def importSecurityPatterns(importFile, session_id=None):
parser = xml.sax.make_parser()
handler = SecurityPatternContentHandler()
parser.setContentHandler(handler)
parser.setEntityResolver(handler)
parser.parse(importFile)
taps = handler.assets()
spps = handler.patterns()
noOfTaps = len(taps)
noOfSpps = len(spps)
b = Borg()
db_proxy = b.get_dbproxy()
msgStr = 'No patterns imported'
if (noOfTaps > 0):
tapId = 0;
db_proxy.deleteSecurityPattern(-1)
db_proxy.deleteTemplateAsset(-1)
for tap in taps:
tap.setId(tapId)
db_proxy.addTemplateAsset(tap)
tapId += 1
if (noOfSpps > 0):
spId = 0;
db_proxy.deleteSecurityPattern(-1)
for sp in spps:
sp.setId(spId)
db_proxy.addSecurityPattern(sp)
spId += 1
msgStr = 'Imported ' + str(noOfTaps) + ' template assets and ' + str(noOfSpps) + ' security patterns'
return msgStr
def importSecurityPatterns(importFile, session_id=None):
parser = xml.sax.make_parser()
handler = SecurityPatternContentHandler()
parser.setContentHandler(handler)
parser.setEntityResolver(handler)
parser.parse(importFile)
taps = handler.assets()
spps = handler.patterns()
noOfTaps = len(taps)
noOfSpps = len(spps)
b = Borg()
db_proxy = b.get_dbproxy()
msgStr = 'No patterns imported'
if (noOfTaps > 0):
tapId = 0
db_proxy.deleteSecurityPattern(-1)
db_proxy.deleteTemplateAsset(-1)
for tap in taps:
tap.setId(tapId)
db_proxy.addTemplateAsset(tap)
tapId += 1
if (noOfSpps > 0):
spId = 0
db_proxy.deleteSecurityPattern(-1)
for sp in spps:
sp.setId(spId)
db_proxy.addSecurityPattern(sp)
spId += 1
msgStr = 'Imported ' + str(
noOfTaps) + ' template assets and ' + str(
noOfSpps) + ' security patterns'
return msgStr
def importComponentViewData(view, session_id): b = Borg() db_proxy = b.get_dbproxy(session_id) db_proxy.addComponentView(view) msgStr = 'Imported architectural pattern' return msgStr
def get_dbproxy(self, session_id):
"""
Searches the MySQLDatabaseProxy instance associated with the session ID.
:param
session_id: The session ID
:type
session_id: str
:rtype
MySQLDatabaseProxy
:return
The MySQLDatabaseProxy instance associated with the session ID
:raise
CairisHTTPError
"""
if session_id:
b = Borg()
db_proxy = b.get_dbproxy(session_id)
if db_proxy is None:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection could not be created.'
)
elif isinstance(db_proxy, MySQLDatabaseProxy):
db_proxy.reconnect(session_id=session_id)
return db_proxy
else:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection was not properly set up. Please try to reset the connection.'
)
else:
raise MissingParameterHTTPError(
param_names=['session_id']
)
def get_dbproxy(self, session_id):
"""
Searches the MySQLDatabaseProxy instance associated with the session ID.
:param
session_id: The session ID
:type
session_id: str
:rtype
MySQLDatabaseProxy
:return
The MySQLDatabaseProxy instance associated with the session ID
:raise
CairisHTTPError
"""
if session_id:
b = Borg()
db_proxy = b.get_dbproxy(session_id)
if db_proxy is None:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection could not be created.')
elif isinstance(db_proxy, MySQLDatabaseProxy):
db_proxy.reconnect(session_id=session_id)
return db_proxy
else:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message=
'The database connection was not properly set up. Please try to reset the connection.'
)
else:
raise MissingParameterHTTPError(param_names=['session_id'])
def importComponentViewData(view, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
db_proxy.addComponentView(view)
msgStr = 'Imported architectural pattern'
return msgStr
def importProcesses(docs, codes, memos, quotations, codeNetworks, processes,
ics, intentions, contributions, session_id):
noOfDocs = len(docs)
noOfCodes = len(codes)
noOfMemos = len(memos)
noOfQuotations = len(quotations)
noOfCNs = len(codeNetworks)
noOfProcs = len(processes)
noOfICs = len(ics)
noOfIntentions = len(intentions)
noOfContributions = len(contributions)
b = Borg()
db_proxy = b.get_dbproxy(session_id)
for dp in docs:
db_proxy.addInternalDocument(dp)
for cp in codes:
db_proxy.addCode(cp)
for mp in memos:
db_proxy.addMemo(mp)
for q in quotations:
db_proxy.addQuotation(q)
# Necessary because adding document memos currently overwrites the existing memo text
for mp in memos:
db_proxy.updateMemo(mp)
for cn in codeNetworks:
personaName = cn[0]
rtName = cn[1]
fromCode = cn[2]
toCode = cn[3]
db_proxy.addCodeRelationship(personaName, fromCode, toCode, rtName)
for p in processes:
db_proxy.addImpliedProcess(p)
for ic in ics:
db_proxy.addImpliedCharacteristic(ic)
for intention in intentions:
db_proxy.addIntention(intention)
for contribution in contributions:
db_proxy.addContribution(contribution)
msgStr = 'Imported ' + str(noOfDocs) + ' internal documents, ' + str(
noOfCodes) + ' codes, ' + str(noOfMemos) + ' memos, ' + str(
noOfQuotations) + ' quotations, ' + str(
noOfCNs) + ' code relationships, ' + str(
noOfProcs) + ' implied processes, ' + str(
noOfIntentions) + ' intentions, and ' + str(
noOfContributions) + ' contributions.'
