feat(lab2): Threagile threat model secure variant and auth flow

[Walkerino]

Goal

Deliver Lab 2: generate a baseline STRIDE threat model for OWASP Juice Shop, create a secure Threagile variant, compare risk counts, and add an auth-focused bonus model.

Changes

• Added submissions/lab2.md with baseline risk counts, top-5 risks, STRIDE mapping, trust-boundary analysis, secure-variant diff, and bonus auth-flow analysis.
• Added labs/lab2/threagile-model-secure.yaml with HTTPS, encrypted storage, authenticated proxy-to-app traffic, and explicit encrypted app-to-storage flow.
• Added labs/lab2/threagile-model-auth.yaml as a focused auth/JWT/admin threat model.

Testing

Commands run and observed output:

docker run --rm \
  -v "$(pwd)/labs/lab2":/app/work \
  threagile/threagile:0.9.1 \
  -model /app/work/threagile-model.yaml \
  -output /app/work/output \
  -generate-risks-excel=false \
  -generate-tags-excel=false

docker run --rm \
  -v "$(pwd)/labs/lab2":/app/work \
  threagile/threagile:0.9.1 \
  -model /app/work/threagile-model-secure.yaml \
  -output /app/work/output-secure \
  -generate-risks-excel=false \
  -generate-tags-excel=false

docker run --rm \
  -v "$(pwd)/labs/lab2":/app/work \
  threagile/threagile:0.9.1 \
  -model /app/work/threagile-model-auth.yaml \
  -output /app/work/output-auth \
  -generate-risks-excel=false \
  -generate-tags-excel=false

Risk count results:

Model	Critical	High	Elevated	Medium	Low	Total
Baseline	0	0	4	14	5	23
Secure variant	0	0	3	12	4	19
Auth-focused bonus	0	2	6	15	5	28

Artifacts & Screenshots

• Submission report: submissions/lab2.md
• Secure variant model: labs/lab2/threagile-model-secure.yaml
• Auth-focused bonus model: labs/lab2/threagile-model-auth.yaml
• Generated reports were verified locally but not committed because labs/lab2/output* is gitignored.

Lab Checklist

• Task 1 — Baseline risk table + top-5 with STRIDE mapping
• Task 2 — Secure variant + risk diff table
• Bonus — Auth-flow model + 3 auth-specific risks