private string GetMitigationExposure([NotNull] IMitigation mitigation)
{
return(_model.GetThreatEventMitigations(mitigation)?
.Select(x => x.ThreatEvent.Id.ToString("N"))
.OrderBy(x => x)
.TagConcat());
}
public static IEnumerable <IThreatEventMitigation> GetThreatEventMitigations(this IThreatModel model,
[NotNull] AnnotationsPropertySchemaManager schemaManager, [NotNull] IPropertyType propertyType,
string filter, bool showOnlyOpenQuestions = false)
{
return(model.GetThreatEventMitigations()?
.Where(x => x.HasNotesWithText(schemaManager, filter) && (showOnlyOpenQuestions ? schemaManager.HasOpenTopics(x) : x.HasProperty(propertyType)))
.OrderBy(x => x.Mitigation.Name)
.ThenBy(x => x.ThreatEvent.Name)
.ThenBy(x => x.ThreatEvent.Parent.Name));
}
private bool Generate([NotNull] IThreatModel model)
{
var result = false;
var schemaManager = new QuestionsPropertySchemaManager(model);
var questions = schemaManager.GetQuestions()?.ToArray();
if (questions?.Any() ?? false)
{
var asm = new AnnotationsPropertySchemaManager(model);
var pt = asm.GetAnnotationsPropertyType();
var ei = model.Entities?.OfType <IExternalInteractor>().OrderBy(x => x.Name);
var p = model.Entities?.OfType <IProcess>().OrderBy(x => x.Name);
var ds = model.Entities?.OfType <IDataStore>().OrderBy(x => x.Name);
var f = model.DataFlows?.OrderBy(x => x.Name);
var tb = model.Groups?.OfType <ITrustBoundary>().OrderBy(x => x.Name);
var te = model.GetThreatEvents()?.OrderBy(x => x.Name);
var tem = model.GetThreatEventMitigations()?
.OrderBy(x => x.Mitigation.Name)
.ThenBy(x => x.ThreatEvent.Name)
.ThenBy(x => x.ThreatEvent.Parent.Name);
var tt = model.ThreatTypes?.OrderBy(x => x.Name);
var km = model.Mitigations?.OrderBy(x => x.Name);
var sm = model.GetThreatTypeMitigations()?
.OrderBy(x => x.Mitigation.Name)
.ThenBy(x => x.ThreatType.Name);
var et = model.EntityTemplates?.OrderBy(x => x.Name);
var ft = model.FlowTemplates?.OrderBy(x => x.Name);
var tbt = model.TrustBoundaryTemplates?.OrderBy(x => x.Name);
foreach (var question in questions)
{
Generate(question, ei, asm);
Generate(question, p, asm);
Generate(question, ds, asm);
Generate(question, f, asm);
Generate(question, tb, asm);
Generate(question, te, asm);
Generate(question, tem, asm);
Generate(question, tt, asm);
Generate(question, km, asm);
Generate(question, sm, asm);
Generate(question, et, asm);
Generate(question, ft, asm);
Generate(question, tbt, asm);
Generate(question, model, asm);
}
result = true;
}
return(result);
}
public IEnumerable <ListItem> GetList(IThreatModel model)
{
IEnumerable <ListItem> result = null;
var schema = new RoadmapPropertySchemaManager(model);
var mitigations = model.GetUniqueMitigations()?
