Example #1
0
    def update_vulnerability(self, vulnerability, name=None, vuln_id=None):
        if name is not None:
            found_vulnerability = self.get_vulnerability_by_name(
                name, simplify=False)
        elif vuln_id is not None:
            found_vulnerability = self.get_vulnerability_by_id(vuln_id,
                                                               simplify=False)
        else:
            self.close()
            raise MissingParameterHTTPError(param_names=['name'])

        vuln_params = VulnerabilityParameters(
            vulName=vulnerability.theVulnerabilityName,
            vulDesc=vulnerability.theVulnerabilityDescription,
            vulType=vulnerability.theVulnerabilityType,
            tags=vulnerability.theTags,
            cProperties=vulnerability.theEnvironmentProperties)
        vuln_params.setId(found_vulnerability.theVulnerabilityId)

        try:
            if self.check_existing_vulnerability(name):
                self.db_proxy.updateVulnerability(vuln_params)
        except DatabaseProxyException as ex:
            self.close()
            raise ARMHTTPError(ex)
        except ARMException as ex:
            self.close()
            raise ARMHTTPError(ex)
Example #2
0
    def update_vulnerability(self, vulnerability, name=None, vuln_id=None):
        if name is not None:
            found_vulnerability = self.get_vulnerability_by_name(name, simplify=False)
        elif vuln_id is not None:
            found_vulnerability = self.get_vulnerability_by_id(vuln_id, simplify=False)
        else:
            self.close()
            raise MissingParameterHTTPError(param_names=['name'])

        vuln_params = VulnerabilityParameters(
            vulName=vulnerability.theVulnerabilityName,
            vulDesc=vulnerability.theVulnerabilityDescription,
            vulType=vulnerability.theVulnerabilityType,
            tags=vulnerability.theTags,
            cProperties=vulnerability.theEnvironmentProperties
        )
        vuln_params.setId(found_vulnerability.theVulnerabilityId)

        try:
            if self.check_existing_vulnerability(name):
                self.db_proxy.updateVulnerability(vuln_params)
        except DatabaseProxyException as ex:
            self.close()
            raise ARMHTTPError(ex)
        except ARMException as ex:
            self.close()
            raise ARMHTTPError(ex)
Example #3
0
    def update_object(self, vulnerability, name):

        vuln_params = VulnerabilityParameters(
            vulName=vulnerability.theName,
            vulDesc=vulnerability.theDescription,
            vulType=vulnerability.theType,
            tags=vulnerability.theTags,
            cProperties=vulnerability.theEnvironmentProperties)

        try:
            vulId = self.db_proxy.getDimensionId(name, 'vulnerability')
            vuln_params.setId(vulId)
            self.db_proxy.updateVulnerability(vuln_params)
        except DatabaseProxyException as ex:
            self.close()
            raise ARMHTTPError(ex)
        except ARMException as ex:
            self.close()
            raise ARMHTTPError(ex)
Example #4
0
  def update_vulnerability(self, vulnerability, name):

    vuln_params = VulnerabilityParameters(
      vulName=vulnerability.theName,
      vulDesc=vulnerability.theDescription,
      vulType=vulnerability.theType,
      tags=vulnerability.theTags,
      cProperties=vulnerability.theEnvironmentProperties
    )

    try:
      vulId = self.db_proxy.getDimensionId(name,'vulnerability')
      vuln_params.setId(vulId)
      self.db_proxy.updateVulnerability(vuln_params)
    except DatabaseProxyException as ex:
      self.close()
      raise ARMHTTPError(ex)
    except ARMException as ex:
      self.close()
      raise ARMHTTPError(ex)
Example #5
0
 def object(self):
     row = self.typedEntries[self.theSelectedIdx]
     p = None
     if (self.theDimensionName == 'vulnerability'):
         vulName = row[0]
         vulDesc = row[1] + '\n\n' + row[2]
         vulType = row[3]
         p = VulnerabilityParameters(vulName, vulDesc, vulType, [])
     else:
         thrName = row[0]
         thrMethod = row[1] + '\n\n' + row[2]
         thrType = row[3]
         p = ThreatParameters(thrName, thrType, thrMethod, [])
     return cairis.core.ObjectFactory.build(-1, p)
Example #6
0
 def generate_vulnerability(self, name):
     obs = self.db_proxy.dimensionObject(name, 'obstacle')
     vps = []
     gaps = []
     for op in obs.environmentProperties():
         vps.append(
             VulnerabilityEnvironmentProperties(op.name(), 'Negligible',
                                                op.concerns()))
         gaps.append(
             GoalAssociationParameters(op.name(), obs.name(), 'obstacle',
                                       'and',
                                       obs.name() + '(V)', 'vulnerability'))
     v = VulnerabilityParameters(
         obs.name() + '(V)', obs.name(),
         self.db_proxy.defaultValue('vulnerability_type'), [], vps)
     self.db_proxy.addVulnerability(v)
     for gap in gaps:
         self.db_proxy.addGoalAssociation(gap)
Example #7
0
  def add_vulnerability(self, vulnerability):
    vuln_params = VulnerabilityParameters(
            vulName=vulnerability.theName,
            vulDesc=vulnerability.theDescription,
            vulType=vulnerability.theType,
            tags=vulnerability.theTags,
            cProperties=vulnerability.theEnvironmentProperties
    )

    try:
      if not self.check_existing_vulnerability(vulnerability.theName):
        new_id = self.db_proxy.addVulnerability(vuln_params)
        return new_id
      else:
        self.close()
        raise OverwriteNotAllowedHTTPError(obj_name=vulnerability.theName)
    except DatabaseProxyException as ex:
      self.close()
      raise ARMHTTPError(ex)
    except ARMException as ex:
      self.close()
      raise ARMHTTPError(ex)
Example #8
0
 def endElement(self, name):
     if name == 'role':
         p = RoleParameters(self.theName, self.theType,
                            unescape(self.theShortCode),
                            unescape(self.theDescription), [])
         self.theRoleParameters.append(p)
         self.resetRoleAttributes()
     elif name == 'asset':
         envDict = {}
         for sp in self.theSecurityProperties:
             envName = sp[0]
             spName = sp[1]
             spValue = a2i(sp[2])
             spRationale = sp[3]
             if envName in envDict:
                 (envDict[envName])[spName] = (spValue, spRationale)
             else:
                 spDict = {}
                 spDict['confidentiality'] = (0, 'None')
                 spDict['integrity'] = (0, 'None')
                 spDict['availability'] = (0, 'None')
                 spDict['accountability'] = (0, 'None')
                 spDict['anonymity'] = (0, 'None')
                 spDict['pseudonymity'] = (0, 'None')
                 spDict['unlinkability'] = (0, 'None')
                 spDict['unobservability'] = (0, 'None')
                 spDict[spName] = (spValue, spRationale)
                 envDict[envName] = spDict
         for envName in envDict:
             spDict = envDict[envName]
             cProperty, cRationale = spDict['confidentiality']
             iProperty, iRationale = spDict['integrity']
             avProperty, avRationale = spDict['availability']
             acProperty, acRationale = spDict['accountability']
             anProperty, anRationale = spDict['anonymity']
             panProperty, panRationale = spDict['pseudonymity']
             unlProperty, unlRationale = spDict['unlinkability']
             unoProperty, unoRationale = spDict['unobservability']
             ep = AssetEnvironmentProperties(envName, [
                 cProperty, iProperty, avProperty, acProperty, anProperty,
                 panProperty, unlProperty, unoProperty
             ], [
                 cRationale, iRationale, avRationale, acRationale,
                 anRationale, panRationale, unlRationale, unoRationale
             ])
             self.theEnvironmentProperties.append(ep)
         p = AssetParameters(self.theName, unescape(self.theShortCode),
                             unescape(self.theDescription),
                             unescape(self.theSignificance),
                             self.theAssetType, self.isCritical,
                             self.theCriticalRationale, self.theTags,
                             self.theInterfaces,
                             self.theEnvironmentProperties)
         self.theAssetParameters.append(p)
         self.resetAssetAttributes()
     elif name == 'security_property':
         self.theSecurityProperties.append(
             (self.theEnvironmentName, self.thePropertyName,
              self.thePropertyValue, unescape(self.theRationale)))
         self.resetSecurityPropertyAttributes()
     elif name == 'threatened_property':
         self.theSpDict[self.thePropertyName] = (self.thePropertyValue,
                                                 unescape(
                                                     self.theRationale))
         self.resetThreatenedPropertyAttributes()
     elif name == 'vulnerability':
         p = VulnerabilityParameters(self.theName,
                                     unescape(self.theDescription),
                                     self.theType, self.theTags,
                                     self.theEnvironmentProperties)
         self.theVulnerabilities.append(p)
         self.resetVulnerabilityAttributes()
     elif name == 'vulnerability_environment':
         p = VulnerabilityEnvironmentProperties(self.theEnvironmentName,
                                                self.theSeverity,
                                                self.theAssets)
         self.theEnvironmentProperties.append(p)
         self.resetVulnerabilityEnvironmentAttributes()
     elif name == 'attacker':
         p = AttackerParameters(self.theName, unescape(self.theDescription),
                                self.theImage, self.theTags,
                                self.theEnvironmentProperties)
         self.theAttackerParameters.append(p)
         self.resetAttackerAttributes()
     elif name == 'attacker_environment':
         p = AttackerEnvironmentProperties(self.theEnvironmentName,
                                           self.theRoles,
                                           self.theMotivations,
                                           self.theCapabilities)
         self.theEnvironmentProperties.append(p)
         self.resetAttackerEnvironmentAttributes()
     elif name == 'threat':
         p = ThreatParameters(self.theName, self.theType,
                              unescape(self.theMethod), self.theTags,
                              self.theEnvironmentProperties)
         self.theThreats.append(p)
         self.resetThreatAttributes()
     elif name == 'threat_environment':
         cProperty, cRationale = self.theSpDict['confidentiality']
         iProperty, iRationale = self.theSpDict['integrity']
         avProperty, avRationale = self.theSpDict['availability']
         acProperty, acRationale = self.theSpDict['accountability']
         anProperty, anRationale = self.theSpDict['anonymity']
         panProperty, panRationale = self.theSpDict['pseudonymity']
         unlProperty, unlRationale = self.theSpDict['unlinkability']
         unoProperty, unoRationale = self.theSpDict['unobservability']
         p = ThreatEnvironmentProperties(
             self.theEnvironmentName, self.theLikelihood, self.theAssets,
             self.theAttackers, [
                 cProperty, iProperty, avProperty, acProperty, anProperty,
                 panProperty, unlProperty, unoProperty
             ], [
                 cRationale, iRationale, avRationale, acRationale,
                 anRationale, panRationale, unlRationale, unoRationale
             ])
         self.theEnvironmentProperties.append(p)
         self.resetThreatEnvironmentAttributes()
     elif name == 'risk':
         mc = MisuseCase(-1, 'Exploit ' + self.theName,
                         self.theEnvironmentProperties, self.theName)
         p = RiskParameters(self.theName, self.theThreat,
                            self.theVulnerability, mc, self.theTags)
         self.theRisks.append(p)
         self.resetRiskAttributes()
     elif name == 'misusecase':
         p = MisuseCaseEnvironmentProperties(self.theEnvironmentName,
                                             unescape(self.theDescription))
         self.theEnvironmentProperties.append(p)
         self.resetRiskEnvironmentAttributes()
     elif name == 'response':
         p = ResponseParameters(self.theType + ' ' + self.theRisk,
                                self.theRisk, self.theTags,
                                self.theEnvironmentProperties, self.theType)
         self.theResponses.append(p)
         self.resetResponseAttributes()
     elif name == 'accept_environment':
         p = AcceptEnvironmentProperties(self.theEnvironmentName,
                                         self.theCost,
                                         unescape(self.theDescription))
         self.theEnvironmentProperties.append(p)
         self.resetResponseEnvironmentAttributes()
     elif name == 'transfer_environment':
         p = TransferEnvironmentProperties(self.theEnvironmentName,
                                           unescape(self.theDescription),
                                           self.theResponseRoles)
         self.theEnvironmentProperties.append(p)
         self.resetResponseEnvironmentAttributes()
     elif name == 'deter_environment':
         p = MitigateEnvironmentProperties(self.theEnvironmentName, 'Deter')
         self.theEnvironmentProperties.append(p)
         self.resetResponseEnvironmentAttributes()
     elif name == 'prevent_environment':
         p = MitigateEnvironmentProperties(self.theEnvironmentName,
                                           'Prevent')
         self.theEnvironmentProperties.append(p)
         self.resetResponseEnvironmentAttributes()
     elif name == 'detect_environment':
         p = MitigateEnvironmentProperties(self.theEnvironmentName,
                                           'Detect', self.theDetectionPoint)
         self.theEnvironmentProperties.append(p)
         self.resetResponseEnvironmentAttributes()
     elif name == 'react_environment':
         p = MitigateEnvironmentProperties(self.theEnvironmentName, 'React',
                                           '', self.theDetectionMechanisms)
         self.theEnvironmentProperties.append(p)
         self.resetResponseEnvironmentAttributes()
     elif name == 'asset_association':
         p = ClassAssociationParameters(
             self.theEnvironmentName, self.theHeadName, 'asset',
             self.theHeadNav, self.theHeadAdornment, self.theHeadNry,
             self.theHeadRole, self.theTailRole, self.theTailNry,
             self.theTailAdornment, self.theTailNav, 'asset',
             self.theTailName, unescape(self.theRationale))
         self.theAssociations.append(p)
         self.resetAssociationAttributes()
     elif name == 'description':
         self.inDescription = 0
     elif name == 'method':
         self.inMethod = 0
     elif name == 'narrative':
         self.inDescription = 0
     elif name == 'rationale':
         self.inRationale = 0
     elif name == 'significance':
         self.inSignificance = 0
     elif name == 'critical':
         self.inCritical = 0
Example #9
0
    def setUp(self):
        call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"])
        cairis.core.BorgFactory.initialise()
        f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json')
        d = json.load(f)
        f.close()
        self.ienvs = d['environments']
        self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],
                                          self.ienvs[0]["theShortCode"],
                                          self.ienvs[0]["theDescription"])
        b = Borg()
        b.dbProxy.addEnvironment(self.iep1)
        self.oenvs = b.dbProxy.getEnvironments()
        self.iRoles = d['roles']
        self.irp = RoleParameters(self.iRoles[0]["theName"],
                                  self.iRoles[0]["theType"],
                                  self.iRoles[0]["theShortCode"],
                                  self.iRoles[0]["theDescription"], [])
        b.dbProxy.addRole(self.irp)
        self.oRoles = b.dbProxy.getRoles()
        self.iPersonas = d['personas']
        self.ipp = PersonaParameters(
            self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"],
            self.iPersonas[0]["theAttitudes"],
            self.iPersonas[0]["theAptitudes"],
            self.iPersonas[0]["theMotivations"],
            self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"],
            self.iPersonas[0]["theContextual"], "", "0",
            self.iPersonas[0]["thePersonaType"], [], [
                PersonaEnvironmentProperties(
                    self.iPersonas[0]["theEnvironmentProperties"][0]
                    ["theName"], (self.iPersonas[0]["theEnvironmentProperties"]
                                  [0]["theDirectFlag"] == "True"),
                    self.iPersonas[0]["theEnvironmentProperties"][0]
                    ["theNarrative"], self.iPersonas[0]
                    ["theEnvironmentProperties"][0]["theRole"])
            ], [])
        b.dbProxy.addPersona(self.ipp)
        self.opp = b.dbProxy.getPersonas()
        self.iExternalDocuments = d['external_documents']
        self.iec1 = ExternalDocumentParameters(
            self.iExternalDocuments[0]["theName"],
            self.iExternalDocuments[0]["theVersion"],
            self.iExternalDocuments[0]["thePublicationDate"],
            self.iExternalDocuments[0]["theAuthors"],
            self.iExternalDocuments[0]["theDescription"])
        self.iec2 = ExternalDocumentParameters(
            self.iExternalDocuments[1]["theName"],
            self.iExternalDocuments[1]["theVersion"],
            self.iExternalDocuments[1]["thePublicationDate"],
            self.iExternalDocuments[1]["theAuthors"],
            self.iExternalDocuments[1]["theDescription"])
        b.dbProxy.addExternalDocument(self.iec1)
        b.dbProxy.addExternalDocument(self.iec2)
        self.oecs = b.dbProxy.getExternalDocuments()
        self.iDocumentReferences = d['document_references']
        self.idr1 = DocumentReferenceParameters(
            self.iDocumentReferences[0]["theName"],
            self.iDocumentReferences[0]["theDocName"],
            self.iDocumentReferences[0]["theContributor"],
            self.iDocumentReferences[0]["theExcerpt"])
        self.idr2 = DocumentReferenceParameters(
            self.iDocumentReferences[1]["theName"],
            self.iDocumentReferences[1]["theDocName"],
            self.iDocumentReferences[1]["theContributor"],
            self.iDocumentReferences[1]["theExcerpt"])
        b.dbProxy.addDocumentReference(self.idr1)
        b.dbProxy.addDocumentReference(self.idr2)
        self.odrs = b.dbProxy.getDocumentReferences()
        self.iPersonaCharacteristics = d['persona_characteristics']
        self.ipc1 = PersonaCharacteristicParameters(
            self.iPersonaCharacteristics[0]["thePersonaName"],
            self.iPersonaCharacteristics[0]["theModQual"],
            self.iPersonaCharacteristics[0]["theVariable"],
            self.iPersonaCharacteristics[0]["theCharacteristic"],
            [(self.iPersonaCharacteristics[0]["ground"], '', 'document')],
            [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [],
            [])
        b.dbProxy.addPersonaCharacteristic(self.ipc1)
        self.opcs = b.dbProxy.getPersonaCharacteristics()
        self.iAttackers = d['attackers']
        self.iatkeps = [
            AttackerEnvironmentProperties(
                self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],
                self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],
                self.iAttackers[0]["theEnvironmentProperties"][0]
                ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"]
                [0]["theCapabilities"])
        ]
        self.iatk = AttackerParameters(self.iAttackers[0]["theName"],
                                       self.iAttackers[0]["theDescription"],
                                       self.iAttackers[0]["theImage"], [],
                                       self.iatkeps)
        b.dbProxy.addAttacker(self.iatk)
        self.oAttackers = b.dbProxy.getAttackers()
        self.iVtypes = d['valuetypes']
        self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"],
                                        self.iVtypes[0]["theDescription"],
                                        self.iVtypes[0]["theType"])
        self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"],
                                        self.iVtypes[1]["theDescription"],
                                        self.iVtypes[1]["theType"])
        b.dbProxy.addValueType(self.ivt1)
        b.dbProxy.addValueType(self.ivt2)
        self.ovtt = b.dbProxy.getValueTypes('threat_type')
        self.ovtv = b.dbProxy.getValueTypes('vulnerability_type')
        self.iassets = d['assets']
        self.iaeps1 = [
            AssetEnvironmentProperties(
                self.iassets[0]["theEnvironmentProperties"][0][0],
                self.iassets[0]["theEnvironmentProperties"][0][1],
                self.iassets[0]["theEnvironmentProperties"][0][2])
        ]
        self.iaeps2 = [
            AssetEnvironmentProperties(
                self.iassets[1]["theEnvironmentProperties"][0][0],
                self.iassets[1]["theEnvironmentProperties"][0][1],
                self.iassets[1]["theEnvironmentProperties"][0][2])
        ]
        self.iaeps3 = [
            AssetEnvironmentProperties(
                self.iassets[2]["theEnvironmentProperties"][0][0],
                self.iassets[2]["theEnvironmentProperties"][0][1],
                self.iassets[2]["theEnvironmentProperties"][0][2])
        ]
        self.iap1 = AssetParameters(self.iassets[0]["theName"],
                                    self.iassets[0]["theShortCode"],
                                    self.iassets[0]["theDescription"],
                                    self.iassets[0]["theSignificance"],
                                    self.iassets[0]["theType"], "0", "N/A", [],
                                    [], self.iaeps1)
        self.iap2 = AssetParameters(self.iassets[1]["theName"],
                                    self.iassets[1]["theShortCode"],
                                    self.iassets[1]["theDescription"],
                                    self.iassets[1]["theSignificance"],
                                    self.iassets[1]["theType"], "0", "N/A", [],
                                    [], self.iaeps2)
        self.iap3 = AssetParameters(self.iassets[2]["theName"],
                                    self.iassets[2]["theShortCode"],
                                    self.iassets[2]["theDescription"],
                                    self.iassets[2]["theSignificance"],
                                    self.iassets[2]["theType"], "0", "N/A", [],
                                    [], self.iaeps3)
        b.dbProxy.addAsset(self.iap1)
        b.dbProxy.addAsset(self.iap2)
        b.dbProxy.addAsset(self.iap3)
        self.oap = b.dbProxy.getAssets()
        self.iThreats = d['threats']
        self.iteps = [
            ThreatEnvironmentProperties(
                self.iThreats[0]["theEnvironmentProperties"][0]["theName"],
                self.iThreats[0]["theEnvironmentProperties"][0]
                ["theLikelihood"],
                self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],
                self.iThreats[0]["theEnvironmentProperties"][0]
                ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"]
                [0]["theProperties"][0][1], self.iThreats[0]
                ["theEnvironmentProperties"][0]["theProperties"][0][1])
        ]
        self.itps = ThreatParameters(self.iThreats[0]["theName"],
                                     self.iThreats[0]["theType"],
                                     self.iThreats[0]["theMethod"], [],
                                     self.iteps)
        b.dbProxy.addThreat(self.itps)
        self.otps = b.dbProxy.getThreats()
        self.iVuln = d['vulnerabilities']
        self.iveps = [
            VulnerabilityEnvironmentProperties(
                self.iVuln[0]["theEnvironmentProperties"][0]["theName"],
                self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
                self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])
        ]
        self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],
                                           self.iVuln[0]["theDescription"],
                                           self.iVuln[0]["theType"], [],
                                           self.iveps)
        b.dbProxy.addVulnerability(self.ivp)
        self.ovp = b.dbProxy.getVulnerabilities()
        self.imc = d['misuseCase']
        self.iRisks = d['risks']

