Examples with VerdictThreatModels com.ge.research.osate.verdict.dsl.verdict.VerdictThreatModels used on opensource projects

Example 1 with VerdictThreatModels

use of com.ge.research.osate.verdict.dsl.verdict.VerdictThreatModels in project VERDICT by ge-high-assurance.

the class VerdictJavaValidator method checkThreatDatabase.

/**
 * Check that threat database IDs are non-empty and unique.
 *
 * @param database
 */
@Check(CheckType.FAST)
public void checkThreatDatabase(ThreatDatabase database) {
    List<String> otherDatabases = new ArrayList<>();
    AadlPackage top = ThreatModelUtil.getAadlPackage(database);
    if (database.getId().length() == 0) {
        error("Threat database must specify an ID", VerdictPackage.Literals.THREAT_DATABASE__ID);
    } else {
        for (AnnexLibrary library : top.getOwnedPublicSection().getOwnedAnnexLibraries()) {
            if ("verdict".equals(library.getName())) {
                VerdictThreatModels threats = ThreatModelUtil.getVerdictThreatModels(library);
                for (ThreatStatement statement : threats.getStatements()) {
                    if (statement instanceof ThreatDatabase && statement != database) {
                        otherDatabases.add(((ThreatDatabase) statement).getId());
                    }
                }
            }
        }
        if (otherDatabases.contains(database.getId())) {
            error("Duplicate ID: " + database.getId(), VerdictPackage.Literals.THREAT_DATABASE__ID);
        }
    }
}

Example 2 with VerdictThreatModels

use of com.ge.research.osate.verdict.dsl.verdict.VerdictThreatModels in project VERDICT by ge-high-assurance.

the class VerdictJavaValidator method checkThreatDefense.

/**
 * Check that threat defense names are non-empty and unique and that threat models are unique and defined.
 *
 * @param defense
 */
@Check(CheckType.FAST)
public void checkThreatDefense(ThreatDefense defense) {
    List<String> otherDefenses = new ArrayList<>();
    AadlPackage top = ThreatModelUtil.getAadlPackage(defense);
    if (defense.getName().length() == 0) {
        error("Threat defense must specify an ID", VerdictPackage.Literals.THREAT_DEFENSE__NAME);
    } else {
        for (AnnexLibrary library : top.getOwnedPublicSection().getOwnedAnnexLibraries()) {
            if ("verdict".equals(library.getName())) {
                VerdictThreatModels threats = ThreatModelUtil.getVerdictThreatModels(library);
                for (ThreatStatement statement : threats.getStatements()) {
                    if (statement instanceof ThreatDefense && statement != defense) {
                        otherDefenses.add(((ThreatDefense) statement).getName());
                    }
                }
            }
        }
        if (otherDefenses.contains(defense.getName())) {
            error("Duplicate ID: " + defense.getName(), VerdictPackage.Literals.THREAT_DEFENSE__NAME);
        }
    }
    // Check for duplicate threats
    Map<String, Integer> threatCounts = new HashMap<>();
    for (String threat : defense.getThreats()) {
        if (threatCounts.containsKey(threat)) {
            threatCounts.put(threat, threatCounts.get(threat) + 1);
        } else {
            threatCounts.put(threat, 1);
        }
    }
    int pos = 0;
    for (String threat : defense.getThreats()) {
        if (threatCounts.get(threat) > 1) {
            warning("Duplicate threat: " + threat, VerdictPackage.Literals.THREAT_DEFENSE__THREATS, pos);
        }
        pos++;
    }
    // Make sure threat models are defined
    Set<String> definedThreats = ThreatModelUtil.getDefinedThreatModels(defense);
    pos = 0;
    for (String threat : defense.getThreats()) {
        if (!definedThreats.contains(threat)) {
            error("Undefined threat: " + threat, VerdictPackage.Literals.THREAT_DEFENSE__THREATS, pos);
        }
        pos++;
    }
}