mal-toolbox 1.0.2__py3-none-any.whl → 1.0.4__py3-none-any.whl

{mal_toolbox-1.0.2.dist-info → mal_toolbox-1.0.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mal-toolbox
-Version: 1.0.2
+Version: 1.0.4
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Joakim Loxdal <loxdal@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Giuseppe Nebbione <nebbione@kth.se>
 License: Apache Software License
@@ -18,6 +18,7 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: AUTHORS
+Requires-Dist: graphviz
 Requires-Dist: antlr4-tools
 Requires-Dist: antlr4-python3-runtime
 Requires-Dist: docopt

{mal_toolbox-1.0.2.dist-info → mal_toolbox-1.0.4.dist-info}/RECORD

@@ -1,26 +1,29 @@
-mal_toolbox-1.0.2.dist-info/licenses/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
-mal_toolbox-1.0.2.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-maltoolbox/__init__.py,sha256=6ptmrCtF7ag3EJSnZIuo-oRccQwL7Yvz3Cs_B0WEpnE,2043
-maltoolbox/__main__.py,sha256=QBloKCJ_RMsFPZ8qiWZQnoP2gnnRyECIJBfA1zTAYJM,2394
+mal_toolbox-1.0.4.dist-info/licenses/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
+mal_toolbox-1.0.4.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+maltoolbox/__init__.py,sha256=Rw4utlzsR268vbMpZlmp3bDGJ80U0CWHiEXKOePe3jU,2043
+maltoolbox/__main__.py,sha256=A9jsYy94l1grHeSR3G3Ddn8Xg_nOihMSj1zZtVnYPSI,2974
 maltoolbox/exceptions.py,sha256=0YjPx2v1yYumZ2o7pVZ1s_jS-GAb3Ng979KEFhROSNY,1399
 maltoolbox/file_utils.py,sha256=fYG3UsvPQcU0ES_WI3nLfuzSZgc0jtE4IAxdMGgs9aA,1876
 maltoolbox/model.py,sha256=xTK2jUr0Gz5pPVhdjh78zO5G46nV8N2ciIt6M5SwcGU,16058
 maltoolbox/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/attackgraph/__init__.py,sha256=m_81AjzwXONdclcW_R7mF2f8p-4DvoSRVfQ3Nyh7fak,298
-maltoolbox/attackgraph/attackgraph.py,sha256=qPuZjycEtMZKAoqdGC9Ume0ehy0SBWagLbLkr-9T1hQ,26871
+maltoolbox/attackgraph/attackgraph.py,sha256=I2jms_X1rRLkmvkmc0z3zQAa_TnO4xA7ulPliRl5kOo,26930
 maltoolbox/attackgraph/node.py,sha256=Z2sdzXhPel9h7ySxP9fjgd1exVmpRbvRySVtLpI1_BM,3904
 maltoolbox/attackgraph/analyzers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-maltoolbox/ingestors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/language/__init__.py,sha256=TsTTryEyjChwHN1o5F2BSUlFsAss2N6J0H0-nzvXiD8,489
-maltoolbox/language/languagegraph.py,sha256=pMi9kdpg_UOWpKNnk-UG56zeX49Q4TBdqY6YPgII9mY,73713
+maltoolbox/language/languagegraph.py,sha256=XWqVzHlf7EMWSkN3fQ-b6zA0pf_ysi_74YseAXAvSbs,71274
 maltoolbox/language/compiler/__init__.py,sha256=JQyAgDwJh1pU7AmuOhd1-d2b2PYXpgMVPtxnav8QHVc,15872
 maltoolbox/language/compiler/mal_lexer.py,sha256=BeifykDAt4PloRASOaLzBgWF35ev_zgD8lXMIsSHykc,12063
 maltoolbox/language/compiler/mal_parser.py,sha256=sUoaE43l2VKg-Dou30mk2wlVS1FvdOREwHNIyFe4IkY,114699
+maltoolbox/patternfinder/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+maltoolbox/patternfinder/attackgraph_patterns.py,sha256=jgW7UG1yBJ08jvuokdpSiHm7jDMg2PTcjfGXZ8UJAnw,5082
 maltoolbox/translators/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/translators/securicad.py,sha256=F_rndv2JyKxfHAXPwf2RrdiFPnemJVArYUpVsFP6QQk,6997
 maltoolbox/translators/updater.py,sha256=UZPnx22udROiocCcSmtrgUJUupkjktkxl-M7rhBxUPc,8660
-mal_toolbox-1.0.2.dist-info/METADATA,sha256=l0IFnHUBb1MyIVt2Xq939KFA5jdzLQWdBISYVwqddO4,5358
-mal_toolbox-1.0.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mal_toolbox-1.0.2.dist-info/entry_points.txt,sha256=oqby5O6cUP_OHCm70k_iYPA6UlbTBf7se1i3XwdK3uU,56
-mal_toolbox-1.0.2.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
-mal_toolbox-1.0.2.dist-info/RECORD,,
+maltoolbox/visualization/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+maltoolbox/visualization/graphviz_utils.py,sha256=dfQhPL6Z2hvlMFpThsDr-5tm4Pa22SGHEiXw5ym9JJc,3906
+mal_toolbox-1.0.4.dist-info/METADATA,sha256=SbesLITkX_biOanT4o22POBe74UNEjZWBLOJY1P2xS0,5382
+mal_toolbox-1.0.4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mal_toolbox-1.0.4.dist-info/entry_points.txt,sha256=oqby5O6cUP_OHCm70k_iYPA6UlbTBf7se1i3XwdK3uU,56
+mal_toolbox-1.0.4.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
+mal_toolbox-1.0.4.dist-info/RECORD,,

maltoolbox/__init__.py

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-# MAL Toolbox v1.0.2
+# MAL Toolbox v1.0.4
 # Copyright 2025, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@ MAL-Toolbox Framework
 """
 
 __title__ = "maltoolbox"
-__version__ = "1.0.2"
+__version__ = "1.0.4"
 __authors__ = [
     "Andrei Buhaiu",
     "Giuseppe Nebbione",

maltoolbox/__main__.py

@@ -2,15 +2,20 @@
 Command-line interface for MAL toolbox operations
 
 Usage:
-    maltoolbox attack-graph generate [options] <model_file> <lang_file>
     maltoolbox compile <lang_file> <output_file>
+    maltoolbox generate-attack-graph [--graphviz] <model_file> <lang_file>
     maltoolbox upgrade-model <model_file> <lang_file> <output_file>
+    maltoolbox visualize-model <model_file> <lang_file>
 
 Arguments:
     <model_file>    Path to JSON instance model file.
     <lang_file>     Path to .mar or .mal file containing MAL spec.
     <output_file>   Path to write the result of the compilation (yml/json).
 
+Options:
+  -h --help         Show this screen.
+  -g --graphviz     Visualize with graphviz
+
 Notes:
     - <lang_file> can be either a .mar file (generated by the older MAL
       compiler) or a .mal file containing the DSL written in MAL.
@@ -21,17 +26,19 @@ import json
 import docopt
 
 from . import log_configs
-from .attackgraph import create_attack_graph
+from .attackgraph import create_attack_graph, AttackGraph
 from .language.compiler import MalCompiler
 from .language.languagegraph import LanguageGraph
 from .translators.updater import load_model_from_older_version
+from .visualization.graphviz_utils import render_model, render_attack_graph
+from .model import Model
 
 logger = logging.getLogger(__name__)
 
 def generate_attack_graph(
         model_file: str,
-        lang_file: str,
-    ) -> None:
+        lang_file: str
+    ) -> AttackGraph:
     """Create an attack graph
 
     Args:
@@ -43,6 +50,7 @@ def generate_attack_graph(
         attack_graph.save_to_file(
             log_configs['attackgraph_file']
         )
+    return attack_graph
 
 def compile(lang_file: str, output_file: str) -> None:
     """Compile language and dump into output file"""
@@ -64,10 +72,13 @@ def upgrade_model(model_file: str, lang_file: str, output_file: str):
 def main():
     args = docopt.docopt(__doc__)
 
