internal void UpdateAssetSoas(List <Contracts.Asset.AssetSoaList> soas)
{
if (soas == null || soas.Count() == 0)
{
return;
}
var assetIds = soas.Select(s => s.AssetId).Distinct();
if (assetIds.Count() != 1)
{
throw new ArgumentException("Incorrect number of asset", "AssetId");
}
var assetId = assetIds.First();
using (var db = new RAAPEntities(GetConnectionString()))
{
var dbAssetSoas = db.Asset_SoaChapter.Where(a => a.AssetId == assetId).ToDictionary(a => a.SoaId); //Load them into memory
var assetSoas = soas.SelectMany(a => a.AssetSoas).ToDictionary(a => a.SoaId);
foreach (var item in assetSoas)
{
if (dbAssetSoas.ContainsKey(item.Key))
{
UpdateDbAssetSoa(dbAssetSoas[item.Key], item.Value);
dbAssetSoas.Remove(item.Key);
}
else
{
db.Asset_SoaChapter.Add(item.Value.ToDataModel(assetId));
}
}
db.Asset_SoaChapter.RemoveRange(dbAssetSoas.Values);
db.SaveChanges();
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = db.Attributes.FirstOrDefault(a => a.AttributeId == id);
if (item == null)
{
throw new RAAPNotFoundException("Item not found.");
}
if (item.AttributeLinks.Any())
{
var errorMessage = "Please remove the usage of this item on the following causes:" + Environment.NewLine;
errorMessage = item.AttributeLinks.Aggregate(errorMessage, (current, subItem) => current + (" - " + subItem.Attribute1.Name + Environment.NewLine));
throw new RAAPConflictException(errorMessage);
}
if (item.Threats.Any())
{
var errorMessage = "Please remove the usage of this item on the following threats:" + Environment.NewLine;
errorMessage = item.Threats.Aggregate(errorMessage, (current, subItem) => current + (" - " + subItem.Name + Environment.NewLine));
throw new RAAPConflictException(errorMessage);
}
db.AttributeLinks.RemoveRange(item.AttributeLinks1.ToList());
db.Attributes.Remove(item);
db.SaveChanges();
}
}
public Contracts.Soa.SoaFile AddFile(int soaChapterId, string fileName, bool masterDb = false)
{
fileName = Path.GetFileName(fileName);
var dbFile = new SoaFile()
{
SoaChapterId = soaChapterId,
FileName = fileName,
Guid = Guid.NewGuid()
};
if (masterDb)
{
using (var db = new RAAPMasterEntities())
{
db.SoaFiles.Add(dbFile);
db.SaveChanges();
return(dbFile.ToContract());
}
}
else
{
using (var db = new RAAPEntities(GetConnectionString()))
{
db.SoaFiles.Add(dbFile);
db.SaveChanges();
return(dbFile.ToContract());
}
}
}
public Contracts.AttributeCategory.AttributeCategory Create(Contracts.AttributeCategory.CreateAttributeCategory create)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var category = create.ToDataModel();
db.AttributeCategories.Add(category);
db.SaveChanges();
return(category.ToContract());
}
}
public Contracts.Attribute.Attribute Create(CreateAttribute create)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = create.ToDataModel();
AddNewChildAttributes(db, item, create.ChildAttributes.ToArray());
db.Attributes.Add(item);
db.SaveChanges();
return(new Attribute());
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Incidents.FirstOrDefault(a => a.IncidentId == id);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.Incidents.Remove(process);
db.SaveChanges();
}
}
public void DeleteCatalog(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var vulnerabilityCatalog = db.VulnerabilityCatalogs.FirstOrDefault(a => a.VulnerabilityCatalogId == id);
if (vulnerabilityCatalog == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.VulnerabilityCatalogs.Remove(vulnerabilityCatalog);
db.SaveChanges();
}
}
public Contracts.ProcessCategory.ProcessCategory Update(Contracts.ProcessCategory.UpdateProcessCategory updateProcessCategory)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var ProcessCategory = db.ProcessCategories.FirstOrDefault(a => a.ProcessCategoryId == updateProcessCategory.ProcessCategoryId);
if (ProcessCategory == null)
{
throw new RAAPNotFoundException("Item not found.");
}
ProcessCategory.ApplyUpdate(updateProcessCategory);
db.SaveChanges();
return(ProcessCategory.ToContract());
}
}
public Contracts.Vulnerability.VulnerabilityCatalog UpdateCatalog(Contracts.Vulnerability.UpdateVulnerabilityCatalog updateVulnerabilityCatalog)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var vulnerabilityCatalog = db.VulnerabilityCatalogs.FirstOrDefault(a => a.VulnerabilityCatalogId == updateVulnerabilityCatalog.VulnerabilityId);
if (vulnerabilityCatalog == null)
{
throw new RAAPNotFoundException("Item not found.");
}
vulnerabilityCatalog.ApplyUpdate(updateVulnerabilityCatalog);
db.SaveChanges();
return(vulnerabilityCatalog.ToContract());
}
}
public Contracts.Vulnerability.Vulnerability Update(Contracts.Vulnerability.UpdateVulnerability updateVulnerability)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var Vulnerability = db.Vulnerabilities.Include("Controls").FirstOrDefault(a => a.VulnerabilityId == updateVulnerability.VulnerabilityId);
if (Vulnerability == null)
{
throw new RAAPNotFoundException("Item not found.");
}
Vulnerability.ApplyUpdate(updateVulnerability);
db.SaveChanges();
return(Vulnerability.ToContract());
}
}
public Contracts.Incident.Incident Update(Contracts.Incident.UpdateIncident updateIncident)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Incidents.FirstOrDefault(a => a.IncidentId == updateIncident.IncidentId);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
process.ApplyUpdate(updateIncident);
db.SaveChanges();
return(process.ToContract());
}
}
public void RemoveLink(int parentAttributeId, int attributeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var link = db.AttributeLinks.FirstOrDefault(al => al.ParentAttributeId == parentAttributeId && al.AttributeId == attributeId);
if (link == null)
{
return;
}
db.AttributeLinks.Remove(link);
db.SaveChanges();
}
}
public Contracts.ProcessCategory.ProcessCategory Create(Contracts.ProcessCategory.CreateProcessCategory createProcessCategory)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.ProcessCategories.Any(a => a.Name == createProcessCategory.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
var ProcessCategory = createProcessCategory.ToDataModel();
db.ProcessCategories.Add(ProcessCategory);
db.SaveChanges();
return(ProcessCategory.ToContract());
}
}
public Contracts.Vulnerability.Vulnerability Create(Contracts.Vulnerability.CreateVulnerability createVulnerability)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Vulnerabilities.Any(a => a.Name == createVulnerability.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
var Vulnerability = createVulnerability.ToDataModel();
db.Vulnerabilities.Add(Vulnerability);
db.SaveChanges();
return(Vulnerability.ToContract());
}
}
public Contracts.Control.Control Update(Contracts.Control.UpdateControl updateControl)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Controls.FirstOrDefault(a => a.ControlId == updateControl.ControlId);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateControl, db);
process.ApplyUpdate(updateControl, db);
db.SaveChanges();
return(process.ToContract(_userService));
}
}
public void DeleteRiskType(int riskTypeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var dbRiskType = db.RiskTypes.FirstOrDefault(r => r.RiskTypeId == riskTypeId);
if (dbRiskType == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.ControlRisks.RemoveRange(dbRiskType.ControlRisks.ToList());
db.ThreatRisks.RemoveRange(dbRiskType.ThreatRisks.ToList());
db.RiskTypes.Remove(dbRiskType);
db.SaveChanges();
}
}
public Contracts.Incident.Incident Create(Contracts.Incident.CreateIncident createIncident)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Incidents.Any(a => a.Name == createIncident.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
var process = createIncident.ToDataModel(db);
db.Incidents.Add(process);
db.SaveChanges();
return(process.ToContract());
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var threat = db.Threats.FirstOrDefault(a => a.ThreatId == id);
if (threat == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.ThreatRisks.RemoveRange(threat.ThreatRisks.ToList());
db.HtmlComments.RemoveRange(threat.HtmlComments.ToList());
threat.Attributes.Clear();
db.Threats.Remove(threat);
db.SaveChanges();
}
}
public void AddLink(int parentAttributeId, int attributeId)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var exists = db.AttributeLinks.Any(al => al.ParentAttributeId == parentAttributeId && al.AttributeId == attributeId);
if (exists)
{
return;
}
db.AttributeLinks.Add(new AttributeLink {
AttributeId = attributeId, ParentAttributeId = parentAttributeId
});
db.SaveChanges();
}
}
public Contracts.Attribute.Attribute Update(UpdateAttribute update)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var item = db.Attributes.FirstOrDefault(a => a.AttributeId == update.AttributeId);
if (item == null)
{
throw new RAAPNotFoundException("Item not found.");
}
item.ApplyUpdate(update);
RemoveChildAttributes(db, item, update.ChildAttributes.ToArray());
AddNewChildAttributes(db, item, update.ChildAttributes.ToArray());
db.SaveChanges();
return(new Attribute());
}
}
public Contracts.Control.Control Create(Contracts.Control.CreateControl createControl)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Controls.Any(a => a.Name == createControl.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
RiskCalculator.CheckRiskTypes(createControl, db);
var process = createControl.ToDataModel(db);
db.Controls.Add(process);
db.SaveChanges();
return(process.ToContract(_userService));
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Processes.FirstOrDefault(a => a.ProcessId == id);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
db.HtmlComments.RemoveRange(process.HtmlComments.ToList());
db.ThreatRisks.RemoveRange(process.ThreatRisks.ToList());
db.Risks.RemoveRange(process.Risks.ToList());
process.Assets.Clear();
db.Processes.Remove(process);
db.SaveChanges();
}
}
public void UpdateRiskType(Contracts.Risk.RiskType riskType)
{
if (string.IsNullOrWhiteSpace(riskType.Name))
{
throw new RAAPConflictException("Invalid/missing name");
}
using (var db = new RAAPEntities(GetConnectionString()))
{
var dbRiskType = db.RiskTypes.FirstOrDefault(r => r.RiskTypeId == riskType.RiskTypeId);
if (dbRiskType == null)
{
throw new RAAPNotFoundException("Item not found.");
}
dbRiskType.Name = riskType.Name;
dbRiskType.Description = riskType.Description;
db.SaveChanges();
}
}
public Contracts.Process.Process Update(Contracts.Process.UpdateProcess updateProcess)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var process = db.Processes.FirstOrDefault(a => a.ProcessId == updateProcess.ProcessId);
if (process == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateProcess, db);
process.ApplyUpdate(updateProcess, db);
RemoveUnusedAssets(process, updateProcess);
AddAssets(db, process, updateProcess.Assets);
RiskCalculator.CalculateRisk(process);
db.SaveChanges();
return(process.ToContract(_userService));
}
}
public Contracts.Threat.Threat Create(Contracts.Threat.CreateThreat createThreat)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
if (db.Threats.Any(a => a.Name == createThreat.Name))
{
throw new RAAPConflictException("Name is already in use, please try another name.");
}
RiskCalculator.CheckRiskTypes(createThreat, db);
RiskCalculator.CalculateRisk(createThreat);
var threat = createThreat.ToDataModel(db);
db.Threats.Add(threat);
AddControls(db, threat, createThreat.Controls);
db.SaveChanges();
return(threat.ToContract(_userService));
}
}
public void UpdateSoa(Contracts.Soa.Soa soa)
{
var types = soa.SoaChapters.Select(c => c.SoaType).Distinct();
if (types.Count() > 1)
{
throw new ArgumentException("Multiple SoA types", "SoaType");
}
var type = types.First();
var user = (ClaimsIdentity)HttpContext.Current.User.Identity;
var companyClaim = user.Claims.FirstOrDefault(c => c.Type == ClaimTypes.PrimaryGroupSid);
if (companyClaim != null)
{
var companyId = Convert.ToInt32(companyClaim.Value);
using (var db = new RAAPEntities(GetConnectionString()))
{
//Update settings
var settings = db.SoaSettings.FirstOrDefault(s => s.SoaType == type);
if (settings == null)
{
settings = new SoaSetting()
{
SoaType = type
};
db.SoaSettings.Add(settings);
}
settings.Relevant = soa.Enabled;
//Update existing
//Remove deleted
var dbSoas = db.Soas.Where(s => s.SoaType == type).ToDictionary(s => s.SoaId);
var soasLevel3 = soa.SoaChapters.SelectMany(s => s.SubChapters).SelectMany(s => s.SubChapters).ToList();
UpdateSoas(soasLevel3, dbSoas, db);
db.Soas.RemoveRange(dbSoas.Values);
soa.SoaChapters.Where(s => s.SoaId > 0).ForEach(s => dbSoas[s.SoaId].UpdateFrom(s, db));
//Add new
AddNewSoas(soasLevel3, companyId, db);
db.SaveChanges();
}
}
}
public Contracts.Threat.Threat Update(Contracts.Threat.UpdateThreat updateThreat)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var threat = db.Threats.Include("Controls").FirstOrDefault(a => a.ThreatId == updateThreat.ThreatId);
if (threat == null)
{
throw new RAAPNotFoundException("Item not found.");
}
RiskCalculator.CheckRiskTypes(updateThreat, db);
threat.ApplyUpdate(updateThreat, db);
RemoveUnusedControls(threat, updateThreat);
AddControls(db, threat, updateThreat.Controls);
RiskCalculator.ResetCalculatedRisk(threat);
RiskCalculator.CalculateRisk(threat);
db.SaveChanges();
return(threat.ToContract(_userService));
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var category = db.AttributeCategories.FirstOrDefault(a => a.AttributeCategoryId == id);
if (category == null)
{
throw new RAAPNotFoundException("Item not found.");
}
if (category.Attributes.Any())
{
var error = "Please remove this category from the following items:" + Environment.NewLine;
error = category.Attributes.Aggregate(error, (current, item) => current + (" - " + item.Name + " (" + item.AttributeTypeId + ")" + Environment.NewLine));
throw new RAAPConflictException(error);
}
db.AttributeCategories.Remove(category);
db.SaveChanges();
}
}
public void DeleteFile(Contracts.Soa.SoaFile file)
{
if (file.Template)
{
using (var db = new RAAPMasterEntities())
{
var dbFile = db.SoaFiles.FirstOrDefault(f => f.Guid == file.Guid);
db.SoaFiles.Remove(dbFile);
db.SaveChanges();
}
}
else
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var dbFile = db.SoaFiles.FirstOrDefault(f => f.Guid == file.Guid);
db.SoaFiles.Remove(dbFile);
db.SaveChanges();
}
}
}
public void Delete(int id)
{
using (var db = new RAAPEntities(GetConnectionString()))
{
var processCategory = db.ProcessCategories.FirstOrDefault(a => a.ProcessCategoryId == id);
if (processCategory == null)
{
throw new RAAPNotFoundException("Item not found.");
}
if (processCategory.Processes.Any())
{
var error = "Please remove this category from the following business processes: " + Environment.NewLine;
error = processCategory.Processes.Aggregate(error, (current, process) => current + (" - " + process.Name + Environment.NewLine));
throw new RAAPConflictException(error);
}
db.ProcessCategories.Remove(processCategory);
db.SaveChanges();
}
}