public static MitreGraph Deserialize(byte[] json)
{
MitreGraph result = null;
if (json.Length > 0)
{
string jsonText;
if (json[0] == 0xFF)
{
jsonText = Encoding.Unicode.GetString(json, 2, json.Length - 2);
}
else
{
jsonText = Encoding.Unicode.GetString(json);
}
using (var textReader = new StringReader(jsonText))
using (var reader = new JsonTextReader(textReader))
{
var serializer = new JsonSerializer
{
TypeNameHandling = TypeNameHandling.Objects
};
result = serializer.Deserialize <MitreGraph>(reader);
}
}
return(result);
}
internal MitigationNode([NotNull] MitreGraph graph, [NotNull] AttackObject attackPattern) : base(graph, "ATT&CK", attackPattern.AttackId)
{
if (attackPattern.Deprecated || attackPattern.Revoked)
{
throw new ArgumentException(Properties.Resources.InvalidStatus, "attackPattern");
}
Name = attackPattern.Name;
Description = attackPattern.Description;
}
internal ViewNode([NotNull] MitreGraph graph, [NotNull] Capec.ViewType view) : base(graph, "CAPEC", view.ID)
{
if (view.Status == Capec.StatusEnumeration.Deprecated || view.Status == Capec.StatusEnumeration.Obsolete)
{
throw new ArgumentException(Properties.Resources.InvalidStatus, "view");
}
if (view.Type != Capec.ViewTypeEnumeration.Graph)
{
throw new ArgumentException(Properties.Resources.InvalidViewType, "view");
}
Name = view.Name;
Description = view.Objective.ConvertToString();
if (Enum.TryParse <Status>(view.Status.ToString(), out var status))
{
Status = status;
}
#region Add relationships.
var parents = view.Members?.Member_Of?.ToArray();
if (parents?.Any() ?? false)
{
foreach (var parent in parents)
{
AddRelationship(RelationshipType.ChildOf, "CAPEC", parent.CAPEC_ID);
}
}
var children = view.Members?.Has_Member?.ToArray();
if (children?.Any() ?? false)
{
foreach (var child in children)
{
AddRelationship(RelationshipType.ParentOf, "CAPEC", child.CAPEC_ID);
}
}
#endregion
#region Add audience.
var audience = view.Audience?.ToArray();
if (audience?.Any() ?? false)
{
if (Audience == null)
{
Audience = new List <Audience>();
}
foreach (var sh in audience)
{
Audience.Add(new Audience(sh.Type.GetXmlEnumLabel(), sh.Description.ConvertToString()));
}
}
#endregion
}
internal AttackPatternNode([NotNull] MitreGraph graph, [NotNull] AttackObject attackPattern) : base(graph, "ATT&CK", attackPattern.AttackId)
{
if (attackPattern.Deprecated || attackPattern.Revoked)
{
throw new ArgumentException(Properties.Resources.InvalidStatus, "attackPattern");
}
Name = attackPattern.Name;
Description = attackPattern.Description;
Likelihood = Evaluation.Unknown;
Severity = Evaluation.Unknown;
#region Add relationships.
var capec = attackPattern.ExternalReferences?
.Where(x => string.CompareOrdinal(x.Source, "capec") == 0)
.ToArray();
if (capec?.Any() ?? false)
{
foreach (var c in capec)
{
AddRelationship(RelationshipType.PeerOf, "CAPEC", c.ExternalId.Substring(6));
}
}
#endregion
#region Add the other properties.
var platforms = attackPattern.Platforms?.ToArray();
if (platforms?.Any() ?? false)
{
Platforms = new List <string>(platforms);
}
var permissions = attackPattern.PermissionsRequired?.ToArray();
if (permissions?.Any() ?? false)
{
PermissionsRequired = new List <string>(permissions);
}
Detection = attackPattern.Detection;
var kcfs = attackPattern.KillChainPhases?
.Where(x => string.CompareOrdinal(x.Name, "mitre-attack") == 0)
.Select(x => x.Phase)
.ToArray();
if (kcfs?.Any() ?? false)
{
KillChainPhases = new List <string>(kcfs);
}
#endregion
}
internal ViewNode([NotNull] MitreGraph graph, [NotNull] Cwe.ViewType view) : base(graph, "CWE", view.ID)
{
if (view.Status == Cwe.StatusEnumeration.Deprecated || view.Status == Cwe.StatusEnumeration.Obsolete)
{
throw new ArgumentException(Properties.Resources.InvalidStatus, "view");
}
if (view.Type != Cwe.ViewTypeEnumeration.Graph)
{
throw new ArgumentException(Properties.Resources.InvalidViewType, "view");
}
Name = view.Name;
Description = view.Objective.ConvertToString();
if (Enum.TryParse <Status>(view.Status.ToString(), out var status))
{
Status = status;
}
#region Add relationships.
var count = view.Members?.Items?.Length ?? 0;
if (count > 0)
{
for (int i = 0; i < count; i++)
{
var rel = view.Members.ItemsElementName[i] == Cwe.ItemsChoiceType1.Has_Member
? RelationshipType.ParentOf
: RelationshipType.ChildOf;
AddRelationship(rel, "CWE", view.Members.Items[i].CWE_ID, view.Members.Items[i].View_ID);
}
}
#endregion
#region Add audience.
