def endElement(self,name):
if name == 'intent':
self.inIntent = 0
elif name == 'definition':
self.inDefinition = 0
elif name == 'rationale':
self.inRationale = 0
elif name == 'motivation':
self.theMotivations.append((self.theGoal,self.theValue,self.theDescription))
self.resetMotivationElements()
elif name == 'participant':
self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities))
self.resetParticipantElements()
elif name == 'description':
self.inDescription = 0
if self.inImplementation:
self.inImplementation = 0
elif name == 'consequences':
self.inConsequences = 0
elif name == 'implementation':
self.inImplementation = 0
elif name == 'known_uses':
self.inKnownUses = 0
elif name == 'related_patterns':
self.inRelatedPatterns = 0
elif name == 'obstacle':
self.theObstacles.append( TemplateObstacleParameters(self.theObstacleName,self.theObstacleCategory,self.theDefinition,self.theConcerns,self.theResponsibilities,self.theProbability,self.theRationale))
self.resetObstacleElements()
elif name == 'obstacle_association':
self.theObstacleAssociations.append((self.theObstacleName,self.theRefType,self.theSubObstacleName,self.theRationale))
self.resetObstacleAssociationElements()
elif name == 'attack_pattern':
assetList = self.theTargets + self.theExploits
for assetName in assetList:
self.theAssetParameters.append(cairis.core.AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment]))
attackerNames = []
for attackerName,attackerMotives,attackerCapabilities in self.theParticipants:
attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona')
ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities)
p = AttackerParameters(attackerName,'','',[],[ep])
p.isPersona = True
self.theAttackerParameters.append(p)
attackerNames.append(attackerName)
for tObs in self.theObstacles:
sgRefs = []
for resp in tObs.responsibilities():
sgRefs.append((resp,'role','responsible',0,'None'))
ep = ObstacleEnvironmentProperties(self.theEnvironment,'',tObs.definition(),tObs.category(),[],sgRefs,tObs.concerns())
ep.theProbability = tObs.probability()
ep.theProbabilityRationale = tObs.probabilityRationale()
self.theObstacleParameters.append(ObstacleParameters(tObs.name(),self.thePatternName,[],[ep]))
for obsAssoc in self.theObstacleAssociations:
obsName = obsAssoc[0]
refType = obsAssoc[1]
subObsName = obsAssoc[2]
assocRationale = obsAssoc[3]
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,obsName,'obstacle',refType,subObsName,'obstacle',0,assocRationale))
vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits)
vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
vulData = vulRows[0]
self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp])
spDict = {}
spDict['confidentiality'] = (0,'None')
spDict['integrity'] = (0,'None')
spDict['availability'] = (0,'None')
spDict['accountability'] = (0,'None')
spDict['anonymity'] = (0,'None')
spDict['pseudonymity'] = (0,'None')
spDict['unlinkability'] = (0,'None')
spDict['unobservability'] = (0,'None')
for thrMotivation in self.theMotivations:
spName = thrMotivation[0]
spValue = thrMotivation[1]
spRationale = thrMotivation[2]
spDict[spName] = (a2i(spValue),spRationale)
cProperty,cRationale = spDict['confidentiality']
iProperty,iRationale = spDict['integrity']
avProperty,avRationale = spDict['availability']
acProperty,acRationale = spDict['accountability']
anProperty,anRationale = spDict['anonymity']
panProperty,panRationale = spDict['pseudonymity']
unlProperty,unlRationale = spDict['unlinkability']
unoProperty,unoRationale = spDict['unobservability']
tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale])
thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
thrData = thrRows[0]
self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp])
if (self.theAttackObstacle != ''):
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theAttackObstacle,'obstacle','or',self.theAttack,'threat',0,'None'))
if (self.theExploitObstacle != ''):
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theExploitObstacle,'obstacle','or',self.theExploit,'vulnerability',0,'None'))
rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation )
mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName)
self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[],self.theIntent)
def endElement(self,name):
if name == 'intent':
self.inIntent = 0
elif name == 'definition':
self.inDefinition = 0
elif name == 'rationale':
self.inRationale = 0
elif name == 'motivation':
self.theMotivations.append((self.theGoal,self.theValue,self.theDescription))
self.resetMotivationElements()