-    if args['attack-graph'] and args['generate']:
-        generate_attack_graph(
+    if args['generate-attack-graph']:
+        attack_graph = generate_attack_graph(
             args['<model_file>'], args['<lang_file>']
         )
+        if args['--graphviz']:
+            render_attack_graph(attack_graph)
+
     elif args['compile']:
         compile(
             args['<lang_file>'], args['<output_file>']
@@ -76,6 +87,10 @@ def main():
         upgrade_model(
             args['<model_file>'], args['<lang_file>'], args['<output_file>']
         )
+    elif args['visualize-model']:
+        lang_graph = LanguageGraph.load_from_file(args['<lang_file>'])
+        model = Model.load_from_file(args['<model_file>'], lang_graph)
+        render_model(model)
 
 if __name__ == "__main__":
     main()

maltoolbox/attackgraph/attackgraph.py

@@ -89,7 +89,7 @@ def create_attack_graph(
 
 class AttackGraph():
     """Graph representation of attack steps"""
-    def __init__(self, lang_graph, model: Optional[Model] = None):
+    def __init__(self, lang_graph: LanguageGraph, model: Optional[Model] = None):
         self.nodes: dict[int, AttackGraphNode] = {}
         # Dictionaries used in optimization to get nodes by id or full name
         # faster
@@ -535,15 +535,15 @@ class AttackGraph():
             if not ag_node.model_asset:
                 raise AttackGraphException('Attack graph node is missing '
                     'asset link')
-            lang_graph_asset = self.lang_graph.assets[
-                ag_node.model_asset.type]
 
-            lang_graph_attack_step = lang_graph_asset.attack_steps[
-                ag_node.name]
+            lang_graph_asset = self.lang_graph.assets[ag_node.model_asset.type]
+            lang_graph_attack_step: Optional[LanguageGraphAttackStep] = (
+                lang_graph_asset.attack_steps[ag_node.name]
+            )
 
             while lang_graph_attack_step:
-                for child in lang_graph_attack_step.children.values():
-                    for target_attack_step, expr_chain in child:
+                for target_attack_step, expr_chains in lang_graph_attack_step.children.items():
+                    for expr_chain in expr_chains:
                         target_assets = self._follow_expr_chain(
                             self.model,
                             set([ag_node.model_asset]),

maltoolbox/language/languagegraph.py

@@ -26,131 +26,6 @@ from ..exceptions import (
 
 logger = logging.getLogger(__name__)
 
