def situatePattern(self,patternId,assetEnvs):
assetParametersList = []
for assetName,envs in assetEnvs.iteritems():
assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,envs))
b = Borg()
b.dbProxy.addSituatedAssets(patternId,assetParametersList)
self.theParentDialog.theMainWindow.updateObjectSelection()
def situatePattern(self, patternId, assetEnvs):
assetParametersList = []
for assetName, envs in assetEnvs.iteritems():
assetParametersList.append(
AssetParametersFactory.buildFromTemplate(assetName, envs))
b = Borg()
b.dbProxy.addSituatedAssets(patternId, assetParametersList)
self.theParentDialog.theMainWindow.updateObjectSelection()
def situateComponentView(self,cvName,envName,targets):
assetParametersList = []
componentAssets = self.dbProxy.componentAssets(cvName)
acDict = {}
for assetName,componentName in componentAssets:
assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,[envName]))
if assetName not in acDict:
acDict[assetName] = []
acDict[assetName].append(componentName)
self.dbProxy.situateComponentView(cvName,envName,acDict,assetParametersList,targets)
self.theParentDialog.theMainWindow.updateObjectSelection()
def onSelectGenerate(self,evt):
countermeasure = self.theParentDialog.objts[self.theParentDialog.selectedLabel]
cmId = countermeasure.id()
try:
b = Borg()
dbProxy = b.dbProxy
assetId = dbProxy.addAsset(AssetParametersFactory.build(countermeasure))
dbProxy.addTrace('countermeasure_asset',cmId,assetId)
except ARMException,errorText:
dlg = wx.MessageDialog(self,str(errorText),'Generate countermeasure asset',wx.OK | wx.ICON_ERROR)
dlg.ShowModal()
dlg.Destroy()
return
def situateComponentView(self,cvName,envName,targets,goalObstacles):
assetParametersList = []
componentAssets = self.dbProxy.componentAssets(cvName)
acDict = {}
for assetName,componentName in componentAssets:
assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,[envName]))
if assetName not in acDict:
acDict[assetName] = []
acDict[assetName].append(componentName)
ops = []
for goalName,obsName in goalObstacles:
ops.append(GoalAssociationParameters(envName,goalName,'goal','obstruct',obsName,'obstacle',0,cvName + ' weakness analysis'))
self.dbProxy.situateComponentView(cvName,envName,acDict,assetParametersList,targets,ops)
self.theParentDialog.theMainWindow.updateObjectSelection()
def onSelectGenerateFromTemplate(self,evt):
countermeasure = self.theParentDialog.objts[self.theParentDialog.selectedLabel]
cmId = countermeasure.id()
try:
b = Borg()
dbProxy = b.dbProxy
templateAssets = dbProxy.getDimensionNames('template_asset')
cDlg = DimensionNameDialog(self,'template_asset',templateAssets,'Select')
if (cDlg.ShowModal() == armid.DIMNAME_BUTTONACTION_ID):
templateAssetName = cDlg.dimensionName()
assetId = dbProxy.addAsset(AssetParametersFactory.buildFromTemplate(templateAssetName,countermeasure.environments()))
dbProxy.addTrace('countermeasure_asset',cmId,assetId)
cDlg.Destroy()
except ARMException,errorText:
dlg = wx.MessageDialog(self,str(errorText),'Generate countermeasure asset',wx.OK | wx.ICON_ERROR)
dlg.ShowModal()
dlg.Destroy()
return
def onSituate(self,evt):
tAsset = self.theParentDialog.objts[self.theParentDialog.selectedLabel]
taId = tAsset.id()
taName = tAsset.name()
try:
b = Borg()
dbProxy = b.dbProxy
envs = dbProxy.getEnvironmentNames()
cDlg = DimensionNameDialog(self,'environment',envs,'Select')
if (cDlg.ShowModal() == armid.DIMNAME_BUTTONACTION_ID):
sitEnvs = cDlg.dimensionNames()
assetId = dbProxy.addAsset(AssetParametersFactory.buildFromTemplate(taName,sitEnvs))
# NB: we don't add anything to asset_template_asset, as we only use this table when the derived asset is part of a situated pattern
cDlg.Destroy()
except ARMException,errorText:
dlg = wx.MessageDialog(self,str(errorText),'Situate template asset',wx.OK | wx.ICON_ERROR)
dlg.ShowModal()
dlg.Destroy()
return
def situateComponentView(self, cvName, envName, targets, goalObstacles):
assetParametersList = []
componentAssets = self.dbProxy.componentAssets(cvName)
acDict = {}
for assetName, componentName in componentAssets:
assetParametersList.append(
AssetParametersFactory.buildFromTemplate(assetName, [envName]))
if assetName not in acDict:
acDict[assetName] = []
acDict[assetName].append(componentName)
ops = []
for goalName, obsName in goalObstacles:
ops.append(
GoalAssociationParameters(envName, goalName, 'goal',
'obstruct', obsName, 'obstacle', 0,
cvName + ' weakness analysis'))
self.dbProxy.situateComponentView(cvName, envName, acDict,
assetParametersList, targets, ops)
self.theParentDialog.theMainWindow.updateObjectSelection()
def onSituate(self, evt):
tAsset = self.theParentDialog.objts[self.theParentDialog.selectedLabel]
taId = tAsset.id()
taName = tAsset.name()
try:
b = Borg()
dbProxy = b.dbProxy
envs = dbProxy.getEnvironmentNames()
cDlg = DimensionNameDialog(self, 'environment', envs, 'Select')
if (cDlg.ShowModal() == armid.DIMNAME_BUTTONACTION_ID):
sitEnvs = cDlg.dimensionNames()
assetId = dbProxy.addAsset(
AssetParametersFactory.buildFromTemplate(taName, sitEnvs))
# NB: we don't add anything to asset_template_asset, as we only use this table when the derived asset is part of a situated pattern
cDlg.Destroy()
except ARMException, errorText:
dlg = wx.MessageDialog(self, str(errorText),
'Situate template asset',
wx.OK | wx.ICON_ERROR)
dlg.ShowModal()
dlg.Destroy()
return
def endElement(self, name):
if name == 'intent':
self.inIntent = 0
elif name == 'definition':
self.inDefinition = 0
elif name == 'rationale':
self.inRationale = 0
elif name == 'motivation':
self.theMotivations.append(
(self.theGoal, self.theValue, self.theDescription))
self.resetMotivationElements()
elif name == 'participant':
self.theParticipants.append((self.theParticipant, self.theMotives,
self.theResponsibilities))
self.resetParticipantElements()
elif name == 'description':
self.inDescription = 0
if self.inImplementation:
self.inImplementation = 0
elif name == 'consequences':
self.inConsequences = 0
elif name == 'implementation':
self.inImplementation = 0
elif name == 'known_uses':
self.inKnownUses = 0
elif name == 'related_patterns':
self.inRelatedPatterns = 0
elif name == 'obstacle':
self.theObstacles.append(
TemplateObstacleParameters(
self.theObstacleName, self.theObstacleCategory,
self.theDefinition, self.theConcerns,
self.theResponsibilities, self.theProbability,
self.theRationale))
self.resetObstacleElements()
elif name == 'obstacle_association':
self.theObstacleAssociations.append(
(self.theObstacleName, self.theRefType,
self.theSubObstacleName, self.theRationale))
self.resetObstacleAssociationElements()
elif name == 'attack_pattern':
assetList = self.theTargets + self.theExploits
for assetName in assetList:
self.theAssetParameters.append(
AssetParametersFactory.buildFromTemplate(
assetName, [self.theEnvironment]))
attackerNames = []
for attackerName, attackerMotives, attackerCapabilities in self.theParticipants:
attackerRoles = self.dbProxy.dimensionRoles(
self.dbProxy.getDimensionId(attackerName, 'persona'),
self.dbProxy.getDimensionId(self.theEnvironment,
'environment'), 'persona')
ep = AttackerEnvironmentProperties(self.theEnvironment,
attackerRoles,
attackerMotives,
attackerCapabilities)
p = AttackerParameters(attackerName, '', '', [], [ep])
p.isPersona = True
self.theAttackerParameters.append(p)
attackerNames.append(attackerName)
for tObs in self.theObstacles:
sgRefs = []
for resp in tObs.responsibilities():
sgRefs.append((resp, 'role', 'responsible', 0, 'None'))
