Conversation
New asset types (asset_types_community.yaml, config.js): - ip-camera, ptz-camera, thermal-camera — IP cameras with MITRE tactics (collection, lateral-movement, credential-access) - nvr — Network Video Recorder - vms — Video Management System - rtsp-server — RTSP streaming relay server - iot-gateway, smart-lock, smart-meter — generic IoT devices New SVG icons (static/resources/icons/): - ip-camera.svg, ptz-camera.svg, thermal-camera.svg, nvr.svg, vms.svg, rtsp-server.svg, iot-gateway.svg, smart-lock.svg, smart-meter.svg - viewBox centered in 1024×1024 space to match visual density of existing icons Graphical editor fixes (NodeManager.js): - Icon lookup: normalize type with /[_-]/g (fixes IP-CAMERA → ipcamera) - Icon block vertically centered inside node shape - iconSize capped at 22px Graphviz SVG fix (diagram_generator.py): - 3-variant key lookup (raw, underscore, stripped) for new types IP Camera Surveillance template (threatModel_Template/IP_Camera_Surveillance/): - model.md + context/camera_context.yaml + 8 BOM files (cameras, NVR, VMS, RTSP relay, mobile app) Config restructure: - config/ (root): user-editable only (ai_config.yaml, context.yaml, user_context.example.json) - threat_analysis/config/: package data files (asset_types_community.yaml, protocols_community.yaml, scoring_config.yaml, prompts.yaml) — paths fixed in asset_technique_mapper.py and prompt_loader.py Docker: - Split deps/source into separate layers for build cache efficiency - LITELLM_LOG=ERROR to suppress AWS warnings
## SPARTA Framework
- Add `threat_analysis/external_data/sparta-attack.json` — STIX-like bundle of 26
SPARTA techniques covering all Thales PWNSAT demo TTPs: REC-0003/0005, RD-0003/0004,
IA-0001/0006, EX-0009/0012, PER-0002, LM-0002, IMP-0001–0005 and their sub-techniques.
Format mirrors enterprise-attack.json: kill_chain_phases[].kill_chain_name="sparta",
kill_chain_phases[].sparta_tactic_id="ST00xx", external_references[].source_name="sparta".
- Add `threat_analysis/external_data/stride_to_sparta.json` — STRIDE-to-SPARTA mapping
table (6 categories → SPARTA technique IDs), parallel to stride_to_capec.json.
- Add `threat_analysis/core/data_loader.py`: `load_sparta_techniques()` and
`load_stride_to_sparta()` — offline disk loaders with class-level caching.
## Space Asset Type Routing
- `threat_analysis/config/asset_types_community.yaml`: add 4 space asset types with
`category: space` — `leo-satellite`, `ground-station`, `ttc-link`, `onboard-computer`.
Each has platform tags, tactic lists, fuzzy match patterns, and icon URL.
- `threat_analysis/core/asset_technique_mapper.py`:
- Add `SPARTA_TACTIC_IDS` dict mapping phase slugs to ST00xx codes (ST0001–ST0011).
- Add `_raw_sparta_techniques` class-level cache and `_load_raw_sparta()` classmethod.
- Route assets with `category: space` to new `_get_sparta_techniques()` instead of
ATT&CK; attach `sparta_tactic_id` in the `tactics` list of each `ScoredTechnique`.
## SPARTA AFB Generation
- `threat_analysis/generation/attack_flow_builder.py`: rewrite `_make_action_node()` to
detect SPARTA technique IDs via regex `^[A-Z]{2,4}-\d{4}` and emit `["tactic", "ST00xx"]`
format; ATT&CK IDs keep `["tactic", "<phase-slug>"]` format. Mixed-framework scenarios
(SPARTA + ATT&CK in the same hop) are handled correctly.
## Space Icons
- Add 4 SVG icons: `leo-satellite.svg`, `ground-station.svg`, `ttc-link.svg`,
`onboard-computer.svg` — centered negative-origin viewBox (1024×1024 canvas) for
correct Konva rendering alongside existing icons.
- `threat_analysis/server/static/js/config.js`: register icon mappings for the 4 new
types (`leo_satellite`, `leosatellite`, `ground_station`, etc.).
