1.6.1

Released on 2022-11-03

Fixes

• Restore the location of the version.py file in StartLeft

1.6.0

Released on 2022-10-13

Fixes

• Fix Description tag field inside a Security Group Egress mapping (for Cloudformation and Terraform processors)

Terraform

• Create a threat model for the Terraform IriusRisk use case

Visio

• Implement bidirectional dataflows for Visio diagrams
• Add file size validation for Visio files in CLI option

MS Threat Modeling Tool (MTMT) MVP

MVP in progress

• MS Threat Modeling Tool (MTMT) empty parser
• MTMT mapping files

Code refactor

• Create unit tests for Startleft API and CLI modes
• Start the first refactor trying to clean up the code
• Refactor Visio parsing logic as a modularized processor
• Refactor Terraform parsing logic as a modularized processor
• Add OTM schema validation to the base otm_processor logic

Others

• Improve descriptiveness of some errorMessages
• Check Startleft outdated dependencies
• Change startleft entrypoint to the new cli.py ubication

1.5.1

Released on 2022-09-01

Fixed:

Startleft ID inconsistency: subnet generated with the same Id as its parent VPC

• Fixed elb.tf example deduplicating component names
• Fix broken reference to component

1.5.0

Released on 2022-09-01

Terraform

Process Terraform modules as IriusRisk components

• added basic mapping for TF modules (as OTM components)
• first test with 'rds' IriusRisk component type
• added test cases with example files
• added new custom jmespath function 'get_terraform_module'

Code refactor

Refactor startleft to segregate different conversion formats in packages and interfaces

• Added interfaces to be implemented for each provider format
• Fixed package name collision
• Renamed packages
• process method must not be abstract and must not be overridden

Cleanup existing Startleft tests and update Confluence page

• Remove deprecated BAT tests
• Move tests to the correct directory

Create tests missing for one IaC type

• Deleted duplicated test methods
• test modified for otm_project (from_iac_file_to_otm_stream method)

Create missing integration tests for Startleft API and CLI modes

Create integration tests for checking JMESpath functions

• Create tests covering all JMESPATH custom functions
• Fix the tail function not returning the last n characters of a string but removing the first n characters instead

Check startleft outdated dependencies

• jmespath 1.0.1
• jsonschema 4.7.2
• lxml 4.9.1
• requests 2.28.1
• click 8.1.3
• uvicorn 0.18.2
• vsdx 0.5.9

Other tasks

Fix FastApi - Swagger UI Startleft page

• Changed "diag_file" description tag and "http 201" description

1.4.1

Released on 2022-08-25

Fixed:

• Terraform alt_source parsing result in OTM schema validation error
• Wrong parent calculation for VPCEndpoint in CFT

1.4.0

Released on 2022-08-04

Terraform

Create a threat model from a Terraform file equivalent to another from Cloudformation

• Build Terraform mapping definitions using $altsource action: Adding altsource components to Terraform and aligning the number of components between Cloudformation and Terraform
• Build Terraform mapping definitions for security groups using $hub and $ip actions: Adding security groups and dataflows support to Terraform
• Created multinetwork_security_groups_with_lb terraform equivalent
• Fixed aws_ecs_service task_definition

Fix error when a terraform file has no resources at all

Visio

Implement boundary based trustzones processing in Visio

• Refactored Visio parser and factories to support different component representation calculations
• Boundray trustzones processed with no total precision yet
• Fixed previous problems with trustzone processing and parent calculation
• Support for unbounded Visio diagrams
• Refactored zone components representations
• Added some diagram to otm integration tests
• Added more diagram to otm tests
• Added simple_component_representer unit tests
• Fixed minor problem for corner cases in parent calculator

More components for Visio

• Add to visio default mapping file the AWS stencils that match AWS IriusRisk components

Error when processing diagram with incomplete connectors

Code refactor

Make the URL for the OTM standard in the wiki link to the OTM project README instead of the wiki

Fixes

Startleft control unexpected errors on building OTM steps don't return OTM_BUILDING_ERROR
Fix error importing NeoLoad visio file

Other tasks

Set version to all libraries defined in setup.py available in Startleft

Improve error processing in Startleft to avoid generic 500 errors

• Removed unnecessary exception handlers
• Default str method for enum and adding return statement

Integration tests for Startleft CLI

• Initial Bitbucket Pipelines configuration
• bitbucket-pipelines.yml edited online with Bitbucket
• Added deepdiff new lib to setup.py
• Revert added deepdiff Modified pipeline to install extras_require
• Modified pipeline to install extras_require
• Modified pipeline. Added deepdiff manually
• Create use cases for integration tests in Startleft CLI

Update startleft library lxml from 4.8.0 to 4.9.1

1.3.0

Added tag 1.3.0 for changeset 8599ed9c059c

1.2.0

[OPT-108] - Health endpoint included the Startleft service status

1.1.1

[OPT-198] - OTM endpoint fails to parse a Terraform file from Windows or Mac OS format because line separators (CRLF)

1.1.0

What's Changed

• [OPT-35] [User Story] Creating a new threat model from Terraform through an API endpoint
  ** [OPT-87] to OPT-35 Add Terraform support to Startleft
  ** [OPT-115] to OPT-35 Unify default terraform mapping file
• [OPT-62] TF default mapping definition: existing mapping types updated to those of Irius
• [OPT-89] Improve input file validation for IaC Startleft endpoints
• [OPT-99] Improve "representations" OTM block
• [OPT-83] TF default mapping definition: add more AWS components
• [OPT-111] TF default mapping definition: $singleton

Full Changelog: 1.0.0...1.1.0