chore: bump spec dep and update threatcl cli to 0.2.1

threatcl · Mar 9, 2024 · e947f14 · e947f14
1 parent 6f9a24b
commit e947f14
Show file tree

Hide file tree

Showing 25 changed files with 157 additions and 82 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.2.1
+### Mar 9, 2024
+
+CHANGES:
+
+* Upgraded to threatcl/spec v0.1.9
+* This is a minor change and doesn't actually change the spec at all
+
 ## 0.2.0
 ### Mar 4, 2024
 

diff --git a/cmd/threatcl/testdata/tm1.hcl b/cmd/threatcl/testdata/tm1.hcl
@@ -1,4 +1,4 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
  threatmodel "tm1 one" {
    description = <<EOT

diff --git a/cmd/threatcl/testdata/tm1.json b/cmd/threatcl/testdata/tm1.json
@@ -1,5 +1,5 @@
 {
-  "spec_version": "0.2.0",
+  "spec_version": "0.1.9",
 
   "threatmodel": {
     "Tower of London": {

diff --git a/cmd/threatcl/testdata/tm2.hcl b/cmd/threatcl/testdata/tm2.hcl
@@ -1,4 +1,4 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
  threatmodel "tm2 one" {
    description = "This is some arbitrary text"

diff --git a/cmd/threatcl/testdata/tm3.hcl b/cmd/threatcl/testdata/tm3.hcl
@@ -1,4 +1,4 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
  threatmodel "tm2 one" {
    description = "This is some arbitrary text"

diff --git a/cmd/threatcl/testdata/tm4.hcl b/cmd/threatcl/testdata/tm4.hcl
@@ -1,2 +1,2 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
diff --git a/cmd/threatcl/testdata/tm5.hcl b/cmd/threatcl/testdata/tm5.hcl
@@ -1,4 +1,4 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
  threatmodel "tm2 one" {
    description = "This is some arbitrary text"

diff --git a/cmd/threatcl/util.go b/cmd/threatcl/util.go
@@ -45,7 +45,7 @@ threatmodel "threatmodel name" {
   //
   // There are some issues to select an individual file from a Git repo, as the
   // entire repo is downloaded by default. To use an individual file, you can
-  // github.com/xntrik/hcltm|examples/aws-security-checklist.hcl
+  // github.com/threatcl/threatcl|examples/aws-security-checklist.hcl
   // with the | being a separator between the git repo and the file to use
   // after cloning.
 

diff --git a/examples/MITRE_ATTACK_controls.hcl b/examples/MITRE_ATTACK_controls.hcl
@@ -1,6 +1,6 @@
 //controls listed for MITRE ATT&CK
 
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 component "control" "Account_Use_Policies" {
   description = "[M1036](https://attack.mitre.org/mitigations/M1036/) - Configure features related to account use like login attempt lockouts, specific login times, etc."

diff --git a/examples/aws-security-checklist.hcl b/examples/aws-security-checklist.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 // These are from https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pdf
 

diff --git a/examples/control-library/othercontrols.hcl b/examples/control-library/othercontrols.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 component "control" "control_name" {
   description = "SOMETHING HUGELY IMPORTANT HERE IN ANOTHER FOLDER"
 }

diff --git a/examples/including-example/corp-app-remote.hcl b/examples/including-example/corp-app-remote.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 threatmodel "Tower of London" {
   author = "@xntrik"

diff --git a/examples/including-example/corp-app.hcl b/examples/including-example/corp-app.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 threatmodel "Tower of London" {
 

diff --git a/examples/including-example/shared/tower.hcl b/examples/including-example/shared/tower.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 threatmodel "Tower of London" {
   description = "A historic castle"

diff --git a/examples/owasp-proactive-controls.hcl b/examples/owasp-proactive-controls.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 // These are from https://github.com/OWASP/www-project-proactive-controls/tree/7622bebed900a6a5d7b7b9b01fb3fe2b0e695545/v3/en
 

diff --git a/examples/tm1.hcl b/examples/tm1.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 threatmodel "Tower of London" {
   description = "A historic castle"

diff --git a/examples/tm1.json b/examples/tm1.json
@@ -1,5 +1,5 @@
 {
-  "spec_version": "0.2.0",
+  "spec_version": "0.1.9",
 
