Exemple #1
0
        private static bool ApplyThreatType([NotNull] IIdentity identity, [NotNull] ThreatTypeInfo tti,
                                            [NotNull] AutoGenRulesPropertySchemaManager schemaManager)
        {
            bool result = false;

            if (tti.Rule.Evaluate(identity) && identity is IThreatEventsContainer container)
            {
                var threatEvent = container.AddThreatEvent(tti.ThreatType);
                if (threatEvent == null)
                {
                    threatEvent = container.ThreatEvents.FirstOrDefault(x => x.ThreatTypeId == tti.ThreatType.Id);
                }
                else
                {
                    result = true;
                }

                if (threatEvent != null)
                {
                    result |= threatEvent.ApplyMitigations(tti.TopOnly, schemaManager);
                }
            }

            return(result);
        }
Exemple #2
0
        public static bool HasTop(this IThreatModel model, AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            bool result = false;

            if (schemaManager == null)
            {
                schemaManager = new AutoGenRulesPropertySchemaManager(model);
            }

            var threatTypes = model.ThreatTypes?.Where(x => schemaManager.IsTop(x)).ToArray();

            if (threatTypes?.Any() ?? false)
            {
                foreach (var threatType in threatTypes)
                {
                    if (threatType.Mitigations?.Any(x => schemaManager.IsTop(x)) ?? false)
                    {
                        result = true;
                        break;
                    }
                }
            }

            return(result);
        }
Exemple #3
0
        private static IEnumerable <ThreatTypeInfo> GetThreatTypesWithRules(
            [NotNull] IThreatModel model, bool topOnly, [NotNull] AutoGenRulesPropertySchemaManager schemaManager)
        {
            IEnumerable <ThreatTypeInfo> result = null;

            var threatTypes = model.ThreatTypes?
                              .Where(x => !topOnly || schemaManager.IsTop(x))
                              .ToArray();

            if (threatTypes?.Any() ?? false)
            {
                List <ThreatTypeInfo> list = null;

                foreach (var threatType in threatTypes)
                {
                    var rule = GetRule(threatType);
                    if (rule != null)
                    {
                        if (list == null)
                        {
                            list = new List <ThreatTypeInfo>();
                        }
                        list.Add(new ThreatTypeInfo(threatType, rule, topOnly));
                    }
                }

                result = list?.AsReadOnly();
            }
            return(result);
        }
Exemple #4
0
        private bool ApplyGenRule([NotNull] IPropertiesContainer container, string value)
        {
            var result = false;

            if (container is IThreatModelChild child)
            {
                var propertyType = new AutoGenRulesPropertySchemaManager(child.Model).GetPropertyType();
                if (propertyType != null)
                {
                    var property = container.GetProperty(propertyType);
                    if (property != null)
                    {
                        property.StringValue = value;
                    }
                    else
                    {
                        container.AddProperty(propertyType, value);
                    }

                    result = true;
                }
            }

            return(result);
        }
Exemple #5
0
        public static bool HasTop(this IThreatTypeMitigation mitigation, AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            if (schemaManager == null)
            {
                schemaManager = new AutoGenRulesPropertySchemaManager(mitigation.Model);
            }

            return(schemaManager.IsTop(mitigation));
        }
Exemple #6
0
        public static void SetTop(this IPropertiesContainer container, bool top,
                                  AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            if (container is IThreatModelChild child && (container is IThreatType || container is IThreatTypeMitigation))
            {
                if (schemaManager == null)
                {
                    schemaManager = new AutoGenRulesPropertySchemaManager(child.Model);
                }

                schemaManager.SetTop(container, top);
            }
        }
        public IEnumerable <KeyValuePair <string, IPropertyType> > GetProperties([NotNull] IThreatModel model)
        {
            IEnumerable <KeyValuePair <string, IPropertyType> > result = null;

            var schemaManager = new AutoGenRulesPropertySchemaManager(model);
            var mitigations   = model.Mitigations?
                                .Where(x => model.GetThreatTypeMitigations(x)?.Any(y => y.HasTop(schemaManager)) ?? false)
                                .OrderBy(x => x.Name)
                                .ToArray();

            if (mitigations?.Any() ?? false)
            {
                var dict = new Dictionary <string, IPropertyType>();

                foreach (var mitigation in mitigations)
                {
                    var properties = mitigation.Properties?
                                     .Where(x => !(x.PropertyType?.DoNotPrint ?? true) &&
                                            model.GetSchema(x.PropertyType.SchemaId) is IPropertySchema schema &&
                                            (string.CompareOrdinal(schema.Namespace, SchemaNamespace) != 0 ||
                                             string.CompareOrdinal(schema.Name, SchemaName) != 0 ||
                                             string.CompareOrdinal(x.PropertyType.Name, PropertyName) != 0))
                                     .Select(x => x.PropertyType)
                                     .ToArray();

                    if (properties?.Any() ?? false)
                    {
                        foreach (var property in properties)
                        {
                            if (!dict.ContainsKey(property.Name))
                            {
                                dict.Add(property.Name, property);
                            }
                        }
                    }
                }

