public Contracts.Incident.Incident GetSingle(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = db.Incidents.FirstOrDefault(a => a.IncidentId == id);
if (item == null)
{
throw new RAAPNotFoundException("Item not found.");
}
return(item.ToContract());
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Incidents.FirstOrDefault(a => a.IncidentId == id);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.Incidents.Remove(process);
db.SaveChanges();
}
}
public Contracts.Control.Control GetSingle(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = db.Controls.FirstOrDefault(a => a.ControlId == id);
if (item == null)
{
throw new RAAPNotFoundException("Item not found.");
}
return(item.ToContract(_userService));
}
}
public Contracts.Vulnerability.VulnerabilityCatalog UpdateCatalog(Contracts.Vulnerability.UpdateVulnerabilityCatalog updateVulnerabilityCatalog)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var vulnerabilityCatalog = db.VulnerabilityCatalogs.FirstOrDefault(a => a.VulnerabilityCatalogId == updateVulnerabilityCatalog.VulnerabilityId);
if (vulnerabilityCatalog == null)
{
throw new RAAPNotFoundException("Item not found.");
}
vulnerabilityCatalog.ApplyUpdate(updateVulnerabilityCatalog);
db.SaveChanges();
return(vulnerabilityCatalog.ToContract());
}
}
public Contracts.Incident.Incident Update(Contracts.Incident.UpdateIncident updateIncident)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Incidents.FirstOrDefault(a => a.IncidentId == updateIncident.IncidentId);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
process.ApplyUpdate(updateIncident);
db.SaveChanges();
return(process.ToContract());
}
}
public Contracts.AssetSubCategory.AssetSubCategory GetSingle(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = db.AssetSubCategories.FirstOrDefault(a => a.AssetSubCategoryId == id);
if (item == null)
{
throw new RAAPNotFoundException("Item not found.");
}
;
return(item.ToContract());
}
}
public Contracts.Vulnerability.Vulnerability Update(Contracts.Vulnerability.UpdateVulnerability updateVulnerability)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var Vulnerability = db.Vulnerabilities.Include("Controls").FirstOrDefault(a => a.VulnerabilityId == updateVulnerability.VulnerabilityId);
if (Vulnerability == null)
{
throw new RAAPNotFoundException("Item not found.");
}
Vulnerability.ApplyUpdate(updateVulnerability);
db.SaveChanges();
return(Vulnerability.ToContract());
}
}
public List <SimpleSearchResult> Search(string query)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
return
(db.ProcessCategories.Where(a => a.Name.Contains(query))
.OrderBy(a => a.Name)
.Take(20)
.Select(a => new SimpleSearchResult()
{
Id = a.ProcessCategoryId, Name = a.Name
}).ToList());
}
}
public List <SimpleSearchResult> Search(string query, string attributeTypeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
return
(db.Attributes.Where(a => a.Name.Contains(query) && a.AttributeTypeId == attributeTypeId)
.OrderBy(a => a.Name)
.Take(20)
.Select(a => new SimpleSearchResult()
{
Id = a.AttributeId, Name = a.Name
}).ToList());
}
}
public void RemoveLink(int parentAttributeId, int attributeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var link = db.AttributeLinks.FirstOrDefault(al => al.ParentAttributeId == parentAttributeId && al.AttributeId == attributeId);
if (link == null)
{
return;
}
db.AttributeLinks.Remove(link);
db.SaveChanges();
}
}
public Contracts.ProcessCategory.ProcessCategory Update(Contracts.ProcessCategory.UpdateProcessCategory updateProcessCategory)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var ProcessCategory = db.ProcessCategories.FirstOrDefault(a => a.ProcessCategoryId == updateProcessCategory.ProcessCategoryId);
if (ProcessCategory == null)
{
throw new RAAPNotFoundException("Item not found.");
}
ProcessCategory.ApplyUpdate(updateProcessCategory);
db.SaveChanges();
return(ProcessCategory.ToContract());
}
}
public static void CheckRiskTypes(CreateControl control, RAAPEntities db)
{
db.RiskTypes.ForEach((Database.RiskType riskType) =>
{
if (!control.Risks.Any(r => r.Type == riskType.RiskTypeId))
{
control.Risks.Add(new RiskReduce()
{
Type = riskType.RiskTypeId,
Name = riskType.Name,
});
}
