# Use a rule engine

In [1]:
from durable.lang import *

with ruleset('test'):
    # antecedent
    @when_all(m.subject == 'World')
    def say_hello(c):
        # consequent
        print ('Hello {0}'.format(c.m.subject))

post('test', { 'subject': 'World' })

Hello World


{'sid': '0', 'id': 'sid-0', '$s': 1}

## create a more challenging case with forward inference. 

Start defining the ruleset

In [2]:
from durable.lang import *

with ruleset('animal'):
    @when_all(c.first << (m.predicate == 'eats') & (m.object == 'flies'),
              (m.predicate == 'lives') & (m.object == 'water') & (m.subject == c.first.subject))
    def frog(c):
        c.assert_fact({ 'subject': c.first.subject, 'predicate': 'is', 'object': 'frog' })

    @when_all(c.first << (m.predicate == 'eats') & (m.object == 'flies'),
              (m.predicate == 'lives') & (m.object == 'land') & (m.subject == c.first.subject))
    def chameleon(c):
        c.assert_fact({ 'subject': c.first.subject, 'predicate': 'is', 'object': 'chameleon' })

    @when_all((m.predicate == 'eats') & (m.object == 'worms'))
    def bird(c):
        c.assert_fact({ 'subject': c.m.subject, 'predicate': 'is', 'object': 'bird' })

    @when_all((m.predicate == 'is') & (m.object == 'frog'))
    def green(c):
        c.assert_fact({ 'subject': c.m.subject, 'predicate': 'is', 'object': 'green' })

    @when_all((m.predicate == 'is') & (m.object == 'chameleon'))
    def grey(c):
        c.assert_fact({ 'subject': c.m.subject, 'predicate': 'is', 'object': 'grey' })

    @when_all((m.predicate == 'is') & (m.object == 'bird'))
    def black(c):
        c.assert_fact({ 'subject': c.m.subject, 'predicate': 'is', 'object': 'black' })

    @when_all(+m.subject)
    def output(c):
        print('Fact: {0} {1} {2}'.format(c.m.subject, c.m.predicate, c.m.object))

now make assertions

In [3]:
assert_fact('animal', { 'subject': 'Kermit', 'predicate': 'eats', 'object': 'flies' })

Fact: Kermit eats flies


{'sid': '0', 'id': 'sid-0', '$s': 1}

In [6]:
assert_fact('animal', { 'subject': 'Kermit', 'predicate': 'lives', 'object': 'water' })

Fact: Kermit is green
Fact: Kermit is frog
Fact: Kermit lives water


{'sid': '0', 'id': 'sid-0', '$s': 1}

In [7]:
assert_fact('animal', { 'subject': 'Greedy', 'predicate': 'eats', 'object': 'flies' })

Fact: Greedy eats flies


{'sid': '0', 'id': 'sid-0', '$s': 1}

In [8]:
assert_fact('animal', { 'subject': 'Greedy', 'predicate': 'lives', 'object': 'land' })

Fact: Greedy is grey
Fact: Greedy is chameleon
Fact: Greedy lives land


{'sid': '0', 'id': 'sid-0', '$s': 1}

In [9]:
assert_fact('animal', { 'subject': 'Tweety', 'predicate': 'eats', 'object': 'worms' })

Fact: Tweety is black
Fact: Tweety is bird
Fact: Tweety eats worms


{'sid': '0', 'id': 'sid-0', '$s': 1}

## Now threat model
we understand how the rules work. construct some rules and try to apply them

In [10]:
with ruleset('risk'):
    @when_all(c.first << m.t == 'purchase',
              c.second << m.location != c.first.location)
    # the event pair will only be observed once
    def fraud(c):
        print('Fraud detected -> {0}, {1}'.format(c.first.location, c.second.location))
        
post('risk', {'t': 'purchase', 'location': 'US'})
post('risk', {'t': 'purchase', 'location': 'CA'})
    

Fraud detected -> CA, US


{'sid': '0', 'id': 'sid-0', '$s': 1}

In [11]:
post('risk', {'t': 'purchase', 'location': 'CA'})

In [12]:
post('risk', {'t': 'purchase', 'location': 'US'})

Fraud detected -> US, CA


{'sid': '0', 'id': 'sid-0', '$s': 1}

In [4]:
with ruleset('threatModel'):
    #antecedent
    @when_all((m.target == "Dataflow"),
              (m.target.authenticatedWith == False))
    def AA01(c):
        print({
            "description": "Dataflow not or insufficiently authenticated [vulnerability](https://cwe.mitre.org/data/definitions/287.html)",
            "comments": "instead of looking at both sides of a flow, consider the flow authenticated only if both sides authenticate",
            })
        


In [None]:
post('threatModel', {target:{'Dataflow':}})