Decouple shared runtime from model

Threagile · Jun 7, 2024 · 33b5bbc · 33b5bbc
1 parent a51aafa
commit 33b5bbc
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 49 deletions.
diff --git a/pkg/report/report.go b/pkg/report/report.go
@@ -2506,10 +2506,18 @@ func sortedSharedRuntimesByTitle(parsedModel *types.Model) []*types.SharedRuntim
 	for _, runtime := range parsedModel.SharedRuntimes {
 		result = append(result, runtime)
 	}
-	sort.Sort(types.BySharedRuntimeTitleSort(result))
+	sort.Sort(bySharedRuntimeTitleSort(result))
 	return result
 }
 
+type bySharedRuntimeTitleSort []*types.SharedRuntime
+
+func (what bySharedRuntimeTitleSort) Len() int      { return len(what) }
+func (what bySharedRuntimeTitleSort) Swap(i, j int) { what[i], what[j] = what[j], what[i] }
+func (what bySharedRuntimeTitleSort) Less(i, j int) bool {
+	return what[i].Title < what[j].Title
+}
+
 func sortedTechnicalAssetsByTitle(parsedModel *types.Model) []*types.TechnicalAsset {
 	assets := make([]*types.TechnicalAsset, 0)
 	for _, asset := range parsedModel.TechnicalAssets {

diff --git a/pkg/risks/builtin/missing_cloud_hardening_rule.go b/pkg/risks/builtin/missing_cloud_hardening_rule.go
@@ -419,14 +419,13 @@ func (r *MissingCloudHardeningRule) createRiskForSharedRuntime(input *types.Mode
 		title += ": <u>" + details + "</u>"
 	}
 	impact := types.MediumImpact
-	if sharedRuntime.HighestConfidentiality(input) >= types.Confidential ||
-		sharedRuntime.HighestIntegrity(input) >= types.Critical ||
-		sharedRuntime.HighestAvailability(input) >= types.Critical {
+	confidentiality := input.FindSharedRuntimeHighestConfidentiality(sharedRuntime)
+	integrity := input.FindSharedRuntimeHighestIntegrity(sharedRuntime)
+	availability := input.FindSharedRuntimeHighestAvailability(sharedRuntime)
+	if confidentiality >= types.Confidential || integrity >= types.Critical || availability >= types.Critical {
 		impact = types.HighImpact
 	}
-	if sharedRuntime.HighestConfidentiality(input) == types.StrictlyConfidential ||
-		sharedRuntime.HighestIntegrity(input) == types.MissionCritical ||
-		sharedRuntime.HighestAvailability(input) == types.MissionCritical {
+	if confidentiality == types.StrictlyConfidential || integrity == types.MissionCritical || availability == types.MissionCritical {
 		impact = types.VeryHighImpact
 	}
 	// create risk

