Merge branch 'master' into master

Author: AndreaBissoli

README.md

@@ -83,12 +83,11 @@ Here’s an outline of our upcoming features and enhancements for **PILLAR**:
 If you use **PILLAR** in your research or project, please cite our [paper](https://arxiv.org/abs/2410.08755) as follows:
 
 ```bash
-@article{pillar,
-title={PILLAR: an AI-Powered Privacy Threat Modeling Tool},
-author={Mollaeefar, Majid, Bissoli, Andrea and Ranise, Silvio},
-journal={arXiv preprint arXiv:2410.08755},
-url={https://arxiv.org/abs/2410.08755},
-year={2024}
+@inproceedings{pillar,
+title={PILLAR: LINDDUN Privacy Threat Modeling using LLMs},
+author={Mollaeefar, Majid, Bissoli, Andrea, Van Landuyt, Dimitri and Ranise, Silvio},
+journal={International Workshop on Privacy Engineering (IWPE25)},
+year={2025}
 }
 ```
 

llms/linddun_pro.py

@@ -45,7 +45,7 @@ def linddun_pro_gen_markdown(threats):
     for threat in threats:
         color = match_number_color(match_category_number(threat["category"]))
         color_html = f"<p style='background-color:{color};color:#ffffff;'>"
-        markdown_output += f"| {color_html}{threat['category']}</p> | {threat["source_id"].strip()} <br> {threat['source']} | {threat["data_flow_id"].strip()} <br> {threat['data_flow']} | {threat["destination_id"].strip()} <br> {threat['destination']} |\n"
+        markdown_output += f"| {color_html}{threat['category']}</p> | {threat['source_id'].strip()} <br> {threat['source']} | {threat['data_flow_id'].strip()} <br> {threat['data_flow']} | {threat['destination_id'].strip()} <br> {threat['destination']} |\n"
     return markdown_output
 
 def mapping_table(edge, category):

llms/prompts.py

@@ -85,32 +85,36 @@
 """,
 ]
 def LINDDUN_GO_PREVIOUS_ANALYSIS_PROMPT(previous_analysis):
-	return f"""
+    return f"""
 I will provide you the detailed opinions and reasoning steps from your team,
 which has already analyzed the threat based on the questions. Use these
 reasonings as additional advice critically, note that they may be wrong. Do not
-copy other’s entire answer, modify the part you believe is wrong if you think
+copy other's entire answer, modify the part you believe is wrong if you think
 it is necessary, otherwise elaborate on it and why you think it is correct.
 This is the previous analysis from your team:
-'''
-{f"The Domain Expert thinks the threat is {"" if previous_analysis[0]["reply"] else "not "} present because {previous_analysis[0]["reason"]}." if previous_analysis[0] else ""}
-{f"The System Architect thinks the threat is {"" if previous_analysis[1]["reply"] else "not "} present because {previous_analysis[1]["reason"]}." if previous_analysis[1] else ""}
-{f"The Software Developer thinks the threat is {"" if previous_analysis[2]["reply"] else "not "} present because {previous_analysis[2]["reason"]}." if previous_analysis[2] else ""}
-{f"The Data Protection Officer thinks the threat is {"" if previous_analysis[3]["reply"] else "not "} present because {previous_analysis[3]["reason"]}." if previous_analysis[3] else ""}
-{f"The Legal Expert thinks the threat is {"" if previous_analysis[4]["reply"] else "not "} present because {previous_analysis[4]["reason"]}." if previous_analysis[4] else ""}
-{f"The Chief Information Security Officer thinks the threat is {"" if previous_analysis[5]["reply"] else "not "} present because {previous_analysis[5]["reason"]}." if previous_analysis[5] else ""}
-'''
-	"""
+
+{f"The Domain Expert thinks the threat is {'present' if previous_analysis[0]['reply'] else 'not present'} because {previous_analysis[0]['reason']}." if previous_analysis[0] else ""}
+
+{f"The System Architect thinks the threat is {'present' if previous_analysis[1]['reply'] else 'not present'} because {previous_analysis[1]['reason']}." if previous_analysis[1] else ""}
+
+{f"The Software Developer thinks the threat is {'present' if previous_analysis[2]['reply'] else 'not present'} because {previous_analysis[2]['reason']}." if previous_analysis[2] else ""}
+
+{f"The Data Protection Officer thinks the threat is {'present' if previous_analysis[3]['reply'] else 'not present'} because {previous_analysis[3]['reason']}." if previous_analysis[3] else ""}
+
+{f"The Legal Expert thinks the threat is {'present' if previous_analysis[4]['reply'] else 'not present'} because {previous_analysis[4]['reason']}." if previous_analysis[4] else ""}
+
+{f"The Chief Information Security Officer thinks the threat is {'present' if previous_analysis[5]['reply'] else 'not present'} because {previous_analysis[5]['reason']}." if previous_analysis[5] else ""}
+"""
 
