def update_vulnerability_type(self, vulnerability_type, name, environment_name=''): assert isinstance(vulnerability_type, ValueType) found_type = self.get_vulnerability_type_by_name( name, environment_name) params = ValueTypeParameters(vtName=vulnerability_type.theName, vtDesc=vulnerability_type.theDescription, vType='vulnerability_type', envName=environment_name, vtScore=vulnerability_type.theScore, vtRat=vulnerability_type.theRationale) params.setId(found_type.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def update_attacker_motivation(self, attacker_motivation, name, environment_name=''): """ :return: :raise: ARMHTTPError: """ assert isinstance(attacker_motivation, ValueType) found_motivation = self.get_attacker_motivation_by_name(name, environment_name) params = ValueTypeParameters( vtName=attacker_motivation.theName, vtDesc=attacker_motivation.theDescription, vType='motivation', envName=environment_name, vtScore=attacker_motivation.theScore, vtRat=attacker_motivation.theRationale ) params.setId(found_motivation.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/vulnerabilities.json') d = json.load(f) f.close() b = Borg() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theValueType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theValueType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.oVtypes = b.dbProxy.getValueTypes('vulnerability_type') ienvs = d['environments'] self.iep1 = EnvironmentParameters(ienvs[0]["theName"],ienvs[0]["theShortCode"],ienvs[0]["theDescription"]) self.iep2 = EnvironmentParameters(ienvs[1]["theName"],ienvs[1]["theShortCode"],ienvs[1]["theDescription"]) self.iep3 = EnvironmentParameters(ienvs[2]["theName"],ienvs[2]["theShortCode"],ienvs[2]["theDescription"]) b.dbProxy.addEnvironment(self.iep1) b.dbProxy.addEnvironment(self.iep2) b.dbProxy.addEnvironment(self.iep3) self.oenvs = b.dbProxy.getEnvironments() self.iassets = d['assets'] self.iaeps = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])] self.iap = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps) b.dbProxy.addAsset(self.iap) self.oaps = b.dbProxy.getAssets() self.iVuln = d['vulnerabilities']
def update_attacker_motivation(self, attacker_motivation, name, environment_name=''): assert isinstance(attacker_motivation, ValueType) found_motivation = self.get_attacker_motivation_by_name( name, environment_name) params = ValueTypeParameters(vtName=attacker_motivation.theName, vtDesc=attacker_motivation.theDescription, vType='motivation', envName=environment_name, vtScore=attacker_motivation.theScore, vtRat=attacker_motivation.theRationale) params.setId(found_motivation.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def setUp(self): call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/templateassets.json') d = json.load(f) f.close() iAccessRights = d['access_rights'] iar1 = ValueTypeParameters(iAccessRights[0]["theName"], iAccessRights[0]["theDescription"], 'access_right', '', iAccessRights[0]["theValue"], iAccessRights[0]["theRationale"]) iSurfaceTypes = d['surface_type'] ist1 = ValueTypeParameters(iSurfaceTypes[0]["theName"], iSurfaceTypes[0]["theDescription"], 'surface_type', '', iSurfaceTypes[0]["theValue"], iSurfaceTypes[0]["theRationale"]) iPrivileges = d['privileges'] ist1 = ValueTypeParameters(iSurfaceTypes[0]["theName"], iSurfaceTypes[0]["theDescription"], 'surface_type', '', iSurfaceTypes[0]["theValue"], iSurfaceTypes[0]["theRationale"]) ipr1 = ValueTypeParameters(iPrivileges[0]["theName"], iPrivileges[0]["theDescription"], 'privilege', '', iPrivileges[0]["theValue"], iPrivileges[0]["theRationale"]) b = Borg() b.dbProxy.addValueType(iar1) b.dbProxy.addValueType(ist1) b.dbProxy.addValueType(ipr1) self.iTemplateAssets = d['template_assets']
def update_obstacle_value(self, obstacle_value, name, environment_name=''): assert isinstance(obstacle_value, ValueType) found_value = self.get_obstacle_value_by_name(name, environment_name) params = ValueTypeParameters(vtName=obstacle_type.theName,vtDesc=obstacle_type.theDescription,vType='obstacle_type',envName=environment_name,vtScore=obstacle_type.theScore,vtRat=obstacle_type.theRationale) params.setId(found_value.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: raise ARMHTTPError(ex) except ARMException as ex: raise ARMHTTPError(ex)
def endElement(self, name): if (name == 'vulnerability_type'): p = ValueTypeParameters(self.theName, self.theDescription, 'vulnerability_type') self.theVulnerabilityTypes.append(p) self.resetAttributes() if name == 'threat_type': p = ValueTypeParameters(self.theName, self.theDescription, 'threat_type') self.theThreatTypes.append(p) self.resetAttributes()
def addSPDependentData(d): cairis.core.BorgFactory.initialise() b = Borg() for i in d['access_rights']: b.dbProxy.addValueType(ValueTypeParameters(i["theName"], i["theDescription"], 'access_right','',i["theValue"],i["theRationale"])) for i in d['surface_types']: b.dbProxy.addValueType(ValueTypeParameters(i["theName"], i["theDescription"], 'surface_type','',i["theValue"],i["theRationale"])) spValues = [0,0,0,0,0,0,0,0] srValues = ['None','None','None','None','None','None','None','None'] for i in d['template_assets']: b.dbProxy.addTemplateAsset(TemplateAssetParameters(i["theName"], i["theShortCode"], i["theDescription"], i["theSignificance"],i["theType"],i["theSurfaceType"],i["theAccessRight"],spValues,srValues,[],[]))
def update_value_type(self,vt,type_name,environment_name,object_name): found_vt = self.get_value_type(type_name,environment_name,object_name,False) vtParams = ValueTypeParameters( vtName=vt.theName, vtDesc=vt.theDescription, vType=vt.theType, envName=vt.theEnvironmentName, vtScore=vt.theScore, vtRat=vt.theRationale) vtParams.setId(found_vt.theId) try: self.db_proxy.updateValueType(vtParams) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def update_value_type(self,vt,type_name,environment_name,object_name): found_vt = self.get_value_type(type_name,environment_name,object_name) vtParams = ValueTypeParameters( vtName=vt.theName, vtDesc=vt.theDescription, vType=vt.theType, envName=vt.theEnvironmentName, vtScore=vt.theScore, vtRat=vt.theRationale) vtParams.setId(found_vt.theId) try: self.db_proxy.updateValueType(vtParams) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def add_attacker_motivation(self, attacker_motivation, environment_name=''): assert isinstance(attacker_motivation, ValueType) type_exists = self.check_existing_attacker_motivation( attacker_motivation.theName, environment_name=environment_name) if