public IEnumerable <ListItem> GetList(IThreatModel model)
{
IEnumerable <ListItem> result = null;
var threatEvents = model.GetThreatEvents()?
.OrderByDescending(x => x.Severity, new SeverityComparer())
.ThenBy(x => x.Name)
.ThenBy(x => x.Parent.Name)
.ToArray();
if (threatEvents?.Any() ?? false)
{
var list = new List <ListItem>();
foreach (var threatEvent in threatEvents)
{
var items = new List <ItemRow>();
items.Add(new TextRow("Severity", threatEvent.Severity.Name,
threatEvent.Severity.TextColor, threatEvent.Severity.BackColor, true, true, 75));
items.Add(new TextRow("Threat Type", threatEvent.ThreatType.Name, null, null, new [] { threatEvent.ThreatTypeId }));
items.Add(new TextRow("Description", threatEvent.Description));
items.Add(new TextRow("Associated To",
$"{threatEvent.Parent.Name}",
$"[{model.GetIdentityTypeInitial(threatEvent.Parent)}] ",
null,
new [] { threatEvent.ParentId }));
items.Add(new TableRow("Approved Mitigations", new []
{
new TableColumn("Mitigation", 350),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(threatEvent.Mitigations?.Where(x => x.Status == MitigationStatus.Approved))));
items.Add(new TableRow("Existing Mitigations", new[]
{
new TableColumn("Mitigation", 350),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(threatEvent.Mitigations?.Where(x => x.Status == MitigationStatus.Existing))));
items.Add(new TableRow("Implemented Mitigations", new[]
{
new TableColumn("Mitigation", 350),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(threatEvent.Mitigations?.Where(x => x.Status == MitigationStatus.Implemented))));
items.Add(new TableRow("Planned Mitigations", new[]
{
new TableColumn("Mitigation", 350),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(threatEvent.Mitigations?.Where(x => x.Status == MitigationStatus.Planned))));
items.Add(new TableRow("Proposed Mitigations", new[]
{
new TableColumn("Mitigation", 350),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(threatEvent.Mitigations?.Where(x => x.Status == MitigationStatus.Proposed))));
var itemRows = threatEvent.GetItemRows()?.ToArray();
if (itemRows?.Any() ?? false)
{
items.AddRange(itemRows);
}
list.Add(new ListItem(threatEvent.Name, threatEvent.Id, items));
}
result = list;
}
return(result);
}
public IEnumerable <ListItem> GetList(IThreatModel model)
{
IEnumerable <ListItem> result = null;
var threatTypes = model.ThreatTypes?
.OrderByDescending(x => x.Severity, new SeverityComparer())
.ThenBy(x => x.Name)
.ToArray();
if (threatTypes?.Any() ?? false)
{
var list = new List <ListItem>();
var eventProperties = new ListThreatEventsPlaceholder().GetProperties(model)?
.OrderBy(x => model.GetSchema(x.Value.SchemaId).Priority)
.ThenBy(x => model.GetSchema(x.Value.SchemaId).Namespace)
.ThenBy(x => model.GetSchema(x.Value.SchemaId).Name)
.ThenBy(x => x.Value.Priority)
.ToArray();
foreach (var threatType in threatTypes)
{
var threatEvents = model.GetThreatEvents(threatType)?.ToArray();
if (threatEvents?.Any() ?? false)
{
var items = new List <ItemRow>();
items.Add(new TextRow("Severity", threatType.Severity.Name,
threatType.Severity.TextColor, threatType.Severity.BackColor, true, true, 75));
items.Add(new TextRow("Description", threatType.Description));
items.Add(new ListRow("Affected Objects",
threatEvents.Select(x =>
new Line($"{x.Parent.Name}",
$"[{model.GetIdentityTypeInitial(x.Parent)}] ",
$" ({x.Severity.Name})",
new [] { x.ParentId }))));
items.Add(new TableRow("Approved Mitigations", new[]
{
new TableColumn("Object", 150),
new TableColumn("Mitigation", 200),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(GetMitigations(threatEvents, MitigationStatus.Approved))));
