mal-toolbox 0.1.9__tar.gz → 0.1.11__tar.gz

{mal_toolbox-0.1.9/mal_toolbox.egg-info → mal_toolbox-0.1.11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.9
+Version: 0.1.11
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11/mal_toolbox.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: mal-toolbox
-Version: 0.1.9
+Version: 0.1.11
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Joakim Loxdal <loxdal@kth.se>
 License: Apache Software License

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v0.1.9
+# MAL Toolbox v0.1.11
 # Copyright 2024, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 
 __title__ = 'maltoolbox'
-__version__ = '0.1.9'
+__version__ = '0.1.11'
 __authors__ = ['Andrei Buhaiu',
     'Giuseppe Nebbione',
     'Nikolaos Kakouros',

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/maltoolbox/attackgraph/analyzers/apriori.py

@@ -51,6 +51,15 @@ def propagate_necessity_from_node(node: AttackGraphNode) -> None:
         'Propagate necessity from "%s"(%d) with necessity status %s.',
         node.full_name, node.id, node.is_necessary
     )
+
+    if node.ttc and 'name' in node.ttc:
+        if node.ttc['name'] not in ['Enabled', 'Disabled']:
+            # Do not propagate unnecessary state from nodes that have a TTC
+            # probability distribution associated with them.
+            # TODO: Evaluate this more carefully, how do we want to have TTCs
+            # impact necessity and viability.
+            return
+
     for child in node.children:
         original_value = child.is_necessary
         if child.type == 'or':

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/maltoolbox/attackgraph/attacker.py

@@ -4,6 +4,7 @@ MAL-Toolbox Attack Graph Attacker Class
 
 from __future__ import annotations
 from dataclasses import dataclass, field
+import copy
 import logging
 
 from typing import Optional
@@ -41,6 +42,28 @@ class Attacker:
     def __repr__(self) -> str:
         return str(self.to_dict())
 
+    def __deepcopy__(self, memo) -> Attacker:
+        """Deep copy an Attacker"""
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
+        copied_attacker = Attacker(
+            id = self.id,
+            name = self.name,
+        )
+
+        # Remember that self was already copied
+        memo[id(self)] = copied_attacker
+
+        copied_attacker.entry_points = copy.deepcopy(
+            self.entry_points, memo = memo)
+        copied_attacker.reached_attack_steps = copy.deepcopy(
+            self.reached_attack_steps, memo = memo)
+
+        return copied_attacker
+
     def compromise(self, node: AttackGraphNode) -> None:
         """
         Have the attacke compromise the node given as a parameter.

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/maltoolbox/attackgraph/attackgraph.py

@@ -226,15 +226,37 @@ class AttackGraph():
         }
 
     def __deepcopy__(self, memo):
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
+
         copied_attackgraph = AttackGraph(self.lang_graph)
         copied_attackgraph.model = self.model
 
-        # Deep copy nodes and add references to them
-        copied_attackgraph.nodes = copy.deepcopy(self.nodes, memo)
+        copied_attackgraph.nodes = []
+
+        # Deep copy nodes
+        for node in self.nodes:
+            copied_node = copy.deepcopy(node, memo)
+            copied_attackgraph.nodes.append(copied_node)
+
+        # Re-link node references
+        for node in self.nodes:
+            if node.parents:
+                memo[id(node)].parents = copy.deepcopy(node.parents, memo)
+            if node.children:
+                memo[id(node)].children = copy.deepcopy(node.children, memo)
 
         # Deep copy attackers and references to them
         copied_attackgraph.attackers = copy.deepcopy(self.attackers, memo)
 
+        # Re-link attacker references
+        for node in self.nodes:
+            if node.compromised_by:
+                memo[id(node)].compromised_by = copy.deepcopy(
+                    node.compromised_by, memo)
+
         # Copy lookup dicts
         copied_attackgraph._id_to_attacker = \
             copy.deepcopy(self._id_to_attacker, memo)
@@ -354,7 +376,10 @@ class AttackGraph():
                 attacker = ag_attacker,
                 attacker_id = int(attacker['id']),
                 entry_points = attacker['entry_points'].keys(),
-                reached_attack_steps = attacker['reached_attack_steps'].keys()
+                reached_attack_steps = [
+                    int(node_id) # Convert to int since they can be strings
+                    for node_id in attacker['reached_attack_steps'].keys()
+                ]
             )
 
         return attack_graph
@@ -466,7 +491,7 @@ class AttackGraph():
                         continue
                     attacker.compromise(ag_node)
 
