private GridRow AddGridRow([NotNull] IThreatType threatType,
[NotNull] IEnumerable <IThreatEvent> threatEvents, [NotNull] GridPanel panel)
{
var row = new GridRow(
threatType.Name,
threatEvents
.Select(x => x.Severity)
.OrderByDescending(x => x, new SeverityComparer())
.FirstOrDefault());
((INotifyPropertyChanged)threatType).PropertyChanged += OnThreatTypePropertyChanged;
row.Tag = threatType;
row.Cells[0].CellStyles.Default.Image = threatType.GetImage(ImageSize.Small);
panel.Rows.Add(row);
for (int i = 0; i < row.Cells.Count; i++)
{
row.Cells[i].PropertyChanged += OnThreatTypeCellChanged;
}
var subPanel = CreateThreatEventsPanel(threatType, threatEvents);
if (subPanel != null)
{
row.Rows.Add(subPanel);
}
return(row);
}
private bool IsSelected([NotNull] IThreatType item, string filter,
AutoThreatTypeListFilter filterSpecial, string filterRule)
{
bool result;
var mitigations = item.Mitigations?.Where(x => x != null).ToArray();
if (string.IsNullOrWhiteSpace(filter))
{
result = true;
}
else
{
result = item.Filter(filter);
if (!result && (mitigations?.Any() ?? false))
{
foreach (var mitigation in mitigations)
{
result = mitigation.Mitigation.Filter(filter);
if (result)
{
break;
}
}
}
}
if (result)
{
switch (filterSpecial)
{
case AutoThreatTypeListFilter.NoGenRule:
result = !HasSelectionRule(item);
break;
case AutoThreatTypeListFilter.NoMitigationGenRule:
result = !(item.Mitigations?.All(HasSelectionRule) ?? true);
break;
}
}
if (result && _ruleFilter.Checked && !string.IsNullOrWhiteSpace(filterRule))
{
result = FilterRule(item, filterRule);
if (!result && (mitigations?.Any() ?? false))
{
foreach (var mitigation in mitigations)
{
result = FilterRule(mitigation.Mitigation, filterRule);
if (result)
{
break;
}
}
}
}
return(result);
}
public void Initialize([NotNull] IThreatType threatType)
{
_threatType = threatType;
_model = threatType.Model;
_standardMitigationsContainer.Visible = false;
InitializeGrid(false);
InitializeItem(threatType);
var existingMitigations = threatType.Mitigations?.ToArray();
var mitigations = _model?.Mitigations?.OrderBy(x => x.Name);
if (mitigations != null)
{
var defaultStrength = _model.GetStrength((int)DefaultStrength.Average);
foreach (var mitigation in mitigations)
{
var existingMitigation = existingMitigations?.FirstOrDefault(x => x.MitigationId == mitigation.Id);
var row = new GridRow(mitigation.Name,
mitigation.ControlType.GetEnumLabel(),
existingMitigation?.Strength ?? defaultStrength);
row.Tag = mitigation;
row.Checked = existingMitigation != null;
_grid.PrimaryGrid.Rows.Add(row);
}
}
}
private GridRow AddGridRow([NotNull] IThreatType threatType, [NotNull] GridPanel panel)
{
bool rule = HasSelectionRule(threatType);
var row = new GridRow(
threatType.Name,
rule ? "Edit Rule" : "Create Rule");
((INotifyPropertyChanged)threatType).PropertyChanged += OnThreatTypePropertyChanged;
threatType.PropertyValueChanged += OnThreatTypePropertyValueChanged;
row.Tag = threatType;
UpdateMitigationLevel(threatType, row);
panel.Rows.Add(row);
row.Cells[0].PropertyChanged += OnThreatTypeCellChanged;
threatType.ThreatTypeMitigationAdded += OnThreatTypeMitigationAdded;
threatType.ThreatTypeMitigationRemoved += OnThreatTypeMitigationRemoved;
if (threatType.Mitigations?.Any() ?? false)
{
var subPanel = CreateMitigationsPanel(threatType);
if (subPanel != null)
{
row.Rows.Add(subPanel);
}
}
return(row);
}
public IThreatEvent AddThreatEvent(IThreatType threatType)
{
if (!(IsInitialized?.Get() ?? false))
{
return(null);
}