        imcep = [
            MisuseCaseEnvironmentProperties(
                self.imc[0]["theEnvironmentProperties"][0]["theName"],
                self.imc[0]["theEnvironmentProperties"][0]["theDescription"])
        ]
        imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,
                          self.imc[0]["theRisk"])
        irp = RiskParameters(self.iRisks[0]["theName"],
                             self.iRisks[0]["threatName"],
                             self.iRisks[0]["vulName"], imcp, [])
        b.dbProxy.addRisk(irp)
        oRisks = b.dbProxy.getRisks()
        self.r = oRisks[self.iRisks[0]["theName"]]
        self.iResponses = d['responses']
Example #10
0
class ResponseTest(unittest.TestCase):
    def setUp(self):
        call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"])
        cairis.core.BorgFactory.initialise()
        f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json')
        d = json.load(f)
        f.close()
        self.ienvs = d['environments']
        self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],
                                          self.ienvs[0]["theShortCode"],
                                          self.ienvs[0]["theDescription"])
        b = Borg()
        b.dbProxy.addEnvironment(self.iep1)
        self.oenvs = b.dbProxy.getEnvironments()
        self.iRoles = d['roles']
        self.irp = RoleParameters(self.iRoles[0]["theName"],
                                  self.iRoles[0]["theType"],
                                  self.iRoles[0]["theShortCode"],
                                  self.iRoles[0]["theDescription"], [])
        b.dbProxy.addRole(self.irp)
        self.oRoles = b.dbProxy.getRoles()
        self.iPersonas = d['personas']
        self.ipp = PersonaParameters(
            self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"],
            self.iPersonas[0]["theAttitudes"],
            self.iPersonas[0]["theAptitudes"],
            self.iPersonas[0]["theMotivations"],
            self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"],
            self.iPersonas[0]["theContextual"], "", "0",
            self.iPersonas[0]["thePersonaType"], [], [
                PersonaEnvironmentProperties(
                    self.iPersonas[0]["theEnvironmentProperties"][0]
                    ["theName"], (self.iPersonas[0]["theEnvironmentProperties"]
                                  [0]["theDirectFlag"] == "True"),
                    self.iPersonas[0]["theEnvironmentProperties"][0]
                    ["theNarrative"], self.iPersonas[0]
                    ["theEnvironmentProperties"][0]["theRole"])
            ], [])
        b.dbProxy.addPersona(self.ipp)
        self.opp = b.dbProxy.getPersonas()
        self.iExternalDocuments = d['external_documents']
        self.iec1 = ExternalDocumentParameters(
            self.iExternalDocuments[0]["theName"],
            self.iExternalDocuments[0]["theVersion"],
            self.iExternalDocuments[0]["thePublicationDate"],
            self.iExternalDocuments[0]["theAuthors"],
            self.iExternalDocuments[0]["theDescription"])
        self.iec2 = ExternalDocumentParameters(
            self.iExternalDocuments[1]["theName"],
            self.iExternalDocuments[1]["theVersion"],
            self.iExternalDocuments[1]["thePublicationDate"],
            self.iExternalDocuments[1]["theAuthors"],
            self.iExternalDocuments[1]["theDescription"])
        b.dbProxy.addExternalDocument(self.iec1)
        b.dbProxy.addExternalDocument(self.iec2)
        self.oecs = b.dbProxy.getExternalDocuments()
        self.iDocumentReferences = d['document_references']
        self.idr1 = DocumentReferenceParameters(
            self.iDocumentReferences[0]["theName"],
            self.iDocumentReferences[0]["theDocName"],
            self.iDocumentReferences[0]["theContributor"],
            self.iDocumentReferences[0]["theExcerpt"])
        self.idr2 = DocumentReferenceParameters(
            self.iDocumentReferences[1]["theName"],
            self.iDocumentReferences[1]["theDocName"],
            self.iDocumentReferences[1]["theContributor"],
            self.iDocumentReferences[1]["theExcerpt"])
        b.dbProxy.addDocumentReference(self.idr1)
        b.dbProxy.addDocumentReference(self.idr2)
        self.odrs = b.dbProxy.getDocumentReferences()
        self.iPersonaCharacteristics = d['persona_characteristics']
        self.ipc1 = PersonaCharacteristicParameters(
            self.iPersonaCharacteristics[0]["thePersonaName"],
            self.iPersonaCharacteristics[0]["theModQual"],
            self.iPersonaCharacteristics[0]["theVariable"],
            self.iPersonaCharacteristics[0]["theCharacteristic"],
            [(self.iPersonaCharacteristics[0]["ground"], '', 'document')],
            [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [],
            [])
        b.dbProxy.addPersonaCharacteristic(self.ipc1)
        self.opcs = b.dbProxy.getPersonaCharacteristics()
        self.iAttackers = d['attackers']
        self.iatkeps = [
            AttackerEnvironmentProperties(
                self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],
                self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],
                self.iAttackers[0]["theEnvironmentProperties"][0]
                ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"]
                [0]["theCapabilities"])
        ]
        self.iatk = AttackerParameters(self.iAttackers[0]["theName"],
                                       self.iAttackers[0]["theDescription"],
                                       self.iAttackers[0]["theImage"], [],
                                       self.iatkeps)
        b.dbProxy.addAttacker(self.iatk)
        self.oAttackers = b.dbProxy.getAttackers()
        self.iVtypes = d['valuetypes']
        self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"],
                                        self.iVtypes[0]["theDescription"],
                                        self.iVtypes[0]["theType"])
        self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"],
                                        self.iVtypes[1]["theDescription"],
                                        self.iVtypes[1]["theType"])
        b.dbProxy.addValueType(self.ivt1)
        b.dbProxy.addValueType(self.ivt2)
        self.ovtt = b.dbProxy.getValueTypes('threat_type')
        self.ovtv = b.dbProxy.getValueTypes('vulnerability_type')
        self.iassets = d['assets']
        self.iaeps1 = [
            AssetEnvironmentProperties(
                self.iassets[0]["theEnvironmentProperties"][0][0],
                self.iassets[0]["theEnvironmentProperties"][0][1],
                self.iassets[0]["theEnvironmentProperties"][0][2])
        ]
        self.iaeps2 = [
            AssetEnvironmentProperties(
                self.iassets[1]["theEnvironmentProperties"][0][0],
                self.iassets[1]["theEnvironmentProperties"][0][1],
                self.iassets[1]["theEnvironmentProperties"][0][2])
        ]
        self.iaeps3 = [
            AssetEnvironmentProperties(
                self.iassets[2]["theEnvironmentProperties"][0][0],
                self.iassets[2]["theEnvironmentProperties"][0][1],
                self.iassets[2]["theEnvironmentProperties"][0][2])
        ]
        self.iap1 = AssetParameters(self.iassets[0]["theName"],
                                    self.iassets[0]["theShortCode"],
                                    self.iassets[0]["theDescription"],
                                    self.iassets[0]["theSignificance"],
                                    self.iassets[0]["theType"], "0", "N/A", [],
                                    [], self.iaeps1)
        self.iap2 = AssetParameters(self.iassets[1]["theName"],
                                    self.iassets[1]["theShortCode"],
                                    self.iassets[1]["theDescription"],
                                    self.iassets[1]["theSignificance"],
                                    self.iassets[1]["theType"], "0", "N/A", [],
                                    [], self.iaeps2)
        self.iap3 = AssetParameters(self.iassets[2]["theName"],
                                    self.iassets[2]["theShortCode"],
                                    self.iassets[2]["theDescription"],
                                    self.iassets[2]["theSignificance"],
                                    self.iassets[2]["theType"], "0", "N/A", [],
                                    [], self.iaeps3)
        b.dbProxy.addAsset(self.iap1)
        b.dbProxy.addAsset(self.iap2)
        b.dbProxy.addAsset(self.iap3)
        self.oap = b.dbProxy.getAssets()
        self.iThreats = d['threats']
        self.iteps = [
            ThreatEnvironmentProperties(
                self.iThreats[0]["theEnvironmentProperties"][0]["theName"],
                self.iThreats[0]["theEnvironmentProperties"][0]
                ["theLikelihood"],
                self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],
                self.iThreats[0]["theEnvironmentProperties"][0]
                ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"]
                [0]["theProperties"][0][1], self.iThreats[0]
                ["theEnvironmentProperties"][0]["theProperties"][0][1])
        ]
        self.itps = ThreatParameters(self.iThreats[0]["theName"],
                                     self.iThreats[0]["theType"],
                                     self.iThreats[0]["theMethod"], [],
                                     self.iteps)
        b.dbProxy.addThreat(self.itps)
        self.otps = b.dbProxy.getThreats()
        self.iVuln = d['vulnerabilities']
        self.iveps = [
            VulnerabilityEnvironmentProperties(
                self.iVuln[0]["theEnvironmentProperties"][0]["theName"],
                self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
                self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])
        ]
        self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],
                                           self.iVuln[0]["theDescription"],
                                           self.iVuln[0]["theType"], [],
                                           self.iveps)
        b.dbProxy.addVulnerability(self.ivp)
        self.ovp = b.dbProxy.getVulnerabilities()
        self.imc = d['misuseCase']
        self.iRisks = d['risks']

        imcep = [
            MisuseCaseEnvironmentProperties(
                self.imc[0]["theEnvironmentProperties"][0]["theName"],
                self.imc[0]["theEnvironmentProperties"][0]["theDescription"])
        ]
        imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,
                          self.imc[0]["theRisk"])
        irp = RiskParameters(self.iRisks[0]["theName"],
                             self.iRisks[0]["threatName"],
                             self.iRisks[0]["vulName"], imcp, [])
        b.dbProxy.addRisk(irp)
        oRisks = b.dbProxy.getRisks()
        self.r = oRisks[self.iRisks[0]["theName"]]
        self.iResponses = d['responses']

    def testResponse(self):
        iar1Name = self.iResponses[0]["theType"] + " " + self.iResponses[0][
            "theRisk"]
        iaep1 = AcceptEnvironmentProperties(
            self.iResponses[0]["theEnvironmentProperties"][0],
            self.iResponses[0]["theEnvironmentProperties"][1],
            self.iResponses[0]["theEnvironmentProperties"][2])
        iar1 = ResponseParameters(iar1Name, self.iResponses[0]["theRisk"], [],
                                  [iaep1], self.iResponses[0]["theType"])

        iar2Name = self.iResponses[1]["theType"] + " " + self.iResponses[1][
            "theRisk"]
        iaep2 = MitigateEnvironmentProperties(
            self.iResponses[1]["theEnvironmentProperties"],
            self.iResponses[1]["theType"])
        iar2 = ResponseParameters(iar2Name, self.iResponses[1]["theRisk"], [],
                                  [iaep2], self.iResponses[1]["theType"])

        b = Borg()
        b.dbProxy.addResponse(iar1)
        b.dbProxy.addResponse(iar2)

        self.ors = b.dbProxy.getResponses()
        self.oar1 = self.ors[iar1Name]
        self.oar2 = self.ors[iar2Name]

        self.assertEqual(iar1.name(), self.oar1.name())
        self.assertEqual(iar1.risk(), self.oar1.risk())
        self.assertEqual(iar1.responseType(), self.oar1.responseType())
        self.assertEqual(iar1.environmentProperties()[0].cost(),
                         self.oar1.environmentProperties()[0].cost())
        self.assertEqual(iar1.environmentProperties()[0].description(),
                         self.oar1.environmentProperties()[0].description())

        self.assertEqual(iar2.name(), self.oar2.name())
        self.assertEqual(iar2.risk(), self.oar2.risk())
        self.assertEqual(iar2.responseType(), self.oar2.responseType())

        rgp = cairis.core.GoalFactory.build(self.oar2)
        riskParameters = rgp[0]
        riskGoalId = b.dbProxy.addGoal(riskParameters)
        b.dbProxy.addTrace('response_goal', self.oar2.id(), riskGoalId)
        if (rgp > 1):
            threatParameters = rgp[1]
            vulnerabilityParameters = rgp[2]
            b.dbProxy.addGoal(vulnerabilityParameters)
            b.dbProxy.addGoal(threatParameters)
        b.dbProxy.relabelGoals(iaep2.name())

        oGoals = b.dbProxy.getGoals()
        print oGoals
        rg = oGoals['Deter' + self.oar2.risk()]
        vg = oGoals[vulnerabilityParameters.name()]
        tg = oGoals[threatParameters.name()]

        ogops = b.dbProxy.getGoalAssociations()
        ogop1 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' +
                      threatParameters.name() + '/or']
        ogop2 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' +
                      vulnerabilityParameters.name() + '/or']

        b.dbProxy.deleteGoalAssociation(ogop1.id(), ogop1.goal(),
                                        ogop1.subGoal())
        b.dbProxy.deleteGoalAssociation(ogop2.id(), ogop2.goal(),
                                        ogop2.subGoal())
        b.dbProxy.deleteTrace('response', self.oar2.name(), 'goal', rg.name())

        b.dbProxy.deleteGoal(tg.id())
        b.dbProxy.deleteGoal(vg.id())
        b.dbProxy.deleteGoal(rg.id())

        b.dbProxy.deleteResponse(self.oar2.id())
        b.dbProxy.deleteResponse(self.oar1.id())

    def tearDown(self):
        b = Borg()

        b.dbProxy.deleteRisk(self.r.id())
        b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id())
        b.dbProxy.deleteThreat(self.otps[self.itps.name()].id())
        b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id())
        b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id())
        b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id())
        b.dbProxy.deleteVulnerabilityType(0)
        b.dbProxy.deleteThreatType(0)
        b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id())
        b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id())
        b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id())
        b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id())
        b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id())
        b.dbProxy.deletePersona(self.opp[self.ipp.name()].id())
        b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id())
        b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id())
        b.dbProxy.close()
        call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
Example #11
0
  def setUp(self):
    call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"])
    cairis.core.BorgFactory.initialise()
    f = open(os.environ['CAIRIS_SRC'] + '/test/countermeasures.json')
    d = json.load(f)
    f.close()
    ienvs = d['environments']
    iep1 = EnvironmentParameters(ienvs[0]["theName"],ienvs[0]["theShortCode"],ienvs[0]["theDescription"])
    b = Borg()
    b.dbProxy.addEnvironment(iep1)
    iRoles = d['roles']
    irp = RoleParameters(iRoles[0]["theName"], iRoles[0]["theType"], iRoles[0]["theShortCode"], iRoles[0]["theDescription"],[])
    b.dbProxy.addRole(irp)
    iPersonas = d['personas']
    ipp = PersonaParameters(iPersonas[0]["theName"],iPersonas[0]["theActivities"],iPersonas[0]["theAttitudes"],iPersonas[0]["theAptitudes"],iPersonas[0]["theMotivations"],iPersonas[0]["theSkills"],iPersonas[0]["theIntrinsic"],iPersonas[0]["theContextual"],"","0",iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(iPersonas[0]["theEnvironmentProperties"][0]["theName"],(iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[])
    b.dbProxy.addPersona(ipp)
    iAttackers = d['attackers']
    iatkeps = [AttackerEnvironmentProperties(iAttackers[0]["theEnvironmentProperties"][0]["theName"],iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])]
    iatk = AttackerParameters(iAttackers[0]["theName"], iAttackers[0]["theDescription"], iAttackers[0]["theImage"],[],iatkeps)
    b.dbProxy.addAttacker(iatk)
    iVtypes = d['valuetypes']
    ivt1 = ValueTypeParameters(iVtypes[0]["theName"], iVtypes[0]["theDescription"], iVtypes[0]["theType"])
    ivt2 = ValueTypeParameters(iVtypes[1]["theName"], iVtypes[1]["theDescription"], iVtypes[1]["theType"])
    b.dbProxy.addValueType(ivt1)
    b.dbProxy.addValueType(ivt2)
    iassets = d['assets']
    iaeps1 = [AssetEnvironmentProperties(iassets[0]["theEnvironmentProperties"][0][0],iassets[0]["theEnvironmentProperties"][0][1],iassets[0]["theEnvironmentProperties"][0][2])]
    iaeps2 = [AssetEnvironmentProperties(iassets[1]["theEnvironmentProperties"][0][0],iassets[1]["theEnvironmentProperties"][0][1],iassets[1]["theEnvironmentProperties"][0][2])]
    iaeps3 = [AssetEnvironmentProperties(iassets[2]["theEnvironmentProperties"][0][0],iassets[2]["theEnvironmentProperties"][0][1],iassets[2]["theEnvironmentProperties"][0][2])]
    iap1 = AssetParameters(iassets[0]["theName"],iassets[0]["theShortCode"],iassets[0]["theDescription"],iassets[0]["theSignificance"],iassets[0]["theType"],"0","N/A",[],[],iaeps1)
    iap2 = AssetParameters(iassets[1]["theName"],iassets[1]["theShortCode"],iassets[1]["theDescription"],iassets[1]["theSignificance"],iassets[1]["theType"],"0","N/A",[],[],iaeps2)
    iap3 = AssetParameters(iassets[2]["theName"],iassets[2]["theShortCode"],iassets[2]["theDescription"],iassets[2]["theSignificance"],iassets[2]["theType"],"0","N/A",[],[],iaeps3)
    b.dbProxy.addAsset(iap1)
    b.dbProxy.addAsset(iap2)
    b.dbProxy.addAsset(iap3)
    iThreats = d['threats']
    iteps = [ThreatEnvironmentProperties(iThreats[0]["theEnvironmentProperties"][0]["theName"],iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],iThreats[0]["theEnvironmentProperties"][0]["theAssets"],iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])]
    itps = ThreatParameters(iThreats[0]["theName"],iThreats[0]["theType"],iThreats[0]["theMethod"],[],iteps)
    b.dbProxy.addThreat(itps)
    iVuln = d['vulnerabilities']
    iveps = [VulnerabilityEnvironmentProperties(iVuln[0]["theEnvironmentProperties"][0]["theName"],iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],iVuln[0]["theEnvironmentProperties"][0]["theAssets"])]
    ivp = VulnerabilityParameters(iVuln[0]["theName"],iVuln[0]["theDescription"],iVuln[0]["theType"], [], iveps)
    b.dbProxy.addVulnerability(ivp)
    imc = d['misuseCase']
    iRisks = d['risks']
    imcep = [MisuseCaseEnvironmentProperties(imc[0]["theEnvironmentProperties"][0]["theName"],imc[0]["theEnvironmentProperties"][0]["theDescription"])]
    imcp = MisuseCase(int(0), imc[0]["theName"], imcep,imc[0]["theRisk"])
    irp = RiskParameters(iRisks[0]["theName"],iRisks[0]["threatName"],iRisks[0]["vulName"], imcp,[])
    b.dbProxy.addRisk(irp)
    iResponses = d['responses']
    iar1Name = iResponses[0]["theType"] + " " + iResponses[0]["theRisk"] 
    iaep1 = AcceptEnvironmentProperties(iResponses[0]["theEnvironmentProperties"][0],iResponses[0]["theEnvironmentProperties"][1],iResponses[0]["theEnvironmentProperties"][2])
    iar1 = ResponseParameters(iar1Name,iResponses[0]["theRisk"],[],[iaep1], iResponses[0]["theType"])

    iar2Name = iResponses[1]["theType"] + " " + iResponses[1]["theRisk"] 
    iaep2 = MitigateEnvironmentProperties(iResponses[1]["theEnvironmentProperties"],iResponses[1]["theType"])
    iar2 = ResponseParameters(iar2Name,iResponses[1]["theRisk"],[],[iaep2], iResponses[1]["theType"])

    b.dbProxy.addResponse(iar1)
    b.dbProxy.addResponse(iar2)

    ors = b.dbProxy.getResponses()
    oar1 = ors[iar1Name]
    oar2 = ors[iar2Name]

    rgp = cairis.core.GoalFactory.build(oar2)
    riskParameters = rgp[0]
    riskGoalId = b.dbProxy.addGoal(riskParameters)
    b.dbProxy.addTrace('response_goal',oar2.id(),riskGoalId)
    if (len(rgp) > 1):
      threatParameters = rgp[1]
      vulnerabilityParameters = rgp[2]
      b.dbProxy.addGoal(vulnerabilityParameters)
      b.dbProxy.addGoal(threatParameters)
    b.dbProxy.relabelGoals(iaep2.name())

    oGoals = b.dbProxy.getGoals()
    rg = oGoals['Deter' + oar2.risk()]
    vg = oGoals[vulnerabilityParameters.name()]
    tg = oGoals[threatParameters.name()]

    reqId = b.dbProxy.newId()
    irequirements = d['requirements']
    ireq = cairis.core.RequirementFactory.build(reqId,irequirements[0]["theLabel"],irequirements[0]["theName"],irequirements[0]["theDescription"],irequirements[0]["thePriority"],irequirements[0]["theRationale"],irequirements[0]["theFitCriterion"],irequirements[0]["theOriginator"],irequirements[0]["theType"],irequirements[0]["theReference"],1)
    b.dbProxy.addRequirement(ireq,irequirements[0]["theReference"],True)

    oreqs = b.dbProxy.getRequirements()
    oreq = oreqs[ireq.description()]

    iga = GoalAssociationParameters(iaep2.name(),vg.name(),'goal','and',oreq.name(),'requirement',0,'None')
    b.dbProxy.addGoalAssociation(iga)
    ogops = b.dbProxy.getGoalAssociations()
    self.ogop3 = ogops[iaep2.name() + '/' + vg.name() + '/' + oreq.name() + '/and']
    self.iCountermeasures = d['countermeasures']
  def endElement(self,name):
    if name == 'intent':
      self.inIntent = 0
    elif name == 'definition':
      self.inDefinition = 0
    elif name == 'rationale':
      self.inRationale = 0
    elif name == 'motivation':
      self.theMotivations.append((self.theGoal,self.theValue,self.theDescription))
      self.resetMotivationElements()
    elif name == 'participant':
      self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities))
      self.resetParticipantElements()
    elif name == 'description':
      self.inDescription = 0
      if self.inImplementation:
        self.inImplementation = 0
    elif name == 'consequences':
      self.inConsequences = 0
    elif name == 'implementation':
      self.inImplementation = 0
    elif name == 'known_uses':
      self.inKnownUses = 0
    elif name == 'related_patterns':
      self.inRelatedPatterns = 0
    elif name == 'obstacle':

      self.theObstacles.append( TemplateObstacleParameters(self.theObstacleName,self.theObstacleCategory,self.theDefinition,self.theConcerns,self.theResponsibilities,self.theProbability,self.theRationale))
      self.resetObstacleElements()
    elif name == 'obstacle_association':
      self.theObstacleAssociations.append((self.theObstacleName,self.theRefType,self.theSubObstacleName,self.theRationale))
      self.resetObstacleAssociationElements()
    elif name == 'attack_pattern':
      assetList = self.theTargets + self.theExploits
      for assetName in assetList:
        self.theAssetParameters.append(cairis.core.AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment]))

      attackerNames = []
      for attackerName,attackerMotives,attackerCapabilities in self.theParticipants:
        attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona')
        ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities)
        p = AttackerParameters(attackerName,'','',[],[ep])
        p.isPersona = True
        self.theAttackerParameters.append(p) 
        attackerNames.append(attackerName)
  
      for tObs in self.theObstacles:
        sgRefs = []
        for resp in tObs.responsibilities():
          sgRefs.append((resp,'role','responsible',0,'None')) 
        ep = ObstacleEnvironmentProperties(self.theEnvironment,'',tObs.definition(),tObs.category(),[],sgRefs,tObs.concerns())
        ep.theProbability = tObs.probability()
        ep.theProbabilityRationale = tObs.probabilityRationale()
        self.theObstacleParameters.append(ObstacleParameters(tObs.name(),self.thePatternName,[],[ep]))

      for obsAssoc in self.theObstacleAssociations:
        obsName = obsAssoc[0]
        refType = obsAssoc[1]
        subObsName = obsAssoc[2]
        assocRationale = obsAssoc[3]  
        self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,obsName,'obstacle',refType,subObsName,'obstacle',0,assocRationale))
 
      vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits)
      vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
      vulData = vulRows[0]
      self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp])

      spDict = {}
      spDict['confidentiality'] = (0,'None')
      spDict['integrity'] = (0,'None')
      spDict['availability'] = (0,'None')
      spDict['accountability'] = (0,'None')
      spDict['anonymity'] = (0,'None')
      spDict['pseudonymity'] = (0,'None')
      spDict['unlinkability'] = (0,'None')
      spDict['unobservability'] = (0,'None')

      for thrMotivation in self.theMotivations:
        spName = thrMotivation[0]
        spValue = thrMotivation[1]
        spRationale = thrMotivation[2]
        spDict[spName] = (a2i(spValue),spRationale)
      
      cProperty,cRationale = spDict['confidentiality']
      iProperty,iRationale = spDict['integrity']
      avProperty,avRationale = spDict['availability']
      acProperty,acRationale = spDict['accountability']
      anProperty,anRationale = spDict['anonymity']
      panProperty,panRationale = spDict['pseudonymity']
      unlProperty,unlRationale = spDict['unlinkability']
      unoProperty,unoRationale = spDict['unobservability']

      tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale])
      thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
      thrData = thrRows[0]
      self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp])

      if (self.theAttackObstacle != ''):
        self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theAttackObstacle,'obstacle','or',self.theAttack,'threat',0,'None'))
      if (self.theExploitObstacle != ''):
        self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theExploitObstacle,'obstacle','or',self.theExploit,'vulnerability',0,'None'))
      rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation )
      mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName)
      self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[],self.theIntent)
  def testStandardVulnerability(self):
    iveps1 = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])]
    iveps2 = [VulnerabilityEnvironmentProperties(self.iVuln[1]["theEnvironmentProperties"][0]["theName"],self.iVuln[1]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[1]["theEnvironmentProperties"][0]["theAssets"])]
    iveps3 = [VulnerabilityEnvironmentProperties(self.iVuln[2]["theEnvironmentProperties"][0]["theName"],self.iVuln[2]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[2]["theEnvironmentProperties"][0]["theAssets"])]
    ivp1 = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], iveps1)
    ivp2 = VulnerabilityParameters(self.iVuln[1]["theName"],self.iVuln[1]["theDescription"],self.iVuln[1]["theType"], [], iveps2)
    ivp3 = VulnerabilityParameters(self.iVuln[2]["theName"],self.iVuln[2]["theDescription"],self.iVuln[2]["theType"], [], iveps3)
    b = Borg()
    b.dbProxy.addVulnerability(ivp1)
    b.dbProxy.addVulnerability(ivp2)
    b.dbProxy.addVulnerability(ivp3)
    ovps = b.dbProxy.getVulnerabilities()
    
    ovp1 = ovps[self.iVuln[0]["theName"]]
    ovep1 = ovp1.environmentProperties()
    self.assertEqual(ivp1.name(), ovp1.name())
    self.assertEqual(ivp1.type(),ovp1.type())
    self.assertEqual(ivp1.description(),ovp1.description())
    self.assertEqual(self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], ovep1[0].severity())
    self.assertEqual(str(self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"][0]), str(ovep1[0].assets()[0]))

    ovp2 = ovps[self.iVuln[1]["theName"]]
    ovep2 = ovp2.environmentProperties()
    self.assertEqual(ivp2.name(), ovp2.name())
    self.assertEqual(ivp2.type(),ovp2.type())
    self.assertEqual(ivp2.description(),ovp2.description())
    self.assertEqual(self.iVuln[1]["theEnvironmentProperties"][0]["theSeverity"], ovp2.environmentProperties()[0].severity())
    self.assertEqual(str(self.iVuln[1]["theEnvironmentProperties"][0]["theAssets"][0]), str(ovep2[0].assets()[0]))

    ovp3 = ovps[self.iVuln[2]["theName"]]
    ovep3 = ovp3.environmentProperties()
    self.assertEqual(ivp3.name(), ovp3.name())
    self.assertEqual(ivp3.type(),ovp3.type())
    self.assertEqual(ivp3.description(),ovp3.description())
    self.assertEqual(self.iVuln[2]["theEnvironmentProperties"][0]["theSeverity"], ovep3[0].severity())
    self.assertEqual(str(self.iVuln[2]["theEnvironmentProperties"][0]["theAssets"][0]), str(ovep3[0].assets()[0]))

    ovp3.theVulnerabilityName = 'updated name'
    ovp3.theVulnerabilityDescription = 'updated description'
    b.dbProxy.updateVulnerability(ovp3)

    ovps = b.dbProxy.getVulnerabilities()
    ovp4 = ovps['updated name']
    self.assertEqual(ovp3.name(), ovp4.name())
    self.assertEqual(ovp3.type(),ovp4.type())
    self.assertEqual(ovp3.description(),ovp4.description())

    b.dbProxy.deleteVulnerability(ovp1.id())
    b.dbProxy.deleteVulnerability(ovp2.id())
    b.dbProxy.deleteVulnerability(ovp3.id())
Example #14
0
 def parameters(self):
     parameters = VulnerabilityParameters(self.theName, self.theDescription,
                                          self.theType, self.theTags,
                                          self.theEnvironmentProperties)
     parameters.setId(self.theVulnerabilityId)
     return parameters
Example #15
0
class RiskTest(unittest.TestCase):
    def setUp(self):
        call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"])
        cairis.core.BorgFactory.initialise()
        f = open(os.environ['CAIRIS_SRC'] + '/test/risks.json')
        d = json.load(f)
        f.close()
        self.ienvs = d['environments']
        self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],
                                          self.ienvs[0]["theShortCode"],
                                          self.ienvs[0]["theDescription"])
        b = Borg()
        b.dbProxy.addEnvironment(self.iep1)
        self.oenvs = b.dbProxy.getEnvironments()
        self.iRoles = d['roles']
        self.irp = RoleParameters(self.iRoles[0]["theName"],
                                  self.iRoles[0]["theType"],
                                  self.iRoles[0]["theShortCode"],
                                  self.iRoles[0]["theDescription"], [])
        b.dbProxy.addRole(self.irp)
        self.oRoles = b.dbProxy.getRoles()
        self.iPersonas = d['personas']
        self.ipp = PersonaParameters(
            self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"],
            self.iPersonas[0]["theAttitudes"],
            self.iPersonas[0]["theAptitudes"],
            self.iPersonas[0]["theMotivations"],
            self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"],
            self.iPersonas[0]["theContextual"], "", "0",
            self.iPersonas[0]["thePersonaType"], [], [
                PersonaEnvironmentProperties(
                    self.iPersonas[0]["theEnvironmentProperties"][0]
                    ["theName"], (self.iPersonas[0]["theEnvironmentProperties"]
                                  [0]["theDirectFlag"] == "True"),
                    self.iPersonas[0]["theEnvironmentProperties"][0]
                    ["theNarrative"], self.iPersonas[0]
                    ["theEnvironmentProperties"][0]["theRole"])
            ], [])
        b.dbProxy.addPersona(self.ipp)
        self.opp = b.dbProxy.getPersonas()
        self.iExternalDocuments = d['external_documents']
        self.iec1 = ExternalDocumentParameters(
            self.iExternalDocuments[0]["theName"],
            self.iExternalDocuments[0]["theVersion"],
            self.iExternalDocuments[0]["thePublicationDate"],
            self.iExternalDocuments[0]["theAuthors"],
            self.iExternalDocuments[0]["theDescription"])
        self.iec2 = ExternalDocumentParameters(
            self.iExternalDocuments[1]["theName"],
            self.iExternalDocuments[1]["theVersion"],
            self.iExternalDocuments[1]["thePublicationDate"],
            self.iExternalDocuments[1]["theAuthors"],
            self.iExternalDocuments[1]["theDescription"])
        b.dbProxy.addExternalDocument(self.iec1)
        b.dbProxy.addExternalDocument(self.iec2)
        self.oecs = b.dbProxy.getExternalDocuments()
        self.iDocumentReferences = d['document_references']
        self.idr1 = DocumentReferenceParameters(
            self.iDocumentReferences[0]["theName"],
            self.iDocumentReferences[0]["theDocName"],
            self.iDocumentReferences[0]["theContributor"],
            self.iDocumentReferences[0]["theExcerpt"])
        self.idr2 = DocumentReferenceParameters(
            self.iDocumentReferences[1]["theName"],
            self.iDocumentReferences[1]["theDocName"],
            self.iDocumentReferences[1]["theContributor"],
            self.iDocumentReferences[1]["theExcerpt"])
        b.dbProxy.addDocumentReference(self.idr1)
        b.dbProxy.addDocumentReference(self.idr2)
        self.odrs = b.dbProxy.getDocumentReferences()
        self.iPersonaCharacteristics = d['persona_characteristics']
        self.ipc1 = PersonaCharacteristicParameters(
            self.iPersonaCharacteristics[0]["thePersonaName"],
            self.iPersonaCharacteristics[0]["theModQual"],
            self.iPersonaCharacteristics[0]["theVariable"],
            self.iPersonaCharacteristics[0]["theCharacteristic"],
            [(self.iPersonaCharacteristics[0]["ground"], '', 'document')],
            [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [],
            [])
        b.dbProxy.addPersonaCharacteristic(self.ipc1)
        self.opcs = b.dbProxy.getPersonaCharacteristics()
        self.iAttackers = d['attackers']
        self.iatkeps = [
            AttackerEnvironmentProperties(
                self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],
                self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],
                self.iAttackers[0]["theEnvironmentProperties"][0]
                ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"]
                [0]["theCapabilities"])
        ]
        self.iatk = AttackerParameters(self.iAttackers[0]["theName"],
                                       self.iAttackers[0]["theDescription"],
                                       self.iAttackers[0]["theImage"], [],
                                       self.iatkeps)
        b.dbProxy.addAttacker(self.iatk)
        self.oAttackers = b.dbProxy.getAttackers()
        self.iVtypes = d['valuetypes']
        self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"],
                                        self.iVtypes[0]["theDescription"],
                                        self.iVtypes[0]["theType"])
        self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"],
                                        self.iVtypes[1]["theDescription"],
                                        self.iVtypes[1]["theType"])
        b.dbProxy.addValueType(self.ivt1)
        b.dbProxy.addValueType(self.ivt2)
        self.ovtt = b.dbProxy.getValueTypes('threat_type')
        self.ovtv = b.dbProxy.getValueTypes('vulnerability_type')
        self.iassets = d['assets']
        self.iaeps1 = [
            AssetEnvironmentProperties(
                self.iassets[0]["theEnvironmentProperties"][0][0],
                self.iassets[0]["theEnvironmentProperties"][0][1],
                self.iassets[0]["theEnvironmentProperties"][0][2])
        ]
        self.iap1 = AssetParameters(self.iassets[0]["theName"],
                                    self.iassets[0]["theShortCode"],
                                    self.iassets[0]["theDescription"],
                                    self.iassets[0]["theSignificance"],
                                    self.iassets[0]["theType"], "0", "N/A", [],
                                    [], self.iaeps1)
        self.iap2 = AssetParameters(self.iassets[1]["theName"],
                                    self.iassets[1]["theShortCode"],
                                    self.iassets[1]["theDescription"],
                                    self.iassets[1]["theSignificance"],
                                    self.iassets[1]["theType"], "0", "N/A", [],
                                    [], self.iaeps1)
        self.iap3 = AssetParameters(self.iassets[2]["theName"],
                                    self.iassets[2]["theShortCode"],
                                    self.iassets[2]["theDescription"],
                                    self.iassets[2]["theSignificance"],
                                    self.iassets[2]["theType"], "0", "N/A", [],
                                    [], self.iaeps1)
        b.dbProxy.addAsset(self.iap1)
        b.dbProxy.addAsset(self.iap2)
        b.dbProxy.addAsset(self.iap3)
        self.oap = b.dbProxy.getAssets()
        self.iThreats = d['threats']
        self.iteps = [
            ThreatEnvironmentProperties(
                self.iThreats[0]["theEnvironmentProperties"][0]["theName"],
                self.iThreats[0]["theEnvironmentProperties"][0]
                ["theLikelihood"],
                self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],
                self.iThreats[0]["theEnvironmentProperties"][0]
                ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"]
                [0]["theProperties"][0][1], self.iThreats[0]
                ["theEnvironmentProperties"][0]["theProperties"][0][1])
        ]
        self.itps = ThreatParameters(self.iThreats[0]["theName"],
                                     self.iThreats[0]["theType"],
                                     self.iThreats[0]["theMethod"], [],
                                     self.iteps)
        b.dbProxy.addThreat(self.itps)
        self.otps = b.dbProxy.getThreats()
        self.iVuln = d['vulnerabilities']
        self.iveps = [
            VulnerabilityEnvironmentProperties(
                self.iVuln[0]["theEnvironmentProperties"][0]["theName"],
                self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
                self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])
        ]
        self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],
                                           self.iVuln[0]["theDescription"],
                                           self.iVuln[0]["theType"], [],
                                           self.iveps)
        b.dbProxy.addVulnerability(self.ivp)
        self.ovp = b.dbProxy.getVulnerabilities()
        self.imc = d['misuseCase']
        self.iRisks = d['risks']

    def testRisk(self):
        imcep = [
            MisuseCaseEnvironmentProperties(
                self.imc[0]["theEnvironmentProperties"][0]["theName"],
                self.imc[0]["theEnvironmentProperties"][0]["theDescription"])
        ]
        imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,
                          self.imc[0]["theRisk"])
        irp = RiskParameters(self.iRisks[0]["theName"],
                             self.iRisks[0]["threatName"],
                             self.iRisks[0]["vulName"], imcp, [])
        b = Borg()
        b.dbProxy.addRisk(irp)
        oRisks = b.dbProxy.getRisks()
        o = oRisks[self.iRisks[0]["theName"]]
        self.assertEqual(irp.name(), o.name())
        self.assertEqual(irp.threat(), o.threat())
        self.assertEqual(irp.vulnerability(), o.vulnerability())

        #    scoreDetails = b.dbProxy.riskScore(self.iRisks[0]["threatName"],self.iRisks[0]["vulName"],self.iaeps1[0].name())
        #    preScore = scoreDetails[0][1]
        #    postScore = scoreDetails[0][2]
        #    self.assertEqual(preScore,9)
        #    self.assertEqual(postScore,9)

        imcp.theName = 'Updated risk'
        imcp.theId = o.misuseCase().id()
        irp.theRiskName = 'Updated risk'
        irp.theMisuseCase = imcp

        irp.setId(o.id())
        b.dbProxy.updateRisk(irp)
        oRisks = b.dbProxy.getRisks()
        o = oRisks['Updated risk']
        self.assertEqual(o.name(), 'Updated risk')
        self.assertEqual(irp.threat(), o.threat())
        self.assertEqual(irp.vulnerability(), o.vulnerability())

        b.dbProxy.deleteRisk(o.id())

    def tearDown(self):
        b = Borg()

        b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id())
        b.dbProxy.deleteThreat(self.otps[self.itps.name()].id())
        b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id())
        b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id())
        b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id())
        b.dbProxy.deleteVulnerabilityType(0)
        b.dbProxy.deleteThreatType(0)
        b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id())
        b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id())
        b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id())
        b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id())
        b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id())
        b.dbProxy.deletePersona(self.opp[self.ipp.name()].id())
        b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id())
        b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id())
        b.dbProxy.close()
        call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
 def parameters(self):
   parameters = VulnerabilityParameters(self.theName,self.theDescription,self.theType,self.theTags,self.theEnvironmentProperties)
   parameters.setId(self.theVulnerabilityId)
   return parameters
Example #17
0
  def testStandardVulnerability(self):
    iveps1 = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])]
    iveps2 = [VulnerabilityEnvironmentProperties(self.iVuln[1]["theEnvironmentProperties"][0]["theName"],self.iVuln[1]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[1]["theEnvironmentProperties"][0]["theAssets"])]
    iveps3 = [VulnerabilityEnvironmentProperties(self.iVuln[2]["theEnvironmentProperties"][0]["theName"],self.iVuln[2]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[2]["theEnvironmentProperties"][0]["theAssets"])]
    ivp1 = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], iveps1)
    ivp2 = VulnerabilityParameters(self.iVuln[1]["theName"],self.iVuln[1]["theDescription"],self.iVuln[1]["theType"], [], iveps2)
    ivp3 = VulnerabilityParameters(self.iVuln[2]["theName"],self.iVuln[2]["theDescription"],self.iVuln[2]["theType"], [], iveps3)
    b = Borg()
    b.dbProxy.addVulnerability(ivp1)
    b.dbProxy.addVulnerability(ivp2)
    b.dbProxy.addVulnerability(ivp3)
    ovps = b.dbProxy.getVulnerabilities()
    
    ovp1 = ovps[self.iVuln[0]["theName"]]
    ovep1 = ovp1.environmentProperties()
    self.assertEqual(ivp1.name(), ovp1.name())
    self.assertEqual(ivp1.type(),ovp1.type())
    self.assertEqual(ivp1.description(),ovp1.description())
    self.assertEqual(self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], ovep1[0].severity())
    self.assertEqual(str(self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"][0]), str(ovep1[0].assets()[0]))

    ovp2 = ovps[self.iVuln[1]["theName"]]
    ovep2 = ovp2.environmentProperties()
    self.assertEqual(ivp2.name(), ovp2.name())
    self.assertEqual(ivp2.type(),ovp2.type())
    self.assertEqual(ivp2.description(),ovp2.description())
    self.assertEqual(self.iVuln[1]["theEnvironmentProperties"][0]["theSeverity"], ovp2.environmentProperties()[0].severity())
    self.assertEqual(str(self.iVuln[1]["theEnvironmentProperties"][0]["theAssets"][0]), str(ovep2[0].assets()[0]))

    ovp3 = ovps[self.iVuln[2]["theName"]]
    ovep3 = ovp3.environmentProperties()
    self.assertEqual(ivp3.name(), ovp3.name())
    self.assertEqual(ivp3.type(),ovp3.type())
    self.assertEqual(ivp3.description(),ovp3.description())
    self.assertEqual(self.iVuln[2]["theEnvironmentProperties"][0]["theSeverity"], ovep3[0].severity())
    self.assertEqual(str(self.iVuln[2]["theEnvironmentProperties"][0]["theAssets"][0]), str(ovep3[0].assets()[0]))

    ovp3.theName = 'updated name'
    ovp3.theDescription = 'updated description'
    b.dbProxy.updateVulnerability(ovp3)

    ovps = b.dbProxy.getVulnerabilities()
    ovp4 = ovps['updated name']
    self.assertEqual(ovp3.name(), ovp4.name())
    self.assertEqual(ovp3.type(),ovp4.type())
    self.assertEqual(ovp3.description(),ovp4.description())