var audience = view.Audience?.ToArray();
if (audience?.Any() ?? false)
{
if (Audience == null)
{
Audience = new List <Audience>();
}
foreach (var sh in audience)
{
Audience.Add(new Audience(sh.Type.GetXmlEnumLabel(), sh.Description));
}
}
#endregion
}
internal CategoryNode([NotNull] MitreGraph graph, [NotNull] Capec.CategoryType category) : base(graph, "CAPEC", category.ID)
{
if (category.Status == Capec.StatusEnumeration.Deprecated || category.Status == Capec.StatusEnumeration.Obsolete)
{
throw new ArgumentException(Resources.InvalidStatus, "category");
}
Name = category.Name;
Description = category.Summary.ConvertToString();
if (Enum.TryParse <Status>(category.Status.ToString(), out var status))
{
Status = status;
}
#region Add relationships.
var parents = category.Relationships?.Member_Of?.ToArray();
if (parents?.Any() ?? false)
{
foreach (var parent in parents)
{
AddRelationship(RelationshipType.ChildOf, "CAPEC", parent.CAPEC_ID);
}
}
var children = category.Relationships?.Has_Member?.ToArray();
if (children?.Any() ?? false)
{
foreach (var child in children)
{
AddRelationship(RelationshipType.ParentOf, "CAPEC", child.CAPEC_ID);
}
}
#endregion
#region Add Taxonomy Mappings.
var taxonomyMappings = category.Taxonomy_Mappings?.ToArray();
if (taxonomyMappings?.Any() ?? false)
{
foreach (var taxonomyMapping in taxonomyMappings)
{
AddTaxonomyMapping(taxonomyMapping);
}
}
#endregion
}
internal CategoryNode([NotNull] MitreGraph graph, [NotNull] Cwe.CategoryType category) : base(graph, "CWE", category.ID)
{
if (category.Status == Cwe.StatusEnumeration.Deprecated || category.Status == Cwe.StatusEnumeration.Obsolete)
{
throw new ArgumentException(Resources.InvalidStatus, "category");
}
Name = category.Name;
Description = category.Summary.ConvertToString();
if (Enum.TryParse <Status>(category.Status.ToString(), out var status))
{
Status = status;
}
#region Add relationships.
var count = category.Relationships?.Items?.Length ?? 0;
if (count > 0)
{
for (int i = 0; i < count; i++)
{
var rel = category.Relationships.ItemsElementName[i] == Cwe.ItemsChoiceType1.Has_Member
? RelationshipType.ParentOf
: RelationshipType.ChildOf;
AddRelationship(rel, "CWE", category.Relationships.Items[i].CWE_ID, category.Relationships.Items[i].View_ID);
}
}
#endregion
#region Add Taxonomy Mappings.
var taxonomyMappings = category.Taxonomy_Mappings?.ToArray();
if (taxonomyMappings?.Any() ?? false)
{
foreach (var taxonomyMapping in taxonomyMappings)
{
AddTaxonomyMapping(taxonomyMapping);
}
}
#endregion
}
internal AttackPatternNode([NotNull] MitreGraph graph, [NotNull] AttackPatternType attackPattern) : base(graph, "CAPEC", attackPattern.ID)
{
if (attackPattern.Status == StatusEnumeration.Deprecated || attackPattern.Status == StatusEnumeration.Obsolete)
{
throw new ArgumentException(Properties.Resources.InvalidStatus, "attackPattern");
}
Name = attackPattern.Name;
Description = attackPattern.Description.ConvertToString();
if (Enum.TryParse <Evaluation>(attackPattern.Likelihood_Of_Attack.ToString(), out var likelihood))
{
Likelihood = likelihood;
}
else
{
Likelihood = Evaluation.Unknown;
}
if (Enum.TryParse <Evaluation>(attackPattern.Typical_Severity.ToString(), out var severity))
{
Severity = severity;
}
else
{
Severity = Evaluation.Unknown;
}
#region Add relationships.
var relAttackPatterns = attackPattern.Related_Attack_Patterns?.ToArray();
if (relAttackPatterns?.Any() ?? false)
{
foreach (var a in relAttackPatterns)
{
if (Enum.TryParse <RelationshipType>(a.Nature.ToString(), out var relType))
{
AddRelationship(relType, "CAPEC", a.CAPEC_ID);
}
}
}
var relWeaknesses = attackPattern.Related_Weaknesses?.ToArray();
if (relWeaknesses?.Any() ?? false)
{
foreach (var w in relWeaknesses)
{
AddRelationship(RelationshipType.Leverages, "CWE", w.CWE_ID);
}
}
#endregion
#region Add Consequences.
var consequences = attackPattern.Consequences?.ToArray();
if (consequences?.Any() ?? false)
{
foreach (var consequence in consequences)
{
AddConsequence(consequence);
}
}
#endregion
#region Add Potential Mitigations.
