def situatePattern(self,patternId,assetEnvs): assetParametersList = [] for assetName,envs in assetEnvs.iteritems(): assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,envs)) b = Borg() b.dbProxy.addSituatedAssets(patternId,assetParametersList) self.theParentDialog.theMainWindow.updateObjectSelection()
def situatePattern(self, patternId, assetEnvs): assetParametersList = [] for assetName, envs in assetEnvs.iteritems(): assetParametersList.append( AssetParametersFactory.buildFromTemplate(assetName, envs)) b = Borg() b.dbProxy.addSituatedAssets(patternId, assetParametersList) self.theParentDialog.theMainWindow.updateObjectSelection()
def situateComponentView(self,cvName,envName,targets): assetParametersList = [] componentAssets = self.dbProxy.componentAssets(cvName) acDict = {} for assetName,componentName in componentAssets: assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,[envName])) if assetName not in acDict: acDict[assetName] = [] acDict[assetName].append(componentName) self.dbProxy.situateComponentView(cvName,envName,acDict,assetParametersList,targets) self.theParentDialog.theMainWindow.updateObjectSelection()
def situateComponentView(self,cvName,envName,targets,goalObstacles): assetParametersList = [] componentAssets = self.dbProxy.componentAssets(cvName) acDict = {} for assetName,componentName in componentAssets: assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,[envName])) if assetName not in acDict: acDict[assetName] = [] acDict[assetName].append(componentName) ops = [] for goalName,obsName in goalObstacles: ops.append(GoalAssociationParameters(envName,goalName,'goal','obstruct',obsName,'obstacle',0,cvName + ' weakness analysis')) self.dbProxy.situateComponentView(cvName,envName,acDict,assetParametersList,targets,ops) self.theParentDialog.theMainWindow.updateObjectSelection()
def onSelectGenerateFromTemplate(self,evt): countermeasure = self.theParentDialog.objts[self.theParentDialog.selectedLabel] cmId = countermeasure.id() try: b = Borg() dbProxy = b.dbProxy templateAssets = dbProxy.getDimensionNames('template_asset') cDlg = DimensionNameDialog(self,'template_asset',templateAssets,'Select') if (cDlg.ShowModal() == armid.DIMNAME_BUTTONACTION_ID): templateAssetName = cDlg.dimensionName() assetId = dbProxy.addAsset(AssetParametersFactory.buildFromTemplate(templateAssetName,countermeasure.environments())) dbProxy.addTrace('countermeasure_asset',cmId,assetId) cDlg.Destroy() except ARMException,errorText: dlg = wx.MessageDialog(self,str(errorText),'Generate countermeasure asset',wx.OK | wx.ICON_ERROR) dlg.ShowModal() dlg.Destroy() return
def onSituate(self,evt): tAsset = self.theParentDialog.objts[self.theParentDialog.selectedLabel] taId = tAsset.id() taName = tAsset.name() try: b = Borg() dbProxy = b.dbProxy envs = dbProxy.getEnvironmentNames() cDlg = DimensionNameDialog(self,'environment',envs,'Select') if (cDlg.ShowModal() == armid.DIMNAME_BUTTONACTION_ID): sitEnvs = cDlg.dimensionNames() assetId = dbProxy.addAsset(AssetParametersFactory.buildFromTemplate(taName,sitEnvs)) # NB: we don't add anything to asset_template_asset, as we only use this table when the derived asset is part of a situated pattern cDlg.Destroy() except ARMException,errorText: dlg = wx.MessageDialog(self,str(errorText),'Situate template asset',wx.OK | wx.ICON_ERROR) dlg.ShowModal() dlg.Destroy() return
def situateComponentView(self, cvName, envName, targets, goalObstacles): assetParametersList = [] componentAssets = self.dbProxy.componentAssets(cvName) acDict = {} for assetName, componentName in componentAssets: assetParametersList.append( AssetParametersFactory.buildFromTemplate(assetName, [envName])) if assetName not in acDict: acDict[assetName] = [] acDict[assetName].append(componentName) ops = [] for goalName, obsName in goalObstacles: ops.append( GoalAssociationParameters(envName, goalName, 'goal', 'obstruct', obsName, 'obstacle', 0, cvName + ' weakness analysis')) self.dbProxy.situateComponentView(cvName, envName, acDict, assetParametersList, targets, ops) self.theParentDialog.theMainWindow.updateObjectSelection()
