mal-toolbox 1.1.2__py3-none-any.whl → 1.2.0__py3-none-any.whl

{mal_toolbox-1.1.2.dist-info → mal_toolbox-1.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mal-toolbox
-Version: 1.1.2
+Version: 1.2.0
 Summary: A collection of tools used to create MAL models and attack graphs.
 Author-email: Andrei Buhaiu <buhaiu@kth.se>, Joakim Loxdal <loxdal@kth.se>, Nikolaos Kakouros <nkak@kth.se>, Jakob Nyberg <jaknyb@kth.se>, Giuseppe Nebbione <nebbione@kth.se>, Sandor Berglund <sandor@kth.se>
 License: Apache Software License
@@ -75,6 +75,15 @@ available.
 pip install mal-toolbox
 ```
 
+### Requirements
+
+If you wish to run visualisations with graphviz, you must first download and install it on your computer. Depending on your operating system, you can find out how to do this here: [link to graphviz installation](https://graphviz.org/download/).
+
+Once the software has been successfully installed, you must also include the python package by running:
+```
+pip install graphviz
+```
+
 ## Configuration
 You can use a `maltoolbox.yml` file in the current working directory to
 configure the toolbox.

{mal_toolbox-1.1.2.dist-info → mal_toolbox-1.2.0.dist-info}/RECORD

@@ -1,17 +1,18 @@
-mal_toolbox-1.1.2.dist-info/licenses/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
-mal_toolbox-1.1.2.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-maltoolbox/__init__.py,sha256=x6canxmVl7H1GBftEkhQ3Hu3bl4YpYsLoYXztw7hWWU,2132
+mal_toolbox-1.2.0.dist-info/licenses/AUTHORS,sha256=zxLrLe8EY39WtRKlAY4Oorx4Z2_LHV2ApRvDGZgY7xY,127
+mal_toolbox-1.2.0.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+maltoolbox/__init__.py,sha256=477nzX87CW6thDBJ4BfSLW2xzvpqIHKL0llR7bJxXds,2132
 maltoolbox/__main__.py,sha256=aAm6NcZ-HtPmY9hfFlGNnTs5rydoI6NAc88RgXt1G9U,3515
 maltoolbox/exceptions.py,sha256=4rwqzu8Cgj0ShjUoCXP2yik-bJaqYqj6Y-0tqxHy4vs,1316
 maltoolbox/file_utils.py,sha256=IXA0cvyopjRFGGKqRPkRQ0RJOtKzq_XF13aHgcz-TFc,1911
-maltoolbox/model.py,sha256=dLKDb3CsGP0rBSIN0yc99-GOoD_I60cLmyup5yKCt3k,18989
+maltoolbox/model.py,sha256=bqYPYNW8MxuS2wUef51z6yjaA5F13YXbeicM2qaYUd4,18138
 maltoolbox/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+maltoolbox/str_utils.py,sha256=zZXHOFfXguhpQQJ5nyGe1VGWchOkanQUc8viV7nhQho,639
 maltoolbox/attackgraph/__init__.py,sha256=l7dJ7jOqpcj7PdsOKZt1NuXlPyjd6vZYvcXlj8Kq09w,297
-maltoolbox/attackgraph/attackgraph.py,sha256=OH5GP5v8_RPeHIxzwy2qlctAvMQ_8YgfIKtJwE6Pqqc,26309
+maltoolbox/attackgraph/attackgraph.py,sha256=WBRwnVmQqwpjp3x_kSR8HH49MnlRIhF6tZ_r7nqTAJw,27162
 maltoolbox/attackgraph/node.py,sha256=7NAdEl40w6KMt_gKK1mP4SRAmmyCQGSTMaD-GHMNXHk,4186
 maltoolbox/attackgraph/analyzers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maltoolbox/language/__init__.py,sha256=RTTfhnCYa5PRGJCgDAWLpLLAzNCvNMn91UHNiOXszbg,490
-maltoolbox/language/languagegraph.py,sha256=hyz4Ecp2eWk9jlPplxHVOew3fUTcO6U7EuYnQCdY8j0,65386
+maltoolbox/language/languagegraph.py,sha256=Tjqk5zv_37ghmepx8KBHPTH8tRlboaYcW836MiUS1d8,65140
 maltoolbox/language/compiler/__init__.py,sha256=Rbdeco6SWHyFw-VJfpxLRSZO3UMjJxPGenMR8OujVpA,15846
 maltoolbox/language/compiler/mal_lexer.py,sha256=TQvzEW7yCN0iY6Js5O6wCDFxSAE0_LAX4JVy96TnLro,14808
 maltoolbox/language/compiler/mal_parser.py,sha256=bVfYWRZyyhU-s2tJI-D_YwbVQkl3AHzdrD6LWM0BQbI,116108
@@ -22,11 +23,11 @@ maltoolbox/translators/networkx.py,sha256=v1JQAqO7st6-ktx5P3oy93DsL2SEUPly_3zcAL
 maltoolbox/translators/updater.py,sha256=mFmTT2GHCw6nsoHe_ChnvAHd5j6UxKnvAqLFDSziqC4,8566
 maltoolbox/visualization/__init__.py,sha256=7rrGclkGdP6LrxpfSh1esYFG_MnvnVruuEdUJI-DX-g,350
 maltoolbox/visualization/draw_io_utils.py,sha256=CgsD0HEFpxZ6ZIWtUZtMekdPB2Irtmvhz0TNEm7x1ig,14378
