private void saveandclose()
{
if (ToListBox.SelectedItems == null || ToListBox.SelectedItems.Count == 0 || FromListBox.SelectedItems == null || FromListBox.SelectedItems.Count == 0)
{
MessageBox.Show("You didn't select either a to or a from observable to connect via the relationship", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
else if (RelationshipTypeDropDown.SelectedItem == null)
{
MessageBox.Show("Select a relationship type", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
else
{
foreach (ObservableObject to in ToListBox.SelectedItems)
{
foreach (ObservableObject from in FromListBox.SelectedItems)
{
ObservableRelationship r = new ObservableRelationship(to.ID, from.ID, (ObservableRelationshipType)Enum.Parse(typeof(ObservableRelationshipType), RelationshipTypeDropDown.SelectedItem.ToString(), true));
collection.Relationships.Add(r);
}
}
}
this.DialogResult = DialogResult.OK;
this.Close();
}
/// <summary>
/// Loads the STIX collection from a textual Base64 encoded IIRIOC file.
/// Try/catches mean any issues with the load or the file will cause the method to return a null collection
/// and the gui will process
/// </summary>
/// <param name="filepath">The filepath to load</param>
/// <returns>A stix collection or null if errors</returns>
public static ObservableCollection LoadFromBasicFile(string filepath)
{
//return ReadFromBinaryFile<ObservableCollection>(filepath);
ObservableCollection col = new ObservableCollection();
//Used to extract the file version. Will be used in furture to load differently if we change the way the file is structured etc.
String FileVersion = "";
//Load the Base64 into memory and convert it - present a stream to read
string filecontents = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(File.ReadAllText(filepath)));
MemoryStream stream = new MemoryStream();
StreamWriter writer = new StreamWriter(stream);
writer.Write(filecontents);
writer.Flush();
stream.Position = 0;
try
{
//using (StreamReader r = new StreamReader(filepath))
using (StreamReader r = new StreamReader(stream))
{
//Read the header and get the version
string line = r.ReadLine();
if (!line.StartsWith("Athena-IOC-Collection-File-"))
{
return(null);
}
FileVersion = line.Substring("Athena-IOC-Collection-File-".Length);
//Get the ID of the whole collection
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.ID = line.Substring(3);
}
else
{
return(null);
}
//Get the incident ID
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.IncidentID = line.Substring(3);
}
else
{
return(null);
}
//Get the reporting org
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.ReportingOrganisation = line.Substring(3);
}
else
{
return(null);
}
//Get the incident name
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.IncidentName = line.Substring(3);
}
else
{
return(null);
}
//Get the initial compromise date
line = r.ReadLine();
if (line.StartsWith("|||"))
{
line = line.Substring(3);
if (line.Length > 1)
{
col.InitialCompromise = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture);
}
}
else
{
return(null);
}
//Get the Incident Discovered date
line = r.ReadLine();
if (line.StartsWith("|||"))
{
line = line.Substring(3);
if (line.Length > 1)
{
col.IncidentDiscovered = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture);
}
}
else
{
return(null);
}
//Get the Incident Reported data
line = r.ReadLine();
if (line.StartsWith("|||"))
{
line = line.Substring(3);
if (line.Length > 1)
{
col.IncidentReported = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture);
}
}
else
{
return(null);
}
//Get the incident resolved date
line = r.ReadLine();
if (line.StartsWith("|||"))
{
line = line.Substring(3);
if (line.Length > 1)
{
col.IncidentResolved = DateTime.ParseExact(line, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture);
}
}
else
{
return(null);
}
//Get the incident title
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.IncidentTitle = line.Substring(3);
}
else
{
return(null);
}
//Get the reported by
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.ReportedBy = line.Substring(3);
}
else
{
return(null);
}
//Get the Responder name
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.Responder = line.Substring(3);
}
else
{
return(null);
}
//Get the incident effect name
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.IncidentEffect = line.Substring(3);
}
else
{
return(null);
}
//Get the incident description
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.IncidentDescription = line.Substring(3).Replace("\\r", "\r").Replace("\\n", "\n");
}
else
{
return(null);
}
//Get the incident confidence
line = r.ReadLine();
if (line.StartsWith("|||"))
{
col.Confidence = line.Substring(3);
}
else
{
return(null);
}
//Load each of the observables
line = r.ReadLine();
while (line == "|AthenaObservable|")
{
string oid, otitle, odesc;
ObservableObject.ObservableType otype;
//Get the observable ID
line = r.ReadLine();
if (line.StartsWith("|||"))
{
oid = line.Substring(3);
}
else
{
return(null);
}
//Get the observable title
line = r.ReadLine();
if (line.StartsWith("|||"))
{
otitle = line.Substring(3);
}
else
{
return(null);
}
//Get the observable description
line = r.ReadLine();
if (line.StartsWith("|||"))
{
odesc = line.Substring(3).Replace("\\r", "\r").Replace("\\n", "\n");
}
else
{
return(null);
}
//Get the observable type
//If it doesnt match a defined type the whole load will fail
line = r.ReadLine();
if (line.StartsWith("|||"))
{
if (!Enum.TryParse(line.Substring(3), out otype))
{
return(null);
}
}
else
{
return(null);
}
//Create a new object and set the values we just loaded - done this way to make sure the constructor runs with the right values
ObservableObject ox = new ObservableObject(otype, ref col);
ox.Description = odesc;
ox.ID = oid;
ox.Title = otitle;
//Get all the fields for the current observable
line = r.ReadLine();
while (line.StartsWith("|AthenaObservableField|:"))
{
string[] split = line.Substring("| AthenaObservableField |:".Length).Split(new string[] { "|||" }, StringSplitOptions.None);
ox.Fields.Find(x => x.FieldName == split[1]).ID = split[0];
ox.Fields.Find(x => x.FieldName == split[1]).Value = split[2];
line = r.ReadLine();
}
col.Observables.Add(ox);
}
//Get all the relationships
while (line == "|AthenaRelationship|")
{
string rid, rto, rfrom;
ObservableRelationshipType rtype;
//Get the relationship ID
line = r.ReadLine();
if (line.StartsWith("|||"))
{
rid = line.Substring(3);
}
else
{
return(null);
}
//Get the "to" ID
line = r.ReadLine();
if (line.StartsWith("|||"))
{
rto = line.Substring(3);
}
else
{
return(null);
}
//Get the "from" ID
line = r.ReadLine();
if (line.StartsWith("|||"))
{
rfrom = line.Substring(3);
}
else
{
return(null);
}
//Get the type of the relationship (will fail if it isn't a valid type)
line = r.ReadLine();
if (line.StartsWith("|||"))
{
if (!Enum.TryParse(line.Substring(3), out rtype))
{
return(null);
}
}
else
{
return(null);
}
ObservableRelationship ro = new ObservableRelationship(rto, rfrom, rtype);
ro.RelationshipID = rid;
//Add the relationship to the collection
col.Relationships.Add(ro);
//Advance the reader
line = r.ReadLine();
}
}
}
catch (Exception exep)
{
//Return a null object if any errors are encountered
return(null);
}
return(col);
}
