static void Main(string[] args)
{
XATTACKEntities attack_model = new XATTACKEntities();
Excel.Application xlApp;
Excel.Workbook xlWorkBook;
object misValue = System.Reflection.Missing.Value;
xlApp = new Excel.Application();
xlWorkBook = xlApp.Workbooks.Add(misValue);
xlWorkSheet = (Excel.Worksheet)xlWorkBook.Worksheets.get_Item(1);
int iColumnIndex = 1;
//xlWorkSheet.Cells[1, 1] = "http://csharp.net-informations.com";
//Notes
//https://capec.mitre.org/data/graphs/3000.html
//Start with one Domain of Attack
//CAPEC-513 Software
//int iAttackPatternID = 0;
//ATTACKPATTERN oAttackPatternMaster = null;
List <ATTACKPATTERN> ListAttackPatterns = new List <ATTACKPATTERN>();
try
{
//TODO HARDCODED
////iAttackPatternID = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Software").Select(o => o.AttackPatternID).FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Software").FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Supply Chain").FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Hardware").FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Injection").FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Physical Security").FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Social Engineering").FirstOrDefault();
//oAttackPatternMaster = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Phishing").FirstOrDefault();
//ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName.Contains("mail")).ToList(); //.FirstOrDefault();
//ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Brute Force").ToList(); //.FirstOrDefault();
//ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName.Contains("DNS") || o.AttackPatternDescription.Contains("DNS")).ToList(); //.FirstOrDefault();
//ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName.Contains("mail") || o.AttackPatternDescription.Contains("mail")).ToList(); //.FirstOrDefault();
//ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Physical Security").ToList();
//ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName == "Social Information Gathering Attacks").ToList();
ListAttackPatterns = attack_model.ATTACKPATTERN.Where(o => o.AttackPatternName.Contains("Spoofing")).ToList();
}
catch (Exception ex)
{
}
foreach (ATTACKPATTERN oAttackPatternMaster in ListAttackPatterns)
{
xlWorkSheet.Cells[iRowIndex, 1] = oAttackPatternMaster.capec_id + " " + oAttackPatternMaster.AttackPatternName; //"CAPEC-513 Software";
iColumnIndex = 2;
fWriteChilds(oAttackPatternMaster, iColumnIndex);
//iRowIndex++;
}
//*********************************************************
string sCurrentPath = Directory.GetCurrentDirectory();
//HARDCODED
xlWorkBook.SaveAs(sCurrentPath + @"\CAPEC_ThreatModel.xls", Excel.XlFileFormat.xlWorkbookNormal, misValue, misValue, misValue, misValue, Excel.XlSaveAsAccessMode.xlExclusive, misValue, misValue, misValue, misValue, misValue);
xlWorkBook.Close(true, misValue, misValue);
xlApp.Quit();
releaseObject(xlWorkSheet);
releaseObject(xlWorkBook);
releaseObject(xlApp);
}
/// <summary>
/// Copyright (C) 2014-2015 Jerome Athias
/// Completely Alpha version Tool to manipulate (old version) of Microsoft Threat Modeling Tool "threat categories database"
/// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
///
/// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
///
/// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/// </summary>
static void Main(string[] args)
{
//Microsoft Threat Modeling Tool (TMT) 2014
XmlDocument doc = new XmlDocument();
doc.Load(@"C:\Program Files (x86)\Microsoft Threat Modeling Tool 2014\KnowledgeBase\ThreatCategories.xml"); //Hardcoded
XORCISMEntities model = new XORCISMEntities();
//https://stackoverflow.com/questions/5940225/fastest-way-of-inserting-in-entity-framework
model.Configuration.AutoDetectChangesEnabled = false;
model.Configuration.ValidateOnSaveEnabled = false;
XATTACKEntities attack_model = new XATTACKEntities();
attack_model.Configuration.AutoDetectChangesEnabled = false;
attack_model.Configuration.ValidateOnSaveEnabled = false;
XmlNodeList nodesThreatCategories = doc.SelectNodes("/ArrayOfThreatCategory/ThreatCategory"); //Hardcoded
foreach (XmlNode nodeThreatCategory in nodesThreatCategories)
{
//(no attributes)
foreach (XmlNode nodeThreatCategoryInfo in nodeThreatCategory.ChildNodes)
{
//Console.WriteLine("DEBUG: " + nodeThreatCategoryInfo.Name);
//Name Id ShortDescription LongDescription
switch (nodeThreatCategoryInfo.Name)
{
case "Name":
//Search a match in Attack Pattern (CAPEC)
string sThreatCategoryNameValue = nodeThreatCategoryInfo.InnerText;
Console.WriteLine("DEBUG: " + sThreatCategoryNameValue);
//Spoofing Tampering Repudiation
try
{
ATTACKPATTERN oAttackPattern = attack_model.ATTACKPATTERN.FirstOrDefault(o => o.AttackPatternName.Contains(sThreatCategoryNameValue));
if (oAttackPattern != null)
{
Console.WriteLine("DEBUG: " + oAttackPattern.capec_id + " " + oAttackPattern.AttackPatternName);
}
}
catch (Exception exoAttackPattern)
{
Console.WriteLine("Exception exoAttackPattern " + exoAttackPattern.Message + " " + exoAttackPattern.InnerException);
}
break;
case "Id":
break;
case "ShortDescription":
break;
case "LongDescription":
break;
default:
Console.WriteLine("ERROR: Missing code for " + nodeThreatCategoryInfo.Name);
break;
}
Console.WriteLine("DEBUG: " + nodeThreatCategoryInfo.InnerText);
}
}
}
