Rename --bin-dir to --plugin-dir. Update documentation

CONTRIBUTING.md

@@ -24,6 +24,47 @@ Before running the project please install
 
 Main program is [threagile](./cmd/threagile/main.go).
 
+### Development with Visual Studio Code
+
+To run the code with VS Code add launch.json with this content and simply use ```Run -> Start Debugging```/```Run -> Start Without Debugging```:
+
+```
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+          "name": "Launch Threagile",
+          "type": "go",
+          "request": "launch",
+          "mode": "debug",
+          "program": "${workspaceFolder}/cmd/threagile",
+          "args": [
+            "help",
+            "--ignore-orphaned-risk-tracking",
+            "--model",
+            "./threagile.yaml",
+            "--app-dir",
+            "directory_with_support_files",
+            "--temp-dir",
+            "./",
+            "-v"
+          ]
+        }
+    ]
+}
+```
+
+```directory_with_support_files``` is a directory where support files are located:
+
+app/
+├─ [background.pdf](./report/template/background.pdf)
+├─ [LICENSE.txt](./LICENSE.txt)
+├─ [live-templates.txt](./support/live-templates.txt)
+├─ [openapi.yaml](./support/openapi.yaml)
+├─ [schema.json](./support/schema.json)
+├─ [threagile-example-model.yaml](./demo/example/threagile.yaml)
+├─ [threagile-stub-model.yaml](./demo/stub/threagile.yaml)
+
 ## Contribution
 
 To contribute the code simply make changes and create pull request. There is no strict rules about pull requests format like [this](https://www.pullrequest.com/blog/writing-a-great-pull-request-description/) however please take into consideration:

README.md

@@ -3,39 +3,66 @@
 [![Threagile Community Chat](https://badges.gitter.im/Threagile/community.svg)](https://gitter.im/Threagile/community)
 
 #### Agile Threat Modeling Toolkit
-Threagile (see [https://threagile.io](https://threagile.io) for more details) is an open-source toolkit for 
-agile threat modeling: 
+Threagile (see [https://threagile.io](https://threagile.io) for more details) is an open-source toolkit for
+agile threat modeling:
 
-It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. 
-Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present) 
+It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE.
+Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present)
 are checked against the architecture model.
 
 
 #### Execution via Docker Container
-The easiest way to execute Threagile on the commandline is via its Docker container: 
-
-    docker run --rm -it threagile/threagile
-
-
-      _____ _                          _ _      
-     |_   _| |__  _ __ ___  __ _  __ _(_) | ___ 
-       | | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
-       | | | | | | | |  __/ (_| | (_| | | |  __/
-       |_| |_| |_|_|  \___|\__,_|\__, |_|_|\___|
-                                 |___/        
+The easiest way to execute Threagile on the commandline is via its Docker container:
+
+    docker run --rm -it threagile/threagile help
+
+      _____ _                          _ _
+    |_   _| |__  _ __ ___  __ _  __ _(_) | ___
+      | | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
+      | | | | | | | |  __/ (_| | (_| | | |  __/
+      |_| |_| |_|_|  \___|\__,_|\__, |_|_|\___|
+                                |___/
     Threagile - Agile Threat Modeling
-
-
+
     Documentation: https://threagile.io
-    Docker Images: https://hub.docker.com/r/threagile
+    Docker Images: https://hub.docker.com/r/threagile/threagile
     Sourcecode: https://github.com/threagile
-    License: Open-Source (MIT License)    
-
+    License: Open-Source (MIT License)Version: 1.0.0 ()
+
+    Examples:
+
+    If you want to create an example model (via docker) as a starting point to learn about Threagile just run:
+    docker run --rm -it -v "$(pwd)":app/work threagile/threagile create-example-model -output app/work
+
+    If you want to create a minimal stub model (via docker) as a starting point for your own model just run:
+    docker run --rm -it -v "$(pwd)":app/work threagile/threagile create-stub-model -output app/work
+
+    If you want to execute Threagile on a model yaml file (via docker):
+    docker run --rm -it -v "$(pwd)":app/work threagile/threagile analyze-model -verbose -model -output app/work
+
+    If you want to execute Threagile in interactive mode (via docker):
+    docker run --rm -it -v "$(pwd)":app/work threagile/threagile -i -verbose -model -output app/work
+
+    If you want to run Threagile as a server (REST API) on some port (here 8080):
+    docker run --rm -it --shm-size=256m  -p 8080:8080 --name --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile server --server-port 8080
+
+    If you want to find out about the different enum values usable in the model yaml file:
+    docker run --rm -it threagile/threagile list-types
+
+    If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE:  docker run --rm -it -v "$(pwd)":app/work threagile/threagile create-editing-support -output app/work
+
+    If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly):
+    docker run --rm -it threagile/threagile list-model-macros
+
+    If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline):
+    docker run --rm -it -v "$(pwd)":app/work threagile/threagile -model app/work/threagile.yaml -output app/work execute-model-macro add-build-pipeline
+
     Usage:
       threagile [flags]
       threagile [command]
 