def onSituate(self, evt): tAsset = self.theParentDialog.objts[self.theParentDialog.selectedLabel] taId = tAsset.id() taName = tAsset.name() try: b = Borg() dbProxy = b.dbProxy envs = dbProxy.getEnvironmentNames() cDlg = DimensionNameDialog(self, 'environment', envs, 'Select') if (cDlg.ShowModal() == armid.DIMNAME_BUTTONACTION_ID): sitEnvs = cDlg.dimensionNames() assetId = dbProxy.addAsset( AssetParametersFactory.buildFromTemplate(taName, sitEnvs)) # NB: we don't add anything to asset_template_asset, as we only use this table when the derived asset is part of a situated pattern cDlg.Destroy() except ARMException, errorText: dlg = wx.MessageDialog(self, str(errorText), 'Situate template asset', wx.OK | wx.ICON_ERROR) dlg.ShowModal() dlg.Destroy() return
def endElement(self, name): if name == 'intent': self.inIntent = 0 elif name == 'definition': self.inDefinition = 0 elif name == 'rationale': self.inRationale = 0 elif name == 'motivation': self.theMotivations.append( (self.theGoal, self.theValue, self.theDescription)) self.resetMotivationElements() elif name == 'participant': self.theParticipants.append((self.theParticipant, self.theMotives, self.theResponsibilities)) self.resetParticipantElements() elif name == 'description': self.inDescription = 0 if self.inImplementation: self.inImplementation = 0 elif name == 'consequences': self.inConsequences = 0 elif name == 'implementation': self.inImplementation = 0 elif name == 'known_uses': self.inKnownUses = 0 elif name == 'related_patterns': self.inRelatedPatterns = 0 elif name == 'obstacle': self.theObstacles.append( TemplateObstacleParameters( self.theObstacleName, self.theObstacleCategory, self.theDefinition, self.theConcerns, self.theResponsibilities, self.theProbability, self.theRationale)) self.resetObstacleElements() elif name == 'obstacle_association': self.theObstacleAssociations.append( (self.theObstacleName, self.theRefType, self.theSubObstacleName, self.theRationale)) self.resetObstacleAssociationElements() elif name == 'attack_pattern': assetList = self.theTargets + self.theExploits for assetName in assetList: self.theAssetParameters.append( AssetParametersFactory.buildFromTemplate( assetName, [self.theEnvironment])) attackerNames = [] for attackerName, attackerMotives, attackerCapabilities in self.theParticipants: attackerRoles = self.dbProxy.dimensionRoles( self.dbProxy.getDimensionId(attackerName, 'persona'), self.dbProxy.getDimensionId(self.theEnvironment, 'environment'), 'persona') ep = AttackerEnvironmentProperties(self.theEnvironment, attackerRoles, attackerMotives, attackerCapabilities) p = AttackerParameters(attackerName, '', '', [], [ep]) p.isPersona = True self.theAttackerParameters.append(p) attackerNames.append(attackerName) for tObs in self.theObstacles: sgRefs = [] for resp in tObs.responsibilities(): sgRefs.append((resp, 'role', 'responsible', 0, 'None')) ep = ObstacleEnvironmentProperties(self.theEnvironment, '', tObs.definition(), tObs.category(), [], sgRefs, tObs.concerns()) ep.theProbability = tObs.probability() ep.theProbabilityRationale = tObs.probabilityRationale() self.theObstacleParameters.append( ObstacleParameters(tObs.name(), self.thePatternName, [], [ep])) for obsAssoc in self.theObstacleAssociations: obsName = obsAssoc[0] refType = obsAssoc[1] subObsName = obsAssoc[2] assocRationale = obsAssoc[3] self.theObstacleAssociationParameters.append( GoalAssociationParameters(self.theEnvironment, obsName, 'obstacle', refType, subObsName, 