mal-toolbox 0.1.9__py3-none-any.whl → 0.1.10__py3-none-any.whl

{mal_toolbox-0.1.9.dist-info → mal_toolbox-0.1.10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.9
+Version: 0.1.10
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License

{mal_toolbox-0.1.9.dist-info → mal_toolbox-0.1.10.dist-info}/RECORD

@@ -1,4 +1,4 @@
-maltoolbox/__init__.py,sha256=tfDCz1FxF71yzZIZyY0uKDOqCV2nThbOBOUCyW72Qvg,2776
+maltoolbox/__init__.py,sha256=LEN08MI3BjFY7M6PRBbqO1gwXvLbqa2z7xBsIQiZO9Y,2778
 maltoolbox/__main__.py,sha256=1lOOOme_y56VWrEE1jkarTt-WoUo9yilCo8sUrivyns,2680
 maltoolbox/default.conf,sha256=YLGBSJh2q8hn3RzRRBbib9F6E6pcvquoHeALMRtA0wU,295
 maltoolbox/exceptions.py,sha256=0YjPx2v1yYumZ2o7pVZ1s_jS-GAb3Ng979KEFhROSNY,1399
@@ -6,12 +6,12 @@ maltoolbox/file_utils.py,sha256=6KFEEZvf9x8yfNAq7hadF7lUGlLimNFMJ0W_DK2rh6Q,2024
 maltoolbox/model.py,sha256=1HuH58skm1StcKtvMFO-iXkpLOaauB9YSEv1XNdW_-Y,30406
 maltoolbox/wrappers.py,sha256=BYYNcIdTlyumADQCPcy1xmPEabfmi0P1l9RcbdVWm9w,2002
 maltoolbox/attackgraph/__init__.py,sha256=Oqqj5iCwnrzjDoJEFZnVI_kebjJPVbPXK-mWHy0lf-8,209
-maltoolbox/attackgraph/attacker.py,sha256=hmJtgcwtQgz0r9J_0Pgm7ktfKpFE3dp-HJ2TOz1NiWw,2880
-maltoolbox/attackgraph/attackgraph.py,sha256=Gx88-3M1HacMZRE9YgIGg-6cxCFVZg23bj_pkxDeEH4,29182
-maltoolbox/attackgraph/node.py,sha256=ZYnXMIucmTIspQvBD-zyB_wnYO6j27HxQahuQGpYbkE,5640
+maltoolbox/attackgraph/attacker.py,sha256=OaBNDYZF8shbFuQctzuNYVkOrpNb_KhxxV19k0SRa50,3541
+maltoolbox/attackgraph/attackgraph.py,sha256=T9snTC8kzgN017leI29CYj2YdlrU8IDxYiV69yDgz7o,30060
+maltoolbox/attackgraph/node.py,sha256=oFaGCz4QPvDcS7xM5lxaG_-GUR-PKT2xtQ1ryzYRWaU,5869
 maltoolbox/attackgraph/query.py,sha256=JnoNTUEIlLv2VIk3u5Rq3GpleOn9TZVGBVijniRY_44,6802
 maltoolbox/attackgraph/analyzers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-maltoolbox/attackgraph/analyzers/apriori.py,sha256=t_QdfetgNoDXFwlOasrmtBE7XaTaKZvnQCo6X9rs5Xg,6481
+maltoolbox/attackgraph/analyzers/apriori.py,sha256=g0inYyyNYG_wXwz7uJHtf0_6hio92RG9U054edMgJEg,6863
 maltoolbox/ingestors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/ingestors/neo4j.py,sha256=jdulYsQ2eZT2r0Af_yYjyGkmVx4l5h8viu1Z70NjVAM,8811
 maltoolbox/language/__init__.py,sha256=0tvCJDayrLwpqKRny7LBkMOrvcDE6JfJj7U7Jd64Okg,140
@@ -24,9 +24,9 @@ maltoolbox/language/compiler/mal_visitor.py,sha256=9gG06D7GZKlBY-62SmbIkRYkGBUBI
 maltoolbox/translators/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/translators/securicad.py,sha256=FAIHnoqFTmNYbCGxLsK6pX5g1oiNFfPTqkT_3qq3GG8,6692
 maltoolbox/translators/updater.py,sha256=Ap08-AsU_7or5ESQvZL2i4nWz3B5pvgfftZyc_-Gd8M,4766
-mal_toolbox-0.1.9.dist-info/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
-mal_toolbox-0.1.9.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-mal_toolbox-0.1.9.dist-info/METADATA,sha256=ceylz74EpI9pdyIeJQCzeU_HcqpEB4-riD12UjpLyv8,6003
-mal_toolbox-0.1.9.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-mal_toolbox-0.1.9.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
-mal_toolbox-0.1.9.dist-info/RECORD,,
+mal_toolbox-0.1.10.dist-info/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
+mal_toolbox-0.1.10.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+mal_toolbox-0.1.10.dist-info/METADATA,sha256=TUH60j4aZ0spLc2BstK_9bOAUst58qXEXiBVIg4dEcA,6004
+mal_toolbox-0.1.10.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+mal_toolbox-0.1.10.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
+mal_toolbox-0.1.10.dist-info/RECORD,,

maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v0.1.9
+# MAL Toolbox v0.1.10
 # Copyright 2024, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 
 __title__ = 'maltoolbox'
-__version__ = '0.1.9'
+__version__ = '0.1.10'
 __authors__ = ['Andrei Buhaiu',
     'Giuseppe Nebbione',
     'Nikolaos Kakouros',

maltoolbox/attackgraph/analyzers/apriori.py

@@ -51,6 +51,15 @@ def propagate_necessity_from_node(node: AttackGraphNode) -> None:
         'Propagate necessity from "%s"(%d) with necessity status %s.',
         node.full_name, node.id, node.is_necessary
     )
+
+    if node.ttc and 'name' in node.ttc:
+        if node.ttc['name'] not in ['Enabled', 'Disabled']:
+            # Do not propagate unnecessary state from nodes that have a TTC
+            # probability distribution associated with them.
+            # TODO: Evaluate this more carefully, how do we want to have TTCs
+            # impact necessity and viability.
+            return
+
     for child in node.children:
         original_value = child.is_necessary
         if child.type == 'or':

maltoolbox/attackgraph/attacker.py

@@ -4,6 +4,7 @@ MAL-Toolbox Attack Graph Attacker Class
 
 from __future__ import annotations
 from dataclasses import dataclass, field
+import copy
 import logging
 
 from typing import Optional
@@ -41,6 +42,28 @@ class Attacker:
     def __repr__(self) -> str:
         return str(self.to_dict())
 
+    def __deepcopy__(self, memo) -> Attacker:
+        """Deep copy an Attacker"""
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
+        copied_attacker = Attacker(
+            id = self.id,
+            name = self.name,
+        )
+
+        # Remember that self was already copied
+        memo[id(self)] = copied_attacker
+
+        copied_attacker.entry_points = copy.deepcopy(
+            self.entry_points, memo = memo)
+        copied_attacker.reached_attack_steps = copy.deepcopy(
+            self.reached_attack_steps, memo = memo)
+
+        return copied_attacker
+
     def compromise(self, node: AttackGraphNode) -> None:
         """
         Have the attacke compromise the node given as a parameter.

maltoolbox/attackgraph/attackgraph.py

@@ -226,15 +226,37 @@ class AttackGraph():
         }
 
     def __deepcopy__(self, memo):
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
         copied_attackgraph = AttackGraph(self.lang_graph)
         copied_attackgraph.model = self.model
 
-        # Deep copy nodes and add references to them
-        copied_attackgraph.nodes = copy.deepcopy(self.nodes, memo)
+        copied_attackgraph.nodes = []
+
+        # Deep copy nodes
+        for node in self.nodes:
+            copied_node = copy.deepcopy(node, memo)
+            copied_attackgraph.nodes.append(copied_node)
+
+        # Re-link node references
+        for node in self.nodes:
+            if node.parents:
+                memo[id(node)].parents = copy.deepcopy(node.parents, memo)
+            if node.children:
+                memo[id(node)].children = copy.deepcopy(node.children, memo)
 
