private void _ok_Click(object sender, EventArgs e)
{
if (_threatEvent.Model is IThreatModel model)
{
var schemaManager = new CalculatedSeverityPropertySchemaManager(model);
schemaManager.SetSeverityCalculationConfig(_threatEvent, _points.Value, _reason.Text);
}
}
private void LoadModel()
{
try
{
_grid.SuspendLayout();
_loading = true;
RemoveEventSubscriptions();
var panel = _grid.PrimaryGrid;
panel.Rows.Clear();
var filter = _filter.Text;
var schemaManager = new CalculatedSeverityPropertySchemaManager(_model);
List <IThreatEvent> threatEvents = new List <IThreatEvent>();
AddThreatEvents(threatEvents,
_model.Entities?.Select(x => x.ThreatEvents?
.Where(y => SeverityDoesNotMatchCalculated(y, schemaManager))).ToArray(), filter);
AddThreatEvents(threatEvents, _model.DataFlows?.Select(x => x.ThreatEvents?
.Where(y => SeverityDoesNotMatchCalculated(y, schemaManager))).ToArray(), filter);
var modelThreats = _model.ThreatEvents?
.Where(x => IsSelected(x, filter) && SeverityDoesNotMatchCalculated(x, schemaManager)).ToArray();
if (modelThreats?.Any() ?? false)
{
threatEvents.AddRange(modelThreats);
}
var threatTypes = threatEvents
.Select(x => x.ThreatType)
.Distinct(new ThreatTypeComparer())
.OrderBy(x => x.Name);
if (threatTypes != null)
{
foreach (var item in threatTypes)
{
var selectedEvents = threatEvents
.Where(x => x.ThreatTypeId == item.Id)
.OrderBy(x => x.Parent.Name)
.ToArray();
if (selectedEvents.Any())
{
AddGridRow(item, selectedEvents, panel);
}
}
_currentRow = _grid.PrimaryGrid.Rows.OfType <GridRow>().FirstOrDefault();
}
}
finally
{
_loading = false;
_grid.ResumeLayout(true);
}
}
private void ApplyCalculated(IEnumerable <IThreatEvent> threatEvents, [NotNull] CalculatedSeverityPropertySchemaManager schemaManager)
{
var tes = threatEvents?.ToArray();
if (tes?.Any() ?? false)
{
foreach (var te in tes)
{
var delta = schemaManager.GetSeverityCalculationConfig(te)?.Delta ?? 0;
var severity = te.GetCalculatedSeverity(delta);
if (te.SeverityId != severity.Id)
{
te.Severity = severity;
}
}
}
}
public void Apply()
{
if (_dirty)
{
_model.SetExtensionConfiguration(_extensionId, _configuration);
}
var schemaManager = new CalculatedSeverityPropertySchemaManager(_model);
if (EnableCalculatedSeverity)
{
schemaManager.AddSupport();
}
else
{
schemaManager.RemoveSupport();
}
}
public AdjustSeverityDialog([NotNull] IThreatEvent threatEvent) : this()
{
_threatEvent = threatEvent;
_threatEventName.Text = " " + threatEvent.Name;
_threatEventName.Image = threatEvent.GetImage(ImageSize.Small);
if (threatEvent.Parent != null)
{
_associatedTo.Text = " " + threatEvent.Parent.Name;
_associatedTo.Image = threatEvent.Parent.GetImage(ImageSize.Small);
}
if (threatEvent.Model is IThreatModel model)
{
var schemaManager = new CalculatedSeverityPropertySchemaManager(model);
var config = schemaManager.GetSeverityCalculationConfig(threatEvent);
if (config != null)
{
_points.Value = config.Delta;
_reason.Text = config.DeltaReason;
_ok.Enabled = !string.IsNullOrWhiteSpace(_reason.Text);
}
}
}
public void ExecuteCustomAction([NotNull] IActionDefinition action)
{
string text = null;
bool warning = false;
try
{
switch (action.Name)
{
case "AddMitigation":
if (_properties.Item is IThreatEvent threatEvent2)
{
using (var dialog = new ThreatEventMitigationSelectionDialog(threatEvent2))
{
if (dialog.ShowDialog(Form.ActiveForm) == DialogResult.OK)
{
text = "Mitigation creation";
}
}
}
break;
case "RemoveMitigation":
var selected2 = _currentRow?.GridPanel?.SelectedCells?.OfType <GridCell>()
.Select(x => x.GridRow)
.Where(x => x.Tag is IThreatEventMitigation)
.Distinct()
.ToArray();
if (_currentRow != null)
{
if ((selected2?.Length ?? 0) > 1)
{
var name = (_currentRow.Tag as IThreatEventMitigation)?.Mitigation.Name;
var outcome = MessageBox.Show(Form.ActiveForm,
$"You have selected {selected2.Length} Mitigation associations. Do you want to remove them all?\nPlease click 'Yes' to remove all selected Mitigation associations,\nNo to remove only the last one you selected, '{name}'.\nPress Cancel to abort.",