}
);
}
public Contracts.Vulnerability.Vulnerability Create(Contracts.Vulnerability.CreateVulnerability createVulnerability)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Vulnerabilities.Any(a => a.Name == createVulnerability.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
var Vulnerability = createVulnerability.ToDataModel();
db.Vulnerabilities.Add(Vulnerability);
db.SaveChanges();
return(Vulnerability.ToContract());
}
}
public void DeleteRiskType(int riskTypeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var dbRiskType = db.RiskTypes.FirstOrDefault(r => r.RiskTypeId == riskTypeId);
if (dbRiskType == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.ControlRisks.RemoveRange(dbRiskType.ControlRisks.ToList());
db.ThreatRisks.RemoveRange(dbRiskType.ThreatRisks.ToList());
db.RiskTypes.Remove(dbRiskType);
db.SaveChanges();
}
}
public Contracts.ProcessCategory.ProcessCategory Create(Contracts.ProcessCategory.CreateProcessCategory createProcessCategory)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.ProcessCategories.Any(a => a.Name == createProcessCategory.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
var ProcessCategory = createProcessCategory.ToDataModel();
db.ProcessCategories.Add(ProcessCategory);
db.SaveChanges();
return(ProcessCategory.ToContract());
}
}
public Contracts.Control.Control Update(Contracts.Control.UpdateControl updateControl)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Controls.FirstOrDefault(a => a.ControlId == updateControl.ControlId);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateControl, db);
process.ApplyUpdate(updateControl, db);
db.SaveChanges();
return(process.ToContract(_userService));
}
}
public Contracts.Incident.Incident Create(Contracts.Incident.CreateIncident createIncident)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Incidents.Any(a => a.Name == createIncident.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
var process = createIncident.ToDataModel(db);
db.Incidents.Add(process);
db.SaveChanges();
return(process.ToContract());
}
}
public static void CheckRiskTypes(CreateAsset asset, RAAPEntities db)
{
db.RiskTypes.ForEach((Database.RiskType riskType) =>
{
if (!asset.Risks.Any(r => r.Type == riskType.RiskTypeId))
{
asset.Risks.Add(new Risk()
{
Type = riskType.RiskTypeId,
Name = riskType.Name,
});
}
}
);
asset.Threats.ForEach(t => CheckRiskTypes(t, db));
}
public static void CheckRiskTypes(CreateProcess process, RAAPEntities db)
{
db.RiskTypes.ForEach((Database.RiskType riskType) =>
{
if (!process.Risks.Any(r => r.Type == riskType.RiskTypeId))
{
process.Risks.Add(new Risk()
{
Type = riskType.RiskTypeId,
Name = riskType.Name,
});
}
}
);
process.Assets.ForEach(p => CheckRiskTypes(p, db));
}
public static void CheckRiskTypes(CreateThreat threat, RAAPEntities db)
{
db.RiskTypes.ForEach((Database.RiskType riskType) =>
{
if (!threat.Risks.Any(r => r.Type == riskType.RiskTypeId))
{
threat.Risks.Add(new Risk()
{
Type = riskType.RiskTypeId,
Name = riskType.Name,
});
}
}
);
threat.Controls.ForEach(c => CheckRiskTypes(c, db));
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var threat = db.Threats.FirstOrDefault(a => a.ThreatId == id);
if (threat == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.ThreatRisks.RemoveRange(threat.ThreatRisks.ToList());
db.HtmlComments.RemoveRange(threat.HtmlComments.ToList());
threat.Attributes.Clear();
db.Threats.Remove(threat);
db.SaveChanges();
}
}
public void AddLink(int parentAttributeId, int attributeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var exists = db.AttributeLinks.Any(al => al.ParentAttributeId == parentAttributeId && al.AttributeId == attributeId);
if (exists)
{
return;
}
db.AttributeLinks.Add(new AttributeLink {
AttributeId = attributeId, ParentAttributeId = parentAttributeId
});
db.SaveChanges();
}
}
public Contracts.Attribute.Attribute Update(UpdateAttribute update)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = db.Attributes.FirstOrDefault(a => a.AttributeId == update.AttributeId);
if (item == null)
{
throw new RAAPNotFoundException("Item not found.");
}
item.ApplyUpdate(update);
RemoveChildAttributes(db, item, update.ChildAttributes.ToArray());
