private string GetMitigationExposure([NotNull] IMitigation mitigation) { return(_model.GetThreatEventMitigations(mitigation)? .Select(x => x.ThreatEvent.Id.ToString("N")) .OrderBy(x => x) .TagConcat()); }
public static IEnumerable <IThreatEventMitigation> GetThreatEventMitigations(this IThreatModel model, [NotNull] AnnotationsPropertySchemaManager schemaManager, [NotNull] IPropertyType propertyType, string filter, bool showOnlyOpenQuestions = false) { return(model.GetThreatEventMitigations()? .Where(x => x.HasNotesWithText(schemaManager, filter) && (showOnlyOpenQuestions ? schemaManager.HasOpenTopics(x) : x.HasProperty(propertyType))) .OrderBy(x => x.Mitigation.Name) .ThenBy(x => x.ThreatEvent.Name) .ThenBy(x => x.ThreatEvent.Parent.Name)); }
private bool Generate([NotNull] IThreatModel model) { var result = false; var schemaManager = new QuestionsPropertySchemaManager(model); var questions = schemaManager.GetQuestions()?.ToArray(); if (questions?.Any() ?? false) { var asm = new AnnotationsPropertySchemaManager(model); var pt = asm.GetAnnotationsPropertyType(); var ei = model.Entities?.OfType <IExternalInteractor>().OrderBy(x => x.Name); var p = model.Entities?.OfType <IProcess>().OrderBy(x => x.Name); var ds = model.Entities?.OfType <IDataStore>().OrderBy(x => x.Name); var f = model.DataFlows?.OrderBy(x => x.Name); var tb = model.Groups?.OfType <ITrustBoundary>().OrderBy(x => x.Name); var te = model.GetThreatEvents()?.OrderBy(x => x.Name); var tem = model.GetThreatEventMitigations()? .OrderBy(x => x.Mitigation.Name) .ThenBy(x => x.ThreatEvent.Name) .ThenBy(x => x.ThreatEvent.Parent.Name); var tt = model.ThreatTypes?.OrderBy(x => x.Name); var km = model.Mitigations?.OrderBy(x => x.Name); var sm = model.GetThreatTypeMitigations()? .OrderBy(x => x.Mitigation.Name) .ThenBy(x => x.ThreatType.Name); var et = model.EntityTemplates?.OrderBy(x => x.Name); var ft = model.FlowTemplates?.OrderBy(x => x.Name); var tbt = model.TrustBoundaryTemplates?.OrderBy(x => x.Name); foreach (var question in questions) { Generate(question, ei, asm); Generate(question, p, asm); Generate(question, ds, asm); Generate(question, f, asm); Generate(question, tb, asm); Generate(question, te, asm); Generate(question, tem, asm); Generate(question, tt, asm); Generate(question, km, asm); Generate(question, sm, asm); Generate(question, et, asm); Generate(question, ft, asm); Generate(question, tbt, asm); Generate(question, model, asm); } result = true; } return(result); }
public IEnumerable <ListItem> GetList(IThreatModel model) { IEnumerable <ListItem> result = null; var schema = new RoadmapPropertySchemaManager(model); var mitigations = model.GetUniqueMitigations()? .Where(x => schema.GetStatus(x) == RoadmapStatus.ShortTerm) .OrderBy(x => x.Name) .ToArray(); if (mitigations?.Any() ?? false) { var list = new List <ListItem>(); foreach (var mitigation in mitigations) { var items = new List <ItemRow>(); var tems = model.GetThreatEventMitigations(mitigation)?.ToArray(); if (tems?.Any() ?? false) { items.Add(new TextRow("Control Type", mitigation.ControlType.GetEnumLabel())); items.Add(new TextRow("Description", mitigation.Description)); items.Add(new TableRow("Affected Threats", new [] { new TableColumn("Object", 150), new TableColumn("Threat", 150), new TableColumn("Strength", 100), new TableColumn("Status", 100) }, GetAffectedThreatsCells(tems))); items.Add(new TableRow("Directives", new[] { new TableColumn("Object", 150), new TableColumn("Directives", 350), }, GetDirectivesCells(tems))); var itemRows = mitigation.GetItemRows()?.ToArray(); if (itemRows?.Any() ?? false) { items.AddRange(itemRows); } list.Add(new ListItem(mitigation.Name, mitigation.Id, items)); } } result = list; } return(result); }
