public IVulnerability AddVulnerability(IWeakness weakness) { IVulnerability result = null; if (Instance is IIdentity identity) { IThreatModel model = (Instance as IThreatModel) ?? (Instance as IThreatModelChild)?.Model; if (model != null) { if (_vulnerabilities?.All(x => x.WeaknessId != weakness.Id) ?? true) { result = new Vulnerability(model, weakness, identity); if (_vulnerabilities == null) { _vulnerabilities = new List <IVulnerability>(); } _vulnerabilities.Add(result); if (Instance is IDirty dirtyObject) { dirtyObject.SetDirty(); } if (Instance is IVulnerabilitiesContainer container) { _vulnerabilityAdded?.Invoke(container, result); } } } } return(result); }
private GridRow AddGridRow([NotNull] IWeakness weakness, [NotNull] GridPanel panel) { var row = new GridRow( weakness.Name, weakness.Severity); ((INotifyPropertyChanged)weakness).PropertyChanged += OnWeaknessPropertyChanged; row.Tag = weakness; UpdateMitigationLevel(weakness, row); panel.Rows.Add(row); for (int i = 0; i < row.Cells.Count; i++) { row.Cells[i].PropertyChanged += OnWeaknessCellChanged; } weakness.WeaknessMitigationAdded += OnWeaknessMitigationAdded; weakness.WeaknessMitigationRemoved += OnWeaknessMitigationRemoved; if (weakness.Mitigations?.Any() ?? false) { var subPanel = CreateMitigationsPanel(weakness); if (subPanel != null) { row.Rows.Add(subPanel); } } return(row); }
public void Initialize([NotNull] IWeakness weakness) { _weakness = weakness; _model = weakness.Model; _standardMitigationsContainer.Visible = false; InitializeGrid(false); InitializeItem(weakness); var existingMitigations = weakness.Mitigations?.ToArray(); var mitigations = _model?.Mitigations?.OrderBy(x => x.Name); if (mitigations != null) { var defaultStrength = _model.GetStrength((int)DefaultStrength.Average); foreach (var mitigation in mitigations) { var existingMitigation = existingMitigations?.FirstOrDefault(x => x.MitigationId == mitigation.Id); var row = new GridRow(mitigation.Name, mitigation.ControlType.GetEnumLabel(), existingMitigation?.Strength ?? defaultStrength); row.Tag = mitigation; row.Checked = existingMitigation != null; _grid.PrimaryGrid.Rows.Add(row); } } }
public WeaknessMitigationSelectionDialog([NotNull] IWeakness weakness) : this() { _weakness = weakness; _weaknessName.Text = weakness.Name; var strengths = _weakness.Model?.Strengths?.ToArray(); if (strengths?.Any() ?? false) { _strength.Items.AddRange(strengths); _strengthExisting.Items.AddRange(strengths); } var alreadyIncludedMitigations = weakness.Mitigations?.ToArray(); var mitigations = weakness.Model?.Mitigations? .Where(x => !(alreadyIncludedMitigations?.Any(y => y.MitigationId == x.Id) ?? false)) .OrderBy(x => x.Name) .ToArray(); if (mitigations?.Any() ?? false) { _existingMitigation.Items.AddRange(mitigations); _existingMitigation.Tag = mitigations; } else { _createNew.Checked = true; _associateExisting.Enabled = false; EnableControls(); } }
private void _ok_Click(object sender, EventArgs e) { if (IsValid()) { _weakness = _model.AddWeakness(_name.Text, _severity.SelectedItem as ISeverity); if (!string.IsNullOrWhiteSpace(_description.Text)) { _weakness.Description = _description.Text; } } }
public WeaknessMitigation([NotNull] IThreatModel model, [NotNull] IWeakness weakness, [NotNull] IMitigation mitigation, IStrength strength) : this() { _model = model; _modelId = model.Id; _weaknessId = weakness.Id; _weakness = weakness; _mitigationId = mitigation.Id; _mitigation = mitigation; Strength = strength; }
private void _ok_Click(object sender, EventArgs e) { if (_createNew.Checked && !string.IsNullOrWhiteSpace(_name.Text) && _severity.SelectedItem is ISeverity severity) { _weakness = _model.AddWeakness(_name.Text, severity); if (_weakness != null) { _weakness.Description = _description.Text; } } }
public void Add([NotNull] IWeakness weakness) { if (_weaknesses == null) { _weaknesses = new List <IWeakness>(); } _weaknesses.Add(weakness); SetDirty(); ChildCreated?.Invoke(weakness); }
public IWeakness AddWeakness([Required] string name, [NotNull] ISeverity severity) { IWeakness result = null; if (GetWeakness(name) == null) { result = new Weakness(this, name, severity); Add(result); RegisterEvents(result); } return(result); }
private void RemoveRelated([NotNull] IWeakness weakness) { RemoveRelatedForEntities(weakness); RemoveRelatedForDataFlows(weakness); var vulnerabilities = Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray(); if (vulnerabilities?.Any() ?? false) { foreach (var vulnerability in vulnerabilities) { RemoveVulnerability(vulnerability.Id); } } }
/// <summary> /// Add a new Weakness /// </summary> /// <param name="weapon"></param> public void AddWeakness(IWeakness weakness) { // check about just exist weakness foreach (IWeakness _weakness in this.Weaknesses) { if (weakness.Weapon == _weakness.Weapon) { return; } } // add a new weakness this.Weaknesses.Add(weakness); }
/// <summary> /// Get the maximum severity applied to the Vulnerabilities derived from the specific Weakness. /// </summary> /// <param name="weakness">Weakness to be analyzed.</param> /// <returns>Maximum severity applied to Vulnerabilities derived from the Weakness.</returns> public static ISeverity GetTopSeverity(this IWeakness weakness) { ISeverity result = null; var model = weakness.Model; if (model != null) { var modelV = model.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id) .OrderByDescending(x => x.SeverityId).FirstOrDefault(); if (modelV != null) { result = modelV.Severity; } var entitiesV = model.Entities? .Select(e => e.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id) .OrderByDescending(x => x.SeverityId).FirstOrDefault()) .Where(x => x != null).ToArray(); if (entitiesV?.Any() ?? false) { foreach (var entityV in entitiesV) { if (result == null || entityV.SeverityId > result.Id) { result = entityV.Severity; } } } var flowsV = model.DataFlows? .Select(e => e.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id) .OrderByDescending(x => x.SeverityId).FirstOrDefault()) .Where(x => x != null).ToArray(); if (flowsV?.Any() ?? false) { foreach (var flowV in flowsV) { if (result == null || flowV.SeverityId > result.Id) { result = flowV.Severity; } } } } return(result); }
private GridRow GetRow([NotNull] IWeakness weakness) { GridRow result = null; var rows = _grid.PrimaryGrid.Rows.OfType <GridRow>().ToArray(); foreach (var row in rows) { if (row.Tag == weakness) { result = row; break; } } return(result); }
private bool IsSelected([NotNull] IWeakness item, string filter, WeaknessListFilter filterSpecial) { bool result; var mitigations = item.Mitigations?.ToArray(); if (string.IsNullOrWhiteSpace(filter)) { result = true; } else { result = item.Filter(filter); if (!result && (mitigations?.Any() ?? false)) { foreach (var mitigation in mitigations) { result = mitigation.Mitigation?.Filter(filter) ?? false; if (result) { break; } } } } if (result) { switch (filterSpecial) { case WeaknessListFilter.NoMitigations: result = !(item.Mitigations?.Any() ?? false); break; case WeaknessListFilter.NoVulnerabilities: result = !((_model.Vulnerabilities?.Any(x => x.WeaknessId == item.Id) ?? false) || (_model.Entities?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == item.Id) ?? false) ?? false) || (_model.DataFlows?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == item.Id) ?? false) ?? false)); break; } } return(result); }
private int Matches([NotNull] IWeakness weakness, [Required] string filter) { int result = 0; if ((weakness.Name?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0) { result++; } if ((weakness.Description?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0) { result++; } var properties = weakness.Properties?.ToArray(); if (properties?.Any() ?? false) { foreach (var property in properties) { if ((property.StringValue?.IndexOf(filter, StringComparison.OrdinalIgnoreCase) ?? -1) >= 0) { result++; } if (property is IPropertyTokens propertyTokens) { var values = propertyTokens.Value?.ToArray(); if (values?.Any() ?? false) { foreach (var value in values) { if (string.Compare(filter, value, StringComparison.OrdinalIgnoreCase) == 0) { result += 10; break; } } } } } } return(result); }
private void RemoveRelatedForDataFlows([NotNull] IWeakness weakness) { var dataFlows = _dataFlows?.ToArray(); if (dataFlows?.Any() ?? false) { foreach (var dataFlow in dataFlows) { var vulnerabilities = dataFlow.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray(); if (vulnerabilities?.Any() ?? false) { foreach (var vulnerability in vulnerabilities) { dataFlow.RemoveVulnerability(vulnerability.Id); } } } } }
private void RemoveRelatedForEntities([NotNull] IWeakness weakness) { var entities = _entities?.ToArray(); if (entities?.Any() ?? false) { foreach (var entity in entities) { var vulnerabilities = entity.Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray(); if (vulnerabilities?.Any() ?? false) { foreach (var vulnerability in vulnerabilities) { entity.RemoveVulnerability(vulnerability.Id); } } } } }
public Vulnerability([NotNull] IThreatModel model, [NotNull] IWeakness weakness, [NotNull] IIdentity parent) : this() { _id = Guid.NewGuid(); _model = model; _modelId = model.Id; _parentId = parent.Id; _parent = parent; _weakness = weakness; _weaknessId = weakness.Id; Name = weakness.Name; Description = weakness.Description; Severity = weakness.Severity; var properties = weakness.Properties?.ToArray(); if (properties?.Any() ?? false) { foreach (var property in properties) { AddProperty(property); } } model.AutoApplySchemas(this); }
private static void UpdateMitigationLevel([NotNull] IWeakness weakness, [NotNull] GridRow row) { try { switch (weakness.GetMitigationLevel()) { case MitigationLevel.NotMitigated: row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_small; break; case MitigationLevel.Partial: row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_orange_small; break; case MitigationLevel.Complete: row.Cells[0].CellStyles.Default.Image = Resources.threat_circle_green_small; break; } } catch { // Ignore } }
private bool IsUsed([NotNull] IWeakness weakness) { return((_entities?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == weakness.Id) ?? false) ?? false) || (_dataFlows?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == weakness.Id) ?? false) ?? false) || (Vulnerabilities?.Any(x => x.WeaknessId == weakness.Id) ?? false)); }
public static SelectionRule GetRule([NotNull] IWeakness weakness) { return(weakness.GetRule(weakness.Model)); }
private void _weaknesses_SelectedIndexChanged(object sender, EventArgs e) { _weakness = _weaknesses.SelectedItem as IWeakness; _ok.Enabled = CalculateOkEnabled(); }
private GridPanel CreateMitigationsPanel([NotNull] IWeakness weakness) { GridPanel result = null; if (!string.IsNullOrWhiteSpace(weakness.Name)) { result = new GridPanel { Name = "Mitigations", AllowRowDelete = false, AllowRowInsert = false, AllowRowResize = true, ShowRowDirtyMarker = false, ShowTreeButtons = false, ShowTreeLines = false, ShowRowHeaders = false, InitialSelection = RelativeSelection.None, }; result.Columns.Add(new GridColumn("Name") { HeaderText = "Mitigation Name", AutoSizeMode = ColumnAutoSizeMode.Fill, DataType = typeof(string), AllowEdit = false }); result.Columns.Add(new GridColumn("ControlType") { HeaderText = "Control Type", DataType = typeof(string), EditorType = typeof(EnumComboBox), EditorParams = new object[] { EnumExtensions.GetEnumLabels <SecurityControlType>() }, AllowEdit = false, Width = 75 }); result.Columns.Add(new GridColumn("Strength") { HeaderText = "Strength", DataType = typeof(IStrength), EditorType = typeof(StrengthComboBox), EditorParams = new object[] { _model.Strengths?.Where(x => x.Visible) }, AllowEdit = true, Width = 75 }); var mitigations = weakness.Mitigations? .OrderBy(x => x.Mitigation.Name) .ToArray(); if (mitigations?.Any() ?? false) { foreach (var mitigation in mitigations) { AddGridRow(mitigation, result); } } } return(result); }
public IVulnerability AddVulnerability(IWeakness weakness) { return(null); }