AddNewChildAttributes(db, item, update.ChildAttributes.ToArray());
db.SaveChanges();
return(new Attribute());
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Processes.FirstOrDefault(a => a.ProcessId == id);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.HtmlComments.RemoveRange(process.HtmlComments.ToList());
db.ThreatRisks.RemoveRange(process.ThreatRisks.ToList());
db.Risks.RemoveRange(process.Risks.ToList());
process.Assets.Clear();
db.Processes.Remove(process);
db.SaveChanges();
}
}
public Contracts.Control.Control Create(Contracts.Control.CreateControl createControl)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Controls.Any(a => a.Name == createControl.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
RiskCalculator.CheckRiskTypes(createControl, db);
var process = createControl.ToDataModel(db);
db.Controls.Add(process);
db.SaveChanges();
return(process.ToContract(_userService));
}
}
public Contracts.Process.Process Update(Contracts.Process.UpdateProcess updateProcess)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Processes.FirstOrDefault(a => a.ProcessId == updateProcess.ProcessId);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateProcess, db);
process.ApplyUpdate(updateProcess, db);
RemoveUnusedAssets(process, updateProcess);
AddAssets(db, process, updateProcess.Assets);
RiskCalculator.CalculateRisk(process);
db.SaveChanges();
return(process.ToContract(_userService));
}
}
public void UpdateRiskType(Contracts.Risk.RiskType riskType)
{
if (string.IsNullOrWhiteSpace(riskType.Name))
{
throw new RAAPConflictException("Invalid/missing name");
}
using (var db = new RAAPEntities(GetConnectionString()))
{
var dbRiskType = db.RiskTypes.FirstOrDefault(r => r.RiskTypeId == riskType.RiskTypeId);
if (dbRiskType == null)
{
throw new RAAPNotFoundException("Item not found.");
}
dbRiskType.Name = riskType.Name;
dbRiskType.Description = riskType.Description;
db.SaveChanges();
}
}
public Contracts.Threat.Threat Create(Contracts.Threat.CreateThreat createThreat)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Threats.Any(a => a.Name == createThreat.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
RiskCalculator.CheckRiskTypes(createThreat, db);
RiskCalculator.CalculateRisk(createThreat);
var threat = createThreat.ToDataModel(db);
db.Threats.Add(threat);
AddControls(db, threat, createThreat.Controls);
db.SaveChanges();
return(threat.ToContract(_userService));
}
}
public void UpdateSoa(Contracts.Soa.Soa soa)
{
var types = soa.SoaChapters.Select(c => c.SoaType).Distinct();
if (types.Count() > 1)
{
throw new ArgumentException("Multiple SoA types", "SoaType");
}
var type = types.First();
var user = (ClaimsIdentity)HttpContext.Current.User.Identity;
var companyClaim = user.Claims.FirstOrDefault(c => c.Type == ClaimTypes.PrimaryGroupSid);
if (companyClaim != null)
{
var companyId = Convert.ToInt32(companyClaim.Value);
using (var db = new RAAPEntities(GetConnectionString()))
{
//Update settings
var settings = db.SoaSettings.FirstOrDefault(s => s.SoaType == type);
if (settings == null)
{
settings = new SoaSetting()
{
SoaType = type
};
db.SoaSettings.Add(settings);
}
settings.Relevant = soa.Enabled;
//Update existing
//Remove deleted
var dbSoas = db.Soas.Where(s => s.SoaType == type).ToDictionary(s => s.SoaId);
var soasLevel3 = soa.SoaChapters.SelectMany(s => s.SubChapters).SelectMany(s => s.SubChapters).ToList();
UpdateSoas(soasLevel3, dbSoas, db);
db.Soas.RemoveRange(dbSoas.Values);
soa.SoaChapters.Where(s => s.SoaId > 0).ForEach(s => dbSoas[s.SoaId].UpdateFrom(s, db));
//Add new
AddNewSoas(soasLevel3, companyId, db);
db.SaveChanges();
}
}
}
public Contracts.Threat.Threat Update(Contracts.Threat.UpdateThreat updateThreat)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var threat = db.Threats.Include("Controls").FirstOrDefault(a => a.ThreatId == updateThreat.ThreatId);
if (threat == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateThreat, db);
threat.ApplyUpdate(updateThreat, db);
RemoveUnusedControls(threat, updateThreat);
AddControls(db, threat, updateThreat.Controls);
RiskCalculator.ResetCalculatedRisk(threat);
RiskCalculator.CalculateRisk(threat);
db.SaveChanges();
return(threat.ToContract(_userService));
}
}