         # Deep copy attackers and references to them
         copied_attackgraph.attackers = copy.deepcopy(self.attackers, memo)
 
+        # Re-link attacker references
+        for node in self.nodes:
+            if node.compromised_by:
+                memo[id(node)].compromised_by = copy.deepcopy(
+                    node.compromised_by, memo)
+
         # Copy lookup dicts
         copied_attackgraph._id_to_attacker = \
             copy.deepcopy(self._id_to_attacker, memo)
@@ -354,7 +376,10 @@ class AttackGraph():
                 attacker = ag_attacker,
                 attacker_id = int(attacker['id']),
                 entry_points = attacker['entry_points'].keys(),
-                reached_attack_steps = attacker['reached_attack_steps'].keys()
+                reached_attack_steps = [
+                    int(node_id) # Convert to int since they can be strings
+                    for node_id in attacker['reached_attack_steps'].keys()
+                ]
             )
 
         return attack_graph
@@ -466,7 +491,7 @@ class AttackGraph():
                         continue
                     attacker.compromise(ag_node)
 
-            attacker.entry_points = attacker.reached_attack_steps
+            attacker.entry_points = list(attacker.reached_attack_steps)
 
     def _generate_graph(self) -> None:
         """
@@ -612,7 +637,7 @@ class AttackGraph():
         if logger.isEnabledFor(logging.DEBUG):
             # Avoid running json.dumps when not in debug
             logger.debug(f'Add node \"{node.full_name}\" '
-                'with id:{node_id}:\n' \
+                f'with id:{node_id}:\n' \
                 + json.dumps(node.to_dict(), indent = 2))
 
         if node.id in self._id_to_node:
@@ -669,7 +694,8 @@ class AttackGraph():
                     attacker.name,
                     attacker_id)
             else:
-                logger.debug('Add attacker "%s" without id.')
+                logger.debug('Add attacker "%s" without id.',
+                    attacker.name)
 
 
         attacker.id = attacker_id or self.next_attacker_id
@@ -678,7 +704,7 @@ class AttackGraph():
 
         self.next_attacker_id = max(attacker.id + 1, self.next_attacker_id)
         for node_id in reached_attack_steps:
-            node = self.get_node_by_id(int(node_id))
+            node = self.get_node_by_id(node_id)
             if node:
                 attacker.compromise(node)
             else:

maltoolbox/attackgraph/node.py

@@ -71,7 +71,18 @@ class AttackGraphNode:
         return str(self.to_dict())
 
     def __deepcopy__(self, memo) -> AttackGraphNode:
-        """Deep copy an attackgraph node"""
+        """Deep copy an attackgraph node
+
+        The deepcopy will copy over node specific information, such as type,
+        name, etc., but it will not copy attack graph relations such as
+        parents, children, or attackers it is compromised by. These references
+        should be recreated when deepcopying the attack graph itself.
+
+        """
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
 
         copied_node = AttackGraphNode(
             self.type,
@@ -85,22 +96,20 @@ class AttackGraphNode:
             self.existence_status,
             self.is_viable,
             self.is_necessary,
-            copy.deepcopy(self.compromised_by, memo),
+            [],
             self.mitre_info,
-            copy.deepcopy(self.tags, memo),
-            copy.deepcopy(self.attributes, memo),
-            copy.deepcopy(self.extras, memo)
+            [],
+            {},
+            {}
         )
 
+        copied_node.tags = copy.deepcopy(self.tags, memo)
+        copied_node.attributes = copy.deepcopy(self.attributes, memo)
+        copied_node.extras = copy.deepcopy(self.extras, memo)
+
         # Remember that self was already copied
         memo[id(self)] = copied_node
 
-        # Deep copy children and parents, send memo (avoid infinite recursion)
-        if self.parents:
-            copied_node.parents = copy.deepcopy(self.parents, memo)
-        if self.children:
-            copied_node.children = copy.deepcopy(self.children, memo)
-
         return copied_node
 
     def is_compromised(self) -> bool: