private void AnalyzeContainer([NotNull] IThreatEventsContainer container, ref int critical,
ref int high, ref int medium, ref int low, ref int info)
{
var threatEvents = container.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var te in threatEvents)
{
if (te.SeverityId >= (int)DefaultSeverity.Critical)
{
critical++;
}
else if (te.SeverityId >= (int)DefaultSeverity.High)
{
high++;
}
else if (te.SeverityId >= (int)DefaultSeverity.Medium)
{
medium++;
}
else if (te.SeverityId >= (int)DefaultSeverity.Low)
{
low++;
}
else
{
info++;
}
}
}
}
private void OnThreatEventRemoved(IThreatEventsContainer container, IThreatEvent threatEvent)
{
((INotifyPropertyChanged)threatEvent).PropertyChanged -= OnThreatEventPropertyChanged;
var rows = _grid.PrimaryGrid.Rows.OfType <GridRow>().ToArray();
foreach (var row in rows)
{
var panel = row.Rows.OfType <GridPanel>()
.FirstOrDefault(x => string.CompareOrdinal("ThreatEventMitigations", x.Name) == 0);
if (panel != null)
{
var toBeRemoved = panel.Rows.OfType <GridRow>().Where(x =>
(x.Tag is IThreatEventMitigation threatEventMitigation) &&
threatEventMitigation.ThreatEvent.Id == threatEvent.Id).ToArray();
if (toBeRemoved?.Any() ?? false)
{
foreach (var tbr in toBeRemoved)
{
RemoveEventSubscriptions(tbr);
panel.Rows.Remove(tbr);
}
}
}
}
}
private void AddThreatEvent([NotNull] IThreatEvent source, [NotNull] IThreatEventsContainer container)
{
var threatEvent = container.AddThreatEvent(source.ThreatType);
threatEvent.Name = source.Name;
threatEvent.Description = source.Description;
threatEvent.Severity = source.Severity;
source.CloneProperties(threatEvent);
var scenarios = source.Scenarios?.ToArray();
if (scenarios?.Any() ?? false)
{
foreach (var scenario in scenarios)
{
var newScenario =
threatEvent.AddScenario(scenario.Actor, scenario.Severity, scenario.Name);
newScenario.Description = scenario.Description;
newScenario.Motivation = scenario.Motivation;
scenario.CloneProperties(newScenario);
}
}
var mitigations = source.Mitigations?.ToArray();
if (mitigations?.Any() ?? false)
{
foreach (var mitigation in mitigations)
{
var newMitigation = threatEvent.AddMitigation(mitigation.Mitigation, mitigation.Strength,
mitigation.Status, mitigation.Directives);
mitigation.CloneProperties(newMitigation);
}
}
}
private void UpdateContainer([NotNull] IThreatEventsContainer container)
{
// TODO: Release event handlers when marker is not necessary anymore.
_container = container;
_container.ThreatEventAdded += ThreatAdded;
_container.ThreatEventRemoved += ThreatRemoved;
var threatEvents = container.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var threatEvent in threatEvents)
{
threatEvent.ThreatEventMitigationAdded += MitigationAdded;
threatEvent.ThreatEventMitigationRemoved += MitigationRemoved;
var mitigations = threatEvent.Mitigations?.ToArray();
if (mitigations?.Any() ?? false)
{
foreach (var mitigation in mitigations)
{
((INotifyPropertyChanged)mitigation).PropertyChanged += MitigationPropertyChanged;
}
}
}
}
UpdateMitigationLevel();
}
private void RemoveThreatEventEvents(IThreatEventsContainer container)
{
if (container != null)
{
container.ThreatEventAdded -= OnThreatEventAdded;
container.ThreatEventRemoved -= OnThreatEventRemoved;
}
}
private void OnThreatEventAdded([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
var filter = _filter.Text;
if (IsSelected(threatEvent, filter))
{
AddGridRow(threatEvent);
}
}
private void OnThreatEventAddedToShape(IThreatEventsContainer container, IThreatEvent threatEvent)
{
if (container is IEntity entity)
{
var node = GetEntity(entity);
if (node != null)
{
node.ThreatsMarker = entity.ThreatEvents?.Any() ?? false;
}
}
}
private void AnalyzeContainer([NotNull] IThreatEventsContainer container,
Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive,
List <object> list)
{
var threatEvents = container.ThreatEvents?.Where(x => IsSeverityUnchanged(x) && !isFalsePositive(this, x)).ToArray();
if (threatEvents?.Any() ?? false)
{
list.AddRange(threatEvents);
}
}
private void RemoveThreatEvents([NotNull] IThreatEventsContainer container)
{
var tes = container.ThreatEvents?.Select(x => x.Id).ToArray();
if (tes?.Any() ?? false)
{
foreach (var te in tes)
{
container.RemoveThreatEvent(te);
}
}
}
private static void CleanThreatEvents(this IThreatEventsContainer container, [NotNull] IThreatModel model)
{
var threatEvents = container.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var threatEvent in threatEvents)
{
threatEvent.CleanProperties(model);
}
}
}
/// <summary>
/// Clone Threat Events between Containers.
/// </summary>
/// <param name="source">Source Container.</param>
/// <param name="target">Target Container.</param>
public static void CloneThreatEvents(this IThreatEventsContainer source,
[NotNull] IThreatEventsContainer target)
{
var threatEvents = source?.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var threatEvent in threatEvents)
{
threatEvent.Clone(target);
}
}
}
private void OnThreatEventRemoved([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
var row = GetRow(threatEvent);
if (row != null)
{
RemoveEventSubscriptions(row);
var panel = row.GridPanel;
panel.Rows.Remove(row);
UpdateThreatTypeSeverity(panel);
}
}
private void AnalyzeContainer([NotNull] IThreatEventsContainer container,
Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive,
[NotNull] IList <object> list)
{
var threatEvents = container.ThreatEvents?
.Where(x => !isFalsePositive(this, x) && !(x.Mitigations?.Any() ?? false)).ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var te in threatEvents)
{
list.Add(te);
}
}
}
public void Initialize([NotNull] IThreatModel model, [NotNull] IThreatEventsContainer container)
{
_model = model;
if (container is IIdentity identity)
{
_associatedTo.Image = identity.GetImage(Interfaces.ImageSize.Small);
_associatedTo.Text = identity.Name;
_superTooltip.SetSuperTooltip(_associatedTo, model.GetSuperTooltipInfo(identity, false));
}
_severity.Items.Clear();
var severities = _model.Severities?.Where(x => x.Visible).ToArray();
if (severities?.Any() ?? false)
{
_severity.Items.AddRange(severities);
}
var threatTypes = model.ThreatTypes?.OrderBy(x => x.Name).ToArray();
if (threatTypes != null && (container.ThreatEvents?.Any() ?? false))
{
threatTypes =
threatTypes
.Except(container.ThreatEvents.Select(x => x.ThreatType))
.ToArray();
}
if (threatTypes?.Any() ?? false)
{
_threatTypes.Items.AddRange(threatTypes);
_threatTypes.Tag = threatTypes;
}
else
{
_useExisting.Enabled = false;
_createNew.Checked = true;
_threatTypes.Enabled = false;
_name.Enabled = true;
_description.Enabled = true;
_severity.Enabled = true;
}
}
private void AnalyzeContainer([NotNull] IThreatEventsContainer container,
Func <IQualityAnalyzer, IPropertiesContainer, bool> isFalsePositive, [NotNull] IList <object> list)
{
var threatEvents = container.ThreatEvents?
.Where(x => !isFalsePositive(this, x)).ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var te in threatEvents)
{
var mitigations = te.Mitigations?.ToArray();
if ((mitigations?.Length ?? 0) >= 2)
{
SecurityControlType?controlType = null;
bool found = false;
foreach (var m in mitigations)
{
if (!controlType.HasValue)
{
controlType = m.Mitigation?.ControlType;
}
else
{
if (controlType != m.Mitigation?.ControlType)
{
found = true;
break;
}
}
}
if (!found)
{
list.Add(te);
}
}
}
}
}
private bool AreEquivalent([NotNull] IThreatEventsContainer left, [NotNull] IThreatEventsContainer right)
{
bool result = false;
var leftThreats = left.ThreatEvents?.ToArray();
var rightThreats = right.ThreatEvents?.ToArray();
if (leftThreats?.Any() ?? false)
{
if (rightThreats?.Any() ?? false)
{
if (leftThreats.Length == rightThreats.Length)
{
result = true;
foreach (var threat in leftThreats)
{
var rightThreat = rightThreats.FirstOrDefault(x => x.ThreatTypeId == threat.ThreatTypeId);
if (rightThreat == null || !AreEquivalent(threat, rightThreat))
{
result = false;
break;
}
}
}
}
}
else
{
if (!(rightThreats?.Any() ?? false))
{
result = true;
}
}
return(result);
}
private Effort CalculateMaxEffort([NotNull] IThreatEventsContainer container,
[NotNull] IPropertyType propertyType)
{
Effort result = Effort.Undefined;
var threatEvents = container.ThreatEvents?.ToArray();
if (threatEvents?.Any() ?? false)
{
foreach (var threatEvent in threatEvents)
{
var effort = threatEvent.Mitigations?
.FirstOrDefault(x => x.MitigationId == _mitigation.Id)?
.GetProperty(propertyType)?.StringValue?.GetEnumValue <Effort>();
if (effort.HasValue && effort > result)
{
result = effort.Value;
}
}
}
return(result);
}
private void Update([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
UpdateInfo?.Invoke(this.GetExtensionId(), CurrentStatus);
}
private void ThreatEventRemoved([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
threatEvent.ThreatEventMitigationAdded -= Update;
threatEvent.ThreatEventMitigationRemoved -= Update;
UpdateInfo?.Invoke(this.GetExtensionId(), CurrentStatus);
}
private void OnThreatEventAddedToDataFlow([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
_threatEventAddedToDataFlow?.Invoke(container, threatEvent);
}
private void OnThreatEventRemovedFromDataFlow([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
_threatEventRemovedFromDataFlow?.Invoke(container, threatEvent);
}
private void OnThreatEventAdded(IThreatEventsContainer container, IThreatEvent threatEvent)
{
((INotifyPropertyChanged)threatEvent).PropertyChanged += OnThreatEventPropertyChanged;
}
private void OnThreatEventAddedToEntity([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
_threatEventAddedToEntity?.Invoke(container, threatEvent);
}
private static void GetThreatEventMitigations([NotNull] IMitigation mitigation, [NotNull] IThreatEventsContainer container,
[NotNull] List <IThreatEventMitigation> list)
{
var tes = container.ThreatEvents?.ToArray();
if (tes?.Any() ?? false)
{
foreach (var te in tes)
{
var m = te.Mitigations?.FirstOrDefault(x => x.MitigationId == mitigation.Id);
if (m != null)
{
list.Add(m);
}
}
}
}
private void Update([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
// ReSharper disable once SuspiciousTypeConversion.Global
((INotifyPropertyChanged)threatEvent).PropertyChanged += OnPropertyChanged;
UpdateInfo?.Invoke(this.GetExtensionId(), CurrentStatus);
}
private void Update(IThreatEventsContainer container, IThreatEvent mitigation)
{
UpdateInfo?.Invoke(this.GetExtensionId(), CurrentStatus);
}
private void OnThreatEventRemovedFromEntity([NotNull] IThreatEventsContainer container, [NotNull] IThreatEvent threatEvent)
{
_threatEventRemovedFromEntity?.Invoke(container, threatEvent);
}
