public IVulnerability AddVulnerability(IWeakness weakness)
{
IVulnerability result = null;
if (Instance is IIdentity identity)
{
IThreatModel model = (Instance as IThreatModel) ?? (Instance as IThreatModelChild)?.Model;
if (model != null)
{
if (_vulnerabilities?.All(x => x.WeaknessId != weakness.Id) ?? true)
{
result = new Vulnerability(model, weakness, identity);
if (_vulnerabilities == null)
{
_vulnerabilities = new List <IVulnerability>();
}
_vulnerabilities.Add(result);
if (Instance is IDirty dirtyObject)
{
dirtyObject.SetDirty();
}
if (Instance is IVulnerabilitiesContainer container)
{
_vulnerabilityAdded?.Invoke(container, result);
}
}
}
}
return(result);
}
private GridRow AddGridRow([NotNull] IWeakness weakness, [NotNull] GridPanel panel)
{
var row = new GridRow(
weakness.Name,
weakness.Severity);
((INotifyPropertyChanged)weakness).PropertyChanged += OnWeaknessPropertyChanged;
row.Tag = weakness;
UpdateMitigationLevel(weakness, row);
panel.Rows.Add(row);
for (int i = 0; i < row.Cells.Count; i++)
{
row.Cells[i].PropertyChanged += OnWeaknessCellChanged;
}
weakness.WeaknessMitigationAdded += OnWeaknessMitigationAdded;
weakness.WeaknessMitigationRemoved += OnWeaknessMitigationRemoved;
if (weakness.Mitigations?.Any() ?? false)
{
var subPanel = CreateMitigationsPanel(weakness);
if (subPanel != null)
{
row.Rows.Add(subPanel);
}
}
return(row);
}
public void Initialize([NotNull] IWeakness weakness)
{
_weakness = weakness;
_model = weakness.Model;
_standardMitigationsContainer.Visible = false;
InitializeGrid(false);
InitializeItem(weakness);
var existingMitigations = weakness.Mitigations?.ToArray();
var mitigations = _model?.Mitigations?.OrderBy(x => x.Name);
if (mitigations != null)
{
var defaultStrength = _model.GetStrength((int)DefaultStrength.Average);
foreach (var mitigation in mitigations)
{
var existingMitigation = existingMitigations?.FirstOrDefault(x => x.MitigationId == mitigation.Id);
var row = new GridRow(mitigation.Name,
mitigation.ControlType.GetEnumLabel(),
existingMitigation?.Strength ?? defaultStrength);
row.Tag = mitigation;
row.Checked = existingMitigation != null;
_grid.PrimaryGrid.Rows.Add(row);
}
}
}
public WeaknessMitigationSelectionDialog([NotNull] IWeakness weakness) : this()
{
_weakness = weakness;
_weaknessName.Text = weakness.Name;
var strengths = _weakness.Model?.Strengths?.ToArray();
if (strengths?.Any() ?? false)
{
_strength.Items.AddRange(strengths);
_strengthExisting.Items.AddRange(strengths);
}
var alreadyIncludedMitigations = weakness.Mitigations?.ToArray();
var mitigations = weakness.Model?.Mitigations?
.Where(x => !(alreadyIncludedMitigations?.Any(y => y.MitigationId == x.Id) ?? false))
.OrderBy(x => x.Name)
.ToArray();
if (mitigations?.Any() ?? false)
{
_existingMitigation.Items.AddRange(mitigations);
_existingMitigation.Tag = mitigations;
}
else
{
_createNew.Checked = true;
_associateExisting.Enabled = false;
EnableControls();
}
}
private void _ok_Click(object sender, EventArgs e)
{
if (IsValid())
{
_weakness = _model.AddWeakness(_name.Text, _severity.SelectedItem as ISeverity);
if (!string.IsNullOrWhiteSpace(_description.Text))
{
_weakness.Description = _description.Text;
}
}
}
public WeaknessMitigation([NotNull] IThreatModel model, [NotNull] IWeakness weakness,
[NotNull] IMitigation mitigation, IStrength strength) : this()
{
_model = model;
_modelId = model.Id;
_weaknessId = weakness.Id;
_weakness = weakness;
_mitigationId = mitigation.Id;
_mitigation = mitigation;
Strength = strength;
}
private void _ok_Click(object sender, EventArgs e)
{
if (_createNew.Checked && !string.IsNullOrWhiteSpace(_name.Text) &&
_severity.SelectedItem is ISeverity severity)
{
_weakness = _model.AddWeakness(_name.Text, severity);
if (_weakness != null)
{
_weakness.Description = _description.Text;
}
}
}
public void Add([NotNull] IWeakness weakness)
{
if (_weaknesses == null)
{
_weaknesses = new List <IWeakness>();
}
_weaknesses.Add(weakness);
SetDirty();
ChildCreated?.Invoke(weakness);
}