'obstacle', 0, assocRationale)) vp = VulnerabilityEnvironmentProperties(self.theEnvironment, self.theSeverity, self.theExploits) vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit) vulData = vulRows[0] self.theVulnerabilityParameters = VulnerabilityParameters( self.theExploit, vulData[2], vulData[3], [], [vp]) spDict = {} spDict['confidentiality'] = (0, 'None') spDict['integrity'] = (0, 'None') spDict['availability'] = (0, 'None') spDict['accountability'] = (0, 'None') spDict['anonymity'] = (0, 'None') spDict['pseudonymity'] = (0, 'None') spDict['unlinkability'] = (0, 'None') spDict['unobservability'] = (0, 'None') for thrMotivation in self.theMotivations: spName = thrMotivation[0] spValue = thrMotivation[1] spRationale = thrMotivation[2] spDict[spName] = (a2i(spValue), spRationale) cProperty, cRationale = spDict['confidentiality'] iProperty, iRationale = spDict['integrity'] avProperty, avRationale = spDict['availability'] acProperty, acRationale = spDict['accountability'] anProperty, anRationale = spDict['anonymity'] panProperty, panRationale = spDict['pseudonymity'] unlProperty, unlRationale = spDict['unlinkability'] unoProperty, unoRationale = spDict['unobservability'] tp = ThreatEnvironmentProperties( self.theEnvironment, self.theLikelihood, self.theTargets, attackerNames, [ cProperty, iProperty, avProperty, acProperty, anProperty, panProperty, unlProperty, unoProperty ], [ cRationale, iRationale, avRationale, acRationale, anRationale, panRationale, unlRationale, unoRationale ]) thrRows = self.dbProxy.getThreatDirectory(self.theAttack) thrData = thrRows[0] self.theThreatParameters = ThreatParameters( self.theAttack, thrData[3], thrData[2], [], [tp]) if (self.theAttackObstacle != ''): self.theObstacleAssociationParameters.append( GoalAssociationParameters(self.theEnvironment, self.theAttackObstacle, 'obstacle', 'or', self.theAttack, 'threat', 0, 'None')) if (self.theExploitObstacle != ''): self.theObstacleAssociationParameters.append( GoalAssociationParameters(self.theEnvironment, self.theExploitObstacle, 'obstacle', 'or', self.theExploit, 'vulnerability', 0, 'None')) rep = MisuseCaseEnvironmentProperties(self.theEnvironment, self.theImplementation) mc = MisuseCase(-1, 'Exploit ' + self.thePatternName, [rep], self.thePatternName) self.theRiskParameters = RiskParameters(self.thePatternName, self.theAttack, self.theExploit, mc, [], self.theIntent, self.theEnvironment)
#!/usr/bin/python import BorgFactory from Borg import Borg import AssetParametersFactory if __name__ == '__main__': BorgFactory.initialise() b = Borg() envName = 'Complete' for apName in b.dbProxy.getDimensionNames('component_view'): componentAssets = b.dbProxy.componentAssets(apName) acDict = {} assetParametersList = [] for assetName, componentName in componentAssets: assetParametersList.append( AssetParametersFactory.buildFromTemplate(assetName, [envName])) if assetName not in acDict: acDict[assetName] = [] acDict[assetName].append(componentName) print 'situating ', apName b.dbProxy.situateComponentView(apName, 'Complete', acDict, assetParametersList, [], []) b.dbProxy.conn.commit()
def endElement(self,name): if name == 'intent': self.inIntent = 0 elif name == 'definition': self.inDefinition = 0 elif name == 'rationale': self.inRationale = 0 elif name == 'motivation': self.theMotivations.append((self.theGoal,self.theValue,self.theDescription)) self.resetMotivationElements() elif name == 'participant': self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities)) self.resetParticipantElements() elif name == 'description': self.inDescription = 0 if self.inImplementation: self.inImplementation = 0 elif name == 'consequences': self.inConsequences = 0 elif name == 'implementation': self.inImplementation = 0 elif name == 