var potentialMitigations = attackPattern.Mitigations?.ToArray();
if (potentialMitigations?.Any() ?? false)
{
if (PotentialMitigations == null)
{
PotentialMitigations = new List <PotentialMitigation>();
}
foreach (var potentialMitigation in potentialMitigations)
{
PotentialMitigations.Add(new PotentialMitigation(null, null,
potentialMitigation.ConvertToString(), null));
}
}
#endregion
#region Add Taxonomy Mappings.
var taxonomyMappings = attackPattern.Taxonomy_Mappings?.ToArray();
if (taxonomyMappings?.Any() ?? false)
{
foreach (var taxonomyMapping in taxonomyMappings)
{
AddTaxonomyMapping(taxonomyMapping);
}
}
#endregion
}
internal ExternalNode([NotNull] MitreGraph graph, string source, string id, string url, string description) : base(graph, source, id)
{
Url = url;
Description = description;
}
public Node GetNode([NotNull] MitreGraph graph)
{
return(graph.GetNode(CounterpartySource, CounterpartyId));
}
internal WeaknessNode([NotNull] MitreGraph graph, [NotNull] WeaknessType weakness) : base(graph, "CWE", weakness.ID)
{
if (weakness.Status == StatusEnumeration.Deprecated || weakness.Status == StatusEnumeration.Obsolete)
{
throw new ArgumentException(Properties.Resources.InvalidStatus, "weakness");
}
Name = weakness.Name;
Description = weakness.Description;
ExtendedDescription = weakness.Extended_Description.ConvertToString();
if (Enum.TryParse <Evaluation>(weakness.Likelihood_Of_Exploit.ToString(), out var likelihood))
{
Likelihood = likelihood;
}
else
{
Likelihood = Evaluation.Unknown;
}
#region Add relationships.
var relWeaknesses = weakness.Related_Weaknesses?.ToArray();
if (relWeaknesses?.Any() ?? false)
{
foreach (var w in relWeaknesses)
{
if (Enum.TryParse <RelationshipType>(w.Nature.ToString(), out var relType))
{
AddRelationship(relType, "CWE", w.CWE_ID);
}
}
}
var relExamples = weakness.Observed_Examples?.ToArray();
if (relExamples?.Any() ?? false)
{
foreach (var e in relExamples)
{
AddRelationship(RelationshipType.Abstracts, "CVE", e.Reference);
var node = graph.CreateNode(e);
node?.AddRelationship(RelationshipType.IsAnExampleOf, this);
}
}
var relAttackPatterns = weakness.Related_Attack_Patterns?.ToArray();
if (relAttackPatterns?.Any() ?? false)
{
foreach (var a in relAttackPatterns)
{
AddRelationship(RelationshipType.IsLeveragedBy, "CAPEC", a.CAPEC_ID);
}
}
#endregion
#region Add Contexts.
var architectures = weakness.Applicable_Platforms?.Architecture?.ToArray();
if (architectures?.Any() ?? false)
{
foreach (var a in architectures)
{
AddContext(ContextType.Architecture, a.Class.ToString(), a.Name.ToString());
}
}
var languages = weakness.Applicable_Platforms?.Language?.ToArray();
if (languages?.Any() ?? false)
{
foreach (var l in languages)
{
AddContext(ContextType.Language, l.Class.ToString(), l.Name.ToString());
}
}
var operatingSystems = weakness.Applicable_Platforms?.Operating_System?.ToArray();
if (operatingSystems?.Any() ?? false)
{
foreach (var os in operatingSystems)
{
AddContext(ContextType.OperatingSystem, os.Class.ToString(), os.Name.ToString());
}
}
var technologies = weakness.Applicable_Platforms?.Technology?.ToArray();
if (technologies?.Any() ?? false)
{
foreach (var tech in technologies)
{
AddContext(ContextType.Technology, tech.Class.ToString(), tech.Name.ToString());
}
}
#endregion
#region Add Consequences.
var consequences = weakness.Common_Consequences?.ToArray();
if (consequences?.Any() ?? false)
{
foreach (var consequence in consequences)
{
AddConsequence(consequence);
}
}
#endregion
#region Add Detection Methods.
var detectionMethods = weakness.Detection_Methods?.ToArray();
if (detectionMethods?.Any() ?? false)
{
foreach (var detectionMethod in detectionMethods)
{
AddDetectionMethod(detectionMethod);
}
}
#endregion
#region Add Potential Mitigations.
var potentialMitigations = weakness.Potential_Mitigations?.ToArray();
if (potentialMitigations?.Any() ?? false)
{
foreach (var potentialMitigation in potentialMitigations)
{
AddPotentialMitigations(potentialMitigation);
}
}
#endregion
#region Add Taxonomy Mappings.
var taxonomyMappings = weakness.Taxonomy_Mappings?.ToArray();
if (taxonomyMappings?.Any() ?? false)
{
foreach (var taxonomyMapping in taxonomyMappings)
{
AddTaxonomyMapping(taxonomyMapping);
}
}
#endregion
}
public Node([NotNull] MitreGraph graph, [Required] string source, [Required] string id)
{
Graph = graph;
Source = source;
Id = id;
}