private void AutoLoadAsync() { #pragma warning disable SecurityIntelliSenseCS // MS Security rules violation string destFile = Path.Combine(Application.UserAppDataPath, FileName); #pragma warning restore SecurityIntelliSenseCS // MS Security rules violation if (File.Exists(destFile)) { try { _threatSource = new ThreatSource(ThreatSourceManager.GetCapecCatalog(destFile)); SuccessAutoLoad(); } catch { #pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' File.Delete(destFile); #pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' } FinalizeAutoLoad(); } else { NoAutoload(); } }
private void AnalyzeRelationships([NotNull] ThreatSource threatSource, [NotNull] Attack_PatternType attack) { foreach (var relatedAttack in attack.Related_Attack_Patterns) { if (relatedAttack.Relationship_Target_Form == RelationshipTypeRelationship_Target_Form.AttackPattern && relatedAttack.Relationship_Nature != null && relatedAttack.Relationship_Nature.Count > 0) { switch (relatedAttack.Relationship_Nature[0]) { case RelationshipTypeRelationship_Nature.ChildOf: foreach (var view in relatedAttack.Relationship_Views) { threatSource.AddParentChild(view.Value, relatedAttack.Relationship_Target_ID, Id); } break; case RelationshipTypeRelationship_Nature.ParentOf: foreach (var view in relatedAttack.Relationship_Views) { threatSource.AddParentChild(view.Value, Id, relatedAttack.Relationship_Target_ID); } break; } } } }
public ThreatSourceNode([NotNull] ThreatSource threatSource, [NotNull] Category category) { Id = category.ID; Name = category.Name; IsRoot = true; ThreatSourceType = ThreatSourceType.Capec; AnalyzeRelationships(threatSource, category); _properties.Add(new KeyValuePair <string, string>("Name", category.Name)); if (category.Description?.Description_Summary != null) { _properties.Add(new KeyValuePair <string, string>("Summary", category.Description.Description_Summary)); } var prerequisites = Convert(category.Attack_Prerequisites); if (!string.IsNullOrWhiteSpace(prerequisites)) { _properties.Add(new KeyValuePair <string, string>("Prerequisites", prerequisites)); } var resources = Convert(category.Resources_Required); if (!string.IsNullOrWhiteSpace(resources)) { _properties.Add(new KeyValuePair <string, string>("Resources Required", resources)); } }
public ThreatSourceNodeParentChild([NotNull] ThreatSource threatSource, [Required] string viewId, [NotNull] ThreatSourceNode node) { Node = node; var children = threatSource.GetChildren(viewId, node); if (children != null) { Children = children.Select(x => new ThreatSourceNodeParentChild(threatSource, viewId, x)); } }
private void AnalyzeRelationships([NotNull] ThreatSource threatSource, [NotNull] Category category) { foreach (var relationthip in category.Relationships) { if (relationthip.Relationship_Target_Form == RelationshipTypeRelationship_Target_Form.AttackPattern && relationthip.Relationship_Nature != null && relationthip.Relationship_Nature.Count > 0) { switch (relationthip.Relationship_Nature[0]) { case RelationshipTypeRelationship_Nature.HasMember: foreach (var view in relationthip.Relationship_Views) { threatSource.AddParentChild(view.Value, Id, relationthip.Relationship_Target_ID); } break; } } } }