elif name == 'participant':
self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities))
self.resetParticipantElements()
elif name == 'description':
self.inDescription = 0
if self.inImplementation:
self.inImplementation = 0
elif name == 'consequences':
self.inConsequences = 0
elif name == 'implementation':
self.inImplementation = 0
elif name == 'known_uses':
self.inKnownUses = 0
elif name == 'related_patterns':
self.inRelatedPatterns = 0
elif name == 'obstacle':
self.theObstacles.append( TemplateObstacleParameters(self.theObstacleName,self.theObstacleCategory,self.theDefinition,self.theConcerns,self.theResponsibilities,self.theProbability,self.theRationale))
self.resetObstacleElements()
elif name == 'obstacle_association':
self.theObstacleAssociations.append((self.theObstacleName,self.theRefType,self.theSubObstacleName,self.theRationale))
self.resetObstacleAssociationElements()
elif name == 'attack_pattern':
assetList = self.theTargets + self.theExploits
for assetName in assetList:
self.theAssetParameters.append(AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment]))
attackerNames = []
for attackerName,attackerMotives,attackerCapabilities in self.theParticipants:
attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona')
ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities)
p = AttackerParameters(attackerName,'','',[],[ep])
p.isPersona = True
self.theAttackerParameters.append(p)
attackerNames.append(attackerName)
for tObs in self.theObstacles:
sgRefs = []
for resp in tObs.responsibilities():
sgRefs.append((resp,'role','responsible',0,'None'))
ep = ObstacleEnvironmentProperties(self.theEnvironment,'',tObs.definition(),tObs.category(),[],sgRefs,tObs.concerns())
ep.theProbability = tObs.probability()
ep.theProbabilityRationale = tObs.probabilityRationale()
self.theObstacleParameters.append(ObstacleParameters(tObs.name(),self.thePatternName,[],[ep]))
for obsAssoc in self.theObstacleAssociations:
obsName = obsAssoc[0]
refType = obsAssoc[1]
subObsName = obsAssoc[2]
assocRationale = obsAssoc[3]
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,obsName,'obstacle',refType,subObsName,'obstacle',0,assocRationale))
vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits)
vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
vulData = vulRows[0]
self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp])
spDict = {}
spDict['confidentiality'] = (0,'None')
spDict['integrity'] = (0,'None')
spDict['availability'] = (0,'None')
spDict['accountability'] = (0,'None')
spDict['anonymity'] = (0,'None')
spDict['pseudonymity'] = (0,'None')
spDict['unlinkability'] = (0,'None')
spDict['unobservability'] = (0,'None')
for thrMotivation in self.theMotivations:
spName = thrMotivation[0]
spValue = thrMotivation[1]
spRationale = thrMotivation[2]
spDict[spName] = (a2i(spValue),spRationale)
cProperty,cRationale = spDict['confidentiality']
iProperty,iRationale = spDict['integrity']
avProperty,avRationale = spDict['availability']
acProperty,acRationale = spDict['accountability']
anProperty,anRationale = spDict['anonymity']
panProperty,panRationale = spDict['pseudonymity']
unlProperty,unlRationale = spDict['unlinkability']
unoProperty,unoRationale = spDict['unobservability']
tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale])
thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
thrData = thrRows[0]
self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp])
if (self.theAttackObstacle != ''):
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theAttackObstacle,'obstacle','or',self.theAttack,'threat',0,'None'))
if (self.theExploitObstacle != ''):
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theExploitObstacle,'obstacle','or',self.theExploit,'vulnerability',0,'None'))
rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation )
mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName)
self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[],self.theIntent,self.theEnvironment)
def endElement(self, name):
if name == "intent":
self.inIntent = 0
elif name == "definition":
self.inDefinition = 0
elif name == "rationale":
self.inRationale = 0
elif name == "motivation":
self.theMotivations.append((self.theGoal, self.theValue, self.theDescription))
self.resetMotivationElements()
elif name == "participant":
self.theParticipants.append((self.theParticipant, self.theMotives, self.theResponsibilities))
self.resetParticipantElements()
elif name == "description":
self.inDescription = 0
if self.inImplementation:
self.inImplementation = 0
elif name == "consequences":
