awslabs/threat-modeling-mcp-server

# 威胁建模 MCP 服务器 一个用于全面威胁建模并具备自动代码验证功能的模型上下文协议 (MCP) 服务器。 ## 目录 - [概述](#overview) - [快速启动提示词](#quick-start-prompts-and-examples-on-how-to-threat-model-with-this-mcp-server) - [核心功能](#key-features) - [前置条件](#prerequisites) - [安装说明](#installation) - [使用 Kiro CLI 运行](#running-with-kiro-cli) - [输出文件管理](#output-file-management) - [快速参考](#quick-reference) - [工具概览](#tools-overview) - [威胁建模方法论](#threat-modeling-methodology) - [威胁建模中的假设](#assumptions-in-threat-modeling) - [开发指南](#development) - [路线图](#roadmap) ## 概述 本服务器提供了用于威胁建模的工具，包括业务上下文分析、架构分析、威胁行为者分析、信任边界分析、资产流分析、代码安全验证以及综合报告生成。 ### 架构与方法 此 MCP 服务器调用现有代理的 LLM，而不是对外部 API 或不同服务进行网络调用。它依赖于现有客户端的 LLM，这些客户端可以是 Amazon-Q、Kiro 或 Cline。 此威胁建模 MCP 服务器具有三个主要功能： 1. 威胁建模阶段或状态管理以及提示词控制。 2. 提示词引导，通过使用内置的业务风险、暴露面、威胁行为者定义，并按顺序使用 STRIDE 方法，控制代理遵循有条理的威胁建模方法。 3. 在每个状态或阶段进行数据验证，进而生成可操作的威胁建模报告。 它还提供了生成 Markdown 和 JSON 可导出格式的最终报告的工具。 ### 此方法的主要优势 - 此威胁建模遵循标准的 STRIDE 方法进行分阶段建模，而不是快速得出资产、边界和威胁的结论，后者可能导致幻觉或低质量的输出。 - LLM 会努力理解项目的业务上下文，并做出可由用户控制的有效假设。 - 使用此本地运行的威胁建模 MCP 服务器的主要优势在于，它利用了客户端现有的 LLM（Cline、Amazon-Q、Kiro）。任何被处理或发送的数据仅限于客户端或您可能已安装并调用的其他 MCP 服务器。此服务器不会调用任何其他外部 API，也不会在调用客户端的 LLM 之外发送或接收数据，且不会产生超出您的客户端已配置使用的额外账单或 token。 - 此威胁建模方法将您的威胁模型作为 `.threatmodel` 目录存储在同一代码库中，您可以随着代码、设计和架构的发展不断演进您的威胁模型。 - 此威胁建模方法会查看代码（如果存在），并在代码级控制中已缓解威胁的情况下更新这些威胁。您可以在修复代码后重新运行威胁建模，它会根据修复情况快速更新威胁模型。 ## 关于如何使用此 MCP 服务器进行威胁建模的快速启动提示词和示例 ### 启动威胁建模 ``` "Threat model this project using the threat modeling MCP Server" ``` 在提示词中明确指出使用威胁建模 MCP 服务器，可以确保客户端（Cline/Kiro/等）严格遵循各个阶段和方法论，而不是走捷径并在结果中引入幻觉。 ### 对子项目进行威胁建模或将范围缩小到子文件夹 ``` "Threat model this subfolder using the threat modeling MCP Server" ``` 在子文件夹上运行会限制威胁建模和代码的范围，并将结果作为 `.threatmodel` 目录保存在该子文件夹内。 ### 保存威胁建模结果 ``` "Save the threat model report" ``` ### 验证威胁建模过程的完整性 ``` "Please complete all the phases in the threat model plan and then generate the final report." ``` ### 输入架构图图像 ``` "Threat model this project using the threat model MCP server and consider this architecture_image.png attached for this review" ``` ### 尝试修复威胁 ``` "Can you see if you can implement mitigation controls in the code based on the threats reported in the threat model" ``` ### 基于代码修复重新生成威胁模型 ``` "Can you updated the threat model based on the code fixes which mitigated the reported threats" ``` ### 更多示例 ``` # 设置 context "Set business context for an e-commerce payment system" # 添加 architecture "Add a web server component using AWS EC2" "Add a database component using AWS RDS" # 识别威胁 "Add a threat where an attacker with network access performs SQL injection" # 添加 mitigations "Add a mitigation for input validation" # 导出结果 "Export the threat model to my_model.json" ``` ## 核心功能 - **全面的威胁建模**：用于识别、评估和应对安全风险的结构化方法 - **自动代码验证**：检测项目目录中的代码，并自动针对代码验证威胁模型 - **业务上下文分析**：了解系统的业务价值和关键性 - **架构分析**：记录系统的技术架构和数据流 - **威胁行为者分析**：识别潜在对手并评估其能力 - **信任边界分析**：识别信任区域并验证边界处的安全控制 - **资产流分析**：追踪系统中的关键资产 - **威胁识别**：使用 STRIDE 方法论系统地识别潜在威胁 - **缓解计划**：制定应对已识别威胁的策略 - **假设管理**：用于在威胁模型中添加、列出、更新和删除假设的工具 - **威胁生成器**：用于在模型中添加和管理威胁的工具 - **缓解管理**：用于管理缓解措施并将其链接到威胁的工具 - **威胁模型指南**：贯穿威胁建模过程的分步指导 - **数据模型类型**：用于探索可用数据模型类型和枚举的工具 ## 前置条件 在安装威胁建模 MCP 服务器之前，请确保您满足以下要求： ### 安装要求 1. 