     Available Commands:
+      analyze-model            Analyze model
       create-editing-support   Create editing support
       create-example-model     Create example threagile model
       create-stub-model        Create stub threagile model
@@ -48,12 +75,13 @@ The easiest way to execute Threagile on the commandline is via its Docker contai
       list-risk-rules          Print available risk rules
       list-types               Print type information (enum values to be used in models)
       print-license            Print license information
+      quit                     quit client
       server                   Run server
 
     Flags:
           --app-dir string                    app folder (default "/app")
           --background string                 background pdf file (default "background.pdf")
-          --bin-dir string                    binary folder location (default "/app")
+          --config string                     config file
           --custom-risk-rules-plugin string   comma-separated list of plugins file names with custom risk rules to load
           --diagram-dpi int                   DPI used to render: maximum is 300
           --generate-data-asset-diagram       generate data asset diagram (default true)
@@ -66,36 +94,18 @@ The easiest way to execute Threagile on the commandline is via its Docker contai
           --generate-technical-assets-json    generate technical assets json (default true)
       -h, --help                              help for threagile
           --ignore-orphaned-risk-tracking     ignore orphaned risk tracking (just log them) not matching a concrete risk
+      -i, --interactive                       interactive mode
           --model string                      input model yaml file (default "threagile.yaml")
           --output string                     output directory (default ".")
+          --plugin-dir string                 plugin folder location (default "/app")
           --raa-run string                    RAA calculation run file name (default "raa_calc")
           --skip-risk-rules string            comma-separated list of risk rules (by their ID) to skip
           --temp-dir string                   temporary folder location (default "/dev/shm")
       -v, --verbose                           verbose output
-
-
-    Examples:
-
-    If you want to create an example model (via docker) as a starting point to learn about Threagile just run: 
-     docker run --rm -it -v "$(pwd)":/app/work threagile/threagile create-example-model -output /app/work
-
-    If you want to create a minimal stub model (via docker) as a starting point for your own model just run: 
-     docker run --rm -it -v "$(pwd)":/app/work threagile/threagile create-stub-model -output /app/work
-
-    If you want to execute Threagile on a model yaml file (via docker): 
-     docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -verbose -model /app/work/threagile.yaml -output /app/work
-
-    If you want to run Threagile as a server (REST API) on some port (here 8080): 
-     docker run --rm -it --shm-size=256m -p 8080:8080 --name threagile-server --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile server --server-port 8080
-
-    If you want to find out about the different enum values usable in the model yaml file: 
-     docker run --rm -it threagile/threagile list-types
-
-    If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE: 
-     docker run --rm -it -v "$(pwd)":/app/work threagile/threagile create-editing-support -output /app/work
-
-    If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly): 
-     docker run --rm -it threagile/threagile list-model-macros
-
-    If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline): 
-     docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -model /app/work/threagile.yaml -output /app/work execute-model-macro add-build-pipeline
+          --version                           version for threagile
+
+    Additional help topics:
+      threagile print-3rd-party-licenses Print 3rd-party license information
+      threagile version                  Get version information
+
+    Use "threagile [command] --help" for more information about a command.

internal/threagile/flags.go

@@ -13,10 +13,10 @@ const (
 	verboseFlagName      = "verbose"
 	verboseFlagShorthand = "v"
 
-	appDirFlagName  = "app-dir"
-	binDirFlagName  = "bin-dir"
-	outputFlagName  = "output"
-	tempDirFlagName = "temp-dir"
+	appDirFlagName    = "app-dir"
+	pluginDirFlagName = "plugin-dir"
+	outputFlagName    = "output"
+	tempDirFlagName   = "temp-dir"
 
 	serverDirFlagName  = "server-dir"
 	serverPortFlagName = "server-port"
@@ -45,7 +45,7 @@ type Flags struct {
 	verboseFlag     bool
 	interactiveFlag bool
 	appDirFlag      string
-	binDirFlag      string
+	pluginDirFlag   string
 	outputDirFlag   string
 	tempDirFlag     string
 	inputFileFlag   string

internal/threagile/root.go

@@ -57,7 +57,7 @@ func (what *Threagile) initRoot() *Threagile {
 	defaultConfig := new(common.Config).Defaults(what.buildTimestamp)
 
 	what.rootCmd.PersistentFlags().StringVar(&what.flags.appDirFlag, appDirFlagName, defaultConfig.AppFolder, "app folder")
-	what.rootCmd.PersistentFlags().StringVar(&what.flags.binDirFlag, binDirFlagName, defaultConfig.BinFolder, "binary folder location")
+	what.rootCmd.PersistentFlags().StringVar(&what.flags.pluginDirFlag, pluginDirFlagName, defaultConfig.PluginFolder, "plugin folder location")
 	what.rootCmd.PersistentFlags().StringVar(&what.flags.outputDirFlag, outputFlagName, defaultConfig.OutputFolder, "output directory")
 	what.rootCmd.PersistentFlags().StringVar(&what.flags.tempDirFlag, tempDirFlagName, defaultConfig.TempFolder, "temporary folder location")
 
@@ -233,8 +233,8 @@ func (what *Threagile) readConfig(cmd *cobra.Command, buildTimestamp string) *co
 	if isFlagOverridden(flags, appDirFlagName) {
 		cfg.AppFolder = cfg.CleanPath(what.flags.appDirFlag)
 	}
-	if isFlagOverridden(flags, binDirFlagName) {
-		cfg.BinFolder = cfg.CleanPath(what.flags.binDirFlag)
+	if isFlagOverridden(flags, pluginDirFlagName) {
+		cfg.PluginFolder = cfg.CleanPath(what.flags.pluginDirFlag)
 	}
 	if isFlagOverridden(flags, outputFlagName) {
 		cfg.OutputFolder = cfg.CleanPath(what.flags.outputDirFlag)

pkg/common/config.go

@@ -15,7 +15,7 @@ type Config struct {
 	Interactive    bool
 
 	AppFolder    string
-	BinFolder    string
+	PluginFolder string
 	DataFolder   string
 	OutputFolder string
 	ServerFolder string
@@ -60,7 +60,7 @@ func (c *Config) Defaults(buildTimestamp string) *Config {
 		Verbose:        false,
 
 		AppFolder:    AppDir,
-		BinFolder:    BinDir,
+		PluginFolder: PluginDir,
 		DataFolder:   DataDir,
 		OutputFolder: OutputDir,
 		ServerFolder: ServerDir,
@@ -158,8 +158,8 @@ func (c *Config) Load(configFilename string) error {
 		return appDirError
 	}
 
-	c.BinFolder = c.CleanPath(c.BinFolder)
-	binDirError := c.checkDir(c.BinFolder, "bin")
+	c.PluginFolder = c.CleanPath(c.PluginFolder)
+	binDirError := c.checkDir(c.PluginFolder, "plugin")
 	if binDirError != nil {
 		return binDirError
 	}
@@ -199,8 +199,8 @@ func (c *Config) Merge(config Config, values map[string]any) {
 		case strings.ToLower("AppFolder"):
 			c.AppFolder = config.AppFolder
 
-		case strings.ToLower("BinFolder"):
-			c.BinFolder = config.BinFolder
+		case strings.ToLower("PluginFolder"):
+			c.PluginFolder = config.PluginFolder
 
 		case strings.ToLower("DataFolder"):
 			c.DataFolder = config.DataFolder

pkg/common/consts.go

@@ -3,7 +3,7 @@ package common
 const (
 	TempDir   = "/dev/shm" // TODO: make configurable via cmdline arg?
 	AppDir    = "/app"
-	BinDir    = "/app"
+	PluginDir = "/app"
 	DataDir   = "/data"
 	OutputDir = "."
 	ServerDir = "/server"

