private void saveandclose() { if (ToListBox.SelectedItems == null || ToListBox.SelectedItems.Count == 0 || FromListBox.SelectedItems == null || FromListBox.SelectedItems.Count == 0) { MessageBox.Show("You didn't select either a to or a from observable to connect via the relationship", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } else if (RelationshipTypeDropDown.SelectedItem == null) { MessageBox.Show("Select a relationship type", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } else { foreach (ObservableObject to in ToListBox.SelectedItems) { foreach (ObservableObject from in FromListBox.SelectedItems) { ObservableRelationship r = new ObservableRelationship(to.ID, from.ID, (ObservableRelationshipType)Enum.Parse(typeof(ObservableRelationshipType), RelationshipTypeDropDown.SelectedItem.ToString(), true)); collection.Relationships.Add(r); } } } this.DialogResult = DialogResult.OK; this.Close(); }
/// <summary> /// Loads the STIX collection from a textual Base64 encoded IIRIOC file. /// Try/catches mean any issues with the load or the file will cause the method to return a null collection /// and the gui will process /// </summary> /// <param name="filepath">The filepath to load</param> /// <returns>A stix collection or null if errors</returns> public static ObservableCollection LoadFromBasicFile(string filepath) { //return ReadFromBinaryFile<ObservableCollection>(filepath); ObservableCollection col = new ObservableCollection(); //Used to extract the file version. Will be used in furture to load differently if we change the way the file is structured etc. String FileVersion = ""; //Load the Base64 into memory and convert it - present a stream to read string filecontents = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(File.ReadAllText(filepath))); MemoryStream stream = new MemoryStream(); StreamWriter writer = new StreamWriter(stream); writer.Write(filecontents); writer.Flush(); stream.Position = 0; try { //using (StreamReader r = new StreamReader(filepath)) using (StreamReader r = new StreamReader(stream)) { //Read the header and get the version string line = r.ReadLine(); if (!line.StartsWith("Athena-IOC-Collection-File-")) { return(null); } FileVersion = line.Substring("Athena-IOC-Collection-File-".Length); //Get the ID of the whole collection line = r.ReadLine(); if (line.StartsWith("|||")) { col.ID = line.Substring(3); } else { return(null); } //Get the incident ID line = r.ReadLine(); if (line.StartsWith("|||")) { col.IncidentID = line.Substring(3); } else { return(null); } //Get the reporting org line = r.ReadLine(); if (line.StartsWith("|||")) { col.ReportingOrganisation = line.Substring(3); } else { return(null); } //Get the incident name line = r.ReadLine(); if (line.StartsWith("|||")) { col.IncidentName = line.Substring(3); } else { return(null); } //Get the initial compromise date line = r.ReadLine(); if (line.StartsWith("|||")) { line = line.Substring(3); if (line.Length > 1) { col.InitialCompromise = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture); } } else { return(null); } //Get the Incident Discovered date line = r.ReadLine(); if (line.StartsWith("|||")) { line = line.Substring(3); if (line.Length > 1) { col.IncidentDiscovered = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture); } } else { return(null); } //Get the Incident Reported data line = r.ReadLine(); if (line.StartsWith("|||")) { line = line.Substring(3); if (line.Length > 1) { col.IncidentReported = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture); } } else { return(null); } //Get the incident resolved date line = r.ReadLine(); if (line.StartsWith("|||")) { line = line.Substring(3); if (line.Length > 1) { col.IncidentResolved = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture); } } else { return(null); } //Get the incident title line = r.ReadLine(); if (line.StartsWith("|||")) { col.IncidentTitle = line.Substring(3); } else { return(null); } //Get the reported by line = r.ReadLine(); if (line.StartsWith("|||")) { col.ReportedBy = line.Substring(3); } else { return(null); } //Get the Responder name line = r.ReadLine(); if (line.StartsWith("|||")) { col.Responder = line.Substring(3); } else { return(null); } //Get the incident effect name line = r.ReadLine(); if (line.StartsWith("|||")) { col.IncidentEffect = line.Substring(3); } else { return(null); } //Get the incident description line = r.ReadLine(); if (line.StartsWith("|||")) { col.IncidentDescription = line.Substring(3).Replace("\\r", "\r").Replace("\\n", "\n"); } else { return(null); } //Get the incident confidence line = r.ReadLine(); if (line.StartsWith("|||")) { col.Confidence = line.Substring(3); } else { return(null); } //Load each of the observables line = r.ReadLine(); while (line == "|AthenaObservable|") { string oid, otitle, odesc; ObservableObject.ObservableType otype; //Get the observable ID line = r.ReadLine(); if (line.StartsWith("|||")) { oid = line.Substring(3); } else { return(null); } //Get the observable title line = r.ReadLine(); if (line.StartsWith("|||")) { otitle = line.Substring(3); } else { return(null); } //Get the observable description line = r.ReadLine(); if (line.StartsWith("|||")) { odesc = line.Substring(3).Replace("\\r", "\r").Replace("\\n", "\n"); } else { return(null); } //Get the observable type //If it doesnt match a defined type the whole load will fail line = r.ReadLine(); if (line.StartsWith("|||")) { if (!Enum.TryParse(line.Substring(3), out otype)) { return(null); } } else { return(null); } //Create a new object and set the values we just loaded - done this way to make sure the constructor runs with the right values ObservableObject ox = new ObservableObject(otype, ref col); ox.Description = odesc; ox.ID = oid; ox.Title = otitle; //Get all the fields for the current observable line = r.ReadLine(); while (line.StartsWith("|AthenaObservableField|:")) { string[] split = line.Substring("| AthenaObservableField |:".Length).Split(new string[] { "|||" }, StringSplitOptions.None); ox.Fields.Find(x => x.FieldName == split[1]).ID = split[0]; ox.Fields.Find(x => x.FieldName == split[1]).Value = split[2]; line = r.ReadLine(); } col.Observables.Add(ox); } //Get all the relationships while (line == "|AthenaRelationship|") { string rid, rto, rfrom; ObservableRelationshipType rtype; //Get the relationship ID line = r.ReadLine(); if (line.StartsWith("|||")) { rid = line.Substring(3); } else { return(null); } //Get the "to" ID line = r.ReadLine(); if (line.StartsWith("|||")) { rto = line.Substring(3); } else { return(null); } //Get the "from" ID line = r.ReadLine(); if (line.StartsWith("|||")) { rfrom = line.Substring(3); } else { return(null); } //Get the type of the relationship (will fail if it isn't a valid type) line = r.ReadLine(); if (line.StartsWith("|||")) { if (!Enum.TryParse(line.Substring(3), out rtype)) { return(null); } } else { return(null); } ObservableRelationship ro = new ObservableRelationship(rto, rfrom, rtype); ro.RelationshipID = rid; //Add the relationship to the collection col.Relationships.Add(ro); //Advance the reader line = r.ReadLine(); } } } catch (Exception exep) { //Return a null object if any errors are encountered return(null); } return(col); }