-            attacker.entry_points = attacker.reached_attack_steps
+            attacker.entry_points = list(attacker.reached_attack_steps)
 
     def _generate_graph(self) -> None:
         """
@@ -612,7 +637,7 @@ class AttackGraph():
         if logger.isEnabledFor(logging.DEBUG):
             # Avoid running json.dumps when not in debug
             logger.debug(f'Add node \"{node.full_name}\" '
-                'with id:{node_id}:\n' \
+                f'with id:{node_id}:\n' \
                 + json.dumps(node.to_dict(), indent = 2))
 
         if node.id in self._id_to_node:
@@ -669,7 +694,8 @@ class AttackGraph():
                     attacker.name,
                     attacker_id)
             else:
-                logger.debug('Add attacker "%s" without id.')
+                logger.debug('Add attacker "%s" without id.',
+                    attacker.name)
 
 
         attacker.id = attacker_id or self.next_attacker_id
@@ -678,7 +704,7 @@ class AttackGraph():
 
         self.next_attacker_id = max(attacker.id + 1, self.next_attacker_id)
         for node_id in reached_attack_steps:
-            node = self.get_node_by_id(int(node_id))
+            node = self.get_node_by_id(node_id)
             if node:
                 attacker.compromise(node)
             else:

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/maltoolbox/attackgraph/node.py

@@ -71,7 +71,18 @@ class AttackGraphNode:
         return str(self.to_dict())
 
     def __deepcopy__(self, memo) -> AttackGraphNode:
-        """Deep copy an attackgraph node"""
+        """Deep copy an attackgraph node
+
+        The deepcopy will copy over node specific information, such as type,
+        name, etc., but it will not copy attack graph relations such as
+        parents, children, or attackers it is compromised by. These references
+        should be recreated when deepcopying the attack graph itself.
+
+        """
+
+        # Check if the object is already in the memo dictionary
+        if id(self) in memo:
+            return memo[id(self)]
 
         copied_node = AttackGraphNode(
             self.type,
@@ -85,22 +96,20 @@ class AttackGraphNode:
             self.existence_status,
             self.is_viable,
             self.is_necessary,
-            copy.deepcopy(self.compromised_by, memo),
+            [],
             self.mitre_info,
-            copy.deepcopy(self.tags, memo),
-            copy.deepcopy(self.attributes, memo),
-            copy.deepcopy(self.extras, memo)
+            [],
+            {},
+            {}
         )
 
+        copied_node.tags = copy.deepcopy(self.tags, memo)
+        copied_node.attributes = copy.deepcopy(self.attributes, memo)
+        copied_node.extras = copy.deepcopy(self.extras, memo)
+
         # Remember that self was already copied
         memo[id(self)] = copied_node
 
-        # Deep copy children and parents, send memo (avoid infinite recursion)
-        if self.parents:
-            copied_node.parents = copy.deepcopy(self.parents, memo)
-        if self.children:
-            copied_node.children = copy.deepcopy(self.children, memo)
-
         return copied_node
 
     def is_compromised(self) -> bool:

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/maltoolbox/model.py

@@ -207,6 +207,10 @@ class Model():
         )
         self.assets.append(asset)
 
+    def remove_attacker(self, attacker: AttackerAttachment) -> None:
+        """Remove attacker"""
+        self.attackers.remove(attacker)
+
     def remove_asset(self, asset: SchemaGeneratedClass) -> None:
         """Remove an asset from the model.
 
@@ -659,7 +663,7 @@ class Model():
 
         if asset.extras:
             # Add optional metadata to dict
-            asset_dict['extras'] = asset.extras
+            asset_dict['extras'] = asset.extras.as_dict()
 
         return (asset.id, asset_dict)
 

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "mal-toolbox"
-version = "0.1.9"
+version = "0.1.11"
 authors = [
   { name="Andrei Buhaiu", email="buhaiu@kth.se" },
   { name="Giuseppe Nebbione", email="nebbione@kth.se" },

{mal_toolbox-0.1.9 → mal_toolbox-0.1.11}/tests/test_model.py

@@ -195,6 +195,27 @@ def test_attacker_attachment_remove_asset(model: Model):
     assert attacker2.entry_points[0][1] == ['read']
 
 
+def test_add_remove_attacker(model: Model):
+    """"""
+
+    asset1 = create_application_asset(model, "Asset1")
+    model.add_asset(asset1)
+
+    attacker1 = AttackerAttachment()
+    model.add_attacker(attacker1)
+    attacker2 = AttackerAttachment()
+    model.add_attacker(attacker2)
+
+    attacker1.add_entry_point(asset1, 'read')
+    attacker1.add_entry_point(asset1, 'access')
+    attacker2.add_entry_point(asset1, 'read')
+
+    assert len(model.attackers) == 2
+    model.remove_attacker(attacker1)
+    assert len(model.attackers) == 1
+    model.remove_attacker(attacker2)
+    assert len(model.attackers) == 0
+
 def test_model_add_asset(model: Model):
     """Make sure assets are added correctly"""
 
@@ -815,6 +836,7 @@ def test_model_save_and_load_model_from_scratch(model: Model):
 
     # Create and add 3 applications
     p1 = create_application_asset(model, "Program 1")
+    p1.extras = {"testing": "testing"}
     p2 = create_application_asset(model, "Program 2")
     p3 = create_application_asset(model, "Program 3")
     model.add_asset(p1)