type_exists: self.close() raise OverwriteNotAllowedHTTPError( obj_name='The attacker motivation') params = ValueTypeParameters(vtName=attacker_motivation.theName, vtDesc=attacker_motivation.theDescription, vType='motivation', envName=environment_name, vtScore=attacker_motivation.theScore, vtRat=attacker_motivation.theRationale) try: return self.db_proxy.addValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def add_asset_type(self, asset_type, pathValues): assert isinstance(asset_type, ValueType) environment_name = pathValues[0] type_exists = self.check_existing_asset_type( asset_type.theName, environment_name=environment_name) if type_exists: self.close() raise OverwriteNotAllowedHTTPError(obj_name='The asset type') params = ValueTypeParameters(vtName=asset_type.theName, vtDesc=asset_type.theDescription, vType='asset_type', envName=environment_name, vtScore=asset_type.theScore, vtRat=asset_type.theRationale) try: self.db_proxy.addValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def add_vulnerability_type(self, vulnerability_type, environment_name=''): assert isinstance(vulnerability_type, ValueType) type_exists = self.check_existing_vulnerability_type( vulnerability_type.theName, environment_name=environment_name) if type_exists: self.close() raise OverwriteNotAllowedHTTPError( obj_name='The vulnerability type') params = ValueTypeParameters(vtName=vulnerability_type.theName, vtDesc=vulnerability_type.theDescription, vType='vulnerability_type', envName=environment_name, vtScore=vulnerability_type.theScore, vtRat=vulnerability_type.theRationale) try: return self.db_proxy.addValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def addTestData(): f = open(os.environ['CAIRIS_SRC'] + '/test/templategoals.json') d = json.load(f) f.close() iAccessRights = d['access_rights'] iSurfaceTypes = d['surface_type'] iTemplateAssets = d['template_assets'] iTemplateGoals = d['template_goals'] cairis.core.BorgFactory.initialise() b = Borg() iar1 = ValueTypeParameters(iAccessRights[0]["theName"], iAccessRights[0]["theDescription"], 'access_right', '', iAccessRights[0]["theValue"], iAccessRights[0]["theRationale"]) ist1 = ValueTypeParameters(iSurfaceTypes[0]["theName"], iSurfaceTypes[0]["theDescription"], 'surface_type', '', iSurfaceTypes[0]["theValue"], iSurfaceTypes[0]["theRationale"]) b.dbProxy.addValueType(iar1) b.dbProxy.addValueType(ist1) spValues = [ 0, 0, 0, 0, 0, 0, 0, 0, ] srValues = ['None', 'None', 'None', 'None', 'None', 'None', 'None', 'None'] iTap = TemplateAssetParameters( iTemplateAssets[0]["theName"], iTemplateAssets[0]["theShortCode"], iTemplateAssets[0]["theDescription"], iTemplateAssets[0]["theSignificance"], iTemplateAssets[0]["theType"], iTemplateAssets[0]["theSurfaceType"], iTemplateAssets[0]["theAccessRight"], spValues, srValues, [], []) b.dbProxy.addTemplateAsset(iTap) iTag1 = TemplateGoalParameters(iTemplateGoals[0]["theName"], iTemplateGoals[0]["theDefinition"], iTemplateGoals[0]["theRationale"], iTemplateGoals[0]["theConcerns"], iTemplateGoals[0]["theResponsibilities"]) b.dbProxy.addTemplateGoal(iTag1)
def addAPDependentData(d): cairis.core.BorgFactory.initialise() b = Borg() for i in d['roles']: b.dbProxy.addRole(RoleParameters(i["theName"], i["theType"], i["theShortCode"], i["theDescription"],[])) for i in d['access_rights']: b.dbProxy.addValueType(ValueTypeParameters(i["theName"], i["theDescription"], 'access_right','',i["theValue"],i["theRationale"])) for i in d['surface_types']: b.dbProxy.addValueType(ValueTypeParameters(i["theName"], i["theDescription"], 'surface_type','',i["theValue"],i["theRationale"])) for i in d['protocols']: b.dbProxy.addValueType(ValueTypeParameters(i["theName"], i["theDescription"], 'protocol','',i["theValue"],i["theRationale"])) for i in d['privileges']: b.dbProxy.addValueType(ValueTypeParameters(i["theName"], i["theDescription"], 'privilege','',i["theValue"],i["theRationale"])) spValues = [(0,'None'),(0,'None'),(0,'None'),(0,'None'),(0,'None'),(0,'None'),(0,'None'),(0,'None')] for i in d['template_assets']: b.dbProxy.addTemplateAsset(TemplateAssetParameters(i["theName"], i["theShortCode"], i["theDescription"], i["theSignificance"],i["theType"],i["theSurfaceType"],i["theAccessRight"],spValues,[],[])) for i in d['template_goals']: b.dbProxy.addTemplateGoal(TemplateGoalParameters(i["theName"],i["theDefinition"],i["theRationale"],i["theConcerns"],i["theResponsibilities"]))
def endElement(self,name): if (name == 'threat_value') or (name == 'risk_value') or (name == 'countermeasure_value') or (name == 'severity_value') or (name == 'likelihood_value') or (name == 'capability_value') or (name == 'motivation_value'): if (name == 'motivation_value'): self.theTypeName == 'motivation' elif (name == 'capability_value'): self.theTypeName == 'capability' p = ValueTypeParameters(self.theName,self.theDescription,self.theTypeName) self.theValuesMap[self.theTypeName].append(p) self.resetAttributes()
def addTestData(): f = open(os.environ['CAIRIS_SRC'] + '/test/templateassets.json') d = json.load(f) f.close() iAccessRights = d['access_rights'] iSurfaceTypes = d['surface_type'] iTemplateAssets = d['template_assets'] iPrivileges = d['privileges'] cairis.core.BorgFactory.initialise() b = Borg() iar1 = ValueTypeParameters(iAccessRights[0]["theName"], iAccessRights[0]["theDescription"], 'access_right', '', iAccessRights[0]["theValue"], iAccessRights[0]["theRationale"]) iar2 = ValueTypeParameters(iAccessRights[1]["theName"], iAccessRights[1]["theDescription"], 'access_right', '', iAccessRights[1]["theValue"], iAccessRights[1]["theRationale"]) ist1 = ValueTypeParameters(iSurfaceTypes[0]["theName"], iSurfaceTypes[0]["theDescription"], 'surface_type', '', iSurfaceTypes[0]["theValue"], iSurfaceTypes[0]["theRationale"]) ipr1 = ValueTypeParameters(iPrivileges[0]["theName"], iPrivileges[0]["theDescription"], 'privilege', '', iPrivileges[0]["theValue"], iPrivileges[0]["theRationale"]) b.dbProxy.addValueType(iar1) b.dbProxy.addValueType(iar2) b.dbProxy.addValueType(ist1) b.dbProxy.addValueType(ipr1) spValues = [0, 0, 0, 0, 0, 0, 0, 0] srValues = ['None', 'None', 'None', 'None', 'None', 'None', 'None', 'None'] ifs = iTemplateAssets[0] iTap = TemplateAssetParameters( iTemplateAssets[0]["theName"], iTemplateAssets[0]["theShortCode"], iTemplateAssets[0]["theDescription"], iTemplateAssets[0]["theSignificance"], iTemplateAssets[0]["theType"], iTemplateAssets[0]["theSurfaceType"], iTemplateAssets[0]["theAccessRight"], spValues, srValues, [], [('anInterface', 'provided', 'trusted', 'privileged')]) b.dbProxy.addTemplateAsset(iTap)
