private void AddItem([NotNull] IQualityAnalyzer analyzer,
[NotNull] IPropertiesContainer container,
[NotNull] IPropertyType propertyType)
{
var property = container.GetProperty(propertyType) as IPropertyJsonSerializableObject;
if (property != null)
{
var list = property.Value as FalsePositiveList;
var finding = list?.FalsePositives.FirstOrDefault(x =>
string.CompareOrdinal(x.QualityInitializerId, analyzer.GetExtensionId()) == 0);
if (finding != null)
{
_falsePositives.PrimaryGrid.Rows.Add(new GridRow(container.ToString(), finding.Reason, finding.Author, finding.Timestamp)
{
Tag = container
});
}
}
if (container is IThreatEventsContainer threatEventsContainer)
{
var threatEvents = threatEventsContainer.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var te in threatEvents)
{
AddItem(analyzer, te, propertyType);
}
}
}
}
private bool HasFalsePositives([NotNull] IQualityAnalyzer analyzer,
[NotNull] IPropertyType propertyType)
{
return(HasFalsePositives(analyzer, _model, propertyType) ||
HasFalsePositives(analyzer, _model.Entities, propertyType) ||
HasFalsePositives(analyzer, _model.DataFlows, propertyType) ||
HasFalsePositives(analyzer, _model.Groups, propertyType) ||
HasFalsePositives(analyzer, _model.Diagrams, propertyType));
}
public static bool IsFalsePositive([NotNull] IQualityAnalyzer qualityAnalyzer, [NotNull] IPropertiesContainer container)
{
bool result = false;
if (container is IThreatModelChild threatModelChild &&
threatModelChild.Model != null)
{
result = new QualityPropertySchemaManager(threatModelChild.Model).IsFalsePositive(container, qualityAnalyzer);
}
return(result);
}
private void AddItems([NotNull] IQualityAnalyzer analyzer,
IEnumerable <IPropertiesContainer> containers,
[NotNull] IPropertyType propertyType)
{
if (containers?.Any() ?? false)
{
foreach (var container in containers)
{
AddItem(analyzer, container, propertyType);
}
}
}
private Bitmap GetBitmap([NotNull] IQualityAnalyzer analyzer)
{
Bitmap result = null;
var controls = _container.Controls.OfType <CheckPanel>().ToArray();
if (controls.Any())
{
foreach (var control in controls)
{
if (control.Id == analyzer.GetExtensionId())
{
result = control.GetGaugeBitmap();
}
}
}
return(result);
}
public string GetReason([NotNull] IPropertiesContainer container,
[NotNull] IQualityAnalyzer analyzer)
{
string result = null;
var propertyType = GetFalsePositivePropertyType();
if (propertyType != null)
{
var property = container.GetProperty(propertyType) as IPropertyJsonSerializableObject;
if (property?.Value is FalsePositiveList list)
{
result = list.FalsePositives?.FirstOrDefault(x =>
string.CompareOrdinal(x.QualityInitializerId, analyzer.GetExtensionId()) == 0)?.Reason;
}
}
return(result);
}
public void ResetFalsePositive([NotNull] IPropertiesContainer container,
[NotNull] IQualityAnalyzer analyzer)
{
var propertyType = GetFalsePositivePropertyType();
if (propertyType != null)
{
var property = container.GetProperty(propertyType) as IPropertyJsonSerializableObject;
if (property?.Value is FalsePositiveList list)
{
var item = list.FalsePositives?.FirstOrDefault(x =>
string.CompareOrdinal(x.QualityInitializerId, analyzer.GetExtensionId()) == 0);
if (item != null)
{
list.FalsePositives.Remove(item);
}
}
}
}
public bool IsFalsePositive([NotNull] IPropertiesContainer container,
[NotNull] IQualityAnalyzer qualityAnalyzer)
{
bool result = false;
var propertyType = GetFalsePositivePropertyType();
if (propertyType != null)
{
var property = container.GetProperty(propertyType) as IPropertyJsonSerializableObject;
if (property?.Value is FalsePositiveList list)
{
result = list.FalsePositives?
