mal-toolbox 0.1.8__tar.gz → 0.1.10__tar.gz

{mal_toolbox-0.1.8/mal_toolbox.egg-info → mal_toolbox-0.1.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.8
+Version: 0.1.10
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License
@@ -102,6 +102,12 @@ and it can be used to visualise the instance model and the attack graph.
 
 # Usage
 
+## Installation
+
+```
+pip install mal-toolbox
+```
+
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/README.md

@@ -75,6 +75,12 @@ and it can be used to visualise the instance model and the attack graph.
 
 # Usage
 
+## Installation
+
+```
+pip install mal-toolbox
+```
+
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10/mal_toolbox.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.8
+Version: 0.1.10
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License
@@ -102,6 +102,12 @@ and it can be used to visualise the instance model and the attack graph.
 
 # Usage
 
+## Installation
+
+```
+pip install mal-toolbox
+```
+
 ## Configuration
 A default configuration file `default.conf` can be found in the package
 directory. This contains the default values to use for logging and can also be

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v0.1.8
+# MAL Toolbox v0.1.10
 # Copyright 2024, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 
 __title__ = 'maltoolbox'
-__version__ = '0.1.8'
+__version__ = '0.1.10'
 __authors__ = ['Andrei Buhaiu',
     'Giuseppe Nebbione',
     'Nikolaos Kakouros',

mal_toolbox-0.1.10/maltoolbox/attackgraph/__init__.py

@@ -0,0 +1,8 @@
+"""
+Contains tools used to generate attack graphs from MAL instance
+models and analyze attack graphs.
+"""
+
+from .attacker import Attacker
+from .attackgraph import AttackGraph
+from .node import AttackGraphNode

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/attackgraph/analyzers/apriori.py

@@ -51,6 +51,15 @@ def propagate_necessity_from_node(node: AttackGraphNode) -> None:
         'Propagate necessity from "%s"(%d) with necessity status %s.',
         node.full_name, node.id, node.is_necessary
     )
+
+    if node.ttc and 'name' in node.ttc:
+        if node.ttc['name'] not in ['Enabled', 'Disabled']:
+            # Do not propagate unnecessary state from nodes that have a TTC
+            # probability distribution associated with them.
+            # TODO: Evaluate this more carefully, how do we want to have TTCs
+            # impact necessity and viability.
+            return
+
     for child in node.children:
         original_value = child.is_necessary
         if child.type == 'or':

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/attackgraph/attacker.py

@@ -4,6 +4,7 @@ MAL-Toolbox Attack Graph Attacker Class
 
 from __future__ import annotations
 from dataclasses import dataclass, field
+import copy
 import logging
 
 from typing import Optional
@@ -41,6 +42,28 @@ class Attacker:
     def __repr__(self) -> str:
         return str(self.to_dict())
 
+    def __deepcopy__(self, memo) -> Attacker:
+        """Deep copy an Attacker"""
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
+        copied_attacker = Attacker(
+            id = self.id,
+            name = self.name,
+        )
+
+        # Remember that self was already copied
+        memo[id(self)] = copied_attacker
+
+        copied_attacker.entry_points = copy.deepcopy(
+            self.entry_points, memo = memo)
+        copied_attacker.reached_attack_steps = copy.deepcopy(
+            self.reached_attack_steps, memo = memo)
+
+        return copied_attacker
+
     def compromise(self, node: AttackGraphNode) -> None:
         """
         Have the attacke compromise the node given as a parameter.

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/attackgraph/attackgraph.py

@@ -2,6 +2,7 @@
 MAL-Toolbox Attack Graph Module
 """
 from __future__ import annotations
+import copy
 import logging
 import json
 
@@ -224,6 +225,52 @@ class AttackGraph():
             'attackers': serialized_attackers,
         }
 
