diff --git a/diagramParser.py b/diagramParser.py
index 891b42344f40680142735da7a6a316cb25b6935a..ca12b16c570683604d74cd1d26f3dcbd9c19d6b6 100644
--- a/diagramParser.py
+++ b/diagramParser.py
@@ -2,6 +2,7 @@ import pandas as pd
import ERFormatConstants as const
import components as component
import dynamics as dynamic
+import logging as log
# Function will parse a csv file and extract the necessary information, this is step 1 of the parse
def parseDiagramFile(csvFile):
@@ -22,7 +23,7 @@ def parseDiagramFile(csvFile):
attacks = []
- parseDynamic(df)
+ parseDynamic(df, metrics)
def parseThreats(df, threatDict):
@@ -76,39 +77,68 @@ def parseDynamic(df, metricList):
if df[const.textArea3][i] == const.ThreatDynamic: # If the dynamic component is a threat
threatDynamic = dynamic.BowtieDynamic(
df[const.Id][i], # Component ID LucidChart
- df[const.textArea3][i]
+ df[const.textArea3][i] # Name of dynamic
)
- extractMetrics(df, i, 4)
-
+ threatDynamic.metrics = extractMetrics(df, i, 4) # Extracts metrics from the dynamic component
+ joinMetrcs(threatDynamic.metrics, metricList) # Adds the metrics to the global metric list
+
+
elif df[const.textArea3][i] == const.ConsequenceDynamic:
- consequenceDynamic = dynamic.BowtieDynamic()
- extractMetrics(df, i, 4)
+ consequenceDynamic = dynamic.BowtieDynamic(
+ df[const.Id][i], # Component ID LucidChart
+ df[const.textArea3][i] # Name of dynamic
+ )
+ consequenceDynamic.metrics = extractMetrics(df, i, 4) # Extracts metrics from the dynamic component
+ joinMetrcs(threatDynamic.metrics, metricList) # Adds the metrics to the global metric list
+
elif df[const.textArea3][i] == const.AttackDynamic:
- attackDynamic = dynamic.BowtieDynamic()
- extractMetrics(df, i, 4)
+ attackDynamic = dynamic.BowtieDynamic(
+ df[const.Id][i], # Component ID LucidChart
+ df[const.textArea3][i] # Name of dynamic
+ )
+ attackDynamic.metrics = extractMetrics(df, i, 4)
+ joinMetrcs(threatDynamic.metrics, metricList) # Adds the metrics to the global metric list
+
elif df[const.textArea3][i] == const.ERDynamic:
- erDynamic = dynamic.ERDynamic()
- extractMetrics(df, i, 8)
+ erDynamic = dynamic.ERDynamic(
+ df[const.id][i], # Component ID LucidChart
+ df.textArea3[i], # Name of dynamic
+ )
+ erDynamic.metrics = extractMetrics(df, i, 8)
+ joinMetrcs(threatDynamic.metrics, metricList) # Adds the metrics to the global metric list
+
-def extractMetrics(df, index, startRange, metricList):
+def extractMetrics(df, index, startRange):
for j in range(startRange, len(df.columns),2): # Parse all text areas to find metrics
+ listOfMetrics = []
metricID = "Text Area "+str(j)
metricName = "Text Area "+str(j+1)
if pd.isnull(df[metric][index]) == False: # If the text area is not empty
print("Metric: ID", df[metricID][index], "Name: ", df[metricName][index])
metric = dynamic.Metric(df[metricID][index], df[metricName][index])
- metricList.append(metric)
+ listOfMetrics.append(metric)
else:
j=0
break # First empty field indicates no more metrics
- return metricList # Returns metric found in the dynamic component
-
+ return listOfMetrics # Returns metric found in the dynamic component
-
-
-
+ """_summary_
+ Function will use a local metric list and insert the local metrics into a global metric list
+ containing all the metrics in the threat landscape
+ """
+def joinMetrcs(localMetrics, globalMetrics):
+ duplicateMetrics = 0 # Counter for duplicate metrics per function run
+ for i in range(globalMetrics):
+ for j in range(localMetrics):
+ if globalMetrics[i].name == localMetrics[j].name: # Local metric already exists in the global metric list
+ duplicateMetrics += 1
+ break # Check next entry
+ else:
+ globalMetrics.append(localMetrics[j]) # Add the local metric to the global metric list
+ log.info("New local metric added to global metric list, metric: ", localMetrics[j].name)
+ log.info("Added all metrics in local list \n, number of duplicate metrics: ", duplicateMetrics, "\n Number of new metrics: ", len(localMetrics)-duplicateMetrics)
diff --git a/documentation/requirements.txt b/documentation/requirements.txt
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..2e7582422e7b85c961cfd87ef17665225848c56c 100644
--- a/documentation/requirements.txt
+++ b/documentation/requirements.txt
@@ -0,0 +1,28 @@
+Har komponenter
+Lagt til lokale metrics i hver komponent
+1. Må nå lage en global metric liste
+2. Må lage ER dynamikk liste
+3. Må koble dynamic komponenter til trusselkomponent
+
+
+
+# Thesis problem description
+Problem description:
+
+The thesis aims to innovate in risk modeling through the use of bowtie diagrams and the identification and documentation of dynamic indicators of software supply chain risk.
+The goal of the thesis is to research the possibilities of graphical linkage between bow tie risk models and entity relationship diagrams and to develop a method for this linkage.
+This is all in an effort to facilitate dynamic risk management for software supply chains.
+
+The thesis proposes a method for linking bow tie risk diagrams and entity relationship diagrams through dynamic indicators.
+The method will use new annotations on bow tie risk models and matrices containing indicators which can be observed for both ER architecture diagrams and bow tie risk models.
+To analyze the modeled diagrams and matrices, a analysis tool will be developed to facilitate the analysis and scoring of the modeled risk image.
+The scoring will be based on amount of indicators observed for critical components and their status.
+
+Method formulation and scorecard developement is being done using Technology research. This methodology splits the research into problem definition where a literature mapping was leveraged to understand state of the art.
+The next step is innovation where the method and prototype is developed.
+For evaluation the method and tool will be tested on two cases provided by partners.
+Preceeding the evaluation a new iteration of technology research will be started to improve the method and tool according to the evaluation.
+
+The focus of the annotation will be on risks and aspects related to software supply chains.
+The method will use specialized Entity relationship components to annotate the bow tie risk models and architecture diagram, this annotation will facilitate linkage between an entity relationship diagram of a software supply chain and the bow tie risk models associated with it.
+All resulting in a method which can help in determine which metrics one should observe to pick up on changes in the risk landscape of the software supply chain facilitating dynamic risk management.
diff --git a/dynamics.py b/dynamics.py
index d5d442de851d4bbf0e156b60744068d8308abaeb..dcaf9313c96fc20ea9a952d7927d41d2b3d61e2f 100644
--- a/dynamics.py
+++ b/dynamics.py
@@ -5,7 +5,7 @@ class DynamicComponent:
def __init__(self, componentID) -> None:
self.componentID = componentID
- self.metrics = [Metric] # List of metrics for the dynamic
+ self.metrics = [] # List of metrics for the dynamic
self.DynamicsRow = None # The row in the dynamics table the dynamic is associated with