-predef_ttcs: dict[str, dict] = {
-    'EasyAndUncertain':
-    {
-        'arguments': [0.5],
-        'name': 'Bernoulli',
-        'type': 'function'
-    },
-    'HardAndUncertain':
-    {
-        'lhs':
-        {
-            'arguments': [0.1],
-            'name': 'Exponential',
-            'type': 'function'
-        },
-        'rhs':
-        {
-            'arguments': [0.5],
-            'name': 'Bernoulli',
-            'type': 'function'
-        },
-        'type': 'multiplication'
-    },
-    'VeryHardAndUncertain':
-    {
-        'lhs':
-        {
-            'arguments': [0.01],
-            'name': 'Exponential',
-            'type': 'function'
-        },
-        'rhs':
-        {
-            'arguments': [0.5],
-            'name': 'Bernoulli',
-            'type': 'function'
-        },
-        'type': 'multiplication'
-    },
-    'EasyAndCertain':
-    {
-        'arguments': [1.0],
-        'name': 'Exponential',
-        'type': 'function'
-    },
-    'HardAndCertain':
-    {
-        'arguments': [0.1],
-        'name': 'Exponential',
-        'type': 'function'
-    },
-    'VeryHardAndCertain':
-    {
-        'arguments': [0.01],
-        'name': 'Exponential',
-        'type': 'function'
-    },
-    'Enabled':
-    {
-        'arguments': [1.0],
-        'name': 'Bernoulli',
-        'type': 'function'
-    },
-    'Instant':
-    {
-        'arguments': [1.0],
-        'name': 'Bernoulli',
-        'type': 'function'
-    },
-    'Disabled':
-    {
-        'arguments': [0.0],
-        'name': 'Bernoulli',
-        'type': 'function'
-    },
-}
-
-def get_ttc_distribution(
-        step_dict: dict,
-        defense_default_ttc = None,
-        attack_default_ttc = None
-    ) -> Optional[dict]:
-    """Convert step TTC to a TTC distribution if needed
-
-    - If no TTC is set, set return default TTC.
-    - If the TTC provided is a predefined name replace it with the
-    probability distribution it corresponds to.
-    - Otherwise return the TTC distribution as is.
-
-    Arguments:
-    step_dict   - A dict with the attack step data
-    defense_default_ttc - the value to give a defense ttc if none is set
-    attack_default_ttc - the value to give an attack ttc if none is set
-
-    Returns:
-    A dict with the steps TTC distribution, or None if the step is not
-    a defense or attack step
-    """
-
-    if defense_default_ttc is None:
-        defense_default_ttc = predef_ttcs['Disabled'].copy()
-    if attack_default_ttc is None:
-        attack_default_ttc = predef_ttcs['Instant'].copy()
-
-    step_ttc = step_dict['ttc']
-
-    if step_dict['type'] == 'defense':
-        if step_ttc is None:
-            # No step ttc set in language for defense
-            step_ttc = defense_default_ttc
-    elif step_dict['type'] in ('or', 'and'):
-        if step_ttc is None:
-            # No step ttc set in language for attack
-            step_ttc = attack_default_ttc
-    else:
-        # No TTC for other step types
-        return None
-
-    if 'name' in step_ttc and step_ttc['name'] in predef_ttcs:
-        # Predefined step ttc set in language, fetch from dict
-        step_ttc = predef_ttcs[step_ttc['name']].copy()
-
-    return step_ttc
-
-
 
 def disaggregate_attack_step_full_name(
         attack_step_full_name: str) -> list[str]:
@@ -485,8 +360,13 @@ class LanguageGraphAttackStep:
     asset: LanguageGraphAsset
     ttc: Optional[dict] = field(default_factory = dict)
     overrides: bool = False
-    children: dict = field(default_factory = dict)
-    parents: dict = field(default_factory = dict)
+
+    own_children: dict[LanguageGraphAttackStep, list[ExpressionsChain | None]] = (
+        field(default_factory = dict)
+    )
+    own_parents: dict[LanguageGraphAttackStep, list[ExpressionsChain | None]] = (
+        field(default_factory = dict)
+    )
     info: dict = field(default_factory = dict)
     inherits: Optional[LanguageGraphAttackStep] = None
     own_requires: list[ExpressionsChain] = field(default_factory=list)
@@ -497,6 +377,39 @@ class LanguageGraphAttackStep:
     def __hash__(self):
         return hash(self.full_name)
 
+    @property
+    def children(self) -> dict[
+        LanguageGraphAttackStep, list[ExpressionsChain | None]
+    ]:
+        """
+        Get all (both own and inherited) children of a LanguageGraphAttackStep
+        """
+
+        all_children = dict(self.own_children)
+
+        if self.overrides:
+            # Override overrides the children
+            return all_children
+
+        if not self.inherits:
+            return all_children
+
+        for child_step, chains in self.inherits.children.items():
+            if child_step in all_children:
+                all_children[child_step] += [
+                    chain for chain in chains
+                    if chain not in all_children[child_step]
+                ]
+            else:
+                all_children[child_step] = chains
+
+        return all_children
+
+    @property
+    def parents(self) -> None:
+        raise NotImplementedError(
+            "Can not fetch parents of a LanguageGraphAttackStep"
+        )
 
     @property
     def full_name(self) -> str:
@@ -514,8 +427,8 @@ class LanguageGraphAttackStep:
             'type': self.type,
             'asset': self.asset.name,
             'ttc': self.ttc,
-            'children': {},
-            'parents': {},
+            'own_children': {},
+            'own_parents': {},
             'info': self.info,
             'overrides': self.overrides,
             'inherits': self.inherits.full_name if self.inherits else None,
@@ -524,25 +437,22 @@ class LanguageGraphAttackStep:
             self.detectors.items()},
         }
 