"Remove Mitigation association", MessageBoxButtons.YesNoCancel, MessageBoxIcon.Warning,
MessageBoxDefaultButton.Button3);
switch (outcome)
{
case DialogResult.Yes:
bool removed = true;
foreach (var row in selected2)
{
bool r = false;
if (row.Tag is IThreatEventMitigation m)
{
r = m.ThreatEvent.RemoveMitigation(m.MitigationId);
}
removed &= r;
if (r && row == _currentRow)
{
_properties.Item = null;
_currentRow = null;
}
}
if (removed)
{
text = "Remove Mitigation association";
}
else
{
warning = true;
text = "One or more Mitigation associations cannot be removed.";
}
break;
case DialogResult.No:
if (_currentRow != null && _currentRow.Tag is IThreatEventMitigation m2)
{
if (m2.ThreatEvent.RemoveMitigation(m2.MitigationId))
{
_properties.Item = null;
_currentRow = null;
text = "Remove Mitigation association";
}
else
{
warning = true;
text = "The Mitigation association cannot be removed.";
}
}
break;
}
}
else if (_currentRow?.Tag is IThreatEventMitigation mitigation &&
MessageBox.Show(Form.ActiveForm,
$"You are about to remove mitigation '{mitigation.Mitigation.Name}' from the current Threat Event. Are you sure?",
"Remove Mitigation association", MessageBoxButtons.YesNo, MessageBoxIcon.Warning,
MessageBoxDefaultButton.Button2) == DialogResult.Yes)
{
if (mitigation.ThreatEvent.RemoveMitigation(mitigation.MitigationId))
{
text = "Remove Mitigation association";
_properties.Item = null;
}
else
{
warning = true;
text = "The Mitigation association cannot be removed.";
}
}
}
break;
case "ApplyCalculated":
if (_grid.PrimaryGrid.Rows.Count > 0 && MessageBox.Show("All the listed Threat Events will be updated with the calculated severity.\nAre you sure?",
"Apply Calculated Severity", MessageBoxButtons.YesNo, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button2) == DialogResult.Yes)
{
var schemaManager = new CalculatedSeverityPropertySchemaManager(_model);
var threatEventList = _model.Entities?.Select(x => x.ThreatEvents?
.Where(y => SeverityDoesNotMatchCalculated(y, schemaManager))).ToArray();
if (threatEventList?.Any() ?? false)
{
foreach (var te1 in threatEventList)
{
ApplyCalculated(te1, schemaManager);
}
}
threatEventList = _model.DataFlows?.Select(x => x.ThreatEvents?
.Where(y => SeverityDoesNotMatchCalculated(y, schemaManager))).ToArray();
if (threatEventList?.Any() ?? false)
{
foreach (var te2 in threatEventList)
{
ApplyCalculated(te2, schemaManager);
}
}
ApplyCalculated(
_model.ThreatEvents?.Where(x => SeverityDoesNotMatchCalculated(x, schemaManager)),
schemaManager);
LoadModel();
text = "Calculated Severities have been applied successfully";
}
break;
case "OpenAllNodes":
try
{
_loading = true;
_grid.PrimaryGrid.ExpandAll(10);
Application.DoEvents();
}
finally
{
_loading = false;
}
break;
case "OpenFirstLevel":
try
{
_loading = true;
_grid.PrimaryGrid.CollapseAll();
_grid.PrimaryGrid.ExpandAll(0);
Application.DoEvents();
}
finally
{
_loading = false;
}
break;
case "OpenBranch":
try
{
_loading = true;
if (_currentRow != null)
{
_currentRow.ExpandAll(10);
_currentRow.Expanded = true;
}
}
finally
{
_loading = false;
}
break;
case "Collapse":
try
{
_loading = true;
_grid.PrimaryGrid.CollapseAll();
}
finally
{
_loading = false;
}
break;
case "Refresh":
LoadModel();
break;
}
if (warning)
{
ShowWarning?.Invoke(text);
}
else if (text != null)
{
ShowMessage?.Invoke($"{text} has been executed successfully.");
}
}
catch
{
ShowWarning?.Invoke($"An error occurred during the execution of the action.");
throw;
}
}
private bool SeverityDoesNotMatchCalculated([NotNull] IThreatEvent threatEvent, [NotNull] CalculatedSeverityPropertySchemaManager schemaManager)
{
var result = false;
if (schemaManager.IsCalculatedSeverityEnabled)
{
var configDelta = schemaManager.GetSeverityCalculationConfig(threatEvent)?.Delta ?? 0;
var calculatedSeverity = threatEvent.GetCalculatedSeverity(configDelta);
result = calculatedSeverity != null && calculatedSeverity.Id != threatEvent.SeverityId;
}
return(result);
}
