private void MapMitigationSummaryRisksByPhase(List <PhaseEntity> phaseEntities, Dashboard dashboard)
{
var highcharts = new Dictionary <int, Highchart>();
var chartPhases = phaseEntities.ToList();
// The first item should always be "All Phases" -- a complete list of Risks from all the Phases together.
// Build up a list of RiskEntities
var risksForAllPhases = chartPhases.SelectMany(cp => cp.Risks).ToList();
// Create a new chartPhase for our "All Phases" chart
var allPhasesEntity = new PhaseEntity();
allPhasesEntity.Id = 0;
allPhasesEntity.Name = "All Phases";
// Add the complete list of distinct RiskEntities to the new chartPhase
allPhasesEntity.Risks = risksForAllPhases.Distinct().ToList();
// Unshift the "All Phases" chartPhase onto the beginning of our array of ChartPhases
chartPhases.Insert(0, allPhasesEntity);
// Now we can create our array of Highcharts
foreach (var chartPhase in chartPhases)
{
var highchart = new NamedHighchart();
var risksByThreatLevel = chartPhase.Risks
.OrderBy(x => x.FinalScore)
.GroupBy(x => ThreatLevel.LookupByValue(x.FinalScore))
.ToList();
// Skip this risk entity if there are no vulns associated with it
if (risksByThreatLevel.Count == 0)
{
continue;
}
// Add each Severity bar in our three-bar columns (Moderate Severity, High Severity, Very High Severity)
foreach (var threatLevelGroup in risksByThreatLevel)
{
var series = new Series
{
Name = threatLevelGroup.Key.Name + " Severity",
Color = threatLevelGroup.Key.Color
};
// Guard against the Remediation Status being null
var defaultStatusValue = MitigationStatus.NotMitigated.Value;
// Add the data for each Remediation Status (Not Mitigated, Mitigation in Progress, etcetera)
foreach (var status in MitigationStatus.List)
{
var data = new Data
{
Name = status.Name,
Value = threatLevelGroup.Count(x => (x.RemediationStatusId ?? defaultStatusValue) == status.Value),
Color = threatLevelGroup.Key.Color
};
series.Data.Add(data);
}
highchart.Series.Add(series);
}
// Decrypt the risk name and assign it as the title of the Highchart
highchart.Name = chartPhase.Name;
highcharts.Add(chartPhase.Id, highchart);
}
dashboard.MitigationSummaryRisksByPhase = highcharts;
}
private void MapMitigationSummaryRisksAndVulns(int engagementId, List <RiskEntity> riskEntities, List <PhaseEntity> phaseEntities, Dashboard dashboard)
{
var highcharts = new Dictionary <int, Highchart>();
var chartPhases = phaseEntities.ToList();
// The first item should always be "All Phases" -- a complete list of Risks from all the Phases together.
// Build up a list of RiskEntities
var risksForAllPhases = new List <RiskEntity>();
foreach (var chartPhase in chartPhases)
{
foreach (var riskEntity in chartPhase.Risks)
{
risksForAllPhases.Add(riskEntity);
}
}
var vulnsForAllPhases = new List <VulnerabilityEntity>();
vulnsForAllPhases = _vulnerabilityRepository.GetByEngagementId(engagementId).ToList();
// Create a new chartPhase for our "All Phases" chart
var allPhasesEntity = new PhaseEntity();
allPhasesEntity.Id = 0;
allPhasesEntity.Name = "All Phases";
// Add the complete list of RiskEntities to the new chartPhase
allPhasesEntity.Risks = risksForAllPhases.ToList();
allPhasesEntity.Vulnerabilities = vulnsForAllPhases.ToList();
// Unshift the "All Phases" chartPhase onto the beginning of our array of chartPhases
chartPhases.Insert(0, allPhasesEntity);
// Now we can create our array of Highcharts
foreach (var chartPhase in chartPhases)
{
var highchart = new NamedHighchart();
var risksSeries = new Series
{
YAxis = 1,
Name = "Risks",
Color = "rgb(241,194,34)",
Type = "spline"
};
var vulnsSeries = new Series
{
Name = "Vulnerabilities",
Color = "#009ac7",
Type = "column"
};
var vulnsByPhase = vulnsForAllPhases.Where(x => x.PhaseId == chartPhase.Id).ToList();
if (chartPhase.Risks.Count == 0 && vulnsByPhase.Count == 0)
{
continue;
}
var defaultStatusValue = MitigationStatus.NotMitigated.Value;
foreach (var status in MitigationStatus.List)
{
var risksByMitigationStatusCount = chartPhase.Risks.Count(x => x.RemediationStatusId == status.Value);
var vulnsByMitigationStatusCount = vulnsByPhase.Count(x => x.RemediationStatusId == status.Value);
if (chartPhase.Id == 0)
{
vulnsByMitigationStatusCount = vulnsForAllPhases.Count(x => x.RemediationStatusId == status.Value);
}
var risksData = new Data
{
Name = status.Name,
Value = risksByMitigationStatusCount,
Color = "rgb(241,194,34)"
};
var vulnsData = new Data
{
Name = status.Name,
Value = vulnsByMitigationStatusCount,
Color = "#009ac7"
};
vulnsSeries.Data.Add(vulnsData);
risksSeries.Data.Add(risksData);
}
highchart.Series.Add(vulnsSeries);
highchart.Series.Add(risksSeries);
// Decrypt the risk name and assign it as the title of the Highchart
highchart.Name = chartPhase.Name;
highcharts.Add(chartPhase.Id, highchart);
}
dashboard.MitigationSummaryRisksAndVulns = highcharts;
}
private void MapMitigationSummaryVulnsByRisk(List <RiskEntity> riskEntities, Dashboard dashboard)
{
var highcharts = new Dictionary <int, Highchart>();
// The first item should always be "All Risks" -- a complete list of unique RiskVulns from all the risks together.
// Build up a list of RiskVulns
var allRiskVulns = new List <RiskVulnerabilityEntity>();
foreach (var riskEntity in riskEntities)
{
allRiskVulns.AddRange(riskEntity.RiskVulnerabilities);
}
// Create a new RiskEntity for our "All Risks" chart
var allRisksEntity = new RiskEntity();
allRisksEntity.Id = 0;
allRisksEntity.NameBytes = Encrypt("All Risks");
// Add the complete list of distinct RiskVulns to the new RiskEntity
allRisksEntity.RiskVulnerabilities = allRiskVulns.ToList();
// Unshift the "All Risks" RiskEntity onto the beginning of our array of risks
riskEntities.Insert(0, allRisksEntity);
// Now we can create our array of Highcharts
foreach (var riskEntity in riskEntities)
{
var highchart = new NamedHighchart();
var vulnerabilitiesByThreatLevel = riskEntity.RiskVulnerabilities
.Select(x => x.Vulnerability)
.OrderBy(x => x.CvssScore)
.GroupBy(x => ThreatLevel.LookupByValue(x.CvssScore))
.ToList();
// Skip this risk entity if there are no vulns associated with it
if (vulnerabilitiesByThreatLevel.Count == 0)
{
continue;
}
// Add each Severity bar in our three-bar columns (Moderate Severity, High Severity, Very High Severity)
foreach (var threatLevelGroup in vulnerabilitiesByThreatLevel)
{
var series = new Series
{
Name = threatLevelGroup.Key.Name + " Severity",
Color = threatLevelGroup.Key.Color
};
// Guard against the Remediation Status being null
var defaultStatusValue = MitigationStatus.NotMitigated.Value;
// Add the data for each Remediation Status (Not Mitigated, Mitigation in Progress, etcetera)
foreach (var status in MitigationStatus.List)
{
var data = new Data
{
Name = status.Name,
Value = threatLevelGroup.Count(x => (x.RemediationStatusId ?? defaultStatusValue) == status.Value),
Color = threatLevelGroup.Key.Color
};
series.Data.Add(data);
}
highchart.Series.Add(series);
}
// Decrypt the risk name and assign it as the title of the Highchart
highchart.Name = Decrypt <string>(riskEntity.NameBytes);
highcharts.Add(riskEntity.Id, highchart);
}
dashboard.MitigationSummaryRisks = highcharts;
}
