The script that was used for the visualization was more of a procedural programming and not a OOP version that could further build on the inline data model. It was therefore that we decided that we would follow up the script with a OOP version. While it was eventually not fully implemented, I believe this could be used a starter and to get an idea.
In [1]:
class View:
def __init__(self, Id, Name):
self.id = Id
self.name = Name
self.children = []
def getID(self):
return self.id
def getName(self):
return self.name
def addChild(self, child):
self.children.append(child)
def removeChild(self, child):
self.children.remove(child)
def printDetails(self):
print("%s - %s " % (self.id, self.name))
for child in self.children:
print("\t")
child.printDetails()
class Category(View):
def __init__(self, Id, Name, Desc):
View.__init__(self, Id, Name)
self.description = Desc
def getDesc():
return self.description
class MetaAttackPattern(Category):
def __init__(self, Id, Name, Desc):
Category.__init__(self, Id, Name, Desc)
self.fields = Fields()
class StandardAttackPattern(MetaAttackPattern):
def __init__(self, Id, Name, Desc):
MetaAttackPattern.__init__(self, Id, Name, Desc)
class DetailedAttackPattern(StandardAttackPattern):
def __init__(self, Id, Name, Desc):
StandardAttackPattern.__init__(self, Id, Name, Desc)
class Fields():
def __init__(self):
self.attack_prerequisites = []
self.typical_severity = ""
self.typical_likelihood_of_exploit = ""
self.methods_of_attack = []
self.example_instance = ""
self.attacker_skill_or_knowledge_required = []
self.resources_required = ""
self.probing_techniques = []
self.indicators_warnings_of_attack = []
self.obfuscation_techniques = []
self.solutions_or_mitigations = []
self.attack_motivation_consequences = []
self.injection_vector = ""
self.payload = ""
self.activation_zone = ""
self.payload_activation_impact = ""
self.related_weaknesses = []
self.related_attack_patterns = []
self.related_vulnerabilities = []
self.relevant_security_requirements = []
self.related_security_principles = []
self.related_guidelines = []
self.purposes = []
self.cia_impact = {"Confidentiality_Impact" : None, "Integrity_Impact" : None, "Availability_Impact" : None}
def addAttackPrerequisite(self, value):
self.attack_prerequisites.append(value)
def getAttackPrerequisite(self):
return self.attack_prerequisite
def setTypicalSeverity(self, value):
self.typical_severity = value
def getTypicalSeverity(self):
return self.typical_severity
def setTypicalLikelihoodOfExploit(self, value):
self.typical_likelihood_of_exploit = value
def getTypicalLikelihookOfExploit(self):
return self.typical_likelihood_of_exploit
def addMethodOfAttack(self, value):
self.methods_of_attack.append(value)
def getMethodOfAttack(self):
return self.method_of_attack
def setExampleInstance(self, value):
self.example_instance = value
def getExampleInstance(self):
return self.example_instance
def addAttackerSkillsOrKnowledgeRequired(self, value1, value2):
temp_dict = dict()
temp_dict["Skill_or_Knowledge_Level"] = value1
temp_dict["Skill_or_Knowledge_Type"] = value2
self.attacker_skill_or_knowledge_required.append(temp_dict)
def getAttackerSkillOrKnowledgeRequired(self):
return self.attacker_skill_or_knowledge_required
def setResourcesRequired(self, value):
self.resources_required = value
def getResourcesRequired(self):
return self.resources_required
def addProbingTechnique(self, value):
self.probing_techniques.append(value)
def getProbingTechniques(self):
return self.probing_techniquesd
def addIndicatorsWarningsOfAttack(self, value):
self.indicators_warnings_of_attack.append(value)
def getIndicatorsWarningsOfAttack(self):
return self.indicators_warnings_of_attack
def addObfuscationTechnique(self, value):
self.obfuscation_techniques.append(value)
def getObfuscationTechniques(self):
return self.obfuscation_techniques
def addSolutionsOrMitigations(self, value):
self.solutions_or_mitigations.append(value)
def getSolutionsOrMitigations(self):
return self.solutions_or_mitigations
def addAttackMotivationConsequences(self, value1, value2, value3):
temp_dict = dict()
temp_dict["Consequence_Scope"] = value1
temp_dict["Consequence_Technical_Impact"] = value2
temp_dict["Consequence_Note"] = value3
self.attack_motivation_consequences.append(temp_dict)
def getAttackMotivationConsequences(self):
return self.attack_motivation_consequences
def setInjectionVector(self, value):
self.injection_vector = value
def getInjectionVector(self):
return self.injection_vector
def setPayload(self, value):
self.payload = value
def getPayload(self):
return self.payload
def setActivationZone(self, value):
self.activation_zone = value
def getActivationZone(self):
return self.activation_zone
def setPayloadActivationImpact(self, value):
self.payload_activation_impact = value
def getPayloadActivationImpact(self):
return self.payload_activation_impact
def addRelatedVulnerability(self, value1, value2):
temp_dict = dict()
temp_dict["Vulnerability_ID"] = value1
temp_dict["Vulnerability_Description"] = value2
self.related_weaknesses.append(temp_dict)
def getRelatedVulnerabilities(self):
return self.related_vulnerabilities
def addRelatedWeaknesses(self, value1, value2):
temp_dict = dict()
temp_dict["CWE_ID"] = value1
temp_dict["Weakness_Relationship_Type"] = value2
self.related_weaknesses.append(temp_dict)
def getRelatedWeaknesses(self):
return self.related_weaknesses
def addRelatedAttackPattern(self, value1, value2, value3, value4):
temp_dict = dict()
temp_dict["Relationship_View_ID"] = value1
temp_dict["Relationship_Target_Form"] = value2
temp_dict["Relationship_Nature"] = value3
temp_dict["Relationship_Target_ID"] = value4
self.related_attack_patterns.append(temp_dict)
def getRelatedAttackPatterns(self):
return self.related_attack_patterns
def addRelatedSecurityPrinciple(self, value):
self.related_security_principles.append(value)
def getRelatedSecurityPrinciples(self):
return self.related_security_principles
def addRelevantSecurityRequirement(self, value):
self.relevant_security_requirements.append(value)
def getRelevantSecurityRequirements(self):
return self.relevant_security_requirements
def addRelatedGuideline(self, value):
self.related_guidelines.append(value)
def getRelatedGuidelines(self):
return self.related_guidelines
def addPurpose(self, value):
self.purposes.append(value)
def getPurposes(self):
return self.purposes
def setCIAImpact(self, value1, value2, value3):
self.cia_impact["Confidentiality_Impact"] = value1
self.cia_impact["Integrity_Impact"] = value2
self.cia_impact["Availability_Impact"] = value3
def getCIAImpact(self):
return self.cia_impact
The OOP proposal class definitions contain the various fields that come under each View, Category and Attack Patterns and contains setters and getters for the various fields.