IThreatEvent result = null;
var threatEventsContainer = ThreatEventsContainer?.Get();
if ((_threatEvents?.All(x => x.ThreatTypeId != threatType.Id) ?? true) &&
threatEventsContainer is IIdentity identity)
{
result = new ThreatEvent(Model?.Get(), threatType, identity);
if (_threatEvents == null)
{
_threatEvents = new List <IThreatEvent>();
}
_threatEvents.Add(result);
Dirty.IsDirty = true;
_threatEventAdded?.Invoke(threatEventsContainer, result);
}
return(result);
}
private static bool ApplyThreatType([NotNull] IIdentity identity,
[NotNull] IThreatType threatType, [NotNull] IJsonSerializableObjectPropertyType propertyType)
{
bool result = false;
var property = threatType.GetProperty(propertyType);
if (property is IPropertyJsonSerializableObject jsonProperty &&
jsonProperty.Value is SelectionRule rule && rule.Evaluate(identity) &&
identity is IThreatEventsContainer container)
{
var threatEvent = container.AddThreatEvent(threatType);
if (threatEvent == null)
{
threatEvent = container.ThreatEvents.FirstOrDefault(x => x.ThreatTypeId == threatType.Id);
}
else
{
result = true;
}
if (threatEvent != null)
{
result |= threatEvent.ApplyMitigations(propertyType);
}
}
return(result);
}
public ThreatTypeMitigationSelectionDialog([NotNull] IThreatType threatType) : this()
{
_threatType = threatType;
_threatTypeName.Text = threatType.Name;
var strengths = _threatType.Model?.Strengths?.ToArray();
if (strengths?.Any() ?? false)
{
_strength.Items.AddRange(strengths);
_strengthExisting.Items.AddRange(strengths);
}
var alreadyIncludedMitigations = threatType.Mitigations?.ToArray();
var mitigations = threatType.Model?.Mitigations?
.Where(x => !(alreadyIncludedMitigations?.Any(y => y.MitigationId == x.Id) ?? false))
.OrderBy(x => x.Name)
.ToArray();
if (mitigations?.Any() ?? false)
{
_existingMitigation.Items.AddRange(mitigations);
_existingMitigation.Tag = mitigations;
}
else
{
_createNew.Checked = true;
_associateExisting.Enabled = false;
EnableControls();
}
}
private static bool ApplyThreatType([NotNull] IIdentity identity,
[NotNull] IThreatType threatType, [NotNull] SelectionRule rule)
{
bool result = false;
if (rule.Evaluate(identity) && identity is IThreatEventsContainer container)
{
var threatEvent = container.AddThreatEvent(threatType);
if (threatEvent == null)
{
threatEvent = container.ThreatEvents.FirstOrDefault(x => x.ThreatTypeId == threatType.Id);
}
else
{
result = true;
}
if (threatEvent != null)
{
result |= threatEvent.ApplyMitigations();
}
}
return(result);
}
private GridRow AddGridRow([NotNull] IThreatType threatType, [NotNull] GridPanel panel)
{
var row = new GridRow(
threatType.Name,
threatType.Severity);
((INotifyPropertyChanged)threatType).PropertyChanged += OnThreatTypePropertyChanged;
row.Tag = threatType;
UpdateMitigationLevel(threatType, row);
panel.Rows.Add(row);
for (int i = 0; i < row.Cells.Count; i++)
{
row.Cells[i].PropertyChanged += OnThreatTypeCellChanged;
}
threatType.ThreatTypeMitigationAdded += OnThreatTypeMitigationAdded;
threatType.ThreatTypeMitigationRemoved += OnThreatTypeMitigationRemoved;
if (threatType.Mitigations?.Any() ?? false)
{
var subPanel = CreateMitigationsPanel(threatType);
if (subPanel != null)
{
row.Rows.Add(subPanel);
}
}
return(row);
}
public IThreatEvent AddThreatEvent(IThreatType threatType)
{
IThreatEvent result = null;
if (threatType != null && Instance is IIdentity identity)
{
IThreatModel model = (Instance as IThreatModel) ?? (Instance as IThreatModelChild)?.Model;
if (model != null)
{
