code review workshop added

pull/2/head
iglocska 2020-10-22 11:43:05 +02:00
parent 5eb07227a5
commit 4884136c4d
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
8 changed files with 208 additions and 0 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 47 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

View File

@ -0,0 +1,185 @@
% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.
\begin{frame}[t,plain]
\titlepage
\end{frame}
\begin{frame}
\frametitle{Plan for this session}
\begin{itemize}
\item Review the following:
\begin{itemize}
\item The layout of the codebase
\item Some design principles
\item Architecture of the application
\end{itemize}
\item Generally anything that might be relevant when reviewing the codebase
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{The software stack}
\begin{itemize}
\item CakePHP 4.x
\item Bootstrap 4 UI
\item A host of ported and modernesied MISP libraries
\item Database: MySQL / raw file storage
\item Redis will be added in the future
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Basic design principles}
\begin{itemize}
\item MVC design
\item API / UI dual design
\item ReSTful APIs
\item Heavy on abstraction
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Basic design principles - UI}
\begin{center}
\includegraphics[scale=0.5]{UI.png}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Basic design principles - API}
\begin{center}
\includegraphics[scale=0.5]{API.png}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Directory structure}
\begin{itemize}
\item src
\begin{itemize}
\item Command
\item Controller
\item Model
\item View
\end{itemize}
\item templates
\item libraries
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Controllers}
\begin{itemize}
\item Inheritance of the AppController
\item Reusable code via components
\begin{itemize}
\item CRUDComponent
\item ACLComponent
\item ParamHandlerComponent
\item RestResponse Component
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Controllers}
\begin{itemize}
\item Generally access public functions by /controller/action
\item Response is always split between two paths: UI/API
\item We can therefore test all functionalities via the API, the UI uses the same program logic
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Models}
\begin{itemize}
\item Tables
\item Entities
\item Tables Implement AppTable
\item Entities implement AppModel
\item Reusable code: Behaviors
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{View layer}
\begin{itemize}
\item Reusable code in Views
\item Templates
\begin{itemize}
\item UI factories for change management and unifority
\item Parametrised view templating
\end{itemize}
\item Exception: API does not use views, rather serializes response data in the controller
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{CLI tools}
\begin{itemize}
\item The plan is to feature a wide range of tools for the CLI
\item Currently it's only in use for one use-case (password resets)
\item CLI commands directly interact with the model, no controller code is executed
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{CLI tools}
\begin{center}
\includegraphics[scale=0.5]{CLI.png}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Authentication and RBAC}
\begin{itemize}
\item Authentication
\begin{itemize}
\item Username / API key
\item Will be extended in the future, pending also requirement collection
\end{itemize}
\item RBAC
\begin{itemize}
\item Users are tied to role objects
\item Roles are modifiable permission control tables
\item The ACL component uses the user session's role to determine access for the requested endpoint
\item We deny by default
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Authentication and RBAC}
\begin{center}
\includegraphics[scale=0.5]{roles.png}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Open directoy feature}
\begin{itemize}
\item Currently in early stages
\item Opt-in system to publicly disclose organisation lists (act as a public trust authority)
\item Unauthenticated endpoints, controlled by the configuration file
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{JSON vocabularies}
\begin{itemize}
\item Potential point to test: JSON libraries ingested by Cerebrate
\item Currently one use-case - extending models with meta fields
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Plans for the future in terms of major subsystems}
\begin{itemize}
\item Cerebrate to Cerebrate exchange, similar to the MISP synchronisation
\item Cerebrate to local tool exchange using a modular approach
\item Trust relationships with a direct ingestion and inbox system tier
\end{itemize}
\end{frame}

Binary file not shown.

After

Width:  |  Height:  |  Size: 66 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 74 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

View File

@ -0,0 +1,23 @@
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
%\definecolor{main}{RGB}{83, 31, 117}
%\definecolor{textcolor}{RGB}{0, 0, 0}
%\definecolor{background}{RGB}{215, 212, 227}
\usepackage[utf8]{inputenc}
\usepackage{tikz}
\usepackage{listings}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
\author{\small{\input{../includes/authors.txt}}}
\title{Cerebrate}
\subtitle{A quick glance at the Cerebrate architecture}
\institute{}
\titlegraphic{\includegraphics[scale=0.2]{logo.png}}
\date{\input{../includes/location.txt}}
\begin{document}
\include{content}
\end{document}