                result = dict
                         .OrderBy(x => model.GetSchema(x.Value.SchemaId).Priority)
                         .ThenBy(x => x.Value.Priority)
                         .ToArray();
            }

            return(result);
        }
Exemple #8
0
        public static void SetRule(this IPropertiesContainer container, SelectionRule rule, IThreatModel model = null)
        {
            if (model == null && container is IThreatModelChild child)
            {
                model = child.Model;
            }

            if (model != null)
            {
                var schemaManager = new AutoGenRulesPropertySchemaManager(model);
                var propertyType  = schemaManager.GetPropertyType();
                var property      = container.GetProperty(propertyType) ?? container.AddProperty(propertyType, null);
                if (property is IPropertyJsonSerializableObject jsonSerializableObject)
                {
                    jsonSerializableObject.Value = rule;
                }
            }
        }
        private bool Execute([NotNull] IPropertiesContainer container)
        {
            var result = false;

            if (container is IThreatModelChild child)
            {
                var propertyType = new AutoGenRulesPropertySchemaManager(child.Model).GetPropertyType();
                if (propertyType != null)
                {
                    DataObject dataObject = new DataObject();
                    dataObject.SetData("AutoGenRule", container.GetProperty(propertyType)?.StringValue ?? string.Empty);
                    Clipboard.SetDataObject(dataObject);
                    result = true;
                }
            }

            return(result);
        }
Exemple #10
0
        public static bool HasTop(this IThreatType threatType, AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            bool result = false;

            if (schemaManager == null)
            {
                schemaManager = new AutoGenRulesPropertySchemaManager(threatType.Model);
            }

            if (schemaManager.IsTop(threatType))
            {
                if (threatType.Mitigations?.Any(x => schemaManager.IsTop(x)) ?? false)
                {
                    result = true;
                }
            }

            return(result);
        }
Exemple #11
0
        public static bool GenerateThreatEvents(this IDataFlow flow, bool topOnly, AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            bool result = false;

            if (flow.Model is IThreatModel model)
            {
                if (schemaManager == null)
                {
                    schemaManager = new AutoGenRulesPropertySchemaManager(model);
                }
                var threatTypesWithRules = GetThreatTypesWithRules(model, topOnly, schemaManager)?.ToArray();
                if (threatTypesWithRules?.Any() ?? false)
                {
                    ApplyThreatTypes(flow, threatTypesWithRules, schemaManager);
                    result = true;
                }
            }

            return(result);
        }
Exemple #12
0
        public static SelectionRule GetRule(this IPropertiesContainer container, IThreatModel model = null)
        {
            SelectionRule result = null;

            if (model == null && container is IThreatModelChild child)
            {
                model = child.Model;
            }

            if (model != null)
            {
                var schemaManager = new AutoGenRulesPropertySchemaManager(model);
                var propertyType  = schemaManager.GetPropertyType();
                if (container.HasProperty(propertyType))
                {
                    if (container.GetProperty(propertyType) is IPropertyJsonSerializableObject jsonSerializableObject)
                    {
                        result = jsonSerializableObject.Value as SelectionRule;
                    }
                }
                else
                {
                    var oldSchema       = model.GetSchema(OldSchemaName, Properties.Resources.DefaultNamespace);
                    var oldPropertyType = oldSchema?.GetPropertyType(OldPropertyName);
                    if (oldPropertyType != null)
                    {
                        if (container.GetProperty(oldPropertyType) is IPropertyJsonSerializableObject
                            jsonSerializableObject)
                        {
                            result = jsonSerializableObject.Value as SelectionRule;
                            container.AddProperty(propertyType, jsonSerializableObject.StringValue);
                            container.RemoveProperty(oldPropertyType);
                        }
                    }
                }
            }

            return(result);
        }
Exemple #13
0
        public static bool GenerateThreatEvents(this IThreatModel model, bool topOnly, AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            var result = false;

            if (schemaManager == null)
            {
                schemaManager = new AutoGenRulesPropertySchemaManager(model);
            }
            var threatTypesWithRules = GetThreatTypesWithRules(model, topOnly, schemaManager)?.ToArray();

            if (threatTypesWithRules?.Any() ?? false)
            {
                ApplyThreatTypes(model, threatTypesWithRules, schemaManager);

                var entities = model.Entities?.ToArray();
                if (entities?.Any() ?? false)
                {
                    foreach (var entity in entities)
                    {
                        ApplyThreatTypes(entity, threatTypesWithRules, schemaManager);
                    }
                }
                var dataFlows = model.DataFlows?.ToArray();
                if (dataFlows?.Any() ?? false)
                {
                    foreach (var dataFlow in dataFlows)
                    {
                        ApplyThreatTypes(dataFlow, threatTypesWithRules, schemaManager);
                    }
                }

                result = true;
            }

            return(result);
        }
Exemple #14
0
        private static bool ApplyThreatTypes([NotNull] IIdentity identity,
                                             [NotNull] IEnumerable <ThreatTypeInfo> threatTypesWithRules, [NotNull] AutoGenRulesPropertySchemaManager schemaManager)
        {
            bool result = false;

            foreach (var threatTypeWithRule in threatTypesWithRules)
            {
                result |= ApplyThreatType(identity, threatTypeWithRule, schemaManager);
            }

            return(result);
        }
        public IEnumerable <KeyValuePair <string, IEnumerable <ListItem> > > GetList(IThreatModel model)
        {
            IEnumerable <KeyValuePair <string, IEnumerable <ListItem> > > result = null;

            var schemaManager = new AutoGenRulesPropertySchemaManager(model);
            var mitigations   = model.Mitigations?
                                .Where(x => model.GetThreatTypeMitigations(x)?.Any(y => y.HasTop(schemaManager)) ?? false)
                                .OrderBy(x => x.Name)
                                .ToArray();

            if ((mitigations?.Any() ?? false) && !string.IsNullOrWhiteSpace(SchemaNamespace) &&
                !string.IsNullOrWhiteSpace(SchemaName) && !string.IsNullOrWhiteSpace(PropertyName))
            {
                var list = new List <KeyValuePair <string, IEnumerable <ListItem> > >();

                var propertyType = model.GetSchema(SchemaName, SchemaNamespace)?.GetPropertyType(PropertyName);
                if (propertyType != null)
                {
                    var possibleValues = mitigations
                                         .Where(x => x.HasProperty(propertyType))
                                         .Select(x => x.GetProperty(propertyType)?.StringValue)
                                         .OrderBy(x => x)
                                         .Distinct()
                                         .ToArray();

                    if (possibleValues.Any())
                    {
                        foreach (var possibleValue in possibleValues)
                        {
                            if (!string.IsNullOrWhiteSpace(possibleValue))
                            {
                                var selectedMitigations = mitigations
                                                          .Where(x => x.HasProperty(propertyType) &&
                                                                 string.CompareOrdinal(x.GetProperty(propertyType).StringValue,
                                                                                       possibleValue) == 0)
                                                          .ToArray();

                                var listItems = GetListItems(model, selectedMitigations)?.ToArray();
                                if (listItems?.Any() ?? false)
                                {
                                    list.Add(new KeyValuePair <string, IEnumerable <ListItem> >(possibleValue, listItems));
                                }
                            }
                        }
                    }

                    var remainingMitigations = mitigations
                                               .Where(x => !x.HasProperty(propertyType) || string.IsNullOrWhiteSpace(x.GetProperty(propertyType)?.StringValue))
                                               .ToArray();
                    var remainingListItems = GetListItems(model, remainingMitigations)?.ToArray();
                    if (remainingListItems?.Any() ?? false)
                    {
                        list.Add(new KeyValuePair <string, IEnumerable <ListItem> >("<undefined>", remainingListItems));
                    }
                }

                result = list;
            }

            return(result);
        }
Exemple #16
0
        public static bool ApplyMitigations(this IThreatEvent threatEvent, bool topOnly, AutoGenRulesPropertySchemaManager schemaManager = null)
        {
            bool result = false;

            if (threatEvent.ThreatType is IThreatType threatType &&
                threatEvent.Model is IThreatModel model &&
                threatEvent.Parent is IIdentity identity)
            {
                if (schemaManager == null)
                {
                    schemaManager = new AutoGenRulesPropertySchemaManager(model);
                }

                var mitigations = threatType.Mitigations?
                                  .Where(x => !topOnly || schemaManager.IsTop(x))
                                  .ToArray();
                if (mitigations?.Any() ?? false)
                {
                    ISeverity maximumSeverity = null;

                    foreach (var mitigation in mitigations)
                    {
                        var rule = GetRule(mitigation);
                        if (rule?.Evaluate(identity) ?? false)
                        {
                            var strength = mitigation.Strength;

                            if (rule is MitigationSelectionRule mitigationRule)
                            {
                                if (mitigationRule.StrengthId.HasValue &&
                                    model.GetStrength(mitigationRule.StrengthId.Value) is IStrength strengthOverride)
                                {
                                    strength = strengthOverride;
                                }

                                var status    = mitigationRule.Status ?? MitigationStatus.Undefined;
                                var generated = (threatEvent.AddMitigation(mitigation.Mitigation, strength, status) != null);
                                result |= generated;

                                if (generated && mitigationRule.SeverityId.HasValue &&
                                    model.GetSeverity(mitigationRule.SeverityId.Value) is ISeverity severity &&
                                    (maximumSeverity == null || maximumSeverity.Id > severity.Id))
                                {
                                    maximumSeverity = severity;
                                }
                            }
                            else
                            {
                                result |= (threatEvent.AddMitigation(mitigation.Mitigation, strength, MitigationStatus.Undefined) != null);
                            }
                        }
                    }

                    if (maximumSeverity != null && maximumSeverity.Id < threatEvent.SeverityId)
                    {
                        threatEvent.Severity = maximumSeverity;
                    }
                }
            }

            return(result);
        }
Exemple #17
0
 public static bool HasTop(this IThreatEvent threatEvent, AutoGenRulesPropertySchemaManager schemaManager = null)
 {
     return(threatEvent?.ThreatType?.HasTop(schemaManager) ?? false);
 }