items.Add(new TableRow("Existing Mitigations", new[]
{
new TableColumn("Object", 150),
new TableColumn("Mitigation", 200),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(GetMitigations(threatEvents, MitigationStatus.Existing))));
items.Add(new TableRow("Implemented Mitigations", new[]
{
new TableColumn("Object", 150),
new TableColumn("Mitigation", 200),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(GetMitigations(threatEvents, MitigationStatus.Implemented))));
items.Add(new TableRow("Planned Mitigations", new[]
{
new TableColumn("Object", 150),
new TableColumn("Mitigation", 200),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(GetMitigations(threatEvents, MitigationStatus.Planned))));
items.Add(new TableRow("Proposed Mitigations", new[]
{
new TableColumn("Object", 150),
new TableColumn("Mitigation", 200),
new TableColumn("Severity", 75),
new TableColumn("Strength", 75)
}, GetCells(GetMitigations(threatEvents, MitigationStatus.Proposed))));
var itemRows = threatType.GetItemRows()?.ToArray();
if (itemRows?.Any() ?? false)
{
items.AddRange(itemRows);
}
if (eventProperties?.Any() ?? false)
{
foreach (var ep in eventProperties)
{
if (threatEvents.Any(x => x.HasProperty(ep.Value)))
{
items.Add(new TableRow($"[From Events] {ep.Key}", new []
{
new TableColumn("Object", 150),
new TableColumn("Value", 350)
}, GetCells(threatEvents.Where(x => x.HasProperty(ep.Value)), ep.Value)));
}
}
}
list.Add(new ListItem(threatType.Name, threatType.Id, items));
}
}
result = list;
}
return(result);
}
public static SuperTooltipInfo GetSuperTooltipInfo([NotNull] this IThreatModel model,
[NotNull] IIdentity identity, bool canJump = true)
{
IEnumerable <IDiagram> diagrams = null;
string suffix = null;
if (identity is IEntity)
{
diagrams = model.Diagrams?.Where(x => x.GetEntityShape(identity.Id) != null)
.OrderBy(x => x.Name).ToArray();
}
else if (identity is IDataFlow dataFlow)
{
var suffixBuilder = new StringBuilder();
if (!string.IsNullOrEmpty(dataFlow.Source?.Name))
{
suffixBuilder.Append(
$"Source: <b>[{model.GetIdentityTypeInitial(dataFlow.Source)}] {dataFlow.Source.Name}</b>");
}
if (!string.IsNullOrEmpty(dataFlow.Target?.Name))
{
if (suffixBuilder.Length > 0)
{
suffixBuilder.Append("<br/>");
}
suffixBuilder.Append(
$"Target: <b>[{model.GetIdentityTypeInitial(dataFlow.Target)}] {dataFlow.Target.Name}</b>");
}
suffix = suffixBuilder.ToString();
diagrams = model.Diagrams?.Where(x => x.GetLink(dataFlow.Id) != null)
.OrderBy(x => x.Name).ToArray();
}
else if (identity is ITrustBoundary trustBoundary)
{
diagrams = model.Diagrams?.Where(x => x.GetGroupShape(trustBoundary.Id) != null)
.OrderBy(x => x.Name).ToArray();
}
string body = null;
if (string.IsNullOrWhiteSpace(suffix))
{
if (!string.IsNullOrWhiteSpace(identity.Description))
{
body = identity.Description.Replace("\n", "<br/>");
}
}
else
{
if (!string.IsNullOrWhiteSpace(identity.Description))
{
body = $"{identity.Description.Replace("\n", "<br/>")}<br/><br/>{suffix}";
}
else
{
body = suffix;
}
}
string footer = null;
if (diagrams?.Any() ?? false)
{
var builder = new StringBuilder();
builder.AppendLine("Found in Diagram(s):");
foreach (var diagram in diagrams)
{
if (canJump)
{
builder.AppendLine($"<br/><a href='{diagram.Id}'>{diagram.Name}</a>");
}
else
{
builder.AppendLine($"<br/>{diagram.Name}");
}
}
footer = builder.ToString();
}
return(new SuperTooltipInfo($"[{model.GetIdentityTypeInitial(identity)}] {identity.Name}",
footer, body, identity.GetImage(ImageSize.Big), null, eTooltipColor.Office2003));
}
