mal-toolbox 0.3.11__py3-none-any.whl → 1.0.0__py3-none-any.whl

maltoolbox/attackgraph/query.py

@@ -1,196 +0,0 @@
-"""
-MAL-Toolbox Attack Graph Query Submodule
-
-This submodule contains functions that analyze the information present in the
-attack graph, but do not alter the structure or nodes in any way.
-"""
-from __future__ import annotations
-from collections.abc import Iterable
-import logging
-from typing import TYPE_CHECKING, Optional
-
-from .attackgraph import AttackGraph, Attacker
-
-if TYPE_CHECKING:
-    from .attackgraph import AttackGraphNode
-
-logger = logging.getLogger(__name__)
-
-def is_node_traversable_by_attacker(
-        node: AttackGraphNode, attacker: Attacker
-    ) -> bool:
-    """
-    Return True or False depending if the node specified is traversable
-    for the attacker given.
-
-    Arguments:
-    node        - the node we wish to evalute
-    attacker    - the attacker whose traversability we are interested in
-    """
-
-    logger.debug(
-        'Evaluate if "%s"(%d), of type "%s", is traversable by Attacker '
-            '"%s"(%d)',
-        node.full_name,
-        node.id,
-        node.type,
-        attacker.name,
-        attacker.id
-    )
-    if not node.is_viable:
-        logger.debug(
-            '"%s"(%d) is not traversable because it is non-viable',
-            node.full_name,
-            node.id,
-        )
-        return False
-
-    match(node.type):
-        case 'or':
-            for parent in node.parents:
-                if parent.is_compromised_by(attacker):
-                    logger.debug(
-                        '"%s"(%d) is traversable because it is viable, and '
-                        'of type "or", and its parent "%s(%d)" has already '
-                        'been compromised.',
-                        node.full_name,
-                        node.id,
-                        parent.full_name,
-                        parent.id
-                    )
-                    return True
-            logger.debug(
-                '"%s"(%d) is not traversable because while it is '
-                'viable, and of type "or", none of its parents '
-                'have been compromised.',
-                node.full_name,
-                node.id
-            )
-            return False
-
-        case 'and':
-            for parent in node.parents:
-                if parent.is_necessary and \
-                    not parent.is_compromised_by(attacker):
-                    # If the parent is not present in the attacks steps
-                    # already reached and is necessary.
-                    logger.debug(
-                        '"%s"(%d) is not traversable because while it is '
-                        'viable, and of type "and", its necessary parent '
-                        '"%s(%d)" has not already been compromised.',
-                        node.full_name,
-                        node.id,
-                        parent.full_name,
-                        parent.id
-                    )
-                    return False
-            logger.debug(
-                '"%s"(%d) is traversable because it is viable, '
-                'of type "and", and all of its necessary parents have '
-                'already been compromised.',
-                node.full_name,
-                node.id
-            )
-            return True
-
-        case 'exist' | 'notExist' | 'defense':
-            logger.warning(
-                'Nodes of type "exist", "notExist", and "defense" are never '
-                'marked as traversable. However, we do not normally check '
-                'if they are traversable. Node "%s"(%d) of type "%s" was '
-                'checked for traversability.',
-                node.full_name,
-                node.id,
-                node.type
-            )
-            return False
-
-        case _:
-            logger.error(
-                'Node "%s"(%d) has an unknown type "%s".',
-                node.full_name,
-                node.id,
-                node.type
-            )
-            return False
-
-
-def calculate_attack_surface(
-        attacker: Attacker,
-        *,
-        from_nodes: Optional[Iterable[AttackGraphNode]] = None,
-        skip_compromised: bool = False,
-) -> set[AttackGraphNode]:
-    """
-    Calculate the attack surface of the attacker. If from_nodes are provided
-    only calculate the attack surface stemming from those nodes, otherwise use
-    all nodes the attacker has compromised. If skip_compromised is true,
-    exclude already compromised nodes from the returned attack surface.
-
-    The attack surface includes all of the viable children nodes that are of
-    'or' type and the 'and' type children nodes which have all of their
-    necessary parents compromised by the attacker.
