General Information
The repository for this application (open on GitHub) has 535 stars and was forked 282 times. The codebase consists of 2797 lines of code and makes use of the following technologies:
Apache httpd Docker Docker Compose Kafka ZooKeeper
Data Flow Diagram
Download the following model file here. Other formats are provided below.
{
"services": [
{
"name": "zookeeper",
"stereotypes": [
"configuration_server",
"infrastructural"
],
"tagged_values": {
"Configuration Server": "ZooKeeper"
}
},
{
"name": "kafka",
"stereotypes": [
"message_broker",
"infrastructural"
],
"tagged_values": {
"Message Broker": "Kafka",
"Port": 9092
}
},
{
"name": "order",
"stereotypes": [
"internal"
],
"tagged_values": {
"Port": 8080,
"Endpoints": [
"/order"
]
}
},
{
"name": "invoicing",
"stereotypes": [
"internal",
"local_logging"
],
"tagged_values": {
"Port": 8080
}
},
{
"name": "shipping",
"stereotypes": [
"internal",
"local_logging"
],
"tagged_values": {
"Port": 8080
}
},
{
"name": "apache",
"stereotypes": [
"web_server",
"infrastructural"
],
"tagged_values": {
"Web Server": "Apache httpd",
"Port": 80
}
},
{
"name": "postgres",
"stereotypes": [
"database",
"plaintext_credentials",
"exitpoint"
],
"tagged_values": {
"Database": "PostgreSQL",
"Username": "dbuser",
"Password": "dbpass"
}
}
],
"information_flows": [
{
"sender": "zookeeper",
"receiver": "kafka",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "order",
"receiver": "kafka",
"stereotypes": [
"restful_http",
"message_producer_kafka"
],
"tagged_values": {
"'Producer Topic'": "\"order\""
}
},
{
"sender": "kafka",
"receiver": "invoicing",
"stereotypes": [
"restful_http",
"message_consumer_kafka"
],
"tagged_values": {
"'Consumer Topic'": "\"order\""
}
},
{
"sender": "kafka",
"receiver": "shipping",
"stereotypes": [
"restful_http",
"message_consumer_kafka"
],
"tagged_values": {
"'Consumer Topic'": "\"order\""
}
},
{
"sender": "apache",
"receiver": "order",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "apache",
"receiver": "shipping",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "apache",
"receiver": "invoicing",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "user",
"receiver": "apache",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "apache",
"receiver": "user",
"stereotypes": [
"restful_http"
],
"tagged_values": {}
},
{
"sender": "postgres",
"receiver": "order",
"stereotypes": [
"jdbc",
"plaintext_credentials_link"
],
"tagged_values": {
"'Username'": "\"dbuser\"",
" 'Password'": "\"dbpass\""
}
},
{
"sender": "postgres",
"receiver": "shipping",
"stereotypes": [
"jdbc",
"plaintext_credentials_link"
],
"tagged_values": {
"'Username'": "\"dbuser\"",
" 'Password'": "\"dbpass\""
}
},
{
"sender": "postgres",
"receiver": "invoicing",
"stereotypes": [
"jdbc",
"plaintext_credentials_link"
],
"tagged_values": {
"'Username'": "\"dbuser\"",
" 'Password'": "\"dbpass\""
}
}
],
"external_entities": [
{
"name": "user",
"stereotypes": [
"user_stereotype",
"entrypoint",
"exitpoint"
],
"tagged_values": {}
}
]
}
Model Items
The Application consists of a total of 76 elements:
| Element | Count |
|---|---|
| Services | 7 |
| External Entities | 1 |
| Information Flows | 12 |
| Annotations | 56 |
| Total Items | 76 |
Model Representations
Open the model in the following formats:
Traceability
Open the traceability information for all model items:
Security Rules
The following table shows the application’s adherence to the 17 architectural security rules. The last column provides model variants that adhere to the rule for each rule that is initially violated.
| Rule ID | Verdict | Evidence | Model Variant |
|---|---|---|---|
| R1 | Evidence | ||
| R2 | Evidence | Variant | |
| R3 | Evidence | Variant | |
| R4 | Evidence | Variant | |
| R5 | Evidence | Variant | |
| R6 | Evidence | Variant | |
| R7 | Evidence | Variant | |
| R8 | Evidence | Variant | |
| R9 | Evidence | Variant | |
| R10 | Evidence | Variant | |
| R11 | Evidence | ||
| R12 | Evidence | Variant | |
| R13 | Evidence | Variant | |
| R14 | Evidence | Variant | |
| R16 | Evidence | Variant | |
| R17 | Evidence | Variant | |
| R18 | Evidence | Variant |
Evidence and explanations for rule decisions
R1
Rule is partially adhered to: User only communicates with the Apache httpd web server. There is no indication or configuration that the Apache httpd webserver is authenticating/authorizing the requests.
Artifacts:
R2
Rule is violated: Internal services do not mutually authenticate nor authorize. Only the database accesses are authorized using plaintext credentials.
Artifacts:
R3
Rule is violated: No authentication mechanism is deployed.
R4
Rule is violated: External entities are not represented in the application. Users behave transparent to the server.
R5
Rule is violated: No authentication tokens are used.
R6
Rule is violated: No rate limiting of any means is deployed.
R7
Rule is violated: User external entities can call the gateway service using an unencrypted HTTP connection.
Artifacts:
R8
Rule is violated: All internal services communicate over insecure HTTP connections.
Artifacts:
R9
Rule is violated: No central logging system is deployed.
R10
Rule is violated: No central logging system is deployed. All internal services do perform local logging, however none of the logs are consumed and accessed through monitoring software.
Artifacts:
R11
Rule is adhered to: All internal services perform structured logging and only entity IDs and events are logged. No PII or secrets will be leaked by the logging messages (see example artifact).
Artifacts:
- InvoiceService.java: Line: 25
R12
Rule is violated: The deployed Kafka message broker does not handle logging. No logs are collected.
R13
Rule is violated: No explicit circuit breaker is deployed.
R14
Rule is violated: No load balancing is deployed.
R15
This rule is not applicable: Not a service mesh deployment.
R16
Rule is violated: No service registration is deployed. Services are statically linked.
Artifacts:
R17
Rule is violated: No service registration is deployed. Services are statically linked.
Artifacts:
R18
Rule is violated: No secret manager is deployed.