private int ImportFlowTemplates([NotNull] ThreatModel source, [NotNull] IThreatModel target)
{
int result = 0;
var connectors = source.FlowTypes?
.Where(x => !x.IsGeneric)
.ToArray();
if (connectors?.Any() ?? false)
{
var schemaManager = new ObjectPropertySchemaManager(target);
var baseSchema = new BaseFlowPropertySchemaManager(target).GetSchema();
foreach (var connector in connectors)
{
var template = target.AddFlowTemplate(connector.Name, connector.Description);
if (template != null)
{
result++;
InitializeBaseSchema(template, baseSchema);
schemaManager.SetObjectId(template, connector.TypeId);
var properties = connector.Properties?.ToArray();
AddProperties(target, connector.Name, Scope.DataFlow, baseSchema, template, properties);
}
}
}
return(result);
}
private ITrustBoundaryTemplate GetTrustBoundaryTemplate(string id)
{
var schemaManager = new ObjectPropertySchemaManager(_target);
return(_target.TrustBoundaryTemplates?.FirstOrDefault(x =>
string.CompareOrdinal(id, schemaManager.GetObjectId(x)) == 0));
}
private int ImportDataFlows([NotNull] ThreatModel source, [NotNull] IThreatModel target)
{
int result = 0;
var flows = source.Flows?.ToArray();
if (flows?.Any() ?? false)
{
var schemaManager = new ObjectPropertySchemaManager(target);
var baseSchema = new BaseFlowPropertySchemaManager(target).GetSchema();
foreach (var flow in flows)
{
var sourceEntity = GetEntity(flow.SourceGuid.ToString(), target, schemaManager);
var targetEntity = GetEntity(flow.TargetGuid.ToString(), target, schemaManager);
if (sourceEntity != null && targetEntity != null)
{
var flowTemplate = target.FlowTemplates?.FirstOrDefault(x =>
string.CompareOrdinal(schemaManager.GetObjectId(x), flow.TypeId) == 0);
var secondarySchema = flowTemplate != null?
target.GetSchema(flowTemplate.Name, Resources.DefaultNamespace) : null;
var dataFlow = flowTemplate != null?flowTemplate.CreateFlow(flow.Name, sourceEntity.Id, targetEntity.Id) :
target.AddDataFlow(flow.Name, sourceEntity.Id, targetEntity.Id);
if (dataFlow != null)
{
schemaManager.SetObjectId(dataFlow, flow.TypeId);
schemaManager.SetInstanceId(dataFlow, flow.FlowId.ToString());
var properties = flow.Properties?.ToArray();
AddProperties(target, baseSchema, secondarySchema, dataFlow, properties);
}
IDiagram diagram = target.Diagrams?.FirstOrDefault(x =>
string.CompareOrdinal(x.Name, flow.PageName) == 0);
diagram?.AddLink(dataFlow);
result++;
}
}
}
return(result);
}
private IDataFlow GetDataFlow([Required] string msDataFlowId, [NotNull] IThreatModel model,
[NotNull] ObjectPropertySchemaManager schemaManager)
{
IDataFlow result = null;
var dataFlows = model.DataFlows?.ToArray();
if (dataFlows != null)
{
foreach (var dataFlow in dataFlows)
{
var id = schemaManager.GetInstanceId(dataFlow);
if (string.CompareOrdinal(id, msDataFlowId) == 0)
{
result = dataFlow;
break;
}
}
}
return(result);
}
private IEntity GetEntity([Required] string msEntityId, [NotNull] IThreatModel model,
[NotNull] ObjectPropertySchemaManager schemaManager)
{
IEntity result = null;
var entities = model.Entities?.ToArray();
if (entities != null)
{
foreach (var entity in entities)
{
var id = schemaManager.GetInstanceId(entity);
if (string.CompareOrdinal(id, msEntityId) == 0)
{
result = entity;
break;
}
}
}
return(result);
}