if (_threatEvents?.All(x => x.ThreatTypeId != threatType.Id) ?? true)
{
result = new ThreatEvent(model, threatType, identity);
if (_threatEvents == null)
{
_threatEvents = new List <IThreatEvent>();
}
_threatEvents.Add(result);
if (Instance is IDirty dirtyObject)
{
dirtyObject.SetDirty();
}
if (Instance is IThreatEventsContainer container)
{
_threatEventAdded?.Invoke(container, result);
}
}
}
}
return(result);
}
public Row([NotNull] IThreatType threatType, [NotNull] ISeverity severity, IEnumerable <IThreatEventMitigation> mitigations)
{
RowType = RowType.ThreatType;
Values = new [] { threatType.Name, severity.Name, null };
Identity = threatType;
SeverityTextColor = severity.TextColor;
SeverityBackColor = severity.BackColor;
Mitigations = mitigations;
}
private GraphThreatTypeNode CreateNode([NotNull] IThreatType threatType, ref float width, ref float height)
{
var result = new GraphThreatTypeNode(threatType);
width = Math.Max(width, result.Width);
height = Math.Max(height, result.Height);
return(result);
}
private GridPanel CreateMitigationsPanel([NotNull] IThreatType threatType)
{
GridPanel result = null;
if (!string.IsNullOrWhiteSpace(threatType.Name))
{
result = new GridPanel
{
Name = "Mitigations",
AllowRowDelete = false,
AllowRowInsert = false,
AllowRowResize = true,
ShowRowDirtyMarker = false,
ShowTreeButtons = false,
ShowTreeLines = false,
ShowRowHeaders = false,
InitialSelection = RelativeSelection.None,
};
result.Columns.Add(new GridColumn("Name")
{
HeaderText = "Mitigation Name",
AutoSizeMode = ColumnAutoSizeMode.Fill,
DataType = typeof(string),
AllowEdit = false
});
result.Columns.Add(new GridColumn("AutoGenRule")
{
HeaderText = "Automatic Threat Generation Rule",
DataType = typeof(string),
Width = 200,
EditorType = typeof(GridButtonXEditControl)
});
var bc = result.Columns["AutoGenRule"].EditControl as GridButtonXEditControl;
if (bc != null)
{
bc.Click += BcMitigationButtonClick;
}
var mitigations = threatType.Mitigations?
.OrderBy(x => x.Mitigation.Name)
.ToArray();
if (mitigations?.Any() ?? false)
{
foreach (var mitigation in mitigations)
{
AddGridRow(mitigation, result);
}
}
}
return(result);
}
public ThreatTypeMitigation([NotNull] IThreatModel model, [NotNull] IThreatType threatType,
[NotNull] IMitigation mitigation, IStrength strength) : this()
{
_model = model;
_modelId = model.Id;
_threatTypeId = threatType.Id;
_threatType = threatType;
_mitigationId = mitigation.Id;
_mitigation = mitigation;
Strength = strength;
}
private void _ok_Click(object sender, EventArgs e)
{
if (IsValid())
{
_threatType = _model.AddThreatType(_name.Text, _severity.SelectedItem as ISeverity);
if (!string.IsNullOrWhiteSpace(_description.Text))
{
_threatType.Description = _description.Text;
}
}
}
public void Add([NotNull] IThreatType threatType)
{
if (_threatTypes == null)
{
_threatTypes = new List <IThreatType>();
}
_threatTypes.Add(threatType);
SetDirty();
ChildCreated?.Invoke(threatType);
}
private void _ok_Click(object sender, EventArgs e)
{
if (_createNew.Checked && !string.IsNullOrWhiteSpace(_name.Text) &&
_severity.SelectedItem is ISeverity severity)
{
_threatType = _model.AddThreatType(_name.Text, severity);
if (_threatType != null)
{
_threatType.Description = _description.Text;
}
}
}
public SelectSeverityDialog([NotNull] IThreatType threatType) : this()
{
_threatTypeName.Text = threatType.Name;
if (threatType.Model is IThreatModel model)
{
var severities = model.Severities?.Where(x => x.Visible).ToArray();
if (severities?.Any() ?? false)
{
_severities.Items.AddRange(severities);
}
}
}
public IThreatType AddThreatType([Required] string name, [NotNull] ISeverity severity)
{
IThreatType result = null;
if (GetThreatType(name) == null)
{
result = new ThreatType(this, name, severity);
Add(result);
RegisterEvents(result);
}
return(result);
}
private void RemoveRelated([NotNull] IThreatType threatType)
{
RemoveRelatedForEntities(threatType);
RemoveRelatedForDataFlows(threatType);
var events = ThreatEvents?.Where(x => x.ThreatTypeId == threatType.Id).ToArray();
if (events?.Any() ?? false)
{
foreach (var threatEvent in events)
{
RemoveThreatEvent(threatEvent.Id);
}
}
}
public void Add([NotNull] IThreatType threatType)
{
if (_threatTypes == null)
{
_threatTypes = new List <IThreatType>();
}
_threatTypes.Add(threatType);
if (this == ThreatModelManager.Model)
{
Dirty.IsDirty = true;
ChildCreated?.Invoke(threatType);
}
}
/// <summary>
/// Get the maximum severity applied to the Threat Events derived from the specific Threat Type.
/// </summary>
/// <param name="threatType">Threat Type to be analyzed.</param>
/// <returns>Maximum severity applied to Threat Events derived from the Threat Type.</returns>
public static ISeverity GetTopSeverity(this IThreatType threatType)
{
ISeverity result = null;
var model = threatType.Model;
if (model != null)
{
var modelTe = model.ThreatEvents?.Where(x => x.ThreatTypeId == threatType.Id)
.OrderByDescending(x => x.SeverityId).FirstOrDefault();
if (modelTe != null)
{
result = modelTe.Severity;
}
var entitiesTe = model.Entities?
.Select(e => e.ThreatEvents?.Where(x => x.ThreatTypeId == threatType.Id)
.OrderByDescending(x => x.SeverityId).FirstOrDefault())
.Where(x => x != null).ToArray();
if (entitiesTe?.Any() ?? false)
{
foreach (var entityTe in entitiesTe)
{
if (result == null || entityTe.SeverityId > result.Id)
{
result = entityTe.Severity;
}
}
}
var flowsTe = model.DataFlows?
.Select(e => e.ThreatEvents?.Where(x => x.ThreatTypeId == threatType.Id)
.OrderByDescending(x => x.SeverityId).FirstOrDefault())
.Where(x => x != null).ToArray();
if (flowsTe?.Any() ?? false)
{
foreach (var flowTe in flowsTe)
{
if (result == null || flowTe.SeverityId > result.Id)
{
result = flowTe.Severity;
}
}
}
}
return(result);
}
private void CreateGenerationRule([NotNull] ThreatModel model,
[NotNull] ThreatType source, [NotNull] IThreatType target)
{
SelectionRuleNode include = AnalyzeGenerationRule(model, target.Model, source.IncludeFilter);
SelectionRuleNode exclude = AnalyzeGenerationRule(model, target.Model, source.ExcludeFilter);
SelectionRule rule = null;
var andNode = new AndRuleNode()
{
Name = "AND"
};
if (include != null)
{
andNode.Children.Add(include);
}
if (exclude != null)
{
andNode.Children.Add(new NotRuleNode()
{
Name = "NOT",
Child = exclude
});
}
if (andNode.Children.Any())
{
andNode.Children.Add(new BooleanRuleNode("Out of Scope", Resources.DefaultNamespace, Resources.TmtFlowPropertySchema, false)
{
Scope = AutoThreatGeneration.Engine.Scope.Object
});
rule = new SelectionRule()
{
Root = andNode
};
var schemaManager = new AutoThreatGenPropertySchemaManager(target.Model);
var propertyType = schemaManager.GetPropertyType();
var property = target.GetProperty(propertyType) ?? target.AddProperty(propertyType, null);
if (property is IPropertyJsonSerializableObject jsonSerializableObject)
{
jsonSerializableObject.Value = rule;
}
}
}
private GridRow GetRow([NotNull] IThreatType threatType)
{
GridRow result = null;
var rows = _grid.PrimaryGrid.Rows.OfType <GridRow>().ToArray();
foreach (var row in rows)
{
if (row.Tag == threatType)
{
result = row;
break;
}
}
return(result);
}
private static void UpdateMitigationLevel([NotNull] IThreatType threatType, [NotNull] GridRow row)
{
switch (threatType.GetMitigationLevel())
{
case MitigationLevel.NotMitigated:
row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_small;
break;
case MitigationLevel.Partial:
row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_orange_small;
break;
case MitigationLevel.Complete:
row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_green_small;
break;
}
}
private bool IsSelected([NotNull] IThreatType item, string filter, ThreatTypeListFilter filterSpecial)
{
bool result;
var mitigations = item.Mitigations?.ToArray();
if (string.IsNullOrWhiteSpace(filter))
{
result = true;
}
else
{
result = item.Filter(filter);
if (!result && (mitigations?.Any() ?? false))
{
foreach (var mitigation in mitigations)
{
result = mitigation.Mitigation?.Filter(filter) ?? false;
if (result)
{
break;
}
}
}
}
if (result)
{
switch (filterSpecial)
{
case ThreatTypeListFilter.NoMitigations:
result = !(item.Mitigations?.Any() ?? false);
break;
case ThreatTypeListFilter.NoThreatEvents:
result = !((_model.ThreatEvents?.Any(x => x.ThreatTypeId == item.Id) ?? false) ||
(_model.Entities?.Any(x => x.ThreatEvents?.Any(y => y.ThreatTypeId == item.Id) ?? false) ?? false) ||
(_model.DataFlows?.Any(x => x.ThreatEvents?.Any(y => y.ThreatTypeId == item.Id) ?? false) ?? false));
break;
}
}
return(result);
}
public GraphThreatTypeNode([NotNull] IThreatType threatType)
{
ThreatType = threatType;
Text = threatType.Name;
Label = new GoText()
{
Text = threatType.Name,
Selectable = false,
Width = 500,
Wrapping = false,
StringTrimming = StringTrimming.EllipsisCharacter,
TextColor = Color.White,
FontSize = 9
};
Shape.BrushColor = ThreatModelManager.ThreatsColor;
ToolTipText = threatType.Name;
}
private int Matches([NotNull] IThreatType threatType, [Required] string filter)
{
int result = 0;
if ((threatType.Name?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0)
{
result++;
}
if ((threatType.Description?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0)
{
result++;
}
var properties = threatType.Properties?.ToArray();
if (properties?.Any() ?? false)
{
foreach (var property in properties)
{
if ((property.StringValue?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0)
{
result++;
}
if (property is IPropertyTokens propertyTokens)
{
var values = propertyTokens.Value?.ToArray();
if (values?.Any() ?? false)
{
foreach (var value in values)
{
if (string.Compare(filter, value, StringComparison.OrdinalIgnoreCase) == 0)
{
result += 10;
break;
}
}
}
}
}
}
return(result);
}
private void RemoveRelatedForDataFlows([NotNull] IThreatType threatType)
{
var dataFlows = _dataFlows?.ToArray();
if (dataFlows?.Any() ?? false)
{
foreach (var dataFlow in dataFlows)
{
var events = dataFlow.ThreatEvents?.Where(x => x.ThreatTypeId == threatType.Id).ToArray();
if (events?.Any() ?? false)
{
foreach (var threatEvent in events)
{
dataFlow.RemoveThreatEvent(threatEvent.Id);
}
}
}
}
}
private void RemoveRelatedForEntities([NotNull] IThreatType threatType)
{
var entities = _entities?.ToArray();
if (entities?.Any() ?? false)
{
foreach (var entity in entities)
{
var events = entity.ThreatEvents?.Where(x => x.ThreatTypeId == threatType.Id).ToArray();
if (events?.Any() ?? false)
{
foreach (var threatEvent in events)
{
entity.RemoveThreatEvent(threatEvent.Id);
}
}
}
}
}
