PyPI - mal-toolbox - Versions diffs - 0.1.7__tar.gz → 0.1.9__tar.gz - Mend

mal-toolbox 0.1.7tar.gz → 0.1.9tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

{mal_toolbox-0.1.7/mal_toolbox.egg-info → mal_toolbox-0.1.9}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.7
+Version: 0.1.9
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License
@@ -102,6 +102,12 @@ and it can be used to visualise the instance model and the attack graph.
 # Usage
+## Installation
+```
+pip install mal-toolbox
+```
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/README.md RENAMED Viewed

@@ -75,6 +75,12 @@ and it can be used to visualise the instance model and the attack graph.
 # Usage
+## Installation
+```
+pip install mal-toolbox
+```
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9/mal_toolbox.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.7
+Version: 0.1.9
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License
@@ -102,6 +102,12 @@ and it can be used to visualise the instance model and the attack graph.
 # Usage
+## Installation
+```
+pip install mal-toolbox
+```
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/__init__.py RENAMED Viewed

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v0.1.7
+# MAL Toolbox v0.1.9
 # Copyright 2024, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 __title__ = 'maltoolbox'
-__version__ = '0.1.7'
+__version__ = '0.1.9'
 __authors__ = ['Andrei Buhaiu',
     'Giuseppe Nebbione',
     'Nikolaos Kakouros',

mal_toolbox-0.1.9/maltoolbox/attackgraph/__init__.py ADDED Viewed

@@ -0,0 +1,8 @@
+"""
+Contains tools used to generate attack graphs from MAL instance
+models and analyze attack graphs.
+"""
+from .attacker import Attacker
+from .attackgraph import AttackGraph
+from .node import AttackGraphNode

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/attackgraph/attackgraph.py RENAMED Viewed

@@ -2,6 +2,7 @@
 MAL-Toolbox Attack Graph Module
 """
 from __future__ import annotations
+import copy
 import logging
 import json
@@ -224,6 +225,30 @@ class AttackGraph():
             'attackers': serialized_attackers,
         }
+    def __deepcopy__(self, memo):
+        copied_attackgraph = AttackGraph(self.lang_graph)
+        copied_attackgraph.model = self.model
+        # Deep copy nodes and add references to them
+        copied_attackgraph.nodes = copy.deepcopy(self.nodes, memo)
+        # Deep copy attackers and references to them
+        copied_attackgraph.attackers = copy.deepcopy(self.attackers, memo)
+        # Copy lookup dicts
+        copied_attackgraph._id_to_attacker = \
+            copy.deepcopy(self._id_to_attacker, memo)
+        copied_attackgraph._id_to_node = \
+            copy.deepcopy(self._id_to_node, memo)
+        copied_attackgraph._full_name_to_node = \
+            copy.deepcopy(self._full_name_to_node, memo)
+        # Copy counters
+        copied_attackgraph.next_node_id = self.next_node_id
+        copied_attackgraph.next_attacker_id = self.next_attacker_id
+        return copied_attackgraph
     def save_to_file(self, filename: str) -> None:
         """Save to json/yml depending on extension"""
         logger.debug('Save attack graph to file "%s".', filename)
@@ -382,7 +407,7 @@ class AttackGraph():
         The attack step node that matches the given full name.
         """
-        logger.debug(f'Looking up node with id {full_name}')
+        logger.debug(f'Looking up node with full name "{full_name}"')
         return self._full_name_to_node.get(full_name)
     def get_attacker_by_id(self, attacker_id: int) -> Optional[Attacker]:

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/attackgraph/node.py RENAMED Viewed

@@ -3,6 +3,7 @@ MAL-Toolbox Attack Graph Node Dataclass
 """
 from __future__ import annotations
+import copy
 from dataclasses import field, dataclass
 from typing import Any, Optional
@@ -69,6 +70,39 @@ class AttackGraphNode:
     def __repr__(self) -> str:
         return str(self.to_dict())
+    def __deepcopy__(self, memo) -> AttackGraphNode:
+        """Deep copy an attackgraph node"""
+        copied_node = AttackGraphNode(
+            self.type,
+            self.name,
+            self.ttc,
+            self.id,
+            self.asset,
+            [],
+            [],
+            self.defense_status,
+            self.existence_status,
+            self.is_viable,
+            self.is_necessary,
+            copy.deepcopy(self.compromised_by, memo),
+            self.mitre_info,
+            copy.deepcopy(self.tags, memo),
+            copy.deepcopy(self.attributes, memo),
+            copy.deepcopy(self.extras, memo)
+        )
+        # Remember that self was already copied
+        memo[id(self)] = copied_node
+        # Deep copy children and parents, send memo (avoid infinite recursion)
+        if self.parents:
+            copied_node.parents = copy.deepcopy(self.parents, memo)
+        if self.children:
+            copied_node.children = copy.deepcopy(self.children, memo)
+        return copied_node
     def is_compromised(self) -> bool:
         """
         Return True if any attackers have compromised this node.

