Threatmodel block

Each threatcl hcl file has to include one more unique threatmodel blocks.

threatmodel attributes

Attribute	Type	Description
NAME	label `string`	Specifies the name of the threat model
author	`string`	Specifies the author of the threat model
description	`string`	Describes the threat model
link	`string`	An href to other documentation
diagram_link	`string`	An href to a diagram. (see diagram_link)
created_at	`integer`	Creation UNIX timestamp
updated_at	`integer`	Updated UNIX timestamp
attributes	`block`	See attributes
additional_attributes	`block`	See additional_attributes
usecase	`block`	See usecase
exclusion	`block`	See exclusion
third_party_dependency	`block`	See third_party_dependency
information_asset	`block`	See information_asset
threat	`block`	See threat
including	`string`	See including
imports	array [`string`]	See imports

diagram_link

If it ends in .jpg or .png then it will be embedded in the resultant dashboard. If this isn’t set, but there is a data flow diagram, this will be automatically generated and included when running threatcl dashboard

attributes

The attributes block is optional, but recommended. It includes the following attributes.

Attribute	Type	Description
new_initiative	`boolean`	Whether this is a new project
internet_facing	`boolean`	Whether this system is exposed to the Internet
initiative_size	`string`	`Undefined`, `Small`, `Medium`, `Large`

additional_attributes

Your threatmodel may include multiple additional_attributes blocks, with unique labels. It includes the following attributes.

Attribute	Type	Required	Description
NAME	label `string`		The name of the attribute
value	`string`		The value of the attribute

usecase

Your threatmodel may include multiple usecase blocks. These don’t have labels or identifiers. It includes the following attribute.

Attribute	Type	Required	Description
description	`string`		A description of the system’s use case

exclusion

Your threatmodel may include multiple exclusion blocks. These don’t have labels or identifiers. It includes the following attribute.

Attribute	Type	Required	Description
description	`string`		Define of out-of-scope exclusions of the threatmodel

third_party_dependency

Your threatmodel may include multiple third_party_dependency blocks, with unique labels. It includes the following attributes.

Attribute	Type	Description
NAME	label `string`	The name of the 3rd party dep
description	`string`	A description of the 3rd party dep
uptime_dependency	`string`	`none`, `degraded`, `hard`, `operational`
saas	`boolean`	Is this a SaaS dep?
paying_customer	`boolean`	Are we paying for it?
open_source	`boolean`	Is this OSS?
infrastructure	`boolean`	Is this Infra?
uptime_notes	`string`	Notes about what happens if unavailable

information_asset

Your threatmodel may include multiple information_asset blocks, with unique labels. It includes the following attributes.

Attribute	Type	Description
NAME	label `string`	The name of the asset
description	`string`	Describe the asset
information_classification	`string`	`Public`, `Confidential`, `Restricted`
source	`string`	Where was block sourced from i.e. terraform

threat

Your threatmodel may include multiple threat blocks. These don’t have labels or identifiers. It includes the following attributes.

Attribute	Type	Description
description	`string`	Describe the threat
impacts	array [`string`]	`Confidentiality`, `Integrity`, `Availability`
stride	array [`string`]	`Spoofing`, `Tampering`, `Repudiation`, `Info Disclosure`, `Denial of Service`, `Elevation of Privilege`
information_asset_refs	array [`string`]	Refer to `information_asset` blocks by their label
expanded_control	`block`	See expanded_control

expanded_control

Your threat blocks may include multiple expanded_control blocks, with unique labels. It includes the following attributes.

Attribute	Type	Description
NAME	label `string`	The name of the control
description	`string`	Describe the control
implemented	`boolean`	Is it implemented?
implementation_notes	`string`	Describe the implementation
risk_reducation	`integer`	How much this control reduces risk
attribute	`block`	See attribute

attribute

Your expanded_control blocks may include multiple attribute blocks, with unique labels. It includes the following attribute.

Attribute	Type	Required	Description
NAME	label `string`		The name of the attribute
value	`string`		The value of the attribute

data_flow_diagram_v2

Your threatmodel may include multiple data_flow_diagram_v2 blocks, with unique labels. It includes the following attributes.

Unlike other blocks, when you define a process, data_store, or external_element they must have a globally unique label, for that particular dfd. For example, you can’t have a process and data_store called “foo”.

Attribute	Type	Description
NAME	label `string`	dfd name
process	`block`	See process
data_store	`block`	See data_store
external_element	`block`	See external_element
trust_zone	`block`	See trust_zone
flow	`block`	See flow

process

Your data_flow_diagram_v2 block may include multiple process blocks, with unique labels. It includes the following attributes.

Attribute	Type	Required	Description
NAME	label `string`		process name
trust_zone	`string`		defines a trust boundary / zone

data_store

Your data_flow_diagram_v2 block may include multiple data_store blocks, with unique labels. It includes the following attributes.

Attribute	Type	Description
NAME	label `string`	data store name
trust_zone	`string`	defines a trust boundary / zone
information_asset	`string`	refers back to a previous `information_asset` block ref

external_element

Your data_flow_diagram_v2 block may include multiple external_element blocks, with unique labels. It includes the following attributes.

Attribute	Type	Required	Description
NAME	label `string`		external element name
trust_zone	`string`		defines a trust boundary / zone

trust_zone

Your data_flow_diagram_v2 block may include multiple trust_zone blocks, with unique labels. It includes the following attributes.

Attribute	Type	Description
NAME	label `string`	trust zone name
process	`block`	see process
data_store	`block`	see data_store
external_element	`block`	see external_element

flow

Your data_flow_diagram_v2 block may include multiple flow blocks. A flow must have a label, but it doesn’t have to be unique. But, the from and to attributes must be unique. It includes the following attributes.

Attribute	Type	Description
NAME	label `string`	flow title
from	`string`	refer to a `process`, `external_element` or `data_store`
to	`string`	refer to a `process`, `external_element` or `data_store`

including

Each threatmodel may optionally include an including attribute string that refers to a single other threatcl hcl file.

In this file must be a single, valid threatmodel block.

This included threatmodel will form the base of this new threatmodel. Any duplicate fields in the parent threat model will overwrite those from the included.

See External HCL Files for more information on how to refer to external files.

imports

Each threatmodel may optionally include an imports attribute with an array of string values that refer to other hcl files.

These files are used to centrally define various attributes that you can then refer to in your threatmodel. Currently we only support the definition of “controls”.

An example import file may look like:

component "control" "control_name" {
  description = "A control that can be used in multiple places"
}

To use these imports, you reference to the string value like this:

threatmodel "tm" {
  author = "@xntrik"
  description = "A threat model"

  imports = ["controls.hcl"]

  threat {
    description = "Something bad"

    expanded_control "control" {
      description = import.control.control_name.description
    }
  }
}

Technically you can use these import values similar to Variables

See External HCL Files for more information on how to refer to external files.