Adds a data store (database, file, cache, queue).

Options

• :sensitivity

• :retention

• :label (String.t/0)

• :description (String.t/0)

• :boundary (String.t/0)

• :shape (atom/0)

• :fillcolor (String.t/0)

• :fontcolor (String.t/0)

• :style (String.t/0)

• :penwidth

• :image (String.t/0)

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = Choreo.ThreatModel.add_data_store(model, :db, label: "Postgres", sensitivity: :confidential)
iex> Choreo.ThreatModel.elements(model)
[:db]
iex> Map.get(model.graph.nodes, :db).element_type
:data_store
iex> Map.get(model.graph.nodes, :db).sensitivity
:confidential

Diagram

Adds an external entity (user, browser, third-party system).

Options

• :label (String.t/0)

• :description (String.t/0)

• :boundary (String.t/0)

• :shape (atom/0)

• :fillcolor (String.t/0)

• :fontcolor (String.t/0)

• :style (String.t/0)

• :penwidth

• :image (String.t/0)

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = Choreo.ThreatModel.add_external_entity(model, :user, label: "User")
iex> Choreo.ThreatModel.elements(model)
[:user]
iex> Map.get(model.graph.nodes, :user).element_type
:external_entity
iex> Map.get(model.graph.nodes, :user).label
"User"

Diagram

Adds a process (application, service, function).

Options

• :privilege

• :label (String.t/0)

• :description (String.t/0)

• :boundary (String.t/0)

• :shape (atom/0)

• :fillcolor (String.t/0)

• :fontcolor (String.t/0)

• :style (String.t/0)

• :penwidth

• :image (String.t/0)

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = Choreo.ThreatModel.add_process(model, :api, label: "API", privilege: :admin)
iex> Choreo.ThreatModel.elements(model)
[:api]
iex> Map.get(model.graph.nodes, :api).element_type
:process
iex> Map.get(model.graph.nodes, :api).privilege
:admin

Diagram

@spec add_trust_boundary(t(), String.t(), keyword()) :: t()

Defines a trust boundary (security zone).

Options

• :label (String.t/0)

• :level (integer/0)

• :style (String.t/0)

• :color (String.t/0)

• :fillcolor (String.t/0)

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = Choreo.ThreatModel.add_trust_boundary(model, "dmz", label: "DMZ", level: 1)
iex> model.clusters["cluster_dmz"].label
"DMZ"
iex> model.clusters["cluster_dmz"].level
1

@spec boundary_of(t(), Yog.node_id()) :: String.t() | nil

Returns the trust boundary name for an element, or nil.

The internal cluster_ prefix is stripped so the returned name matches the name originally passed to add_trust_boundary/3.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_trust_boundary("app")
...>   |> Choreo.ThreatModel.add_process(:api, boundary: "app")
iex> Choreo.ThreatModel.boundary_of(model, :api)
"app"

@spec crosses_boundary?(t(), Yog.node_id(), Yog.node_id()) :: boolean()

Checks whether a data flow crosses a trust boundary.

Returns false if either element has no assigned boundary, since a crossing requires both sides to be in defined security zones.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_trust_boundary("internet", level: 0)
...>   |> Choreo.ThreatModel.add_trust_boundary("app", level: 2)
...>   |> Choreo.ThreatModel.add_external_entity(:user, boundary: "internet")
...>   |> Choreo.ThreatModel.add_process(:api, boundary: "app")
...>   |> Choreo.ThreatModel.add_process(:worker, boundary: "app")
...>   |> Choreo.ThreatModel.data_flow(:user, :api)
...>   |> Choreo.ThreatModel.data_flow(:api, :worker)
iex> Choreo.ThreatModel.crosses_boundary?(model, :user, :api)
true
iex> Choreo.ThreatModel.crosses_boundary?(model, :api, :worker)
false

Diagram

Creates a data-flow edge between two elements.

Options

• :label (String.t/0)

• :protocol

• :encrypted (boolean/0) - The default value is false.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_external_entity(:user)
...>   |> Choreo.ThreatModel.add_process(:api)
...>   |> Choreo.ThreatModel.data_flow(:user, :api, label: "request")
iex> Choreo.ThreatModel.flows(model)
[{:user, :api, "request"}]
iex> [{_, _, _, meta}] = Choreo.ThreatModel.edges_with_meta(model)
iex> meta.label
"request"
iex> meta.encrypted
false

Diagram

@spec edges_with_meta(t()) :: [{Yog.node_id(), Yog.node_id(), any(), map()}]

Returns all edges with their metadata as {from, to, weight, meta} tuples.

