mal-toolbox 1.0.0__tar.gz → 1.0.2__tar.gz

{mal_toolbox-1.0.0/mal_toolbox.egg-info → mal_toolbox-1.0.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mal-toolbox
-Version: 1.0.0
+Version: 1.0.2
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Joakim Loxdal <loxdal@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Giuseppe Nebbione <nebbione@kth.se>
 License: Apache Software License
@@ -18,7 +18,6 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: AUTHORS
-Requires-Dist: py2neo>=2021.2.3
 Requires-Dist: antlr4-tools
 Requires-Dist: antlr4-python3-runtime
 Requires-Dist: docopt
@@ -87,13 +86,26 @@ pip install mal-toolbox
 
 ## Configuration
 You can use a `maltoolbox.yml` file in the current working directory to
-configure the toolbox. Alternatively, you can use the `MALTOOLBOX_CONFIG`
-environment variable to set a custom config file location:
+configure the toolbox.
+
+The config should look like this:
+```yml
+logging:
+  log_level: INFO
+  log_file: "logs/log.txt"
+  attackgraph_file: "logs/attackgraph.json"
+  model_file: "logs/model.yml"
+  langspec_file: "logs/langspec_file.yml"
+  langgraph_file: "logs/langspec_file.yml"
+```
+
+Alternatively, you can use the `MALTOOLBOX_CONFIG`
+environment variable to set a custom config file location.
 
-"""bash
+```bash
 # in your shell, e.g. bash do:
 export MALTOOLBOX_CONFIG=path/to/yml/config/file
-"""
+```
 
 The default configuration can be found here:
 

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/README.md

@@ -60,13 +60,26 @@ pip install mal-toolbox
 
 ## Configuration
 You can use a `maltoolbox.yml` file in the current working directory to
-configure the toolbox. Alternatively, you can use the `MALTOOLBOX_CONFIG`
-environment variable to set a custom config file location:
+configure the toolbox.
+
+The config should look like this:
+```yml
+logging:
+  log_level: INFO
+  log_file: "logs/log.txt"
+  attackgraph_file: "logs/attackgraph.json"
+  model_file: "logs/model.yml"
+  langspec_file: "logs/langspec_file.yml"
+  langgraph_file: "logs/langspec_file.yml"
+```
+
+Alternatively, you can use the `MALTOOLBOX_CONFIG`
+environment variable to set a custom config file location.
 
-"""bash
+```bash
 # in your shell, e.g. bash do:
 export MALTOOLBOX_CONFIG=path/to/yml/config/file
-"""
+```
 
 The default configuration can be found here:
 

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2/mal_toolbox.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mal-toolbox
-Version: 1.0.0
+Version: 1.0.2
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Joakim Loxdal <loxdal@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Giuseppe Nebbione <nebbione@kth.se>
 License: Apache Software License
@@ -18,7 +18,6 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: AUTHORS
-Requires-Dist: py2neo>=2021.2.3
 Requires-Dist: antlr4-tools
 Requires-Dist: antlr4-python3-runtime
 Requires-Dist: docopt
@@ -87,13 +86,26 @@ pip install mal-toolbox
 
 ## Configuration
 You can use a `maltoolbox.yml` file in the current working directory to
-configure the toolbox. Alternatively, you can use the `MALTOOLBOX_CONFIG`
-environment variable to set a custom config file location:
+configure the toolbox.
+
+The config should look like this:
+```yml
+logging:
+  log_level: INFO
+  log_file: "logs/log.txt"
+  attackgraph_file: "logs/attackgraph.json"
+  model_file: "logs/model.yml"
+  langspec_file: "logs/langspec_file.yml"
+  langgraph_file: "logs/langspec_file.yml"
+```
+
+Alternatively, you can use the `MALTOOLBOX_CONFIG`
+environment variable to set a custom config file location.
 
