public double Analyze([NotNull] IThreatModel model, Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, out IEnumerable <object> instances) { double result = 0.0; instances = null; List <object> items = new List <object>(); AnalyzeContainer(model, isFalsePositive, items); var entities = model.Entities?.ToArray(); if (entities?.Any() ?? false) { foreach (var entity in entities) { AnalyzeContainer(entity, isFalsePositive, items); } } var flows = model.DataFlows?.ToArray(); if (flows?.Any() ?? false) { foreach (var flow in flows) { AnalyzeContainer(flow, isFalsePositive, items); } } if (items.Any()) { result = items.Count; instances = items; } return(result); }
public void SetThreatModel(IThreatModel model) { try { if (model != null) { var schema = new DefinitionsPropertySchemaManager(model); var propertyType = schema.DefinitionsPropertyType; if (propertyType != null) { var property = model.GetProperty(propertyType) ?? model.AddProperty(propertyType, null); if (property is IPropertyJsonSerializableObject jsonProperty) { if (jsonProperty.Value is DefinitionContainer container) { _container = container; var definitions = container.Definitions?.ToArray(); if (definitions?.Any() ?? false) { foreach (var definition in definitions) { _data.Rows.Add(definition.Key, definition.Value); } } } else { _container = new DefinitionContainer(); jsonProperty.Value = _container; } } } } } finally { _loading = false; } }
public IEnumerable <ListItem> GetList(IThreatModel model) { IEnumerable <ListItem> result = null; var schema = new RoadmapPropertySchemaManager(model); var mitigations = model.GetUniqueMitigations()? .Where(x => schema.GetStatus(x) == RoadmapStatus.MidTerm) .OrderBy(x => x.Name) .ToArray(); if (mitigations?.Any() ?? false) { var list = new List <ListItem>(); foreach (var mitigation in mitigations) { var items = new List <ItemRow>(); var tems = model.GetThreatEventMitigations(mitigation)?.ToArray(); if (tems?.Any() ?? false) { items.Add(new TextRow("Control Type", mitigation.ControlType.GetEnumLabel())); items.Add(new TextRow("Description", mitigation.Description)); var itemRows = mitigation.GetItemRows()?.ToArray(); if (itemRows?.Any() ?? false) { items.AddRange(itemRows); } list.Add(new ListItem(mitigation.Name, mitigation.Id, items)); } } result = list; } return(result); }
public double Analyze([NotNull] IThreatModel model, Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, out IEnumerable <object> instances) { double result = 0.0; instances = null; var entities = model.Entities?.Where(x => !isFalsePositive(this, x)).ToArray(); if (entities?.Any() ?? false) { var flows = model.DataFlows?.ToArray(); if (flows?.Any() ?? false) { List <object> found = new List <object>(); foreach (var entity in entities) { if (!flows.Any(x => x.SourceId == entity.Id || x.TargetId == entity.Id)) { found.Add(entity); } } result = found.Count; instances = found; } else { if (entities.Any()) { instances = entities; } result = entities.Length; } } return(result); }
/// <summary> /// Creates a new Default Instance of the Threat Model. /// </summary> /// <returns>Threat Model created.</returns> public static IThreatModel GetDefaultInstance() { IThreatModel result = null; var type = Type.GetType("ThreatsManager.Engine.Manager, ThreatsManager.Engine", false); var property = type?.GetProperty("Instance"); if (property != null) { var instance = property.GetValue(null); result = type.InvokeMember("CreateNewThreatModel", BindingFlags.InvokeMethod, null, instance, new object[] { "Default Threat Model" }) as IThreatModel; if (result != null) { _instances.Add(result); type.GetMethod("RegisterEvents")?.Invoke(result, null); } } return(result); }
public IEnumerable <KeyValuePair <string, IPropertyType> > GetProperties([NotNull] IThreatModel model) { IEnumerable <KeyValuePair <string, IPropertyType> > result = null; var processes = model.Entities?.OfType <IProcess>().OrderBy(x => x.Name).ToArray(); if (processes?.Any() ?? false) { var dict = new Dictionary <string, IPropertyType>(); foreach (var process in processes) { var properties = process.Properties? .Where(x => !(x.PropertyType?.DoNotPrint ?? true)) .Select(x => x.PropertyType) .ToArray(); if (properties?.Any() ?? false) { foreach (var property in properties) { if (!dict.ContainsKey(property.Name)) { dict.Add(property.Name, property); } } } } result = dict .OrderBy(x => model.GetSchema(x.Value.SchemaId).Priority) .ThenBy(x => model.GetSchema(x.Value.SchemaId).Namespace) .ThenBy(x => model.GetSchema(x.Value.SchemaId).Name) .ThenBy(x => x.Value.Priority) .ToArray(); } return(result); }