-maltoolbox/visualization/graphviz_utils.py,sha256=PENKhcpeQkxczzoRwOIVFe_olMhGBeuZg1d8JSqXUQQ,3909
+maltoolbox/visualization/graphviz_utils.py,sha256=gA5WGnukZiis5RXIXtWyCy0QMFeSPucZMnFJSbbM8Xc,4687
 maltoolbox/visualization/neo4j_utils.py,sha256=R2Qm2gC5GDpfiPhhB3oymuBI2W580SRXGVtQuFRYiIA,3496
 maltoolbox/visualization/utils.py,sha256=EZWsxukO5hbRwGFW9GM9ZemKT-nYg-VMCup-SsntaQM,1480
-mal_toolbox-1.1.2.dist-info/METADATA,sha256=-iL2hPW6SS5B0ApSlJoj-ijJs7nc7petUWg0Hv961WM,6298
-mal_toolbox-1.1.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-mal_toolbox-1.1.2.dist-info/entry_points.txt,sha256=oqby5O6cUP_OHCm70k_iYPA6UlbTBf7se1i3XwdK3uU,56
-mal_toolbox-1.1.2.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
-mal_toolbox-1.1.2.dist-info/RECORD,,
+mal_toolbox-1.2.0.dist-info/METADATA,sha256=b2NVXhY7knTCzoQrNpJXrHAIChJir16tQBFt2v4rjJk,6696
+mal_toolbox-1.2.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+mal_toolbox-1.2.0.dist-info/entry_points.txt,sha256=oqby5O6cUP_OHCm70k_iYPA6UlbTBf7se1i3XwdK3uU,56
+mal_toolbox-1.2.0.dist-info/top_level.txt,sha256=phqRVLRKGdSUgRY03mcpi2cmbbDo5YGjkV4gkqHFFcM,11
+mal_toolbox-1.2.0.dist-info/RECORD,,

maltoolbox/__init__.py

@@ -1,4 +1,4 @@
-# MAL Toolbox v1.1.2
+# MAL Toolbox v1.2.0
 # Copyright 2025, Andrei Buhaiu.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,7 +19,7 @@
 """
 
 __title__ = "maltoolbox"
-__version__ = "1.1.2"
+__version__ = "1.2.0"
 __authors__ = [
     "Andrei Buhaiu",
     "Giuseppe Nebbione",

maltoolbox/attackgraph/attackgraph.py

@@ -26,6 +26,8 @@ from ..language import (
     LanguageGraphAttackStep,
     disaggregate_attack_step_full_name,
 )
+
+from ..str_utils import levenshtein_distance
 from ..model import Model
 from .node import AttackGraphNode
 
@@ -277,7 +279,7 @@ class AttackGraph:
         return cls._from_dict(serialized_attack_graph,
             lang_graph, model=model)
 
-    def get_node_by_full_name(self, full_name: str) -> AttackGraphNode | None:
+    def get_node_by_full_name(self, full_name: str) -> AttackGraphNode:
         """Return the attack node that matches the full name provided.
 
         Arguments:
@@ -291,7 +293,13 @@ class AttackGraph:
 
         """
         logger.debug('Looking up node with full name "%s"', full_name)
-        return self._full_name_to_node.get(full_name)
+        if full_name not in self._full_name_to_node:
+            similar_names = self._get_similar_full_names(full_name)
+            raise LookupError(
+                f'Could not find node with name "{full_name}". '
+                f'Did you mean: {", ".join(similar_names)}?'
+            )
+        return self._full_name_to_node[full_name]
 
     def _follow_field_expr_chain(
         self, target_assets: set[ModelAsset], expr_chain: ExpressionsChain
@@ -623,6 +631,19 @@ class AttackGraph:
             ag_node.children.add(target_node)
             target_node.parents.add(ag_node)
 
+    def _get_similar_full_names(self, q: str) -> list[str]:
+        """Return a list of node full names that are similar to `q`"""
+        shortest_dist = 100
+        similar_names = []
+        for full_name in self._full_name_to_node:
+            dist = levenshtein_distance(q, full_name)
+            if dist == shortest_dist:
+                similar_names.append(full_name)
+            elif dist < shortest_dist:
+                similar_names = [full_name]
+                shortest_dist = dist
+        return similar_names
+
     def regenerate_graph(self) -> None:
         """Regenerate the attack graph based on the original model instance and
         the MAL language specification provided at initialization.