public void RefreshChart([NotNull] IThreatModel model) { if (_chart.ChartPanel.ChartContainers[0] is PieChart pieChart) { pieChart.ChartSeries[0].SeriesPoints.Clear(); var total = model.GetThreatEventMitigations()?.Count() ?? 0; if (total > 0) { AddSlice(pieChart, model, MitigationStatus.Undefined, total, Color.Black); AddSlice(pieChart, model, MitigationStatus.Existing, total, Color.Green); AddSlice(pieChart, model, MitigationStatus.Implemented, total, Color.Olive); AddSlice(pieChart, model, MitigationStatus.Proposed, total, Color.Orange); AddSlice(pieChart, model, MitigationStatus.Approved, total, Color.Yellow); AddSlice(pieChart, model, MitigationStatus.Planned, total, Color.YellowGreen); } } }
public IEnumerable <ListItem> GetList(IThreatModel model) { IEnumerable <ListItem> result = null; var schema = new RoadmapPropertySchemaManager(model); var mitigations = model.GetUniqueMitigations()? .Where(x => schema.GetStatus(x) == RoadmapStatus.LongTerm) .OrderBy(x => x.Name) .ToArray(); if (mitigations?.Any() ?? false) { var list = new List <ListItem>(); foreach (var mitigation in mitigations) { var items = new List <ItemRow>(); var tems = model.GetThreatEventMitigations(mitigation)?.ToArray(); if (tems?.Any() ?? false) { items.Add(new TextRow("Control Type", mitigation.ControlType.GetEnumLabel())); items.Add(new TextRow("Description", mitigation.Description)); var itemRows = mitigation.GetItemRows()?.ToArray(); if (itemRows?.Any() ?? false) { items.AddRange(itemRows); } list.Add(new ListItem(mitigation.Name, mitigation.Id, items)); } } result = list; } return(result); }
private static async Task <int> UpdateMitigationsAsync([NotNull] IThreatModel model, [NotNull] IDevOpsConnector connector) { int result = 0; var schemaManager = new DevOpsPropertySchemaManager(model); var mitigations = model.GetUniqueMitigations()? .ToDictionary(x => x, x => schemaManager.GetDevOpsInfo(x, connector)) .ToArray(); if (mitigations?.Any() ?? false) { var infos = await connector .GetWorkItemsInfoAsync(mitigations .Select(x => x.Value?.Id ?? -1) .Where(x => x >= 0) ); if (infos != null) { foreach (var info in infos) { var pairs = mitigations .Where(x => x.Value != null && x.Value.Id == info.Id) .ToArray(); if (pairs.Any()) { var pair = pairs.FirstOrDefault(); if (pair.Value.Status != info.Status || string.CompareOrdinal(pair.Value.AssignedTo, info.AssignedTo) != 0) { schemaManager.SetDevOpsStatus(pair.Key, connector, info.Id, info.Url, info.AssignedTo, info.Status); result++; } MitigationStatus status; switch (info.Status) { case WorkItemStatus.Created: status = MitigationStatus.Approved; break; case WorkItemStatus.Planned: status = MitigationStatus.Planned; break; case WorkItemStatus.InProgress: status = MitigationStatus.Planned; break; case WorkItemStatus.Done: status = MitigationStatus.Implemented; break; default: status = MitigationStatus.Proposed; break; } var tems = model.GetThreatEventMitigations(pair.Key); if (tems?.Any() ?? false) { foreach (var tem in tems) { if (tem.Status != status) { tem.Status = status; } } } } } } var missing = mitigations.Where(x => x.Value != null && (infos?.All(y => y.Id != x.Value.Id) ?? true)).ToArray(); if (missing.Any()) { foreach (var m in missing) { schemaManager.RemoveDevOpsInfos(m.Key); } } } return(result); }
