mal-toolbox 0.1.7__py3-none-any.whl → 0.1.9__py3-none-any.whl

{mal_toolbox-0.1.7.dist-info → mal_toolbox-0.1.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.7
+Version: 0.1.9
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License
@@ -102,6 +102,12 @@ and it can be used to visualise the instance model and the attack graph.
 
 # Usage
 
+## Installation
+
+```
+pip install mal-toolbox
+```
+
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.7.dist-info → mal_toolbox-0.1.9.dist-info}/RECORD

@@ -1,21 +1,21 @@
-maltoolbox/__init__.py,sha256=m8DwUE52qPDjN3XgWBjVF4b807NROYD3yQ-NdHmXNGg,2776
+maltoolbox/__init__.py,sha256=tfDCz1FxF71yzZIZyY0uKDOqCV2nThbOBOUCyW72Qvg,2776
 maltoolbox/__main__.py,sha256=1lOOOme_y56VWrEE1jkarTt-WoUo9yilCo8sUrivyns,2680
 maltoolbox/default.conf,sha256=YLGBSJh2q8hn3RzRRBbib9F6E6pcvquoHeALMRtA0wU,295
 maltoolbox/exceptions.py,sha256=0YjPx2v1yYumZ2o7pVZ1s_jS-GAb3Ng979KEFhROSNY,1399
 maltoolbox/file_utils.py,sha256=6KFEEZvf9x8yfNAq7hadF7lUGlLimNFMJ0W_DK2rh6Q,2024
-maltoolbox/model.py,sha256=3x4RF8aYc2bupjpUvEtPhzhIxNWlKRtA2bVsPyDAAQA,29501
+maltoolbox/model.py,sha256=1HuH58skm1StcKtvMFO-iXkpLOaauB9YSEv1XNdW_-Y,30406
 maltoolbox/wrappers.py,sha256=BYYNcIdTlyumADQCPcy1xmPEabfmi0P1l9RcbdVWm9w,2002
-maltoolbox/attackgraph/__init__.py,sha256=F6maWV2PYSH5xtbqozeM3IolalWQqs-tdaCG2ywbqKI,102
+maltoolbox/attackgraph/__init__.py,sha256=Oqqj5iCwnrzjDoJEFZnVI_kebjJPVbPXK-mWHy0lf-8,209
 maltoolbox/attackgraph/attacker.py,sha256=hmJtgcwtQgz0r9J_0Pgm7ktfKpFE3dp-HJ2TOz1NiWw,2880
-maltoolbox/attackgraph/attackgraph.py,sha256=lIn7_k7T6DL4AovNtBTdamsJ5j5080HCk0OWNqUExj8,28254
-maltoolbox/attackgraph/node.py,sha256=XSjMPqCGtnMeTXJDS2QluLcK5sLlsxpFIFpy2twJ2PQ,4603
-maltoolbox/attackgraph/query.py,sha256=ukMfkSnixBenfeg5H1SokoSftGo-V4xPL5qpgSaeMN4,5232
+maltoolbox/attackgraph/attackgraph.py,sha256=Gx88-3M1HacMZRE9YgIGg-6cxCFVZg23bj_pkxDeEH4,29182
+maltoolbox/attackgraph/node.py,sha256=ZYnXMIucmTIspQvBD-zyB_wnYO6j27HxQahuQGpYbkE,5640
+maltoolbox/attackgraph/query.py,sha256=JnoNTUEIlLv2VIk3u5Rq3GpleOn9TZVGBVijniRY_44,6802
 maltoolbox/attackgraph/analyzers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/attackgraph/analyzers/apriori.py,sha256=t_QdfetgNoDXFwlOasrmtBE7XaTaKZvnQCo6X9rs5Xg,6481
 maltoolbox/ingestors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/ingestors/neo4j.py,sha256=jdulYsQ2eZT2r0Af_yYjyGkmVx4l5h8viu1Z70NjVAM,8811
-maltoolbox/language/__init__.py,sha256=OtqUWq8BRvqR5h8Hr4Smlnyz2az4w1pqyWYsbZDsolI,93
-maltoolbox/language/classes_factory.py,sha256=MNqiDemaflloVMRhjg1ZkUcQObKNEaGxAoXhNQQqem0,9983
+maltoolbox/language/__init__.py,sha256=0tvCJDayrLwpqKRny7LBkMOrvcDE6JfJj7U7Jd64Okg,140
+maltoolbox/language/classes_factory.py,sha256=0QFF5Z9e4UeWwavvH1jM4BkeDZqKKZ4Ij7leGmSfXn4,10063
 maltoolbox/language/languagegraph.py,sha256=f79ovmrGQb6tvY9ze-zqP031N6rApB9WsbZd5LRyhk8,47031
 maltoolbox/language/compiler/__init__.py,sha256=fJ22-FlXfr907WCPkqlr_eBTzPqsrg6m3i7J_ZWpuAo,840
 maltoolbox/language/compiler/mal_lexer.py,sha256=wocRzBkLbqYefpGvq2W77x7439-AdZKVgPWhRiRubXg,10776
@@ -24,9 +24,9 @@ maltoolbox/language/compiler/mal_visitor.py,sha256=9gG06D7GZKlBY-62SmbIkRYkGBUBI
 maltoolbox/translators/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/translators/securicad.py,sha256=FAIHnoqFTmNYbCGxLsK6pX5g1oiNFfPTqkT_3qq3GG8,6692
 maltoolbox/translators/updater.py,sha256=Ap08-AsU_7or5ESQvZL2i4nWz3B5pvgfftZyc_-Gd8M,4766
-mal_toolbox-0.1.7.dist-info/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
-mal_toolbox-0.1.7.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-mal_toolbox-0.1.7.dist-info/METADATA,sha256=4cQueA0Qk8bgty_GTnZ__kv__xEm4hUZHxwyq0F1hNA,5953
-mal_toolbox-0.1.7.dist-info/WHEEL,sha256=Mdi9PDNwEZptOjTlUcAth7XJDFtKrHYaQMPulZeBCiQ,91
-mal_toolbox-0.1.7.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
-mal_toolbox-0.1.7.dist-info/RECORD,,
+mal_toolbox-0.1.9.dist-info/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
+mal_toolbox-0.1.9.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+mal_toolbox-0.1.9.dist-info/METADATA,sha256=ceylz74EpI9pdyIeJQCzeU_HcqpEB4-riD12UjpLyv8,6003
+mal_toolbox-0.1.9.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+mal_toolbox-0.1.9.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
+mal_toolbox-0.1.9.dist-info/RECORD,,

