public void Initialize([NotNull] IThreatModel model) { _loading = true; _model = model; var normalizationReference = (new ExtensionConfigurationManager(_model, (new ConfigurationPanelFactory()).GetExtensionId())).NormalizationReference; if (normalizationReference == 0) { _labelNormalizationContainer.Visible = false; } else { _labelNormalization.Text = $"The Acceptable Risk is going to be normalized to a reference Threat Model with {normalizationReference} objects."; _labelNormalizationContainer.Visible = true; } var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model); var estimator = schemaManager.SelectedEstimator; _estimators.SelectedItem = estimator; if (estimator != null) { RefreshParameters(estimator, schemaManager); } _loading = false; }
public static float EvaluateRisk(this IThreatModel model, int normalizationReference) { float result = 0f; if (model != null) { var riskEstimatorSchemaManager = new ResidualRiskEstimatorPropertySchemaManager(model); var estimator = riskEstimatorSchemaManager.SelectedEstimator; if (estimator != null) { result = estimator.GetRiskEvaluation(model, normalizationReference); } } return(result); }
private void ShowRoadmapStatus(RoadmapStatus status) { bool ok = false; var mitigations = _model.Mitigations?.ToArray(); if (mitigations?.Any() ?? false) { var selectedMitigations = new List <Guid>(); switch (status) { case RoadmapStatus.ShortTerm: UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm); break; case RoadmapStatus.MidTerm: UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm); UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.MidTerm); break; case RoadmapStatus.LongTerm: UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm); UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.MidTerm); UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.LongTerm); break; } var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model); var projected = schemaManager.SelectedEstimator?.GetProjectedThreatTypesResidualRisk(_model, selectedMitigations); if (projected?.Any() ?? false) { _chart.RefreshChart(_model, projected); _currentStatus = status; _chartName.Text = status.GetEnumLabel(); ok = true; } } _previous.Visible = ok; _next.Visible = ok; _chartName.Visible = ok; }
public IEnumerable <ChartItem> GetChart([NotNull] IThreatModel model) { IEnumerable <ChartItem> result = null; var mitigations = model.Mitigations?.ToArray(); if (mitigations?.Any() ?? false) { var selectedMitigations = new List <Guid>(); UpdateSelectedMitigations(selectedMitigations, mitigations, RoadmapStatus.ShortTerm); var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model); var projected = schemaManager.SelectedEstimator?.GetProjectedThreatTypesResidualRisk(model, selectedMitigations); if (projected?.Any() ?? false) { result = GetChart(model, projected); } } return(result); }
private void RefreshParameters([NotNull] IResidualRiskEstimator estimator, ResidualRiskEstimatorPropertySchemaManager schemaManager) { if (schemaManager == null) { schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model); } var configured = schemaManager.Parameters?.ToArray(); if (!_loading) { schemaManager.Infinite = estimator.DefaultInfinite; } var infinite = schemaManager.Infinite; if (infinite < 0) { infinite = estimator.DefaultInfinite; } _cap.Value = infinite; _parameters.PrimaryGrid.Rows.Clear(); var parameters = estimator.GetAcceptableRiskParameters(_model)?.ToArray(); foreach (var parameter in parameters) { var value = configured? .FirstOrDefault(x => string.CompareOrdinal(parameter, x.Name) == 0)? .Value ?? 0.0f; var row = new GridRow(parameter, value); _parameters.PrimaryGrid.Rows.Add(row); } }
private void _ok_Click(object sender, EventArgs e) { var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model); var estimator = _estimators.SelectedItem as IResidualRiskEstimator; schemaManager.SelectedEstimator = estimator; var parameters = new List <ResidualRiskEstimatorParameter>(); var rows = _parameters.PrimaryGrid.Rows.OfType <GridRow>().ToArray(); foreach (var row in rows) { parameters.Add(new ResidualRiskEstimatorParameter() { Name = row.Cells[0].Value as string, Value = (float)row.Cells[1].Value }); } schemaManager.Parameters = parameters; schemaManager.Infinite = (float)_cap.Value; DialogResult = DialogResult.OK; }
private void LoadModel() { _loading = true; RemoveEventSubscriptions(); _notAssessedPalette.Clear(); _shortTermPalette.Clear(); _midTermPalette.Clear(); _longTermPalette.Clear(); _noActionRequiredPalette.Clear(); var mitigations = _model?.GetUniqueMitigations()?.OrderBy(x => x.Name).ToArray(); if ((mitigations?.Any() ?? false) && _filter != null) { mitigations = _filter.Filter(mitigations)?.ToArray(); } if (mitigations?.Any() ?? false) { var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(_model); var effectivenessDict = schemaManager.SelectedEstimator?.CategorizeMitigations(_model); foreach (var mitigation in mitigations) { Effectiveness effectiveness = Effectiveness.Unknown; if (effectivenessDict?.ContainsKey(mitigation.Id) ?? false) { effectiveness = effectivenessDict[mitigation.Id]; } var status = mitigation.GetStatus(out var automatedCalculation); var node = new RoadmapItem(mitigation, effectiveness); if (_actions != null) { node.SetContextAwareActions(_actions); } switch (status) { case RoadmapStatus.NotAssessed: _notAssessedPalette.AddNode(node); break; case RoadmapStatus.ShortTerm: _shortTermPalette.AddNode(node); break; case RoadmapStatus.MidTerm: _midTermPalette.AddNode(node); break; case RoadmapStatus.LongTerm: _longTermPalette.AddNode(node); break; case RoadmapStatus.NoActionRequired: _noActionRequiredPalette.AddNode(node); if (automatedCalculation) { mitigation.SetStatus(RoadmapStatus.NoActionRequired); } break; } } _notAssessedPalette.RefreshNodes(); _shortTermPalette.RefreshNodes(); _midTermPalette.RefreshNodes(); _longTermPalette.RefreshNodes(); _noActionRequiredPalette.RefreshNodes(); _chart.RefreshChart(_model); } _loading = false; }
