public void SetThreatModel([NotNull] IThreatModel model)
{
_model = model;
_schemaManager = new AnnotationsPropertySchemaManager(_model);
_propertyType = _schemaManager.GetAnnotationsPropertyType();
LoadModel();
}
public static IEnumerable <IMitigation> GetKnownMitigations(this IThreatModel model,
[NotNull] AnnotationsPropertySchemaManager schemaManager, [NotNull] IPropertyType propertyType,
string filter, bool showOnlyOpenQuestions = false)
{
return(model.Mitigations?
.Where(x => x.HasNotesWithText(schemaManager, filter) && (showOnlyOpenQuestions ? schemaManager.HasOpenTopics(x) : x.HasProperty(propertyType)))
.OrderBy(x => x.Name));
}
public static bool HasNotesWithText(this IPropertiesContainer container, [NotNull] AnnotationsPropertySchemaManager schemaManager, string filter)
{
return(string.IsNullOrWhiteSpace(filter) ||
(schemaManager.GetAnnotations(container)?
.Any(x => x.Text != null && x.Text.ToLower().Contains(filter.ToLower()) ||
(x is TopicToBeClarified topic &&
(topic.Answers?.Any(y => y.Text != null && y.Text.ToLower().Contains(filter.ToLower())) ?? false))) ?? false));
}
public void ExecuteCustomAction([NotNull] IActionDefinition action)
{
var schemaManager = new AnnotationsPropertySchemaManager(_model);
_right.SuspendLayout();
switch (action.Name)
{
case "AddReviewNote":
if (_selected != null)
{
var review = new ReviewNote();
schemaManager.AddAnnotation(_selected, review);
AddButton(review);
}
break;
case "RemoveReviewNote":
if (_selected != null && _annotation.Annotation is ReviewNote reviewNote &&
MessageBox.Show("You are about to remove the currently selected Review Note. Are you sure?",
"Remove Review Note", MessageBoxButtons.OKCancel, MessageBoxIcon.Warning,
MessageBoxDefaultButton.Button2) == DialogResult.OK)
{
schemaManager.RemoveAnnotation(_selected, reviewNote);
_annotation.Annotation = null;
RemoveButton(reviewNote);
}
break;
case "Export":
var saveFileDialog = new SaveFileDialog()
{
AddExtension = true,
AutoUpgradeEnabled = true,
CheckFileExists = false,
CheckPathExists = true,
RestoreDirectory = true,
DefaultExt = "csv",
Filter = "CSV file (*.csv)|*.csv",
Title = "Create CSV file",
ValidateNames = true
};
if (saveFileDialog.ShowDialog(Form.ActiveForm) == DialogResult.OK)
{
ExportCsv(saveFileDialog.FileName);
}
break;
case "Refresh":
LoadModel();
break;
}
_right.ResumeLayout();
}
private void Generate([NotNull] Question question, [NotNull] IPropertiesContainer container,
[NotNull] AnnotationsPropertySchemaManager schemaManager)
{
if (question.Rule?.Evaluate(container) ?? false)
{
schemaManager.AddAnnotation(container, new TopicToBeClarified()
{
Text = question.Text
});
}
}
private bool Generate([NotNull] IThreatModel model)
{
var result = false;
var schemaManager = new QuestionsPropertySchemaManager(model);
var questions = schemaManager.GetQuestions()?.ToArray();
if (questions?.Any() ?? false)
{
var asm = new AnnotationsPropertySchemaManager(model);
var pt = asm.GetAnnotationsPropertyType();
var ei = model.Entities?.OfType <IExternalInteractor>().OrderBy(x => x.Name);
var p = model.Entities?.OfType <IProcess>().OrderBy(x => x.Name);
var ds = model.Entities?.OfType <IDataStore>().OrderBy(x => x.Name);
var f = model.DataFlows?.OrderBy(x => x.Name);
var tb = model.Groups?.OfType <ITrustBoundary>().OrderBy(x => x.Name);
var te = model.GetThreatEvents()?.OrderBy(x => x.Name);
var tem = model.GetThreatEventMitigations()?