'known_uses': self.inKnownUses = 0 elif name == 'related_patterns': self.inRelatedPatterns = 0 elif name == 'obstacle': self.theObstacles.append( TemplateObstacleParameters(self.theObstacleName,self.theObstacleCategory,self.theDefinition,self.theConcerns,self.theResponsibilities,self.theProbability,self.theRationale)) self.resetObstacleElements() elif name == 'obstacle_association': self.theObstacleAssociations.append((self.theObstacleName,self.theRefType,self.theSubObstacleName,self.theRationale)) self.resetObstacleAssociationElements() elif name == 'attack_pattern': assetList = self.theTargets + self.theExploits for assetName in assetList: self.theAssetParameters.append(AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment])) attackerNames = [] for attackerName,attackerMotives,attackerCapabilities in self.theParticipants: attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona') ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities) p = AttackerParameters(attackerName,'','',[],[ep]) p.isPersona = True self.theAttackerParameters.append(p) attackerNames.append(attackerName) for tObs in self.theObstacles: sgRefs = [] for resp in tObs.responsibilities(): sgRefs.append((resp,'role','responsible',0,'None')) ep = ObstacleEnvironmentProperties(self.theEnvironment,'',tObs.definition(),tObs.category(),[],sgRefs,tObs.concerns()) ep.theProbability = tObs.probability() ep.theProbabilityRationale = tObs.probabilityRationale() self.theObstacleParameters.append(ObstacleParameters(tObs.name(),self.thePatternName,[],[ep])) for obsAssoc in self.theObstacleAssociations: obsName = obsAssoc[0] refType = obsAssoc[1] subObsName = obsAssoc[2] assocRationale = obsAssoc[3] self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,obsName,'obstacle',refType,subObsName,'obstacle',0,assocRationale)) vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits) vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit) vulData = vulRows[0] self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp]) spDict = {} spDict['confidentiality'] = (0,'None') spDict['integrity'] = (0,'None') spDict['availability'] = (0,'None') spDict['accountability'] = (0,'None') spDict['anonymity'] = (0,'None') spDict['pseudonymity'] = (0,'None') spDict['unlinkability'] = (0,'None') spDict['unobservability'] = (0,'None') for thrMotivation in self.theMotivations: spName = thrMotivation[0] spValue = thrMotivation[1] spRationale = thrMotivation[2] spDict[spName] = (a2i(spValue),spRationale) cProperty,cRationale = spDict['confidentiality'] iProperty,iRationale = spDict['integrity'] avProperty,avRationale = spDict['availability'] acProperty,acRationale = spDict['accountability'] anProperty,anRationale = spDict['anonymity'] panProperty,panRationale = spDict['pseudonymity'] unlProperty,unlRationale = spDict['unlinkability'] unoProperty,unoRationale = spDict['unobservability'] tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale]) thrRows = self.dbProxy.getThreatDirectory(self.theAttack) thrData = thrRows[0] self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp]) if (self.theAttackObstacle != ''): self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theAttackObstacle,'obstacle','or',self.theAttack,'threat',0,'None')) if (self.theExploitObstacle != ''): self.theObstacleAssociationParameters.append(GoalAssociationParameters(self.theEnvironment,self.theExploitObstacle,'obstacle','or',self.theExploit,'vulnerability',0,'None')) rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation ) mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName) self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[],self.theIntent,self.theEnvironment)