private void ImportThreats([NotNull] ThreatModel source, [NotNull] IThreatModel target,
Func <IThreatModel, Threat, IThreatType, IPropertySchema, bool> unassignedThreatHandler,
out int threatTypes, out int customThreatTypes, out int threats, out int missingThreats)
{
threatTypes = 0;
customThreatTypes = 0;
threats = 0;
missingThreats = 0;
var threatsPerType = source.ThreatsPerType;
if (threatsPerType?.Any() ?? false)
{
var schema = new ThreatsPropertySchemaManager(target).GetSchema();
InitializeThreatsPropertySchema(schema, source.Properties);
var schemaManager = new ObjectPropertySchemaManager(target);
var defaultSeverity = target.GetMappedSeverity(0);
foreach (var threatPerType in threatsPerType)
{
var tt = source.GetThreatType(threatPerType.Key);
IThreatType threatType = null;
if (!string.IsNullOrWhiteSpace(tt.Name))
{
ISeverity severity;
if (Enum.TryParse <DefaultSeverity>(tt.Priority, out var severityId))
{
severity = target.GetMappedSeverity((int)severityId);
}
else
{
severity = target.GetMappedSeverity((int)DefaultSeverity.High);
}
threatType = target.AddThreatType(tt.Name, severity);
if (threatType != null)
{
threatType.Description = tt.Description;
var threatTypeProperties = tt.Properties?.ToArray();
if (threatTypeProperties?.Any() ?? false)
{
foreach (var property in threatTypeProperties)
{
switch (property.Name)
{
case "Title":
break;
case "UserThreatDescription":
break;
case "Priority":
break;
default:
var propertyType = schema.GetPropertyType(property.Label);
if (propertyType != null)
{
threatType.AddProperty(propertyType, property.Values.FirstOrDefault());
}
break;
}
}
}
threatTypes++;
}
else
{
threatType = target.ThreatTypes?
.FirstOrDefault(x => string.CompareOrdinal(x.Name, tt.Name) == 0);
}
}
else
{
var internalThreats = threatPerType.Value;
if (internalThreats.Any())
{
foreach (var internalThreat in internalThreats)
{
threatType = target.AddThreatType(internalThreat.ToString(), defaultSeverity);
if (threatType != null)
{
threatType.Description = internalThreat.GetValueFromLabel("Description");
customThreatTypes++;
}
else
{
threatType = target.ThreatTypes?.FirstOrDefault(x =>
string.CompareOrdinal(x.Name, internalThreat.ToString()) == 0);
}
break;
}
}
}
if (threatType != null)
{
CreateGenerationRule(source, tt, threatType);
foreach (var threat in threatPerType.Value)
{
var flow = GetDataFlow(threat.FlowGuid.ToString(), target, schemaManager);
if (flow != null)
{
var threatEvent = flow.AddThreatEvent(threatType);
if (threatEvent != null)
{
AddProperties(threatEvent, threat, schema);
threats++;
}
else
{
missingThreats++;
}
}
else
{
if (unassignedThreatHandler != null)
{
if (unassignedThreatHandler(target, threat, threatType, schema))
{
threats++;
}
else
{
missingThreats++;
}
}
else
{
var threatEvent = target.AddThreatEvent(threatType);
if (threatEvent != null)
{
AddProperties(threatEvent, threat, schema);
threats++;
}
else
{
missingThreats++;
}
}
}
}
}
}
}
}
private void ImportElements([NotNull] ThreatModel source, [NotNull] IThreatModel target, float dpiFactor,
out int diagrams, out int externalInteractors, out int processes, out int dataStores, out int trustBoundaries)
{
diagrams = 0;
externalInteractors = 0;
processes = 0;
dataStores = 0;
trustBoundaries = 0;
var elements = source.Elements?