self.inConsequences = 0
elif name == "implementation":
self.inImplementation = 0
elif name == "known_uses":
self.inKnownUses = 0
elif name == "related_patterns":
self.inRelatedPatterns = 0
elif name == "obstacle":
self.theObstacles.append(
TemplateObstacleParameters(
self.theObstacleName,
self.theObstacleCategory,
self.theDefinition,
self.theConcerns,
self.theResponsibilities,
self.theProbability,
self.theRationale,
)
)
self.resetObstacleElements()
elif name == "obstacle_association":
self.theObstacleAssociations.append(
(self.theObstacleName, self.theRefType, self.theSubObstacleName, self.theRationale)
)
self.resetObstacleAssociationElements()
elif name == "attack_pattern":
assetList = self.theTargets + self.theExploits
for assetName in assetList:
self.theAssetParameters.append(
cairis.core.AssetParametersFactory.buildFromTemplate(assetName, [self.theEnvironment])
)
attackerNames = []
for attackerName, attackerMotives, attackerCapabilities in self.theParticipants:
attackerRoles = self.dbProxy.dimensionRoles(
self.dbProxy.getDimensionId(attackerName, "persona"),
self.dbProxy.getDimensionId(self.theEnvironment, "environment"),
"persona",
)
ep = AttackerEnvironmentProperties(
self.theEnvironment, attackerRoles, attackerMotives, attackerCapabilities
)
p = AttackerParameters(attackerName, "", "", [], [ep])
p.isPersona = True
self.theAttackerParameters.append(p)
attackerNames.append(attackerName)
for tObs in self.theObstacles:
sgRefs = []
for resp in tObs.responsibilities():
sgRefs.append((resp, "role", "responsible", 0, "None"))
ep = ObstacleEnvironmentProperties(
self.theEnvironment, "", tObs.definition(), tObs.category(), [], sgRefs, tObs.concerns()
)
ep.theProbability = tObs.probability()
ep.theProbabilityRationale = tObs.probabilityRationale()
self.theObstacleParameters.append(ObstacleParameters(tObs.name(), self.thePatternName, [], [ep]))
for obsAssoc in self.theObstacleAssociations:
obsName = obsAssoc[0]
refType = obsAssoc[1]
subObsName = obsAssoc[2]
assocRationale = obsAssoc[3]
self.theObstacleAssociationParameters.append(
GoalAssociationParameters(
self.theEnvironment, obsName, "obstacle", refType, subObsName, "obstacle", 0, assocRationale
)
)
vp = VulnerabilityEnvironmentProperties(self.theEnvironment, self.theSeverity, self.theExploits)
vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
vulData = vulRows[0]
self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit, vulData[2], vulData[3], [], [vp])
spDict = {}
spDict["confidentiality"] = (0, "None")
spDict["integrity"] = (0, "None")
spDict["availability"] = (0, "None")
spDict["accountability"] = (0, "None")
spDict["anonymity"] = (0, "None")
spDict["pseudonymity"] = (0, "None")
spDict["unlinkability"] = (0, "None")
spDict["unobservability"] = (0, "None")
for thrMotivation in self.theMotivations:
spName = thrMotivation[0]
spValue = thrMotivation[1]
spRationale = thrMotivation[2]
spDict[spName] = (a2i(spValue), spRationale)
cProperty, cRationale = spDict["confidentiality"]
iProperty, iRationale = spDict["integrity"]
avProperty, avRationale = spDict["availability"]
acProperty, acRationale = spDict["accountability"]
anProperty, anRationale = spDict["anonymity"]
panProperty, panRationale = spDict["pseudonymity"]
unlProperty, unlRationale = spDict["unlinkability"]
unoProperty, unoRationale = spDict["unobservability"]
tp = ThreatEnvironmentProperties(
self.theEnvironment,
self.theLikelihood,
self.theTargets,
attackerNames,
[cProperty, iProperty, avProperty, acProperty, anProperty, panProperty, unlProperty, unoProperty],
[
cRationale,
iRationale,
avRationale,
acRationale,
anRationale,
panRationale,
unlRationale,
unoRationale,
],
)
thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
thrData = thrRows[0]
self.theThreatParameters = ThreatParameters(self.theAttack, thrData[3], thrData[2], [], [tp])
if self.theAttackObstacle != "":
self.theObstacleAssociationParameters.append(
GoalAssociationParameters(
self.theEnvironment,
self.theAttackObstacle,
"obstacle",
"or",
self.theAttack,
"threat",
0,
"None",
)
)
if self.theExploitObstacle != "":
self.theObstacleAssociationParameters.append(
GoalAssociationParameters(
self.theEnvironment,
self.theExploitObstacle,
"obstacle",
"or",
self.theExploit,
"vulnerability",
0,
"None",
)
)
rep = MisuseCaseEnvironmentProperties(self.theEnvironment, self.theImplementation)
mc = MisuseCase(-1, "Exploit " + self.thePatternName, [rep], self.thePatternName)
self.theRiskParameters = RiskParameters(
self.thePatternName, self.theAttack, self.theExploit, mc, [], self.theIntent
)