   "threatmodel": {
     "Tower of London": {

diff --git a/examples/tm2.hcl b/examples/tm2.hcl
@@ -1,4 +1,4 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
  threatmodel "Modelly model" {
    imports = ["control-library/othercontrols.hcl"]

diff --git a/examples/tm2.json b/examples/tm2.json
@@ -1,5 +1,5 @@
 {
-  "spec_version": "0.2.0",
+  "spec_version": "0.1.9",
 
  "threatmodel": {
    "Modelly model": {

diff --git a/examples/tm3.hcl b/examples/tm3.hcl
@@ -1,4 +1,4 @@
- spec_version = "0.2.0"
+ spec_version = "0.1.9"
 
  threatmodel "Modelly model" {
    imports = ["https://raw.githubusercontent.com/xntrik/hcltm/main/examples/aws-security-checklist.hcl", "https://raw.githubusercontent.com/xntrik/hcltm/main/examples/owasp-proactive-controls.hcl"]

diff --git a/examples/tm4.hcl b/examples/tm4.hcl
@@ -1,4 +1,4 @@
-spec_version = "0.2.0"
+spec_version = "0.1.9"
 
 threatmodel "Sumpidy" {
   author = "@xntrik"

diff --git a/go.mod b/go.mod
@@ -11,15 +11,16 @@ require (
 	github.com/mitchellh/cli v1.1.2
 	github.com/ryanuber/columnize v2.1.2+incompatible
 	github.com/threatcl/go-otm v0.0.2
-	github.com/threatcl/spec v0.1.8
+	github.com/threatcl/spec v0.1.9
 	github.com/zenizh/go-capturer v0.0.0-20211219060012-52ea6c8fed04
 )
 
 require (
-	cloud.google.com/go v0.104.0 // indirect
-	cloud.google.com/go/compute v1.10.0 // indirect
-	cloud.google.com/go/iam v0.5.0 // indirect
-	cloud.google.com/go/storage v1.27.0 // indirect
+	cloud.google.com/go v0.112.0 // indirect
+	cloud.google.com/go/compute v1.24.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v1.1.6 // indirect
+	cloud.google.com/go/storage v1.39.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
@@ -34,15 +35,19 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fogleman/gg v1.3.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/goccy/go-graphviz v0.1.2 // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.6.0 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.1 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -55,7 +60,6 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/klauspost/compress v1.15.11 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
-	github.com/marqeta/go-dfd v0.1.0 // indirect
 	github.com/mattn/go-colorable v0.1.11 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
@@ -73,27 +77,33 @@ require (
 	github.com/posener/complete v1.2.3 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
+	github.com/xntrik/go-dfd v0.1.3 // indirect
 	github.com/yuin/goldmark v1.4.13 // indirect
 	github.com/yuin/goldmark-emoji v1.0.1 // indirect
 	github.com/zclconf/go-cty v1.14.3 // indirect
-	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect
+	go.opentelemetry.io/otel v1.23.0 // indirect
+	go.opentelemetry.io/otel/metric v1.23.0 // indirect
+	go.opentelemetry.io/otel/trace v1.23.0 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/image v0.14.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
-	golang.org/x/oauth2 v0.1.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/oauth2 v0.17.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	gonum.org/v1/gonum v0.14.0 // indirect
-	google.golang.org/api v0.100.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect
-	google.golang.org/grpc v1.50.1 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	google.golang.org/api v0.166.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/grpc v1.61.1 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 )
-
-replace github.com/marqeta/go-dfd => github.com/xntrik/go-dfd v0.1.2