return msgStr
def __init__(self, session_id):
b = Borg()
self.dbProxy = b.get_dbproxy(session_id)
self.configDir = b.configDir
self.theCharacteristicSynopses = []
self.theReferenceSynopses = []
self.theStepSynopses = []
self.theReferenceContributions = []
self.theUseCaseContributions = []
def importRequirements(dpParameterSet,goalParameterSet,obsParameterSet,reqParameterSet,cmParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
dpCount = 0
for dpParameters in dpParameterSet:
objtId = db_proxy.existingObject(dpParameters.name(),'domainproperty')
if objtId == -1:
db_proxy.addDomainProperty(dpParameters)
else:
dpParameters.setId(objtId)
db_proxy.updateDomainProperty(dpParameters)
dpCount += 1
goalCount = 0
for goalParameters in goalParameterSet:
objtId = db_proxy.existingObject(goalParameters.name(),'goal')
if objtId == -1:
db_proxy.addGoal(goalParameters)
else:
goalParameters.setId(objtId)
db_proxy.updateGoal(goalParameters)
goalCount += 1
obsCount = 0
for obsParameters in obsParameterSet:
objtId = db_proxy.existingObject(obsParameters.name(),'obstacle')
if objtId == -1:
db_proxy.addObstacle(obsParameters)
else:
obsParameters.setId(objtId)
db_proxy.updateObstacle(obsParameters)
obsCount += 1
reqCount = 0
for req,refName,refType in reqParameterSet:
objtId = db_proxy.existingObject(req.name(),'requirement')
if objtId == -1:
isAsset = True
if (refType == 'environment'):
isAsset = False
db_proxy.addRequirement(req,refName,isAsset)
else:
db_proxy.updateRequirement(req)
reqCount += 1
cmCount = 0
for cmParameters in cmParameterSet:
objtId = db_proxy.existingObject(cmParameters.name(),'countermeasure')
if objtId == -1:
db_proxy.addCountermeasure(cmParameters)
else:
cmParameters.setId(objtId)
db_proxy.updateCountermeasure(cmParameters)
cmCount += 1
msgStr = 'Imported ' + str(dpCount) + ' domain properties, ' + str(goalCount) + ' goals, ' + str(obsCount) + ' obstacles, ' + str(reqCount) + ' requirements, and ' + str(cmCount) + ' countermeasures.'
return msgStr
def __init__(self, session_id): b = Borg() self.dbProxy = b.get_dbproxy(session_id) self.configDir = b.configDir self.theCharacteristicSynopses = [] self.theReferenceSynopses = [] self.theStepSynopses = [] self.theReferenceContributions = [] self.theUseCaseContributions = []
def validate_proxy(session, id, request=None, conf=None):
"""
Validates that the DB proxy object is properly set up
:param session: The session object of the request
:param id: The session ID provided by the user
:param conf: A dictionary containing configuration settings for direct authenrication
:return: The MySQLDatabaseProxy object associated to the session
:rtype : MySQLDatabaseProxy
:raise CairisHTTPError: Raises a CairisHTTPError when the database could not be properly set up
"""
if session is not None:
session_id = session.get('session_id', -1)
else:
session_id = None
if conf is not None:
if isinstance(conf, dict):
try:
db_proxy = MySQLDatabaseProxy(host=conf['host'], port=conf['port'], user=conf['user'], passwd=conf['passwd'], db=conf['db'])
if db_proxy is not None:
return db_proxy
else:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection could not be created.'
)
except DatabaseProxyException:
raise CairisHTTPError(
status_code=httplib.BAD_REQUEST,
message='The provided settings are invalid and cannot be used to create a database connection'
)
if not (session_id is None and id is None):
if id is None:
id = session_id
b = Borg()
db_proxy = b.get_dbproxy(id)
if db_proxy is None:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection could not be created.'
)
elif isinstance(db_proxy, MySQLDatabaseProxy):
return db_proxy
else:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection was not properly set up. Please try to reset the connection.'
)
else:
raise CairisHTTPError(
status_code=httplib.BAD_REQUEST,
message='The session is neither started or no session ID is provided with the request.'