public IEnumerable <ChartItem> GetChart([NotNull] IThreatModel model) { IEnumerable <ChartItem> result = null; var mitigations = model.Mitigations?.ToArray(); if (mitigations?.Any() ?? false) { var selectedMitigations = new List <Guid>(); UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm); var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model); var projected = schemaManager.SelectedEstimator?.GetProjectedThreatTypesResidualRisk(model, selectedMitigations); if (projected?.Any() ?? false) { result = GetChart(model, projected); } } return(result); }
private IEntity GetEntity([Required] string msEntityId, [NotNull] IThreatModel model, [NotNull] ObjectPropertySchemaManager schemaManager) { IEntity result = null; var entities = model.Entities?.ToArray(); if (entities != null) { foreach (var entity in entities) { var id = schemaManager.GetInstanceId(entity); if (string.CompareOrdinal(id, msEntityId) == 0) { result = entity; break; } } } return(result); }
public static SelectionRule GetRule(this IPropertiesContainer container, IThreatModel model = null) { SelectionRule result = null; if (model == null && container is IThreatModelChild child) { model = child.Model; } if (model != null) { var schemaManager = new AutoGenRulesPropertySchemaManager(model); var propertyType = schemaManager.GetPropertyType(); if (container.HasProperty(propertyType)) { if (container.GetProperty(propertyType) is IPropertyJsonSerializableObject jsonSerializableObject) { result = jsonSerializableObject.Value as SelectionRule; } } else { var oldSchema = model.GetSchema(OldSchemaName, Properties.Resources.DefaultNamespace); var oldPropertyType = oldSchema?.GetPropertyType(OldPropertyName); if (oldPropertyType != null) { if (container.GetProperty(oldPropertyType) is IPropertyJsonSerializableObject jsonSerializableObject) { result = jsonSerializableObject.Value as SelectionRule; container.AddProperty(propertyType, jsonSerializableObject.StringValue); container.RemoveProperty(oldPropertyType); } } } } return(result); }
private void AddEntityTemplates([NotNull] List <ListItem> list, [NotNull] IThreatModel model, EntityType entityType) { var entities = model.EntityTemplates? .Where(x => x.EntityType == entityType) .OrderBy(x => x.Name).ToArray(); if (entities?.Any() ?? false) { foreach (var entity in entities) { List <ItemRow> items = new List <ItemRow>(); items.Add(new TextRow("Description", entity.Description)); items.Add(new TextRow("Item Type", entity.EntityType.GetEnumLabel())); var itemRows = entity.GetItemRows()?.ToArray(); if (itemRows?.Any() ?? false) { items.AddRange(itemRows); } list.Add(new ListItem(entity.Name, entity.Id, items)); } } }
private IDataFlow GetDataFlow([Required] string msDataFlowId, [NotNull] IThreatModel model, [NotNull] ObjectPropertySchemaManager schemaManager) { IDataFlow result = null; var dataFlows = model.DataFlows?.ToArray(); if (dataFlows != null) { foreach (var dataFlow in dataFlows) { var id = schemaManager.GetInstanceId(dataFlow); if (string.CompareOrdinal(id, msDataFlowId) == 0) { result = dataFlow; break; } } } return(result); }
private void _browse_Click(object sender, EventArgs e) { if (_openFile.ShowDialog(ActiveForm) == DialogResult.OK) { if (_template != null) { ThreatModelManager.Remove(_template.Id); } _schemas.Items.Clear(); _fileName.Text = _openFile.FileName; _template = TemplateManager.OpenTemplate(_fileName.Text); var schemas = _template?.Schemas?.OrderBy(x => x.Name).ToArray(); if (schemas?.Any() ?? false) { _schemas.Items.AddRange(schemas); } _ok.Enabled = IsValid(); } }
