Skip to content

Add security threat model (THREAT_MODEL.md) + SECURITY.md and AGENTS.md discoverability#4547

Open
potiuk wants to merge 8 commits into
apache:devfrom
potiuk:asf-security/threat-model-2026-06-11
Open

Add security threat model (THREAT_MODEL.md) + SECURITY.md and AGENTS.md discoverability#4547
potiuk wants to merge 8 commits into
apache:devfrom
potiuk:asf-security/threat-model-2026-06-11

Conversation

@potiuk

@potiuk potiuk commented Jun 11, 2026

Copy link
Copy Markdown
Member

This adds a v0 security threat model + discoverability wiring to apache/streampipes, produced by the ASF Security team for the StreamPipes PMC to review and own — the pre-flight step for the Glasswing security scan the PMC opted into (path 3).

What's here

  • THREAT_MODEL.md (new) — a v0 model (Michael Scovetta rubric, run with Claude Opus) covering the streampipes-rest front door, the external-data ingestion boundary at the adapters, and the extension runtime (custom adapters/processors/sinks as code-execution by design): trust boundaries, in/out-of-scope adversaries, what StreamPipes upholds vs. what it leaves to the operator (TLS, network isolation, extension vetting, source trust), known non-findings, and triage dispositions. Every non-trivial claim is provenance-tagged (documented) / (maintainer) / (inferred).
  • SECURITY.md (new) — private reporting via security@streampipes.apache.org + a pointer to the model.
  • AGENTS.md (amended) — appends a ## Security section to your existing root AGENTS.md, wiring AGENTS.md → SECURITY.md → THREAT_MODEL.md (your existing guidance is untouched).

How to engage — this is a draft to react to. THREAT_MODEL.md §14 collects open questions in waves; the highest-leverage one is Q2 — the ingestion boundary: what StreamPipes guarantees about handling hostile data from an external source an adapter connects to. Answer inline a few at a time, correct anything wrong, and the model becomes the PMC's. Once you're happy, we queue the scan in OSS-criticality order. No deadline pressure with the Mythos 5 window being extended.

Generated-by: Claude Opus 4.8 (1M context)

… discoverability

v0 threat model produced by the ASF Security team via threat-model-producer
(Michael Scovetta rubric, run with Claude Opus) for the PMC to review, correct,
and own. Wires the AGENTS.md -> SECURITY.md -> THREAT_MODEL.md discoverability
chain the scan agent follows. Every non-trivial claim is provenance-tagged;
open questions for the PMC are collected in THREAT_MODEL.md section 14.

Generated-by: Claude Opus 4.8 (1M context)
Copilot AI review requested due to automatic review settings June 11, 2026 15:55

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a security policy and initial threat model documentation, and wires both into the repository’s agent guidance to standardize vulnerability reporting and triage.

Changes:

  • Added SECURITY.md with private reporting guidance and links to the threat model.
  • Added THREAT_MODEL.md (v0 draft) defining scope, trust boundaries, and triage dispositions.
  • Updated AGENTS.md with a Security section pointing contributors/triagers to the new docs.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File Description
THREAT_MODEL.md Introduces a draft threat model, boundaries, and triage taxonomy
SECURITY.md Adds vulnerability reporting instructions and references threat model
AGENTS.md Adds security workflow steps and links to the new security docs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread THREAT_MODEL.md Outdated
Comment thread THREAT_MODEL.md Outdated
Comment on lines +145 to +150
| Lever | Why it matters |
| --- | --- |
| Authentication / initial-admin setup | decides whether the REST/UI front door is open and how the first admin is provisioned. |
| Role / permission model | decides whether non-admin users are bounded to their own resources. |
| TLS on REST + broker + datastore | decides whether sessions/events are on the wire in clear. |
| Extension installation policy | decides who may deploy adapter/processor code into the runtime. |

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it doesn't apply to this specific table.

Comment thread SECURITY.md Outdated
Comment on lines +41 to +42
This file is **v0** and carries open questions for the StreamPipes PMC in
`THREAT_MODEL.md` §14.
Comment thread THREAT_MODEL.md Outdated
Comment on lines +217 to +221
**Wave 4 — meta**
13. StreamPipes has a root `AGENTS.md` but no `SECURITY.md`/`THREAT_MODEL.md`;
this PR adds them and appends a `## Security` section to the existing
`AGENTS.md` wiring `AGENTS.md → SECURITY.md → THREAT_MODEL.md`. Confirm this
in-repo model is canonical, and who owns revisions.
Comment thread THREAT_MODEL.md Outdated
| TLS on REST + broker + datastore | decides whether sessions/events are on the wire in clear. |
| Extension installation policy | decides who may deploy adapter/processor code into the runtime. |

## §11a — Known non-findings (seed for scanner/AI triage)
Comment thread THREAT_MODEL.md Outdated
JAR) from an SCA scanner — triage upstream unless StreamPipes' own code
reaches the vulnerable path with untrusted input.

## §13 — Triage dispositions
@github-actions github-actions Bot added the documentation Everything related to documentation label Jun 11, 2026
obermeier and others added 2 commits June 12, 2026 14:58
Avoids the 'this PR adds them' reference that goes stale post-merge;
states the repo ships the discoverability files and how they wire.

Generated-by: Claude Opus 4.8 (1M context)
Copilot AI review requested due to automatic review settings June 16, 2026 00:40
@potiuk

potiuk commented Jun 16, 2026

Copy link
Copy Markdown
Member Author

Thanks @obermeier — agreed on the table comments; the || rows render correctly and are intentional in those two tables, so I've left them as-is.