pkg/docs/constants.go

@@ -21,7 +21,9 @@ const (
 		"If you want to create a minimal stub model (via docker) as a starting point for your own model just run: \n" +
 		" docker run --rm -it -v \"$(pwd)\":app/work threagile/threagile " + common.CreateStubModelCommand + " -output app/work \n\n" +
 		"If you want to execute Threagile on a model yaml file (via docker):  \n" +
-		" docker run --rm -it -v \"$(pwd)\":app/work threagile/threagile -verbose -model -output app/work \n\n" +
+		" docker run --rm -it -v \"$(pwd)\":app/work threagile/threagile analyze-model -verbose -model -output app/work \n\n" +
+		"If you want to execute Threagile in interactive mode (via docker):  \n" +
+		" docker run --rm -it -v \"$(pwd)\":app/work threagile/threagile -i -verbose -model -output app/work \n\n" +
 		"If you want to run Threagile as a server (REST API) on some port (here 8080):  \n" +
 		" docker run --rm -it --shm-size=256m  -p 8080:8080 --name --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile server --server-port 8080 \n\n" +
 		"If you want to find out about the different enum values usable in the model yaml file: \n" +

pkg/model/read.go

@@ -47,7 +47,7 @@ func ReadAndAnalyzeModel(config common.Config, progressReporter progressReporter
 		return nil, fmt.Errorf("unable to parse model yaml: %v", parseError)
 	}
 
-	introTextRAA := applyRAA(parsedModel, config.BinFolder, config.RAAPlugin, progressReporter)
+	introTextRAA := applyRAA(parsedModel, config.PluginFolder, config.RAAPlugin, progressReporter)
 
 	applyRiskGeneration(parsedModel, customRiskRules, builtinRiskRules,
 		config.SkipRiskRules, progressReporter)

pkg/report/generate.go

@@ -68,7 +68,7 @@ func Generate(config *common.Config, readResult *model.ReadResult, commands *Gen
 		}
 
 		err = GenerateDataFlowDiagramGraphvizImage(dotFile, config.OutputFolder,
-			config.TempFolder, config.BinFolder, config.DataFlowDiagramFilenamePNG, progressReporter)
+			config.TempFolder, config.DataFlowDiagramFilenamePNG, progressReporter)
 		if err != nil {
 			progressReporter.Warn(err)
 		}
@@ -89,7 +89,7 @@ func Generate(config *common.Config, readResult *model.ReadResult, commands *Gen
 			return fmt.Errorf("error while generating data asset diagram: %s", err)
 		}
 		err = GenerateDataAssetDiagramGraphvizImage(dotFile, config.OutputFolder,
-			config.TempFolder, config.BinFolder, config.DataAssetDiagramFilenamePNG, progressReporter)
+			config.TempFolder, config.DataAssetDiagramFilenamePNG, progressReporter)
 		if err != nil {
 			progressReporter.Warn(err)
 		}

pkg/report/graphviz.go

@@ -395,7 +395,7 @@ func determineArrowColor(cl types.CommunicationLink, parsedModel *types.ParsedMo
 }
 
 func GenerateDataFlowDiagramGraphvizImage(dotFile *os.File, targetDir string,
-	tempFolder, binFolder, dataFlowDiagramFilenamePNG string, progressReporter progressReporter) error {
+	tempFolder, dataFlowDiagramFilenamePNG string, progressReporter progressReporter) error {
 	progressReporter.Info("Rendering data flow diagram input")
 	// tmp files
 	tmpFileDOT, err := os.CreateTemp(tempFolder, "diagram-*-.gv")
@@ -830,7 +830,7 @@ func determineTechnicalAssetLabelColor(ta types.TechnicalAsset, model *types.Par
 }
 
 func GenerateDataAssetDiagramGraphvizImage(dotFile *os.File, targetDir string,
-	tempFolder, binFolder, dataAssetDiagramFilenamePNG string, progressReporter progressReporter) error { // TODO dedupe with other render...() method here
+	tempFolder, dataAssetDiagramFilenamePNG string, progressReporter progressReporter) error { // TODO dedupe with other render...() method here
 	progressReporter.Info("Rendering data asset diagram input")
 	// tmp files
 	tmpFileDOT, err := os.CreateTemp(tempFolder, "diagram-*-.gv")