)
def __init__(self, session_id=None):
b = Borg()
self.dbProxy = b.get_dbproxy(session_id)
self.configDir = b.configDir
self.theManualAssociations = set([])
self.theGoalAssociations = []
self.theDependencyAssociations = []
self.resetManualAssociationAttributes()
self.resetGoalAssociationAttributes()
self.resetDependencyAssociationAttributes()
def importDomainValues(tvValues, rvValues, cvValues, svValues, lvValues,
capValues, motValues, session_id):
noOfTvs = len(tvValues)
noOfRvs = len(rvValues)
noOfCvs = len(cvValues)
noOfSvs = len(svValues)
noOfLvs = len(lvValues)
noOfCapVs = len(capValues)
noOfMotVs = len(motValues)
b = Borg()
db_proxy = b.get_dbproxy(session_id)
tId = 0
if (noOfTvs > 0):
for tvp in tvValues:
tvp.setId(tId)
db_proxy.updateValueType(tvp)
tId += 1
tId = 1
if (noOfRvs > 0):
for rvp in rvValues:
rvp.setId(tId)
db_proxy.updateValueType(rvp)
tId += 1
tId = 0
if (noOfCvs > 0):
for cvp in cvValues:
cvp.setId(tId)
db_proxy.updateValueType(cvp)
tId += 1
tId = 0
if (noOfSvs > 0):
for svp in svValues:
svp.setId(tId)
db_proxy.updateValueType(svp)
tId += 1
tId = 0
if (noOfLvs > 0):
for lvp in lvValues:
lvp.setId(tId)
db_proxy.updateValueType(lvp)
tId += 1
if (noOfCapVs > 0):
for capvp in capValues:
db_proxy.addValueType(capvp)
if (noOfMotVs > 0):
for motvp in motValues:
db_proxy.addValueType(motvp)
msgStr = 'Imported domain values'
return msgStr
def importDomainValues(tvValues,rvValues,cvValues,svValues,lvValues,capValues,motValues, session_id):
noOfTvs = len(tvValues)
noOfRvs = len(rvValues)
noOfCvs = len(cvValues)
noOfSvs = len(svValues)
noOfLvs = len(lvValues)
noOfCapVs = len(capValues)
noOfMotVs = len(motValues)
b = Borg()
db_proxy = b.get_dbproxy(session_id)
tId = 0
if (noOfTvs > 0):
for tvp in tvValues:
tvp.setId(tId)
db_proxy.updateValueType(tvp)
tId += 1
tId =1
if (noOfRvs > 0):
for rvp in rvValues:
rvp.setId(tId)
db_proxy.updateValueType(rvp)
tId += 1
tId = 0
if (noOfCvs > 0):
for cvp in cvValues:
cvp.setId(tId)
db_proxy.updateValueType(cvp)
tId += 1
tId = 0
if (noOfSvs > 0):
for svp in svValues:
svp.setId(tId)
db_proxy.updateValueType(svp)
tId += 1
tId = 0
if (noOfLvs > 0):
for lvp in lvValues:
lvp.setId(tId)
db_proxy.updateValueType(lvp)
tId += 1
if (noOfCapVs > 0):
for capvp in capValues:
db_proxy.addValueType(capvp)
if (noOfMotVs > 0):
for motvp in motValues:
db_proxy.addValueType(motvp)
msgStr = 'Imported domain values'
return msgStr
def importProcesses(docs,codes,memos,quotations,codeNetworks,processes,ics,intentions,contributions, session_id):
noOfDocs = len(docs)
noOfCodes = len(codes)
noOfMemos = len(memos)
noOfQuotations = len(quotations)
noOfCNs = len(codeNetworks)
noOfProcs = len(processes)
noOfICs = len(ics)
noOfIntentions = len(intentions)
noOfContributions = len(contributions)
b = Borg()
db_proxy = b.get_dbproxy(session_id)
for dp in docs:
db_proxy.addInternalDocument(dp)
for cp in codes:
db_proxy.addCode(cp)
for mp in memos:
db_proxy.addMemo(mp)
for q in quotations:
db_proxy.addQuotation(q)
# Necessary because adding document memos currently overwrites the existing memo text
for mp in memos:
db_proxy.updateMemo(mp)
for cn in codeNetworks:
personaName = cn[0]
rtName = cn[1]
fromCode = cn[2]
toCode = cn[3]
db_proxy.addCodeRelationship(personaName,fromCode,toCode,rtName)
for p in processes:
db_proxy.addImpliedProcess(p)
for ic in ics:
db_proxy.addImpliedCharacteristic(ic)
for intention in intentions:
db_proxy.addIntention(intention)
for contribution in contributions:
db_proxy.addContribution(contribution)
msgStr = 'Imported ' + str(noOfDocs) + ' internal documents, ' + str(noOfCodes) + ' codes, ' + str(noOfMemos) + ' memos, ' + str(noOfQuotations) + ' quotations, ' + str(noOfCNs) + ' code relationships, ' + str(noOfProcs) + ' implied processes, ' + str(noOfIntentions) + ' intentions, and ' + str(noOfContributions) + ' contributions.'