-"""bash
+```bash
 # in your shell, e.g. bash do:
 export MALTOOLBOX_CONFIG=path/to/yml/config/file
-"""
+```
 
 The default configuration can be found here:
 

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/mal_toolbox.egg-info/requires.txt

@@ -1,4 +1,3 @@
-py2neo>=2021.2.3
 antlr4-tools
 antlr4-python3-runtime
 docopt

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v1.0.0
+# MAL Toolbox v1.0.2
 # Copyright 2025, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 
 __title__ = "maltoolbox"
-__version__ = "1.0.0"
+__version__ = "1.0.2"
 __authors__ = [
     "Andrei Buhaiu",
     "Giuseppe Nebbione",

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/maltoolbox/attackgraph/attackgraph.py

@@ -55,12 +55,12 @@ def create_attack_graph(
     else:
         raise TypeError("`lang` must be either string or LanguageGraph")
 
-    if log_configs['langspec_file']:
+    if 'langspec_file' in log_configs:
         lang_graph.save_language_specification_to_json(
             log_configs['langspec_file']
         )
 
-    if log_configs['langgraph_file']:
+    if 'langgraph_file' in log_configs:
         lang_graph.save_to_file(log_configs['langgraph_file'])
 
     # Load model
@@ -194,7 +194,7 @@ class AttackGraph():
                 ttc_dist = node_dict['ttc'],
                 existence_status = node_dict.get('existence_status', None)
             )
-            ag_node.tags = set(node_dict.get('tags', []))
+            ag_node.tags = list(node_dict.get('tags', []))
             ag_node.extras = node_dict.get('extras', {})
 
             if node_asset:
@@ -469,20 +469,24 @@ class AttackGraph():
                 existence_status = None
                 node_name = asset.name + ':' + attack_step.name
 
-                ttc_dist = attack_step.ttc
+                ttc_dist = copy.deepcopy(attack_step.ttc)
                 match (attack_step.type):
                     case 'defense':
                         # Set the TTC probability for defenses
-                        defense_value = float(asset.defenses[attack_step.name])
-                        ttc_dist = {
-                            'arguments': [defense_value],
-                            'name': 'Bernoulli',
-                            'type': 'function'
-                        }
-                        logger.debug(
-                            'Setting defense \"%s\" to "%s".',
-                            node_name, defense_value
-                        )
+                        # that were explicitly set in model
+                        if attack_step.name in asset.defenses:
+                            defense_value = float(
+                                asset.defenses[attack_step.name]
+                            )
+                            ttc_dist = {
+                                'arguments': [defense_value],
+                                'name': 'Bernoulli',
+                                'type': 'function'
+                            }
+                            logger.debug(
+                                'Setting defense \"%s\" to "%s".',
+                                node_name, defense_value
+                            )
 
                     case 'exist' | 'notExist':
                         # Resolve step expression associated with

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/maltoolbox/language/languagegraph.py

@@ -97,12 +97,60 @@ predef_ttcs: dict[str, dict] = {
     },
     'Disabled':
     {
-        'arguments': [1.0],
+        'arguments': [0.0],
         'name': 'Bernoulli',
         'type': 'function'
     },
 }
 