-        for child in self.children:
-            node_dict['children'][child] = []
-            for (_, expr_chain) in self.children[child]:
-                if expr_chain:
-                    node_dict['children'][child].append(
-                        expr_chain.to_dict())
+        for child, expr_chains in self.own_children.items():
+            node_dict['own_children'][child.full_name] = []
+            for chain in expr_chains:
+                if chain:
+                    node_dict['own_children'][child.full_name].append(chain.to_dict())
                 else:
-                    node_dict['children'][child].append(None)
-
-        for parent in self.parents:
-            node_dict['parents'][parent] = []
-            for (_, expr_chain) in self.parents[parent]:
-                if expr_chain:
-                    node_dict['parents'][parent].append(
-                        expr_chain.to_dict())
+                    node_dict['own_children'][child.full_name].append(None)
+        for parent, expr_chains in self.own_children.items():
+            node_dict['own_parents'][parent.full_name] = []
+            for chain in expr_chains:
+                if chain:
+                    node_dict['own_parents'][parent.full_name].append(chain.to_dict())
                 else:
-                    node_dict['parents'][parent].append(None)
+                    node_dict['own_parents'][parent.full_name].append(None)
 
-        if hasattr(self, 'own_requires'):
+        if self.own_requires:
             node_dict['requires'] = []
             for requirement in self.own_requires:
                 node_dict['requires'].append(requirement.to_dict())
@@ -963,10 +873,10 @@ class LanguageGraph():
                     name = attack_step_dict['name'],
                     type = attack_step_dict['type'],
                     asset = asset,
-                    ttc = get_ttc_distribution(attack_step_dict),
+                    ttc = attack_step_dict['ttc'],
                     overrides = attack_step_dict['overrides'],
-                    children = {},
-                    parents = {},
+                    own_children = {},
+                    own_parents = {},
                     info = attack_step_dict['info'],
                     tags = list(attack_step_dict['tags'])
                 )
@@ -995,12 +905,11 @@ class LanguageGraph():
             asset = lang_graph.assets[asset_dict['name']]
             for attack_step_dict in asset_dict['attack_steps'].values():
                 attack_step = asset.attack_steps[attack_step_dict['name']]
-                for child_target in attack_step_dict['children'].items():
+                for child_target in attack_step_dict['own_children'].items():
                     target_full_attack_step_name = child_target[0]
                     expr_chains = child_target[1]
                     target_asset_name, target_attack_step_name = \
-                        disaggregate_attack_step_full_name(
-                            target_full_attack_step_name)
+                        disaggregate_attack_step_full_name(target_full_attack_step_name)
                     target_asset = lang_graph.assets[target_asset_name]
                     target_attack_step = target_asset.attack_steps[
                         target_attack_step_name]
@@ -1009,33 +918,30 @@ class LanguageGraph():
                             expr_chain_dict,
                             lang_graph
                         )
-                        if target_attack_step.full_name in attack_step.children:
-                            attack_step.children[target_attack_step.full_name].\
-                                append((target_attack_step, expr_chain))
+
+                        if target_attack_step in attack_step.own_children:
+                            attack_step.own_children[target_attack_step].append(expr_chain)
                         else:
-                            attack_step.children[target_attack_step.full_name] = \
-                                [(target_attack_step, expr_chain)]
+                            attack_step.own_children[target_attack_step] = [expr_chain]
 