def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/componentviews.json') d = json.load(f) f.close() self.theRequirements = [] self.theRoles = [] self.iRoles = d['roles'] for i in self.iRoles: self.theRoles.append(RoleParameters(i["theName"], i["theType"], i["theShortCode"], i["theDescription"],[])) self.theMetricTypes = [] self.iAccessRights = d['access_rights'] for i in self.iAccessRights: self.theMetricTypes.append(ValueTypeParameters(i["theName"], i["theDescription"], 'access_right','',i["theValue"],i["theRationale"])) self.iSurfaceTypes = d['surface_types'] for i in self.iSurfaceTypes: self.theMetricTypes.append(ValueTypeParameters(i["theName"], i["theDescription"], 'surface_type','',i["theValue"],i["theRationale"])) self.iProtocols = d['protocols'] for i in self.iProtocols: self.theMetricTypes.append(ValueTypeParameters(i["theName"], i["theDescription"], 'protocol','',i["theValue"],i["theRationale"])) self.iPrivileges = d['privileges'] for i in self.iPrivileges: self.theMetricTypes.append(ValueTypeParameters(i["theName"], i["theDescription"], 'privilege','',i["theValue"],i["theRationale"])) self.theAssets = [] spValues = [0,0,0,0,0,0,0,0,] srValues = ['None','None','None','None','None','None','None','None'] self.iTemplateAssets = d['template_assets'] for i in self.iTemplateAssets: self.theAssets.append(TemplateAssetParameters(i["theName"], i["theShortCode"], i["theDescription"], i["theSignificance"],i["theType"],i["theSurfaceType"],i["theAccessRight"],spValues,srValues,[],[])) self.theGoals = [] self.iTemplateGoals = d['template_goals'] for i in self.iTemplateGoals: self.theGoals.append(TemplateGoalParameters(i["theName"],i["theDefinition"],i["theRationale"],i["theConcerns"],i["theResponsibilities"])) self.iComponentViews = d['architectural_patterns']
def testValueType(self): ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b = Borg() b.dbProxy.addValueType(ivt1) b.dbProxy.addValueType(ivt2) oVVtypes = b.dbProxy.getValueTypes('vulnerability_type') ovt1 = oVVtypes[ivt1.id()] self.assertEqual(ivt1.name(), ovt1.name()) self.assertEqual(ivt1.description(),ovt1.description()) self.assertEqual(ivt1.type(),ovt1.type()) oVTtypes = b.dbProxy.getValueTypes('threat_type') ovt2 = oVTtypes[ivt2.id()] self.assertEqual(ivt2.name(), ovt2.name()) self.assertEqual(ivt2.description(),ovt2.description()) self.assertEqual(ivt2.type(),ovt2.type()) b.dbProxy.deleteVulnerabilityType(ovt1.id()) b.dbProxy.deleteThreatType(ovt2.id())
def add_value_type(self, vt): vtParams = ValueTypeParameters(vtName=vt.theName, vtDesc=vt.theDescription, vType=vt.theType, envName=vt.theEnvironmentName, vtScore=vt.theScore, vtRat=vt.theRationale) try: self.db_proxy.addValueType(vtParams) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/templaterequirements.json') d = json.load(f) f.close() self.iAccessRights = d['access_rights'] iar1 = ValueTypeParameters(self.iAccessRights[0]["theName"], self.iAccessRights[0]["theDescription"], 'access_right', '', self.iAccessRights[0]["theValue"], self.iAccessRights[0]["theRationale"]) self.iSurfaceTypes = d['surface_types'] ist1 = ValueTypeParameters(self.iSurfaceTypes[0]["theName"], self.iSurfaceTypes[0]["theDescription"], 'surface_type', '', self.iSurfaceTypes[0]["theValue"], self.iSurfaceTypes[0]["theRationale"]) b = Borg() b.dbProxy.addValueType(iar1) b.dbProxy.addValueType(ist1) self.iTemplateAssets = d['template_assets'] spValues = [0, 0, 0, 0, 0, 0, 0, 0] srValues = [ 'None', 'None', 'None', 'None', 'None', 'None', 'None', 'None' ] iTap = TemplateAssetParameters( self.iTemplateAssets[0]["theName"], self.iTemplateAssets[0]["theShortCode"], self.iTemplateAssets[0]["theDescription"], self.iTemplateAssets[0]["theSignificance"], self.iTemplateAssets[0]["theType"], self.iTemplateAssets[0]["theSurfaceType"], self.iTemplateAssets[0]["theAccessRight"], spValues, srValues, [], []) b.dbProxy.addTemplateAsset(iTap) oTaps = b.dbProxy.getTemplateAssets() self.oTap = oTaps[self.iTemplateAssets[0]["theName"]] self.iTemplateReqs = d["template_requirements"]
def update_attacker_capability(self, attacker_capability, name, pathValues): assert isinstance(attacker_capability, ValueType) environment_name = pathValues[0] found_capability = self.get_attacker_capability_by_name( name, environment_name) params = ValueTypeParameters(vtName=attacker_capability.theName, vtDesc=attacker_capability.theDescription, vType='capability', envName=environment_name, vtScore=attacker_capability.theScore, vtRat=attacker_capability.theRationale) params.setId(found_capability.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def addTestData(): f = open(os.environ['CAIRIS_SRC'] + '/test/templaterequirements.json') d = json.load(f) f.close() iAccessRights = d['access_rights'] iSurfaceTypes = d['surface_types'] iTemplateAssets = d['template_assets'] cairis.core.BorgFactory.initialise() b = Borg() iar1 = ValueTypeParameters(iAccessRights[0]["theName"], iAccessRights[0]["theDescription"], 'access_right', '', iAccessRights[0]["theValue"], iAccessRights[0]["theRationale"]) ist1 = ValueTypeParameters(iSurfaceTypes[0]["theName"], iSurfaceTypes[0]["theDescription"], 'surface_type', '', iSurfaceTypes[0]["theValue"], iSurfaceTypes[0]["theRationale"]) b.dbProxy.addValueType(iar1) b.dbProxy.addValueType(ist1) spValues = [(0, 'None'), (0, 'None'), (0, 'None'), (0, 'None'), (0, 'None'), (0, 'None'), (0, 'None'), (0, 'None')] iTap = TemplateAssetParameters( iTemplateAssets[0]["theName"], iTemplateAssets[0]["theShortCode"], iTemplateAssets[0]["theDescription"], iTemplateAssets[0]["theSignificance"], iTemplateAssets[0]["theType"], iTemplateAssets[0]["theSurfaceType"], iTemplateAssets[0]["theAccessRight"], spValues, [], []) b.dbProxy.addTemplateAsset(iTap) iTemplateReqs = d['template_requirements'] iTar = TemplateRequirementParameters(iTemplateReqs[0]["theName"], iTemplateReqs[0]["theAsset"], iTemplateReqs[0]["theType"], iTemplateReqs[0]["theDescription"], iTemplateReqs[0]["theRationale"], iTemplateReqs[0]["theFitCriterion"]) b.dbProxy.addTemplateRequirement(iTar)
