private static string ConcatenateMitigations(KeyValuePair <IThreatType, List <IThreatEvent> > threat,
List <object> values, MitigationStatus status)
{
string result = null;
var model = threat.Key?.Model;
if (model != null && (threat.Value?.Count ?? 0) > 0)
{
var builder = new StringBuilder();
foreach (var te in threat.Value)
{
var ms = te.Mitigations?.Where(x => x.Status == status).ToArray();
if (ms?.Any() ?? false)
{
foreach (var m in ms)
{
builder.AppendLine($"[{model.GetIdentityTypeInitial(m.ThreatEvent.Parent)}] {m.ThreatEvent.Parent}: {m.Mitigation.Name}");
}
}
}
result = builder.ToString();
}
return(result);
}
public IVulnerabilityMitigation AddMitigation(IMitigation mitigation, IStrength strength,
MitigationStatus status = MitigationStatus.Proposed, string directives = null)
{
if (mitigation == null)
{
throw new ArgumentNullException(nameof(mitigation));
}
IVulnerabilityMitigation result = null;
if (GetMitigation(mitigation.Id) == null && Instance is IVulnerability vulnerability)
{
result = new VulnerabilityMitigation(vulnerability, mitigation, strength)
{
Status = status, Directives = directives
};
if (_mitigations == null)
{
_mitigations = new List <IVulnerabilityMitigation>();
}
_mitigations.Add(result);
if (Instance is IDirty dirtyObject)
{
dirtyObject.SetDirty();
}
_vulnerabilityMitigationAdded?.Invoke(vulnerability, result);
}
return(result);
}
private void AddSlice(PieChart pieChart, IThreatModel model,
MitigationStatus status, int total, Color background)
{
var count = model.CountMitigationsByStatus(status);
if (count > 0)
{
var slice = pieChart.ChartSeries[0].SeriesPoints
.OfType <PieSeriesPoint>()
.FirstOrDefault(x => string.CompareOrdinal(x.Name, status.ToString()) == 0);
if (slice == null)
{
slice = new PieSeriesPoint()
{
Name = status.ToString(),
ValueX = status.GetEnumLabel(),
ValueY = new object[] { (object)count },
OuterSliceLabel = $"{count} ({((float) count * 100f / (float) total).ToString("F0")}%)",
InnerSliceLabel = ""
};
slice.SliceVisualStyles.Default.Background.Color1 = background;
slice.SliceVisualStyles.Default.SliceOuterLabelStyle.TextColor = Color.Black;
pieChart.ChartSeries[0].SeriesPoints.Add(slice);
}
else
{
slice.ValueY = new object[] { (object)count };
slice.OuterSliceLabel =
$"{count} ({((float) count * 100f / (float) total).ToString("F0")}%)";
}
}
}
protected override void MapToModel(RiskEntity source, Risk destination)
{
destination.Id = source.Id.ToString();
destination.EngagementId = source.EngagementId.ToString();
destination.Phase = source.Phase?.Name ?? "Unknown";
destination.PhaseId = source.PhaseId.ToString();
destination.ResourceId = source.ResourceId;
destination.GroupId = source.GroupId;
destination.RemediationStatus = MitigationStatus.LookupByValue(source.RemediationStatusId.GetValueOrDefault())?.Name;
destination.RemediationStatusId = source.RemediationStatusId.ToString();
destination.Name = Decrypt <string>(source.NameBytes);
destination.Description = Decrypt <string>(source.DescriptionBytes);
destination.InherentRisk = source.InheritScore?.ToString("N1");
destination.InherentSeverity = ThreatLevel.LookupByValue(source.InheritScore).Name;
destination.Likelihood = source.Likelihood?.ToString("N1");
destination.LikelihoodSeverity = ThreatLevel.LookupByValue(source.Likelihood).Name;
destination.Recommendation = Decrypt <string>(source.RecommendationBytes);
destination.RemediationResource = GetRemediationResource(source);
destination.MitigationDate = source.MitigatedDate?.ToString("M/d/yyyy");
destination.TargetRemediationDate = source.TargetRemediationDate?.ToString("M/d/yyyy");
destination.AffectedSystemsCount = source.AffectedSystems?.ToString();
destination.PossibleAffectedSystemsCount = source.PossibleAffectedSystems?.ToString();
destination.Effectiveness = source.Effectiveness?.ToString("N1");
destination.ControlEffectiveness = source.ControlEffectiveness?.ToString("N1");
destination.Impact = source.Impact?.ToString("N1");
destination.ImpactSeverity = ThreatLevel.LookupByValue(source.Impact).Name;
destination.References = Decrypt <string>(source.ReferencesBytes);
destination.RiskScore = source.FinalScore?.ToString("N1");
destination.ScoreSeverity = ThreatLevel.LookupByValue(source.FinalScore).Name;
}
public IThreatEventMitigation AddMitigation(IMitigation mitigation, IStrength strength,
MitigationStatus status = MitigationStatus.Proposed, string directives = null)
{
if (!(IsInitialized?.Get() ?? false))
{
return(null);
}
if (mitigation == null)
{
throw new ArgumentNullException(nameof(mitigation));
}
IThreatEventMitigation result = null;
if (GetMitigation(mitigation.Id) == null)
{
result = new ThreatEventMitigation(MySelf?.Get(), mitigation, strength);
result.Status = status;
result.Directives = directives;
if (_mitigations == null)
{
_mitigations = new List <IThreatEventMitigation>();
}
_mitigations.Add(result);
Dirty.IsDirty = true;
_threatEventMitigationAdded?.Invoke(MitigationsContainer?.Get(), result);
}
return(result);
}
private void _status_SelectedIndexChanged(object sender, EventArgs e)
{
if (_status.SelectedItem != null)
{
_mitigationStatus = ((string)_status.SelectedItem).GetEnumValue <MitigationStatus>();
_ok.Enabled = true;
}
else
{
_ok.Enabled = false;
}
}
private bool HasMitigations([NotNull] Dictionary <IThreatType, List <IThreatEvent> > threats,
MitigationStatus status)
{
bool result = false;
if (threats.Any())
{
foreach (var threat in threats)
{
var tes = threat.Value;
if (tes.Any())
{
foreach (var te in tes)
{
var mitigations = te.Mitigations?.ToArray();
if (mitigations?.Any() ?? false)
{
foreach (var mitigation in mitigations)
{
if (mitigation.Status == status)
{
result = true;
break;
}
}
if (result)
{
break;
}
}
}
if (result)
{
break;
}
}
}
}
return(result);
}
private IEnumerable <IThreatEventMitigation> GetMitigations(IEnumerable <IThreatEvent> threatEvents, MitigationStatus status)
{
IEnumerable <IThreatEventMitigation> result = null;
var list = threatEvents?.ToArray();
if (list?.Any() ?? false)
{
var mitigations = new List <IThreatEventMitigation>();
foreach (var item in list)
{
var ms = item.Mitigations?
.Where(x => x.Status == status)
.ToArray();
if (ms?.Any() ?? false)
{
mitigations.AddRange(ms);
}
}
result = mitigations
.OrderBy(x => x.ThreatEvent.Parent.Name)
.ThenBy(x => x.Mitigation.Name);
}
return(result);
}
private void Assign([NotNull] IMitigation mitigation, [NotNull] IStrength strength, MitigationStatus status = MitigationStatus.Undefined)
{
if (_threatType != null)
{
_threatType.AddMitigation(mitigation, strength);
}
else if (_threatEvent != null)
{
if (_standardMitigationsContainer.Visible && _standardMitigations.Checked &&
!(_threatEvent.ThreatType?.Mitigations?.Any(x => x.MitigationId == mitigation.Id) ?? false))
{
_threatEvent.ThreatType?.AddMitigation(mitigation, strength);
}
_threatEvent.AddMitigation(mitigation, strength, status);
}
else if (_weakness != null)
{
_weakness.AddMitigation(mitigation, strength);
}
else if (_vulnerability != null)
{
if (_standardMitigationsContainer.Visible && _standardMitigations.Checked &&
!(_vulnerability.Weakness?.Mitigations?.Any(x => x.MitigationId == mitigation.Id) ?? false))
{
_vulnerability.Weakness?.AddMitigation(mitigation, strength);
}
_vulnerability.AddMitigation(mitigation, strength, status);
}
}