+def get_ttc_distribution(
+        step_dict: dict,
+        defense_default_ttc = None,
+        attack_default_ttc = None
+    ) -> Optional[dict]:
+    """Convert step TTC to a TTC distribution if needed
+
+    - If no TTC is set, set return default TTC.
+    - If the TTC provided is a predefined name replace it with the
+    probability distribution it corresponds to.
+    - Otherwise return the TTC distribution as is.
+
+    Arguments:
+    step_dict   - A dict with the attack step data
+    defense_default_ttc - the value to give a defense ttc if none is set
+    attack_default_ttc - the value to give an attack ttc if none is set
+
+    Returns:
+    A dict with the steps TTC distribution, or None if the step is not
+    a defense or attack step
+    """
+
+    if defense_default_ttc is None:
+        defense_default_ttc = predef_ttcs['Disabled'].copy()
+    if attack_default_ttc is None:
+        attack_default_ttc = predef_ttcs['Instant'].copy()
+
+    step_ttc = step_dict['ttc']
+
+    if step_dict['type'] == 'defense':
+        if step_ttc is None:
+            # No step ttc set in language for defense
+            step_ttc = defense_default_ttc
+    elif step_dict['type'] in ('or', 'and'):
+        if step_ttc is None:
+            # No step ttc set in language for attack
+            step_ttc = attack_default_ttc
+    else:
+        # No TTC for other step types
+        return None
+
+    if 'name' in step_ttc and step_ttc['name'] in predef_ttcs:
+        # Predefined step ttc set in language, fetch from dict
+        step_ttc = predef_ttcs[step_ttc['name']].copy()
+
+    return step_ttc
+
+
 
 def disaggregate_attack_step_full_name(
         attack_step_full_name: str) -> list[str]:
@@ -435,14 +483,14 @@ class LanguageGraphAttackStep:
     name: str
     type: str
     asset: LanguageGraphAsset
-    ttc: dict = field(default_factory = dict)
+    ttc: Optional[dict] = field(default_factory = dict)
     overrides: bool = False
     children: dict = field(default_factory = dict)
     parents: dict = field(default_factory = dict)
     info: dict = field(default_factory = dict)
     inherits: Optional[LanguageGraphAttackStep] = None
     own_requires: list[ExpressionsChain] = field(default_factory=list)
-    tags: set = field(default_factory = set)
+    tags: list = field(default_factory = list)
     detectors: dict = field(default_factory = lambda: {})
 
 
@@ -728,7 +776,6 @@ class LanguageGraph():
     """Graph representation of a MAL language"""
     def __init__(self, lang: Optional[dict] = None):
         self.assets: dict[str, LanguageGraphAsset] = {}
-        self.predef_ttcs: dict[str, dict] = predef_ttcs
         if lang is not None:
             self._lang_spec: dict = lang
             self.metadata = {
@@ -769,34 +816,6 @@ class LanguageGraph():
             langspec = archive.read('langspec.json')
             return LanguageGraph(json.loads(langspec))
 
-
-    def replace_if_predef_ttc(
-        self,
-        ttc_entry: Optional[dict]
-    ) -> dict:
-        """
-        If the TTC provided is a predefined name replace it with the
-        probability distribution it corresponds to. Otherwise, simply return
-        the TTC distribution provided as is.
-
-        Arguments:
-        ttc_entry   - the TTC entry to check for predefined names
-
-        Returns:
-        If the TTC entry provided contained a predefined name the TTC
-        probability distrubtion corresponding to it. Otherwise, the TTC
-        distribution provided as a parameter as is.
-        """
-        if ttc_entry is None:
-            return {}
-
-        ttc = self.predef_ttcs.get(str(ttc_entry.get('name')))
-        if ttc is not None:
-            return ttc
-        else:
-            return ttc_entry
-
-
     def _to_dict(self):
         """Converts LanguageGraph into a dict"""
 
@@ -940,18 +959,16 @@ class LanguageGraph():
                 asset_dict['name']
             )
             for attack_step_dict in asset_dict['attack_steps'].values():
-                ttc = lang_graph.replace_if_predef_ttc(
-                    attack_step_dict['ttc'])
                 attack_step_node = LanguageGraphAttackStep(
                     name = attack_step_dict['name'],
                     type = attack_step_dict['type'],
                     asset = asset,
-                    ttc = ttc,
+                    ttc = get_ttc_distribution(attack_step_dict),
                     overrides = attack_step_dict['overrides'],
                     children = {},
                     parents = {},
                     info = attack_step_dict['info'],
-                    tags = set(attack_step_dict['tags'])
+                    tags = list(attack_step_dict['tags'])
                 )
                 asset.attack_steps[attack_step_dict['name']] = \
                     attack_step_node
@@ -1663,12 +1680,11 @@ class LanguageGraph():
                     attack_step_attribs['name']
                 )
 
