public static void fWriteChilds(ATTACKPATTERN oAttackPatternMaster, int iColumnIndex)
{
int iRowIndexTemp = iRowIndex; //Save this value to make sure that we increment it at least once
Console.WriteLine("DEBUG in fWriteChilds iColumnIndex=" + iColumnIndex + " " + oAttackPatternMaster.AttackPatternID + " " + oAttackPatternMaster.AttackPatternName);
/*
* CanAlsoBe
* CanFollow
* CanPrecede
* ChildOf
* HasMember
* Leverage
* ParentOf
* PeerOf
*/
//If we want the parents of the oAttackPatternMaster
//To the left
//A ParentOf X => write A
#region AttackPatternMasterParent
foreach (ATTACKPATTERNRELATIONSHIP oAttackPatternRelation in oAttackPatternMaster.ATTACKPATTERNRELATIONSHIP1.Where(o => o.AttackPatternSubjectID == oAttackPatternMaster.AttackPatternID && (o.RelationshipName == "ParentOf" || o.RelationshipName == "HasMember" || o.RelationshipName == "CanPrecede")))
{
Console.WriteLine("DEBUG01 " + oAttackPatternRelation.ATTACKPATTERN.capec_id + " (" + oAttackPatternRelation.ATTACKPATTERN.AttackPatternID + ") " + oAttackPatternRelation.RelationshipName + " " + oAttackPatternMaster.capec_id + " (" + oAttackPatternMaster.AttackPatternID + ")");
xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternRelation.ATTACKPATTERN.capec_id + " " + oAttackPatternRelation.ATTACKPATTERN.AttackPatternName;
//fWriteChilds(oAttackPatternRelation.ATTACKPATTERN, iColumnIndex + 1); //TODO Review (-1?)
iRowIndex++;
if (bIncludeCWEs)
{
//List the CWEs
foreach (ATTACKPATTERNCWE oAttackPatternCWE in oAttackPatternRelation.ATTACKPATTERN.ATTACKPATTERNCWE)
{
Console.WriteLine("DEBUG AttackPatternCWEID=" + oAttackPatternCWE.AttackPatternCWEID);
string sAttackPatternCWEID = oAttackPatternCWE.AttackPatternCWEID.ToString();
//Search CWE informations in XORCISM
CWE oCWE = null;
try
{
oCWE = model.CWE.Where(o => o.CWEID == sAttackPatternCWEID).FirstOrDefault();
//xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternCWE.CWE.CWEID + " " + oAttackPatternCWE.CWE.CWEName;
xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oCWE.CWEID + " " + oCWE.CWEName;
iRowIndex++;
}
catch (Exception exCWE01)
{
Console.WriteLine("Exception exCWE01 " + exCWE01.Message + " " + exCWE01.InnerException);
}
}
}
}
#endregion AttackPatternMasterParent
//TODO?
//PeerOf
//CanAlsoBe
//To the right
//HasMember HARDCODED
//A ParentOf X => write X
foreach (ATTACKPATTERNRELATIONSHIP oAttackPatternRelation in oAttackPatternMaster.ATTACKPATTERNRELATIONSHIP.Where(o => o.AttackPatternRefID == oAttackPatternMaster.AttackPatternID && (o.RelationshipName == "ParentOf" || o.RelationshipName == "HasMember" || o.RelationshipName == "Leverage" || o.RelationshipName == "CanFollow")))
{
Console.WriteLine("DEBUG02 " + oAttackPatternMaster.capec_id + " (" + oAttackPatternMaster.AttackPatternID + ") " + oAttackPatternRelation.RelationshipName + " " + oAttackPatternRelation.ATTACKPATTERN1.capec_id + " (" + oAttackPatternRelation.ATTACKPATTERN1.AttackPatternID + ")");
xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternRelation.ATTACKPATTERN1.capec_id + " " + oAttackPatternRelation.ATTACKPATTERN1.AttackPatternName;
fWriteChilds(oAttackPatternRelation.ATTACKPATTERN1, iColumnIndex + 1);
iRowIndex++;
if (bIncludeCWEs)
{
//List the CWEs
foreach (ATTACKPATTERNCWE oAttackPatternCWE in oAttackPatternRelation.ATTACKPATTERN1.ATTACKPATTERNCWE)
{
Console.WriteLine("DEBUG AttackPatternCWEID=" + oAttackPatternCWE.AttackPatternCWEID);
string sAttackPatternCWEID = oAttackPatternCWE.AttackPatternCWEID.ToString();
//xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternCWE.CWE.CWEID + " " + oAttackPatternCWE.CWE.CWEName;
//Search CWE informations in XORCISM
CWE oCWE = null;
try
{
oCWE = model.CWE.Where(o => o.CWEID == sAttackPatternCWEID).FirstOrDefault();
xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oCWE.CWEID + " " + oCWE.CWEName;
iRowIndex++;
}
catch (Exception exCWE02)
{
Console.WriteLine("Exception exCWE02 " + exCWE02.Message + " " + exCWE02.InnerException);
}
}
}
}
//Leverage HARDCODED
/*
* foreach (ATTACKPATTERNRELATIONSHIP oAttackPatternRelation in oAttackPatternMaster.ATTACKPATTERNRELATIONSHIP.Where(o => o.RelationshipName == "Leverage" && o.AttackPatternRefID == oAttackPatternMaster.AttackPatternID))
* {
* Console.WriteLine("DEBUG " + oAttackPatternMaster.capec_id + " Leverage " + oAttackPatternRelation.ATTACKPATTERN1.capec_id);
* xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternRelation.ATTACKPATTERN1.capec_id + " " + oAttackPatternRelation.ATTACKPATTERN1.AttackPatternName;
* fWriteChilds(oAttackPatternRelation.ATTACKPATTERN1, iColumnIndex + 1);
* iRowIndex++;
* //List the CWEs
* foreach (ATTACKPATTERNCWE oAttackPatternCWE in oAttackPatternRelation.ATTACKPATTERN1.ATTACKPATTERNCWE)
* {
* Console.WriteLine("DEBUG AttackPatternCWEID=" + oAttackPatternCWE.AttackPatternCWEID);
* xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternCWE.CWE.CWEID + " " + oAttackPatternCWE.CWE.CWEName;
* iRowIndex++;
* }
* }
*/
//CanAlsoBe //TODO?