 def LINDDUN_GO_USER_PROMPT(inputs, question, title, description):
 	if not inputs["dfd_only"]:
 
 		prompt =  f"""
-'''
+
 APPLICATION TYPE: {inputs["app_type"]}
 TYPES OF DATA: {inputs["types_of_data"]}
 APPLICATION DESCRIPTION: {inputs["app_description"]}
-{f"""
+{f'''
 The user has also provided a Data Flow Diagram to describe the application.
 The DFD is described as a list of edges, connecting the "from" node to the
 "to" node. "typefrom" and "typeto" describe the type of the node, which can be
@@ -123,7 +127,8 @@ def LINDDUN_GO_USER_PROMPT(inputs, question, title, description):
 And this is the dictionary containing the trust boundaries:
 each boundary has "id", "name", "description", and "color" keys.
 {inputs["boundaries"]}
-""" if inputs["use_dfd"] else ""}
+''' if inputs["use_dfd"] else ""}
+
 DATABASE_SCHEMA: {inputs["database"]}
 DATA POLICY: {inputs["data_policy"]}
 USER DATA CONTROL: {inputs["user_data_control"]}
@@ -366,7 +371,7 @@ def THREAT_MODEL_USER_PROMPT(
 APPLICATION TYPE: {inputs["app_type"]}
 TYPES OF DATA: {inputs["types_of_data"]}
 APPLICATION DESCRIPTION: {inputs["app_description"]}
-{f"""
+{f'''
 The user has also provided a Data Flow Diagram to describe the application.
 The DFD is described as a list of edges, connecting the "from" node to the
 "to" node. "typefrom" and "typeto" describe the type of the node, which can be
@@ -379,7 +384,9 @@ def THREAT_MODEL_USER_PROMPT(
 And this is the dictionary containing the trust boundaries:
 each boundary has "id", "name", "description", and "color" keys.
 {inputs["boundaries"]}
-""" if inputs["use_dfd"] else ""}
+
+''' if inputs["use_dfd"] else ""}
+
 DATABASE SCHEMA: {inputs["database"]}
 DATA POLICY: {inputs["data_policy"]}
 USER DATA CONTROL: {inputs["user_data_control"]}

llms/risk_assessment.py

@@ -52,7 +52,7 @@ def linddun_pro_gen_individual_markdown(threat):
 
     color = match_number_color(match_category_number(threat["category"]))
     color_html = f"<p style='background-color:{color};color:#ffffff;'>"
-    markdown_output += f"| {color_html}{threat['category']}</p> | {threat["description"]} |\n"
+    markdown_output += f"| {color_html}{threat['category']}</p> | {threat['description']} |\n"
     return markdown_output
 
 def measures_gen_markdown(measures):
@@ -73,7 +73,7 @@ def measures_gen_markdown(measures):
     markdown_output += "|--------|-------|-----|\n"
 
     for measure in measures:
-        markdown_output += f"| [{measure['title']}](https://privacypatterns.org/patterns/{measure["filename"]}) | {measure['explanation']} | {measure['implementation']} |\n"
+        markdown_output += f"| [{measure['title']}](https://privacypatterns.org/patterns/{measure['filename']}) | {measure['explanation']} | {measure['implementation']} |\n"
     return markdown_output
 