.Any(x =>
string.CompareOrdinal(x.QualityInitializerId, qualityAnalyzer.GetExtensionId()) == 0) ?? false;
}
}
return(result);
}
private bool HasFalsePositives([NotNull] IQualityAnalyzer analyzer,
IEnumerable <IPropertiesContainer> containers,
[NotNull] IPropertyType propertyType)
{
bool result = false;
if (containers?.Any() ?? false)
{
foreach (var container in containers)
{
if (HasFalsePositives(analyzer, container, propertyType))
{
result = true;
break;
}
}
}
return(result);
}
private void CreateOutcomePage([NotNull] ExcelReportEngine engine,
[NotNull] IQualityAnalyzer analyzer, [NotNull] QualityAnalyzerResult outcome)
{
var p = engine.AddPage(analyzer.Label);
engine.AddHeader(p, "Finding Type", "Finding Name", "Description");
var findings = outcome.Findings?.ToArray();
if (findings?.Any() ?? false)
{
string text;
foreach (var finding in findings)
{
if (finding is IIdentity identity)
{
if (identity is IDataFlow flow)
{
text = $"Flow from {_model.GetIdentityTypeName(flow.Source)} '{flow.Source.Name}' to {_model.GetIdentityTypeName(flow.Target)} '{flow.Target.Name}'.";
}
else if (identity is IThreatEvent threatEvent)
{
text = $"Threat Event applied to {_model.GetIdentityTypeName(threatEvent.Parent)} '{threatEvent.Parent.Name}'.";
}
else
{
text = null;
}
engine.AddRow(p,
_model.GetIdentityTypeName(identity),
identity.Name, text);
}
else
{
engine.AddRow(p, finding.GetType().Name, finding.ToString());
}
}
}
}
private bool HasFalsePositives([NotNull] IQualityAnalyzer analyzer,
[NotNull] IPropertiesContainer container,
[NotNull] IPropertyType propertyType)
{
bool result = false;
var property = container.GetProperty(propertyType) as IPropertyJsonSerializableObject;
if (property != null)
{
var list = property.Value as FalsePositiveList;
var finding = list?.FalsePositives.FirstOrDefault(x =>
string.CompareOrdinal(x.QualityInitializerId, analyzer.GetExtensionId()) == 0);
if (finding != null)
{
result = true;
}
}
if (!result && container is IThreatEventsContainer threatEventsContainer)
{
var threatEvents = threatEventsContainer.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var te in threatEvents)
{
if (HasFalsePositives(analyzer, te, propertyType))
{
result = true;
break;
}
}
}
}
return(result);
}
public CheckPanel([NotNull] IQualityAnalyzer analyzer) : this()
{
_header.Text = analyzer.Label;
_header.Tooltip = $"{analyzer.Description}\nFactor: {analyzer.MultiplicationFactor}";
Id = analyzer.GetExtensionId();
}
private void AddOutcomePage([NotNull] PdfDocument doc, [NotNull] PdfStandardFont font,
[NotNull] IQualityAnalyzer analyzer, [NotNull] QualityAnalyzerResult outcome)
{
var page = doc.Pages.Add();
var bitmap = GetBitmap(analyzer);
var textSize = WriteText(page, analyzer.Label, new PdfStandardFont(font, font.Size, PdfFontStyle.Bold), 0, 0);
textSize = WriteText(page, $"{outcome.Assessment.GetEnumLabel()}", font, 0, 0, null, true);
var gaugeImage = PdfImage.FromImage(bitmap);
page.Graphics.DrawImage(gaugeImage, new RectangleF(page.Graphics.ClientSize.Width - 150 - textSize.Width, -2, 150, 18));
var y = textSize.Height + 2;
textSize = WriteText(page, analyzer.Description, font, 0, y);
y += textSize.Height + 10;
page.Graphics.DrawLine(PdfPens.Black, 0, y, page.Graphics.ClientSize.Width, y);
y += 10;
var findings = outcome.Findings?.ToArray();
if (findings?.Any() ?? false)
{
PdfImage img;
string text;
foreach (var finding in findings)
{
if (y > page.Graphics.ClientSize.Height - textSize.Height * 5)
{
y = 0;
page = doc.Pages.Add();
}
text = null;
if (finding is IIdentity identity)
{
img = PdfImage.FromImage(identity.GetImage(ImageSize.Medium));
if (identity is IDataFlow flow)
{
text =
$"Flow from {_model.GetIdentityTypeName(flow.Source)} '{flow.Source.Name}' to {_model.GetIdentityTypeName(flow.Target)} '{flow.Target.Name}'.";
}
else if (identity is IThreatEvent threatEvent)
{
text =
$"Threat Event applied to {_model.GetIdentityTypeName(threatEvent.Parent)} '{threatEvent.Parent.Name}'.";
}
}
else
{
img = PdfImage.FromImage(Resources.undefined);
}
page.Graphics.DrawImage(img, new RectangleF(0, y, 16, 16));
textSize = WriteText(page, finding.ToString(), font, 18, y + 2);
if (text != null)
{
y += textSize.Height + 5;
textSize = WriteText(page, text, font, 18, y);
}
y += textSize.Height + 10;
}
}
else
{
WriteText(page, "--- The Analyzer has not identified any problem.", font, 0, y);
}
}
public void SetFalsePositive([NotNull] IPropertiesContainer container,
[NotNull] IQualityAnalyzer analyzer,
[Required] string reason)
{
SetFalsePositive(container, analyzer.GetExtensionId(), reason);
}
internal QualityAnalyzerResult([NotNull] IQualityAnalyzer analyzer,
Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive,
[NotNull] IThreatModel model)
{
Id = analyzer.GetExtensionId();
Value = analyzer.Analyze(model, isFalsePositive, out var findings);
Findings = findings?.ToArray();
OkByDefinition = !analyzer.GetThresholds(model, isFalsePositive,
out var minRed, out var maxRed,
out var minYellow, out var maxYellow,
out var minGreen, out var maxGreen);
MinRed = minRed;
MaxRed = maxRed;
MinYellow = minYellow;
MaxYellow = maxYellow;
MinGreen = minGreen;
MaxGreen = maxGreen;
double intermediateHealth;
if (OkByDefinition)
{
intermediateHealth = 2;
}
else
{
ProcessThresholds(minRed, maxRed, minYellow, maxYellow, minGreen, maxGreen,
out var redToGreen, out var min, out var intermediate1,
out var intermediate2, out var max);
if (redToGreen)
{
if (Value <= intermediate1)
{
intermediateHealth = 0;
Assessment = AssessmentOutcome.Poor;
}
else if (!Double.IsNaN(intermediate2) && Value <= intermediate2)
{
intermediateHealth = 1;
Assessment = AssessmentOutcome.Weak;
}
else
{
intermediateHealth = 2;
Assessment = AssessmentOutcome.Good;
}
}
else
{
if (Value < intermediate1)
{
intermediateHealth = 2;
Assessment = AssessmentOutcome.Good;
}
else if (!Double.IsNaN(intermediate2) && Value < intermediate2)
{
intermediateHealth = 1;
Assessment = AssessmentOutcome.Weak;
}
else
{
intermediateHealth = 0;
Assessment = AssessmentOutcome.Poor;
}
}
}
Health = intermediateHealth * analyzer.MultiplicationFactor;
}