.Where(x => schema.GetStatus(x) == RoadmapStatus.ShortTerm)
.OrderBy(x => x.Name)
.ToArray();
if (mitigations?.Any() ?? false)
{
var list = new List <ListItem>();
foreach (var mitigation in mitigations)
{
var items = new List <ItemRow>();
var tems = model.GetThreatEventMitigations(mitigation)?.ToArray();
if (tems?.Any() ?? false)
{
items.Add(new TextRow("Control Type", mitigation.ControlType.GetEnumLabel()));
items.Add(new TextRow("Description", mitigation.Description));
items.Add(new TableRow("Affected Threats", new []
{
new TableColumn("Object", 150),
new TableColumn("Threat", 150),
new TableColumn("Strength", 100),
new TableColumn("Status", 100)
}, GetAffectedThreatsCells(tems)));
items.Add(new TableRow("Directives", new[]
{
new TableColumn("Object", 150),
new TableColumn("Directives", 350),
}, GetDirectivesCells(tems)));
var itemRows = mitigation.GetItemRows()?.ToArray();
if (itemRows?.Any() ?? false)
{
items.AddRange(itemRows);
}
list.Add(new ListItem(mitigation.Name, mitigation.Id, items));
}
}
result = list;
}
return(result);
}
public void RefreshChart([NotNull] IThreatModel model)
{
if (_chart.ChartPanel.ChartContainers[0] is PieChart pieChart)
{
pieChart.ChartSeries[0].SeriesPoints.Clear();
var total = model.GetThreatEventMitigations()?.Count() ?? 0;
if (total > 0)
{
AddSlice(pieChart, model, MitigationStatus.Undefined, total, Color.Black);
AddSlice(pieChart, model, MitigationStatus.Existing, total, Color.Green);
AddSlice(pieChart, model, MitigationStatus.Implemented, total, Color.Olive);
AddSlice(pieChart, model, MitigationStatus.Proposed, total, Color.Orange);
AddSlice(pieChart, model, MitigationStatus.Approved, total, Color.Yellow);
AddSlice(pieChart, model, MitigationStatus.Planned, total, Color.YellowGreen);
}
}
}
public IEnumerable <ListItem> GetList(IThreatModel model)
{
IEnumerable <ListItem> result = null;
var schema = new RoadmapPropertySchemaManager(model);
var mitigations = model.GetUniqueMitigations()?
.Where(x => schema.GetStatus(x) == RoadmapStatus.LongTerm)
.OrderBy(x => x.Name)
.ToArray();
if (mitigations?.Any() ?? false)
{
var list = new List <ListItem>();
foreach (var mitigation in mitigations)
{
var items = new List <ItemRow>();
var tems = model.GetThreatEventMitigations(mitigation)?.ToArray();
if (tems?.Any() ?? false)
{
items.Add(new TextRow("Control Type", mitigation.ControlType.GetEnumLabel()));
items.Add(new TextRow("Description", mitigation.Description));
var itemRows = mitigation.GetItemRows()?.ToArray();
if (itemRows?.Any() ?? false)
{
items.AddRange(itemRows);
}
list.Add(new ListItem(mitigation.Name, mitigation.Id, items));
}
}
result = list;
}
return(result);
}
private static async Task <int> UpdateMitigationsAsync([NotNull] IThreatModel model, [NotNull] IDevOpsConnector connector)
{
int result = 0;
var schemaManager = new DevOpsPropertySchemaManager(model);
var mitigations = model.GetUniqueMitigations()?
.ToDictionary(x => x, x => schemaManager.GetDevOpsInfo(x, connector))
.ToArray();
if (mitigations?.Any() ?? false)
{
var infos = await connector
.GetWorkItemsInfoAsync(mitigations
.Select(x => x.Value?.Id ?? -1)
.Where(x => x >= 0)
);
if (infos != null)
{
foreach (var info in infos)
{
var pairs = mitigations
.Where(x => x.Value != null && x.Value.Id == info.Id)
.ToArray();
if (pairs.Any())
{
var pair = pairs.FirstOrDefault();
if (pair.Value.Status != info.Status ||
string.CompareOrdinal(pair.Value.AssignedTo, info.AssignedTo) != 0)
{
schemaManager.SetDevOpsStatus(pair.Key, connector, info.Id, info.Url, info.AssignedTo, info.Status);
result++;
}
MitigationStatus status;
switch (info.Status)
{
case WorkItemStatus.Created:
status = MitigationStatus.Approved;
break;
case WorkItemStatus.Planned:
status = MitigationStatus.Planned;
break;
case WorkItemStatus.InProgress:
status = MitigationStatus.Planned;
break;
case WorkItemStatus.Done:
status = MitigationStatus.Implemented;
break;
default:
status = MitigationStatus.Proposed;
break;
}
var tems = model.GetThreatEventMitigations(pair.Key);
if (tems?.Any() ?? false)
{
foreach (var tem in tems)
{