maltoolbox/language/languagegraph.py

@@ -80,7 +80,7 @@ class LanguageGraphAsset:
         field(default_factory=dict)
     info: dict = field(default_factory=dict)
     own_super_asset: LanguageGraphAsset | None = None
-    own_sub_assets: set[LanguageGraphAsset] = field(default_factory=set)
+    own_sub_assets: list[LanguageGraphAsset] = field(default_factory=list)
     own_variables: dict = field(default_factory=dict)
     is_abstract: bool | None = None
 
@@ -115,7 +115,7 @@ class LanguageGraphAsset:
         return f'LanguageGraphAsset(name: "{self.name}")'
 
     def __hash__(self):
-        return hash(self.name)
+        return id(self)
 
     def is_subasset_of(self, target_asset: LanguageGraphAsset) -> bool:
         """Check if an asset extends the target asset through inheritance.
@@ -383,7 +383,7 @@ class LanguageGraphAttackStep:
     detectors: dict = field(default_factory=dict)
 
     def __hash__(self):
-        return hash(self.full_name)
+        return id(self)
 
     @property
     def children(self) -> dict[
@@ -773,7 +773,7 @@ class LanguageGraph:
                 attack_steps={},
                 info=asset['info'],
                 own_super_asset=None,
-                own_sub_assets=set(),
+                own_sub_assets=list(),
                 own_variables={},
                 is_abstract=asset['is_abstract']
             )
@@ -788,7 +788,8 @@ class LanguageGraph:
                     msg = f'Super asset "{super_name}" for "{asset["name"]}" not found'
                     logger.error(msg)
                     raise LanguageGraphSuperAssetNotFoundError(msg)
-                super_asset.own_sub_assets.add(asset_node)
+
+                super_asset.own_sub_assets.append(asset_node)
                 asset_node.own_super_asset = super_asset
 
         # Associations
@@ -1454,7 +1455,7 @@ class LanguageGraph:
                     raise LanguageGraphSuperAssetNotFoundError(
                         msg % (asset_dict["superAsset"], asset_dict["name"]))
 
-                super_asset.own_sub_assets.add(asset)
+                super_asset.own_sub_assets.append(asset)
                 asset.own_super_asset = super_asset
 
     def _set_variables_for_assets(
@@ -1625,7 +1626,7 @@ class LanguageGraph:
                 attack_steps={},
                 info=asset_dict['meta'],
                 own_super_asset=None,
-                own_sub_assets=set(),
+                own_sub_assets=list(),
                 own_variables={},
                 is_abstract=asset_dict['isAbstract']
             )
@@ -1781,11 +1782,3 @@ class LanguageGraph:
         """
         self.assets = {}
         self._generate_graph()
-
-    def __getstate__(self):
-        return self._to_dict()
-
-    def __setstate__(self, state):
-        temp_lang_graph = self._from_dict(state)
-        self.assets = temp_lang_graph.assets
-        self.metadata = temp_lang_graph.metadata

maltoolbox/model.py

@@ -310,27 +310,6 @@ class Model:
                 "Try to upgrade it with 'maltoolbox upgrade-model'"
             ) from e
 
-    def __getstate__(self):
-        lang_state = self.lang_graph.__getstate__()
-        state = self._to_dict()
-        return {
-            'model_state': state,
-            'lang_graph': lang_state
-        }
-    
-    def __setstate__(self, state):
-        # Restore the language graph first
-        lang_graph = LanguageGraph.__new__(LanguageGraph)
-        lang_graph.__setstate__(state['lang_graph'])
-        self.lang_graph = lang_graph
-        
-        # Restore the model state by creating a temporary model and copying attributes
-        temp_model = self._from_dict(state['model_state'], self.lang_graph)
-        self.name = temp_model.name
-        self.assets = temp_model.assets
-        self._name_to_asset = temp_model._name_to_asset
-        self.maltoolbox_version = temp_model.maltoolbox_version
-        self.next_id = temp_model.next_id
 
 class ModelAsset:
     def __init__(

maltoolbox/str_utils.py

@@ -0,0 +1,22 @@
+"""String related methods"""
+
+def levenshtein_distance(a: str, b: str) -> int:
+    """Get distance between two strings"""
+    if a == b:
+        return 0
+    if not a:
+        return len(b)
+    if not b:
+        return len(a)
+
+    prev_row = list(range(len(b) + 1))
+    for i, ca in enumerate(a, start=1):
+        curr_row = [i]
+        for j, cb in enumerate(b, start=1):
+            insertions = prev_row[j] + 1
+            deletions = curr_row[j - 1] + 1
+            substitutions = prev_row[j - 1] + (ca != cb)
+            curr_row.append(min(insertions, deletions, substitutions))
+        prev_row = curr_row
+    return prev_row[-1]
+

maltoolbox/visualization/graphviz_utils.py

@@ -1,3 +1,6 @@
+from pathlib import Path
+from os import PathLike
+from typing import Optional
 import random
 
 import graphviz
@@ -36,8 +39,28 @@ graphviz_bright_colors = [
 ]
 
 
-def render_model(model: Model):
-    """Render a model in graphviz, create pdf and open it"""
+def _resolve_graphviz_path(path: Optional[PathLike], default_name: str):
+    """
+    Resolve a user-provided path into (directory, filename_without_ext).