public IWeakness AddWeakness([Required] string name, [NotNull] ISeverity severity)
{
IWeakness result = null;
if (GetWeakness(name) == null)
{
result = new Weakness(this, name, severity);
Add(result);
RegisterEvents(result);
}
return(result);
}
private void RemoveRelated([NotNull] IWeakness weakness)
{
RemoveRelatedForEntities(weakness);
RemoveRelatedForDataFlows(weakness);
var vulnerabilities = Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray();
if (vulnerabilities?.Any() ?? false)
{
foreach (var vulnerability in vulnerabilities)
{
RemoveVulnerability(vulnerability.Id);
}
}
}
/// <summary>
/// Add a new Weakness
/// </summary>
/// <param name="weapon"></param>
public void AddWeakness(IWeakness weakness)
{
// check about just exist weakness
foreach (IWeakness _weakness in this.Weaknesses)
{
if (weakness.Weapon == _weakness.Weapon)
{
return;
}
}
// add a new weakness
this.Weaknesses.Add(weakness);
}
/// <summary>
/// Get the maximum severity applied to the Vulnerabilities derived from the specific Weakness.
/// </summary>
/// <param name="weakness">Weakness to be analyzed.</param>
/// <returns>Maximum severity applied to Vulnerabilities derived from the Weakness.</returns>
public static ISeverity GetTopSeverity(this IWeakness weakness)
{
ISeverity result = null;
var model = weakness.Model;
if (model != null)
{
var modelV = model.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id)
.OrderByDescending(x => x.SeverityId).FirstOrDefault();
if (modelV != null)
{
result = modelV.Severity;
}
var entitiesV = model.Entities?
.Select(e => e.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id)
.OrderByDescending(x => x.SeverityId).FirstOrDefault())
.Where(x => x != null).ToArray();
if (entitiesV?.Any() ?? false)
{
foreach (var entityV in entitiesV)
{
if (result == null || entityV.SeverityId > result.Id)
{
result = entityV.Severity;
}
}
}
var flowsV = model.DataFlows?
.Select(e => e.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id)
.OrderByDescending(x => x.SeverityId).FirstOrDefault())
.Where(x => x != null).ToArray();
if (flowsV?.Any() ?? false)
{
foreach (var flowV in flowsV)
{
if (result == null || flowV.SeverityId > result.Id)
{
result = flowV.Severity;
}
}
}
}
return(result);
}
private GridRow GetRow([NotNull] IWeakness weakness)
{
GridRow result = null;
var rows = _grid.PrimaryGrid.Rows.OfType <GridRow>().ToArray();
foreach (var row in rows)
{
if (row.Tag == weakness)
{
result = row;
break;
}
}
return(result);
}
private bool IsSelected([NotNull] IWeakness item, string filter, WeaknessListFilter filterSpecial)
{
bool result;
var mitigations = item.Mitigations?.ToArray();
if (string.IsNullOrWhiteSpace(filter))
{
result = true;
}
else
{
result = item.Filter(filter);
if (!result && (mitigations?.Any() ?? false))
{
foreach (var mitigation in mitigations)
{
result = mitigation.Mitigation?.Filter(filter) ?? false;
if (result)
{
break;
}
}
}
}
if (result)
{
switch (filterSpecial)
{
case WeaknessListFilter.NoMitigations:
result = !(item.Mitigations?.Any() ?? false);
break;
case WeaknessListFilter.NoVulnerabilities:
result = !((_model.Vulnerabilities?.Any(x => x.WeaknessId == item.Id) ?? false) ||
(_model.Entities?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == item.Id) ?? false) ?? false) ||
(_model.DataFlows?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == item.Id) ?? false) ?? false));
break;
}
}
return(result);
}
private int Matches([NotNull] IWeakness weakness, [Required] string filter)
{
int result = 0;
if ((weakness.Name?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0)
{
result++;
}
if ((weakness.Description?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0)
{
result++;
}
var properties = weakness.Properties?.ToArray();
if (properties?.Any() ?? false)
{
foreach (var property in properties)
{
if ((property.StringValue?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0)
{
result++;
}
if (property is IPropertyTokens propertyTokens)
{
var values = propertyTokens.Value?.ToArray();
if (values?.Any() ?? false)
{
