public void Initialize([NotNull] IThreatModel model)
{
_loading = true;
_model = model;
var normalizationReference =
(new ExtensionConfigurationManager(_model, (new ConfigurationPanelFactory()).GetExtensionId())).NormalizationReference;
if (normalizationReference == 0)
{
_labelNormalizationContainer.Visible = false;
}
else
{
_labelNormalization.Text =
$"The Acceptable Risk is going to be normalized to a reference Threat Model with {normalizationReference} objects.";
_labelNormalizationContainer.Visible = true;
}
var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model);
var estimator = schemaManager.SelectedEstimator;
_estimators.SelectedItem = estimator;
if (estimator != null)
{
RefreshParameters(estimator, schemaManager);
}
_loading = false;
}
public static float EvaluateRisk(this IThreatModel model, int normalizationReference)
{
float result = 0f;
if (model != null)
{
var riskEstimatorSchemaManager = new ResidualRiskEstimatorPropertySchemaManager(model);
var estimator = riskEstimatorSchemaManager.SelectedEstimator;
if (estimator != null)
{
result = estimator.GetRiskEvaluation(model, normalizationReference);
}
}
return(result);
}
private void ShowRoadmapStatus(RoadmapStatus status)
{
bool ok = false;
var mitigations = _model.Mitigations?.ToArray();
if (mitigations?.Any() ?? false)
{
var selectedMitigations = new List <Guid>();
switch (status)
{
case RoadmapStatus.ShortTerm:
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm);
break;
case RoadmapStatus.MidTerm:
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm);
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.MidTerm);
break;
case RoadmapStatus.LongTerm:
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm);
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.MidTerm);
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.LongTerm);
break;
}
var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model);
var projected =
schemaManager.SelectedEstimator?.GetProjectedThreatTypesResidualRisk(_model, selectedMitigations);
if (projected?.Any() ?? false)
{
_chart.RefreshChart(_model, projected);
_currentStatus = status;
_chartName.Text = status.GetEnumLabel();
ok = true;
}
}
_previous.Visible = ok;
_next.Visible = ok;
_chartName.Visible = ok;
}
public IEnumerable <ChartItem> GetChart([NotNull] IThreatModel model)
{
IEnumerable <ChartItem> result = null;
var mitigations = model.Mitigations?.ToArray();
if (mitigations?.Any() ?? false)
{
var selectedMitigations = new List <Guid>();
UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm);
var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model);
var projected = schemaManager.SelectedEstimator?.GetProjectedThreatTypesResidualRisk(model, selectedMitigations);
if (projected?.Any() ?? false)
{
result = GetChart(model, projected);
}
}
return(result);
}
private void RefreshParameters([NotNull] IResidualRiskEstimator estimator,
ResidualRiskEstimatorPropertySchemaManager schemaManager)
{
if (schemaManager == null)
{
schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model);
}
var configured = schemaManager.Parameters?.ToArray();
if (!_loading)
{
schemaManager.Infinite = estimator.DefaultInfinite;
}
var infinite = schemaManager.Infinite;
if (infinite < 0)
{
infinite = estimator.DefaultInfinite;
}
_cap.Value = infinite;
_parameters.PrimaryGrid.Rows.Clear();
var parameters = estimator.GetAcceptableRiskParameters(_model)?.ToArray();
foreach (var parameter in parameters)
{
var value = configured?
.FirstOrDefault(x => string.CompareOrdinal(parameter, x.Name) == 0)?