return msgStr
def importModelFile(importFile, isOverwrite=1, session_id=None):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
modelTxt = ''
if isOverwrite == 1:
db_proxy.clearDatabase(session_id)
modelTxt += importTVTypeFile(importFile, session_id=session_id) + ' '
modelTxt += importDomainValuesFile(importFile, session_id=session_id) + ' '
modelTxt += importProjectFile(importFile, session_id=session_id) + ' '
modelTxt += importRiskAnalysisFile(importFile, session_id=session_id) + ' '
modelTxt += importUsabilityFile(importFile, session_id=session_id) + ' '
modelTxt += importRequirementsFile(importFile, session_id=session_id) + ' '
modelTxt += importAssociationsFile(importFile, session_id=session_id) + ' '
modelTxt += importSynopsesFile(importFile, session_id=session_id)
return modelTxt
def importModelFile(importFile, isOverwrite=1, session_id=None):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
modelTxt = ''
if isOverwrite == 1:
db_proxy.clearDatabase(session_id)
modelTxt += importTVTypeFile(importFile, session_id=session_id) + ' '
modelTxt += importDomainValuesFile(importFile, session_id=session_id) + ' '
modelTxt += importProjectFile(importFile, session_id=session_id) + ' '
modelTxt += importRiskAnalysisFile(importFile, session_id=session_id) + ' '
modelTxt += importUsabilityFile(importFile, session_id=session_id) + ' '
modelTxt += importRequirementsFile(importFile, session_id=session_id) + ' '
modelTxt += importAssociationsFile(importFile, session_id=session_id) + ' '
modelTxt += importSynopsesFile(importFile, session_id=session_id)
return modelTxt
def __init__(self, session_id=None):
b = Borg()
self.dbProxy = b.get_dbproxy(session_id)
self.configDir = b.configDir
self.theDomainProperties = []
self.theGoals = []
self.theObstacles = []
self.theRequirements = []
self.theCountermeasures = []
self.resetDomainPropertyAttributes()
self.resetGoalAttributes()
self.resetObstacleAttributes()
self.resetRequirementAttributes()
self.resetGoalAttributes()
self.resetCountermeasureAttributes()
def __init__(self, session_id=None):
b = Borg()
self.dbProxy = b.get_dbproxy(session_id)
self.configDir = b.configDir
self.theDomainProperties = []
self.theGoals = []
self.theObstacles = []
self.theRequirements = []
self.theCountermeasures = []
self.resetDomainPropertyAttributes()
self.resetGoalAttributes()
self.resetObstacleAttributes()
self.resetRequirementAttributes()
self.resetGoalAttributes()
self.resetCountermeasureAttributes()
def importAssets(valueTypes,assets, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
vtCount = 0
taCount = 0
for vtParameters in valueTypes:
vtId = db_proxy.existingObject(vtParameters.name(),vtParameters.type())
if vtId == -1:
db_proxy.addValueType(vtParameters)
vtCount += 1
for taParameters in assets:
taId = db_proxy.existingObject(taParameters.name(),'template_asset')
if taId == -1:
db_proxy.addTemplateAsset(taParameters)
taCount += 1
return 'Imported ' + str(vtCount) + ' value types, and ' + str(taCount) + ' template assets.'
def importDirectoryFile(importFile,isOverwrite=1, session_id=None):
parser = xml.sax.make_parser()
handler = DirectoryContentHandler()
parser.setContentHandler(handler)
parser.setEntityResolver(handler)
parser.parse(importFile)
vulDir,threatDir = handler.directories()
vdSize = len(vulDir)
tdSize = len(threatDir)
b = Borg()
db_proxy = b.get_dbproxy(session_id)
if (vdSize > 0):
db_proxy.addVulnerabilityDirectory(vulDir,isOverwrite)
if (tdSize > 0):
db_proxy.addThreatDirectory(threatDir,isOverwrite)
msgStr = 'Imported ' + str(vdSize) + ' template vulnerabilities and ' + str(tdSize) + ' template threats.'
return msgStr
def importSynopses(charSyns,refSyns,stepSyns,refConts,ucConts, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
for cs in charSyns:
db_proxy.addCharacteristicSynopsis(cs)
for rs in refSyns:
db_proxy.addReferenceSynopsis(rs)
for ucName,envName,stepNo,synName,aType,aName in stepSyns:
db_proxy.addStepSynopsis(ucName,envName,stepNo,synName,aType,aName)
db_proxy.conn.commit()
for rc in refConts:
db_proxy.addReferenceContribution(rc)
for uc in ucConts:
db_proxy.addUseCaseContribution(uc)
msgStr = 'Imported ' + str(len(charSyns)) + ' characteristic synopses, ' + str(len(refSyns)) + ' reference synopses, ' + str(len(stepSyns)) + ' step synopses, ' + str(len(refConts)) + ' reference contributions, and ' + str(len(ucConts)) + ' use case contributions.'
return msgStr
def importTVTypes(vulTypes,threatTypes,isOverwrite, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
noOfVts = len(vulTypes)
noOfTts = len(threatTypes)
if (noOfVts > 0):
if (isOverwrite):
db_proxy.deleteVulnerabilityType(-1)
for vt in vulTypes:
db_proxy.addValueType(vt)
if (noOfTts > 0):
if (isOverwrite):
db_proxy.deleteThreatType(-1)
for tt in threatTypes:
db_proxy.addValueType(tt)
msgStr = 'Imported ' + str(noOfVts) + ' vulnerability types and ' + str(noOfTts) + ' threat types.'
return msgStr
def importAssociations(maParameterSet,gaParameterSet,depParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
maCount = 0
for tTable,fromId,toId,refType in maParameterSet:
db_proxy.addTrace(tTable,fromId,toId,refType)
maCount += 1
gaCount = 0
for gaParameters in gaParameterSet:
db_proxy.addGoalAssociation(gaParameters)
gaCount += 1
depCount = 0
for depParameters in depParameterSet:
db_proxy.addDependency(depParameters)
depCount += 1
msgStr = 'Imported ' + str(maCount) + ' manual associations, ' + str(gaCount) + ' goal associations, and ' + str(depCount) + ' dependency associations.'
return msgStr
def importTVTypes(vulTypes, threatTypes, isOverwrite, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
noOfVts = len(vulTypes)
noOfTts = len(threatTypes)
if (noOfVts > 0):
if (isOverwrite):
db_proxy.deleteVulnerabilityType(-1)
for vt in vulTypes:
db_proxy.addValueType(vt)
if (noOfTts > 0):
if (isOverwrite):
db_proxy.deleteThreatType(-1)
for tt in threatTypes:
db_proxy.addValueType(tt)
msgStr = 'Imported ' + str(noOfVts) + ' vulnerability types and ' + str(
noOfTts) + ' threat types.'
