread | Kernel modules, drivers, ring-0 code |
| `SE.P.TMCore.Modern` | Windows Store Process | UWP apps, Windows Store apps, sandboxed apps |
| `SE.P.TMCore.PlugIn` | Browser and ActiveX Plugins | Browser extensions, ActiveX, BHO plugins |
| `SE.P.TMCore.NonMS` | Applications Running on a non Microsoft OS | Linux apps, macOS apps, Unix processes |
### 1.2 External Interactor Types
| TMT ID | Name | Code Patterns to Identify |
|--------|------|---------------------------|
| `SE.EI.TMCore.Browser` | Browser | Browser clients, user agents, web UI consumers |
| `SE.EI.TMCore.AuthProvider` | Authorization Provider | OAuth servers, OIDC providers, IdP, SAML |
| `SE.EI.TMCore.WebSvc` | External Web Service | External APIs, vendor services, SaaS endpoints |
| `SE.EI.TMCore.User` | Human User | End users, operators, administrators |
| `SE.EI.TMCore.Megaservice` | Megaservice | Large cloud platforms (Azure, AWS, GCP services) |
| `SE.EI.TMCore.WebApp` | External Web Application | Third-party web apps, external portals |
| `SE.EI.TMCore.CRT` | Windows Runtime | WinRT APIs, Windows runtime components |
| `SE.EI.TMCore.NFX` | Windows .NET Runtime | .NET Framework, CLR, BCL |
| `SE.EI.TMCore.WinRT` | Windows RT Runtime | Windows RT platform, ARM Windows apps |
### 1.3 Data Store Types
| TMT ID | Name | Code Patterns to Identify |
|--------|------|---------------------------|
| `SE.DS.TMCore.CloudStorage` | Cloud Storage | Azure Blob, S3, GCS |
| `SE.DS.TMCore.SQL` | SQL Database | PostgreSQL, MySQL, SQL Server, SQLite |
| `SE.DS.TMCore.NoSQL` | Non-Relational DB | MongoDB, CosmosDB, Redis, Cassandra |
| `SE.DS.TMCore.FS` | File System | Local files, NFS, shared drives |
| `SE.DS.TMCore.Cache` | Cache | Redis, Memcached, in-memory caches |
| `SE.DS.TMCore.ConfigFile` | Configuration File | `.env`, `appsettings.json`, YAML configs |
| `SE.DS.TMCore.Cookie` | Cookies | HTTP cookies, session cookies |
| `SE.DS.TMCore.Registry` | Registry Hive | Windows Registry, system configuration stores |
| `SE.DS.TMCore.HTML5LS` | HTML5 Local Storage | `localStorage`, `sessionStorage`, IndexedDB |
| `SE.DS.TMCore.Device` | Device | Hardware devices, USB, peripheral storage |
### 1.4 Data Flow Types
| TMT ID | Name | Code Patterns to Identify |
|--------|------|---------------------------|
| `SE.DF.TMCore.HTTP` | HTTP | `fetch()`, `axios`, `HttpClient`, REST without TLS |
| `SE.DF.TMCore.HTTPS` | HTTPS | TLS-secured REST, `https://` endpoints |
| `SE.DF.TMCore.Binary` | Binary | gRPC, Protobuf, raw binary protocols |
| `SE.DF.TMCore.NamedPipe` | Named Pipe | IPC via named pipes |
| `SE.DF.TMCore.SMB` | SMB | SMB/CIFS file shares |
| `SE.DF.TMCore.UDP` | UDP | UDP sockets, datagram protocols |
| `SE.DF.TMCore.SSH` | SSH | SSH tunnels, SFTP, SCP |
| `SE.DF.TMCore.LDAP` | LDAP | LDAP queries, AD lookups |
| `SE.DF.TMCore.LDAPS` | LDAPS | Secure LDAP over TLS |
| `SE.DF.TMCore.IPsec` | IPsec | VPN tunnels, IPsec-secured connections |
| `SE.DF.TMCore.RPC` | RPC or DCOM | COM+, DCOM, RPC calls, WCF net.tcp |
| `SE.DF.TMCore.ALPC` | ALPC | Advanced Local Procedure Call, Windows IPC |
| `SE.DF.TMCore.IOCTL` | IOCTL Interface | Device I/O control, driver communication |
### 1.5 Trust Boundary Types
**Line Boundaries:**
| TMT ID | Name | Code Indicators |
|--------|------|-----------------|
| `SE.TB.L.TMCore.Internet` | Internet Boundary | Public endpoints, API gateways |