 

main.py

@@ -111,7 +111,7 @@ def init_session_state():
         ]
         st.session_state["input"]["graph"] = graphviz.Digraph()
         st.session_state["input"]["graph"].attr(
-            bgcolor=f"{st.get_option("theme.backgroundColor")}",
+            bgcolor=f"{st.get_option('theme.backgroundColor')}",
         )
     if "backup_database" not in st.session_state:
         # "backup_database" is a list of dictionaries that stores the backup of the database information, to be able to restore it if needed

misc/utils.py

@@ -1,11 +1,11 @@
 # Copyright 2024 Fondazione Bruno Kessler
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #   https://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -14,10 +14,10 @@
 def match_color(threat_type):
     """
     This function matches the letter of a LINDDUN category to a hex color value, based on the LINDDUN color scheme.
-    
+
     Args:
         threat_type (str): The LINDDUN category, in the form of the first letter: "L", "I", "Nr", "D ", "Dd", "U" or "Nc".
-    
+
     Returns:
         str: The color associated with the category, as a hex value.
     """
@@ -45,7 +45,7 @@ def match_letter(threat_type_number):
 
     Args:
         threat_type_number (int): The LINDDUN category, in the form of a number from 1 to 7.
-    
+
     Returns:
         str: The letter associated with the category, in the form of "L", "I", "Nr", "D ", "Dd", "U" or "Nc".
     """
@@ -64,26 +64,28 @@ def match_letter(threat_type_number):
     elif threat_type_number == 7:
         return "Nc"
 
+
 def match_number_color(threat_type_number):
     """
     This function matches the number of a LINDDUN category to the specific color, based on the LINDDUN color scheme.
 
     Args:
         threat_type_number (int): The LINDDUN category, in the form of a number from 1 to 7.
-    
+
     Returns:
         str: The color associated with the category, as a hex value.
     """
     letter = match_letter(threat_type_number)
     return match_color(letter)
 
+
 def match_category_number(category):
     """
     This function matches the LINDDUN category to the specific number.
 
     Args:
         category (str): The LINDDUN category, in the form of "Linking", "Identifying", etc.
-    
+
     Returns:
         int: The number associated with the category, in the form of a number from 1 to 7.
     """
@@ -102,13 +104,14 @@ def match_category_number(category):
     elif category == "Non-compliance":
         return 7
 
+
 def match_number_category(threat_type_number):
     """
     This function matches the number of a LINDDUN category to the specific category.
 
     Args:
         threat_type_number (int): The LINDDUN category, in the form of a number from 1 to 7.
-    
+
     Returns:
         str: The category associated with the number, in the form of "Linking", "Identifying", etc.
     """
@@ -128,7 +131,6 @@ def match_number_category(threat_type_number):
         return "Non-compliance"
 
 
-
 def format_correct(state):
     """
     This function formats the schema in the correct format for the data
@@ -137,7 +139,7 @@ def format_correct(state):
     columns of the data editor. Thus, it transforms the DFD from a list of
     dictionaries to a dictionary of lists, or essentially from a row-based
     to a column-based format.
-    
+
     Args:
         state (list): The DFD in the format of a list of dictionaries, with
             each dictionary representing a row of the data editor. Each dictionary
@@ -147,9 +149,9 @@ def format_correct(state):
             keys as the elements in the list of dictionaries, where each list
             represents a column of the data editor.
     """
-    
+
     # Extract keys directly from the first dictionary in the state list
     keys = state[0].keys()
-    
+
     # Use dictionary comprehension and zip to transpose the list of dictionaries
-    return {key: [d[key] for d in state] for key in keys}
+    return {key: [d[key] for d in state] for key in keys}

tabs/linddun_pro.py

@@ -86,7 +86,7 @@ def linddun_pro():
 
     # Display the threats for the selected edge
     if st.session_state["linddun_pro_threats"][st.session_state["edge_num"]]:
-        st.markdown(f"### Threats found for DF{st.session_state["edge_num"]}")
+        st.markdown(f"### Threats found for DF{st.session_state['edge_num']}")
         markdown = linddun_pro_gen_markdown(st.session_state["linddun_pro_threats"][st.session_state["edge_num"]])
         st.markdown(markdown, unsafe_allow_html=True)
         st.session_state["linddun_pro_output"] = markdown

tabs/report.py

@@ -154,12 +154,12 @@ def generate_report():
                 if object["trusted"]:
                     c.node(object["to"])
         for (i, object) in enumerate(st.session_state["input"]["dfd"]):
-            graph.node(object["from"], shape=f"{"box" if object["typefrom"] == "Entity" else "ellipse" if object["typefrom"] == "Process" else "cylinder"}")
-            graph.node(object["to"], shape=f"{"box" if object["typeto"] == "Entity" else "ellipse" if object["typeto"] == "Process" else "cylinder"}")
+            graph.node(object["from"], shape=f"{'box' if object['typefrom'] == 'Entity' else 'ellipse' if object['typefrom'] == 'Process' else 'cylinder'}")
+            graph.node(object["to"], shape=f"{{'box' if object['typeto'] == 'Entity' else 'ellipse' if object['typeto'] == 'Process' else 'cylinder'}}")
             graph.edge(object["from"], object["to"], taillabel=f"DF{i}", constraint="false")
 
         # Add the graph to the report as an SVG image
-        text += f"![Data Flow Diagram](data:image/svg+xml,{urllib.parse.quote(graph.pipe(encoding="utf-8"))})\n"
+        text += f"![Data Flow Diagram](data:image/svg+xml,{urllib.parse.quote(graph.pipe(encoding='utf-8'))})\n"
 
     # Add the threats found with the selected methodology to the report
     if st.session_state["threat_source"] == "threat_model":
@@ -180,7 +180,7 @@ def generate_report():
     colgroup_html = "<colgroup>" + "".join([f"<col style='width: {width}%;'>" for width in column_widths]) + "</colgroup>"
     html = html.replace("<table>", f"<table table-layout='fixed'>{colgroup_html}", 1)
     html = html.replace(f"<td><strong>{description_message}</strong></td>\n<td>{st.session_state['high_level_description']}</td>\n<td></td>\n<td></td>", 
-                        f"<td><strong>{description_message}</strong></td>\n<td colspan='3'>{st.session_state["high_level_description"]}</td>\n", 1)
+                        f"<td><strong>{description_message}</strong></td>\n<td colspan='3'>{st.session_state['high_level_description']}</td>\n", 1)
 
 
     # Add the CSS styles to the HTML
@@ -236,16 +236,16 @@ def from_threat_model(text):
     text += "## Threats found with the simple threat model\n"
     for (i, threat) in enumerate(st.session_state["to_assess"]):
         if st.session_state["to_report"][i]:
-            text += f"## Threat {i+1}: {threat["title"]}\n\n"
+            text += f"## Threat {i+1}: {threat['title']}\n\n"
             color = match_color(threat["threat_type"])
             color_html = f"<span style='background-color:{color};color:#ffffff;'>"
             text += f"**Category**: {color_html}{threat['threat_type']}</span>\n\n"
             text += f"**Reason for detection**: {threat['Reason']}\n\n"
             text += f"**Scenario**: {threat['Scenario']}\n\n"
             if st.session_state["assessments"][i]["impact"]:
-                text += f"**Impact assessment**: {st.session_state["assessments"][i]["impact"]}\n\n"
+                text += f"**Impact assessment**: {st.session_state['assessments'][i]['impact']}\n\n"
             if st.session_state["control_measures"][i]:
-                text += f"**Suggested control measures**: \n\n{measures_gen_markdown(st.session_state["control_measures"][i])}\n\n"
+                text += f"**Suggested control measures**: \n\n{measures_gen_markdown(st.session_state['control_measures'][i])}\n\n"
 
     return text
 
@@ -256,16 +256,16 @@ def from_linddun_go(text):
     text += "## Threats found with the LINDDUN Go methodology\n"
     for (i, threat) in enumerate(st.session_state["to_assess"]):
         if st.session_state["to_report"][i]:
-            text += f"## Threat {i+1}: {threat["threat_title"]}\n\n"
+            text += f"## Threat {i+1}: {threat['threat_title']}\n\n"
             color = match_number_color(threat["threat_type"])
             color_html = f"<span style='background-color:{color};color:#ffffff;'>"
-            text += f"**Category**: {color_html}{match_letter(threat["threat_type"])} - {match_number_category(threat["threat_type"])}</span>\n\n"
+            text += f"**Category**: {color_html}{match_letter(threat['threat_type'])} - {match_number_category(threat['threat_type'])}</span>\n\n"
             text += f"**Threat description**: {threat['threat_description']}\n\n"
             text += f"**Reason for detection**: {threat['reason']}\n\n"
             if st.session_state["assessments"][i]["impact"]:
-                text += f"**Impact assessment**: {st.session_state["assessments"][i]["impact"]}\n\n"
+                text += f"**Impact assessment**: {st.session_state['assessments'][i]['impact']}\n\n"
             if st.session_state["control_measures"][i]:
-                text += f"**Suggested control measures**: \n\n{measures_gen_markdown(st.session_state["control_measures"][i])}\n\n"
+                text += f"**Suggested control measures**: \n\n{measures_gen_markdown(st.session_state['control_measures'][i])}\n\n"
 
     return text
 
@@ -276,23 +276,23 @@ def from_linddun_pro(text):
     text += "## Threats found with the LINDDUN Pro methodology\n"
     for (i, threat) in enumerate(st.session_state["to_assess"]):
         if st.session_state["to_report"][i]:
-            text += f"## Threat {i+1}: {threat["threat_title"]}\n\n"
+            text += f"## Threat {i+1}: {threat['threat_title']}\n\n"
             color = match_number_color(match_category_number(threat["category"]))
             color_html = f"<span style='background-color:{color};color:#ffffff;'>"
-            text += f"**Category**: {color_html}{match_letter(match_category_number(threat["category"]))} - {threat["category"]}</span>\n\n"
+            text += f"**Category**: {color_html}{match_letter(match_category_number(threat['category']))} - {threat['category']}</span>\n\n"
             text += f"**DFD edge**:         "
             # Underline the source, data flow, or destination node in the edge, depending on the threat location
             if threat["threat_location"] == "source":
-                text += f"<u>{threat['edge']['from']}</u>, DF{threat["data_flow_number"]}, {threat['edge']['to']}\n\n"
+                text += f"<u>{threat['edge']['from']}</u>, DF{threat['data_flow_number']}, {threat['edge']['to']}\n\n"
             elif threat["threat_location"] == "data_flow":
-                text += f"{threat['edge']['from']}, <u>DF{threat["data_flow_number"]}</u>, {threat['edge']['to']}\n\n"
+                text += f"{threat['edge']['from']}, <u>DF{threat['data_flow_number']}</u>, {threat['edge']['to']}\n\n"
             elif threat["threat_location"] == "destination":
-                text += f"{threat['edge']['from']}, DF{threat["data_flow_number"]}, <u>{threat['edge']['to']}</u>\n\n"
+                text += f"{threat['edge']['from']}, DF{threat['data_flow_number']}, <u>{threat['edge']['to']}</u>\n\n"
             text += f"**Threat tree involved nodes**: {threat['threat_tree_node']}\n\n"
             text += f"**Threat description**: {threat['description']}\n\n"
             if st.session_state["assessments"][i]["impact"]:
-                text += f"**Impact assessment**: {st.session_state["assessments"][i]["impact"]}\n\n"
+                text += f"**Impact assessment**: {st.session_state['assessments'][i]['impact']}\n\n"
             if st.session_state["control_measures"][i]:
-                text += f"**Suggested control measures**: \n\n{measures_gen_markdown(st.session_state["control_measures"][i])}\n\n"
+                text += f"**Suggested control measures**: \n\n{measures_gen_markdown(st.session_state['control_measures'][i])}\n\n"
 
     return text