.OrderBy(x => x.Mitigation.Name)
.ThenBy(x => x.ThreatEvent.Name)
.ThenBy(x => x.ThreatEvent.Parent.Name);
var tt = model.ThreatTypes?.OrderBy(x => x.Name);
var km = model.Mitigations?.OrderBy(x => x.Name);
var sm = model.GetThreatTypeMitigations()?
.OrderBy(x => x.Mitigation.Name)
.ThenBy(x => x.ThreatType.Name);
var et = model.EntityTemplates?.OrderBy(x => x.Name);
var ft = model.FlowTemplates?.OrderBy(x => x.Name);
var tbt = model.TrustBoundaryTemplates?.OrderBy(x => x.Name);
foreach (var question in questions)
{
Generate(question, ei, asm);
Generate(question, p, asm);
Generate(question, ds, asm);
Generate(question, f, asm);
Generate(question, tb, asm);
Generate(question, te, asm);
Generate(question, tem, asm);
Generate(question, tt, asm);
Generate(question, km, asm);
Generate(question, sm, asm);
Generate(question, et, asm);
Generate(question, ft, asm);
Generate(question, tbt, asm);
Generate(question, model, asm);
}
result = true;
}
return(result);
}
public void Dispose()
{
_model.PropertyAdded -= PropertyUpdated;
_model.PropertyRemoved -= PropertyUpdated;
_model.PropertyValueChanged -= PropertyUpdated;
_model.ChildPropertyAdded -= ChildPropertyUpdated;
_model.ChildPropertyChanged -= ChildPropertyUpdated;
_model.ChildPropertyChanged -= ChildPropertyUpdated;
_schemaManager = null;
_propertyType = null;
_model = null;
}
private bool Execute([NotNull] IPropertiesContainer container)
{
bool result = false;
if (container is IThreatModelChild child)
{
var schemaManager = new AnnotationsPropertySchemaManager(child.Model);
result = schemaManager.EnableAnnotations(container);
}
return(result);
}
private void Generate([NotNull] Question question,
IEnumerable <IPropertiesContainer> containers, AnnotationsPropertySchemaManager schemaManager)
{
var items = containers?.ToArray();
if (items?.Any() ?? false)
{
foreach (var item in items)
{
Generate(question, item, schemaManager);
}
}
}
public bool Execute()
{
bool result = false;
var dialog = new AnnotationDialog(_model, _container, new ReviewNote());
if (dialog.ShowDialog(Form.ActiveForm) == DialogResult.OK)
{
var schemaManager = new AnnotationsPropertySchemaManager(_model);
schemaManager.AddAnnotation(_container, dialog.Annotation);
result = true;
}
return(result);
}
public void Initialize([NotNull] IThreatModel model)
{
if (_model != null)
{
Dispose();
}
_model = model;
_schemaManager = new AnnotationsPropertySchemaManager(model);
_propertyType = _schemaManager.GetAnnotationsPropertyType();
_model.PropertyAdded += PropertyUpdated;
_model.PropertyRemoved += PropertyUpdated;
_model.PropertyValueChanged += PropertyUpdated;
_model.ChildPropertyAdded += ChildPropertyUpdated;
_model.ChildPropertyChanged += ChildPropertyUpdated;
_model.ChildPropertyChanged += ChildPropertyUpdated;
}
private bool GeneratePdf([Required] string fileName)
{
using (var doc = new PdfDocument(PdfConformanceLevel.None))
{
doc.PageSettings.Orientation = PdfPageOrientation.Portrait;
var page = doc.Pages.Add();
var y = AddPdfHeader(page);
var font = new PdfStandardFont(PdfFontFamily.Helvetica, 12);
var minSize = font.MeasureString("Ag");
_minTextHeight = minSize.Height;
var healthIndex = _analyzersManager.Analyze(_model,
QualityPropertySchemaManager.IsFalsePositive,
out var outcomes);
AddSummary(doc, page, y + 10, font, healthIndex, outcomes);
var analyzers = QualityAnalyzersManager.QualityAnalyzers?.ToArray();
if (analyzers?.Any() ?? false)
{
foreach (var analyzer in analyzers)
{