从 [Astral](https://docs.astral.sh/uv/getting-started/installation/) 或 [GitHub README](https://github.com/astral-sh/uv#installation) 安装 `uvx` - uvx 是 uv 包管理器的一部分 - 验证安装：`uvx --version` ## 安装说明 一旦您安装了 uvx 并验证其正常工作，请将以下配置添加到您的 mcp.json 配置文件中。根据您使用的客户端类型，此 mcp.json 的位置会有所不同。一旦您添加配置并重新启动您的 IDE，威胁建模 MCP 服务器将使用 `uvx` 直接从该 GitHub 仓库自动安装。 ### 配置 将以下内容添加到您的 MCP 客户端配置中： **对于 Amazon Q** (`~/.aws/amazonq/mcp.json`)： ``` { "mcpServers": { "threat-modeling-mcp-server": { "command": "uvx", "args": [ "--from", "git+https://github.com/awslabs/threat-modeling-mcp-server.git", "threat-modeling-mcp-server" ], "env": { "FASTMCP_LOG_LEVEL": "ERROR" }, "disabled": false, "autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"] } } } ``` **对于 VSCode Cline**： ``` { "mcpServers": { "threat-modeling-mcp-server": { "command": "uvx", "args": [ "--from", "git+https://github.com/awslabs/threat-modeling-mcp-server.git", "threat-modeling-mcp-server" ], "env": { "FASTMCP_LOG_LEVEL": "ERROR" }, "disabled": false, "autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"], "timeout": 60, "type": "stdio" } } } ``` **对于 Kiro** (`~/.kiro/settings/mcp.json`)： ``` { "mcpServers": { "threat-modeling-mcp-server": { "command": "uvx", "args": [ "--from", "git+https://github.com/awslabs/threat-modeling-mcp-server.git", "threat-modeling-mcp-server" ], "env": { "FASTMCP_LOG_LEVEL": "ERROR" }, "disabled": false, "autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"] } } } ``` ### 使用 Kiro CLI 运行 要通过 `kiro-cli` 运行 MCP 服务器并自动批准所有工具： ``` kiro-cli chat --trust-tools="@threat-modeling-mcp-server/*" ``` 这会信任来自 `threat-modeling-mcp-server` MCP 服务器的所有工具，因此系统不会提示您单独批准每个工具调用。 ## 输出文件管理 威胁建模服务器生成的所有输出文件都会自动保存到您项目根目录中的 `.threatmodel` 目录中。这包括： - 导出的威胁模型（JSON 格式） - 验证报告 - 分析结果 `.threatmodel` 目录会在需要时自动创建。 ## 快速参考 ### 入门必备工具 | 工具 | 用途 | 示例 | |------|---------|---------| | `get_threat_modeling_plan()` | 获取综合计划 | 从此处开始以了解概述 | | **`get_phase_1_guidance()`** | **获取聚焦的第 1 阶段指导** | **推荐起点** | | `get_current_phase_status()` | 检查进度 | 跟踪完成状态 | | `set_business_context(desc)` | 定义系统上下文 | "电商支付系统" | | `add_component(name, type)` | 添加架构组件 | "API Gateway"、"Network" | | `add_threat(source, prereq, action, impact)` | 识别威胁 | "Attacker"、"network access"、"SQL injection"、"data breach" | | `add_mitigation(content)` | 添加安全控制 | "输入验证和参数化查询" | | `link_mitigation_to_threat(m_id, t_id)` | 将控制措施链接到威胁 | 将缓解措施连接到特定威胁 | | **`execute_code_validation_step()`** | **自动执行第 7.5 阶段** | **确保代码验证完成** | | **`execute_final_export_step()`** | **自动执行第 9 阶段** | **生成所有必需文件** | ### 🚀 分步指导 **推荐方法**：使用特定阶段的指导工具，而不是综合计划： | 阶段 | 工具 | 用途 | |-------|------|---------| | 1 | `get_phase_1_guidance()` | 业务上下文分析 | | 2 | `get_phase_2_guidance()` | 架构分析 | | 3 | `get_phase_3_guidance()` | 威胁行为者分析 | | 4 | `get_phase_4_guidance()` | 信任边界分析 | | 5 | `get_phase_5_guidance()` | 资产流分析 | | 6 | `get_phase_6_guidance()` | 威胁识别 | | 7 | `get_phase_7_guidance()` | 缓解计划 | | 7.5 | `execute_code_validation_step()` | 代码验证（自动） | | 8 | `get_phase_8_guidance()` | 残余风险分析 | | 9 | `execute_final_export_step()` | 最终导出（自动） | ## 工具概览 威胁建模 MCP 服务器提供了 **100 多种工具**，分为以下几类： | 类别 | 工具 | 描述 | |----------|-------|-------------| | **威胁建模计划** | 1 种工具 | 生成全面的威胁建模计划 | | **假设管理** | 5 种工具 | 添加、列出、获取、更新和删除假设 | | **业务上下文分析** | 13 种工具 | 分析业务上下文和需求 | | **架构分析** | 13 种工具 | 记录和分析系统架构 | | **威胁行为者分析** | 10 种工具 | 识别和分析潜在威胁行为者 | | **信任边界分析** | 18 种工具 | 分析信任区域、边界和跨越点 | | **信任边界检测** | 1 种工具 | AI 驱动的信任边界检测 | | **资产流分析** | 12 种工具 | 追踪和分析系统中的资产流 | | **威胁生成** | 4 种工具 | 添加、列出、获取和删除威胁 | | **缓解管理** | 7 种工具 | 管理缓解措施并将其链接到威胁 | | **威胁模型指南** | 3 种工具 | 贯穿流程的分步指导 | | **数据模型类型** | 2 种工具 | 探索可用的数据模型类型 | | **代码安全验证** | 3 种工具 | 验证代码中的安全控制 | | **威胁模型验证** | 2 种工具 | 针对代码验证威胁模型 | | **步骤编排器** | 12 种工具 | 特定阶段指导和步骤执行 | ## 威胁建模方法论 ### STRIDE 框架 服务器使用 STRIDE 方法论进行系统的威胁识别： | 类别 | 描述 | 威胁示例 | |----------|-------------|-----------------| | **Spoofing (欺骗)** | 冒充其他人或其他事物 | 身份验证绕过、身份盗窃 | | **Tampering (篡改)** | 修改数据或代码 | 数据损坏、代码注入 | | **Repudiation (抵赖)** | 声称没有执行过某项操作 | 日志篡改、不可否认性失效 | | **Information Disclosure (信息泄露)** | 向未经授权的用户暴露信息 | 数据泄露、隐私违规 | | **Denial of Service (拒绝服务)** | 拒绝或降低服务能力 | 资源耗尽、可用性攻击 | | **Elevation of Privilege (权限提升)** | 在未经授权的情况下获取能力 | 权限升级、未经授权的访问 | ### 威胁建模过程 全面的威胁建模过程包括以下几个阶段： 1. **业务上下文分析**：了解系统的业务价值和关键性 2. **架构分析**：记录系统的技术架构 3. **威胁行为者分析**：识别潜在对手及其能力 4. **信任边界分析**：识别信任区域和边界跨越 5. **资产流分析**：追踪系统中的关键资产 6. **威胁识别**：使用 STRIDE 系统地识别潜在威胁 7. **缓解计划**：制定应对已识别威胁的策略 8. **代码验证**：根据现有的安全控制验证威胁 9. **残余风险分析**：评估缓解后剩余的风险 每个阶段都包含具体的目標、活动和输出，以指导威胁建模过程。 ### 威胁严重等级 - **Critical (严重)**：需要立即采取行动，系统极有可能被攻陷 - **High (高)**：重大风险，应迅速解决 - **Medium (中)**：中等风险，在正常开发周期中解决 - **Low (低)**：轻微风险，方便时解决 - **Info (信息)**：信息性发现，无需立即采取行动 ### 缓解类型 - **Preventive (预防性)**：防止威胁发生的控制措施 - **Detective (检测性)**：在威胁发生时进行检测的控制措施 - **Corrective (纠正性)**：响应和纠正威胁的控制措施 - **Compensating (补偿性)**：在主要控制措施不可行时的替代控制措施 ## 威胁建模中的假设 假设是我们接受为真而无需进一步验证的陈述。它们通过建立边界和约束来帮助确定威胁模型的范围。常见的例子包括： - "VPC 中的所有网络连接在传输过程中都是加密的" - "AWS KMS 密钥无法通过暴力破解发现" - "国家级威胁行为者不是本系统关注的重点" 通过记录假设，我们可以： - 避免生成无意义的威胁 - 避免推荐不必要的缓解措施 - 专注于相关的安全问题 - 清楚地记录威胁模型的范围和局限性 ## 开发指南 ## 安全 更多信息，请参阅 [贡献指南](CONTRIBUTING.md#security-issue-notifications)。 ## 许可证 本项目采用 Apache-2.0 许可证授权。有关详细信息，请参阅 [LICENSE](LICENSE) 文件。

标签：AI安全, Amazon Q, Chat Copilot, Cline, DevSecOps, DInvoke, DLL 劫持, JSON导出, Kiro, LLM驱动, Markdown报告, MCP服务器, STRIDE模型, TLS抓取, XML 请求, 上游代理, 业务上下文分析, 代码安全验证, 信任边界分析, 大语言模型, 威胁建模, 威胁行为者分析, 安全开发, 安全报告生成, 架构安全分析, 模型上下文协议, 网络安全, 自动化安全分析, 资产流分析, 软件安全, 逆向工具, 隐私保护