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/attackgraph/query.py RENAMED Viewed

@@ -37,10 +37,21 @@ def is_node_traversable_by_attacker(
         attacker.id
     )
     if not node.is_viable:
+        logger.debug(
+            '"%s"(%d) is not traversable because it is non-viable',
+            node.full_name,
+            node.id,
+        )
         return False
     match(node.type):
         case 'or':
+            logger.debug(
+                '"%s"(%d) is traversable because it is viable and '
+                'of type "or".',
+                node.full_name,
+                node.id
+            )
             return True
         case 'and':
@@ -49,14 +60,44 @@ def is_node_traversable_by_attacker(
                     not parent.is_compromised_by(attacker):
                     # If the parent is not present in the attacks steps
                     # already reached and is necessary.
+                    logger.debug(
+                        '"%s"(%d) is not traversable because while it is '
+                        'viable, and of type "and", its necessary parent '
+                        '"%s(%d)" has not already been compromised.',
+                        node.full_name,
+                        node.id,
+                        parent.full_name,
+                        parent.id
+                    )
                     return False
+            logger.debug(
+                '"%s"(%d) is traversable because it is viable, '
+                'of type "and", and all of its necessary parents have '
+                'already been compromised.',
+                node.full_name,
+                node.id
+            )
             return True
-        case 'exist' | 'notExist' |  'defense':
+        case 'exist' | 'notExist' | 'defense':
+            logger.warning(
+                'Nodes of type "exist", "notExist", and "defense" are never '
+                'marked as traversable. However, we do not normally check '
+                'if they are traversable. Node "%s"(%d) of type "%s" was '
+                'checked for traversability.',
+                node.full_name,
+                node.id,
+                node.type
+            )
             return False
         case _:
-            logger.error('Unknown node type %s.', node.type)
+            logger.error(
+                'Node "%s"(%d) has an unknown type "%s".',
+                node.full_name,
+                node.id,
+                node.type
+            )
             return False
 def get_attack_surface(

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/language/__init__.py RENAMED Viewed

@@ -1,2 +1,4 @@
+"""Contains tools to process MAL languages"""
 from .languagegraph import LanguageGraph
 from .classes_factory import LanguageClassesFactory

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/language/classes_factory.py RENAMED Viewed

@@ -1,5 +1,6 @@
 """
 MAL-Toolbox Language Classes Factory Module
+Uses python_jsonschema_objects to generate python classes from a MAL language
 """
 from __future__ import annotations
 import json
@@ -25,7 +26,7 @@ class LanguageClassesFactory:
     def _generate_assets(self) -> None:
         """
-        Generate JSON Schema for the assets in the language specification.
+        Generate JSON Schema for asset types in the language specification.
         """
         for asset in self.lang_graph.assets:
             logger.debug('Creating %s asset JSON schema entry.', asset.name)
@@ -67,7 +68,7 @@ class LanguageClassesFactory:
     def _generate_associations(self) -> None:
         """
-        Generate JSON Schema for the associations in the language specification.
+        Generate JSON Schema for association types in the language specification.
         """
         def create_association_entry(assoc: SchemaGeneratedClass):
             logger.debug('Creating %s association JSON schema entry.', assoc.name)

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/maltoolbox/model.py RENAMED Viewed