def endElement(self,name): if name == 'intent': self.inIntent = 0 elif name == 'motivation': self.theMotivations.append((self.theGoal,self.theValue,self.theDescription)) self.resetMotivationElements() elif name == 'participant': self.theParticipants.append((self.theParticipant,self.theMotives,self.theResponsibilities)) self.resetParticipantElements() elif name == 'description': self.inDescription = 0 elif name == 'consequences': self.inConsequences = 0 elif name == 'implementation': self.inImplementation = 0 elif name == 'known_uses': self.inKnownUses = 0 elif name == 'related_patterns': self.inRelatedPatterns = 0 elif name == 'attack_pattern': assetList = self.theTargets + self.theExploits for assetName in assetList: self.theAssetParameters.append(AssetParametersFactory.buildFromTemplate(assetName,[self.theEnvironment])) attackerNames = [] for attackerName,attackerMotives,attackerCapabilities in self.theParticipants: attackerRoles = self.dbProxy.dimensionRoles(self.dbProxy.getDimensionId(attackerName,'persona'),self.dbProxy.getDimensionId(self.theEnvironment,'environment'),'persona') ep = AttackerEnvironmentProperties(self.theEnvironment,attackerRoles,attackerMotives,attackerCapabilities) p = AttackerParameters(attackerName,'','',[],[ep]) self.theAttackerParameters.append(p) attackerNames.append(attackerName) vp = VulnerabilityEnvironmentProperties(self.theEnvironment,self.theSeverity,self.theExploits) vulRows = self.dbProxy.getVulnerabilityDirectory(self.theExploit) vulData = vulRows[0] self.theVulnerabilityParameters = VulnerabilityParameters(self.theExploit,vulData[2],vulData[3],[],[vp]) spDict = {} spDict['confidentiality'] = (0,'None') spDict['integrity'] = (0,'None') spDict['availability'] = (0,'None') spDict['accountability'] = (0,'None') spDict['anonymity'] = (0,'None') spDict['pseudonymity'] = (0,'None') spDict['unlinkability'] = (0,'None') spDict['unobservability'] = (0,'None') for thrMotivation in self.theMotivations: spName = thrMotivation[0] spValue = thrMotivation[1] spRationale = thrMotivation[2] spDict[spName] = (a2i(spValue),spRationale) cProperty,cRationale = spDict['confidentiality'] iProperty,iRationale = spDict['integrity'] avProperty,avRationale = spDict['availability'] acProperty,acRationale = spDict['accountability'] anProperty,anRationale = spDict['anonymity'] panProperty,panRationale = spDict['pseudonymity'] unlProperty,unlRationale = spDict['unlinkability'] unoProperty,unoRationale = spDict['unobservability'] tp = ThreatEnvironmentProperties(self.theEnvironment,self.theLikelihood,self.theTargets,attackerNames,[cProperty,iProperty,avProperty,acProperty,anProperty,panProperty,unlProperty,unoProperty],[cRationale,iRationale,avRationale,acRationale,anRationale,panRationale,unlRationale,unoRationale]) thrRows = self.dbProxy.getThreatDirectory(self.theAttack) thrData = thrRows[0] self.theThreatParameters = ThreatParameters(self.theAttack,thrData[3],thrData[2],[],[tp]) rep = MisuseCaseEnvironmentProperties(self.theEnvironment,self.theImplementation ) mc = MisuseCase(-1,'Exploit ' + self.thePatternName,[rep],self.thePatternName) self.theRiskParameters = RiskParameters(self.thePatternName,self.theAttack,self.theExploit,mc,[])
#!/usr/bin/python import BorgFactory from Borg import Borg import AssetParametersFactory if __name__ == '__main__': BorgFactory.initialise() b = Borg() envName = 'Complete' for apName in b.dbProxy.getDimensionNames('component_view'): componentAssets = b.dbProxy.componentAssets(apName) acDict = {} assetParametersList = [] for assetName,componentName in componentAssets: assetParametersList.append(AssetParametersFactory.buildFromTemplate(assetName,[envName])) if assetName not in acDict: acDict[assetName] = [] acDict[assetName].append(componentName) print 'situating ',apName b.dbProxy.situateComponentView(apName,'Complete',acDict,assetParametersList,[],[]) b.dbProxy.conn.commit()