def update_attacker_capability(self, attacker_capability, name, environment_name=''): assert isinstance(attacker_capability, ValueType) found_capability = self.get_attacker_capability_by_name(name, environment_name) params = ValueTypeParameters( vtName=attacker_capability.theName, vtDesc=attacker_capability.theDescription, vType='capability', envName=environment_name, vtScore=attacker_capability.theScore, vtRat=attacker_capability.theRationale ) params.setId(found_capability.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def endElement(self, name): if name == 'asset': spDict = {} spDict['confidentiality'] = (0, 'None') spDict['integrity'] = (0, 'None') spDict['availability'] = (0, 'None') spDict['accountability'] = (0, 'None') spDict['anonymity'] = (0, 'None') spDict['pseudonymity'] = (0, 'None') spDict['unlinkability'] = (0, 'None') spDict['unobservability'] = (0, 'None') for sp in self.theSecurityProperties: spName = sp[0] spValue = a2i(sp[1]) spRationale = sp[2] if spName in spDict: spDict[spName] = (spValue, spRationale) spValues = [] spValues.append(spDict['confidentiality']) spValues.append(spDict['integrity']) spValues.append(spDict['availability']) spValues.append(spDict['accountability']) spValues.append(spDict['anonymity']) spValues.append(spDict['pseudonymity']) spValues.append(spDict['unlinkability']) spValues.append(spDict['unobservability']) p = TemplateAssetParameters(self.theName, self.theShortCode, self.theDescription, self.theSignificance, self.theAssetType, self.theSurfaceType, self.theAccessRight, spValues, self.theTags, self.theInterfaces) self.theAssets.append(p) self.resetAssetAttributes() elif name == 'security_property': self.theSecurityProperties.append( (self.thePropertyName, self.thePropertyValue, self.theRationale)) self.resetSecurityPropertyAttributes() elif name == 'description': self.inDescription = 0 elif name == 'rationale': self.inRationale = 0 elif name == 'significance': self.inSignificance = 0 elif name == 'access_right' or name == 'surface_type': p = ValueTypeParameters(self.theName, self.theDescription, name, '', self.theScore, self.theRationale) self.theValueTypes.append(p) self.resetValueTypeAttributes()
def update_vulnerability_type(self, vulnerability_type, name, environment_name=''): assert isinstance(vulnerability_type, ValueType) found_type = self.get_vulnerability_type_by_name(name, environment_name) params = ValueTypeParameters( vtName=vulnerability_type.theName, vtDesc=vulnerability_type.theDescription, vType='vulnerability_type', envName=environment_name, vtScore=vulnerability_type.theScore, vtRat=vulnerability_type.theRationale ) params.setId(found_type.theId) try: self.db_proxy.updateValueType(params) except DatabaseProxyException as ex: self.close() raise ARMHTTPError(ex) except ARMException as ex: self.close() raise ARMHTTPError(ex)
def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/threats.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[]) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[]) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[]) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) b.dbProxy.addValueType(self.ivt) self.ovt = b.dbProxy.getValueTypes('threat_type') self.iassets = d['assets'] self.iaeps = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])] self.iap = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps) b.dbProxy.addAsset(self.iap) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats']
def setUp(self): call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/templategoals.json') d = json.load(f) f.close() iAccessRights = d['access_rights'] iar1 = ValueTypeParameters(iAccessRights[0]["theName"], iAccessRights[0]["theDescription"], 'access_right', '', iAccessRights[0]["theValue"], iAccessRights[0]["theRationale"]) iSurfaceTypes = d['surface_type'] ist1 = ValueTypeParameters(iSurfaceTypes[0]["theName"], iSurfaceTypes[0]["theDescription"], 'surface_type', '', iSurfaceTypes[0]["theValue"], iSurfaceTypes[0]["theRationale"]) b = Borg() b.dbProxy.addValueType(iar1) b.dbProxy.addValueType(ist1) iTemplateAssets = d['template_assets'] spValues = [0, 0, 0, 0, 0, 0, 0, 0] srValues = [ 'None', 'None', 'None', 'None', 'None', 'None', 'None', 'None' ] iTap = TemplateAssetParameters(iTemplateAssets[0]["theName"], iTemplateAssets[0]["theShortCode"], iTemplateAssets[0]["theDescription"], iTemplateAssets[0]["theSignificance"], iTemplateAssets[0]["theType"], iTemplateAssets[0]["theSurfaceType"], iTemplateAssets[0]["theAccessRight"], spValues, srValues, [], []) b.dbProxy.addTemplateAsset(iTap) self.iTemplateGoals = d['template_goals']
def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"], self.ienvs[0]["theShortCode"], self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep1) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"], []) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters( self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"], self.iPersonas[0]["theAttitudes"], self.iPersonas[0]["theAptitudes"], self.iPersonas[0]["theMotivations"], self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"], self.iPersonas[0]["theContextual"], "", "0", self.iPersonas[0]["thePersonaType"], [], [ PersonaEnvironmentProperties( self.iPersonas[0]["theEnvironmentProperties"][0] ["theName"], (self.iPersonas[0]["theEnvironmentProperties"] [0]["theDirectFlag"] == "True"), self.iPersonas[0]["theEnvironmentProperties"][0] ["theNarrative"], self.iPersonas[0] ["theEnvironmentProperties"][0]["theRole"]) ], []) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters( self.iExternalDocuments[0]["theName"], self.iExternalDocuments[0]["theVersion"], self.iExternalDocuments[0]["thePublicationDate"], self.iExternalDocuments[0]["theAuthors"], self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters( self.iExternalDocuments[1]["theName"], self.iExternalDocuments[1]["theVersion"], self.iExternalDocuments[1]["thePublicationDate"], self.iExternalDocuments[1]["theAuthors"], self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters( self.iDocumentReferences[0]["theName"], self.iDocumentReferences[0]["theDocName"], self.iDocumentReferences[0]["theContributor"], self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters( self.iDocumentReferences[1]["theName"], self.iDocumentReferences[1]["theDocName"], self.iDocumentReferences[1]["theContributor"], self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters( self.iPersonaCharacteristics[0]["thePersonaName"], self.iPersonaCharacteristics[0]["theModQual"], self.iPersonaCharacteristics[0]["theVariable"], self.iPersonaCharacteristics[0]["theCharacteristic"], [(self.iPersonaCharacteristics[0]["ground"], '', 'document')], [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [], []) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [ AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][0]["theName"], self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][0] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [0]["theCapabilities"]) ] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"], [], self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.ovtt = b.dbProxy.getValueTypes('threat_type') self.ovtv = b.dbProxy.getValueTypes('vulnerability_type') self.iassets = d['assets'] self.iaeps1 = [ AssetEnvironmentProperties( self.iassets[0]["theEnvironmentProperties"][0][0], self.iassets[0]["theEnvironmentProperties"][0][1], self.iassets[0]["theEnvironmentProperties"][0][2]) ] self.iaeps2 = [ AssetEnvironmentProperties( self.iassets[1]["theEnvironmentProperties"][0][0], self.iassets[1]["theEnvironmentProperties"][0][1], self.iassets[1]["theEnvironmentProperties"][0][2]) ] self.iaeps3 = [ AssetEnvironmentProperties( self.iassets[2]["theEnvironmentProperties"][0][0], self.iassets[2]["theEnvironmentProperties"][0][1], self.iassets[2]["theEnvironmentProperties"][0][2]) ] self.iap1 = AssetParameters(self.iassets[0]["theName"], self.iassets[0]["theShortCode"], self.iassets[0]["theDescription"], self.iassets[0]["theSignificance"], self.iassets[0]["theType"], "0", "N/A", [], [], self.iaeps1) self.iap2 = AssetParameters(self.iassets[1]["theName"], self.iassets[1]["theShortCode"], self.iassets[1]["theDescription"], self.iassets[1]["theSignificance"], self.iassets[1]["theType"], "0", "N/A", [], [], self.iaeps2) self.iap3 = AssetParameters(self.iassets[2]["theName"], self.iassets[2]["theShortCode"], self.iassets[2]["theDescription"], self.iassets[2]["theSignificance"], self.iassets[2]["theType"], "0", "N/A", [], [], self.iaeps3) b.dbProxy.addAsset(self.iap1) b.dbProxy.addAsset(self.iap2) b.dbProxy.addAsset(self.iap3) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] self.iteps = [ ThreatEnvironmentProperties( self.iThreats[0]["theEnvironmentProperties"][0]["theName"], self.iThreats[0]["theEnvironmentProperties"][0] ["theLikelihood"], self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"], self.iThreats[0]["theEnvironmentProperties"][0] ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"] [0]["theProperties"][0][1], self.iThreats[0] ["theEnvironmentProperties"][0]["theProperties"][0][1]) ] self.itps = ThreatParameters(self.iThreats[0]["theName"], self.iThreats[0]["theType"], self.iThreats[0]["theMethod"], [], self.iteps) b.dbProxy.addThreat(self.itps) self.otps = b.dbProxy.getThreats() self.iVuln = d['vulnerabilities'] self.iveps = [ VulnerabilityEnvironmentProperties( self.iVuln[0]["theEnvironmentProperties"][0]["theName"], self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"]) ] self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"], self.iVuln[0]["theDescription"], self.iVuln[0]["theType"], [], self.iveps) b.dbProxy.addVulnerability(self.ivp) self.ovp = b.dbProxy.getVulnerabilities() self.imc = d['misuseCase'] self.iRisks = d['risks'] imcep = [ MisuseCaseEnvironmentProperties( self.imc[0]["theEnvironmentProperties"][0]["theName"], self.imc[0]["theEnvironmentProperties"][0]["theDescription"]) ] imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep, self.imc[0]["theRisk"]) irp = RiskParameters(self.iRisks[0]["theName"], self.iRisks[0]["threatName"], self.iRisks[0]["vulName"], imcp, []) b.dbProxy.addRisk(irp) oRisks = b.dbProxy.getRisks() self.r = oRisks[self.iRisks[0]["theName"]] self.iResponses = d['responses']
def parameters(self): parameters = ValueTypeParameters(self.theName,self.theDescription,self.theValueType,self.theEnvironmentName,self.theScore,self.theRationale) parameters.setId(self.theValueTypeId) return parameters
def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/countermeasures.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"], self.ienvs[0]["theShortCode"], self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep1) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"], []) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters( self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"], self.iPersonas[0]["theAttitudes"], self.iPersonas[0]["theAptitudes"], self.iPersonas[0]["theMotivations"], self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"], self.iPersonas[0]["theContextual"], "", "0", self.iPersonas[0]["thePersonaType"], [], [ PersonaEnvironmentProperties( self.iPersonas[0]["theEnvironmentProperties"][0] ["theName"], (self.iPersonas[0]["theEnvironmentProperties"] [0]["theDirectFlag"] == "True"), self.iPersonas[0]["theEnvironmentProperties"][0] ["theNarrative"], self.iPersonas[0] ["theEnvironmentProperties"][0]["theRole"]) ], []) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters( self.iExternalDocuments[0]["theName"], self.iExternalDocuments[0]["theVersion"], self.iExternalDocuments[0]["thePublicationDate"], self.iExternalDocuments[0]["theAuthors"], self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters( self.iExternalDocuments[1]["theName"], self.iExternalDocuments[1]["theVersion"], self.iExternalDocuments[1]["thePublicationDate"], self.iExternalDocuments[1]["theAuthors"], self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters( self.iDocumentReferences[0]["theName"], self.iDocumentReferences[0]["theDocName"], self.iDocumentReferences[0]["theContributor"], self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters( self.iDocumentReferences[1]["theName"], self.iDocumentReferences[1]["theDocName"], self.iDocumentReferences[1]["theContributor"], self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters( self.iPersonaCharacteristics[0]["thePersonaName"], self.iPersonaCharacteristics[0]["theModQual"], self.iPersonaCharacteristics[0]["theVariable"], self.iPersonaCharacteristics[0]["theCharacteristic"], [(self.iPersonaCharacteristics[0]["ground"], '', 'document')], [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [], []) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [ AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][0]["theName"], self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][0] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [0]["theCapabilities"]) ] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"], [], self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.ovtt = b.dbProxy.getValueTypes('threat_type') self.ovtv = b.dbProxy.getValueTypes('vulnerability_type') self.iassets = d['assets'] self.iaeps1 = [ AssetEnvironmentProperties( self.iassets[0]["theEnvironmentProperties"][0][0], self.iassets[0]["theEnvironmentProperties"][0][1], self.iassets[0]["theEnvironmentProperties"][0][2]) ] self.iaeps2 = [ AssetEnvironmentProperties( self.iassets[1]["theEnvironmentProperties"][0][0], self.iassets[1]["theEnvironmentProperties"][0][1], self.iassets[1]["theEnvironmentProperties"][0][2]) ] self.iaeps3 = [ AssetEnvironmentProperties( self.iassets[2]["theEnvironmentProperties"][0][0], self.iassets[2]["theEnvironmentProperties"][0][1], self.iassets[2]["theEnvironmentProperties"][0][2]) ] self.iap1 = AssetParameters(self.iassets[0]["theName"], self.iassets[0]["theShortCode"], self.iassets[0]["theDescription"], self.iassets[0]["theSignificance"], self.iassets[0]["theType"], "0", "N/A", [], [], self.iaeps1) self.iap2 = AssetParameters(self.iassets[1]["theName"], self.iassets[1]["theShortCode"], self.iassets[1]["theDescription"], self.iassets[1]["theSignificance"], self.iassets[1]["theType"], "0", "N/A", [], [], self.iaeps2) self.iap3 = AssetParameters(self.iassets[2]["theName"], self.iassets[2]["theShortCode"], self.iassets[2]["theDescription"], self.iassets[2]["theSignificance"], self.iassets[2]["theType"], "0", "N/A", [], [], self.iaeps3) b.dbProxy.addAsset(self.iap1) b.dbProxy.addAsset(self.iap2) b.dbProxy.addAsset(self.iap3) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] self.iteps = [ ThreatEnvironmentProperties( self.iThreats[0]["theEnvironmentProperties"][0]["theName"], self.iThreats[0]["theEnvironmentProperties"][0] ["theLikelihood"], self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"], self.iThreats[0]["theEnvironmentProperties"][0] ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"] [0]["theProperties"][0][1], self.iThreats[0] ["theEnvironmentProperties"][0]["theProperties"][0][1]) ] self.itps = ThreatParameters(self.iThreats[0]["theName"], self.iThreats[0]["theType"], self.iThreats[0]["theMethod"], [], self.iteps) b.dbProxy.addThreat(self.itps) self.otps = b.dbProxy.getThreats() self.iVuln = d['vulnerabilities'] self.iveps = [ VulnerabilityEnvironmentProperties( self.iVuln[0]["theEnvironmentProperties"][0]["theName"], self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"]) ] self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"], self.iVuln[0]["theDescription"], self.iVuln[0]["theType"], [], self.iveps) b.dbProxy.addVulnerability(self.ivp) self.ovp = b.dbProxy.getVulnerabilities() self.imc = d['misuseCase'] self.iRisks = d['risks'] imcep = [ MisuseCaseEnvironmentProperties( self.imc[0]["theEnvironmentProperties"][0]["theName"], self.imc[0]["theEnvironmentProperties"][0]["theDescription"]) ] imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep, self.imc[0]["theRisk"]) irp = RiskParameters(self.iRisks[0]["theName"], self.iRisks[0]["threatName"], self.iRisks[0]["vulName"], imcp, []) b.dbProxy.addRisk(irp) oRisks = b.dbProxy.getRisks() self.r = oRisks[self.iRisks[0]["theName"]] self.iResponses = d['responses'] iar1Name = self.iResponses[0]["theType"] + " " + self.iResponses[0][ "theRisk"] iaep1 = AcceptEnvironmentProperties( self.iResponses[0]["theEnvironmentProperties"][0], self.iResponses[0]["theEnvironmentProperties"][1], self.iResponses[0]["theEnvironmentProperties"][2]) iar1 = ResponseParameters(iar1Name, self.iResponses[0]["theRisk"], [], [iaep1], self.iResponses[0]["theType"]) iar2Name = self.iResponses[1]["theType"] + " " + self.iResponses[1][ "theRisk"] iaep2 = MitigateEnvironmentProperties( self.iResponses[1]["theEnvironmentProperties"], self.iResponses[1]["theType"]) iar2 = ResponseParameters(iar2Name, self.iResponses[1]["theRisk"], [], [iaep2], self.iResponses[1]["theType"]) b.dbProxy.addResponse(iar1) b.dbProxy.addResponse(iar2) self.ors = b.dbProxy.getResponses() self.oar1 = self.ors[iar1Name] self.oar2 = self.ors[iar2Name] rgp = cairis.core.GoalFactory.build(self.oar2) riskParameters = rgp[0] riskGoalId = b.dbProxy.addGoal(riskParameters) b.dbProxy.addTrace('response_goal', self.oar2.id(), riskGoalId) if (rgp > 1): threatParameters = rgp[1] vulnerabilityParameters = rgp[2] b.dbProxy.addGoal(vulnerabilityParameters) b.dbProxy.addGoal(threatParameters) b.dbProxy.relabelGoals(iaep2.name()) oGoals = b.dbProxy.getGoals() self.rg = oGoals['Deter' + self.oar2.risk()] self.vg = oGoals[vulnerabilityParameters.name()] self.tg = oGoals[threatParameters.name()] ogops = b.dbProxy.getGoalAssociations() self.ogop1 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + threatParameters.name() + '/or'] self.ogop2 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + vulnerabilityParameters.name() + '/or'] self.reqId = b.dbProxy.newId() self.irequirements = d['requirements'] self.ireq = cairis.core.RequirementFactory.build( self.reqId, self.irequirements[0]["theLabel"], self.irequirements[0]["theName"], self.irequirements[0]["theDescription"], self.irequirements[0]["thePriority"], self.irequirements[0]["theRationale"], self.irequirements[0]["theFitCriterion"], self.irequirements[0]["theOriginator"], self.irequirements[0]["theType"], self.irequirements[0]["theReference"], 1) b.dbProxy.addRequirement(self.ireq, self.irequirements[0]["theReference"], True) oreqs = b.dbProxy.getRequirements() self.oreq = oreqs[self.ireq.description()] iga = GoalAssociationParameters(iaep2.name(), self.vg.name(), 'goal', 'and', self.oreq.name(), 'requirement', 0, 'None') b.dbProxy.addGoalAssociation(iga) ogops = b.dbProxy.getGoalAssociations() self.ogop3 = ogops[iaep2.name() + '/' + self.vg.name() + '/' + self.oreq.name() + '/and'] self.iCountermeasures = d['countermeasures']
def endElement(self,name): if name == 'entry': self.theNamingConventions.append((self.theCurrentNameEntry,self.theDefinition)) elif name == 'revision': self.theRevisions.append((self.theCurrentRevNo,self.theCurrentRevDate,self.theRemarks)) elif name == 'project_settings': self.theProjectSettings = (self.theName,self.theBackground,self.theStrategicGoals,self.theScope,self.theNamingConventions,self.theContributors,self.theRevisions,self.theRichPicture) elif name == 'asset_values': nv = ValueTypeParameters('None',self.theNoneValue,'asset_value',self.theName) nv.setId(0) self.theAssetValues.append(nv) lv = ValueTypeParameters('Low',self.theLowValue,'asset_value',self.theName) lv.setId(1) self.theAssetValues.append(lv) mv = ValueTypeParameters('Medium',self.theMedValue,'asset_value',self.theName) mv.setId(2) self.theAssetValues.append(mv) hv = ValueTypeParameters('High',self.theHighValue,'asset_value',self.theName) hv.setId(3) self.theAssetValues.append(hv) self.resetAssetValues() elif name == 'environment': p = EnvironmentParameters(self.theName,self.theShortCode,self.theDefinition,self.theCompositeEnvironments,self.theDuplicateProperty,self.theOverridingEnvironment) p.setAssetValues(self.theAssetValues) self.theEnvironments.append(p) self.resetEnvironmentAttributes() elif name == 'background': self.inBackground = 0 elif name == 'strategic_goals': self.inStrategicGoals = 0 elif name == 'scope': self.inScope = 0 elif name == 'definition': self.inDefinition = 0 elif name == 'remarks': self.inRemarks = 0 elif name == 'none': self.inNone = 0 elif name == 'low': self.inLow = 0 elif name == 'medium': self.inMed = 0 elif name == 'high': self.inHigh = 0
