Protocols can now be defined in yaml files

Dockerfile

@@ -36,6 +36,7 @@ FROM scratch AS files
 
 COPY --from=build --chown=1000:1000 \
     /app/threagile \
+    /app/components \
     /app/raa.so \
     /app/dummy.so \
     /app/demo-rule.so \

Dockerfile.local

@@ -53,6 +53,7 @@ RUN rm -rf /var/cache/apk/*
 WORKDIR /app
 
 COPY --from=build /app/threagile /app/threagile
+COPY --from=build /app/components /app/components
 COPY --from=build /app/raa.so /app/raa.so
 COPY --from=build /app/dummy.so /app/dummy.so
 COPY --from=build /app/demo-rule.so /app/demo-rule.so

components/imap-encrypted.yaml

@@ -0,0 +1,7 @@
+name: imap-encrypted
+description: IMAP mail sync protocol, encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/binary-encrypted.yaml

@@ -0,0 +1,7 @@
+name: binary-encrypted
+description: Some other binary protocol, encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: true
+isPotentialWebAccessProtocol: false

components/protocols/binary.yaml

@@ -0,0 +1,7 @@
+name: binary
+description: Some other binary protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: true
+isPotentialWebAccessProtocol: false

components/protocols/container-spawning.yaml

@@ -0,0 +1,7 @@
+name: container-spawning
+description: Spawn a container
+isProcessLocal: true
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ftp.yaml

@@ -0,0 +1,7 @@
+name: ftp
+description: File Transfer Protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ftps.yaml

@@ -0,0 +1,7 @@
+name: ftps
+description: File Transfer Protocol with TLS
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/http.yaml

@@ -0,0 +1,7 @@
+name: http
+description: HTTP protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: true
+isPotentialWebAccessProtocol: true

components/protocols/https.yaml

@@ -0,0 +1,7 @@
+name: https
+description: HTTPS protocol (encrypted)
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: true
+isPotentialWebAccessProtocol: true

components/protocols/iiop-encrypted.yaml

@@ -0,0 +1,7 @@
+name: iiop-encrypted
+description: Internet Inter-ORB Protocol, encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/iiop.yaml

@@ -0,0 +1,7 @@
+name: iiop
+description: Internet Inter-ORB Protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/imap.yaml

@@ -0,0 +1,7 @@
+name: imap
+description: IMAP mail sync protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/in-process-library-call.yaml

@@ -0,0 +1,7 @@
+name: in-process-library-call
+description: Call to local library
+isProcessLocal: true
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/jdbc-encrypted.yaml

@@ -0,0 +1,7 @@
+name: jdbc-encrypted
+description: Java Database Connectivity but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/jdbc.yaml

@@ -0,0 +1,7 @@
+name: jdbc
+description: Java Database Connectivity
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/jms.yaml

@@ -0,0 +1,7 @@
+name: jms
+description: Jakarta Messaging
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/jrmp-encrypted.yaml

@@ -0,0 +1,7 @@
+name: jrmp-encrypted
+description: Java Remote Method Protocol, encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/jrmp.yaml

@@ -0,0 +1,7 @@
+name: jrmp
+description: Java Remote Method Protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ldap.yaml

@@ -0,0 +1,7 @@
+name: ldap
+description: Lightweight Directory Access Protocol - User directories
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ldaps.yaml

@@ -0,0 +1,7 @@
+name: ldaps
+description: Lightweight Directory Access Protocol - User directories on TLS
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/local-file-access.yaml

@@ -0,0 +1,7 @@
+name: local-file-access
+description: Data files are on the local system
+isProcessLocal: true
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/mqtt.yaml

@@ -0,0 +1,7 @@
+name: mqtt
+description: MQTT Message protocol. Encryption via TLS is optional
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/nfs.yaml

@@ -0,0 +1,7 @@
+name: nfs
+description: Network File System
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/nosql-access-protocol-encrypted.yaml

@@ -0,0 +1,7 @@
+name: nosql-access-protocol-encrypted
+description: NOSQL access protocol but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/nosql-access-protocol.yaml

@@ -0,0 +1,7 @@
+name: nosql-access-protocol
+description: NOSQL access protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/nrpe.yaml

@@ -0,0 +1,7 @@
+name: nrpe
+description: Nagios Remote Plugin Executor
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/odbc-encrypted.yaml

@@ -0,0 +1,7 @@
+name: odbc-encrypted
+description: Open Database Connectivity but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/odbc.yaml

@@ -0,0 +1,7 @@
+name: odbc
+description: Open Database Connectivity
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/pop3-encrypted.yaml

@@ -0,0 +1,7 @@
+name: pop3-encrypted
+description: POP 3 mail fetching, encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/pop3.yaml

@@ -0,0 +1,7 @@
+name: pop3
+description: POP 3 mail fetching
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/reverse-proxy-web-protocol-encrypted.yaml

@@ -0,0 +1,7 @@
+name: reverse-proxy-web-protocol-encrypted
+description: Protocols used by reverse proxies but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: true

components/protocols/reverse-proxy-web-protocol.yaml

@@ -0,0 +1,7 @@
+name: reverse-proxy-web-protocol
+description: Protocols used by reverse proxies
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: true

components/protocols/scp.yaml

@@ -0,0 +1,7 @@
+name: scp
+description: Secure Shell to copy files
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/sftp.yaml

@@ -0,0 +1,7 @@
+name: sftp
+description: FTP on SSH
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/smb-encrypted.yaml

@@ -0,0 +1,7 @@
+name: smb-encrypted
+description: Server Message Block, but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/smb.yaml

@@ -0,0 +1,7 @@
+name: smb
+description: Server Message Block
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/smtp-encrypted.yaml

@@ -0,0 +1,7 @@
+name: smtp-encrypted
+description: Mail transfer protocol (sending), encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/smtp.yaml

@@ -0,0 +1,7 @@
+name: smtp
+description: Mail transfer protocol (sending)
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/sql-access-protocol-encrypted.yaml

@@ -0,0 +1,7 @@
+name: sql-access-protocol-encrypted
+description: SQL access protocol but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/sql-access-protocol.yaml

@@ -0,0 +1,7 @@
+name: sql-access-protocol
+description: SQL access protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: true
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ssh-tunnel.yaml

@@ -0,0 +1,7 @@
+name: ssh-tunnel
+description: Secure Shell as a tunnel
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ssh.yaml

@@ -0,0 +1,7 @@
+name: ssh
+description: Secure Shell to execute commands
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/text-encrypted.yaml

@@ -0,0 +1,7 @@
+name: text-encrypted
+description: Some other text protocol, encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/text.yaml

@@ -0,0 +1,7 @@
+name: text
+description: Some other text protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false

components/protocols/ws.yaml

@@ -0,0 +1,7 @@
+name: ws
+description: WebSocket
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: true

components/protocols/wss.yaml

@@ -0,0 +1,7 @@
+name: wss
+description: WebSocket but encrypted
+isProcessLocal: false
+isEncrypted: true
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: true

components/protocols/xmpp.yaml

@@ -0,0 +1,7 @@
+name: xmpp
+description: Extensible Messaging and Presence Protocol
+isProcessLocal: false
+isEncrypted: false
+isPotentialDatabaseAccessProtocol: false
+IsLaxDatabaseProtocol: false
+isPotentialWebAccessProtocol: false