-                for parent_target in attack_step_dict['parents'].items():
-                    target_full_attack_step_name = parent_target[0]
-                    expr_chains = parent_target[1]
+                for (target_step_full_name, expr_chains) in attack_step_dict['own_parents'].items():
                     target_asset_name, target_attack_step_name = \
                         disaggregate_attack_step_full_name(
-                            target_full_attack_step_name)
+                            target_step_full_name
+                        )
                     target_asset = lang_graph.assets[target_asset_name]
-                    target_attack_step = target_asset.attack_steps[
-                        target_attack_step_name]
+                    target_attack_step = target_asset.attack_steps[target_attack_step_name]
                     for expr_chain_dict in expr_chains:
                         expr_chain = ExpressionsChain._from_dict(
-                            expr_chain_dict,
-                            lang_graph
+                            expr_chain_dict, lang_graph
                         )
-                        if target_attack_step.full_name in attack_step.parents:
-                            attack_step.parents[target_attack_step.full_name].\
-                                append((target_attack_step, expr_chain))
+
+                        if target_attack_step in attack_step.own_parents:
+                            attack_step.own_parents[target_attack_step].append(
+                                expr_chain
+                            )
                         else:
-                            attack_step.parents[target_attack_step.full_name] = \
-                                [(target_attack_step, expr_chain)]
+                            attack_step.own_parents[target_attack_step] = [expr_chain]
 
                 # Recreate the requirements of exist and notExist attack steps
                 if attack_step.type == 'exist' or \
@@ -1625,6 +1531,7 @@ class LanguageGraph():
         """
         Link assets based on inheritance and associations.
         """
+
         for asset_dict in lang_spec['assets']:
             asset = assets[asset_dict['name']]
             if asset_dict['superAsset']:
@@ -1684,13 +1591,13 @@ class LanguageGraph():
                     name = attack_step_attribs['name'],
                     type = attack_step_attribs['type'],
                     asset = asset,
-                    ttc = get_ttc_distribution(attack_step_attribs),
+                    ttc = attack_step_attribs['ttc'],
                     overrides = (
                         attack_step_attribs['reaches']['overrides']
                         if attack_step_attribs['reaches'] else False
                     ),
-                    children = {},
-                    parents = {},
+                    own_children = {},
+                    own_parents = {},
                     info = attack_step_attribs['meta'],
                     tags = list(attack_step_attribs['tags'])
                 )
@@ -1732,8 +1639,8 @@ class LanguageGraph():
                                 asset = asset,
                                 ttc = attack_step.ttc,
                                 overrides = False,
-                                children = {},
-                                parents = {},
+                                own_children = {},
+                                own_parents = {},
                                 info = attack_step.info,
                                 tags = list(attack_step.tags)
                             )
@@ -1799,16 +1706,14 @@ class LanguageGraph():
                         target_attack_step_name]
 
                     # Link to the children target attack steps
-                    attack_step.children.setdefault(target_attack_step.full_name, [])
-                    attack_step.children[target_attack_step.full_name].append(
-                        (target_attack_step, expr_chain)
-                    )
+                    attack_step.own_children.setdefault(target_attack_step, [])
+                    attack_step.own_children[target_attack_step].append(expr_chain)
 
                     # Reverse the children associations chains to get the
                     # parents associations chain.
-                    target_attack_step.parents.setdefault(attack_step.full_name, [])
-                    target_attack_step.parents[attack_step.full_name].append(
-                        (attack_step, self.reverse_expr_chain(expr_chain, None))
+                    target_attack_step.own_parents.setdefault(attack_step, [])
+                    target_attack_step.own_parents[attack_step].append(
+                        self.reverse_expr_chain(expr_chain, None)
                     )
 