return msgStr
def importAssets(valueTypes, assets, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
vtCount = 0
taCount = 0
for vtParameters in valueTypes:
vtId = db_proxy.existingObject(vtParameters.name(),
vtParameters.type())
if vtId == -1:
db_proxy.addValueType(vtParameters)
vtCount += 1
for taParameters in assets:
taId = db_proxy.existingObject(taParameters.name(), 'template_asset')
if taId == -1:
db_proxy.addTemplateAsset(taParameters)
taCount += 1
return 'Imported ' + str(vtCount) + ' value types, and ' + str(
taCount) + ' template assets.'
def importProjectData(pSettings,envParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
if (pSettings != None):
db_proxy.updateSettings(pSettings[0],pSettings[1],pSettings[2],pSettings[3],pSettings[4],pSettings[5],pSettings[6],pSettings[7])
envCount = 0
for envParameters in envParameterSet:
objtId = db_proxy.existingObject(envParameters.name(),'environment')
if objtId == -1:
db_proxy.addEnvironment(envParameters)
else:
envParameters.setId(objtId)
db_proxy.updateEnvironment(envParameters)
envCount += 1
msgText = 'Imported ' + str(envCount) + ' environments'
if (pSettings != None):
msgText += ', and project settings'
msgText += '.'
return msgText
def importDirectoryFile(importFile, isOverwrite=1, session_id=None):
parser = xml.sax.make_parser()
handler = DirectoryContentHandler()
parser.setContentHandler(handler)
parser.setEntityResolver(handler)
parser.parse(importFile)
vulDir, threatDir = handler.directories()
vdSize = len(vulDir)
tdSize = len(threatDir)
b = Borg()
db_proxy = b.get_dbproxy(session_id)
if (vdSize > 0):
db_proxy.addVulnerabilityDirectory(vulDir, isOverwrite)
if (tdSize > 0):
db_proxy.addThreatDirectory(threatDir, isOverwrite)
msgStr = 'Imported ' + str(
vdSize) + ' template vulnerabilities and ' + str(
tdSize) + ' template threats.'
return msgStr
def __init__(self, session_id=None):
self.thePatternName = ''
self.theLikelihood = ''
self.theSeverity = ''
self.theObstacles = []
self.theObstacleAssociations = []
self.inIntent = 0
self.theIntent = ''
self.theMotivations = []
self.theEnvironment = ''
self.theAttack = ''
self.theExploit = ''
self.theAttackObstacle = ''
self.theExploitObstacle = ''
self.theParticipants = []
self.theTargets = []
self.theExploits = []
self.inConsequences = 0
self.theConsequences = ''
self.inImplementation = 0
self.theImplementation = ''
self.inKnownUses = 0
self.theKnownUses = ''
self.inRelatedPatterns = 0
self.theRelatedPatterns = ''
b = Borg()
self.configDir = b.configDir
self.dbProxy = b.get_dbproxy(session_id)
self.theObstacleParameters = []
self.theObstacleAssociationParameters = []
self.theAssetParameters = []
self.theAttackerParameters = []
self.theVulnerabilityParameters = None
self.theThreatParameters = None
self.theRiskParameters = None
self.resetObstacleElements()
self.resetObstacleAssociationElements()
self.resetMotivationElements()
self.resetParticipantElements()
def __init__(self, session_id=None):
self.thePatternName = ''
self.theLikelihood = ''
self.theSeverity = ''
self.theObstacles = []
self.theObstacleAssociations = []
self.inIntent = 0
self.theIntent = ''
self.theMotivations = []
self.theEnvironment = ''
self.theAttack = ''
self.theExploit = ''
self.theAttackObstacle = ''
self.theExploitObstacle = ''
self.theParticipants = []
self.theTargets = []
self.theExploits = []
self.inConsequences = 0
self.theConsequences = ''
self.inImplementation = 0
self.theImplementation = ''
self.inKnownUses = 0
self.theKnownUses = ''
self.inRelatedPatterns = 0
self.theRelatedPatterns = ''
b = Borg()
self.configDir = b.configDir
self.dbProxy = b.get_dbproxy(session_id)
self.theObstacleParameters = []
self.theObstacleAssociationParameters = []
self.theAssetParameters = []
self.theAttackerParameters = []
self.theVulnerabilityParameters = None
self.theThreatParameters = None
self.theRiskParameters = None
self.resetObstacleElements()
self.resetObstacleAssociationElements()
self.resetMotivationElements()
self.resetParticipantElements()
def importAssociations(maParameterSet, gaParameterSet, depParameterSet,
session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
maCount = 0
for tTable, fromId, toId, refType in maParameterSet:
db_proxy.addTrace(tTable, fromId, toId, refType)
maCount += 1
gaCount = 0
for gaParameters in gaParameterSet:
db_proxy.addGoalAssociation(gaParameters)
gaCount += 1
depCount = 0
for depParameters in depParameterSet:
db_proxy.addDependency(depParameters)
depCount += 1
msgStr = 'Imported ' + str(maCount) + ' manual associations, ' + str(
gaCount) + ' goal associations, and ' + str(
depCount) + ' dependency associations.'
return msgStr
def importProjectData(pSettings, envParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
if (pSettings != None):
db_proxy.updateSettings(pSettings[0], pSettings[1], pSettings[2],
pSettings[3], pSettings[4], pSettings[5],
pSettings[6], pSettings[7])
envCount = 0
for envParameters in envParameterSet:
objtId = db_proxy.existingObject(envParameters.name(), 'environment')
if objtId == -1:
db_proxy.addEnvironment(envParameters)
else:
envParameters.setId(objtId)
db_proxy.updateEnvironment(envParameters)
envCount += 1
msgText = 'Imported ' + str(envCount) + ' environments'
if (pSettings != None):
msgText += ', and project settings'
msgText += '.'