@@ -28,24 +28,45 @@ logger = logging.getLogger(__name__)
 @dataclass
 class AttackerAttachment:
-    """Used to attach attackers to attack step entrypoints of assets"""
+    """Used to attach attackers to attack step entry points of assets"""
     id: Optional[int] = None
     name: Optional[str] = None
     entry_points: list[tuple[SchemaGeneratedClass, list[str]]] = \
         field(default_factory=lambda: [])
-    def add_entrypoint(
+    def get_entry_point_tuple(
+            self,
+            asset: SchemaGeneratedClass
+        ) -> Optional[tuple[SchemaGeneratedClass, list[str]]]:
+        """Return an entry point tuple of an AttackerAttachment matching the
+        asset provided.
+        Arguments:
+        asset           - the asset to add entry point to
+        Return:
+        The entry point tuple containing the asset and the list of attack
+        steps if the asset has any entry points defined for this attacker
+        attachemnt.
+        None, otherwise.
+        """
+        return next((ep_tuple for ep_tuple in self.entry_points
+                                 if ep_tuple[0] == asset), None)
+    def add_entry_point(
             self, asset: SchemaGeneratedClass, attackstep_name: str):
-        """Add an entrypoint to an AttackerAttachment
+        """Add an entry point to an AttackerAttachment
         self.entry_points contain tuples, first element of each tuple
         is an asset, second element is a list of attack step names that
         are entry points for the attacker.
-        Args:
-        asset           - the asset to add entrypoint to
-        attackstep_name - the name of the attack step to add as an entrypoint
+        Arguments:
+        asset           - the asset to add the entry point to
+        attackstep_name - the name of the attack step to add as an entry point
         """
         logger.debug(
@@ -53,42 +74,44 @@ class AttackerAttachment:
             f'to AttackerAttachment "{self.name}".'
         )
-        # Get the entrypoint tuple for the asset if it already exists
-        entrypoint_tuple = next((ep_tuple for ep_tuple in self.entry_points
-                                 if ep_tuple[0] == asset), None)
+        # Get the entry point tuple for the asset if it already exists
+        entry_point_tuple = self.get_entry_point_tuple(asset)
-        if entrypoint_tuple:
-            if attackstep_name not in entrypoint_tuple[1]:
+        if entry_point_tuple:
+            if attackstep_name not in entry_point_tuple[1]:
                 # If it exists and does not already have the attack step,
                 # add it
-                entrypoint_tuple[1].append(attackstep_name)
+                entry_point_tuple[1].append(attackstep_name)
             else:
                 logger.info(
                     f'Entry point "{attackstep_name}" on asset "{asset.name}"'
                     f' already existed for AttackerAttachment "{self.name}".'
                 )
         else:
-            # Otherwise, create the entrypoint tuple and the initial entry
+            # Otherwise, create the entry point tuple and the initial entry
             # point
             self.entry_points.append((asset, [attackstep_name]))
-    def remove_entrypoint(
+    def remove_entry_point(
             self, asset: SchemaGeneratedClass, attackstep_name: str):
-        """Remove an entrypoint from an AttackerAttachment if it exists"""
+        """Remove an entry point from an AttackerAttachment if it exists
+        Arguments:
+        asset           - the asset to remove the entry point from
+        """
         logger.debug(
             f'Remove entry point "{attackstep_name}" on asset "{asset.name}" '
             f'from AttackerAttachment "{self.name}".'
         )
-        # Get the entrypoint tuple for the asset if it exists
-        entrypoint_tuple = next((ep_tuple for ep_tuple in self.entry_points
-                                 if ep_tuple[0] == asset), None)
+        # Get the entry point tuple for the asset if it exists
+        entry_point_tuple = self.get_entry_point_tuple(asset)
-        if entrypoint_tuple:
-            if attackstep_name in entrypoint_tuple[1]:
+        if entry_point_tuple:
+            if attackstep_name in entry_point_tuple[1]:
                 # If it exists and not already has the attack step, add it
-                entrypoint_tuple[1].remove(attackstep_name)
+                entry_point_tuple[1].remove(attackstep_name)
             else:
                 logger.warning(
                     f'Failed to find entry point "{attackstep_name}" on '
@@ -96,8 +119,8 @@ class AttackerAttachment:
                     f'"{self.name}". Nothing to remove.'
                 )
-            if not entrypoint_tuple[1]:
-                self.entry_points.remove(entrypoint_tuple)
+            if not entry_point_tuple[1]:
+                self.entry_points.remove(entry_point_tuple)
         else:
             logger.warning(
                 f'Failed to find entry points on asset "{asset.name}" '
@@ -205,6 +228,12 @@ class Model():
         for association in asset.associations:
             self.remove_asset_from_association(asset, association)
+        # Also remove all of the entry points
+        for attacker in self.attackers:
+            entry_point_tuple = attacker.get_entry_point_tuple(asset)
+            if entry_point_tuple:
+                attacker.entry_points.remove(entry_point_tuple)
         self.assets.remove(asset)
     def remove_asset_from_association(