public IEnumerable <ListItem> GetList(IThreatModel model) { IEnumerable <ListItem> result = null; var flows = model.DataFlows?.OrderBy(x => x.Name).ToArray(); if (flows?.Any() ?? false) { var list = new List <ListItem>(); foreach (var flow in flows) { var items = new List <ItemRow>(); items.Add(new TextRow("Description", flow.Description)); if (flow.Source != null) { items.Add(new TextRow("Source", $"[{flow.Model.GetIdentityTypeInitial(flow.Source)}] {flow.Source.Name}", null, null, new [] { flow.SourceId })); } if (flow.Target != null) { items.Add(new TextRow("Target", $"[{flow.Model.GetIdentityTypeInitial(flow.Target)}] {flow.Target.Name}", null, null, new [] { flow.TargetId })); } items.Add(new TextRow("Flow Type", flow.FlowType.GetEnumLabel())); var itemRows = flow.GetItemRows()?.ToArray(); if (itemRows?.Any() ?? false) { items.AddRange(itemRows); } list.Add(new ListItem(flow.Name, flow.Id, items)); } result = list; } return(result); }
public TableItem GetTable([NotNull] IThreatModel model) { TableItem result = null; var threatEvents = model.GetThreatEvents()? .OrderByDescending(x => x.Severity, new SeverityComparer()) .ThenBy(x => x.Parent.Name) .ThenBy(x => x.Name) .ToArray(); if (threatEvents?.Any() ?? false) { result = new TableItem(Name, new[] { new TableColumn("Threat Event", 200), new TableColumn("Severity", 50), new TableColumn("Mitigations", 300) }, GetCells(threatEvents)); } return(result); }
public double Analyze([NotNull] IThreatModel model, Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, out IEnumerable <object> instances) { double result = 0.0; instances = null; var entities = model.Entities?.ToArray(); if (entities?.Any() ?? false) { var flows = model.DataFlows?.Where(x => !isFalsePositive(this, x)).ToArray(); if (flows?.Any() ?? false) { List <object> found = new List <object>(); foreach (var entity in entities) { var loopFlow = flows.FirstOrDefault(x => x.SourceId == entity.Id && flows.Any(y => y.SourceId == x.TargetId && y.TargetId == x.SourceId)); if (loopFlow != null) { found.Add(loopFlow); } } result = found.Count; if (found.Any()) { instances = found; } } } return(result); }
public double Analyze([NotNull] IThreatModel model, Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, out IEnumerable <object> instances) { double result = 0.0; instances = null; List <object> items = new List <object>(); if (!isFalsePositive(this, model) && ((model.ThreatEvents?.Count() ?? 0) == 1)) { items.Add(model); } var entities = model.Entities? .Where(x => !isFalsePositive(this, x) && ((x.ThreatEvents?.Count() ?? 0) == 1)).ToArray(); if (entities?.Any() ?? false) { items.AddRange(entities); } var flows = model.DataFlows? .Where(x => !isFalsePositive(this, x) && ((x.ThreatEvents?.Count() ?? 0) == 1)).ToArray(); if (flows?.Any() ?? false) { items.AddRange(flows); } if (items.Any()) { result = items.Count; instances = items; } return(result); }
public double Analyze(IThreatModel model, Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, out IEnumerable <object> instances) { double result = 0.0; instances = null; var found = new List <IIdentity>(); var entities = model.Entities?.Where(x => !isFalsePositive(this, x)).ToArray(); if (entities?.Any() ?? false) { foreach (var entity in entities) { if (string.IsNullOrWhiteSpace(entity.Name)) { found.Add(entity); } } } var flows = model.DataFlows?.Where(x => !isFalsePositive(this, x)).ToArray(); if (flows?.Any() ?? false) { foreach (var flow in flows) { if (string.IsNullOrWhiteSpace(flow.Name)) { found.Add(flow); } } } result = found.Count; instances = found; return(result); }
public bool GetThresholds([NotNull] IThreatModel model, Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, out double minRed, out double maxRed, out double minYellow, out double maxYellow, out double minGreen, out double maxGreen) { bool result = false; minRed = 0; maxRed = 0; minYellow = double.NaN; maxYellow = double.NaN; minGreen = 0; maxGreen = 0; var count = (model.Entities?.Select(x => x.ThreatEvents? .Where(y => !isFalsePositive(this, y)).Count() ?? 0).Sum() ?? 0) + (model.DataFlows?.Select(x => x.ThreatEvents? .Where(y => !isFalsePositive(this, y)).Count() ?? 0).Sum() ?? 0) + (model.ThreatEvents?.Where(x => !isFalsePositive(this, x)).Count() ?? 0); if (count > 0) { minGreen = 0; maxGreen = 0.49; minRed = 0.51; maxRed = 1; result = true; } else { minGreen = 0; maxGreen = 1; minRed = double.NaN; maxRed = double.NaN; } return(result); }
public void Initialize([NotNull] IThreatModel model) { if (_model != null) { Dispose(); } _model = model; _model.ChildCreated += ChildCreated; _model.ChildRemoved += ChildRemoved; var threats = _model.ThreatTypes?.ToArray(); if (threats?.Any() ?? false) { foreach (var threat in threats) { threat.ThreatTypeMitigationAdded += Update; threat.ThreatTypeMitigationRemoved += Update; } } }