-
-    Arguments:
-    attacker          - the Attacker whose attack surface is sought
-    from_nodes        - the nodes to calculate the attack surface from; defaults
-                        to the attackers compromised nodes list if omitted
-    skip_compromised  - if true do not add already compromised nodes to the
-                        attack surface
-    """
-    logger.debug(
-        'Get the attack surface for Attacker "%s"(%d).',
-        attacker.name,
-        attacker.id
-    )
-    attack_surface = set()
-    frontier = from_nodes if from_nodes is not None else attacker.reached_attack_steps
-    for attack_step in frontier:
-        logger.debug(
-            'Determine attack surface stemming from '
-            '"%s"(%d) for Attacker "%s"(%d).',
-            attack_step.full_name,
-            attack_step.id,
-            attacker.name,
-            attacker.id
-        )
-        for child in attack_step.children:
-            if skip_compromised and child.is_compromised_by(attacker):
-                continue
-            if is_node_traversable_by_attacker(child, attacker) and \
-                    child not in attack_surface:
-                logger.debug(
-                    'Add node "%s"(%d) to the attack surface of '
-                    'Attacker "%s"(%d).',
-                    child.full_name,
-                    child.id,
-                    attacker.name,
-                    attacker.id
-                )
-                attack_surface.add(child)
-
-    return attack_surface
-
-def get_defense_surface(graph: AttackGraph) -> set[AttackGraphNode]:
-    """
-    Get the defense surface. All non-suppressed defense steps that are not
-    already fully enabled.
-
-    Arguments:
-    graph       - the attack graph
-    """
-    logger.debug('Get the defense surface.')
-    return {node for node in graph.nodes.values()
-        if node.is_available_defense()}
-
-def get_enabled_defenses(graph: AttackGraph) -> list[AttackGraphNode]:
-    """
-    Get the defenses already enabled. All non-suppressed defense steps that
-    are already fully enabled.
-
-    Arguments:
-    graph       - the attack graph
-    """
-    logger.debug('Get the enabled defenses.')
-    return [node for node in graph.nodes.values()
-        if node.is_enabled_defense()]

maltoolbox/ingestors/neo4j.py

@@ -1,244 +0,0 @@
-"""
-MAL-Toolbox Neo4j Ingestor Module
-"""
-# mypy: ignore-errors
-
-import logging
-
-from py2neo import Graph, Node, Relationship, Subgraph
-
-logger = logging.getLogger(__name__)
-
-def ingest_attack_graph(graph,
-        uri: str,
-        username: str,
-        password: str,
-        dbname: str,
-        delete: bool = False
-    ) -> None:
-    """
-    Ingest an attack graph into a neo4j database
-
-    Arguments:
-    graph                - the attackgraph provided by the atkgraph.py module.
-    uri                  - the URI to a running neo4j instance
-    username             - the username to login on Neo4J
-    password             - the password to login on Neo4J
-    dbname               - the selected database
-    delete               - if True, the previous content of the database is deleted
-                           before ingesting the new attack graph
-    """
-
-    g = Graph(uri=uri, user=username, password=password, name=dbname)
-    if delete:
-        g.delete_all()
-
-    nodes = {}
-    rels = []
-    for node in graph.nodes.values():
-        node_dict = node.to_dict()
-        nodes[node.id] = Node(
-            node_dict['asset'] if 'asset' in node_dict else node_dict['id'],
-            name = node_dict['name'],
-            full_name = node.full_name,
-            type = node_dict['type'],
-            ttc = str(node_dict['ttc']),
-            is_necessary = str(node.is_necessary),
-            is_viable = str(node.is_viable),
-            compromised_by = str(node_dict['compromised_by']),
-            defense_status = node_dict['defense_status'] if 'defense_status'
-                in node_dict else 'N/A')
-
-
-    for node in graph.nodes.values():
-        for child in node.children:
-            rels.append(Relationship(nodes[node.id], nodes[child.id]))
-
-    subgraph = Subgraph(list(nodes.values()), rels)
-
-    tx = g.begin()
-    tx.create(subgraph)
-    g.commit(tx)
-
-
-def ingest_model(model,
-        uri: str,
-        username: str,
-        password: str,
-        dbname: str,
-        delete: bool = False
-    ) -> None:
-    """
-    Ingest an instance model graph into a Neo4J database
-
-    Arguments:
-    model                - the instance model dictionary as provided by the model.py module
-    uri                  - the URI to a running neo4j instance
-    username             - the username to login on Neo4J
-    password             - the password to login on Neo4J
-    dbname               - the selected database
-    delete               - if True, the previous content of the database is deleted
-                           before ingesting the new attack graph
-    """
-    g = Graph(uri=uri, user=username, password=password, name=dbname)
-    if delete:
-        g.delete_all()
-
-    nodes = {}
-    rels = []
-
-    for asset in model.assets.values():
-        nodes[str(asset.id)] = Node(
-            str(asset.type),
-            name=str(asset.name),
-            asset_id=str(asset.id),
-            type=str(asset.type)
-        )
-
-    for asset in model.assets.values():