public IEnumerable <ChartItem> GetChart([NotNull] IThreatModel model) { IEnumerable <ChartItem> result = null; var schemaManager = new ResidualRiskEstimatorPropertySchemaManager(model); var estimator = schemaManager.SelectedEstimator; if (estimator != null) { var mitigations = model.Mitigations?.ToArray(); if ((mitigations?.Any() ?? false)) { var selectedMitigations = new List <Guid>(); var currentRisk = estimator.Estimate(model, null, out var currentMin, out var currentMax); var current = 100f; var shortTermMitigations = mitigations .Where(x => x.GetStatus() == RoadmapStatus.ShortTerm) .Select(x => x.Id) .ToArray(); if (shortTermMitigations.Any()) { selectedMitigations.AddRange(shortTermMitigations); } var shortTerm = estimator.Estimate(model, selectedMitigations, out var shortTermMin, out var shortTermMax) * 100f / currentRisk; var midTermMitigations = mitigations .Where(x => x.GetStatus() == RoadmapStatus.MidTerm) .Select(x => x.Id) .ToArray(); if (midTermMitigations.Any()) { selectedMitigations.AddRange(midTermMitigations); } var midTerm = estimator.Estimate(model, selectedMitigations, out var midTermMin, out var midTermMax) * 100f / currentRisk; var longTermMitigations = mitigations .Where(x => x.GetStatus() == RoadmapStatus.LongTerm) .Select(x => x.Id) .ToArray(); if (longTermMitigations.Any()) { selectedMitigations.AddRange(longTermMitigations); } var longTerm = estimator.Estimate(model, selectedMitigations, out var longTermMin, out var longTermMax) * 100f / currentRisk; float acceptableRisk; var parameters = schemaManager.Parameters?.ToArray(); if (parameters?.Any() ?? false) { var infinite = schemaManager.Infinite; if (infinite < 0) { infinite = estimator.DefaultInfinite; } var normalizationReference = (new ExtensionConfigurationManager(model, (new ConfigurationPanelFactory()).GetExtensionId())).NormalizationReference; var p = parameters.ToDictionary(x => x.Name, x => x.Value); acceptableRisk = estimator.GetAcceptableRisk(model, p, infinite, normalizationReference) * 100f / currentRisk; } else { acceptableRisk = 0f; } result = new List <ChartItem> { new ChartItem("Current", current, current <= acceptableRisk ? KnownColor.Green : KnownColor.Red), new ChartItem(RoadmapStatus.ShortTerm.GetEnumLabel(), shortTerm, shortTerm <= acceptableRisk ? KnownColor.Green : KnownColor.Red), new ChartItem(RoadmapStatus.MidTerm.GetEnumLabel(), midTerm, midTerm <= acceptableRisk ? KnownColor.Green : KnownColor.Red), new ChartItem(RoadmapStatus.LongTerm.GetEnumLabel(), longTerm, longTerm <= acceptableRisk ? KnownColor.Green : KnownColor.Red) }; } } return(result); }
public void SetThreatModel(IThreatModel threatModel) { var schemaManager = new DevOpsConfigPropertySchemaManager(threatModel); var iterations = schemaManager.GetIterations()? .OrderBy(x => x.Start) .ToArray(); if (iterations?.Any() ?? false) { var current = schemaManager.CurrentIteration ?? schemaManager.PreviousIteration; float maxRisk = 0f; if (Chart?.ChartSeries.FirstOrDefault() is ChartSeries series) { SeriesPoint point; float risk = 0f; foreach (var iteration in iterations) { point = new SeriesPoint(iteration.Name); if (iteration == current) { var extensionId = ExtensionUtils.GetExtensionByLabel <IConfigurationPanelFactory <Form> >( "Extensions Configuration Panel")?.GetExtensionId(); if (extensionId != null) { var normalizationReference = threatModel.GetExtensionConfiguration(extensionId)? .GlobalGet <int>("normalization") ?? 0; if (normalizationReference > 0) { risk = threatModel.EvaluateRisk(normalizationReference); if (risk > 0f) { schemaManager.SetIterationRisk(iteration, risk); } } } } else { risk = schemaManager.GetIterationRisk(iteration); } point.ValueY = new object[] { ((object)risk) }; series.SeriesPoints.Add(point); if (maxRisk < risk) { maxRisk = risk; } } } var residualRiskSchemaManager = new ResidualRiskEstimatorPropertySchemaManager(threatModel); var estimator = residualRiskSchemaManager.SelectedEstimator; if (estimator != null) { var parameters = residualRiskSchemaManager.Parameters?.ToArray(); if (parameters?.Any() ?? false) { var infinite = residualRiskSchemaManager.Infinite; if (infinite < 0) { infinite = estimator.DefaultInfinite; } var p = parameters.ToDictionary(x => x.Name, x => x.Value); AcceptableRisk = estimator.GetAcceptableRisk(threatModel, p, infinite, 0); } else { AcceptableRisk = 0f; } if (AcceptableRisk > maxRisk) { Chart.AxisY.MaxValue = AcceptableRisk * 1.2f; } } } }