-                ttc = self.replace_if_predef_ttc(attack_step_attribs['ttc'])
                 attack_step_node = LanguageGraphAttackStep(
                     name = attack_step_attribs['name'],
                     type = attack_step_attribs['type'],
                     asset = asset,
-                    ttc = ttc,
+                    ttc = get_ttc_distribution(attack_step_attribs),
                     overrides = (
                         attack_step_attribs['reaches']['overrides']
                         if attack_step_attribs['reaches'] else False
@@ -1676,7 +1692,7 @@ class LanguageGraph():
                     children = {},
                     parents = {},
                     info = attack_step_attribs['meta'],
-                    tags = set(attack_step_attribs['tags'])
+                    tags = list(attack_step_attribs['tags'])
                 )
                 langspec_dict[attack_step_node.full_name] = \
                     attack_step_attribs
@@ -1719,7 +1735,7 @@ class LanguageGraph():
                                 children = {},
                                 parents = {},
                                 info = attack_step.info,
-                                tags = set(attack_step.tags)
+                                tags = list(attack_step.tags)
                             )
                             attack_step_node.inherits = attack_step
                             asset.attack_steps[attack_step.name] = attack_step_node
@@ -1727,12 +1743,9 @@ class LanguageGraph():
                             # The inherited attack step was already overridden.
                             continue
                         else:
-                            asset.attack_steps[attack_step.name].inherits = \
-                                attack_step
-                            asset.attack_steps[attack_step.name].tags |= \
-                                attack_step.tags
-                            asset.attack_steps[attack_step.name].info |= \
-                                attack_step.info
+                            asset.attack_steps[attack_step.name].inherits = attack_step
+                            asset.attack_steps[attack_step.name].tags += attack_step.tags
+                            asset.attack_steps[attack_step.name].info |= attack_step.info
 
         # Then, link all of the attack step nodes according to their
         # associations.

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/maltoolbox/model.py

@@ -326,12 +326,6 @@ class ModelAsset:
         self._associated_assets: dict[str, set[ModelAsset]] = {}
         self.attack_step_nodes: list = []
 
-        for step in self.lg_asset.attack_steps.values():
-            if step.type == 'defense' and step.name not in self.defenses:
-                self.defenses[step.name] = 1.0 if step.ttc and \
-                    step.ttc['name'] == 'Enabled' else 0.0
-
-
     def _to_dict(self):
         """Get dictionary representation of the asset."""
 
@@ -345,14 +339,8 @@ class ModelAsset:
             'associated_assets': {}
         }
 
-        # Only add non-default values for defenses to improve legibility of
-        # the model format
         for defense, defense_value in self.defenses.items():
-            lg_step = self.lg_asset.attack_steps[defense]
-            default_defval = 1.0 if lg_step.ttc and \
-                    lg_step.ttc['name'] == 'Enabled' else 0.0
-            if defense_value != default_defval:
-                asset_dict['defenses'][defense] = defense_value
+            asset_dict['defenses'][defense] = defense_value
 
         for fieldname, assets in self.associated_assets.items():
             asset_dict['associated_assets'][fieldname] = {asset.id: asset.name

{mal_toolbox-1.0.0 → mal_toolbox-1.0.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "mal-toolbox"
-version = "1.0.0"
+version = "1.0.2"
 authors = [
   { name="Andrei Buhaiu", email="buhaiu@kth.se" },
   { name="Joakim Loxdal", email="loxdal@kth.se" },
@@ -12,7 +12,6 @@ description = "A collection of tools used to create MAL models and attack graphs
 readme = "README.md"
 requires-python = ">=3.10"
 dependencies = [
-  "py2neo>=2021.2.3",
   "antlr4-tools",
   "antlr4-python3-runtime",
   "docopt",