-        for fieldname, other_assets in asset.associated_assets.items():
-            for other_asset in other_assets:
-                rels.append(
-                    Relationship(
-                        nodes[str(asset.id)],
-                        str(fieldname),
-                        nodes[str(other_asset.id)]
-                    )
-                )
-
-    subgraph = Subgraph(list(nodes.values()), rels)
-
-    tx = g.begin()
-    tx.create(subgraph)
-    g.commit(tx)
-
-
-# def get_model(
-#         uri: str,
-#         username: str,
-#         password: str,
-#         dbname: str,
-#         lang_graph: LanguageGraph,
-#     ) -> Model:
-#     """Load a model from Neo4j"""
-
-#     g = Graph(uri=uri, user=username, password=password, name=dbname)
-
-#     instance_model = Model('Neo4j imported model', lang_graph)
-#     # Get all assets
-#     assets_results = g.run('MATCH (a) WHERE a.type IS NOT NULL RETURN DISTINCT a').data()
-#     for asset in assets_results:
-#         asset_data = dict(asset['a'])
-#         logger.debug(
-#             'Loading asset from Neo4j instance:\n%s', str(asset_data)
-#         )
-#         if asset_data['type'] == 'Attacker':
-#             attacker_id = int(asset_data['asset_id'])
-#             attacker = AttackerAttachment()
-#             attacker.entry_points = []
-#             instance_model.add_attacker(attacker, attacker_id = attacker_id)
-#             continue
-
-#         asset_id = int(asset_data['asset_id'])
-
-#         #TODO Process defense values when they are included in Neo4j
-#         instance_model.add_asset(asset_data['type'], asset_id=asset_id)
-
-#     # Get all relationships
-#     assocs_results = g.run(
-#         'MATCH (a)-[r1]->(b),(a)<-[r2]-(b) WHERE a.type IS NOT NULL RETURN DISTINCT a, r1, r2, b'
-#     ).data()
-
-#     for assoc in assocs_results:
-#         left_field = list(assoc['r1'].types())[0]
-#         right_field = list(assoc['r2'].types())[0]
-#         left_asset = dict(assoc['a'])
-#         right_asset = dict(assoc['b'])
-
-#         logger.debug(
-#             'Load association ("%s", "%s", "%s", "%s") from Neo4j instance.',
-#             left_field, right_field, left_asset["type"], right_asset["type"]
-#         )
-
-#         left_id = int(left_asset['asset_id'])
-#         right_id = int(right_asset['asset_id'])
-
-#         attacker_id = None
-#         if left_field == 'firstSteps':
-#             attacker_id = right_id
-#             target_id = left_id
-#             target_prop = right_field
-#         elif right_field == 'firstSteps':
-#             attacker_id = left_id
-#             target_id = right_id
-#             target_prop = left_field
-
-#         if attacker_id is not None:
-#             attacker = instance_model.get_attacker_by_id(attacker_id)
-#             if not attacker:
-#                 msg = 'Failed to find attacker with id %s in model!'
-#                 logger.error(msg, attacker_id)
-#                 raise LookupError(msg % attacker_id)
-#             target_asset = instance_model.get_asset_by_id(target_id)
-#             if not target_asset:
-#                 msg = 'Failed to find asset with id %d in model!'
-#                 logger.error(msg, target_id)
-#                 raise LookupError(msg % target_id)
-#             attacker.entry_points.append((target_asset,
-#                 [target_prop]))
-#             continue
-
-#         left_asset = instance_model.get_asset_by_id(left_id)
-#         if left_asset is None:
-#             msg = 'Failed to find asset with id %d in model!'
-#             logger.error(msg, left_id)
-#             raise LookupError(msg % left_id)
-#         right_asset = instance_model.get_asset_by_id(right_id)
-#         if right_asset is None:
-#             msg = 'Failed to find asset with id %d in model!'
-#             logger.error(msg, right_id)
-#             raise LookupError(msg % right_id)
-
-#         assoc = lang_graph.get_association_by_fields_and_assets(
-#             left_field,
-#             right_field,
-#             left_asset.type,
-#             right_asset.type)
-
-#         if not assoc:
-#             logger.error(
-#                 'Failed to find ("%s", "%s", "%s", "%s")'
-#                 'association in language specification!',
-#                 left_asset.type, right_asset.type,
-#                 left_field, right_field
-#             )
-#             return None
-
-#         logger.debug('Found "%s" association.', assoc.name)
-
-#         assoc_name = lang_classes_factory.get_association_by_signature(
-#             assoc.name,
-#             left_asset.type,
-#             right_asset.type
-#         )
-
-#         if not assoc_name:
-#             msg = 'Failed to find \"%s\" association in language specification!'
-#             logger.error(msg, assoc.name)
-#             raise LookupError(msg % assoc.name)
-
-#         assoc = getattr(lang_classes_factory.ns, assoc_name)()
-#         setattr(assoc, left_field, [left_asset])
-#         setattr(assoc, right_field, [right_asset])
-#         if not (instance_model.association_exists_between_assets(
-#             assoc_name,
-#             left_asset,
-#             right_asset
-#         ) or instance_model.association_exists_between_assets(
-#             assoc_name,
-#             right_asset,
-#             left_asset
-#         )):
-#             instance_model.add_association(assoc)
-
-#     return instance_model