@spec elements(t()) :: [Yog.node_id()]

Returns all element IDs in the model.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_external_entity(:user)
...>   |> Choreo.ThreatModel.add_process(:api)
iex> Enum.sort(Choreo.ThreatModel.elements(model))
[:api, :user]

@spec elements_of_type(t(), atom()) :: [Yog.node_id()]

Returns all elements of a given type.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_external_entity(:user)
...>   |> Choreo.ThreatModel.add_process(:api)
iex> Choreo.ThreatModel.elements_of_type(model, :external_entity)
[:user]
iex> Choreo.ThreatModel.elements_of_type(model, :process)
[:api]
iex> Choreo.ThreatModel.elements_of_type(model, :data_store)
[]

@spec flows(t()) :: [{Yog.node_id(), Yog.node_id(), any()}]

Returns all data flows as {from, to, label} tuples.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_external_entity(:user)
...>   |> Choreo.ThreatModel.add_process(:api)
...>   |> Choreo.ThreatModel.data_flow(:user, :api)
iex> Choreo.ThreatModel.flows(model)
[{:user, :api, ""}]

@spec new(keyword()) :: t()

Creates a new empty threat model.

Options

• :strict — if true, data_flow/4 raises when an endpoint does not already exist. Default false (auto-creates missing elements as :process).

Examples

iex> model = Choreo.ThreatModel.new()
iex> Choreo.ThreatModel.elements(model)
[]
iex> Choreo.ThreatModel.flows(model)
[]

@spec theme(
  atom(),
  keyword()
) :: Choreo.Theme.t()

Returns a theme for Choreo.ThreatModel.

Examples

iex> theme = Choreo.ThreatModel.theme(:default, graph_rankdir: :tb)
iex> theme.graph_rankdir
:tb

@spec to_dot(
  t(),
  keyword()
) :: String.t()

Renders the threat model to DOT format.

Options

• :theme — :default, :dark, or a Choreo.Theme struct

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_external_entity(:user, label: "User")
...>   |> Choreo.ThreatModel.add_process(:api, label: "API")
...>   |> Choreo.ThreatModel.data_flow(:user, :api, label: "HTTPS")
iex> dot = Choreo.ThreatModel.to_dot(model)
iex> String.contains?(dot, "digraph")
true
iex> String.contains?(dot, "User")
true
iex> String.contains?(dot, "API")
true

@spec to_graph(t()) :: Yog.graph()

Returns the raw Yog.Graph struct underpinning the model.

Examples

iex> model = Choreo.ThreatModel.new()
iex> graph = Choreo.ThreatModel.to_graph(model)
iex> graph.kind
:directed

@spec to_mermaid(
  t(),
  keyword()
) :: String.t()

Renders the threat model to Mermaid.js flowchart syntax.

Options

• :theme — :default, :dark, :warm, :forest, :ocean, or a Choreo.Theme struct
• :direction — :lr (default), :td, :rl, :bt

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_external_entity(:user, label: "User")
...>   |> Choreo.ThreatModel.add_process(:api, label: "API")
...>   |> Choreo.ThreatModel.data_flow(:user, :api, label: "HTTPS")
iex> mermaid = Choreo.ThreatModel.to_mermaid(model)
iex> String.contains?(mermaid, "graph LR")
true

@spec to_plantuml(
  t(),
  keyword()
) :: String.t()

Renders the data flows in a threat model to a PlantUML sequence diagram string.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = Choreo.ThreatModel.add_external_entity(model, :user, label: "Customer")
iex> model = Choreo.ThreatModel.add_process(model, :web_api, label: "Web API")
iex> model = Choreo.ThreatModel.data_flow(model, :user, :web_api, label: "HTTPS login")
iex> puml = Choreo.ThreatModel.to_plantuml(model)
iex> String.contains?(puml, "@startuml")
true
iex> String.contains?(puml, "user -> web_api")
true

@spec to_sequence(
  t(),
  keyword()
) :: String.t()

Renders the data flows in a threat model to a Mermaid sequence diagram string.

External entities render as actor, processes and data stores as participant. Unencrypted flows crossing trust boundaries use dashed arrows (-->) to visually flag insecure communication.

Options

No options are currently used, but the argument is reserved for future use.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = Choreo.ThreatModel.add_external_entity(model, :user, label: "Customer")
iex> model = Choreo.ThreatModel.add_process(model, :web_api, label: "Web API")
iex> model = Choreo.ThreatModel.data_flow(model, :user, :web_api, label: "HTTPS login")
iex> seq = Choreo.ThreatModel.to_sequence(model)
iex> String.contains?(seq, "sequenceDiagram")
true
iex> String.contains?(seq, "actor user")
true

@spec to_simple_graph(
  t(),
  keyword()
) :: Yog.Graph.t()

Collapses parallel edges into a simple Graph for algorithm analysis.

@spec trust_level(t(), Yog.node_id()) :: integer() | nil

Returns the numeric trust level of an element's boundary, or nil.

Examples

iex> model = Choreo.ThreatModel.new()
iex> model = model
...>   |> Choreo.ThreatModel.add_trust_boundary("dmz", level: 1)
...>   |> Choreo.ThreatModel.add_process(:api, boundary: "dmz")
iex> Choreo.ThreatModel.trust_level(model, :api)
1