def get_attacker_motivation_by_name(self, name, environment_name=''):
"""
:rtype: ValueType
:raise ObjectNotFoundHTTPError:
"""
found_motivation = None
attacker_motivations = self.get_attacker_motivations(
environment_name=environment_name)
if attacker_motivations is None or len(attacker_motivations) < 1:
self.close()
raise ObjectNotFoundHTTPError('Attacker motivations')
idx = 0
while found_motivation is None and idx < len(attacker_motivations):
if attacker_motivations[idx].theName == name:
found_motivation = attacker_motivations[idx]
idx += 1
if found_motivation is None:
self.close()
raise ObjectNotFoundHTTPError(
'The provided attacker motivation name')
return found_motivation
def get_goal_value_by_name(self, name, environment_name=''):
found_value = None
goal_values = self.get_goal_values(environment_name=environment_name)
if goal_values is None or len(goal_values) < 1:
raise ObjectNotFoundHTTPError('Goal values')
idx = 0
while found_value is None and idx < len(goal_values):
if goal_values[idx].theName == name:
found_value = goal_values[idx]
idx += 1
if found_value is None:
raise ObjectNotFoundHTTPError('The provided goal value name')
return found_value
def get_asset_value_by_name(self, name, environment_name=''):
found_value = None
asset_values = self.get_asset_values(environment_name=environment_name)
if asset_values is None or len(asset_values) < 1:
self.close()
raise ObjectNotFoundHTTPError('Asset values')
idx = 0
while found_value is None and idx < len(asset_values):
if asset_values[idx].theName == name:
found_value = asset_values[idx]
idx += 1
if found_value is None:
self.close()
raise ObjectNotFoundHTTPError('The provided asset value name')
return found_value
def get_environment_by_id(self, env_id, simplify=True):
"""
:rtype: Environment
:raise ObjectNotFoundHTTPError:
"""
found_environment = None
try:
environments = self.db_proxy.getEnvironments()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
if environments is not None:
found_environment = None
idx = 0
while found_environment is None and idx < len(environments):
if environments.values()[idx].theId == env_id:
found_environment = environments.values()[idx]
idx += 1
if found_environment is None:
self.close()
raise ObjectNotFoundHTTPError('The provided environment name')
if simplify:
found_environment = self.simplify(found_environment)
return found_environment
def update_role(self, role, name=None, role_id=-1):
if name is not None:
old_role = self.get_role_by_name(name, simplify=False)
if role is None:
self.close()
raise ObjectNotFoundHTTPError('The asset')
role_id = old_role.theId
if role_id > -1:
params = RoleParameters(
name=role.theName,
rType=role.theType,
sCode=role.theShortCode,
desc=role.theDescription,
cProperties=[]
)
params.setId(role_id)
try:
self.db_proxy.updateRole(params)
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
else:
self.close()
raise MissingParameterHTTPError(param_names=['id'])
def get_misuse_case_by_risk_name(self, risk_name, simplify=True):
found_risk = self.get_risk_by_name(risk_name, skip_misuse=True)
try:
misuse_case = self.db_proxy.riskMisuseCase(found_risk.theId)
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
if not misuse_case:
self.close()
raise ObjectNotFoundHTTPError(
'The misuse case associated with the risk')
assert isinstance(misuse_case, MisuseCase)
misuse_case = self.expand_mc_props(misuse_case)
if simplify:
misuse_case = self.simplify(misuse_case)
return misuse_case
def get_threat_type_by_name(self, name, environment_name=''):
found_type = None
threat_types = self.get_threat_types(environment_name=environment_name)
if threat_types is None or len(threat_types) < 1:
self.close()
raise ObjectNotFoundHTTPError('Threat types')
idx = 0
while found_type is None and idx < len(threat_types):
if threat_types[idx].theName == name:
found_type = threat_types[idx]
idx += 1
if found_type is None:
self.close()
raise ObjectNotFoundHTTPError('The provided threat type name')
return found_type
def get_dependency_by_name(self, dep_name):
"""
:rtype : Dependency
"""
dependencies = self.get_dependencies()
found_dependency = dependencies.get(dep_name, None)
if not found_dependency:
raise ObjectNotFoundHTTPError('The provided dependency name')
return found_dependency
def get_vulnerability_type_by_name(self, name, environment_name=''):
found_type = None
vulnerability_types = self.get_vulnerability_types(
environment_name=environment_name)
if vulnerability_types is None or len(vulnerability_types) < 1:
self.close()
raise ObjectNotFoundHTTPError('Vulnerability types')
idx = 0
while found_type is None and idx < len(vulnerability_types):
if vulnerability_types[idx].theName == name:
found_type = vulnerability_types[idx]
idx += 1
if found_type is None:
self.close()
raise ObjectNotFoundHTTPError(
'The provided vulnerability type name')
return found_type
def get(self, id):
session_id = get_session_id(session, request)
dao = AssetDAO(session_id)
asset = dao.get_asset_by_id(id)
dao.close()
if asset is None:
raise ObjectNotFoundHTTPError('The asset')
resp = make_response(json_serialize(asset, session_id=session_id))
