def add_asset_association(self, assoc):
assocParams = ClassAssociationParameters(
envName=assoc.theEnvironmentName,
headName=assoc.theHeadAsset,
headDim='asset',
headNav=assoc.theHeadNavigation,
headType=assoc.theHeadType,
headMultiplicity=assoc.theHeadMultiplicity,
headRole=assoc.theHeadRole,
tailRole=assoc.theTailRole,
tailMultiplicity=assoc.theTailMultiplicity,
tailType=assoc.theTailType,
tailNav=assoc.theTailNavigation,
tailDim='asset',
tailName=assoc.theTailAsset,
rationale=assoc.theRationale)
try:
self.db_proxy.addClassAssociation(assocParams)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def get_obstacle_model(self, environment_name, obstacle_name):
fontName, fontSize, apFontName = get_fonts(session_id=self.session_id)
try:
obstacle_filter = 0
if obstacle_name != '': obstacle_filter = 1
associationDictionary = self.db_proxy.obstacleModel(
environment_name, obstacle_name, obstacle_filter)
associations = KaosModel(associationDictionary.values(),
environment_name,
'obstacle',
obstacle_name,
db_proxy=self.db_proxy,
font_name=fontName,
font_size=fontSize)
dot_code = associations.graph()
return dot_code
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def getDimensions(self, table, id):
try:
permissableDimensions = [
'access_right', 'architectural_pattern', 'asset',
'asset_reference', 'asset_type', 'attacker',
'attacker_reference', 'behavioural_variable', 'capability',
'characteristic_synopsis', 'component', 'concept_reference',
'connector', 'countermeasure', 'countermeasure_reference',
'countermeasure_value', 'datastore', 'detection_mechanism',
'dfd_filter', 'document_reference', 'domainproperty',
'domainproperty_reference', 'entity', 'environment',
'environment_reference', 'external_document', 'goal',
'goal_reference', 'goal_category_type', 'interface',
'likelihood', 'locations', 'misusability_case', 'misusecase',
'misusecase_reference', 'motivation', 'obstacle',
'obstacle_category_type', 'obstacle_reference', 'persona',
'persona_characteristic', 'persona_characteristic_synopsis',
'persona_implied_process', 'persona_reference', 'persona_type',
'priority_type', 'privilege', 'protocol', 'reference_synopsis',
'requirement', 'requirement_reference', 'requirement_type',
'response', 'response_reference', 'risk', 'risk_class',
'risk_reference', 'role', 'role_reference', 'role_type',
'securitypattern', 'severity', 'surface_type', 'task',
'task_characteristic', 'task_reference', 'template_asset',
'template_goal', 'template_requirement', 'trace_dimension',
'threat', 'threat_reference', 'threat_type', 'threat_value',
'usecase', 'vulnerability', 'vulnerability_reference',
'vulnerability_type'
]
if (table not in permissableDimensions):
raise CairisHTTPError(
BAD_REQUEST, 'Invalid dimension',
table + ' is not a permissable dimension')
if (table == 'persona_characteristic_synopsis'):
return self.getDimensionNames(table, '')
else:
return sorted(self.db_proxy.getDimensions(table, id).keys())
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def get_goal_model(self, environment_name, goal_name, usecase_name):
fontName, fontSize, apFontName = get_fonts(session_id=self.session_id)
try:
associationDictionary = {}
goalFilter = 0
ucFilter = 0
if goal_name != '': goalFilter = 1
if usecase_name != '': ucFilter = 1
associationDictionary = self.db_proxy.goalModel(
environment_name, goal_name, goalFilter, ucFilter)
associations = KaosModel(associationDictionary.values(),
environment_name,
'goal',
goal_name,
db_proxy=self.db_proxy,
font_name=fontName,
font_size=fontSize)
dot_code = associations.graph()
return dot_code
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def get_requirement_by_name(self, name):
found_requirement = None
try:
requirements = self.db_proxy.getRequirements()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
if requirements is not None:
idx = 0
while found_requirement is None and idx < len(requirements):
if (list(requirements.values())[idx].theName == name) or (list(
requirements.values())[idx].theLabel == name):
found_requirement = list(requirements.values())[idx]
idx += 1
if found_requirement is None:
self.close()
raise ObjectNotFoundHTTPError('The provided requirement name ' +
'"' + name + '"')
return found_requirement
def file_export(self, fileName='', fileType='xml'):
try:
xmlBuf = '<?xml version="1.0"?>\n<!DOCTYPE cairis_model PUBLIC "-//CAIRIS//DTD MODEL 1.0//EN" "http://cairis.org/dtd/cairis_model.dtd">\n<cairis_model>\n\n\n'
xmlBuf += self.db_proxy.tvTypesToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.domainValuesToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.projectToXml(0) + '\n\n'
xmlBuf += self.db_proxy.riskAnalysisToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.usabilityToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.goalsToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.associationsToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.synopsesToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.misusabilityToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.dataflowsToXml(0)[0] + '\n\n'
xmlBuf += self.db_proxy.locationsToXml()[0] + '\n\n</cairis_model>'
if (fileType == 'xml'):
return xmlBuf
else:
return self.modelPackage(fileName, xmlBuf)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def add_asset(self, asset, asset_props=None):
try:
self.db_proxy.nameCheck(asset.theName, 'asset')
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
assetParams = AssetParameters(
assetName=asset.theName,
shortCode=asset.theShortCode,
assetDesc=asset.theDescription,
assetSig=asset.theSignificance,
assetType=asset.theType,
cFlag=asset.isCritical,
cRationale=asset.theCriticalRationale,
tags=asset.theTags,
ifs=asset.theInterfaces,
cProperties=asset.theEnvironmentProperties
)
asset_id = self.db_proxy.addAsset(assetParams)
return asset_id
def add_goal_association(self, assoc, pathValues=[]):
if (assoc.theGoal == assoc.theSubGoal):
raise CairisHTTPError(status_code=http.client.BAD_REQUEST,
status="Self-refinement error",
message='Cannot self-refine ' +
assoc.theGoal)
assocParams = GoalAssociationParameters(
envName=assoc.theEnvironmentName,
goalName=assoc.theGoal,
goalDimName=assoc.theGoalDimension,
aType=assoc.theAssociationType,
subGoalName=assoc.theSubGoal,
subGoalDimName=assoc.theSubGoalDimension,
alternativeId=assoc.theAlternativeId,
rationale=assoc.theRationale)
try:
self.db_proxy.addGoalAssociation(assocParams)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def get_vulnerability_by_id(self, vuln_id, simplify=True):
found_vulnerability = None
try:
vulnerabilities = self.db_proxy.getVulnerabilities()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
idx = 0
while found_vulnerability is None and idx < len(vulnerabilities):
if vulnerabilities.values()[idx].theId == vuln_id:
found_vulnerability = vulnerabilities.values()[idx]
idx += 1
if found_vulnerability is None:
self.close()
raise ObjectNotFoundHTTPError('The provided vulnerability ID')
if simplify:
found_vulnerability = self.simplify(found_vulnerability)
return found_vulnerability
def get_threat_by_id(self, threat_id, simplify=True):
found_threat = None
try:
threats = self.db_proxy.getThreats()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
idx = 0
while found_threat is None and idx < len(threats):
if list(threats.values())[idx].theId == threat_id:
found_threat = list(threats.values())[idx]
idx += 1
if found_threat is None:
self.close()
raise ObjectNotFoundHTTPError('The provided threat ID')
if simplify:
found_threat = self.simplify(found_threat)
return found_threat
def get_asset_by_id(self, id, simplify=True):
found_asset = None
try:
assets = self.db_proxy.getAssets()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
idx = 0
while found_asset is None and idx < len(assets):
if assets.values()[idx].theId == id:
found_asset = assets.values()[idx]
idx += 1
if found_asset is None:
self.close()
raise ObjectNotFoundHTTPError('The provided asset ID')
if simplify:
found_asset = self.simplify(found_asset)
return found_asset
def update_goal_association(self, assoc, environment_name, goal_name,
subgoal_name):
old_assoc = self.get_goal_association(environment_name, goal_name,
subgoal_name, False)
assocId = old_assoc.theId
assocParams = GoalAssociationParameters(
envName=assoc.theEnvironmentName,
goalName=assoc.theGoal,
goalDimName=assoc.theGoalDimension,
aType=assoc.theAssociationType,
subGoalName=assoc.theSubGoal,
subGoalDimName=assoc.theSubGoalDimension,
alternativeId=assoc.theAlternativeId,
rationale=assoc.theRationale)
assocParams.setId(assocId)
try:
self.db_proxy.updateGoalAssociation(assocParams)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def add_role(self, role):
"""
Adds a new Role to the database
:type role_props: RoleEnvironmentProperties
:type role: Role
:return Returns the role's new ID
:rtype int
"""
try:
self.db_proxy.nameCheck(role.theName, 'role')
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
role_params = RoleParameters(name=role.theName,
rType=role.theType,
sCode=role.theShortCode,
desc=role.theDescription,
cProperties=[])
role_id = self.db_proxy.addRole(role_params)
return role_id
def get_environment_by_name(self, name, simplify=True):
"""
:rtype: Environment
:raise ObjectNotFoundHTTPError:
"""
found_environment = None
try:
environments = self.db_proxy.getEnvironments()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
if environments is not None:
found_environment = environments.get(name)
if found_environment is None:
self.close()
raise ObjectNotFoundHTTPError('The provided environment name')
if simplify:
found_environment = self.simplify(found_environment)
return found_environment
def get_hta_model(self, environment_name,usecaseName,sub_usecaseName, pathValues):
fontName, fontSize, apFontName = get_fonts(session_id=self.session_id)
is_top_level = pathValues[0]
if usecaseName == 'all':
usecaseName = ''
if sub_usecaseName == 'all':
sub_usecaseName = ''
try:
associationDictionary = {}
ucFilter = 0
sub_ucFilter = 0
if usecaseName != '':
ucFilter = 1
if sub_usecaseName != '':
sub_ucFilter = 1
usecaseName = sub_usecaseName
associationDictionary = self.db_proxy.UseCaseModel(environment_name,usecase_name,is_top_level,ucFilter)
associations = UseCaseModel(list(associationDictionary.values()), environment_name, 'usecase', usecase_name, db_proxy=self.db_proxy, font_name=fontName, font_size=fontSize)
dot_code = associations.graph()
return dot_code
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def get_objects(self, constraint_id='', simplify=True):
try:
if (constraint_id == -1): constraint_id = ''
dependencies = self.db_proxy.getDependencies(constraint_id)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
except ARMException as ex:
self.close()
raise ARMHTTPError
if (simplify):
depKeys = sorted(dependencies.keys())
depList = []
for key in depKeys:
value = dependencies[key]
del value.theId
depList.append(value)
return depList
else:
for key, value in list(dependencies.items()):
del value.theId
dependencies[key] = value
return dependencies
def update_role(self, role, name=None, role_id=-1):
if name is not None:
old_role = self.get_role_by_name(name, simplify=False)
if role is None:
self.close()
raise ObjectNotFoundHTTPError('The asset')
role_id = old_role.theId
if role_id > -1:
params = RoleParameters(name=role.theName,
rType=role.theType,
sCode=role.theShortCode,
desc=role.theDescription,
cProperties=[])
params.setId(role_id)
try:
self.db_proxy.updateRole(params)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
else:
self.close()
raise MissingParameterHTTPError(param_names=['id'])
def update_asset_association(self,
assoc,
oldEnvName,
oldHeadAsset,
oldTailAsset,
pathValues=[]):
assocParams = ClassAssociationParameters(
envName=assoc.theEnvironmentName,
headName=assoc.theHeadAsset,
headDim='asset',
headNav=assoc.theHeadNavigation,
headType=assoc.theHeadType,
headMultiplicity=assoc.theHeadMultiplicity,
headRole=assoc.theHeadRole,
tailRole=assoc.theTailRole,
tailMultiplicity=assoc.theTailMultiplicity,
tailType=assoc.theTailType,
tailNav=assoc.theTailNavigation,
tailDim='asset',
tailName=assoc.theTailAsset,
rationale=assoc.theRationale)
try:
if ((assoc.theEnvironmentName != oldEnvName)
or (assoc.theHeadAsset != oldHeadAsset)
or (assoc.theTailAsset != oldTailAsset)):
self.db_proxy.checkAssetAssociation(assoc.theEnvironmentName,
assoc.theHeadAsset,
assoc.theTailAsset)
caId = self.db_proxy.getDimensionId(
oldEnvName + '/' + oldHeadAsset + '/' + oldTailAsset,
'classassociation')
assocParams.setId(caId)
self.db_proxy.updateClassAssociation(assocParams)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def add_requirement(self,
requirement,
asset_name=None,
environment_name=None):
try:
self.db_proxy.nameCheck(requirement.theName, 'requirement')
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
new_id = self.db_proxy.newId()
requirement.theId = new_id
requirement.theVersion = 1
if asset_name is not None:
try:
self.db_proxy.addRequirement(requirement,
assetName=asset_name,
isAsset=True)
except ARMException as ex:
self.close()
handle_exception(ex)
elif environment_name is not None:
try:
self.db_proxy.addRequirement(requirement,
assetName=environment_name,
isAsset=False)
except ARMException as ex:
self.close()
handle_exception(ex)
else:
self.close()
raise MissingParameterHTTPError(
param_names=['asset or environment'])
return new_id
def get_dimension_requirement_names(self, dimName, objtName):
try:
return self.db_proxy.dimensionRequirements(dimName, objtName)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def file_import(self,importFile,mFormat,overwriteFlag):
try:
return file_import(importFile,mFormat,overwriteFlag,self.session_id)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def getDimensionNames(self,table,environment):
try:
return self.db_proxy.getDimensionNames(table,environment)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def add_object(self, ug):
try:
self.db_proxy.addUserGoal(ug)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def get_asset_associations(self):
try:
return self.db_proxy.getClassAssociations()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def security_patterns_export(self):
try:
return self.db_proxy.securityPatternsToXml()
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def grl_export(self, taskName, personaName, envName):
try:
return self.db_proxy.pcToGrl(personaName, taskName, envName)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def architectural_pattern_export(self, apName):
try:
return self.db_proxy.architecturalPatternToXml(apName)
except DatabaseProxyException as ex:
self.close()
raise ARMHTTPError(ex)
def delete_trace(self, fromObjt, fromName, toObjt, toName):
try:
self.db_proxy.deleteTrace(fromObjt, fromName, toObjt, toName)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
def handle_keyerror(e):
err = ARMHTTPError(e)
return handle_error(err)
def trace_dimensions(self, dimension_name, is_from):
try:
return self.db_proxy.getTraceDimensions(dimension_name, is_from)
except ARMException as ex:
self.close()
raise ARMHTTPError(ex)
