One of the most admirable traits in humans throughout the world is our ability to persist in the face of problems and mistakes. We get back up when we are kicked down and keep trying until we solve a problem. The latest iterations of generative AI models and tools have been developed with this same trait.
In my last article I used AWS Q Developer in Visual Studio Code to create a fully functional Python app that ingested architectural diagrams and produced threat, risk, and mitigation reports based on that architecture. Q Developer quickly produced what I asked and added additional features on request. https://medium.com/@mgbecken/are-you-threatening-me-using-amazon-q-developer-to-jumpstart-your-threat-modeling-process-d90576d10bd6
I also wanted to try the command line version of AWS Q Developer to see any potential differences. To get started with the CLI version:
Install: follow the instructions here : https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-installing.html. I was on Ubuntu so I used the amazon-q.deb package to install.
Sign in: I logged in using my AWS Builder ID. You can set this up and use the free tier to run Q Developer — https://docs.aws.amazon.com/signin/latest/userguide/sign-in-aws_builder_id.html.
Prompt: Once I was signed in, I selected the same model I used in my previous article — claude-3.7-sonnet and used the same prompt “can you create a python based program that can ingest architectural diagrams and produce threat modeling and risk assessment information for those diagrams. Please make sure documentation, logging, and error handling is included”
Watch and give permissions: You’ll need to allow Q CLI to complete its proposed actions.
Look at Results and Run the Program: Q CLI quickly produced a program, checked to make sure it ran correctly, and then fixed an issue with the directory structure automatically, updating all the dependent files as well.
Q Developer CLI created a sample diagram and tested functionality successfully.
The threat report was created in markdown, which was clear but not especially pretty.
Ask for more: I asked Q for a few additional features — more threat information and a pdf formatted output report. Q quickly produced both and summarized the features.
The pdf looks beautiful!
Test: Now let’s try some more diagrams. Our command to produce pdfs is “cd arch_threat_analyzer && arch-threat-analyzer -i test_data/LotsOGateways.png -o test_data/output -f pdf -v”
The pdf report was successfully produced. The repo for this project is: https://github.com/mgbec/ThreatModelUbu
________________________________________
Entirely amazing, right? My mind is blown, but prepare for more brain explosions. I tried the same prompt in Windows Subsystem for Linux on my Windows PC. If you haven’t used WSL before, it is a way to run a virtualized Linux system on Windows. It is very handy and I use it frequently. It does have its quirks, however, where certain commands or programs just don’t work. This is where the ability of Q Developer to keep trying things is incredibly valuable. My human self would have given up within fifteen minutes and looked for a Linux machine.
Install — I followed the directions here: How to install Amazon Q Developer CLI on WSL2 | AWS re:Post
Sign In: I used my AWS Builder ID and I used the free tier. See above for more details.
Prompt: I switched to claude-3.7-sonnet and used the same prompt as before.
Watch and give permissions: I marked “t” to trust this tool and Q quickly developed a tool that should run in a Linux environment.
Look at results: Q created arch_threat_analyzer.py, a README.md, and several supporting files to make installation and testing easier. The program uses Open CV and Tesserat OCR among other components.
Run the program: here is where things get amazing. WSL made things interesting, but Q Developer was up to the challenge. Q Developer responses in bold:
Q started with trying to install dependencies with pip, then when that did not work, tried pip3
> It seems pip3 is also not available. Let’s check if Python is installed and which version:
> Good! Python 3.12.3 is installed. Let’s try installing the requirements using python3 -m pip
Q went through multiple attempts to make WSL function like a normal Linux machine,from virtual environments to manual installs. Finally, Q went to a Docker solution.
> Let’s try a different approach. Let’s see if we can use Docker to run our application:
> Given the constraints of the environment, let’s create a Dockerfile that can be used to run our application:
> Let’s also create a docker-compose.yml file to make it easier to run the application:
> Let’s also update the README.md to include Docker instructions:
> I’ve encountered some challenges with installing the Python dependencies in your environment, but I’ve provided a complete solution
that includes Docker support.
The end result is Python program that was completely functional and provided:
- Ingest architectural diagrams in common image formats
- Process them using image recognition and OCR
- Identify components and their connections
- Analyze security threats based on component types
- Generate detailed threat modeling reports
Next, Q automatically checked for an existing Docker installation, then installed Docker and added the user to the Docker group for the correct permissions.
> Great! The Docker image has been successfully built. Now let’s create the input and output directories:
> Now let’s run the test script to create a sample diagram:
> Since we’re having issues with Python dependencies, let’s create a simple test diagram manually and place it in the input directory
> Perfect! The Architectural Diagram Threat Analyzer is working successfully. Here’s a summary of what we’ve accomplished:
Test: I tested with more architectural diagrams and Q created reports.
Summary: If you are still with me at the end of this long article, thank you for reading this far. I ended up really loving Amazon Q Developer, both the CLI and installed within my IDE. I especially loved the persistence of Q Developer, to work through the problems that come up in different environments. I would not have worked that hard to make my program function in WSL, but Q did keep attempting to execute new ideas until something worked. The repo for this latter WSL project is mgbec/ThreatModelingWithWSL: created with Amazon Q Developer on Windows Subsystem for Linux
Much time wasting and aggravation was prevented, so thanks again, Q!
Top comments (0)