                 # Evaluate the requirements of exist and notExist attack steps

maltoolbox/patternfinder/attackgraph_patterns.py

@@ -0,0 +1,134 @@
+"""Utilities for finding patterns in the AttackGraph"""
+
+from __future__ import annotations
+from dataclasses import dataclass
+from typing import Callable
+from maltoolbox.attackgraph import AttackGraph, AttackGraphNode
+
+class SearchPattern:
+    """A pattern consists of conditions, the conditions are used
+    to find all matching sequences of nodes in an AttackGraph."""
+    conditions: list[SearchCondition]
+
+    def __init__(self, conditions):
+        self.conditions = conditions
+
+    def find_matches(self, graph: AttackGraph):
+        """Search through a graph for a pattern using
+        its conditions, and return sequences of nodes
+        that match all the conditions in the pattern
+
+        Args:
+        graph   - The AttackGraph to search in
+    
+        Return: list[list[AttackGraphNode]] matching paths of Nodes
+        """
+
+        # Find the starting nodes which match the first condition
+        condition = self.conditions[0]
+        matching_paths = []
+        for node in graph.nodes.values():
+            if condition.matches(node):
+                matching_paths.extend(
+                    find_matches_recursively(node, self.conditions)
+                )
+        return matching_paths
+
+@dataclass
+class SearchCondition:
+    """A condition that has to be true for a node to match"""
+
+    # Predefined search conditions
+    ANY = lambda _: True
+
+    # `matches` should be a lambda that takes node as input and returns bool
+    # If lamdba returns True for a node, the node matches
+    # If the lamdba returns False for a node, the node does not match
+    matches: Callable[[AttackGraphNode], bool]
+    greedy: bool = False
+
+    # It is possible to require/allow a Condition to repeat
+    min_repeated: int = 1
+    max_repeated: int = 1
+
+    def can_match_again(self, num_matches):
+        """Returns true if condition can be used again"""
+        return num_matches < self.max_repeated
+
+    def must_match_again(self, num_matches):
+        """Returns true if condition must match again to be fulfilled"""
+        return num_matches < self.min_repeated
+
+
+def find_matches_recursively(
+        node: AttackGraphNode,
+        condition_list: list[SearchCondition],
+        current_path: list[AttackGraphNode] | None = None,
+        matching_paths: set[tuple[AttackGraphNode,...]] | None = None,
+        condition_match_count: int = 0
+    ):
+    """Find all paths of nodes that match the list of conditions.
+    When a sequence of conditions is fulfilled for a path of nodes,
+    add the path of nodes to the returned `matching_paths`
+    The function runs recursively down all paths of children nodes.
+
+    Args:
+    node                  - node to check if current `condition` matches for
+    condition_list        - first condition in list will attempt match `node`
+    current_path          - list of matched nodes so far (recursively built)
+    matching_paths        - set of matched paths so far (recursively built)
+    condition_match_count - number of matches on current condition so far
+
+    Return: set of tuples (paths) of AttackGraphNodes that match the condition
+    """
+
+    # Init path lists if None, or copy/init into new lists for each iteration
+    current_path = [] if current_path is None else list(current_path)
+    matching_paths = set() if matching_paths is None else matching_paths
+
+    curr_cond, *next_conds = condition_list
+
+    if node in current_path:
+        # Stop the chain, infinite loop
+        return matching_paths
+
+    if next_conds and not curr_cond.must_match_again(condition_match_count):
+        # Try next condition for current node if there are more and
+        # current condition is already fulfilled.
+        matching_paths = find_matches_recursively(
+            node,
+            next_conds,
+            current_path=current_path,
+            matching_paths=matching_paths
+        )
+
+    if curr_cond.matches(node):
+        # Current node matches, add to current_path and increment match_count
+        current_path.append(node)
+        condition_match_count += 1
+
+        if next_conds:
+            # If there are more conditions, try next one for all children
+            for child in node.children:
+                matching_paths = find_matches_recursively(
+                    child,
+                    next_conds,
+                    current_path=current_path,
+                    matching_paths=matching_paths,
+                )
+        if curr_cond.can_match_again(condition_match_count):
+            # If we can match current condition again, try for all children
+            for child in node.children:
+                matching_paths = find_matches_recursively(
+                    child,
+                    [curr_cond] + next_conds,
+                    current_path=current_path,
+                    matching_paths=matching_paths,
+                    condition_match_count=condition_match_count
+                )
+
+        if not next_conds:
+            # Congrats - matched a full unique search pattern!
+            matching_paths.add(tuple(current_path)) # tuple is hashable
+
+    return matching_paths