private void Download() { if (string.IsNullOrWhiteSpace(SourceUrl)) { throw new InvalidOperationException(string.Format(Resources.MissingParameterError, nameof(SourceUrl))); } string fileName = Path.GetFileName(SourceUrl); #pragma warning disable SecurityIntelliSenseCS // MS Security rules violation string fileWithPath = Path.Combine(Application.UserAppDataPath, fileName); string fileNameWithoutExt = Path.GetFileNameWithoutExtension(SourceUrl); string destFile = Path.Combine(Application.UserAppDataPath, FileName); #pragma warning restore SecurityIntelliSenseCS // MS Security rules violation #if CWE bool cwe = fileNameWithoutExt.StartsWith("cwec_"); #endif bool capec = fileNameWithoutExt.StartsWith("capec_"); #if CWE if (!cwe && !capec) #else if (!capec) #endif { throw new InvalidOperationException(string.Format(Resources.UnsupportedFileTypeError, fileName)); } if (!File.Exists(fileWithPath)) { using (var client = new WebClient()) { #pragma warning disable SecurityIntelliSenseCS // MS Security rules violation client.DownloadFile(new Uri(SourceUrl), fileWithPath); #pragma warning restore SecurityIntelliSenseCS // MS Security rules violation } } if (SourceUrl.EndsWith(".zip")) { ZipFile.ExtractToDirectory(fileWithPath, Application.UserAppDataPath); #pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' #pragma warning disable SecurityIntelliSenseCS // MS Security rules violation File.Move(Path.Combine(Application.UserAppDataPath, fileNameWithoutExt), destFile); #pragma warning restore SecurityIntelliSenseCS // MS Security rules violation #pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' } else { if (string.CompareOrdinal(fileName, FileName) != 0) { #pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' #pragma warning disable SecurityIntelliSenseCS // MS Security rules violation File.Move(Path.Combine(Application.UserAppDataPath, fileName), destFile); #pragma warning restore SecurityIntelliSenseCS // MS Security rules violation #pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' } } try { _threatSource = capec ? new ThreatSource(ThreatSourceManager.GetCapecCatalog(destFile)) : #if CWE new ThreatSource(ThreatSourceManager.GetCweCatalog(destFile)); #else null; #endif FinalizeDownload(true); } catch (Exception exc) { #if DEBUG Debug.WriteLine(exc.ToString()); #endif if (File.Exists(destFile)) #pragma warning disable SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' { File.Delete(destFile); } #pragma warning restore SCS0018 // Path traversal: injection possible in {1} argument passed to '{0}' FinalizeDownload(false); } }
public ThreatSourceNode([NotNull] ThreatSource threatSource, [NotNull] Attack_PatternType attack) { Id = attack.ID; Name = attack.Name; IsRoot = false; ThreatSourceType = ThreatSourceType.Capec; AnalyzeRelationships(threatSource, attack); _properties.Add(new KeyValuePair <string, string>("Name", attack.Name)); if (attack.Description?.Summary != null) { _properties.Add(new KeyValuePair <string, string>("Summary", Convert(attack.Description.Summary))); } var alternate = Convert(attack.Alternate_Terms); if (!string.IsNullOrWhiteSpace(alternate)) { _properties.Add(new KeyValuePair <string, string>("Alternate Terms", alternate)); } var attackSurface = Convert(attack.Target_Attack_Surface); if (!string.IsNullOrWhiteSpace(attackSurface)) { _properties.Add(new KeyValuePair <string, string>("Target Attack Surface", attackSurface)); } var prerequisites = Convert(attack.Attack_Prerequisites); if (!string.IsNullOrWhiteSpace(prerequisites)) { _properties.Add(new KeyValuePair <string, string>("Prerequisites", prerequisites)); } _properties.Add(new KeyValuePair <string, string>("Severity", attack.Typical_Severity.ToString())); _properties.Add(new KeyValuePair <string, string>("Likelihood of Exploit", attack.Typical_Likelihood_of_Exploit.Likelihood)); var methodsOfAttack = Convert(attack.Methods_of_Attack); if (!string.IsNullOrWhiteSpace(methodsOfAttack)) { _properties.Add(new KeyValuePair <string, string>("Methods of Attack", methodsOfAttack)); } var examples = Convert(attack.ExamplesInstances); if (!string.IsNullOrWhiteSpace(examples)) { _properties.Add(new KeyValuePair <string, string>("Examples", examples)); } var skills = Convert(attack.Attacker_Skills_or_Knowledge_Required); if (!string.IsNullOrWhiteSpace(skills)) { _properties.Add(new KeyValuePair <string, string>("Skills or Knowledge Required", skills)); } var resources = Convert(attack.Resources_Required); if (!string.IsNullOrWhiteSpace(resources)) { _properties.Add(new KeyValuePair <string, string>("Resources Required", resources)); } var probing = Convert(attack.Probing_Techniques); if (!string.IsNullOrWhiteSpace(probing)) { _properties.Add(new KeyValuePair <string, string>("Probing Techniques", probing)); } var warning = Convert(attack.IndicatorsWarnings_of_Attack); if (!string.IsNullOrWhiteSpace(warning)) { _properties.Add(new KeyValuePair <string, string>("Warning of Attack", warning)); } var obfuscation = Convert(attack.Obfuscation_Techniques); if (!string.IsNullOrWhiteSpace(obfuscation)) { _properties.Add(new KeyValuePair <string, string>("Obfuscation Techniques", obfuscation)); } var mitigations = Convert(attack.Solutions_and_Mitigations); if (!string.IsNullOrWhiteSpace(mitigations)) { _properties.Add(new KeyValuePair <string, string>("Solutions and Mitigations", mitigations)); } var injectionVector = Convert(attack.Injection_Vector); if (!string.IsNullOrWhiteSpace(injectionVector)) { _properties.Add(new KeyValuePair <string, string>("Injection Vector", injectionVector)); } var payload = Convert(attack.Payload); if (!string.IsNullOrWhiteSpace(payload)) { _properties.Add(new KeyValuePair <string, string>("Payload", payload)); } var activationZone = Convert(attack.Activation_Zone); if (!string.IsNullOrWhiteSpace(activationZone)) { _properties.Add(new KeyValuePair <string, string>("Activation Zone", activationZone)); } var activationImpact = Convert(attack.Payload_Activation_Impact); if (!string.IsNullOrWhiteSpace(activationImpact)) { _properties.Add(new KeyValuePair <string, string>("Payload Activation Impact", activationImpact)); } var weaknesses = Convert(attack.Related_Weaknesses); if (!string.IsNullOrWhiteSpace(weaknesses)) { _properties.Add(new KeyValuePair <string, string>("Related Weaknesses", weaknesses)); } var vulnerabilities = Convert(attack.Related_Vulnerabilities); if (!string.IsNullOrWhiteSpace(vulnerabilities)) { _properties.Add(new KeyValuePair <string, string>("Related Vulnerabilities", vulnerabilities)); } var requirements = Convert(attack.Relevant_Security_Requirements); if (!string.IsNullOrWhiteSpace(requirements)) { _properties.Add(new KeyValuePair <string, string>("Security Requirements", requirements)); } var principles = Convert(attack.Related_Security_Principles); if (!string.IsNullOrWhiteSpace(principles)) { _properties.Add(new KeyValuePair <string, string>("Security Principles", principles)); } var guidelines = Convert(attack.Related_Guidelines); if (!string.IsNullOrWhiteSpace(guidelines)) { _properties.Add(new KeyValuePair <string, string>("Related Guidelines", guidelines)); } var ciaImpact = Convert(attack.CIA_Impact); if (!string.IsNullOrWhiteSpace(ciaImpact)) { _properties.Add(new KeyValuePair <string, string>("CIA Impact", ciaImpact)); } var context = Convert(attack.Technical_Context); if (!string.IsNullOrWhiteSpace(context)) { _properties.Add(new KeyValuePair <string, string>("Technical Context", context)); } var references = Convert(attack.References); if (!string.IsNullOrWhiteSpace(references)) { _properties.Add(new KeyValuePair <string, string>("References", references)); } var notes = Convert(attack.Other_Notes); if (!string.IsNullOrWhiteSpace(notes)) { _properties.Add(new KeyValuePair <string, string>("Other Notes", notes)); } }