{mal_toolbox-0.1.7.dist-info → mal_toolbox-0.1.9.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (73.0.1)
+Generator: setuptools (75.1.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v0.1.7
+# MAL Toolbox v0.1.9
 # Copyright 2024, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 
 __title__ = 'maltoolbox'
-__version__ = '0.1.7'
+__version__ = '0.1.9'
 __authors__ = ['Andrei Buhaiu',
     'Giuseppe Nebbione',
     'Nikolaos Kakouros',

maltoolbox/attackgraph/__init__.py

@@ -1,3 +1,8 @@
+"""
+Contains tools used to generate attack graphs from MAL instance
+models and analyze attack graphs.
+"""
+
 from .attacker import Attacker
 from .attackgraph import AttackGraph
 from .node import AttackGraphNode

maltoolbox/attackgraph/attackgraph.py

@@ -2,6 +2,7 @@
 MAL-Toolbox Attack Graph Module
 """
 from __future__ import annotations
+import copy
 import logging
 import json
 
@@ -224,6 +225,30 @@ class AttackGraph():
             'attackers': serialized_attackers,
         }
 
+    def __deepcopy__(self, memo):
+        copied_attackgraph = AttackGraph(self.lang_graph)
+        copied_attackgraph.model = self.model
+
+        # Deep copy nodes and add references to them
+        copied_attackgraph.nodes = copy.deepcopy(self.nodes, memo)
+
+        # Deep copy attackers and references to them
+        copied_attackgraph.attackers = copy.deepcopy(self.attackers, memo)
+
+        # Copy lookup dicts
+        copied_attackgraph._id_to_attacker = \
+            copy.deepcopy(self._id_to_attacker, memo)
+        copied_attackgraph._id_to_node = \
+            copy.deepcopy(self._id_to_node, memo)
+        copied_attackgraph._full_name_to_node = \
+            copy.deepcopy(self._full_name_to_node, memo)
+
+        # Copy counters
+        copied_attackgraph.next_node_id = self.next_node_id
+        copied_attackgraph.next_attacker_id = self.next_attacker_id
+
+        return copied_attackgraph
+
     def save_to_file(self, filename: str) -> None:
         """Save to json/yml depending on extension"""
         logger.debug('Save attack graph to file "%s".', filename)
@@ -382,7 +407,7 @@ class AttackGraph():
         The attack step node that matches the given full name.
         """
 
-        logger.debug(f'Looking up node with id {full_name}')
+        logger.debug(f'Looking up node with full name "{full_name}"')
         return self._full_name_to_node.get(full_name)
 
     def get_attacker_by_id(self, attacker_id: int) -> Optional[Attacker]:

maltoolbox/attackgraph/node.py

@@ -3,6 +3,7 @@ MAL-Toolbox Attack Graph Node Dataclass
 """
 
 from __future__ import annotations
+import copy
 from dataclasses import field, dataclass
 from typing import Any, Optional
 
@@ -69,6 +70,39 @@ class AttackGraphNode:
     def __repr__(self) -> str:
         return str(self.to_dict())
 
+    def __deepcopy__(self, memo) -> AttackGraphNode:
+        """Deep copy an attackgraph node"""
+
+        copied_node = AttackGraphNode(
+            self.type,
+            self.name,
+            self.ttc,
+            self.id,
+            self.asset,
+            [],
+            [],
+            self.defense_status,
+            self.existence_status,
+            self.is_viable,
+            self.is_necessary,
+            copy.deepcopy(self.compromised_by, memo),
+            self.mitre_info,
+            copy.deepcopy(self.tags, memo),
+            copy.deepcopy(self.attributes, memo),
+            copy.deepcopy(self.extras, memo)
+        )
+
+        # Remember that self was already copied
+        memo[id(self)] = copied_node
+
+        # Deep copy children and parents, send memo (avoid infinite recursion)
+        if self.parents:
+            copied_node.parents = copy.deepcopy(self.parents, memo)
+        if self.children:
+            copied_node.children = copy.deepcopy(self.children, memo)
+
+        return copied_node
+
     def is_compromised(self) -> bool:
         """
         Return True if any attackers have compromised this node.

maltoolbox/attackgraph/query.py

@@ -37,10 +37,21 @@ def is_node_traversable_by_attacker(
         attacker.id
     )
     if not node.is_viable:
+        logger.debug(
+            '"%s"(%d) is not traversable because it is non-viable',
+            node.full_name,
+            node.id,
+        )
         return False
 
     match(node.type):
         case 'or':
+            logger.debug(
+                '"%s"(%d) is traversable because it is viable and '
+                'of type "or".',
+                node.full_name,
+                node.id
+            )
             return True
 
         case 'and':
@@ -49,14 +60,44 @@ def is_node_traversable_by_attacker(
                     not parent.is_compromised_by(attacker):
                     # If the parent is not present in the attacks steps
                     # already reached and is necessary.
+                    logger.debug(
+                        '"%s"(%d) is not traversable because while it is '
+                        'viable, and of type "and", its necessary parent '
+                        '"%s(%d)" has not already been compromised.',
+                        node.full_name,
+                        node.id,
+                        parent.full_name,
+                        parent.id
+                    )
                     return False
+            logger.debug(
+                '"%s"(%d) is traversable because it is viable, '
+                'of type "and", and all of its necessary parents have '
+                'already been compromised.',
+                node.full_name,
+                node.id
+            )
             return True
 
-        case 'exist' | 'notExist' |  'defense':
+        case 'exist' | 'notExist' | 'defense':
+            logger.warning(
+                'Nodes of type "exist", "notExist", and "defense" are never '
+                'marked as traversable. However, we do not normally check '
+                'if they are traversable. Node "%s"(%d) of type "%s" was '
+                'checked for traversability.',
+                node.full_name,
+                node.id,
+                node.type
+            )
             return False
 
         case _:
-            logger.error('Unknown node type %s.', node.type)
+            logger.error(
+                'Node "%s"(%d) has an unknown type "%s".',
+                node.full_name,
+                node.id,
+                node.type
+            )
             return False
 
 def get_attack_surface(

maltoolbox/language/__init__.py

@@ -1,2 +1,4 @@
+"""Contains tools to process MAL languages"""
+
 from .languagegraph import LanguageGraph
 from .classes_factory import LanguageClassesFactory

maltoolbox/language/classes_factory.py

@@ -1,5 +1,6 @@
 """
 MAL-Toolbox Language Classes Factory Module
+Uses python_jsonschema_objects to generate python classes from a MAL language
 """
 from __future__ import annotations
 import json
@@ -25,7 +26,7 @@ class LanguageClassesFactory:
 
     def _generate_assets(self) -> None:
         """
-        Generate JSON Schema for the assets in the language specification.
+        Generate JSON Schema for asset types in the language specification.
         """
         for asset in self.lang_graph.assets:
             logger.debug('Creating %s asset JSON schema entry.', asset.name)
@@ -67,7 +68,7 @@ class LanguageClassesFactory:
 
     def _generate_associations(self) -> None:
         """
-        Generate JSON Schema for the associations in the language specification.
+        Generate JSON Schema for association types in the language specification.
         """
         def create_association_entry(assoc: SchemaGeneratedClass):
             logger.debug('Creating %s association JSON schema entry.', assoc.name)

maltoolbox/model.py

@@ -28,24 +28,45 @@ logger = logging.getLogger(__name__)
 
 @dataclass
 class AttackerAttachment:
-    """Used to attach attackers to attack step entrypoints of assets"""
+    """Used to attach attackers to attack step entry points of assets"""
     id: Optional[int] = None
     name: Optional[str] = None
     entry_points: list[tuple[SchemaGeneratedClass, list[str]]] = \
         field(default_factory=lambda: [])
 