ep = ObstacleEnvironmentProperties(self.theEnvironment, '',
tObs.definition(),
tObs.category(), [], sgRefs,
tObs.concerns())
ep.theProbability = tObs.probability()
ep.theProbabilityRationale = tObs.probabilityRationale()
self.theObstacleParameters.append(
ObstacleParameters(tObs.name(), self.thePatternName, [],
[ep]))
for obsAssoc in self.theObstacleAssociations:
obsName = obsAssoc[0]
refType = obsAssoc[1]
subObsName = obsAssoc[2]
assocRationale = obsAssoc[3]
self.theObstacleAssociationParameters.append(
GoalAssociationParameters(self.theEnvironment, obsName,
'obstacle', refType, subObsName,
'obstacle', 0, assocRationale))
vp = VulnerabilityEnvironmentProperties(self.theEnvironment,
self.theSeverity,
self.theExploits)
vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
vulData = vulRows[0]
self.theVulnerabilityParameters = VulnerabilityParameters(
self.theExploit, vulData[2], vulData[3], [], [vp])
spDict = {}
spDict['confidentiality'] = (0, 'None')
spDict['integrity'] = (0, 'None')
spDict['availability'] = (0, 'None')
spDict['accountability'] = (0, 'None')
spDict['anonymity'] = (0, 'None')
spDict['pseudonymity'] = (0, 'None')
spDict['unlinkability'] = (0, 'None')
spDict['unobservability'] = (0, 'None')
for thrMotivation in self.theMotivations:
spName = thrMotivation[0]
spValue = thrMotivation[1]
spRationale = thrMotivation[2]
spDict[spName] = (a2i(spValue), spRationale)
cProperty, cRationale = spDict['confidentiality']
iProperty, iRationale = spDict['integrity']
avProperty, avRationale = spDict['availability']
acProperty, acRationale = spDict['accountability']
anProperty, anRationale = spDict['anonymity']
panProperty, panRationale = spDict['pseudonymity']
unlProperty, unlRationale = spDict['unlinkability']
unoProperty, unoRationale = spDict['unobservability']
tp = ThreatEnvironmentProperties(
self.theEnvironment, self.theLikelihood, self.theTargets,
attackerNames, [
cProperty, iProperty, avProperty, acProperty, anProperty,
panProperty, unlProperty, unoProperty
], [
cRationale, iRationale, avRationale, acRationale,
anRationale, panRationale, unlRationale, unoRationale
])
thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
thrData = thrRows[0]
self.theThreatParameters = ThreatParameters(
self.theAttack, thrData[3], thrData[2], [], [tp])
if (self.theAttackObstacle != ''):
self.theObstacleAssociationParameters.append(
GoalAssociationParameters(self.theEnvironment,
self.theAttackObstacle,
'obstacle', 'or', self.theAttack,
'threat', 0, 'None'))
if (self.theExploitObstacle != ''):
self.theObstacleAssociationParameters.append(
GoalAssociationParameters(self.theEnvironment,
self.theExploitObstacle,
'obstacle', 'or',
self.theExploit, 'vulnerability',
0, 'None'))
rep = MisuseCaseEnvironmentProperties(self.theEnvironment,
self.theImplementation)
mc = MisuseCase(-1, 'Exploit ' + self.thePatternName, [rep],
self.thePatternName)
self.theRiskParameters = RiskParameters(self.thePatternName,
self.theAttack,
self.theExploit, mc, [],
self.theIntent,
self.theEnvironment)
#!/usr/bin/python
import BorgFactory
from Borg import Borg
import AssetParametersFactory
if __name__ == '__main__':
BorgFactory.initialise()
b = Borg()
envName = 'Complete'
for apName in b.dbProxy.getDimensionNames('component_view'):
componentAssets = b.dbProxy.componentAssets(apName)
acDict = {}
assetParametersList = []
for assetName, componentName in componentAssets:
assetParametersList.append(
AssetParametersFactory.buildFromTemplate(assetName, [envName]))
if assetName not in acDict:
acDict[assetName] = []
acDict[assetName].append(componentName)
print 'situating ', apName
b.dbProxy.situateComponentView(apName, 'Complete', acDict,
assetParametersList, [], [])
b.dbProxy.conn.commit()
def endElement(self,name):
if name == 'intent':