//ChildOf HARDCODED
foreach (ATTACKPATTERNRELATIONSHIP oAttackPatternRelation in oAttackPatternMaster.ATTACKPATTERNRELATIONSHIP1.Where(o => o.AttackPatternSubjectID == oAttackPatternMaster.AttackPatternID && (o.RelationshipName == "ChildOf")))
{
Console.WriteLine("DEBUG03 " + oAttackPatternRelation.ATTACKPATTERN.capec_id + " (" + oAttackPatternRelation.ATTACKPATTERN.AttackPatternID + ") " + oAttackPatternRelation.RelationshipName + " " + oAttackPatternMaster.capec_id + " (" + oAttackPatternMaster.AttackPatternID + ")");
xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternRelation.ATTACKPATTERN.capec_id + " " + oAttackPatternRelation.ATTACKPATTERN.AttackPatternName;
fWriteChilds(oAttackPatternRelation.ATTACKPATTERN, iColumnIndex + 1);
iRowIndex++;
if (bIncludeCWEs)
{
//List the CWEs
foreach (ATTACKPATTERNCWE oAttackPatternCWE in oAttackPatternRelation.ATTACKPATTERN.ATTACKPATTERNCWE)
{
Console.WriteLine("DEBUG AttackPatternCWEID=" + oAttackPatternCWE.AttackPatternCWEID);
string sAttackPatternCWEID = oAttackPatternCWE.AttackPatternCWEID.ToString();
//xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oAttackPatternCWE.CWE.CWEID + " " + oAttackPatternCWE.CWE.CWEName;
//Search CWE informations in XORCISM
CWE oCWE = null;
try
{
oCWE = model.CWE.Where(o => o.CWEID == sAttackPatternCWEID).FirstOrDefault();
xlWorkSheet.Cells[iRowIndex, iColumnIndex] = oCWE.CWEID + " " + oCWE.CWEName;
iRowIndex++;
}
catch (Exception exCWE03)
{
Console.WriteLine("Exception exCWE03 " + exCWE03.Message + " " + exCWE03.InnerException);
}
}
}
}
if (iRowIndex == iRowIndexTemp)
{
//Nothing found but we increment anyway
iRowIndex++;
}
}
/// <summary>
/// Copyright (C) 2014-2015 Jerome Athias
/// Completely Alpha version Tool to manipulate (old version) of Microsoft Threat Modeling Tool "threat categories database"
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
static void Main(string[] args)
{
//Microsoft Threat Modeling Tool (TMT) 2014
XmlDocument doc = new XmlDocument();
doc.Load(@"C:\Program Files (x86)\Microsoft Threat Modeling Tool 2014\KnowledgeBase\ThreatCategories.xml"); //Hardcoded
XORCISMEntities model = new XORCISMEntities();
//https://stackoverflow.com/questions/5940225/fastest-way-of-inserting-in-entity-framework
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
XATTACKEntities attack_model = new XATTACKEntities();
attack_model.Configuration.AutoDetectChangesEnabled = false;
attack_model.Configuration.ValidateOnSaveEnabled = false;
XmlNodeList nodesThreatCategories = doc.SelectNodes("/ArrayOfThreatCategory/ThreatCategory"); //Hardcoded
foreach (XmlNode nodeThreatCategory in nodesThreatCategories)
{
//(no attributes)
foreach (XmlNode nodeThreatCategoryInfo in nodeThreatCategory.ChildNodes)
{
//Console.WriteLine("DEBUG: " + nodeThreatCategoryInfo.Name);
//Name Id ShortDescription LongDescription
switch (nodeThreatCategoryInfo.Name)
{
case "Name":
//Search a match in Attack Pattern (CAPEC)
string sThreatCategoryNameValue = nodeThreatCategoryInfo.InnerText;
Console.WriteLine("DEBUG: " + sThreatCategoryNameValue);
//Spoofing Tampering Repudiation
try
{
ATTACKPATTERN oAttackPattern = attack_model.ATTACKPATTERN.FirstOrDefault(o => o.AttackPatternName.Contains(sThreatCategoryNameValue));
if (oAttackPattern != null)
{
Console.WriteLine("DEBUG: " + oAttackPattern.capec_id + " " + oAttackPattern.AttackPatternName);
}
}
catch (Exception exoAttackPattern)
{
Console.WriteLine("Exception exoAttackPattern " + exoAttackPattern.Message + " " + exoAttackPattern.InnerException);
}
break;
case "Id":
break;
case "ShortDescription":
break;
case "LongDescription":
break;
default:
Console.WriteLine("ERROR: Missing code for " + nodeThreatCategoryInfo.Name);
break;
}
Console.WriteLine("DEBUG: " + nodeThreatCategoryInfo.InnerText);
}
}
}