    b.dbProxy.deleteVulnerability(ovp1.id())
    b.dbProxy.deleteVulnerability(ovp2.id())
    b.dbProxy.deleteVulnerability(ovp3.id())
Example #18
0
    def setUp(self):
        call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"])
        cairis.core.BorgFactory.initialise()
        f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json')
        d = json.load(f)
        f.close()
        ienvs = d['environments']
        iep1 = EnvironmentParameters(ienvs[0]["theName"],
                                     ienvs[0]["theShortCode"],
                                     ienvs[0]["theDescription"])
        b = Borg()
        b.dbProxy.addEnvironment(iep1)
        iRoles = d['roles']
        irp = RoleParameters(iRoles[0]["theName"], iRoles[0]["theType"],
                             iRoles[0]["theShortCode"],
                             iRoles[0]["theDescription"], [])
        b.dbProxy.addRole(irp)
        iAttackers = d['attackers']
        iatkeps = [
            AttackerEnvironmentProperties(
                iAttackers[0]["theEnvironmentProperties"][0]["theName"],
                iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],
                iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],
                iAttackers[0]["theEnvironmentProperties"][0]
                ["theCapabilities"])
        ]
        iatk = AttackerParameters(iAttackers[0]["theName"],
                                  iAttackers[0]["theDescription"],
                                  iAttackers[0]["theImage"], [], iatkeps)
        b.dbProxy.addAttacker(iatk)
        iVtypes = d['valuetypes']
        ivt1 = ValueTypeParameters(iVtypes[0]["theName"],
                                   iVtypes[0]["theDescription"],
                                   iVtypes[0]["theType"])
        ivt2 = ValueTypeParameters(iVtypes[1]["theName"],
                                   iVtypes[1]["theDescription"],
                                   iVtypes[1]["theType"])
        b.dbProxy.addValueType(ivt1)
        b.dbProxy.addValueType(ivt2)
        iassets = d['assets']
        iaeps1 = [
            AssetEnvironmentProperties(
                iassets[0]["theEnvironmentProperties"][0][0],
                iassets[0]["theEnvironmentProperties"][0][1],
                iassets[0]["theEnvironmentProperties"][0][2])
        ]
        iaeps2 = [
            AssetEnvironmentProperties(
                iassets[1]["theEnvironmentProperties"][0][0],
                iassets[1]["theEnvironmentProperties"][0][1],
                iassets[1]["theEnvironmentProperties"][0][2])
        ]
        iaeps3 = [
            AssetEnvironmentProperties(
                iassets[2]["theEnvironmentProperties"][0][0],
                iassets[2]["theEnvironmentProperties"][0][1],
                iassets[2]["theEnvironmentProperties"][0][2])
        ]
        iap1 = AssetParameters(iassets[0]["theName"],
                               iassets[0]["theShortCode"],
                               iassets[0]["theDescription"],
                               iassets[0]["theSignificance"],
                               iassets[0]["theType"], "0", "N/A", [], [],
                               iaeps1)
        iap2 = AssetParameters(iassets[1]["theName"],
                               iassets[1]["theShortCode"],
                               iassets[1]["theDescription"],
                               iassets[1]["theSignificance"],
                               iassets[1]["theType"], "0", "N/A", [], [],
                               iaeps2)
        iap3 = AssetParameters(iassets[2]["theName"],
                               iassets[2]["theShortCode"],
                               iassets[2]["theDescription"],
                               iassets[2]["theSignificance"],
                               iassets[2]["theType"], "0", "N/A", [], [],
                               iaeps3)
        b.dbProxy.addAsset(iap1)
        b.dbProxy.addAsset(iap2)
        b.dbProxy.addAsset(iap3)
        iThreats = d['threats']
        iteps = [
            ThreatEnvironmentProperties(
                iThreats[0]["theEnvironmentProperties"][0]["theName"],
                iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],
                iThreats[0]["theEnvironmentProperties"][0]["theAssets"],
                iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],
                iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0]
                [1], iThreats[0]["theEnvironmentProperties"][0]
                ["theProperties"][0][1])
        ]
        itps = ThreatParameters(iThreats[0]["theName"], iThreats[0]["theType"],
                                iThreats[0]["theMethod"], [], iteps)
        b.dbProxy.addThreat(itps)
        iVuln = d['vulnerabilities']
        iveps = [
            VulnerabilityEnvironmentProperties(
                iVuln[0]["theEnvironmentProperties"][0]["theName"],
                iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
                iVuln[0]["theEnvironmentProperties"][0]["theAssets"])
        ]
        ivp = VulnerabilityParameters(iVuln[0]["theName"],
                                      iVuln[0]["theDescription"],
                                      iVuln[0]["theType"], [], iveps)
        b.dbProxy.addVulnerability(ivp)
        imc = d['misuseCase']
        iRisks = d['risks']

        imcep = [
            MisuseCaseEnvironmentProperties(
                imc[0]["theEnvironmentProperties"][0]["theName"],
                imc[0]["theEnvironmentProperties"][0]["theDescription"])
        ]
        imcp = MisuseCase(int(0), imc[0]["theName"], imcep, imc[0]["theRisk"])
        irp = RiskParameters(iRisks[0]["theName"], iRisks[0]["threatName"],
                             iRisks[0]["vulName"], imcp, [])
        b.dbProxy.addRisk(irp)
        self.iResponses = d['responses']
Example #19
0
  def setUp(self):
    call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"])
    cairis.core.BorgFactory.initialise()
    f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json')
    d = json.load(f)
    f.close()
    self.ienvs = d['environments']
    self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"])
    b = Borg()
    b.dbProxy.addEnvironment(self.iep1)
    self.oenvs = b.dbProxy.getEnvironments()
    self.iRoles = d['roles']
    self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[])
    b.dbProxy.addRole(self.irp)
    self.oRoles = b.dbProxy.getRoles()
    self.iPersonas = d['personas']
    self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[])
    b.dbProxy.addPersona(self.ipp)
    self.opp = b.dbProxy.getPersonas()
    self.iExternalDocuments = d['external_documents']
    self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"])
    self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"])
    b.dbProxy.addExternalDocument(self.iec1)
    b.dbProxy.addExternalDocument(self.iec2)
    self.oecs = b.dbProxy.getExternalDocuments()
    self.iDocumentReferences = d['document_references']
    self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"])
    self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"])
    b.dbProxy.addDocumentReference(self.idr1)
    b.dbProxy.addDocumentReference(self.idr2)
    self.odrs = b.dbProxy.getDocumentReferences()
    self.iPersonaCharacteristics = d['persona_characteristics']
    self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[])
    b.dbProxy.addPersonaCharacteristic(self.ipc1)
    self.opcs = b.dbProxy.getPersonaCharacteristics()
    self.iAttackers = d['attackers']
    self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])]
    self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps)
    b.dbProxy.addAttacker(self.iatk)
    self.oAttackers = b.dbProxy.getAttackers()
    self.iVtypes = d['valuetypes']
    self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"])
    self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"])
    b.dbProxy.addValueType(self.ivt1)
    b.dbProxy.addValueType(self.ivt2)
    self.ovtt = b.dbProxy.getValueTypes('threat_type')
    self.ovtv = b.dbProxy.getValueTypes('vulnerability_type')
    self.iassets = d['assets']
    self.iaeps1 = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])]
    self.iaeps2 = [AssetEnvironmentProperties(self.iassets[1]["theEnvironmentProperties"][0][0],self.iassets[1]["theEnvironmentProperties"][0][1],self.iassets[1]["theEnvironmentProperties"][0][2])]
    self.iaeps3 = [AssetEnvironmentProperties(self.iassets[2]["theEnvironmentProperties"][0][0],self.iassets[2]["theEnvironmentProperties"][0][1],self.iassets[2]["theEnvironmentProperties"][0][2])]
    self.iap1 = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps1)
    self.iap2 = AssetParameters(self.iassets[1]["theName"],self.iassets[1]["theShortCode"],self.iassets[1]["theDescription"],self.iassets[1]["theSignificance"],self.iassets[1]["theType"],"0","N/A",[],[],self.iaeps2)
    self.iap3 = AssetParameters(self.iassets[2]["theName"],self.iassets[2]["theShortCode"],self.iassets[2]["theDescription"],self.iassets[2]["theSignificance"],self.iassets[2]["theType"],"0","N/A",[],[],self.iaeps3)
    b.dbProxy.addAsset(self.iap1)
    b.dbProxy.addAsset(self.iap2)
    b.dbProxy.addAsset(self.iap3)
    self.oap = b.dbProxy.getAssets()
    self.iThreats = d['threats']
    self.iteps = [ThreatEnvironmentProperties(self.iThreats[0]["theEnvironmentProperties"][0]["theName"],self.iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],self.iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])]
    self.itps = ThreatParameters(self.iThreats[0]["theName"],self.iThreats[0]["theType"],self.iThreats[0]["theMethod"],[],self.iteps)
    b.dbProxy.addThreat(self.itps)
    self.otps = b.dbProxy.getThreats()
    self.iVuln = d['vulnerabilities']
    self.iveps = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])]
    self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], self.iveps)
    b.dbProxy.addVulnerability(self.ivp)
    self.ovp = b.dbProxy.getVulnerabilities()
    self.imc = d['misuseCase']
    self.iRisks = d['risks']

    imcep = [MisuseCaseEnvironmentProperties(self.imc[0]["theEnvironmentProperties"][0]["theName"],self.imc[0]["theEnvironmentProperties"][0]["theDescription"])]
    imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,self.imc[0]["theRisk"])
    irp = RiskParameters(self.iRisks[0]["theName"],self.iRisks[0]["threatName"],self.iRisks[0]["vulName"], imcp,[])
    b.dbProxy.addRisk(irp)
    oRisks = b.dbProxy.getRisks()
    self.r = oRisks[self.iRisks[0]["theName"]]
    self.iResponses = d['responses']
Example #20
0
class ResponseTest(unittest.TestCase):

  def setUp(self):
    call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"])
    cairis.core.BorgFactory.initialise()
    f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json')
    d = json.load(f)
    f.close()
    self.ienvs = d['environments']
    self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"])
    b = Borg()
    b.dbProxy.addEnvironment(self.iep1)
    self.oenvs = b.dbProxy.getEnvironments()
    self.iRoles = d['roles']
    self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[])
    b.dbProxy.addRole(self.irp)
    self.oRoles = b.dbProxy.getRoles()
    self.iPersonas = d['personas']
    self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[])
    b.dbProxy.addPersona(self.ipp)
    self.opp = b.dbProxy.getPersonas()
    self.iExternalDocuments = d['external_documents']
    self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"])
    self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"])
    b.dbProxy.addExternalDocument(self.iec1)
    b.dbProxy.addExternalDocument(self.iec2)
    self.oecs = b.dbProxy.getExternalDocuments()
    self.iDocumentReferences = d['document_references']
    self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"])
    self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"])
    b.dbProxy.addDocumentReference(self.idr1)
    b.dbProxy.addDocumentReference(self.idr2)
    self.odrs = b.dbProxy.getDocumentReferences()
    self.iPersonaCharacteristics = d['persona_characteristics']
    self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[])
    b.dbProxy.addPersonaCharacteristic(self.ipc1)
    self.opcs = b.dbProxy.getPersonaCharacteristics()
    self.iAttackers = d['attackers']
    self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])]
    self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps)
    b.dbProxy.addAttacker(self.iatk)
    self.oAttackers = b.dbProxy.getAttackers()
    self.iVtypes = d['valuetypes']
    self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"])
    self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"])
    b.dbProxy.addValueType(self.ivt1)
    b.dbProxy.addValueType(self.ivt2)
    self.ovtt = b.dbProxy.getValueTypes('threat_type')
    self.ovtv = b.dbProxy.getValueTypes('vulnerability_type')
    self.iassets = d['assets']
    self.iaeps1 = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])]
    self.iaeps2 = [AssetEnvironmentProperties(self.iassets[1]["theEnvironmentProperties"][0][0],self.iassets[1]["theEnvironmentProperties"][0][1],self.iassets[1]["theEnvironmentProperties"][0][2])]
    self.iaeps3 = [AssetEnvironmentProperties(self.iassets[2]["theEnvironmentProperties"][0][0],self.iassets[2]["theEnvironmentProperties"][0][1],self.iassets[2]["theEnvironmentProperties"][0][2])]
    self.iap1 = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps1)
    self.iap2 = AssetParameters(self.iassets[1]["theName"],self.iassets[1]["theShortCode"],self.iassets[1]["theDescription"],self.iassets[1]["theSignificance"],self.iassets[1]["theType"],"0","N/A",[],[],self.iaeps2)
    self.iap3 = AssetParameters(self.iassets[2]["theName"],self.iassets[2]["theShortCode"],self.iassets[2]["theDescription"],self.iassets[2]["theSignificance"],self.iassets[2]["theType"],"0","N/A",[],[],self.iaeps3)
    b.dbProxy.addAsset(self.iap1)
    b.dbProxy.addAsset(self.iap2)
    b.dbProxy.addAsset(self.iap3)
    self.oap = b.dbProxy.getAssets()
    self.iThreats = d['threats']
    self.iteps = [ThreatEnvironmentProperties(self.iThreats[0]["theEnvironmentProperties"][0]["theName"],self.iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],self.iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])]
    self.itps = ThreatParameters(self.iThreats[0]["theName"],self.iThreats[0]["theType"],self.iThreats[0]["theMethod"],[],self.iteps)
    b.dbProxy.addThreat(self.itps)
    self.otps = b.dbProxy.getThreats()
    self.iVuln = d['vulnerabilities']
    self.iveps = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])]
    self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], self.iveps)
    b.dbProxy.addVulnerability(self.ivp)
    self.ovp = b.dbProxy.getVulnerabilities()
    self.imc = d['misuseCase']
    self.iRisks = d['risks']

    imcep = [MisuseCaseEnvironmentProperties(self.imc[0]["theEnvironmentProperties"][0]["theName"],self.imc[0]["theEnvironmentProperties"][0]["theDescription"])]
    imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,self.imc[0]["theRisk"])
    irp = RiskParameters(self.iRisks[0]["theName"],self.iRisks[0]["threatName"],self.iRisks[0]["vulName"], imcp,[])
    b.dbProxy.addRisk(irp)
    oRisks = b.dbProxy.getRisks()
    self.r = oRisks[self.iRisks[0]["theName"]]
    self.iResponses = d['responses']

  def testResponse(self):
    iar1Name = self.iResponses[0]["theType"] + " " + self.iResponses[0]["theRisk"] 
    iaep1 = AcceptEnvironmentProperties(self.iResponses[0]["theEnvironmentProperties"][0],self.iResponses[0]["theEnvironmentProperties"][1],self.iResponses[0]["theEnvironmentProperties"][2])
    iar1 = ResponseParameters(iar1Name,self.iResponses[0]["theRisk"],[],[iaep1], self.iResponses[0]["theType"])

    iar2Name = self.iResponses[1]["theType"] + " " + self.iResponses[1]["theRisk"] 
    iaep2 = MitigateEnvironmentProperties(self.iResponses[1]["theEnvironmentProperties"],self.iResponses[1]["theType"])
    iar2 = ResponseParameters(iar2Name,self.iResponses[1]["theRisk"],[],[iaep2], self.iResponses[1]["theType"])

    b = Borg()
    b.dbProxy.addResponse(iar1)
    b.dbProxy.addResponse(iar2)

    self.ors = b.dbProxy.getResponses()
    self.oar1 = self.ors[iar1Name]
    self.oar2 = self.ors[iar2Name]

    self.assertEqual(iar1.name(),self.oar1.name())
    self.assertEqual(iar1.risk(),self.oar1.risk())
    self.assertEqual(iar1.responseType(),self.oar1.responseType())
    self.assertEqual(iar1.environmentProperties()[0].cost(),self.oar1.environmentProperties()[0].cost())
    self.assertEqual(iar1.environmentProperties()[0].description(),self.oar1.environmentProperties()[0].description())

    self.assertEqual(iar2.name(),self.oar2.name())
    self.assertEqual(iar2.risk(),self.oar2.risk())
    self.assertEqual(iar2.responseType(),self.oar2.responseType())

    rgp = cairis.core.GoalFactory.build(self.oar2)
    riskParameters = rgp[0]
    riskGoalId = b.dbProxy.addGoal(riskParameters)
    b.dbProxy.addTrace('response_goal',self.oar2.id(),riskGoalId)
    if (rgp > 1):
      threatParameters = rgp[1]
      vulnerabilityParameters = rgp[2]
      b.dbProxy.addGoal(vulnerabilityParameters)
      b.dbProxy.addGoal(threatParameters)
    b.dbProxy.relabelGoals(iaep2.name())

    oGoals = b.dbProxy.getGoals()
    print oGoals
    rg = oGoals['Deter' + self.oar2.risk()]
    vg = oGoals[vulnerabilityParameters.name()]
    tg = oGoals[threatParameters.name()]

    ogops = b.dbProxy.getGoalAssociations()
    ogop1 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + threatParameters.name() + '/or']
    ogop2 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + vulnerabilityParameters.name() + '/or']

    b.dbProxy.deleteGoalAssociation(ogop1.id(),ogop1.goal(),ogop1.subGoal())
    b.dbProxy.deleteGoalAssociation(ogop2.id(),ogop2.goal(),ogop2.subGoal())
    b.dbProxy.deleteTrace('response',self.oar2.name(),'goal',rg.name())

    b.dbProxy.deleteGoal(tg.id())
    b.dbProxy.deleteGoal(vg.id())
    b.dbProxy.deleteGoal(rg.id())

    b.dbProxy.deleteResponse(self.oar2.id())
    b.dbProxy.deleteResponse(self.oar1.id())
  
  def tearDown(self):
    b = Borg()
    
    b.dbProxy.deleteRisk(self.r.id())
    b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id())
    b.dbProxy.deleteThreat(self.otps[self.itps.name()].id())
    b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id())
    b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id())
    b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id())
    b.dbProxy.deleteVulnerabilityType(0)
    b.dbProxy.deleteThreatType(0)
    b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id())
    b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id())
    b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id())
    b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id())
    b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id())
    b.dbProxy.deletePersona(self.opp[self.ipp.name()].id())
    b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id())
    b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id())
    b.dbProxy.close()
    call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
Example #21
0
class RiskTest(unittest.TestCase):

  def setUp(self):
    call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"])
    cairis.core.BorgFactory.initialise()
    f = open(os.environ['CAIRIS_SRC'] + '/test/risks.json')
    d = json.load(f)
    f.close()
    self.ienvs = d['environments']
    self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"])
    b = Borg()
    b.dbProxy.addEnvironment(self.iep1)
    self.oenvs = b.dbProxy.getEnvironments()
    self.iRoles = d['roles']
    self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[])
    b.dbProxy.addRole(self.irp)
    self.oRoles = b.dbProxy.getRoles()
    self.iPersonas = d['personas']
    self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[])
    b.dbProxy.addPersona(self.ipp)
    self.opp = b.dbProxy.getPersonas()
    self.iExternalDocuments = d['external_documents']
    self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"])
    self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"])
    b.dbProxy.addExternalDocument(self.iec1)
    b.dbProxy.addExternalDocument(self.iec2)
    self.oecs = b.dbProxy.getExternalDocuments()
    self.iDocumentReferences = d['document_references']
    self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"])
    self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"])
    b.dbProxy.addDocumentReference(self.idr1)
    b.dbProxy.addDocumentReference(self.idr2)
    self.odrs = b.dbProxy.getDocumentReferences()
    self.iPersonaCharacteristics = d['persona_characteristics']
    self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[])
    b.dbProxy.addPersonaCharacteristic(self.ipc1)
    self.opcs = b.dbProxy.getPersonaCharacteristics()
    self.iAttackers = d['attackers']
    self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])]
    self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps)
    b.dbProxy.addAttacker(self.iatk)
    self.oAttackers = b.dbProxy.getAttackers()
    self.iVtypes = d['valuetypes']
    self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"])
    self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"])
    b.dbProxy.addValueType(self.ivt1)
    b.dbProxy.addValueType(self.ivt2)
    self.ovtt = b.dbProxy.getValueTypes('threat_type')
    self.ovtv = b.dbProxy.getValueTypes('vulnerability_type')
    self.iassets = d['assets']
    self.iaeps1 = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])]
    self.iap1 = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps1)
    self.iap2 = AssetParameters(self.iassets[1]["theName"],self.iassets[1]["theShortCode"],self.iassets[1]["theDescription"],self.iassets[1]["theSignificance"],self.iassets[1]["theType"],"0","N/A",[],[],self.iaeps1)
    self.iap3 = AssetParameters(self.iassets[2]["theName"],self.iassets[2]["theShortCode"],self.iassets[2]["theDescription"],self.iassets[2]["theSignificance"],self.iassets[2]["theType"],"0","N/A",[],[],self.iaeps1)
    b.dbProxy.addAsset(self.iap1)
    b.dbProxy.addAsset(self.iap2)
    b.dbProxy.addAsset(self.iap3)
    self.oap = b.dbProxy.getAssets()
    self.iThreats = d['threats']
    self.iteps = [ThreatEnvironmentProperties(self.iThreats[0]["theEnvironmentProperties"][0]["theName"],self.iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],self.iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])]
    self.itps = ThreatParameters(self.iThreats[0]["theName"],self.iThreats[0]["theType"],self.iThreats[0]["theMethod"],[],self.iteps)
    b.dbProxy.addThreat(self.itps)
    self.otps = b.dbProxy.getThreats()
    self.iVuln = d['vulnerabilities']
    self.iveps = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])]
    self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], self.iveps)
    b.dbProxy.addVulnerability(self.ivp)
    self.ovp = b.dbProxy.getVulnerabilities()
    self.imc = d['misuseCase']
    self.iRisks = d['risks']

  def testRisk(self):
    imcep = [MisuseCaseEnvironmentProperties(self.imc[0]["theEnvironmentProperties"][0]["theName"],self.imc[0]["theEnvironmentProperties"][0]["theDescription"])]
    imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,self.imc[0]["theRisk"])
    irp = RiskParameters(self.iRisks[0]["theName"],self.iRisks[0]["threatName"],self.iRisks[0]["vulName"], imcp,[])
    b = Borg()
    b.dbProxy.addRisk(irp)
    oRisks = b.dbProxy.getRisks()
    o = oRisks[self.iRisks[0]["theName"]]
    self.assertEqual(irp.name(), o.name())
    self.assertEqual(irp.threat(),o.threat())
    self.assertEqual(irp.vulnerability(),o.vulnerability())

#    scoreDetails = b.dbProxy.riskScore(self.iRisks[0]["threatName"],self.iRisks[0]["vulName"],self.iaeps1[0].name())
#    preScore = scoreDetails[0][1]
#    postScore = scoreDetails[0][2]
#    self.assertEqual(preScore,9)
#    self.assertEqual(postScore,9)

    imcp.theName = 'Updated risk'
    imcp.theId = o.misuseCase().id()
    irp.theRiskName = 'Updated risk'
    irp.theMisuseCase = imcp

    irp.setId(o.id())
    b.dbProxy.updateRisk(irp)
    oRisks = b.dbProxy.getRisks()
    o = oRisks['Updated risk']
    self.assertEqual(o.name(),'Updated risk')
    self.assertEqual(irp.threat(),o.threat())
    self.assertEqual(irp.vulnerability(),o.vulnerability())
    
    b.dbProxy.deleteRisk(o.id())
  
  def tearDown(self):
    b = Borg()
    
    b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id())
    b.dbProxy.deleteThreat(self.otps[self.itps.name()].id())
    b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id())
    b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id())
    b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id())
    b.dbProxy.deleteVulnerabilityType(0)
    b.dbProxy.deleteThreatType(0)
    b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id())
    b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id())
    b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id())
    b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id())
    b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id())
    b.dbProxy.deletePersona(self.opp[self.ipp.name()].id())
    b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id())
    b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id())
    b.dbProxy.close()
    call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])