self.inIntent = 0
elif name == 'definition':
self.inDefinition = 0
elif name == 'rationale':
self.inRationale = 0
elif name == 'motivation':
self.theMotivations.append((self.theGoal,self.theValue,self.theDescription))
self.resetMotivationElements()
elif name == 'participant':
self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities))
self.resetParticipantElements()
elif name == 'description':
self.inDescription = 0
if self.inImplementation:
self.inImplementation = 0
elif name == 'consequences':
self.inConsequences = 0
elif name == 'implementation':
self.inImplementation = 0
elif name == 'known_uses':
self.inKnownUses = 0
elif name == 'related_patterns':
self.inRelatedPatterns = 0
elif name == 'obstacle':
self.theObstacles.append( TemplateObstacleParameters(self.theObstacleName,self.theObstacleCategory,self.theDefinition,self.theConcerns,self.theResponsibilities,self.theProbability,self.theRationale))
self.resetObstacleElements()
elif name == 'obstacle_association':
self.theObstacleAssociations.append((self.theObstacleName,self.theRefType,self.theSubObstacleName,self.theRationale))
self.resetObstacleAssociationElements()
elif name == 'attack_pattern':
assetList = self.theTargets + self.theExploits
for assetName in assetList:
self.theAssetParameters.append(AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment]))
attackerNames = []
for attackerName,attackerMotives,attackerCapabilities in self.theParticipants:
attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona')
ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities)
p = AttackerParameters(attackerName,'','',[],[ep])
p.isPersona = True
self.theAttackerParameters.append(p)
attackerNames.append(attackerName)
for tObs in self.theObstacles:
sgRefs = []
for resp in tObs.responsibilities():
sgRefs.append((resp,'role','responsible',0,'None'))
ep = ObstacleEnvironmentProperties(self.theEnvironment,'',tObs.definition(),tObs.category(),[],sgRefs,tObs.concerns())
ep.theProbability = tObs.probability()
ep.theProbabilityRationale = tObs.probabilityRationale()
self.theObstacleParameters.append(ObstacleParameters(tObs.name(),self.thePatternName,[],[ep]))
for obsAssoc in self.theObstacleAssociations:
obsName = obsAssoc[0]
refType = obsAssoc[1]
subObsName = obsAssoc[2]
assocRationale = obsAssoc[3]
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,obsName,'obstacle',refType,subObsName,'obstacle',0,assocRationale))
vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits)
vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
vulData = vulRows[0]
self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp])
spDict = {}
spDict['confidentiality'] = (0,'None')
spDict['integrity'] = (0,'None')
spDict['availability'] = (0,'None')
spDict['accountability'] = (0,'None')
spDict['anonymity'] = (0,'None')
spDict['pseudonymity'] = (0,'None')
spDict['unlinkability'] = (0,'None')
spDict['unobservability'] = (0,'None')
for thrMotivation in self.theMotivations:
spName = thrMotivation[0]
spValue = thrMotivation[1]
spRationale = thrMotivation[2]
spDict[spName] = (a2i(spValue),spRationale)
cProperty,cRationale = spDict['confidentiality']
iProperty,iRationale = spDict['integrity']
avProperty,avRationale = spDict['availability']
acProperty,acRationale = spDict['accountability']
anProperty,anRationale = spDict['anonymity']
panProperty,panRationale = spDict['pseudonymity']
unlProperty,unlRationale = spDict['unlinkability']
unoProperty,unoRationale = spDict['unobservability']
tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale])
thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
thrData = thrRows[0]
self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp])
if (self.theAttackObstacle != ''):
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theAttackObstacle,'obstacle','or',self.theAttack,'threat',0,'None'))
if (self.theExploitObstacle != ''):
self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theExploitObstacle,'obstacle','or',self.theExploit,'vulnerability',0,'None'))
rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation )
mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName)
self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[],self.theIntent,self.theEnvironment)
def endElement(self,name):
if name == 'intent':
self.inIntent = 0
elif name == 'motivation':
self.theMotivations.append((self.theGoal,self.theValue,self.theDescription))
self.resetMotivationElements()
elif name == 'participant':
self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities))
self.resetParticipantElements()
elif name == 'description':
self.inDescription = 0
elif name == 'consequences':
self.inConsequences = 0
elif name == 'implementation':
self.inImplementation = 0
elif name == 'known_uses':
self.inKnownUses = 0
elif name == 'related_patterns':
self.inRelatedPatterns = 0
elif name == 'attack_pattern':
assetList = self.theTargets + self.theExploits
for assetName in assetList:
self.theAssetParameters.append(AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment]))
attackerNames = []
for attackerName,attackerMotives,attackerCapabilities in self.theParticipants:
attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona')
ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities)
p = AttackerParameters(attackerName,'','',[],[ep])
self.theAttackerParameters.append(p)
attackerNames.append(attackerName)
vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits)
vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit)
vulData = vulRows[0]
self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp])
spDict = {}
spDict['confidentiality'] = (0,'None')
spDict['integrity'] = (0,'None')
spDict['availability'] = (0,'None')
spDict['accountability'] = (0,'None')
spDict['anonymity'] = (0,'None')
spDict['pseudonymity'] = (0,'None')
spDict['unlinkability'] = (0,'None')
spDict['unobservability'] = (0,'None')
for thrMotivation in self.theMotivations:
spName = thrMotivation[0]
spValue = thrMotivation[1]
spRationale = thrMotivation[2]
spDict[spName] = (a2i(spValue),spRationale)
cProperty,cRationale = spDict['confidentiality']
iProperty,iRationale = spDict['integrity']
avProperty,avRationale = spDict['availability']
acProperty,acRationale = spDict['accountability']
anProperty,anRationale = spDict['anonymity']
panProperty,panRationale = spDict['pseudonymity']
unlProperty,unlRationale = spDict['unlinkability']
unoProperty,unoRationale = spDict['unobservability']
tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale])
thrRows = self.dbProxy.getThreatDirectory(self.theAttack)
thrData = thrRows[0]
self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp])
rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation )
mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName)
self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[])
#!/usr/bin/python
import BorgFactory
from Borg import Borg
import AssetParametersFactory
if __name__ == '__main__':
BorgFactory.initialise()
b = Borg()
envName = 'Complete'
for apName in b.dbProxy.getDimensionNames('component_view'):
componentAssets = b.dbProxy.componentAssets(apName)
acDict = {}
assetParametersList = []
for assetName,componentName in componentAssets:
assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,[envName]))
if assetName not in acDict:
acDict[assetName] = []
acDict[assetName].append(componentName)
print 'situating ',apName
b.dbProxy.situateComponentView(apName,'Complete',acDict,assetParametersList,[],[])
b.dbProxy.conn.commit()
