Skip to content

feat: Complete STRIDE validation and Docker persistence improvements#38

Merged
drneox merged 1 commit intomainfrom
separate-stride-to-masvs
Sep 8, 2025
Merged

feat: Complete STRIDE validation and Docker persistence improvements#38
drneox merged 1 commit intomainfrom
separate-stride-to-masvs

Conversation

@drneox
Copy link
Copy Markdown
Owner

@drneox drneox commented Sep 6, 2025

✨ STRIDE Category Validation:

  • Add stride_validator.py with normalize_stride_category function
  • Implement STRIDE validation in API endpoints (manual + AI threats)
  • Add validation in CRUD operations for threat updates
  • Ensure data consistency across all threat creation/update paths

🐛 API Cleanup:

  • Remove duplicate imports in api.py
  • Fix indentation issues
  • Remove obsolete commented code
  • Organize imports by category (stdlib, third-party, local)

🗂️ File Management Improvements:

  • Implement UUID-based filenames for uploaded diagrams
  • Add file extension validation for security
  • Return both base64 and saved filename from save_image()
  • Prevent filename collisions and security issues

🐳 Docker Persistence:

  • Add diagrams_data volume for persistent diagram storage
  • Configure nginx to serve diagrams directly from volume
  • Fix diagram loss on container restart/rebuild
  • Remove obsolete docker-compose version attribute

🎨 Frontend Enhancements:

  • Implement compact STRIDE dropdown (shows first letter only)
  • Add ResidualRiskSelector pattern for better UX
  • Maintain consistent STRIDE categories between frontend/backend

🛡️ Security & Consistency:

  • All STRIDE categories normalized to standard format
  • Case-insensitive validation with fallback to 'Spoofing'
  • File type validation prevents malicious uploads
  • Centralized validation logic in stride_validator module

@drneox
feat: Complete STRIDE validation and Docker persistence improvements
e76cd86 
✨ STRIDE Category Validation:
- Add stride_validator.py with normalize_stride_category function
- Implement STRIDE validation in API endpoints (manual + AI threats)
- Add validation in CRUD operations for threat updates
- Ensure data consistency across all threat creation/update paths

🐛 API Cleanup:
- Remove duplicate imports in api.py
- Fix indentation issues
- Remove obsolete commented code
- Organize imports by category (stdlib, third-party, local)

🗂️ File Management Improvements:
- Implement UUID-based filenames for uploaded diagrams
- Add file extension validation for security
- Return both base64 and saved filename from save_image()
- Prevent filename collisions and security issues

🐳 Docker Persistence:
- Add diagrams_data volume for persistent diagram storage
- Configure nginx to serve diagrams directly from volume
- Fix diagram loss on container restart/rebuild
- Remove obsolete docker-compose version attribute

🎨 Frontend Enhancements:
- Implement compact STRIDE dropdown (shows first letter only)
- Add ResidualRiskSelector pattern for better UX
- Maintain consistent STRIDE categories between frontend/backend

🛡️ Security & Consistency:
- All STRIDE categories normalized to standard format
- Case-insensitive validation with fallback to 'Spoofing'
- File type validation prevents malicious uploads
- Centralized validation logic in stride_validator module
@drneox drneox merged commit e76cd86 into main Sep 8, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@drneox