private void _objectTypes_SelectedValueChanged(object sender, EventArgs e) { if (_objectTypes.SelectedItem is string selected) { _objects.Items.Clear(); _imageList.Images.Clear(); _properties.Item = null; ChangeCustomActionStatus?.Invoke("AddNotes", false); ChangeCustomActionStatus?.Invoke("AddTopic", false); ChangeCustomActionStatus?.Invoke("AddHighlight", false); ChangeCustomActionStatus?.Invoke("RemoveNotes", false); ChangeCustomActionStatus?.Invoke("RemoveTopic", false); ChangeCustomActionStatus?.Invoke("RemoveHighlight", false); RemoveButtons(); _annotation.Annotation = null; switch (selected) { case "External Interactors": AddObjects(_model.GetExternalInteractors(_schemaManager, _propertyType, _filter.Text), true); break; case "Processes": AddObjects(_model.GetProcesses(_schemaManager, _propertyType, _filter.Text), true); break; case "Data Stores": AddObjects(_model.GetDataStores(_schemaManager, _propertyType, _filter.Text), true); break; case "Flows": AddObjects(_model.GetFlows(_schemaManager, _propertyType, _filter.Text)); break; case "Trust Boundaries": AddObjects(_model.GetTrustBoundaries(_schemaManager, _propertyType, _filter.Text)); break; case "Threat Events": AddObjects(_model.GetThreatEvents(_schemaManager, _propertyType, _filter.Text)); break; case "Threat Event Mitigations": var tems = _model.GetThreatEventMitigations(_schemaManager, _propertyType, _filter.Text)? .Where(x => x is IPropertiesContainer container && ((_show == WhatToShow.All && (_schemaManager.HasNotes(container) || _schemaManager.HasTopics(container) || _schemaManager.HasHighlights(container))) || (_show == WhatToShow.OpenTopicsOnly && _schemaManager.HasOpenTopics(container)) || (_show == WhatToShow.HighlightsOnly && _schemaManager.HasHighlights(container)))) .ToArray(); if (tems?.Any() ?? false) { bool first = true; foreach (var tem in tems) { if (first) { _imageList.Images.Add(Icons.Resources.mitigations_small); first = false; } _objects.Items.Add(new ListViewItem(tem.Mitigation.Name, 0) { ToolTipText = $"'{tem.Mitigation.Name}' for '{tem.ThreatEvent.Name}' on '{tem.ThreatEvent.Parent.Name}'", Tag = tem }); } } break; case "Threat Types": AddObjects(_model.GetThreatTypes(_schemaManager, _propertyType, _filter.Text)); break; case "Known Mitigations": AddObjects(_model.GetKnownMitigations(_schemaManager, _propertyType, _filter.Text)); break; case "Standard Mitigations": var sms = _model.GetStandardMitigations(_schemaManager, _propertyType, _filter.Text)? .Where(x => x is IPropertiesContainer container && ((_show == WhatToShow.All && (_schemaManager.HasNotes(container) || _schemaManager.HasTopics(container) || _schemaManager.HasHighlights(container))) || (_show == WhatToShow.OpenTopicsOnly && _schemaManager.HasOpenTopics(container)) || (_show == WhatToShow.HighlightsOnly && _schemaManager.HasHighlights(container)))) .ToArray(); if (sms?.Any() ?? false) { bool first = true; foreach (var sm in sms) { if (first) { _imageList.Images.Add(Icons.Resources.standard_mitigations_small); first = false; } _objects.Items.Add(new ListViewItem(sm.Mitigation.Name, 0) { ToolTipText = $"'{sm.Mitigation.Name}' for '{sm.ThreatType.Name}'", Tag = sm }); } } break; case "Entity Templates": AddObjects(_model.GetEntityTemplates(_schemaManager, _propertyType, _filter.Text), true); break; case "Flow Templates": AddObjects(_model.GetFlowTemplates(_schemaManager, _propertyType, _filter.Text)); break; case "Trust Boundary Templates": AddObjects(_model.GetTrustBoundaryTemplates(_schemaManager, _propertyType, _filter.Text)); break; case "Diagrams": AddObjects(_model.GetDiagrams(_schemaManager, _propertyType, _filter.Text)); break; case "Threat Model": AddObject(_model); break; } _objects.AutoResizeColumn(0, ColumnHeaderAutoResizeStyle.ColumnContent); } }