return msgText
def importSynopses(charSyns, refSyns, stepSyns, refConts, ucConts, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
for cs in charSyns:
db_proxy.addCharacteristicSynopsis(cs)
for rs in refSyns:
db_proxy.addReferenceSynopsis(rs)
for ucName, envName, stepNo, synName, aType, aName in stepSyns:
db_proxy.addStepSynopsis(ucName, envName, stepNo, synName, aType,
aName)
db_proxy.conn.commit()
for rc in refConts:
db_proxy.addReferenceContribution(rc)
for uc in ucConts:
db_proxy.addUseCaseContribution(uc)
msgStr = 'Imported ' + str(
len(charSyns)) + ' characteristic synopses, ' + str(
len(refSyns)) + ' reference synopses, ' + str(
len(stepSyns)) + ' step synopses, ' + str(
len(refConts)) + ' reference contributions, and ' + str(
len(ucConts)) + ' use case contributions.'
return msgStr
def importRiskAnalysis(roleParameterSet,assetParameterSet,vulParameterSet,attackerParameterSet,threatParameterSet,riskParameterSet,responseParameterSet,assocParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
roleCount = 0
for roleParameters in roleParameterSet:
objtId = db_proxy.existingObject(roleParameters.name(),'role')
if objtId == -1:
db_proxy.addRole(roleParameters)
else:
roleParameters.setId(objtId)
db_proxy.updateRole(roleParameters)
roleCount += 1
assetCount = 0
for assetParameters in assetParameterSet:
objtId = db_proxy.existingObject(assetParameters.name(),'asset')
if objtId == -1:
db_proxy.addAsset(assetParameters)
else:
assetParameters.setId(objtId)
db_proxy.updateAsset(assetParameters)
assetCount += 1
vulCount = 0
for vulParameters in vulParameterSet:
objtId = db_proxy.existingObject(vulParameters.name(),'vulnerability')
if objtId == -1:
db_proxy.addVulnerability(vulParameters)
else:
vulParameters.setId(objtId)
db_proxy.updateVulnerability(vulParameters)
vulCount += 1
attackerCount = 0
for attackerParameters in attackerParameterSet:
objtId = db_proxy.existingObject(attackerParameters.name(),'attacker')
if objtId == -1:
db_proxy.addAttacker(attackerParameters)
else:
attackerParameters.setId(objtId)
db_proxy.updateAttacker(attackerParameters)
attackerCount += 1
threatCount = 0
for threatParameters in threatParameterSet:
objtId = db_proxy.existingObject(threatParameters.name(),'threat')
if objtId == -1:
db_proxy.addThreat(threatParameters)
else:
threatParameters.setId(objtId)
db_proxy.updateThreat(threatParameters)
threatCount += 1
riskCount = 0
for riskParameters in riskParameterSet:
objtId = db_proxy.existingObject(riskParameters.name(),'risk')
if objtId == -1:
db_proxy.addRisk(riskParameters)
else:
riskParameters.setId(objtId)
db_proxy.updateRisk(riskParameters)
riskCount += 1
responseCount = 0
for responseParameters in responseParameterSet:
objtId = db_proxy.existingObject(responseParameters.name(),'response')
if objtId == -1:
db_proxy.addResponse(responseParameters)
else:
responseParameters.setId(objtId)
db_proxy.updateResponse(responseParameters)
responseCount += 1
rshipCount = 0
for assocParameters in assocParameterSet:
db_proxy.addClassAssociation(assocParameters)
rshipCount += 1
msgStr = 'Imported ' + str(roleCount) + ' roles, ' + str(assetCount) + ' assets, ' + str(vulCount) + ' vulnerabilities, ' + str(attackerCount) + ' attackers, ' + str(threatCount) + ' threats, ' + str(riskCount) + ' risks, ' + str(responseCount) + ' responses, and ' + str(rshipCount) + ' asset associations.'
return msgStr
def validate_proxy(session, id, request=None, conf=None):
"""
Validates that the DB proxy object is properly set up
:param session: The session object of the request
:param id: The session ID provided by the user
:param conf: A dictionary containing configuration settings for direct authenrication
:return: The MySQLDatabaseProxy object associated to the session
:rtype : MySQLDatabaseProxy
:raise CairisHTTPError: Raises a CairisHTTPError when the database could not be properly set up
"""
if session is not None:
session_id = session.get('session_id', -1)
else:
session_id = None
if conf is not None:
if isinstance(conf, dict):
try:
db_proxy = MySQLDatabaseProxy(host=conf['host'],
port=conf['port'],
user=conf['user'],
passwd=conf['passwd'],
db=conf['db'])
if db_proxy is not None:
return db_proxy
else:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection could not be created.'
)
except DatabaseProxyException:
raise CairisHTTPError(
status_code=httplib.BAD_REQUEST,
message=
'The provided settings are invalid and cannot be used to create a database connection'
)
if not (session_id is None and id is None):
if id is None:
id = session_id
b = Borg()
db_proxy = b.get_dbproxy(id)
if db_proxy is None:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message='The database connection could not be created.')
elif isinstance(db_proxy, MySQLDatabaseProxy):
return db_proxy
else:
raise CairisHTTPError(
status_code=httplib.CONFLICT,
message=
'The database connection was not properly set up. Please try to reset the connection.'
)
else:
raise CairisHTTPError(
status_code=httplib.BAD_REQUEST,
message=
'The session is neither started or no session ID is provided with the request.'
)
def importUsability(personaParameterSet, edParameterSet, drParameterSet,
crParameterSet, pcParameterSet, tcParameterSet,
taskParameterSet, ucParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
personaCount = 0
for personaParameters in personaParameterSet:
objtId = db_proxy.existingObject(personaParameters.name(), 'persona')
if objtId == -1:
db_proxy.addPersona(personaParameters)
else:
personaParameters.setId(objtId)
db_proxy.updatePersona(personaParameters)
personaCount += 1
edCount = 0
for edParameters in edParameterSet:
objtId = db_proxy.existingObject(edParameters.name(),
'external_document')
if objtId == -1:
db_proxy.addExternalDocument(edParameters)
else:
edParameters.setId(objtId)
db_proxy.updateExternalDocument(edParameters)
edCount += 1
drCount = 0
for drParameters in drParameterSet:
objtId = db_proxy.existingObject(drParameters.name(),
'document_reference')
if objtId == -1:
db_proxy.addDocumentReference(drParameters)
else:
drParameters.setId(objtId)
db_proxy.updateDocumentReference(drParameters)
drCount += 1
taskCount = 0
for taskParameters in taskParameterSet:
objtId = db_proxy.existingObject(taskParameters.name(), 'task')
if objtId == -1:
db_proxy.addTask(taskParameters)
else:
taskParameters.setId(objtId)
db_proxy.updateTask(taskParameters)
taskCount += 1
ucCount = 0
for ucParameters in ucParameterSet:
objtId = db_proxy.existingObject(ucParameters.name(), 'usecase')
if objtId == -1:
db_proxy.addUseCase(ucParameters)
else:
ucParameters.setId(objtId)
db_proxy.updateUseCase(ucParameters)
ucCount += 1
crCount = 0
for crParameters in crParameterSet:
objtId = db_proxy.existingObject(crParameters.name(),
'concept_reference')
if objtId == -1:
db_proxy.addConceptReference(crParameters)
else:
crParameters.setId(objtId)
db_proxy.updateConceptReference(crParameters)
crCount += 1
pcCount = 0
for pcParameters in pcParameterSet:
db_proxy.addPersonaCharacteristic(pcParameters)
pcCount += 1
tcCount = 0
for tcParameters in tcParameterSet:
objtId = db_proxy.existingObject(tcParameters.task(),
'task_characteristic')
if objtId == -1:
db_proxy.addTaskCharacteristic(tcParameters)
else:
tcParameters.setId(objtId)
db_proxy.updateTaskCharacterisric(tcParameters)
tcCount += 1
msgStr = 'Imported ' + str(personaCount) + ' personas, ' + str(
edCount) + ' external documents, ' + str(
drCount) + ' document references, ' + str(
crCount) + ' concept references, ' + str(
pcCount) + ' persona characteristics, ' + str(
tcCount) + ' task characteristics, ' + str(
taskCount) + ' tasks, and ' + str(
ucCount) + ' use cases.'
return msgStr
def importRiskAnalysis(roleParameterSet, assetParameterSet, vulParameterSet,
attackerParameterSet, threatParameterSet,
riskParameterSet, responseParameterSet,
assocParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
roleCount = 0
for roleParameters in roleParameterSet:
objtId = db_proxy.existingObject(roleParameters.name(), 'role')
if objtId == -1:
db_proxy.addRole(roleParameters)
else:
roleParameters.setId(objtId)
db_proxy.updateRole(roleParameters)
roleCount += 1
assetCount = 0
for assetParameters in assetParameterSet:
objtId = db_proxy.existingObject(assetParameters.name(), 'asset')
if objtId == -1:
db_proxy.addAsset(assetParameters)
else:
assetParameters.setId(objtId)
db_proxy.updateAsset(assetParameters)
assetCount += 1
vulCount = 0
for vulParameters in vulParameterSet:
objtId = db_proxy.existingObject(vulParameters.name(), 'vulnerability')
if objtId == -1:
db_proxy.addVulnerability(vulParameters)
else:
vulParameters.setId(objtId)
db_proxy.updateVulnerability(vulParameters)
vulCount += 1
attackerCount = 0
for attackerParameters in attackerParameterSet:
objtId = db_proxy.existingObject(attackerParameters.name(), 'attacker')
if objtId == -1:
db_proxy.addAttacker(attackerParameters)
else:
attackerParameters.setId(objtId)
db_proxy.updateAttacker(attackerParameters)
attackerCount += 1
threatCount = 0
for threatParameters in threatParameterSet:
objtId = db_proxy.existingObject(threatParameters.name(), 'threat')
if objtId == -1:
db_proxy.addThreat(threatParameters)
else:
threatParameters.setId(objtId)
db_proxy.updateThreat(threatParameters)
threatCount += 1
riskCount = 0
for riskParameters in riskParameterSet:
objtId = db_proxy.existingObject(riskParameters.name(), 'risk')
if objtId == -1:
db_proxy.addRisk(riskParameters)
else:
riskParameters.setId(objtId)
db_proxy.updateRisk(riskParameters)
riskCount += 1
responseCount = 0
for responseParameters in responseParameterSet:
objtId = db_proxy.existingObject(responseParameters.name(), 'response')
if objtId == -1:
db_proxy.addResponse(responseParameters)
else:
responseParameters.setId(objtId)
db_proxy.updateResponse(responseParameters)
responseCount += 1
rshipCount = 0
for assocParameters in assocParameterSet:
db_proxy.addClassAssociation(assocParameters)
rshipCount += 1
msgStr = 'Imported ' + str(roleCount) + ' roles, ' + str(
assetCount) + ' assets, ' + str(vulCount) + ' vulnerabilities, ' + str(
attackerCount) + ' attackers, ' + str(
threatCount) + ' threats, ' + str(
riskCount) + ' risks, ' + str(
responseCount) + ' responses, and ' + str(
rshipCount) + ' asset associations.'
return msgStr
def importRequirements(dpParameterSet, goalParameterSet, obsParameterSet,
reqParameterSet, cmParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
dpCount = 0
for dpParameters in dpParameterSet:
objtId = db_proxy.existingObject(dpParameters.name(), 'domainproperty')
if objtId == -1:
db_proxy.addDomainProperty(dpParameters)
else:
dpParameters.setId(objtId)
db_proxy.updateDomainProperty(dpParameters)
dpCount += 1
goalCount = 0
for goalParameters in goalParameterSet:
objtId = db_proxy.existingObject(goalParameters.name(), 'goal')
if objtId == -1:
db_proxy.addGoal(goalParameters)
else:
goalParameters.setId(objtId)
db_proxy.updateGoal(goalParameters)
goalCount += 1
obsCount = 0
for obsParameters in obsParameterSet:
objtId = db_proxy.existingObject(obsParameters.name(), 'obstacle')
if objtId == -1:
db_proxy.addObstacle(obsParameters)
else:
obsParameters.setId(objtId)
db_proxy.updateObstacle(obsParameters)
obsCount += 1
reqCount = 0
for req, refName, refType in reqParameterSet:
objtId = db_proxy.existingObject(req.name(), 'requirement')
if objtId == -1:
isAsset = True
if (refType == 'environment'):
isAsset = False
db_proxy.addRequirement(req, refName, isAsset)
else:
db_proxy.updateRequirement(req)
reqCount += 1
cmCount = 0
for cmParameters in cmParameterSet:
objtId = db_proxy.existingObject(cmParameters.name(), 'countermeasure')
if objtId == -1:
db_proxy.addCountermeasure(cmParameters)
else:
cmParameters.setId(objtId)
db_proxy.updateCountermeasure(cmParameters)
cmCount += 1
msgStr = 'Imported ' + str(dpCount) + ' domain properties, ' + str(
goalCount) + ' goals, ' + str(obsCount) + ' obstacles, ' + str(
reqCount) + ' requirements, and ' + str(
cmCount) + ' countermeasures.'
return msgStr
def importUsability(personaParameterSet,edParameterSet,drParameterSet,crParameterSet,pcParameterSet,tcParameterSet,taskParameterSet,ucParameterSet, session_id):
b = Borg()
db_proxy = b.get_dbproxy(session_id)
personaCount = 0
for personaParameters in personaParameterSet:
objtId = db_proxy.existingObject(personaParameters.name(),'persona')
if objtId == -1:
db_proxy.addPersona(personaParameters)
else:
personaParameters.setId(objtId)
db_proxy.updatePersona(personaParameters)
personaCount += 1
edCount = 0
for edParameters in edParameterSet:
objtId = db_proxy.existingObject(edParameters.name(),'external_document')
if objtId == -1:
db_proxy.addExternalDocument(edParameters)
else:
edParameters.setId(objtId)
db_proxy.updateExternalDocument(edParameters)
edCount += 1
drCount = 0
for drParameters in drParameterSet:
objtId = db_proxy.existingObject(drParameters.name(),'document_reference')
if objtId == -1:
db_proxy.addDocumentReference(drParameters)
else:
drParameters.setId(objtId)
db_proxy.updateDocumentReference(drParameters)
drCount += 1
taskCount = 0
for taskParameters in taskParameterSet:
objtId = db_proxy.existingObject(taskParameters.name(),'task')
if objtId == -1:
db_proxy.addTask(taskParameters)
else:
taskParameters.setId(objtId)
db_proxy.updateTask(taskParameters)
taskCount += 1
ucCount = 0
for ucParameters in ucParameterSet:
objtId = db_proxy.existingObject(ucParameters.name(),'usecase')
if objtId == -1:
db_proxy.addUseCase(ucParameters)
else:
ucParameters.setId(objtId)
db_proxy.updateUseCase(ucParameters)
ucCount += 1
crCount = 0
for crParameters in crParameterSet:
objtId = db_proxy.existingObject(crParameters.name(),'concept_reference')
if objtId == -1:
db_proxy.addConceptReference(crParameters)
else:
crParameters.setId(objtId)
db_proxy.updateConceptReference(crParameters)
crCount += 1
pcCount = 0
for pcParameters in pcParameterSet:
db_proxy.addPersonaCharacteristic(pcParameters)
pcCount += 1
tcCount = 0
for tcParameters in tcParameterSet:
objtId = db_proxy.existingObject(tcParameters.task(),'task_characteristic')
if objtId == -1:
db_proxy.addTaskCharacteristic(tcParameters)
else:
tcParameters.setId(objtId)
db_proxy.updateTaskCharacterisric(tcParameters)
tcCount += 1
msgStr = 'Imported ' + str(personaCount) + ' personas, ' + str(edCount) + ' external documents, ' + str(drCount) + ' document references, ' + str(crCount) + ' concept references, ' + str(pcCount) + ' persona characteristics, ' + str(tcCount) + ' task characteristics, ' + str(taskCount) + ' tasks, and ' + str(ucCount) + ' use cases.'
return msgStr