+    def __deepcopy__(self, memo):
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
+        copied_attackgraph = AttackGraph(self.lang_graph)
+        copied_attackgraph.model = self.model
+
+        copied_attackgraph.nodes = []
+
+        # Deep copy nodes
+        for node in self.nodes:
+            copied_node = copy.deepcopy(node, memo)
+            copied_attackgraph.nodes.append(copied_node)
+
+        # Re-link node references
+        for node in self.nodes:
+            if node.parents:
+                memo[id(node)].parents = copy.deepcopy(node.parents, memo)
+            if node.children:
+                memo[id(node)].children = copy.deepcopy(node.children, memo)
+
+        # Deep copy attackers and references to them
+        copied_attackgraph.attackers = copy.deepcopy(self.attackers, memo)
+
+        # Re-link attacker references
+        for node in self.nodes:
+            if node.compromised_by:
+                memo[id(node)].compromised_by = copy.deepcopy(
+                    node.compromised_by, memo)
+
+        # Copy lookup dicts
+        copied_attackgraph._id_to_attacker = \
+            copy.deepcopy(self._id_to_attacker, memo)
+        copied_attackgraph._id_to_node = \
+            copy.deepcopy(self._id_to_node, memo)
+        copied_attackgraph._full_name_to_node = \
+            copy.deepcopy(self._full_name_to_node, memo)
+
+        # Copy counters
+        copied_attackgraph.next_node_id = self.next_node_id
+        copied_attackgraph.next_attacker_id = self.next_attacker_id
+
+        return copied_attackgraph
+
     def save_to_file(self, filename: str) -> None:
         """Save to json/yml depending on extension"""
         logger.debug('Save attack graph to file "%s".', filename)
@@ -329,7 +376,10 @@ class AttackGraph():
                 attacker = ag_attacker,
                 attacker_id = int(attacker['id']),
                 entry_points = attacker['entry_points'].keys(),
-                reached_attack_steps = attacker['reached_attack_steps'].keys()
+                reached_attack_steps = [
+                    int(node_id) # Convert to int since they can be strings
+                    for node_id in attacker['reached_attack_steps'].keys()
+                ]
             )
 
         return attack_graph
@@ -382,7 +432,7 @@ class AttackGraph():
         The attack step node that matches the given full name.
         """
 
-        logger.debug(f'Looking up node with id {full_name}')
+        logger.debug(f'Looking up node with full name "{full_name}"')
         return self._full_name_to_node.get(full_name)
 
     def get_attacker_by_id(self, attacker_id: int) -> Optional[Attacker]:
@@ -441,7 +491,7 @@ class AttackGraph():
                         continue
                     attacker.compromise(ag_node)
 
-            attacker.entry_points = attacker.reached_attack_steps
+            attacker.entry_points = list(attacker.reached_attack_steps)
 
     def _generate_graph(self) -> None:
         """
@@ -587,7 +637,7 @@ class AttackGraph():
         if logger.isEnabledFor(logging.DEBUG):
             # Avoid running json.dumps when not in debug
             logger.debug(f'Add node \"{node.full_name}\" '
-                'with id:{node_id}:\n' \
+                f'with id:{node_id}:\n' \
                 + json.dumps(node.to_dict(), indent = 2))
 
         if node.id in self._id_to_node:
@@ -644,7 +694,8 @@ class AttackGraph():
                     attacker.name,
                     attacker_id)
             else:
-                logger.debug('Add attacker "%s" without id.')
+                logger.debug('Add attacker "%s" without id.',
+                    attacker.name)
 
 
         attacker.id = attacker_id or self.next_attacker_id
@@ -653,7 +704,7 @@ class AttackGraph():
 
         self.next_attacker_id = max(attacker.id + 1, self.next_attacker_id)
         for node_id in reached_attack_steps:
-            node = self.get_node_by_id(int(node_id))
+            node = self.get_node_by_id(node_id)
             if node:
                 attacker.compromise(node)
             else:

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/attackgraph/node.py

@@ -3,6 +3,7 @@ MAL-Toolbox Attack Graph Node Dataclass
 """
 
 from __future__ import annotations
+import copy
 from dataclasses import field, dataclass
 from typing import Any, Optional
 
@@ -69,6 +70,48 @@ class AttackGraphNode:
     def __repr__(self) -> str:
         return str(self.to_dict())
 
+    def __deepcopy__(self, memo) -> AttackGraphNode:
+        """Deep copy an attackgraph node
+
+        The deepcopy will copy over node specific information, such as type,
+        name, etc., but it will not copy attack graph relations such as
+        parents, children, or attackers it is compromised by. These references
+        should be recreated when deepcopying the attack graph itself.
+
+        """
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
+        copied_node = AttackGraphNode(
+            self.type,
+            self.name,
+            self.ttc,
+            self.id,
+            self.asset,
+            [],
+            [],
+            self.defense_status,
+            self.existence_status,
+            self.is_viable,
+            self.is_necessary,
+            [],
+            self.mitre_info,
+            [],
+            {},
+            {}
+        )
+
+        copied_node.tags = copy.deepcopy(self.tags, memo)
+        copied_node.attributes = copy.deepcopy(self.attributes, memo)
+        copied_node.extras = copy.deepcopy(self.extras, memo)
+
+        # Remember that self was already copied
+        memo[id(self)] = copied_node
+
+        return copied_node
+
     def is_compromised(self) -> bool:
         """
         Return True if any attackers have compromised this node.