def endElement(self, name): if (name == 'component'): p = ComponentParameters(self.theName, self.theDescription, self.theInterfaces, self.theStructure, self.theComponentRequirements, self.theComponentGoals, self.theComponentGoalAssociations) self.theComponents.append(p) self.resetComponentAttributes() elif name == 'role': p = RoleParameters(self.theName, self.theType, self.theShortCode, self.theDescription, []) self.theRoles.append(p) self.resetRoleAttributes() elif name == 'asset': spDict = {} spDict['confidentiality'] = 0 spDict['integrity'] = 0 spDict['availability'] = 0 spDict['accountability'] = 0 spDict['anonymity'] = 0 spDict['pseudonymity'] = 0 spDict['unlinkability'] = 0 spDict['unobservability'] = 0 srDict = {} srDict['confidentiality'] = 'None' srDict['integrity'] = 'None' srDict['availability'] = 'None' srDict['accountability'] = 'None' srDict['anonymity'] = 'None' srDict['pseudonymity'] = 'None' srDict['unlinkability'] = 'None' srDict['unobservability'] = 'None' for sp in self.theSecurityProperties: spName = sp[0] spValue = a2i(sp[1]) spRationale = sp[2] if spName in spDict: spDict[spName] = spValue if spName in srDict: srDict[spName] = spRationale spValues = [] spValues.append(spDict['confidentiality']) spValues.append(spDict['integrity']) spValues.append(spDict['availability']) spValues.append(spDict['accountability']) spValues.append(spDict['anonymity']) spValues.append(spDict['pseudonymity']) spValues.append(spDict['unlinkability']) spValues.append(spDict['unobservability']) srValues = [] srValues.append(srDict['confidentiality']) srValues.append(srDict['integrity']) srValues.append(srDict['availability']) srValues.append(srDict['accountability']) srValues.append(srDict['anonymity']) srValues.append(srDict['pseudonymity']) srValues.append(srDict['unlinkability']) srValues.append(srDict['unobservability']) p = TemplateAssetParameters( self.theName, self.theShortCode, self.theDescription, self.theSignificance, self.theAssetType, self.theSurfaceType, self.theAccessRight, spValues, srValues, self.theTags, self.theInterfaces) self.theAssets.append(p) self.resetAssetAttributes() elif name == 'security_property': self.theSecurityProperties.append( (self.thePropertyName, self.thePropertyValue, self.theRationale)) self.resetSecurityPropertyAttributes() elif name == 'structure': self.theStructure.append( (self.theHeadName, self.theHeadAdornment, self.theHeadNav, self.theHeadNry, self.theHeadRole, self.theTailRole, self.theTailNry, self.theTailNav, self.theTailAdornment, self.theTailName)) self.resetStructure() elif name == 'requirement': p = TemplateRequirementParameters(self.theReqName, self.theAsset, self.theType, self.theDescription, self.theRationale, self.theFitCriterion) self.theRequirements.append(p) self.resetRequirementAttributes() elif name == 'goal': p = TemplateGoalParameters(self.theName, self.theDefinition, self.theRationale, self.theConcerns, self.theResponsibilities) self.theGoals.append(p) self.resetGoalAttributes() elif name == 'connector': p = ConnectorParameters(self.theName, self.theViewName, self.theFromName, self.theFromRole, self.theFromInterface, self.theToName, self.theToInterface, self.theToRole, self.theConnectorAsset, self.theProtocolName, self.theAccessRight) self.theConnectors.append(p) self.resetConnectorAttributes() elif name == 'component_goal_association': self.theComponentGoalAssociations.append( (self.theGoalName, self.theSubGoalName, self.theRefType, self.theRationale)) self.resetComponentGoalAssociationAttributes() elif name == 'description': self.inDescription = 0 elif name == 'definition': self.inDefinition = 0 elif name == 'synopsis': self.inSynopsis = 0 elif name == 'rationale': self.inRationale = 0 elif name == 'significance': self.inSignificance = 0 elif name == 'fit_criterion': self.inFitCriterion = 0 elif name == 'access_right' or name == 'protocol' or name == 'privilege' or name == 'surface_type': p = ValueTypeParameters(self.theName, self.theDescription, name, '', self.theScore, self.theRationale) self.theMetricTypes.append(p) self.resetValueTypeAttributes() elif name == 'architectural_pattern': self.theViewParameters = ComponentViewParameters( self.theViewName, self.theSynopsis, self.theMetricTypes, self.theRoles, self.theAssets, self.theRequirements, self.theGoals, self.theComponents, self.theConnectors)
def endElement(self, name): if name == 'entry': self.theNamingConventions.append({ 'name': unescape(self.theCurrentNameEntry), 'value': unescape(self.theDefinition) }) elif name == 'revision': self.theRevisions.append( (self.theCurrentRevNo, unescape(self.theCurrentRevDate), unescape(self.theRemarks))) elif name == 'project_settings': self.theProjectSettings = (unescape(self.theName), unescape(self.theBackground), unescape(self.theStrategicGoals), unescape(self.theScope), self.theNamingConventions, self.theContributors, self.theRevisions, self.theRichPicture) elif name == 'asset_values': nv = ValueTypeParameters('None', unescape(self.theNoneValue), 'asset_value', unescape(self.theName)) nv.setId(0) self.theAssetValues.append(nv) lv = ValueTypeParameters('Low', unescape(self.theLowValue), 'asset_value', unescape(self.theName)) lv.setId(1) self.theAssetValues.append(lv) mv = ValueTypeParameters('Medium', unescape(self.theMedValue), 'asset_value', unescape(self.theName)) mv.setId(2) self.theAssetValues.append(mv) hv = ValueTypeParameters('High', unescape(self.theHighValue), 'asset_value', unescape(self.theName)) hv.setId(3) self.theAssetValues.append(hv) self.resetAssetValues() elif name == 'environment': p = EnvironmentParameters(unescape(self.theName), unescape(self.theShortCode), unescape(self.theDefinition), self.theCompositeEnvironments, self.theDuplicateProperty, unescape(self.theOverridingEnvironment)) p.setAssetValues(self.theAssetValues) if (len(p.environments()) > 0): self.theCEnvironments.append(p) else: self.theEnvironments.append(p) self.resetEnvironmentAttributes() elif name == 'background': self.inBackground = 0 elif name == 'strategic_goals': self.inStrategicGoals = 0 elif name == 'scope': self.inScope = 0 elif name == 'definition': self.inDefinition = 0 elif name == 'remarks': self.inRemarks = 0 elif name == 'none': self.inNone = 0 elif name == 'low': self.inLow = 0 elif name == 'medium': self.inMed = 0 elif name == 'high': self.inHigh = 0