var outcome = outcomes?.FirstOrDefault(x => x.Id == analyzer.GetExtensionId());
if (outcome != null)
{
AddOutcomePage(doc, font, analyzer, outcome);
}
}
}
var schemaManager = new AnnotationsPropertySchemaManager(_model);
var propertyType = schemaManager.GetAnnotationsPropertyType();
var containers = GetContainers(schemaManager, propertyType)?.ToArray();
if (containers?.Any() ?? false)
{
AddReviewNotesPage(doc, font, containers, schemaManager, propertyType);
}
AddFooters(doc, font);
doc.Save(fileName);
}
return(true);
}
private void Generate([NotNull] Question question,
IEnumerable <IPropertiesContainer> containers, AnnotationsPropertySchemaManager schemaManager)
{
var items = containers?.ToArray();
if (items?.Any() ?? false)
{
foreach (var item in items)
{
if (question.Rule?.Evaluate(item) ?? false)
{
schemaManager.AddAnnotation(item, new TopicToBeClarified()
{
Text = question.Text
});
}
}
}
}
public bool Execute()
{
var result = false;
if (_annotation is TopicToBeClarified topicToBeClarified)
{
var dialog = new AnnotationDialog(_model, _container, topicToBeClarified, true);
if (dialog.ShowDialog(Form.ActiveForm) == DialogResult.Abort)
{
var schemaManager = new AnnotationsPropertySchemaManager(_model);
schemaManager.RemoveAnnotation(_container, topicToBeClarified);
}
result = true;
}
else if (_annotation is Highlight highlight)
{
var dialog = new AnnotationDialog(_model, _container, highlight, true);
if (dialog.ShowDialog(Form.ActiveForm) == DialogResult.Abort)
{
var schemaManager = new AnnotationsPropertySchemaManager(_model);
schemaManager.RemoveAnnotation(_container, highlight);
}
result = true;
}
else if (_annotation is ReviewNote reviewNote)
{
var dialog = new AnnotationDialog(_model, _container, reviewNote, true);
if (dialog.ShowDialog(Form.ActiveForm) == DialogResult.Abort)
{
var schemaManager = new AnnotationsPropertySchemaManager(_model);
schemaManager.RemoveAnnotation(_container, reviewNote);
}
result = true;
}
return(result);
}
private IEnumerable <IPropertiesContainer> GetContainers([NotNull] AnnotationsPropertySchemaManager schemaManager,
[NotNull] IPropertyType propertyType)
{
var list = new List <IPropertiesContainer>();
Add(list, _model.GetExternalInteractors(schemaManager, propertyType, null));
Add(list, _model.GetProcesses(schemaManager, propertyType, null));
Add(list, _model.GetDataStores(schemaManager, propertyType, null));
Add(list, _model.GetFlows(schemaManager, propertyType, null));
Add(list, _model.GetTrustBoundaries(schemaManager, propertyType, null));
Add(list, _model.GetThreatEvents(schemaManager, propertyType, null));
Add(list, _model.GetThreatEventMitigations(schemaManager, propertyType, null));
Add(list, _model.GetThreatTypes(schemaManager, propertyType, null));
Add(list, _model.GetKnownMitigations(schemaManager, propertyType, null));
Add(list, _model.GetStandardMitigations(schemaManager, propertyType, null));
Add(list, _model.GetEntityTemplates(schemaManager, propertyType, null));
Add(list, _model.GetFlowTemplates(schemaManager, propertyType, null));
Add(list, _model.GetTrustBoundaryTemplates(schemaManager, propertyType, null));
Add(list, _model.GetDiagrams(schemaManager, propertyType, null));
return(list);
}
public bool IsVisible(object item)
{
bool result = false;
IThreatModel model = null;
if (item is IThreatModelChild child)
{
model = child.Model;
}
else if (item is IThreatModel threatModel)
{
model = threatModel;
}
if (model != null && item is IPropertiesContainer container)
{
var schemaManager = new AnnotationsPropertySchemaManager(model);