| `SE.TB.L.TMCore.Machine` | Machine Boundary | Process boundaries, VM separation |
| `SE.TB.L.TMCore.Kernel` | Kernel/User Mode | Drivers, ring 0/3 transitions |
| `SE.TB.L.TMCore.AppContainer` | AppContainer | UWP sandboxes, app containers |
**Border Boundaries:**
| TMT ID | Name | Code Indicators |
|--------|------|-----------------|
| `SE.TB.B.TMCore.CorpNet` | CorpNet | Corporate network, VPN perimeter |
| `SE.TB.B.TMCore.Sandbox` | Sandbox | Sandboxed execution environments |
| `SE.TB.B.TMCore.IEB` | Internet Explorer Boundaries | IE zones, IE security settings |
| `SE.TB.B.TMCore.NonIEB` | Other Browsers Boundaries | Chrome, Firefox, Edge security contexts |
---
## 2. Trust Boundary Detection
Create a trust boundary (`subgraph`) when code crosses:
| Boundary Type | Code Indicators |
|---------------|-----------------|
| **Internet/Public** | Public endpoints, API gateways, load balancers |
| **Machine** | Process boundaries, host separation |
| **Kernel/User Mode** | Kernel calls, drivers, syscalls |
| **AppContainer** | UWP sandboxes, containerized apps |
| **CorpNet** | Corporate network perimeter, VPN |
| **Sandbox** | Sandboxed execution environments |
---
## 3. Data Flow Detection
Look for these patterns to identify flows:
| Flow Type | Code Patterns |
|-----------|---------------|
| **HTTP/HTTPS** | `fetch()`, `axios`, `HttpClient`, REST calls |
| **SQL Database** | ORM queries, SQL connections, `DbContext` |
| **Message Queue** | Pub/sub, queue send/receive, Dapr pub/sub |
| **File I/O** | File read/write, blob upload/download |
| **gRPC** | Protobuf calls, gRPC streams |
| **Named Pipe** | IPC via named pipes |
| **SSH** | SSH tunnels, SFTP, SCP transfers |
| **LDAP/LDAPS** | Directory queries, AD lookups |
---
## 4. Code Analysis Checklist
When analyzing code, systematically identify:
1. **Entry Points** → External Interactors + inbound flows
- API controllers, event handlers, webhook endpoints
2. **Services/Logic** → Processes
- Business logic classes, service layers, workers
3. **Data Access** → Data Stores + flows
- Repository classes, DB contexts, cache clients
4. **External Calls** → External Interactors + outbound flows
- HTTP clients, SDK integrations, third-party APIs
5. **Security Boundaries** → Trust Boundaries
- Auth middleware, network segments, deployment units
6. **Kubernetes Pod Composition** → Sidecar co-location
- Look for Helm charts, K8s manifests, deployment YAMLs
- Common sidecars: Dapr, MISE, Envoy, Istio proxy, Linkerd, log collectors
- **Apply rules from `diagram-conventions.md` Rule 1** — annotate host nodes, never create standalone sidecar nodes
---
## 5. Naming Conventions
See [diagram-conventions.md](./diagram-conventions.md) Naming Conventions section for the full table with quoting rules.
---
## 6. Output Files
Generate **TWO files** for maximum flexibility:
### File 1: Pure Mermaid (`.mmd`)
- Raw Mermaid code only, no markdown wrapper
- Used for: CLI tools, editors, CI/CD, direct rendering
### File 2: Markdown (`.md`)
- Mermaid in ` ```mermaid ` code fence
- Include element, flow, and boundary summary tables
- Used for: GitHub, VS Code, documentation
### Format Comparison
| Format | Extension | Contents | Best For |
|--------|-----------|----------|----------|
| Pure Mermaid | `.mmd` | Raw diagram code | CLI, editors, tools |
| Markdown | `.md` | Diagram + tables | GitHub, docs, viewing |
Reference in New Issue View Git Blame Copy Permalink