def setUp(self): call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json') d = json.load(f) f.close() ienvs = d['environments'] iep1 = EnvironmentParameters(ienvs[0]["theName"], ienvs[0]["theShortCode"], ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(iep1) iRoles = d['roles'] irp = RoleParameters(iRoles[0]["theName"], iRoles[0]["theType"], iRoles[0]["theShortCode"], iRoles[0]["theDescription"], []) b.dbProxy.addRole(irp) iAttackers = d['attackers'] iatkeps = [ AttackerEnvironmentProperties( iAttackers[0]["theEnvironmentProperties"][0]["theName"], iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], iAttackers[0]["theEnvironmentProperties"][0]["theMotives"], iAttackers[0]["theEnvironmentProperties"][0] ["theCapabilities"]) ] iatk = AttackerParameters(iAttackers[0]["theName"], iAttackers[0]["theDescription"], iAttackers[0]["theImage"], [], iatkeps) b.dbProxy.addAttacker(iatk) iVtypes = d['valuetypes'] ivt1 = ValueTypeParameters(iVtypes[0]["theName"], iVtypes[0]["theDescription"], iVtypes[0]["theType"]) ivt2 = ValueTypeParameters(iVtypes[1]["theName"], iVtypes[1]["theDescription"], iVtypes[1]["theType"]) b.dbProxy.addValueType(ivt1) b.dbProxy.addValueType(ivt2) iassets = d['assets'] iaeps1 = [ AssetEnvironmentProperties( iassets[0]["theEnvironmentProperties"][0][0], iassets[0]["theEnvironmentProperties"][0][1], iassets[0]["theEnvironmentProperties"][0][2]) ] iaeps2 = [ AssetEnvironmentProperties( iassets[1]["theEnvironmentProperties"][0][0], iassets[1]["theEnvironmentProperties"][0][1], iassets[1]["theEnvironmentProperties"][0][2]) ] iaeps3 = [ AssetEnvironmentProperties( iassets[2]["theEnvironmentProperties"][0][0], iassets[2]["theEnvironmentProperties"][0][1], iassets[2]["theEnvironmentProperties"][0][2]) ] iap1 = AssetParameters(iassets[0]["theName"], iassets[0]["theShortCode"], iassets[0]["theDescription"], iassets[0]["theSignificance"], iassets[0]["theType"], "0", "N/A", [], [], iaeps1) iap2 = AssetParameters(iassets[1]["theName"], iassets[1]["theShortCode"], iassets[1]["theDescription"], iassets[1]["theSignificance"], iassets[1]["theType"], "0", "N/A", [], [], iaeps2) iap3 = AssetParameters(iassets[2]["theName"], iassets[2]["theShortCode"], iassets[2]["theDescription"], iassets[2]["theSignificance"], iassets[2]["theType"], "0", "N/A", [], [], iaeps3) b.dbProxy.addAsset(iap1) b.dbProxy.addAsset(iap2) b.dbProxy.addAsset(iap3) iThreats = d['threats'] iteps = [ ThreatEnvironmentProperties( iThreats[0]["theEnvironmentProperties"][0]["theName"], iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"], iThreats[0]["theEnvironmentProperties"][0]["theAssets"], iThreats[0]["theEnvironmentProperties"][0]["theAttackers"], iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0] [1], iThreats[0]["theEnvironmentProperties"][0] ["theProperties"][0][1]) ] itps = ThreatParameters(iThreats[0]["theName"], iThreats[0]["theType"], iThreats[0]["theMethod"], [], iteps) b.dbProxy.addThreat(itps) iVuln = d['vulnerabilities'] iveps = [ VulnerabilityEnvironmentProperties( iVuln[0]["theEnvironmentProperties"][0]["theName"], iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], iVuln[0]["theEnvironmentProperties"][0]["theAssets"]) ] ivp = VulnerabilityParameters(iVuln[0]["theName"], iVuln[0]["theDescription"], iVuln[0]["theType"], [], iveps) b.dbProxy.addVulnerability(ivp) imc = d['misuseCase'] iRisks = d['risks'] imcep = [ MisuseCaseEnvironmentProperties( imc[0]["theEnvironmentProperties"][0]["theName"], imc[0]["theEnvironmentProperties"][0]["theDescription"]) ] imcp = MisuseCase(int(0), imc[0]["theName"], imcep, imc[0]["theRisk"]) irp = RiskParameters(iRisks[0]["theName"], iRisks[0]["threatName"], iRisks[0]["vulName"], imcp, []) b.dbProxy.addRisk(irp) self.iResponses = d['responses']
def setUp(self): call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/threats.json') d = json.load(f) f.close() ienvs = d['environments'] iep = EnvironmentParameters(ienvs[0]["theName"], ienvs[0]["theShortCode"], ienvs[0]["theDescription"]) iep1 = EnvironmentParameters(ienvs[1]["theName"], ienvs[1]["theShortCode"], ienvs[1]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(iep) b.dbProxy.addEnvironment(iep1) iRoles = d['roles'] irp = RoleParameters(iRoles[0]["theName"], iRoles[0]["theType"], iRoles[0]["theShortCode"], iRoles[0]["theDescription"], []) b.dbProxy.addRole(irp) iAttackers = d['attackers'] iatkeps = [ AttackerEnvironmentProperties( iAttackers[0]["theEnvironmentProperties"][0]["theName"], iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], iAttackers[0]["theEnvironmentProperties"][0]["theMotives"], iAttackers[0]["theEnvironmentProperties"][0] ["theCapabilities"]), AttackerEnvironmentProperties( iAttackers[0]["theEnvironmentProperties"][1]["theName"], iAttackers[0]["theEnvironmentProperties"][1]["theRoles"], iAttackers[0]["theEnvironmentProperties"][1]["theMotives"], iAttackers[0]["theEnvironmentProperties"][1] ["theCapabilities"]) ] iatk = AttackerParameters(iAttackers[0]["theName"], iAttackers[0]["theDescription"], iAttackers[0]["theImage"], [], iatkeps) b.dbProxy.addAttacker(iatk) iVtypes = d['valuetypes'] ivt = ValueTypeParameters(iVtypes[0]["theName"], iVtypes[0]["theDescription"], iVtypes[0]["theType"]) b.dbProxy.addValueType(ivt) iassets = d['assets'] iaeps = [ AssetEnvironmentProperties( iassets[0]["theEnvironmentProperties"][0][0], iassets[0]["theEnvironmentProperties"][0][1], iassets[0]["theEnvironmentProperties"][0][2]), AssetEnvironmentProperties( iassets[0]["theEnvironmentProperties"][1][0], iassets[0]["theEnvironmentProperties"][1][1], iassets[0]["theEnvironmentProperties"][1][2]) ] iap = AssetParameters(iassets[0]["theName"], iassets[0]["theShortCode"], iassets[0]["theDescription"], iassets[0]["theSignificance"], iassets[0]["theType"], "0", "N/A", [], [], iaeps) b.dbProxy.addAsset(iap) self.iThreats = d['threats']