result = !schemaManager.AreAnnotationsEnabled(container);
}
return(result);
}
public void ExecuteCustomAction([NotNull] IActionDefinition action)
{
var schemaManager = new AnnotationsPropertySchemaManager(_model);
_right.SuspendLayout();
switch (action.Name)
{
case "AddNotes":
if (_selected != null)
{
var notes = new Annotation();
schemaManager.AddAnnotation(_selected, notes);
AddButton(notes);
}
break;
case "AddTopic":
if (_selected != null)
{
var topic = new TopicToBeClarified();
schemaManager.AddAnnotation(_selected, topic);
AddButton(topic);
}
break;
case "AddHighlight":
if (_selected != null)
{
var high = new Highlight();
schemaManager.AddAnnotation(_selected, high);
AddButton(high);
}
break;
case "RemoveNotes":
if (_selected != null && _annotation.Annotation is Annotation annotation &&
MessageBox.Show("You are about to remove the currently selected Note. Are you sure?",
"Remove Notes", MessageBoxButtons.OKCancel, MessageBoxIcon.Warning,
MessageBoxDefaultButton.Button2) == DialogResult.OK)
{
schemaManager.RemoveAnnotation(_selected, annotation);
_annotation.Annotation = null;
RemoveButton(annotation);
}
break;
case "RemoveTopic":
if (_selected != null && _annotation.Annotation is TopicToBeClarified toBeClarified &&
MessageBox.Show("You are about to remove the currently selected Topic. Are you sure?",
"Remove Topic", MessageBoxButtons.OKCancel, MessageBoxIcon.Warning,
MessageBoxDefaultButton.Button2) == DialogResult.OK)
{
schemaManager.RemoveAnnotation(_selected, toBeClarified);
_annotation.Annotation = null;
RemoveButton(toBeClarified);
}
break;
case "RemoveHighlight":
if (_selected != null && _annotation.Annotation is Highlight highlight &&
MessageBox.Show("You are about to remove the currently selected Highlight. Are you sure?",
"Remove Highlight", MessageBoxButtons.OKCancel, MessageBoxIcon.Warning,
MessageBoxDefaultButton.Button2) == DialogResult.OK)
{
schemaManager.RemoveAnnotation(_selected, highlight);
_annotation.Annotation = null;
RemoveButton(highlight);
}
break;
case "ShowOpenTopics":
_show = WhatToShow.OpenTopicsOnly;
LoadModel();
ChangeCustomActionStatus?.Invoke("ShowOpenTopics", false);
ChangeCustomActionStatus?.Invoke("ShowHighlights", true);
ChangeCustomActionStatus?.Invoke("ShowReviewNotes", true);
ChangeCustomActionStatus?.Invoke("ShowAll", true);
break;
case "ShowHighlights":
_show = WhatToShow.HighlightsOnly;
LoadModel();
ChangeCustomActionStatus?.Invoke("ShowOpenTopics", true);
ChangeCustomActionStatus?.Invoke("ShowHighlights", false);
ChangeCustomActionStatus?.Invoke("ShowReviewNotes", true);
ChangeCustomActionStatus?.Invoke("ShowAll", true);
break;
case "ShowAll":
_show = WhatToShow.All;
LoadModel();
ChangeCustomActionStatus?.Invoke("ShowOpenTopics", true);
ChangeCustomActionStatus?.Invoke("ShowHighlights", true);
ChangeCustomActionStatus?.Invoke("ShowReviewNotes", true);
ChangeCustomActionStatus?.Invoke("ShowAll", false);
break;
case "ExportOpen":
var saveFileDialog = new SaveFileDialog()
{
AddExtension = true,
AutoUpgradeEnabled = true,
CheckFileExists = false,
CheckPathExists = true,
RestoreDirectory = true,
DefaultExt = "csv",
Filter = "CSV file (*.csv)|*.csv|Excel file (*.xlsx)|*.xlsx",
Title = "Create a file with open Topics",
ValidateNames = true
};
if (saveFileDialog.ShowDialog(Form.ActiveForm) == DialogResult.OK)
{
ExportCsv(saveFileDialog.FileName, true);
}
break;
case "ExportAll":
var saveFileDialog2 = new SaveFileDialog()
{
AddExtension = true,