resp.headers['Content-Type'] = "application/json"
return resp
def get_risk_by_name(self, name, simplify=True, skip_misuse=False):
"""
:rtype : Risk
"""
risks = self.get_risks(simplify=simplify, skip_misuse=skip_misuse)
found_risk = risks.get(name, None)
if found_risk is None:
self.close()
raise ObjectNotFoundHTTPError(obj='The provided risk name')
return found_risk
def get_attacker_by_name(self, name, simplify=True):
"""
:rtype: Attacker
:raise ObjectNotFoundHTTPError:
"""
attackers = self.get_attackers(simplify=simplify)
found_attacker = attackers.get(name, None)
if found_attacker is None:
self.close()
raise ObjectNotFoundHTTPError('The provided attacker name')
return found_attacker
def get_goal_by_name(self, name, coloured=False, simplify=True):
found_goal = None
goals = self.get_goals(coloured=coloured, simplify=False)
if goals is not None:
found_goal = goals.get(name)
if found_goal is None:
self.close()
raise ObjectNotFoundHTTPError('The provided goal name')
if simplify:
found_goal = self.simplify(found_goal)
return found_goal
def get_attacker_capability_by_name(self, name, environment_name=''):
"""
:rtype : ValueType
"""
found_capability = None
attacker_capabilities = self.get_attacker_capabilities(
environment_name=environment_name)
if attacker_capabilities is None or len(attacker_capabilities) < 1:
self.close()
raise ObjectNotFoundHTTPError('Attacker capabilities')
idx = 0
while found_capability is None and idx < len(attacker_capabilities):
if attacker_capabilities[idx].theName == name:
found_capability = attacker_capabilities[idx]
idx += 1
if found_capability is None:
self.close()
raise ObjectNotFoundHTTPError(
'The provided attacker capability name')
return found_capability
def get_role_by_name(self, name, simplify=True):
found_role = None
roles = self.db_proxy.getRoles()
if roles is not None:
found_role = roles.get(name)
if found_role is None:
self.close()
raise ObjectNotFoundHTTPError('The provided role name')
if simplify:
found_role = self.simplify(found_role)
return found_role
def get_role_by_id(self, role_id, simplify=True):
found_role = None
roles = self.db_proxy.getRoles()
idx = 0
while found_role is None and idx < len(roles):
if roles.values()[idx].theId == role_id:
found_role = roles.values()[idx]
idx += 1
if found_role is None:
self.close()
raise ObjectNotFoundHTTPError('The provided role name')
if simplify:
found_role = self.simplify(found_role)
return found_role
def get_vulnerability_by_name(self, name, simplify=True):
found_vulnerability = None
try:
vulnerabilities = self.db_proxy.getVulnerabilities()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
if vulnerabilities is not None:
found_vulnerability = vulnerabilities.get(name)
if found_vulnerability is None:
self.close()
raise ObjectNotFoundHTTPError('The provided vulnerability name')
if simplify:
found_vulnerability = self.simplify(found_vulnerability)
return found_vulnerability
def delete_environment(self, name=None, env_id=None):
if name is not None:
found_environment = self.get_environment_by_name(name, simplify=False)
if found_environment is None:
raise ObjectNotFoundHTTPError('The provided environment name')
env_id = found_environment.theId
if env_id is not None and env_id > -1:
try:
self.db_proxy.deleteEnvironment(env_id)
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
else:
self.close()
raise MissingParameterHTTPError(param_names=['id'])
def get_threat_by_name(self, name, simplify=True):
found_threat = None
try:
threats = self.db_proxy.getThreats()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
if threats is not None:
found_threat = threats.get(name)
if found_threat is None:
self.close()
raise ObjectNotFoundHTTPError('The provided threat name')
if simplify:
found_threat = self.simplify(found_threat)
return found_threat
def get_risk_rating_by_tve(self, threat_name, vulnerability_name,
environment_name):
"""
:rtype: RiskRating
"""
try:
rating = self.db_proxy.riskRating(threat_name, vulnerability_name,
environment_name)
risk_rating = RiskRating(threat_name, vulnerability_name,
environment_name, rating)
return risk_rating
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
except TypeError:
self.close()
raise ObjectNotFoundHTTPError(obj='A rating for the risk')
def delete_role(self, name=None, role_id=-1):
if name is not None:
found_role = self.get_role_by_name(name)
elif role_id > -1:
found_role = self.get_role_by_id(role_id)
else:
self.close()
raise MissingParameterHTTPError(param_names=['name'])
if found_role is None or not isinstance(found_role, Role):
self.close()
raise ObjectNotFoundHTTPError('The provided role name')
try:
self.db_proxy.deleteRole(found_role.theId)
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def delete_asset(self, name=None, asset_id=-1):
if name is not None:
found_asset = self.get_asset_by_name(name)
elif asset_id > -1:
found_asset = self.get_asset_by_id(asset_id)
else:
self.close()
raise MissingParameterHTTPError(param_names=['name'])
if found_asset is None or not isinstance(found_asset, Asset):
self.close()
raise ObjectNotFoundHTTPError('The provided asset name')
try:
self.db_proxy.deleteAsset(found_asset.theId)
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def get_threat_by_id(self, threat_id, simplify=True):
found_threat = None
try:
threats = self.db_proxy.getThreats()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
idx = 0
while found_threat is None and idx < len(threats):
if threats.values()[idx].theId == threat_id:
found_threat = threats.values()[idx]
idx += 1
if found_threat is None:
self.close()
raise ObjectNotFoundHTTPError('The provided threat ID')
if simplify:
found_threat = self.simplify(found_threat)
return found_threat
def get_asset_by_name(self, name, simplify=True):
found_asset = None
try:
assets = self.db_proxy.getAssets()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
if assets is not None:
found_asset = assets.get(name)
if found_asset is None:
self.close()
raise ObjectNotFoundHTTPError('The provided asset name')
if simplify:
found_asset = self.simplify(found_asset)
return found_asset
def get_vulnerability_by_id(self, vuln_id, simplify=True):
found_vulnerability = None
try:
vulnerabilities = self.db_proxy.getVulnerabilities()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
idx = 0
while found_vulnerability is None and idx < len(vulnerabilities):
if vulnerabilities.values()[idx].theId == vuln_id:
found_vulnerability = vulnerabilities.values()[idx]
idx += 1
if found_vulnerability is None:
self.close()
raise ObjectNotFoundHTTPError('The provided vulnerability ID')
if simplify:
found_vulnerability = self.simplify(found_vulnerability)
return found_vulnerability
def expand_mc_props(self, misuse_case):
# Fetch threat and vulnerability name
try:
threat_name, vuln_name = self.db_proxy.misuseCaseRiskComponents(
misuse_case.theName)
misuse_case.theThreatName = threat_name
misuse_case.theVulnerabilityName = vuln_name
except ARM.DatabaseProxyException as ex:
self.close()
if ex.value.find(
'Error obtaining risk components associated with Misuse Case'
):
raise ObjectNotFoundHTTPError(
'The associated threat and vulnerability name')
else:
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
# Add objective, likelihood, severity and risk rating
for idx in range(0, len(misuse_case.theEnvironmentProperties)):
env_prop = misuse_case.theEnvironmentProperties[idx]
assert isinstance(env_prop, MisuseCaseEnvironmentProperties)
env_prop.theObjective, env_prop.theAssets = self.get_misuse_case_obj_and_assets(
misuse_case.theThreatName, misuse_case.theVulnerabilityName,
env_prop.theEnvironmentName)
env_prop.theLikelihood = self.get_misuse_case_likelihood(
threat_name, env_prop.theEnvironmentName)
env_prop.theSeverity = self.get_misuse_case_severity(
vuln_name, env_prop.theEnvironmentName)
env_prop.theRiskRating = self.get_risk_rating_by_tve(
threat_name, vuln_name, env_prop.theEnvironmentName)
env_prop.theAttackers = self.get_misuse_case_attackers(
threat_name, env_prop.theEnvironmentName)
misuse_case.theEnvironmentProperties[idx] = env_prop
return misuse_case
def get_risk_analysis_model(self, environment_name, dim_name, obj_name):
fontName, fontSize, apFontName = get_fonts(session_id=self.session_id)
try:
riskAnalysisModel = self.db_proxy.riskAnalysisModel(
environment_name, dim_name, obj_name)
tLinks = EnvironmentModel(riskAnalysisModel,
environment_name,
self.db_proxy,
fontName=fontName,
fontSize=fontSize)
dot_code = tLinks.graph()
if not dot_code:
raise ObjectNotFoundHTTPError('The risk analysis model')
return dot_code
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARM.ARMException as ex:
self.close()
raise ARMHTTPError(ex)
except Exception as ex:
self.close()
print(ex)
def get(self, environment):
session_id = get_session_id(session, request)
with_concerns = request.args.get('with_concerns', True)
if with_concerns == '0' or with_concerns == 0:
with_concerns = False
model_generator = get_model_generator()
dao = AssetDAO(session_id)
dot_code = dao.get_asset_model(environment,
with_concerns=with_concerns)
dao.close()
if not isinstance(dot_code, str):
raise ObjectNotFoundHTTPError('The model')
resp = make_response(model_generator.generate(dot_code), httplib.OK)
accept_header = request.headers.get('Accept', 'image/svg+xml')
if accept_header.find('text/plain') > -1:
resp.headers['Content-type'] = 'text/plain'
else:
resp.headers['Content-type'] = 'image/svg+xml'
return resp
def get_environment_by_name(self, name, simplify=True):
"""
:rtype: Environment
:raise ObjectNotFoundHTTPError:
"""
found_environment = None
try:
environments = self.db_proxy.getEnvironments()
except ARM.DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
if environments is not None:
found_environment = environments.get(name)
if found_environment is None:
self.close()
raise ObjectNotFoundHTTPError('The provided environment name')
if simplify:
found_environment = self.simplify(found_environment)
return found_environment
def check_environment(environment_name, session, session_id):
db_proxy = validate_proxy(session, session_id)
environment_names = db_proxy.getEnvironmentNames()
if not environment_name in environment_names:
raise ObjectNotFoundHTTPError('The specified environment')
