public void SetRisk([NotNull] IThreatEventScenario scenario, Risk risk)
{
var property = GetProperty(scenario, Resources.RiskProperty) ?? AddProperty(scenario, Resources.RiskProperty);
if (property is IPropertyJsonSerializableObject jsonSerializableObject)
{
jsonSerializableObject.Value = risk;
}
}
public static void SetRisk(this IThreatEventScenario scenario, Risk risk)
{
var model = scenario.Model;
if (model != null)
{
var schemaManager = new QuantitativeRiskSchemaManager(model);
schemaManager.SetRisk(scenario, risk);
}
}
private void _ok_Click(object sender, EventArgs e)
{
if (IsValid() && _actor.SelectedItem is IThreatActor actor &&
_severity.SelectedItem is ISeverity severity)
{
_scenario = _event.AddScenario(actor, severity, _name.Text);
if (_scenario != null)
{
_scenario.Description = _description.Text;
_scenario.Motivation = _motivation.Text;
}
}
}
/// <summary>
/// Checks if a Fact is used in a Threat Event Scenario.
/// </summary>
/// <param name="fact">Fact to be searched.</param>
/// <returns>True if the Fact is used in the Scenario, false otherwise.</returns>
public bool IsUsed([NotNull] Fact fact, [NotNull] IThreatEventScenario scenario)
{
var risk = _schemaManager.GetRisk(scenario);
var result = (risk?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.ThreatEventFrequency?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.ThreatEventFrequency?.ContactFrequency?.AssociatedFacts
?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.ThreatEventFrequency?.ProbabilityOfAction?.AssociatedFacts
?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.Vulnerability?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.Vulnerability?.Difficulty?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
(risk?.LossEventFrequency?.Vulnerability?.ThreatCapability?.AssociatedFacts?.Contains(fact.Id) ??
false) ||
(risk?.LossMagnitude?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
(risk?.LossMagnitude?.SecondaryLossEventFrequency?.AssociatedFacts?.Contains(fact.Id) ?? false);
if (!result)
{
var primaryLosses = risk?.LossMagnitude?.PrimaryLosses?.ToArray();
if (primaryLosses?.Any() ?? false)
{
foreach (var loss in primaryLosses)
{
if (loss.AssociatedFacts?.Contains(fact.Id) ?? false)
{
result = true;
break;
}
}
}
}
if (!result)
{
var secondaryLosses = risk?.LossMagnitude?.SecondaryLosses?.ToArray();
if (secondaryLosses?.Any() ?? false)
{
foreach (var loss in secondaryLosses)
{
if (loss.AssociatedFacts?.Contains(fact.Id) ?? false)
{
result = true;
break;
}
}
}
}
return(result);
}
public static Risk GetRisk(this IThreatEventScenario scenario)
{
Risk result = null;
var model = scenario.Model;
if (model != null)
{
var schemaManager = new QuantitativeRiskSchemaManager(model);
result = schemaManager.GetRisk(scenario);
}
return(result);
}
private IProperty AddProperty([NotNull] IThreatEventScenario scenario, [Required] string propertyName)
{
IProperty result = null;
var schema = GetEvaluationSchema();
var propertyType = schema?.GetPropertyType(propertyName);
if (propertyType != null)
{
result = scenario.AddProperty(propertyType, null);
}
return(result);
}
public void Add(IThreatEventScenario scenario)
{
if (scenario == null)
{
throw new ArgumentNullException(nameof(scenario));
}
if (scenario.ThreatEvent is IThreatModelChild child && child.Model != (Instance as IThreatEvent)?.Model)
{
throw new ArgumentException();
}
if (_scenarios == null)
{
_scenarios = new List <IThreatEventScenario>();
}
_scenarios.Add(scenario);
}
public IThreatEventScenario AddScenario(IThreatActor threatActor, ISeverity severity, string name = null)
{
if (threatActor == null)
{
throw new ArgumentNullException(nameof(threatActor));
}
if (severity == null)
{
throw new ArgumentNullException(nameof(severity));
}
IThreatEventScenario result = null;
if (Instance is IThreatEvent threatEvent)
{
result = new ThreatEventScenario(threatEvent, threatActor, name)
{
Severity = severity
};
if (_scenarios == null)
{
_scenarios = new List <IThreatEventScenario>();
}
_scenarios.Add(result);
if (Instance is IDirty dirtyObject)
{
dirtyObject.SetDirty();
}
if (Instance is IThreatEventScenariosContainer container)
{
_threatEventScenarioAdded?.Invoke(container, result);
}
}
return(result);
}
public void Add(IThreatEventScenario scenario)
{
if (!(IsInitialized?.Get() ?? false))
{
return;
}
if (scenario == null)
{
throw new ArgumentNullException(nameof(scenario));
}
if (scenario.ThreatEvent is IThreatModelChild child &&
child.Model != Model?.Get())
{
throw new ArgumentException();
}
if (_scenarios == null)
{
_scenarios = new List <IThreatEventScenario>();
}
_scenarios.Add(scenario);
}
public Risk GetRisk([NotNull] IThreatEventScenario scenario)
{
return((GetProperty(scenario, Resources.RiskProperty) as IPropertyJsonSerializableObject)?.Value as Risk);
}
private List <ValidationResult> Validate([NotNull] IThreatEventScenario scenario)
{
var result = new List <ValidationResult>();
var risk = scenario.GetRisk();
if (risk != null)
{
if (risk.InDepth)
{
if (risk.LossEventFrequency == null)
{
result.Add(new ValidationResult(Resources.UndefinedLEF, true));
}
else
{
if (!risk.LossEventFrequency.IsValid)
{
result.Add(new ValidationResult(Resources.InvalidLEF, true));
}
}
if (risk.LossMagnitude == null)
{
result.Add(new ValidationResult(Resources.UndefinedLM, true));
}
else
{
if (risk.LossMagnitude.SecondaryLossEventFrequency == null)
{
result.Add(new ValidationResult(Resources.NullSLEF, true));
}
else if (!risk.LossMagnitude.SecondaryLossEventFrequency.IsValid)
{
result.Add(new ValidationResult(Resources.InvalidSLEF, true));
}
if (risk.LossMagnitude.PrimaryLosses == null)
{
result.Add(new ValidationResult(Resources.InvalidPL, true));
}
else
{
var found = false;
if (risk.LossMagnitude.PrimaryLosses.Any(
x => x.Form == LossForm.Productivity && x.IsValid))
{
found = true;
}
else
{
result.Add(new ValidationResult(
string.Format(Resources.InvalidPrimaryLoss,
LossForm.Productivity.GetEnumLabel()),
false));
}
if (risk.LossMagnitude.PrimaryLosses.Any(
x => x.Form == LossForm.Replacement && x.IsValid))
{
found = true;
}
else
{
result.Add(new ValidationResult(
string.Format(Resources.InvalidPrimaryLoss,
LossForm.Replacement.GetEnumLabel()),
false));
}
if (risk.LossMagnitude.PrimaryLosses.Any(
x => x.Form == LossForm.Response && x.IsValid))
{
found = true;
}
else
{
result.Add(new ValidationResult(
string.Format(Resources.InvalidPrimaryLoss, LossForm.Response.GetEnumLabel()),
false));
}
if (!found)
{
result.Add(new ValidationResult(Resources.NoPrimaryLoss, true));
}
}
if (risk.LossMagnitude.SecondaryLosses == null)
{
result.Add(new ValidationResult(Resources.InvalidSL, true));
}
else
{
var found = false;
if (risk.LossMagnitude.SecondaryLosses.Any(