private void ImportBaseFlowTemplates([NotNull] ThreatModel source, [NotNull] IThreatModel target) { var connectors = source.FlowTypes? .Where(x => x.IsGeneric) .ToArray(); if (connectors?.Any() ?? false) { var schema = new BaseFlowPropertySchemaManager(target).GetSchema(); if (!(schema.PropertyTypes?.Any(x => string.CompareOrdinal("Out of Scope", x.Name) == 0) ?? false)) { var outOfScope = schema.AddPropertyType("Out of Scope", PropertyValueType.Boolean); if (outOfScope != null) { outOfScope.Priority = -2; } } if (!(schema.PropertyTypes?.Any(x => string.CompareOrdinal("Reason For Out Of Scope", x.Name) == 0) ?? false)) { var reasonOutOfScope = schema.AddPropertyType("Reason For Out Of Scope", PropertyValueType.String); if (reasonOutOfScope != null) { reasonOutOfScope.Priority = -1; } } foreach (var connector in connectors) { AddProperties(schema, null, connector.Properties?.ToArray()); } } }
private bool UpdateFlows([NotNull] IThreatModel model, [Required] string oldName, [Required] string oldNamespace, string oldPropertyName, [Required] string newName, [Required] string newNamespace, string newPropertyName, [NotNull] IPropertyType propertyType) { bool result = false; var flows = model.DataFlows?.ToArray(); if (flows?.Any() ?? false) { foreach (var flow in flows) { if (flow.GetProperty(propertyType) is IPropertyJsonSerializableObject property) { if (property.Value is SelectionRule selectionRule) { if (string.IsNullOrWhiteSpace(oldPropertyName)) { result |= selectionRule.Root?.UpdateSchema(oldName, oldNamespace, newName, newNamespace) ?? false; } else { result |= selectionRule.Root?.UpdatePropertyType(oldName, oldNamespace, oldPropertyName, newPropertyName) ?? false; } var threatEvents = flow.ThreatEvents?.ToArray(); if (threatEvents?.Any() ?? false) { result |= UpdateThreatEvents(threatEvents, oldName, oldNamespace, oldPropertyName, newName, newNamespace, newPropertyName, propertyType); } } } } } return(result); }
private IProperty InternalAddProperty(IThreatModel model, IPropertyType propertyType, string value) { IProperty result = null; var associatedClass = propertyType.GetType().GetCustomAttributes <AssociatedPropertyClassAttribute>() .FirstOrDefault(); if (associatedClass != null) { var associatedClassType = Type.GetType(associatedClass.AssociatedType, false); if (associatedClassType != null) { result = Activator.CreateInstance(associatedClassType, model, propertyType) as IProperty; } } if (result != null) { if (_properties == null) { _properties = new List <IProperty>(); } result.StringValue = value; _properties.Add(result); if (Instance is IDirty dirtyObject) { dirtyObject.SetDirty(); } if (Instance is IPropertiesContainer container) { _propertyAdded?.Invoke(container, result); } result.Changed += OnPropertyChanged; } return(result); }
public void SetObject([NotNull] IThreatModel model, [NotNull] object obj) { if (obj is IIdentity identity) { _objectContainer.Text = model.GetIdentityTypeName(identity); _objectName.Text = " " + identity.Name; _objectName.Image = identity.GetImage(ImageSize.Small); } else if (obj is IThreatEventMitigation threatEventMitigation) { _objectContainer.Text = "Threat Event Mitigation"; _objectName.Text = " " + $"Mitigation '{threatEventMitigation.Mitigation.Name}' for '{threatEventMitigation.ThreatEvent.Name}' on '{threatEventMitigation.ThreatEvent.Parent.Name}"; _objectName.Image = Icons.Resources.mitigations_small; } else if (obj is IThreatTypeMitigation threatTypeMitigation) { _objectContainer.Text = "Threat Type Mitigation"; _objectName.Text = " " + $"Mitigation '{threatTypeMitigation.Mitigation.Name}' for '{threatTypeMitigation.ThreatType.Name}'"; _objectName.Image = Icons.Resources.standard_mitigations_small; } }
public bool IsVisible(object item) { bool result = false; IThreatModel model = null; if (item is IThreatModelChild child) { model = child.Model; } else if (item is IThreatModel threatModel) { model = threatModel; } if (model != null && item is IPropertiesContainer container) { var schemaManager = new AnnotationsPropertySchemaManager(model); result = !schemaManager.AreAnnotationsEnabled(container); } return(result); }
public void Execute([NotNull] IThreatModel model) { var schemaManager = new DevOpsConfigPropertySchemaManager(model); var iteration = schemaManager.CurrentIteration ?? schemaManager.PreviousIteration; if (iteration != null) { var extensionId = ExtensionUtils.GetExtensionByLabel <IConfigurationPanelFactory <Form> >( "Extensions Configuration Panel")?.GetExtensionId(); if (extensionId != null) { var normalizationReference = model.GetExtensionConfiguration(extensionId)? .GlobalGet <int>("normalization") ?? 0; var risk = model.EvaluateRisk(normalizationReference); if (risk > 0f) { schemaManager.SetIterationRisk(iteration, risk); } } } }
public IEnumerable <ChartItem> GetChart([NotNull] IThreatModel model) { IEnumerable <ChartItem> result = null; var severities = model.Severities? .Where(x => x.Visible && x.Id > 0) .OrderByDescending(x => x.Id).ToArray() .ToArray(); if (severities?.Any() ?? false) { var list = new List <ChartItem>(); foreach (var severity in severities) { list.Add(new ChartItem(severity.Name, model.CountThreatEventsByType(severity), severity.BackColor)); } result = list; } return(result); }
/// <summary> /// Serializes a Threat Model as Json. /// </summary> /// <param name="model">Threat Model to be serialized.</param> /// <returns>Serialized Json of the Threat Model, as byte array.</returns> public static byte[] Serialize([NotNull] IThreatModel model) { StringBuilder sb = new StringBuilder(); StringWriter sw = new StringWriter(sb); using (JsonWriter writer = new JsonTextWriter(sw)) { var serializer = new JsonSerializer { TypeNameHandling = TypeNameHandling.All, MaxDepth = 128, Formatting = Formatting.Indented }; serializer.Serialize(writer, model); } var buf = Encoding.Unicode.GetBytes(sb.ToString()); var result = new byte[buf.Length + 2]; result[0] = 0xFF; result[1] = 0xFE; buf.CopyTo(result, 2); return(result); }
public void ExecuteRibbonAction(IThreatModel threatModel, IActionDefinition action) { try { switch (action.Name) { case "ImportAzure": threatModel.AddEntity <IProcess>("Azure Function"); threatModel.AddEntity <IProcess>("Azure ML"); threatModel.AddEntity <IDataStore>("Azure SQL"); threatModel.AddEntity <IDataStore>("Azure Storage Blob"); ShowMessage?.Invoke("Import Azure Subscription succeeded."); break; } } catch { ShowWarning?.Invoke("Import Azure Subscription failed."); } }
private int ImportDataFlows([NotNull] ThreatModel source, [NotNull] IThreatModel target) { int result = 0; var flows = source.Flows; if (flows?.Any() ?? false) { var entitiesSchemaManager = new EntitiesPropertySchemaManager(target); var dataFlowsSchemaManager = new DataFlowsPropertySchemaManager(target); var schema = dataFlowsSchemaManager.GetSchema(); foreach (var flow in flows) { var sourceEntity = GetEntity(flow.SourceGuid.ToString(), target, entitiesSchemaManager); var targetEntity = GetEntity(flow.TargetGuid.ToString(), target, entitiesSchemaManager); if (sourceEntity != null && targetEntity != null) { var dataFlow = target.AddDataFlow(flow.Name, sourceEntity.Id, targetEntity.Id); if (dataFlow != null) { dataFlowsSchemaManager.SetMsTmtDataFlowId(dataFlow, flow.FlowId.ToString()); var properties = flow.Properties?.ToArray(); AddProperties(schema, dataFlow, properties); } IDiagram diagram = target.Diagrams?.FirstOrDefault(x => string.CompareOrdinal(x.Name, flow.PageName) == 0); diagram?.AddLink(dataFlow); result++; } } } return(result); }
public static bool GenerateThreatEvents(this IThreatModel model) { bool result = false; var schemaManager = new AutoThreatGenPropertySchemaManager(model); var propertyType = schemaManager.GetPropertyType(); if (propertyType is IJsonSerializableObjectPropertyType jsonPropertyType) { var threatTypes = model.ThreatTypes?.Where(x => x.HasProperty(jsonPropertyType)).ToArray(); if (threatTypes?.Any() ?? false) { ApplyThreatTypes(model, threatTypes, jsonPropertyType); var entities = model.Entities?.ToArray(); if (entities?.Any() ?? false) { foreach (var entity in entities) { ApplyThreatTypes(entity, threatTypes, jsonPropertyType); } } var dataFlows = model.DataFlows?.ToArray(); if (dataFlows?.Any() ?? false) { foreach (var dataFlow in dataFlows) { ApplyThreatTypes(dataFlow, threatTypes, jsonPropertyType); } } result = true; } } return(result); }