Merge pull request #57 from monarc-project/bugfix/339

Bugfix/339
monarc-project · Oct 27, 2021 · 2e3aeb8 · 2e3aeb8
2 parents 24e0f2b + a552a29
commit 2e3aeb8
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 4 deletions.
diff --git a/src/Model/Entity/InstanceRiskSuperClass.php b/src/Model/Entity/InstanceRiskSuperClass.php
@@ -362,6 +362,7 @@ public function getInstance()
     public function setInstance($instance): self
     {
         $this->instance = $instance;
+        $this->instance->addInstanceRisk($this);
 
         return $this;
     }

diff --git a/src/Model/Entity/InstanceSuperClass.php b/src/Model/Entity/InstanceSuperClass.php
@@ -103,6 +103,13 @@ class InstanceSuperClass extends AbstractEntity
      */
     protected $instanceConsequences;
 
+    /**
+     * @var InstanceRiskSuperClass[]|ArrayCollection
+     *
+     * @ORM\OneToMany(targetEntity="InstanceRisk", mappedBy="instance")
+     */
+    protected $instanceRisks;
+
     /**
      * @var string
      *
@@ -239,6 +246,7 @@ class InstanceSuperClass extends AbstractEntity
     public function __construct($obj = null)
     {
         $this->instanceConsequences = new ArrayCollection();
+        $this->instanceRisks = new ArrayCollection();
 
         parent::__construct($obj);
     }
@@ -566,6 +574,21 @@ public function resetInstanceConsequences(): self
         return $this;
     }
 
+    public function getInstanceRisks()
+    {
+        return $this->instanceRisks;
+    }
+
+    public function addInstanceRisk(InstanceRiskSuperClass $instanceRisk): self
+    {
+        if (!$this->instanceRisks->contains($instanceRisk)) {
+            $this->instanceRisks->add($instanceRisk);
+            $instanceRisk->setInstance($this);
+        }
+
+        return $this;
+    }
+
     /**
      * Returns the instance hierarchy array ordered from it's root through all the children to the instance itself.
      * Each element is a normalized array of instance properties.

diff --git a/src/Service/InstanceRiskService.php b/src/Service/InstanceRiskService.php
@@ -170,13 +170,14 @@ public function getInstanceRisks(int $anrId, ?int $instanceId, array $params = [
             $threat = $instanceRisk->getThreat();
             $vulnerability = $instanceRisk->getVulnerability();
             $key = 'r' . $instanceRisk->getId();
+            $isInstanceRiskHasToBeSet = true;
             if ($object->isScopeGlobal()) {
                 $key = 'o' . $object->getUuid() . '-' . $threat->getUuid() . '-' . $vulnerability->getUuid();
+                if (isset($result[$key])) {
+                    $isInstanceRiskHasToBeSet = $this->shouldInstanceRiskBeAddedToResults($instanceRisk, $result[$key]);
+                }
             }
-            if (!isset($result[$key])
-                || !$object->isScopeGlobal()
-                || $result[$key]['max_risk'] < $instanceRisk->getCacheMaxRisk()
-            ) {
+            if (!$object->isScopeGlobal() || $isInstanceRiskHasToBeSet) {
                 $result[$key] = $this->addCustomFieldsToInstanceRiskResult($instanceRisk, [
                     'id' => $instanceRisk->getId(),
                     'oid' => $object->getUuid(),
@@ -573,4 +574,41 @@ private function extractInstancesAndTheirChildrenIds(array $instances): array
 
         return $instancesIds;
     }
+
+    /**
+     * Determines whether the instance risk should be added to the list result in case. Only for global objects.
+     *
+     * @param InstanceRiskSuperClass $instanceRisk
+     * @param array $valuesToCompare
+     *
+     * @return bool
+     */
+    private function shouldInstanceRiskBeAddedToResults(
+        InstanceRiskSuperClass $instanceRisk,
+        array $valuesToCompare
+    ): bool {
+        $instance = $instanceRisk->getInstance();
+        $isMaxRiskSet = false;
+        foreach ($instance->getInstanceRisks() as $instanceRiskToValidate) {
+            if ($instanceRiskToValidate->getCacheMaxRisk() !== -1) {
+                $isMaxRiskSet = true;
+                break;
+            }
+        }
+        if ($isMaxRiskSet) {
+            return $valuesToCompare['max_risk'] < $instanceRisk->getCacheMaxRisk();
+        }
+
+        /* We compare CIA criteria in case if max risk value is not set. */
+        $maxExistedCia = max($valuesToCompare['c_impact'], $valuesToCompare['i_impact'], $valuesToCompare['d_impact']);
+        $maxCurrentCia = max($instance->getConfidentiality(), $instance->getIntegrity(), $instance->getAvailability());
+        if ($maxExistedCia === $maxCurrentCia) {
+            $sumExistedCia = $valuesToCompare['c_impact'] + $valuesToCompare['i_impact'] + $valuesToCompare['d_impact'];
+            $sumCurrentCia = $instance->getConfidentiality() + $instance->getIntegrity() + $instance->getAvailability();
+
+            return $sumExistedCia < $sumCurrentCia;
+        }
+
+        return $maxExistedCia < $maxCurrentCia;
+    }
 }