+
+    - If path is None → ('.', default_name)
+    - If path is a directory → (path, default_name)
+    - If path is a file → (parent_directory, file_stem)
+    """
+    if path is None:
+        return ".", default_name
+
+    p = Path(path)
+
+    if p.is_dir():
+        return str(p), default_name
+
+    # It's a file path
+    return str(p.parent), p.stem
+
+
+def render_model(model: Model, path: Optional[PathLike] = None, view=True):
+    """Render a model in graphviz, create PDF, and open it."""
     dot = graphviz.Digraph(model.name)
 
     # Create nodes
@@ -47,53 +70,54 @@ def render_model(model: Model):
         if not bg_color:
             bg_color = random.choice(graphviz_bright_colors)
             asset_type_colors[asset.lg_asset.name] = bg_color
-        dot.node(
-            str(asset.id), asset.name, style="filled", fillcolor=bg_color
-        )
+
+        dot.node(str(asset.id), asset.name, style="filled", fillcolor=bg_color)
 
     # Create edges
     for from_asset in model.assets.values():
-
         for fieldname, to_assets in from_asset.associated_assets.items():
             for to_asset in to_assets:
-                dot.edge(
-                    str(from_asset.id), str(to_asset.id), label=fieldname
-                )
-    dot.render(directory='.', view=True)
+                dot.edge(str(from_asset.id), str(to_asset.id), label=fieldname)
+
+    directory, filename = _resolve_graphviz_path(path, model.name)
+    dot.render(directory=directory, filename=f"{filename}.gv", view=view, format="pdf")
 
 
-def render_attack_graph(attack_graph: AttackGraph):
-    """Render attack graph graphviz, create pdf and open it"""
+def render_attack_graph(attack_graph: AttackGraph, path: Optional[PathLike] = None, view = True):
+    """Render attack graph graphviz, create PDF, and open it."""
     assert attack_graph.model, "Attack graph needs a model"
-    dot = graphviz.Graph(attack_graph.model.name)
-    dot.graph_attr['nodesep'] = '3.0'  # Node separation
-    dot.graph_attr['ratio'] = 'compress'
+
+    name = attack_graph.model.name + "-attack_graph"
+    dot = graphviz.Graph(name)
+    dot.graph_attr["nodesep"] = "3.0"
+    dot.graph_attr["ratio"] = "compress"
 
     # Create nodes
     asset_colors: dict[str, str] = {}
     for node in attack_graph.nodes.values():
         assert node.model_asset, "Node needs model"
+
         bg_color = asset_colors.get(node.model_asset.name)
         if not bg_color:
             bg_color = random.choice(graphviz_bright_colors)
             asset_colors[node.model_asset.name] = bg_color
-        path_color = 'white'
+
         match node.type:
-            case 'defense':
-                path_color = 'blue'
-            case 'or':
-                path_color = 'red'
-            case 'and':
-                path_color = 'red'
-            case 'exist':
-                path_color = 'grey'
-            case 'notExist':
-                path_color = 'grey'
+            case "defense":
+                path_color = "blue"
+            case "or" | "and":
+                path_color = "red"
+            case "exist" | "notExist":
+                path_color = "grey"
             case t:
-                raise ValueError(f'Type {t} not supported')
+                raise ValueError(f"Type {t} not supported")
 
         dot.node(
-            str(node.id), node.full_name, style="filled", color=path_color, fillcolor=bg_color
+            str(node.id),
+            node.full_name,
+            style="filled",
+            color=path_color,
+            fillcolor=bg_color
         )
 
     # Create edges
@@ -101,4 +125,5 @@ def render_attack_graph(attack_graph: AttackGraph):
         for child in parent.children:
             dot.edge(str(parent.id), str(child.id))
 
-    dot.render(directory='.', view=True)
+    directory, filename = _resolve_graphviz_path(path, name)
+    dot.render(directory=directory, filename=f"{filename}.gv", view=view, format="pdf")