.OrderBy(x => (int)x.Value.ElementType)
.ToArray();
if (elements?.Any() ?? false)
{
var schemaManager = new ObjectPropertySchemaManager(target);
IEntity entity;
ITrustBoundary boundary;
IEntityTemplate entityTemplate;
ITrustBoundaryTemplate trustBoundaryTemplate;
IPropertySchema schema;
IPropertySchema secondarySchema;
var baseEISchema = new BaseExternalInteractorPropertySchemaManager(target).GetSchema();
var basePSchema = new BaseProcessPropertySchemaManager(target).GetSchema();
var baseDSSchema = new BaseDataStorePropertySchemaManager(target).GetSchema();
var baseTBSchema = new BaseTrustBoundaryPropertySchemaManager(target).GetSchema();
foreach (var element in elements)
{
switch (element.Value.ElementType)
{
case ElementType.StencilRectangle:
entityTemplate = target.EntityTemplates?.FirstOrDefault(x =>
string.CompareOrdinal(schemaManager.GetObjectId(x), element.Value.TypeId) == 0);
entity = entityTemplate != null?entityTemplate.CreateEntity(element.Value.Name) :
target.AddEntity <IExternalInteractor>(element.Value.Name);
boundary = null;
schema = baseEISchema;
secondarySchema = entityTemplate != null?
target.GetSchema(entityTemplate.Name, Resources.DefaultNamespace) : null;
externalInteractors++;
break;
case ElementType.StencilEllipse:
entityTemplate = target.EntityTemplates?.FirstOrDefault(x =>
string.CompareOrdinal(schemaManager.GetObjectId(x), element.Value.TypeId) == 0);
entity = entityTemplate != null?entityTemplate.CreateEntity(element.Value.Name) :
target.AddEntity <IProcess>(element.Value.Name);
boundary = null;
schema = basePSchema;
secondarySchema = entityTemplate != null?
target.GetSchema(entityTemplate.Name, Resources.DefaultNamespace) : null;
processes++;
break;
case ElementType.StencilParallelLines:
entityTemplate = target.EntityTemplates?.FirstOrDefault(x =>
string.CompareOrdinal(schemaManager.GetObjectId(x), element.Value.TypeId) == 0);
entity = entityTemplate != null?entityTemplate.CreateEntity(element.Value.Name) :
target.AddEntity <IDataStore>(element.Value.Name);
boundary = null;
schema = baseDSSchema;
secondarySchema = entityTemplate != null?
target.GetSchema(entityTemplate.Name, Resources.DefaultNamespace) : null;
dataStores++;
break;
case ElementType.BorderBoundary:
case ElementType.LineBoundary:
trustBoundaryTemplate = target.TrustBoundaryTemplates?.FirstOrDefault(x =>
string.CompareOrdinal(schemaManager.GetObjectId(x), element.Value.TypeId) == 0);
entity = null;
boundary = trustBoundaryTemplate != null?trustBoundaryTemplate.CreateTrustBoundary(element.Value.Name) :
target.AddGroup <ITrustBoundary>(element.Value.Name);
schema = baseTBSchema;
secondarySchema = trustBoundaryTemplate != null?