 
-    def add_entrypoint(
+    def get_entry_point_tuple(
+            self,
+            asset: SchemaGeneratedClass
+        ) -> Optional[tuple[SchemaGeneratedClass, list[str]]]:
+        """Return an entry point tuple of an AttackerAttachment matching the
+        asset provided.
+
+
+        Arguments:
+        asset           - the asset to add entry point to
+
+        Return:
+        The entry point tuple containing the asset and the list of attack
+        steps if the asset has any entry points defined for this attacker
+        attachemnt.
+        None, otherwise.
+        """
+        return next((ep_tuple for ep_tuple in self.entry_points
+                                 if ep_tuple[0] == asset), None)
+
+
+    def add_entry_point(
             self, asset: SchemaGeneratedClass, attackstep_name: str):
-        """Add an entrypoint to an AttackerAttachment
+        """Add an entry point to an AttackerAttachment
 
         self.entry_points contain tuples, first element of each tuple
         is an asset, second element is a list of attack step names that
         are entry points for the attacker.
 
-        Args:
-        asset           - the asset to add entrypoint to
-        attackstep_name - the name of the attack step to add as an entrypoint
+        Arguments:
+        asset           - the asset to add the entry point to
+        attackstep_name - the name of the attack step to add as an entry point
         """
 
         logger.debug(
@@ -53,42 +74,44 @@ class AttackerAttachment:
             f'to AttackerAttachment "{self.name}".'
         )
 
-        # Get the entrypoint tuple for the asset if it already exists
-        entrypoint_tuple = next((ep_tuple for ep_tuple in self.entry_points
-                                 if ep_tuple[0] == asset), None)
+        # Get the entry point tuple for the asset if it already exists
+        entry_point_tuple = self.get_entry_point_tuple(asset)
 
-        if entrypoint_tuple:
-            if attackstep_name not in entrypoint_tuple[1]:
+        if entry_point_tuple:
+            if attackstep_name not in entry_point_tuple[1]:
                 # If it exists and does not already have the attack step,
                 # add it
-                entrypoint_tuple[1].append(attackstep_name)
+                entry_point_tuple[1].append(attackstep_name)
             else:
                 logger.info(
                     f'Entry point "{attackstep_name}" on asset "{asset.name}"'
                     f' already existed for AttackerAttachment "{self.name}".'
                 )
         else:
-            # Otherwise, create the entrypoint tuple and the initial entry
+            # Otherwise, create the entry point tuple and the initial entry
             # point
             self.entry_points.append((asset, [attackstep_name]))
 
-    def remove_entrypoint(
+    def remove_entry_point(
             self, asset: SchemaGeneratedClass, attackstep_name: str):
-        """Remove an entrypoint from an AttackerAttachment if it exists"""
+        """Remove an entry point from an AttackerAttachment if it exists
+
+        Arguments:
+        asset           - the asset to remove the entry point from
+        """
 
         logger.debug(
             f'Remove entry point "{attackstep_name}" on asset "{asset.name}" '
             f'from AttackerAttachment "{self.name}".'
         )
 
-        # Get the entrypoint tuple for the asset if it exists
-        entrypoint_tuple = next((ep_tuple for ep_tuple in self.entry_points
-                                 if ep_tuple[0] == asset), None)
+        # Get the entry point tuple for the asset if it exists
+        entry_point_tuple = self.get_entry_point_tuple(asset)
 
-        if entrypoint_tuple:
-            if attackstep_name in entrypoint_tuple[1]:
+        if entry_point_tuple:
+            if attackstep_name in entry_point_tuple[1]:
                 # If it exists and not already has the attack step, add it
-                entrypoint_tuple[1].remove(attackstep_name)
+                entry_point_tuple[1].remove(attackstep_name)
             else:
                 logger.warning(
                     f'Failed to find entry point "{attackstep_name}" on '
@@ -96,8 +119,8 @@ class AttackerAttachment:
                     f'"{self.name}". Nothing to remove.'
                 )
 
-            if not entrypoint_tuple[1]:
-                self.entry_points.remove(entrypoint_tuple)
+            if not entry_point_tuple[1]:
+                self.entry_points.remove(entry_point_tuple)
         else:
             logger.warning(
                 f'Failed to find entry points on asset "{asset.name}" '
@@ -205,6 +228,12 @@ class Model():
         for association in asset.associations:
             self.remove_asset_from_association(asset, association)
 
+        # Also remove all of the entry points
+        for attacker in self.attackers:
+            entry_point_tuple = attacker.get_entry_point_tuple(asset)
+            if entry_point_tuple:
+                attacker.entry_points.remove(entry_point_tuple)
+
         self.assets.remove(asset)
 
     def remove_asset_from_association(