## Satellite Ground Segment Template
- Add `threatModel_Template/Satellite_Ground_Segment/model.md` — full DSL model of the
Thales DEF CON 2023 PWNSAT attack surface: 5 boundaries, 4 actors, 9 servers, 15
dataflows, 10 protocol styles. Models 5 independent attack paths:
1. RF uplink replay (unauthenticated CCSDS → OBC → ADCS/Payload)
2. Passive downlink eavesdropping (rogue TLM receiver, no interaction with ground station)
3. GNSS spoofing (false GPS signal → GPS-Receiver → ADCS orbit manipulation)
5. AIT supply chain (EGSE JTAG → OBC firmware implant, pre-launch)
- Add `threatModel_Template/Satellite_Ground_Segment/context/satellite_context.yaml`
(300 lines) — GDAF context with 10 attack objectives and 4 threat actors in correct
GDAFEngine format (`attack_objectives`, `threat_actors`, `known_ttps`,
`capable_tactics`, `entry_preference`). Also includes STRIDE prompt enrichment fields:
`sector`, `threat_actor_profiles`, `business_goals_to_protect`, `data_sensitivity`,
`deployment_environment`, `integrations`, `user_base`.
- Add `threatModel_Template/Satellite_Ground_Segment/BOM/` — 9 asset BOM files:
`Ground-Station.yaml` (CVE-2021-41773, CVE-2022-22963), `OBC.yaml` (CVE-2019-12255/12260
URGENT/11, with caveat that these apply only if TCP/IP stack is exposed),
`TTC-Frontend.yaml`, `ADCS.yaml` (GPS attack path noted), `Mission-Payload.yaml`,
`Mission-Control-Server.yaml` (CVE-2021-34527 PrintNightmare), `GPS-Receiver.yaml`
(bare-metal GNSS, no CVE, no authentication on L1 C/A signal), `TLM-Receiver.yaml`
(CVE-2023-38408, passive-intercept surface), `EGSE.yaml` (CVE-2021-34527 + CVE-2022-30190
Follina, AIT JTAG access vector, pre-launch only).
## STRIDE Prompt — Space Domain Rules
- `threat_analysis/config/prompts.yaml`: add SPACE SYSTEMS DOMAIN RULES block to the
STRIDE analysis system prompt. Activates when Sector contains "Space" or component type
is `onboard-computer`/`leo-satellite`/`ttc-link`/`ground-station`. Forces the LLM to:
apply SPARTA tactic IDs, treat CCSDS-without-SDLS as directly exploitable, weight
persistence at Critical severity (no patch path post-launch), model RF interfaces as
passive-intercept surfaces, and flag MIL-STD-1553/SpaceWire as authentication-free buses.
## AFB Unit Tests (SPARTA)
- `tests/test_attack_flow_builder.py`: add `TestSpartaAfb` class with 14 tests:
- SPARTA regex classification (known IDs vs ATT&CK IDs)
- Correct ST00xx tactic format in action nodes
- ATT&CK phase-slug format preserved for non-SPARTA techniques
- Fallback to ST0000 when tactics list is empty
- Full PWNSAT 3-hop scenario (TTC → OBC → Payload): node count, schema, risk level,
all-ST-prefixed tactics, valid JSON output and summary
- Mixed SPARTA+ATT&CK techniques in the same AFB
- 54/54 tests pass, 0 regressions
## Bug Fix — Autosave Cross-Template Collision
- `threat_analysis/server/templates/simple_mode.html`:
- `restoreDraft()`: stop auto-applying stale drafts on file load. The editor now keeps
the loaded content; a banner offers explicit `[Restore]` / `[Discard]` buttons.
Rebuilds the banner with DOM methods (`createElement`, `textContent`) instead of
`innerHTML` — eliminates stored-XSS risk on component names.
- `loadProject()`: prefix each tab path with `dirHandle.name + '/'` so the localStorage
draft key is unique per project directory. Fixes silent replacement of one template's
content with another's draft when both files share the same name (e.g. `model.md`).
update version and remove french comment
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SPARTA Framework
Add
threat_analysis/external_data/sparta-attack.json— STIX-like bundle of 26SPARTA techniques covering all Thales PWNSAT demo TTPs: REC-0003/0005, RD-0003/0004,
IA-0001/0006, EX-0009/0012, PER-0002, LM-0002, IMP-0001–0005 and their sub-techniques.
Format mirrors enterprise-attack.json: kill_chain_phases[].kill_chain_name="sparta",
kill_chain_phases[].sparta_tactic_id="ST00xx", external_references[].source_name="sparta".
Add
threat_analysis/external_data/stride_to_sparta.json— STRIDE-to-SPARTA mappingtable (6 categories → SPARTA technique IDs), parallel to stride_to_capec.json.