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "mal-toolbox"
-version = "0.1.7"
+version = "0.1.9"
 authors = [
   { name="Andrei Buhaiu", email="buhaiu@kth.se" },
   { name="Giuseppe Nebbione", email="nebbione@kth.se" },
@@ -53,7 +53,6 @@ filterwarnings = "ignore:invalid escape sequence"
 exclude = [
   'maltoolbox/ingestors',
   'maltoolbox/translators',
-  'maltoolbox/language/compiler',
-  'venv'
+  'maltoolbox/language/compiler'
 ]
 allow_redefinition = true

{mal_toolbox-0.1.7 → mal_toolbox-0.1.9}/tests/test_model.py RENAMED Viewed

@@ -51,7 +51,7 @@ def create_association(
 ### Tests
-def test_attacker_attachment_add_entrypoint(model: Model):
+def test_attacker_attachment_add_entry_point(model: Model):
     """"""
     asset1 = create_application_asset(model, "Asset1")
@@ -63,29 +63,29 @@ def test_attacker_attachment_add_entrypoint(model: Model):
     attacker1 = AttackerAttachment()
     model.add_attacker(attacker1)
-    attacker1.add_entrypoint(asset1, 'read')
+    attacker1.add_entry_point(asset1, 'read')
     assert len(attacker1.entry_points) == 1
     assert attacker1.entry_points[0][0] == asset1
     assert attacker1.entry_points[0][1] == ['read']
-    attacker1.add_entrypoint(asset1, 'access')
+    attacker1.add_entry_point(asset1, 'access')
     assert len(attacker1.entry_points) == 1
     assert attacker1.entry_points[0][0] == asset1
     assert attacker1.entry_points[0][1] == ['read', 'access']
     # Try to add already existing entry point
-    attacker1.add_entrypoint(asset1, 'access')
+    attacker1.add_entry_point(asset1, 'access')
     assert len(attacker1.entry_points) == 1
     assert attacker1.entry_points[0][0] == asset1
     assert attacker1.entry_points[0][1] == ['read', 'access']
-    attacker1.add_entrypoint(asset2, 'access')
+    attacker1.add_entry_point(asset2, 'access')
     assert len(attacker1.entry_points) == 2
     assert attacker1.entry_points[1][0] == asset2
     assert attacker1.entry_points[1][1] == ['access']
-def test_attacker_attachment_remove_entrypoint(model: Model):
+def test_attacker_attachment_remove_entry_point(model: Model):
     """"""
     asset1 = create_application_asset(model, "Asset1")
@@ -97,9 +97,9 @@ def test_attacker_attachment_remove_entrypoint(model: Model):
     attacker1 = AttackerAttachment()
     model.add_attacker(attacker1)
-    attacker1.add_entrypoint(asset1, 'read')
-    attacker1.add_entrypoint(asset1, 'access')
-    attacker1.add_entrypoint(asset2, 'access')
+    attacker1.add_entry_point(asset1, 'read')
+    attacker1.add_entry_point(asset1, 'access')
+    attacker1.add_entry_point(asset2, 'access')
     assert len(attacker1.entry_points) == 2
     assert attacker1.entry_points[0][0] == asset1
@@ -107,7 +107,7 @@ def test_attacker_attachment_remove_entrypoint(model: Model):
     assert attacker1.entry_points[1][0] == asset2
     assert attacker1.entry_points[1][1] == ['access']
-    attacker1.remove_entrypoint(asset1, 'read')
+    attacker1.remove_entry_point(asset1, 'read')
     assert len(attacker1.entry_points) == 2
     assert attacker1.entry_points[0][0] == asset1
     assert attacker1.entry_points[0][1] == ['access']
@@ -116,29 +116,85 @@ def test_attacker_attachment_remove_entrypoint(model: Model):
     # Try to remove inexistent entry point, but the asset is still present in
     # the list of entry points
-    attacker1.remove_entrypoint(asset1, 'read')
+    attacker1.remove_entry_point(asset1, 'read')
     assert len(attacker1.entry_points) == 2
     assert attacker1.entry_points[0][0] == asset1
     assert attacker1.entry_points[0][1] == ['access']
     assert attacker1.entry_points[1][0] == asset2
     assert attacker1.entry_points[1][1] == ['access']
-    attacker1.remove_entrypoint(asset1, 'access')
+    attacker1.remove_entry_point(asset1, 'access')
     assert len(attacker1.entry_points) == 1