target.GetSchema(trustBoundaryTemplate.Name, Resources.DefaultNamespace) : null;
trustBoundaries++;
break;
default:
entity = null;
boundary = null;
schema = null;
secondarySchema = null;
break;
}
if (entity != null)
{
schemaManager.SetObjectId(entity, element.Value.TypeId);
schemaManager.SetInstanceId(entity, element.Key.ToString());
var properties = element.Value.Properties?.ToArray();
AddProperties(target, schema, secondarySchema, entity, properties);
var diagram = target.Diagrams?.FirstOrDefault(x =>
string.CompareOrdinal(x.Name, element.Value.Page) == 0);
if (diagram == null)
{
diagram = target.AddDiagram(element.Value.Page);
diagrams++;
}
diagram.AddEntityShape(entity.Id,
new PointF((element.Value.Position.X + element.Value.Size.Width / 2f) * dpiFactor, (element.Value.Position.Y + element.Value.Size.Height / 2f) * dpiFactor));
}
else if (boundary != null)
{
schemaManager.SetObjectId(boundary, element.Value.TypeId);
schemaManager.SetInstanceId(boundary, element.Key.ToString());
var properties = element.Value.Properties?.ToArray();
AddProperties(target, schema, secondarySchema, entity, properties);
if (element.Value.ElementType == ElementType.BorderBoundary)
{
var diagram = target.Diagrams?.FirstOrDefault(x =>
string.CompareOrdinal(x.Name, element.Value.Page) == 0);
if (diagram == null)
{
diagram = target.AddDiagram(element.Value.Page);
diagrams++;
}
diagram.AddGroupShape(boundary.Id,
new PointF((element.Value.Position.X + element.Value.Size.Width / 2f) * dpiFactor, (element.Value.Position.Y + element.Value.Size.Height / 2f) * dpiFactor),
new SizeF(element.Value.Size.Width * dpiFactor, element.Value.Size.Height * dpiFactor));
}
}
}
}
}
private int ImportEntityTemplates([NotNull] ThreatModel source, [NotNull] IThreatModel target)
{
int result = 0;
var elements = source.ElementTypes?
.Where(x => !x.IsGeneric)
.ToArray();
if (elements?.Any() ?? false)
{
var schemaManager = new ObjectPropertySchemaManager(target);
IEntityTemplate entityTemplate;
ITrustBoundaryTemplate trustBoundaryTemplate;
Interfaces.Scope scope;
IPropertySchema baseSchema;
var baseEISchema = new BaseExternalInteractorPropertySchemaManager(target).GetSchema();
var basePSchema = new BaseProcessPropertySchemaManager(target).GetSchema();
var baseDSSchema = new BaseDataStorePropertySchemaManager(target).GetSchema();
var baseTBSchema = new BaseTrustBoundaryPropertySchemaManager(target).GetSchema();
foreach (var element in elements)
{
switch (element.ElementType)
{
case ElementType.StencilRectangle:
entityTemplate = target.AddEntityTemplate(element.Name, element.Description,
element.Image, element.Image, element.Image,
EntityType.ExternalInteractor);
trustBoundaryTemplate = null;
scope = Scope.ExternalInteractor;
baseSchema = baseEISchema;
result++;
break;
case ElementType.StencilEllipse:
entityTemplate = target.AddEntityTemplate(element.Name, element.Description,
element.Image, element.Image, element.Image,
EntityType.Process);
trustBoundaryTemplate = null;
scope = Scope.Process;
baseSchema = basePSchema;
result++;
break;
case ElementType.StencilParallelLines:
entityTemplate = target.AddEntityTemplate(element.Name, element.Description,
element.Image, element.Image, element.Image,
EntityType.DataStore);
trustBoundaryTemplate = null;
scope = Scope.DataStore;
baseSchema = baseDSSchema;
result++;
break;
case ElementType.LineBoundary:
case ElementType.BorderBoundary:
entityTemplate = null;
trustBoundaryTemplate = target.AddTrustBoundaryTemplate(element.Name, element.Description);
scope = Scope.TrustBoundary;
baseSchema = baseTBSchema;
result++;
break;
default:
entityTemplate = null;
trustBoundaryTemplate = null;
scope = Scope.Undefined;
baseSchema = null;
break;
}
if (entityTemplate != null)
{
InitializeBaseSchema(entityTemplate, baseSchema);
schemaManager.SetObjectId(entityTemplate, element.TypeId);
var properties = element.Properties?.ToArray();
AddProperties(target, element.Name, scope, baseSchema, entityTemplate, properties);
}
else if (trustBoundaryTemplate != null)
{
InitializeBaseSchema(trustBoundaryTemplate, baseSchema);
schemaManager.SetObjectId(trustBoundaryTemplate, element.TypeId);
var properties = element.Properties?.ToArray();
AddProperties(target, element.Name, scope, baseSchema, trustBoundaryTemplate, properties);
}
}
}
return(result);
}