maltoolbox/visualization/graphviz_utils.py

@@ -0,0 +1,102 @@
+import random
+import graphviz
+
+from ..model import Model
+from ..attackgraph import AttackGraph
+
+graphviz_bright_colors = [
+    "aliceblue", "antiquewhite", "antiquewhite1", "antiquewhite2", "azure", "azure1", "azure2",
+    "beige", "bisque", "bisque1", "bisque2", "blanchedalmond",
+    "cornsilk", "cornsilk1", "cornsilk2",
+    "floralwhite", "gainsboro", "ghostwhite", "gold", "gold1", "gold2",
+    "honeydew", "honeydew1", "honeydew2",
+    "ivory", "ivory1", "ivory2",
+    "khaki", "khaki1", "khaki2",
+    "lavender", "lavenderblush", "lavenderblush1", "lavenderblush2",
+    "lemonchiffon", "lemonchiffon1", "lemonchiffon2",
+    "lightblue", "lightblue1", "lightblue2",
+    "lightcyan", "lightcyan1", "lightcyan2",
+    "lightgoldenrod", "lightgoldenrod1", "lightgoldenrod2",
+    "lightgoldenrodyellow", "lightgray",
+    "lightpink", "lightpink1", "lightpink2",
+    "lightsalmon", "lightsalmon1", "lightsalmon2",
+    "lightskyblue", "lightskyblue1", "lightskyblue2",
+    "lightslategray", "lightsteelblue", "lightsteelblue1", "lightsteelblue2",
+    "lightyellow", "lightyellow1", "lightyellow2",
+    "linen", "mintcream", "mistyrose", "mistyrose1", "mistyrose2",
+    "moccasin", "navajowhite", "navajowhite1", "navajowhite2",
+    "oldlace", "papayawhip", "peachpuff", "peachpuff1", "peachpuff2",
+    "pink", "pink1", "pink2", "plum", "plum1", "plum2", "powderblue",
+    "seashell", "seashell1", "seashell2",
+    "snow", "snow1", "snow2",
+    "thistle", "thistle1", "thistle2",
+    "wheat", "wheat1", "wheat2",
+    "white", "whitesmoke", "yellow", "yellow1", "yellow2",
+]
+
+
+def render_model(model: Model):
+    """Render a model in graphviz, create pdf and open it"""
+    dot = graphviz.Digraph(model.name)
+
+    # Create nodes
+    asset_type_colors: dict[str, str] = {}
+    for asset in model.assets.values():
+        bg_color = asset_type_colors.get(asset.lg_asset.name)
+        if not bg_color:
+            bg_color = random.choice(graphviz_bright_colors)
+            asset_type_colors[asset.lg_asset.name] = bg_color
+        dot.node(
+            str(asset.id), asset.name, style="filled", fillcolor=bg_color
+        )
+
+    # Create edges
+    for from_asset in model.assets.values():
+
+        for fieldname, to_assets in from_asset.associated_assets.items():
+            for to_asset in to_assets:
+                dot.edge(
+                    str(from_asset.id), str(to_asset.id), label=fieldname
+                )
+    dot.render(directory='.', view=True)
+
+def render_attack_graph(attack_graph: AttackGraph):
+    """Render attack graph graphviz, create pdf and open it"""
+    assert attack_graph.model, "Attack graph needs a model"
+    dot = graphviz.Graph(attack_graph.model.name)
+    dot.graph_attr['nodesep'] = '3.0' # Node separation
+    dot.graph_attr['ratio'] = 'compress'
+
+    # Create nodes
+    asset_colors: dict[str, str] = {}
+    for node in attack_graph.nodes.values():
+        assert node.model_asset, "Node needs model"
+        bg_color = asset_colors.get(node.model_asset.name)
+        if not bg_color:
+            bg_color = random.choice(graphviz_bright_colors)
+            asset_colors[node.model_asset.name] = bg_color
+        path_color = 'white'
+        match node.type:
+            case 'defense':
+                path_color = 'blue'
+            case 'or':
+                path_color = 'red'
+            case 'and':
+                path_color = 'red'
+            case 'exist':
+                path_color = 'grey'
+            case 'notExist':
+                path_color = 'grey'
+            case t:
+                raise ValueError(f'Type {t} not supported')
+
+        dot.node(
+            str(node.id), node.full_name, style="filled", color=path_color, fillcolor=bg_color
+        )
+
+    # Create edges
+    for parent in attack_graph.nodes.values():
+        for child in parent.children:
+            dot.edge(str(parent.id), str(child.id))
+
+    dot.render(directory='.', view=True)