.Value ?? 0.0f;
var row = new GridRow(parameter, value);
_parameters.PrimaryGrid.Rows.Add(row);
}
}
private void _ok_Click(object sender, EventArgs e)
{
var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model);
var estimator = _estimators.SelectedItem as IResidualRiskEstimator;
schemaManager.SelectedEstimator = estimator;
var parameters = new List <ResidualRiskEstimatorParameter>();
var rows = _parameters.PrimaryGrid.Rows.OfType <GridRow>().ToArray();
foreach (var row in rows)
{
parameters.Add(new ResidualRiskEstimatorParameter()
{
Name = row.Cells[0].Value as string,
Value = (float)row.Cells[1].Value
});
}
schemaManager.Parameters = parameters;
schemaManager.Infinite = (float)_cap.Value;
DialogResult = DialogResult.OK;
}
private void LoadModel()
{
_loading = true;
RemoveEventSubscriptions();
_notAssessedPalette.Clear();
_shortTermPalette.Clear();
_midTermPalette.Clear();
_longTermPalette.Clear();
_noActionRequiredPalette.Clear();
var mitigations = _model?.GetUniqueMitigations()?.OrderBy(x => x.Name).ToArray();
if ((mitigations?.Any() ?? false) && _filter != null)
{
mitigations = _filter.Filter(mitigations)?.ToArray();
}
if (mitigations?.Any() ?? false)
{
var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model);
var effectivenessDict =
schemaManager.SelectedEstimator?.CategorizeMitigations(_model);
foreach (var mitigation in mitigations)
{
Effectiveness effectiveness = Effectiveness.Unknown;
if (effectivenessDict?.ContainsKey(mitigation.Id) ?? false)
{
effectiveness = effectivenessDict[mitigation.Id];
}
var status = mitigation.GetStatus(out var automatedCalculation);
var node = new RoadmapItem(mitigation, effectiveness);
if (_actions != null)
{
node.SetContextAwareActions(_actions);
}
switch (status)
{
case RoadmapStatus.NotAssessed:
_notAssessedPalette.AddNode(node);
break;
case RoadmapStatus.ShortTerm:
_shortTermPalette.AddNode(node);
break;
case RoadmapStatus.MidTerm:
_midTermPalette.AddNode(node);
break;
case RoadmapStatus.LongTerm:
_longTermPalette.AddNode(node);
break;
case RoadmapStatus.NoActionRequired:
_noActionRequiredPalette.AddNode(node);
if (automatedCalculation)
{
mitigation.SetStatus(RoadmapStatus.NoActionRequired);
}
break;
}
}
_notAssessedPalette.RefreshNodes();
_shortTermPalette.RefreshNodes();
_midTermPalette.RefreshNodes();
_longTermPalette.RefreshNodes();
_noActionRequiredPalette.RefreshNodes();
_chart.RefreshChart(_model);
}
_loading = false;
}
public IEnumerable <ChartItem> GetChart([NotNull] IThreatModel model)
{
IEnumerable <ChartItem> result = null;
var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model);
var estimator = schemaManager.SelectedEstimator;
if (estimator != null)
{
var mitigations = model.Mitigations?.ToArray();
if ((mitigations?.Any() ?? false))
{
var selectedMitigations = new List <Guid>();
var currentRisk = estimator.Estimate(model, null, out var currentMin, out var currentMax);
var current = 100f;
var shortTermMitigations = mitigations
.Where(x => x.GetStatus() == RoadmapStatus.ShortTerm)
.Select(x => x.Id)
.ToArray();
if (shortTermMitigations.Any())
{
selectedMitigations.AddRange(shortTermMitigations);
}
var shortTerm = estimator.Estimate(model, selectedMitigations, out var shortTermMin, out var shortTermMax) * 100f / currentRisk;
var midTermMitigations = mitigations
.Where(x => x.GetStatus() == RoadmapStatus.MidTerm)
.Select(x => x.Id)
.ToArray();
if (midTermMitigations.Any())
{
selectedMitigations.AddRange(midTermMitigations);
}
var midTerm = estimator.Estimate(model, selectedMitigations, out var midTermMin, out var midTermMax) * 100f / currentRisk;
var longTermMitigations = mitigations
.Where(x => x.GetStatus() == RoadmapStatus.LongTerm)
.Select(x => x.Id)
.ToArray();
if (longTermMitigations.Any())
{
selectedMitigations.AddRange(longTermMitigations);
}
var longTerm = estimator.Estimate(model, selectedMitigations, out var longTermMin, out var longTermMax) * 100f / currentRisk;
float acceptableRisk;
var parameters = schemaManager.Parameters?.ToArray();
if (parameters?.Any() ?? false)
{
var infinite = schemaManager.Infinite;
if (infinite < 0)
{
infinite = estimator.DefaultInfinite;
}
var normalizationReference =
(new ExtensionConfigurationManager(model, (new ConfigurationPanelFactory()).GetExtensionId())).NormalizationReference;
var p = parameters.ToDictionary(x => x.Name, x => x.Value);
acceptableRisk = estimator.GetAcceptableRisk(model, p, infinite, normalizationReference) * 100f / currentRisk;
}
else
{
acceptableRisk = 0f;
}
result = new List <ChartItem>
{
new ChartItem("Current", current,
current <= acceptableRisk ? KnownColor.Green : KnownColor.Red),
new ChartItem(RoadmapStatus.ShortTerm.GetEnumLabel(), shortTerm,
shortTerm <= acceptableRisk ? KnownColor.Green : KnownColor.Red),
new ChartItem(RoadmapStatus.MidTerm.GetEnumLabel(), midTerm,
midTerm <= acceptableRisk ? KnownColor.Green : KnownColor.Red),
new ChartItem(RoadmapStatus.LongTerm.GetEnumLabel(), longTerm,
longTerm <= acceptableRisk ? KnownColor.Green : KnownColor.Red)
};
}
}
return(result);
}
public void SetThreatModel(IThreatModel threatModel)
{
var schemaManager = new DevOpsConfigPropertySchemaManager(threatModel);
var iterations = schemaManager.GetIterations()?
.OrderBy(x => x.Start)
.ToArray();
if (iterations?.Any() ?? false)
{
var current = schemaManager.CurrentIteration ?? schemaManager.PreviousIteration;
float maxRisk = 0f;
if (Chart?.ChartSeries.FirstOrDefault() is ChartSeries series)
{
SeriesPoint point;
float risk = 0f;
foreach (var iteration in iterations)
{
point = new SeriesPoint(iteration.Name);
if (iteration == current)
{
var extensionId = ExtensionUtils.GetExtensionByLabel <IConfigurationPanelFactory <Form> >(
"Extensions Configuration Panel")?.GetExtensionId();
if (extensionId != null)
{
var normalizationReference = threatModel.GetExtensionConfiguration(extensionId)?
.GlobalGet <int>("normalization") ?? 0;
if (normalizationReference > 0)
{
risk = threatModel.EvaluateRisk(normalizationReference);
if (risk > 0f)
{
schemaManager.SetIterationRisk(iteration, risk);
}
}
}
}
else
{
risk = schemaManager.GetIterationRisk(iteration);
}
point.ValueY = new object[] { ((object)risk) };
series.SeriesPoints.Add(point);
if (maxRisk < risk)
{
maxRisk = risk;
}
}
}
var residualRiskSchemaManager = new ResidualRiskEstimatorPropertySchemaManager(threatModel);
var estimator = residualRiskSchemaManager.SelectedEstimator;
if (estimator != null)
{
var parameters = residualRiskSchemaManager.Parameters?.ToArray();
if (parameters?.Any() ?? false)
{
var infinite = residualRiskSchemaManager.Infinite;
if (infinite < 0)
{
infinite = estimator.DefaultInfinite;
}
var p = parameters.ToDictionary(x => x.Name, x => x.Value);
AcceptableRisk = estimator.GetAcceptableRisk(threatModel, p, infinite, 0);
}
else
{
AcceptableRisk = 0f;
}
if (AcceptableRisk > maxRisk)
{
Chart.AxisY.MaxValue = AcceptableRisk * 1.2f;
}
}
}
}