AutoUpgradeEnabled = true,
CheckFileExists = false,
CheckPathExists = true,
RestoreDirectory = true,
DefaultExt = "csv",
Filter = "CSV file (*.csv)|*.csv|Excel file (*.xlsx)|*.xlsx",
Title = "Create a file with all Topics",
ValidateNames = true
};
if (saveFileDialog2.ShowDialog(Form.ActiveForm) == DialogResult.OK)
{
ExportCsv(saveFileDialog2.FileName, false);
}
break;
case "Refresh":
LoadModel();
break;
}
_right.ResumeLayout();
}
private void AddReviewNotesPage([NotNull] PdfDocument doc, [NotNull] PdfStandardFont font,
[NotNull] IEnumerable <IPropertiesContainer> containers, [NotNull] AnnotationsPropertySchemaManager schemaManager,
[NotNull] IPropertyType propertyType)
{
string objectType = null;
string name = null;
string text = null;
Bitmap image = null;
var y = 0f;
PdfPage page = null;
var textSize = SizeF.Empty;
foreach (var container in containers)
{
if (container is IDataFlow flow)
{
objectType = _model.GetIdentityTypeName(flow);
name = flow.Name;
text = $"From {_model.GetIdentityTypeName(flow.Source)} '{flow.Source.Name}' to {_model.GetIdentityTypeName(flow.Target)} '{flow.Target.Name}'";
image = flow.GetImage(ImageSize.Medium);
}
else if (container is IThreatEvent threatEvent)
{
objectType = _model.GetIdentityTypeName(threatEvent);
name = threatEvent.Name;
text = $"Applied to {_model.GetIdentityTypeName(threatEvent.Parent)} '{threatEvent.Parent.Name}'";
image = threatEvent.GetImage(ImageSize.Medium);
}
else if (container is IIdentity identity)
{
objectType = _model.GetIdentityTypeName(identity);
name = identity.Name;
text = null;
image = identity.GetImage(ImageSize.Medium);
}
else if (container is IThreatEventMitigation threatEventMitigation)
{
objectType = "Threat Event Mitigation";
name = threatEventMitigation.Mitigation.Name;
text = $"Associated to Threat Event '{threatEventMitigation.ThreatEvent.Name}' on '{threatEventMitigation.ThreatEvent.Parent.Name}'";
image = Icons.Resources.mitigations;
}
else if (container is IThreatTypeMitigation threatTypeMitigation)
{
objectType = "Threat Type Mitigation";
name = threatTypeMitigation.Mitigation.Name;
text = $"Associated to Threat Type '{threatTypeMitigation.ThreatType.Name}'";
image = Icons.Resources.standard_mitigations;
}
else
{
objectType = null;
name = null;
text = null;
image = null;
}
var reviewNotes = schemaManager.GetAnnotations(container)?.OfType <ReviewNote>().ToArray();
if (reviewNotes?.Any() ?? false)
{
PdfImage img;
foreach (var reviewNote in reviewNotes)
{
if (y == 0 || (y > page.Graphics.ClientSize.Height - textSize.Height * 10))
{
y = 0;
page = doc.Pages.Add();
textSize = WriteText(page, "Review Notes", new PdfStandardFont(font, font.Size, PdfFontStyle.Bold), 0, 0);
y = textSize.Height + 10;
page.Graphics.DrawLine(PdfPens.Black, 0, y, page.Graphics.ClientSize.Width, y);
y += 10;
}
if (image != null && objectType != null && name != null)
{
img = PdfImage.FromImage(image);
page.Graphics.DrawImage(img, new RectangleF(0, y, 16, 16));
textSize = WriteText(page, $"{objectType}: {name}", font, 18, y + 2);
if (text != null)
{
y += textSize.Height + 5;
textSize = WriteText(page, text, font, 18, y);
}
y += textSize.Height + 5;
textSize = WriteText(page, reviewNote.Text, font, 18, y);
y += textSize.Height + 5;
textSize = WriteText(page, $"Note created by {reviewNote.CreatedBy} on {reviewNote.CreatedOn.ToShortDateString()} and modified by {reviewNote.ModifiedBy} on {reviewNote.ModifiedOn.ToShortDateString()}", font, 18, y);
y += textSize.Height + 10;
}
}
}
}
}