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/attackgraph/query.py

@@ -37,10 +37,21 @@ def is_node_traversable_by_attacker(
         attacker.id
     )
     if not node.is_viable:
+        logger.debug(
+            '"%s"(%d) is not traversable because it is non-viable',
+            node.full_name,
+            node.id,
+        )
         return False
 
     match(node.type):
         case 'or':
+            logger.debug(
+                '"%s"(%d) is traversable because it is viable and '
+                'of type "or".',
+                node.full_name,
+                node.id
+            )
             return True
 
         case 'and':
@@ -49,14 +60,44 @@ def is_node_traversable_by_attacker(
                     not parent.is_compromised_by(attacker):
                     # If the parent is not present in the attacks steps
                     # already reached and is necessary.
+                    logger.debug(
+                        '"%s"(%d) is not traversable because while it is '
+                        'viable, and of type "and", its necessary parent '
+                        '"%s(%d)" has not already been compromised.',
+                        node.full_name,
+                        node.id,
+                        parent.full_name,
+                        parent.id
+                    )
                     return False
+            logger.debug(
+                '"%s"(%d) is traversable because it is viable, '
+                'of type "and", and all of its necessary parents have '
+                'already been compromised.',
+                node.full_name,
+                node.id
+            )
             return True
 
-        case 'exist' | 'notExist' |  'defense':
+        case 'exist' | 'notExist' | 'defense':
+            logger.warning(
+                'Nodes of type "exist", "notExist", and "defense" are never '
+                'marked as traversable. However, we do not normally check '
+                'if they are traversable. Node "%s"(%d) of type "%s" was '
+                'checked for traversability.',
+                node.full_name,
+                node.id,
+                node.type
+            )
             return False
 
         case _:
-            logger.error('Unknown node type %s.', node.type)
+            logger.error(
+                'Node "%s"(%d) has an unknown type "%s".',
+                node.full_name,
+                node.id,
+                node.type
+            )
             return False
 
 def get_attack_surface(

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/language/__init__.py

@@ -1,2 +1,4 @@
+"""Contains tools to process MAL languages"""
+
 from .languagegraph import LanguageGraph
 from .classes_factory import LanguageClassesFactory

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/maltoolbox/language/classes_factory.py

@@ -1,5 +1,6 @@
 """
 MAL-Toolbox Language Classes Factory Module
+Uses python_jsonschema_objects to generate python classes from a MAL language
 """
 from __future__ import annotations
 import json
@@ -25,7 +26,7 @@ class LanguageClassesFactory:
 
     def _generate_assets(self) -> None:
         """
-        Generate JSON Schema for the assets in the language specification.
+        Generate JSON Schema for asset types in the language specification.
         """
         for asset in self.lang_graph.assets:
             logger.debug('Creating %s asset JSON schema entry.', asset.name)
@@ -67,7 +68,7 @@ class LanguageClassesFactory:
 
     def _generate_associations(self) -> None:
         """
-        Generate JSON Schema for the associations in the language specification.
+        Generate JSON Schema for association types in the language specification.
         """
         def create_association_entry(assoc: SchemaGeneratedClass):
             logger.debug('Creating %s association JSON schema entry.', assoc.name)

{mal_toolbox-0.1.8 → mal_toolbox-0.1.10}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "mal-toolbox"
-version = "0.1.8"
+version = "0.1.10"
 authors = [
   { name="Andrei Buhaiu", email="buhaiu@kth.se" },
   { name="Giuseppe Nebbione", email="nebbione@kth.se" },
@@ -53,7 +53,6 @@ filterwarnings = "ignore:invalid escape sequence"
 exclude = [
   'maltoolbox/ingestors',
   'maltoolbox/translators',
-  'maltoolbox/language/compiler',
-  'venv'
+  'maltoolbox/language/compiler'
 ]
 allow_redefinition = true

mal_toolbox-0.1.8/maltoolbox/attackgraph/__init__.py

@@ -1,3 +0,0 @@
-from .attacker import Attacker
-from .attackgraph import AttackGraph
-from .node import AttackGraphNode