     assert attacker1.entry_points[0][0] == asset2
     assert attacker1.entry_points[0][1] == ['access']
     # Try to remove inexistent entry point, where the asset is no longer in
     # the list of entry points
-    attacker1.remove_entrypoint(asset1, 'access')
+    attacker1.remove_entry_point(asset1, 'access')
     assert len(attacker1.entry_points) == 1
     assert attacker1.entry_points[0][0] == asset2
     assert attacker1.entry_points[0][1] == ['access']
-    attacker1.remove_entrypoint(asset2, 'access')
+    attacker1.remove_entry_point(asset2, 'access')
     assert len(attacker1.entry_points) == 0
+def test_attacker_attachment_remove_asset(model: Model):
+    """"""
+    asset1 = create_application_asset(model, "Asset1")
+    asset2 = create_application_asset(model, "Asset2")
+    model.add_asset(asset1)
+    model.add_asset(asset2)
+    attacker1 = AttackerAttachment()
+    model.add_attacker(attacker1)
+    attacker2 = AttackerAttachment()
+    model.add_attacker(attacker2)
+    attacker1.add_entry_point(asset1, 'read')
+    attacker1.add_entry_point(asset1, 'access')
+    attacker1.add_entry_point(asset2, 'access')
+    attacker2.add_entry_point(asset1, 'read')
+    attacker2.add_entry_point(asset2, 'read')
+    attacker2.add_entry_point(asset2, 'access')
+    assert len(attacker1.entry_points) == 2
+    assert attacker1.entry_points[0][0] == asset1
+    assert attacker1.entry_points[0][1] == ['read', 'access']
+    assert attacker1.entry_points[1][0] == asset2
+    assert attacker1.entry_points[1][1] == ['access']
+    assert len(attacker2.entry_points) == 2
+    assert attacker2.entry_points[0][0] == asset1
+    assert attacker2.entry_points[0][1] == ['read']
+    assert attacker2.entry_points[1][0] == asset2
+    assert attacker2.entry_points[1][1] == ['read', 'access']
+    model.remove_asset(asset2)
+    # All of the entry points of the asset removed should be gone, but the
+    # other assets should not be impacted.
+    assert len(attacker1.entry_points) == 1
+    assert attacker1.entry_points[0][0] == asset1
+    assert attacker1.entry_points[0][1] == ['read', 'access']
+    assert len(attacker2.entry_points) == 1
+    assert attacker2.entry_points[0][0] == asset1
+    assert attacker2.entry_points[0][1] == ['read']
+    # Try to remove inexistent entry point, where the asset is no longer in
+    # the list of entry points
+    attacker1.remove_entry_point(asset2, 'access')
+    assert len(attacker1.entry_points) == 1
+    assert attacker1.entry_points[0][0] == asset1
+    assert attacker1.entry_points[0][1] == ['read', 'access']
+    assert len(attacker2.entry_points) == 1
+    assert attacker2.entry_points[0][0] == asset1
+    assert attacker2.entry_points[0][1] == ['read']
 def test_model_add_asset(model: Model):
     """Make sure assets are added correctly"""
@@ -688,17 +744,17 @@ def test_model_attacker_to_dict(model: Model):
     attacker_dict = ret[1]
     assert attacker_dict.get('name') == attacker.name
-    # entrypoints_dict has asset IDs as keys
-    entrypoints_dict = attacker_dict.get('entry_points')
+    # entry_points_dict has asset IDs as keys
+    entry_points_dict = attacker_dict.get('entry_points')
     # attacker should be attached to p1, therefore p1s
-    # id should be a key in the entrypoints_dict
-    assert p1.id is not None and entrypoints_dict
-    assert p1.id in entrypoints_dict
+    # id should be a key in the entry_points_dict
+    assert p1.id is not None and entry_points_dict
+    assert p1.id in entry_points_dict
-    # The given steps should be inside the entrypoint of
+    # The given steps should be inside the entry_point of
     # the attacker for asset p1
-    assert entrypoints_dict[p1.id]['attack_steps'] == attack_steps
+    assert entry_points_dict[p1.id]['attack_steps'] == attack_steps
 def test_serialize(model: Model):