if (tem.Status != status)
{
tem.Status = status;
}
}
}
}
}
}
var missing = mitigations.Where(x => x.Value != null && (infos?.All(y => y.Id != x.Value.Id) ?? true)).ToArray();
if (missing.Any())
{
foreach (var m in missing)
{
schemaManager.RemoveDevOpsInfos(m.Key);
}
}
}
return(result);
}
private void _objectTypes_SelectedValueChanged(object sender, EventArgs e)
{
if (_objectTypes.SelectedItem is string selected)
{
_objects.Items.Clear();
_imageList.Images.Clear();
_properties.Item = null;
ChangeCustomActionStatus?.Invoke("AddNotes", false);
ChangeCustomActionStatus?.Invoke("AddTopic", false);
ChangeCustomActionStatus?.Invoke("AddHighlight", false);
ChangeCustomActionStatus?.Invoke("RemoveNotes", false);
ChangeCustomActionStatus?.Invoke("RemoveTopic", false);
ChangeCustomActionStatus?.Invoke("RemoveHighlight", false);
RemoveButtons();
_annotation.Annotation = null;
switch (selected)
{
case "External Interactors":
AddObjects(_model.GetExternalInteractors(_schemaManager, _propertyType, _filter.Text), true);
break;
case "Processes":
AddObjects(_model.GetProcesses(_schemaManager, _propertyType, _filter.Text), true);
break;
case "Data Stores":
AddObjects(_model.GetDataStores(_schemaManager, _propertyType, _filter.Text), true);
break;
case "Flows":
AddObjects(_model.GetFlows(_schemaManager, _propertyType, _filter.Text));
break;
case "Trust Boundaries":
AddObjects(_model.GetTrustBoundaries(_schemaManager, _propertyType, _filter.Text));
break;
case "Threat Events":
AddObjects(_model.GetThreatEvents(_schemaManager, _propertyType, _filter.Text));
break;
case "Threat Event Mitigations":
var tems = _model.GetThreatEventMitigations(_schemaManager, _propertyType, _filter.Text)?
.Where(x => x is IPropertiesContainer container &&
((_show == WhatToShow.All && (_schemaManager.HasNotes(container) || _schemaManager.HasTopics(container) || _schemaManager.HasHighlights(container))) ||
(_show == WhatToShow.OpenTopicsOnly && _schemaManager.HasOpenTopics(container)) ||
(_show == WhatToShow.HighlightsOnly && _schemaManager.HasHighlights(container))))
.ToArray();
if (tems?.Any() ?? false)
{
bool first = true;
foreach (var tem in tems)
{
if (first)
{
_imageList.Images.Add(Icons.Resources.mitigations_small);
first = false;
}
_objects.Items.Add(new ListViewItem(tem.Mitigation.Name, 0)
{
ToolTipText = $"'{tem.Mitigation.Name}' for '{tem.ThreatEvent.Name}' on '{tem.ThreatEvent.Parent.Name}'",
Tag = tem
});
}
}
break;
case "Threat Types":
AddObjects(_model.GetThreatTypes(_schemaManager, _propertyType, _filter.Text));
break;
case "Known Mitigations":
AddObjects(_model.GetKnownMitigations(_schemaManager, _propertyType, _filter.Text));
break;
case "Standard Mitigations":
var sms = _model.GetStandardMitigations(_schemaManager, _propertyType, _filter.Text)?
.Where(x => x is IPropertiesContainer container &&
((_show == WhatToShow.All && (_schemaManager.HasNotes(container) || _schemaManager.HasTopics(container) || _schemaManager.HasHighlights(container))) ||
(_show == WhatToShow.OpenTopicsOnly && _schemaManager.HasOpenTopics(container)) ||
(_show == WhatToShow.HighlightsOnly && _schemaManager.HasHighlights(container))))
.ToArray();
if (sms?.Any() ?? false)
{
bool first = true;
foreach (var sm in sms)
{
if (first)
{
_imageList.Images.Add(Icons.Resources.standard_mitigations_small);
first = false;
}
_objects.Items.Add(new ListViewItem(sm.Mitigation.Name, 0)
{
ToolTipText = $"'{sm.Mitigation.Name}' for '{sm.ThreatType.Name}'",
Tag = sm
});
}
}
break;
case "Entity Templates":
AddObjects(_model.GetEntityTemplates(_schemaManager, _propertyType, _filter.Text), true);
break;
case "Flow Templates":
AddObjects(_model.GetFlowTemplates(_schemaManager, _propertyType, _filter.Text));
break;
case "Trust Boundary Templates":
AddObjects(_model.GetTrustBoundaryTemplates(_schemaManager, _propertyType, _filter.Text));
break;
case "Diagrams":
AddObjects(_model.GetDiagrams(_schemaManager, _propertyType, _filter.Text));
break;
case "Threat Model":
AddObject(_model);
break;
}
_objects.AutoResizeColumn(0, ColumnHeaderAutoResizeStyle.ColumnContent);
}
}