Add
threat_analysis/core/data_loader.py:load_sparta_techniques()andload_stride_to_sparta()— offline disk loaders with class-level caching.Space Asset Type Routing
threat_analysis/config/asset_types_community.yaml: add 4 space asset types withcategory: space—leo-satellite,ground-station,ttc-link,onboard-computer.Each has platform tags, tactic lists, fuzzy match patterns, and icon URL.
threat_analysis/core/asset_technique_mapper.py:SPARTA_TACTIC_IDSdict mapping phase slugs to ST00xx codes (ST0001–ST0011)._raw_sparta_techniquesclass-level cache and_load_raw_sparta()classmethod.category: spaceto new_get_sparta_techniques()instead ofATT&CK; attach
sparta_tactic_idin thetacticslist of eachScoredTechnique.SPARTA AFB Generation
threat_analysis/generation/attack_flow_builder.py: rewrite_make_action_node()todetect SPARTA technique IDs via regex
^[A-Z]{2,4}-\d{4}and emit["tactic", "ST00xx"]format; ATT&CK IDs keep
["tactic", "<phase-slug>"]format. Mixed-framework scenarios(SPARTA + ATT&CK in the same hop) are handled correctly.
Space Icons
leo-satellite.svg,ground-station.svg,ttc-link.svg,onboard-computer.svg— centered negative-origin viewBox (1024×1024 canvas) forcorrect Konva rendering alongside existing icons.
threat_analysis/server/static/js/config.js: register icon mappings for the 4 newtypes (
leo_satellite,leosatellite,ground_station, etc.).Satellite Ground Segment Template
Add
threatModel_Template/Satellite_Ground_Segment/model.md— full DSL model of theThales DEF CON 2023 PWNSAT attack surface: 5 boundaries, 4 actors, 9 servers, 15
dataflows, 10 protocol styles. Models 5 independent attack paths:
Add
threatModel_Template/Satellite_Ground_Segment/context/satellite_context.yaml(300 lines) — GDAF context with 10 attack objectives and 4 threat actors in correct
GDAFEngine format (
attack_objectives,threat_actors,known_ttps,capable_tactics,entry_preference). Also includes STRIDE prompt enrichment fields:sector,threat_actor_profiles,business_goals_to_protect,data_sensitivity,deployment_environment,integrations,user_base.Add
threatModel_Template/Satellite_Ground_Segment/BOM/— 9 asset BOM files:Ground-Station.yaml(GHSA-29h7-gr57-5f8r, GHSA-6v73-fgf6-w5j7),OBC.yaml(https://github.com/advisories/GHSA-h297-57pm-6g4c/12260URGENT/11, with caveat that these apply only if TCP/IP stack is exposed),
TTC-Frontend.yaml,ADCS.yaml(GPS attack path noted),Mission-Payload.yaml,Mission-Control-Server.yaml(GHSA-75f9-mm5v-2rgm PrintNightmare),GPS-Receiver.yaml(bare-metal GNSS, no CVE, no authentication on L1 C/A signal),
TLM-Receiver.yaml(GHSA-px36-p9hv-7h2v, passive-intercept surface),
EGSE.yaml(GHSA-75f9-mm5v-2rgm + GHSA-4r9q-wqcj-x85jFollina, AIT JTAG access vector, pre-launch only).
STRIDE Prompt — Space Domain Rules
threat_analysis/config/prompts.yaml: add SPACE SYSTEMS DOMAIN RULES block to theSTRIDE analysis system prompt. Activates when Sector contains "Space" or component type
is
onboard-computer/leo-satellite/ttc-link/ground-station. Forces the LLM to:apply SPARTA tactic IDs, treat CCSDS-without-SDLS as directly exploitable, weight
persistence at Critical severity (no patch path post-launch), model RF interfaces as
passive-intercept surfaces, and flag MIL-STD-1553/SpaceWire as authentication-free buses.
AFB Unit Tests (SPARTA)
tests/test_attack_flow_builder.py: addTestSpartaAfbclass with 14 tests:all-ST-prefixed tactics, valid JSON output and summary
New asset types (asset_types_community.yaml, config.js):
New SVG icons (static/resources/icons/):
Graphical editor fixes (NodeManager.js):
Graphviz SVG fix (diagram_generator.py):
IP Camera Surveillance template (threatModel_Template/IP_Camera_Surveillance/):
Config restructure:
and prompt_loader.py