foreach (var value in values)
{
if (string.Compare(filter, value, StringComparison.OrdinalIgnoreCase) == 0)
{
result += 10;
break;
}
}
}
}
}
}
return(result);
}
private void RemoveRelatedForDataFlows([NotNull] IWeakness weakness)
{
var dataFlows = _dataFlows?.ToArray();
if (dataFlows?.Any() ?? false)
{
foreach (var dataFlow in dataFlows)
{
var vulnerabilities = dataFlow.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray();
if (vulnerabilities?.Any() ?? false)
{
foreach (var vulnerability in vulnerabilities)
{
dataFlow.RemoveVulnerability(vulnerability.Id);
}
}
}
}
}
private void RemoveRelatedForEntities([NotNull] IWeakness weakness)
{
var entities = _entities?.ToArray();
if (entities?.Any() ?? false)
{
foreach (var entity in entities)
{
var vulnerabilities = entity.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray();
if (vulnerabilities?.Any() ?? false)
{
foreach (var vulnerability in vulnerabilities)
{
entity.RemoveVulnerability(vulnerability.Id);
}
}
}
}
}
public Vulnerability([NotNull] IThreatModel model, [NotNull] IWeakness weakness, [NotNull] IIdentity parent) : this()
{
_id = Guid.NewGuid();
_model = model;
_modelId = model.Id;
_parentId = parent.Id;
_parent = parent;
_weakness = weakness;
_weaknessId = weakness.Id;
Name = weakness.Name;
Description = weakness.Description;
Severity = weakness.Severity;
var properties = weakness.Properties?.ToArray();
if (properties?.Any() ?? false)
{
foreach (var property in properties)
{
AddProperty(property);
}
}
model.AutoApplySchemas(this);
}
private static void UpdateMitigationLevel([NotNull] IWeakness weakness, [NotNull] GridRow row)
{
try
{
switch (weakness.GetMitigationLevel())
{
case MitigationLevel.NotMitigated:
row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_small;
break;
case MitigationLevel.Partial:
row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_orange_small;
break;
case MitigationLevel.Complete:
row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_green_small;
break;
}
}
catch
{
// Ignore
}
}
private bool IsUsed([NotNull] IWeakness weakness)
{
return((_entities?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == weakness.Id) ?? false) ?? false) ||
(_dataFlows?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == weakness.Id) ?? false) ?? false) ||
(Vulnerabilities?.Any(x => x.WeaknessId == weakness.Id) ?? false));
}
public static SelectionRule GetRule([NotNull] IWeakness weakness)
{
return(weakness.GetRule(weakness.Model));
}
private void _weaknesses_SelectedIndexChanged(object sender, EventArgs e)
{
_weakness = _weaknesses.SelectedItem as IWeakness;
_ok.Enabled = CalculateOkEnabled();
}
private GridPanel CreateMitigationsPanel([NotNull] IWeakness weakness)
{
GridPanel result = null;
if (!string.IsNullOrWhiteSpace(weakness.Name))
{
result = new GridPanel
{
Name = "Mitigations",
AllowRowDelete = false,
AllowRowInsert = false,
AllowRowResize = true,
ShowRowDirtyMarker = false,
ShowTreeButtons = false,
ShowTreeLines = false,
ShowRowHeaders = false,
InitialSelection = RelativeSelection.None,
};
result.Columns.Add(new GridColumn("Name")
{
HeaderText = "Mitigation Name",
AutoSizeMode = ColumnAutoSizeMode.Fill,
DataType = typeof(string),
AllowEdit = false
});
result.Columns.Add(new GridColumn("ControlType")
{
HeaderText = "Control Type",
DataType = typeof(string),
EditorType = typeof(EnumComboBox),
EditorParams = new object[] { EnumExtensions.GetEnumLabels <SecurityControlType>() },
AllowEdit = false,
Width = 75
});
result.Columns.Add(new GridColumn("Strength")
{
HeaderText = "Strength",
DataType = typeof(IStrength),
EditorType = typeof(StrengthComboBox),
EditorParams = new object[] { _model.Strengths?.Where(x => x.Visible) },
AllowEdit = true,
Width = 75
});
var mitigations = weakness.Mitigations?
.OrderBy(x => x.Mitigation.Name)
.ToArray();
if (mitigations?.Any() ?? false)
{
foreach (var mitigation in mitigations)
{
AddGridRow(mitigation, result);
}
}
}
return(result);
}
public IVulnerability AddVulnerability(IWeakness weakness)
{
return(null);
}