diff --git a/pkg/types/model.go b/pkg/types/model.go
@@ -143,7 +143,7 @@ func (parsedModel *Model) CheckRiskTracking(ignoreOrphanedRiskTracking bool, pro
 					"creates its individual ID by taking all affected elements causing the risk to be within an @-delimited part. "+
 					"Using wildcards (the * sign) for parts delimited by @ signs allows to handle groups of certain risks at once. "+
 					"Best is to lookup the IDs to use in the created Excel file. Alternatively a model macro \"seed-risk-tracking\" "+
-					"is available that helps in initially seeding the risk tracking part here based on already identified and not yet handled risks.",
+					"is available that helps in initially seeding the risk tracking part here based on already identified and not yet handled risks",
 					tracking.SyntheticRiskId)
 			}
 		}
@@ -321,3 +321,69 @@ func (parsedModel *Model) OutOfScopeTechnicalAssets() []*TechnicalAsset {
 	sort.Sort(ByTechnicalAssetTitleSort(assets))
 	return assets
 }
+
+func (parsedModel *Model) FindSharedRuntimeHighestConfidentiality(sharedRuntime *SharedRuntime) Confidentiality {
+	highest := Public
+	for _, id := range sharedRuntime.TechnicalAssetsRunning {
+		techAsset := parsedModel.TechnicalAssets[id]
+		if techAsset.HighestProcessedConfidentiality(parsedModel) > highest {
+			highest = techAsset.HighestProcessedConfidentiality(parsedModel)
+		}
+	}
+	return highest
+}
+
+func (parsedModel *Model) FindSharedRuntimeHighestIntegrity(sharedRuntime *SharedRuntime) Criticality {
+	highest := Archive
+	for _, id := range sharedRuntime.TechnicalAssetsRunning {
+		techAssetIntegrity := parsedModel.TechnicalAssets[id].HighestProcessedIntegrity(parsedModel)
+		if techAssetIntegrity > highest {
+			highest = techAssetIntegrity
+		}
+	}
+	return highest
+}
+
+func (parsedModel *Model) FindSharedRuntimeHighestAvailability(sharedRuntime *SharedRuntime) Criticality {
+	highest := Archive
+	for _, id := range sharedRuntime.TechnicalAssetsRunning {
+		techAssetAvailability := parsedModel.TechnicalAssets[id].HighestProcessedAvailability(parsedModel)
+		if techAssetAvailability > highest {
+			highest = techAssetAvailability
+		}
+	}
+	return highest
+}
+
+/*func (what SharedRuntime) HighestConfidentiality(model *Model) Confidentiality {
+-       highest := Public
+-       for _, id := range what.TechnicalAssetsRunning {
+-               techAsset := model.TechnicalAssets[id]
+-               if techAsset.HighestProcessedConfidentiality(model) > highest {
+-                       highest = techAsset.HighestProcessedConfidentiality(model)
+-               }
+-       }
+-       return highest
+-}
+-
+-func (what SharedRuntime) HighestIntegrity(model *Model) Criticality {
+-       highest := Archive
+-       for _, id := range what.TechnicalAssetsRunning {
+-               techAsset := model.TechnicalAssets[id]
+-               if techAsset.HighestProcessedIntegrity(model) > highest {
+-                       highest = techAsset.HighestProcessedIntegrity(model)
+-               }
+-       }
+-       return highest
+-}
+-
+-func (what SharedRuntime) HighestAvailability(model *Model) Criticality {
+-       highest := Archive
+-       for _, id := range what.TechnicalAssetsRunning {
+-               techAsset := model.TechnicalAssets[id]
+-               if techAsset.HighestProcessedAvailability(model) > highest {
+-                       highest = techAsset.HighestProcessedAvailability(model)
+-               }
+-       }
+-       return highest
+-}*/
diff --git a/pkg/types/shared_runtime.go b/pkg/types/shared_runtime.go
@@ -15,44 +15,3 @@ type SharedRuntime struct {
 func (what SharedRuntime) IsTaggedWithAny(tags ...string) bool {
 	return containsCaseInsensitiveAny(what.Tags, tags...)
 }
-
-func (what SharedRuntime) HighestConfidentiality(model *Model) Confidentiality {
-	highest := Public
-	for _, id := range what.TechnicalAssetsRunning {
-		techAsset := model.TechnicalAssets[id]
-		if techAsset.HighestProcessedConfidentiality(model) > highest {
-			highest = techAsset.HighestProcessedConfidentiality(model)
-		}
-	}
-	return highest
-}
-
-func (what SharedRuntime) HighestIntegrity(model *Model) Criticality {
-	highest := Archive
-	for _, id := range what.TechnicalAssetsRunning {
-		techAsset := model.TechnicalAssets[id]
-		if techAsset.HighestProcessedIntegrity(model) > highest {
-			highest = techAsset.HighestProcessedIntegrity(model)
-		}
-	}
-	return highest
-}
-
-func (what SharedRuntime) HighestAvailability(model *Model) Criticality {
-	highest := Archive
-	for _, id := range what.TechnicalAssetsRunning {
-		techAsset := model.TechnicalAssets[id]
-		if techAsset.HighestProcessedAvailability(model) > highest {
-			highest = techAsset.HighestProcessedAvailability(model)
-		}
-	}
-	return highest
-}
-
-type BySharedRuntimeTitleSort []*SharedRuntime
-
-func (what BySharedRuntimeTitleSort) Len() int      { return len(what) }
-func (what BySharedRuntimeTitleSort) Swap(i, j int) { what[i], what[j] = what[j], what[i] }
-func (what BySharedRuntimeTitleSort) Less(i, j int) bool {
-	return what[i].Title < what[j].Title
-}