On Copilot's other points: the §11a numbering is deliberate — it mirrors the threat-model rubric's section scheme (11a is a distinct "known non-findings" subsection), and it's consistent with the other project models we've produced, so I've kept it.

I did take the timeless-wording point on §14.13 — reworded so it no longer references "this PR adds them" (just pushed). The rest of the Copilot comments are outdated against the current revision.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

Comment thread THREAT_MODEL.md Outdated
Comment on lines +46 to +54
| Component | Role | Primary surface |
| --- | --- | --- |
| **`streampipes-rest`** | the HTTP/REST front door — auth, user/resource management, pipeline + adapter control | network (the primary untrusted boundary) *(inferred — §11 Q1)* |
| **`streampipes-service-core`** | bootstrapping, **security**, migrations, scheduling *(documented: AGENTS.md)* | in-process |
| **`*-management` modules** | business/domain logic (pipelines, adapters, data lake) | in-process |
| **Connect adapters (extensions)** | ingest data from **external** industrial sources (OPC-UA, MQTT, HTTP, files, DB, …) | the external-data ingestion boundary *(inferred — §11 Q2)* |
| **Pipeline elements (processors/sinks)** | run processing logic over the event streams; deployable as extensions | in-process / extension-runtime code *(inferred — §11 Q2)* |
| **Message broker + data lake** | event transport (Kafka/MQTT/NATS-class) and time-series persistence | intra-deployment infra *(inferred — §11 Q3)* |
| **UI** (`ui/`) | browser client | client trust domain |
Comment thread THREAT_MODEL.md Outdated
Comment on lines +145 to +150
| Lever | Why it matters |
| --- | --- |
| Authentication / initial-admin setup | decides whether the REST/UI front door is open and how the first admin is provisioned. |
| Role / permission model | decides whether non-admin users are bounded to their own resources. |
| TLS on REST + broker + datastore | decides whether sessions/events are on the wire in clear. |
| Extension installation policy | decides who may deploy adapter/processor code into the runtime. |
Comment thread THREAT_MODEL.md Outdated
Comment on lines +106 to +107
- **Memory safety on well-formed input** to the JVM's extent (StreamPipes is
primarily Java).
Comment thread THREAT_MODEL.md Outdated
Comment on lines +20 to +21
> **Status:** v0 draft produced by the ASF Security team (Michael Scovetta
> rubric, run with Claude Opus) for the Apache StreamPipes PMC to review,
Comment thread SECURITY.md
**privately** to the StreamPipes security list at
`security@streampipes.apache.org`, following the
[Apache Software Foundation security process](https://www.apache.org/security/).
Do **not** open public GitHub issues or pull requests for security reports — a
obermeier added 2 commits July 3, 2026 01:32
Revise the Threat Model document for clarity, structure, and accuracy. Update sections on purpose, assets, adversaries, trust boundaries, and key configurations.
Removed descriptions for 'streampipes-service-core' and '*-management' modules in the threat model.
Copilot AI review requested due to automatic review settings July 3, 2026 09:42

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

obermeier added 2 commits July 3, 2026 13:58
Updated the language for clarity regarding the control boundary and external data ingestion.
Updated language for clarity and consistency regarding the threat model version and maintenance notes.
Copilot AI review requested due to automatic review settings July 3, 2026 11:59

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review is ineligible. To be eligible to request a review, you need a paid Copilot license, or your organization must enable Copilot code review.

Added versioning information and clarified references to sections in the threat model document.
@obermeier obermeier marked this pull request as ready for review July 3, 2026 12:11
@obermeier

Copy link
Copy Markdown
Member

I did some adjustments in THREAT_MODEL to be more SP-specific and tried to answer the provided questions. What do you think about it?

@potiuk

potiuk commented Jul 4, 2026

Copy link
Copy Markdown
Member Author

@obermeier this is great — thank you for taking it over and making it
genuinely StreamPipes-specific. It now reads as StreamPipes' own model rather
than a generic draft, which is exactly the outcome we're after.

A few things I especially like:

  • §9 (known non-findings) is the highest-leverage section for keeping an
    automated scan's noise down, and yours is excellent. The GraalJS distinction
    — installed JAR extensions are trusted code (BY-DESIGN), but a break of the
    SandboxPolicy.CONSTRAINED + HostAccess.CONSTRAINED script boundary is
    in-model and VALID — is exactly the nuance a scanner needs spelled out. Same
    for the WRITE_ADAPTER / ROLE_CONNECT_ADMIN framing on the SSRF case and the
    non-sensitive asset allowlist.
  • Your refinement on default credentials — not auto-dismissing a
    production-reachable fresh install that accepts shipped bootstrap creds as
    out-of-model unless there are real safeguards — is a good, conservative call.
  • The JAR-vs-JS-sandbox split in §7 is clear and correct.

From our side it clears the completeness bar comfortably: scope/assets, the
adversary model, trust boundaries + data flow, properties upheld and
disclaimed, operator responsibilities, known non-findings, and the triage
dispositions are all substantive — and the AGENTS.md -> SECURITY.md ->
THREAT_MODEL.md discovery chain resolves cleanly.

No changes requested on my end. Merge whenever you're happy with it; once it
lands I'll follow up over the private thread with next steps. Thanks again for
the thorough pass.

@obermeier obermeier marked this pull request as draft July 7, 2026 09:26
@obermeier obermeier marked this pull request as ready for review July 7, 2026 09:27
@obermeier obermeier marked this pull request as draft July 7, 2026 09:27
@obermeier obermeier marked this pull request as ready for review July 7, 2026 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Everything related to documentation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants