private static bool ApplyThreatType([NotNull] IIdentity identity, [NotNull] IThreatType threatType, [NotNull] IJsonSerializableObjectPropertyType propertyType) { bool result = false; var property = threatType.GetProperty(propertyType); if (property is IPropertyJsonSerializableObject jsonProperty && jsonProperty.Value is SelectionRule rule && rule.Evaluate(identity) && identity is IThreatEventsContainer container) { var threatEvent = container.AddThreatEvent(threatType); if (threatEvent == null) { threatEvent = container.ThreatEvents.FirstOrDefault(x => x.ThreatTypeId == threatType.Id); } else { result = true; } if (threatEvent != null) { result |= threatEvent.ApplyMitigations(propertyType); } } return(result); }
public PropertyJsonSerializableObject([NotNull] IThreatModel model, [NotNull] IJsonSerializableObjectPropertyType propertyType) : this() { _id = Guid.NewGuid(); _modelId = model.Id; _model = model; PropertyTypeId = propertyType.Id; }
private static bool ApplyThreatTypes([NotNull] IIdentity identity, [NotNull] IEnumerable <IThreatType> threatTypes, [NotNull] IJsonSerializableObjectPropertyType propertyType) { bool result = false; foreach (var threatType in threatTypes) { result |= ApplyThreatType(identity, threatType, propertyType); } return(result); }
public static bool ApplyMitigations(this IThreatEvent threatEvent, IJsonSerializableObjectPropertyType propertyType = null) { bool result = false; if (threatEvent.ThreatType is IThreatType threatType && threatEvent.Model is IThreatModel model && threatEvent.Parent is IIdentity identity) { if (propertyType == null) { var schemaManager = new AutoThreatGenPropertySchemaManager(model); propertyType = schemaManager.GetPropertyType() as IJsonSerializableObjectPropertyType; } if (propertyType != null) { var mitigations = threatType.Mitigations?.ToArray(); if (mitigations?.Any() ?? false) { ISeverity maximumSeverity = null; var generated = false; foreach (var mitigation in mitigations) { var mProperty = mitigation.GetProperty(propertyType); if (mProperty is IPropertyJsonSerializableObject jsonMProperty && jsonMProperty.Value is MitigationSelectionRule mRule && mRule.Evaluate(identity)) { var strength = mitigation.Strength; if (mRule.StrengthId.HasValue && model.GetStrength(mRule.StrengthId.Value) is IStrength strengthOverride) { strength = strengthOverride; } if (mRule.Status.HasValue) { generated = (threatEvent.AddMitigation(mitigation.Mitigation, strength, mRule.Status.Value) != null); } else { generated = (threatEvent.AddMitigation(mitigation.Mitigation, strength) != null); } result |= generated; if (generated && mRule.SeverityId.HasValue && model.GetSeverity(mRule.SeverityId.Value) is ISeverity severity && (maximumSeverity == null || maximumSeverity.Id > severity.Id)) { maximumSeverity = severity; } } } if (maximumSeverity != null && maximumSeverity.Id < threatEvent.SeverityId) { threatEvent.Severity = maximumSeverity; } } } } return(result); }