x => x.Form == LossForm.CompetitiveAdvantage && x.IsValid))
{
found = true;
}
else
{
result.Add(new ValidationResult(
string.Format(Resources.InvalidSecondaryLoss,
LossForm.CompetitiveAdvantage.GetEnumLabel()), false));
}
if (risk.LossMagnitude.SecondaryLosses.Any(
x => x.Form == LossForm.FinesJudgements && x.IsValid))
{
found = true;
}
else
{
result.Add(new ValidationResult(
string.Format(Resources.InvalidSecondaryLoss,
LossForm.FinesJudgements.GetEnumLabel()),
false));
}
if (risk.LossMagnitude.SecondaryLosses.Any(
x => x.Form == LossForm.Reputation && x.IsValid))
{
found = true;
}
else
{
result.Add(new ValidationResult(
string.Format(Resources.InvalidSecondaryLoss,
LossForm.Reputation.GetEnumLabel()),
false));
}
if (!found)
{
result.Add(new ValidationResult(Resources.NoSecondaryLoss, true));
}
}
}
}
else
{
if (!risk.IsValid)
{
result.Add(new ValidationResult(Resources.InvalidRisk, true));
}
}
}
else
{
result.Add(new ValidationResult(Resources.NullRisk, true));
}
return(result);
}
public bool Simulate([NotNull] IThreatEventScenario scenario, out IEnumerable <ValidationResult> validationResults)
{
var result = false;
_frequencyArrays.Clear();
_magnitudeArrays.Clear();
var results = Validate(scenario);
validationResults = results;
if (!(results?.Any(x => x.IsBlockingError) ?? false))
{
var risk = scenario.GetRisk();
if (risk.InDepth && risk.LossEventFrequency.IsValid && risk.LossMagnitude.SecondaryLossEventFrequency.IsValid)
{
var primaryFrequency = GetSamples(risk.LossEventFrequency.FrequencyMin,
risk.LossEventFrequency.FrequencyMostLikely,
risk.LossEventFrequency.FrequencyMax,
risk.LossEventFrequency.FrequencyConfidence);
if (primaryFrequency != null)
{
var secondaryPercentage = GetSamples(risk.LossMagnitude.SecondaryLossEventFrequency.Minimum,
risk.LossMagnitude.SecondaryLossEventFrequency.MostLikely,
risk.LossMagnitude.SecondaryLossEventFrequency.Maximum,
risk.LossMagnitude.SecondaryLossEventFrequency.Confidence);
if (secondaryPercentage != null)
{
var primaryMagnitude = GetPrimaryLossMagnitudeSamples(risk);
if (primaryMagnitude != null)
{
var secondaryMagnitude = GetSecondaryLossMagnitudeSamples(risk);
if (secondaryMagnitude != null)
{
_frequencyArrays.Add(primaryFrequency);
var secondaryFrequency = new double[SamplesCount];
for (var i = 0; i < SamplesCount; i++)
{
secondaryFrequency[i] =
primaryFrequency[i] * secondaryPercentage[i] / 100.0;
}
_frequencyArrays.Add(secondaryFrequency);
_magnitudeArrays.Add(primaryMagnitude);
_magnitudeArrays.Add(secondaryMagnitude);
result = true;
}
else
{
results?.Add(new ValidationResult("Secondary Magnitude does not define a valid distribution", true));
}
}
else
{
results?.Add(new ValidationResult("Primary Magnitude does not define a valid distribution", true));
}
}
else
{
results?.Add(new ValidationResult(Resources.InvalidSLEFDistribution, true));
}
}
else
{
results?.Add(new ValidationResult(Resources.InvalidLEFDistribution, true));
}
}
else
{
var frequency = GetSamples(risk.FrequencyMin, risk.FrequencyMostLikely,
risk.FrequencyMax, risk.FrequencyConfidence);
var magnitude = GetSamples(risk.MagnitudeMin, risk.MagnitudeMostLikely,
risk.MagnitudeMax, risk.MagnitudeConfidence);
if (frequency != null && magnitude != null)
{
_frequencyArrays.Add(frequency);
_magnitudeArrays.Add(magnitude);
result = true;
}
}
}
return(result);
}