From e70b60e69ce5700225c046b76f49339d7bd3e906 Mon Sep 17 00:00:00 2001
From: Vagrant <27415349+mike1813@users.noreply.github.com>
Date: Mon, 4 Sep 2023 12:09:54 +0100
Subject: [PATCH] Changes in the RiskCalculatorTest class, plus some
 diagnostics in RiskCalculator show that issue #75 is caused by a problem with
 domain model registration. Not a solution, but shows what the problem is.

---
 .../modelvalidator/RiskCalculator.java        | 17 ++++++++++---
 .../test/RiskLevelCalculatorTester.java       | 24 +++++++++++++------
 2 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/src/main/java/uk/ac/soton/itinnovation/security/modelvalidator/RiskCalculator.java b/src/main/java/uk/ac/soton/itinnovation/security/modelvalidator/RiskCalculator.java
index 7bcc4789..6bf73ece 100644
--- a/src/main/java/uk/ac/soton/itinnovation/security/modelvalidator/RiskCalculator.java
+++ b/src/main/java/uk/ac/soton/itinnovation/security/modelvalidator/RiskCalculator.java
@@ -170,6 +170,7 @@ public RiskCalculator(IQuerierDB querier) {
 
         // Load system model assets, matching patterns and nodes
         assets = querier.getAssets("system", "system-inf");
+        logger.info("Found {} system assets", assets.size());
         matchingPatterns = querier.getMatchingPatterns("system-inf");
         nodes = querier.getNodes("system-inf");
 
@@ -416,9 +417,19 @@ private void createMaps(){
         for (ThreatDB threat : threats.values()) {
             List<String> causesThisThreat = new ArrayList<>();
             for(String twasURI : threat.getEntryPoints()){
-                String msURI = entryPointMisbehaviour.get(twasURI).getUri();
-                if(!causesThisThreat.contains(msURI))
-                    causesThisThreat.add(msURI);
+                if(twasURI == null){
+                    logger.info("Found null entry point for threat = {}", threat.getUri());
+                }
+                String msURI;
+                MisbehaviourSetDB ms = entryPointMisbehaviour.get(twasURI);
+                if(ms != null){
+                    msURI = entryPointMisbehaviour.get(twasURI).getUri();
+                    if(!causesThisThreat.contains(msURI))
+                        causesThisThreat.add(msURI);
+                } else {
+                    logger.info("Found null MS in entryPointMisbehaviour for TWAS = {}, threat {}", twasURI, threat.getUri());
+                    throw new RuntimeException(String.format("Found null MS in entryPointMisbehaviour for TWAS = {}", twasURI));
+                }
             }
             for(String msURI : threat.getSecondaryEffectConditions()){
                 if(!causesThisThreat.contains(msURI))
diff --git a/src/test/java/uk/ac/soton/itinnovation/security/modelvalidator/test/RiskLevelCalculatorTester.java b/src/test/java/uk/ac/soton/itinnovation/security/modelvalidator/test/RiskLevelCalculatorTester.java
index 926ce509..bba2e123 100644
--- a/src/test/java/uk/ac/soton/itinnovation/security/modelvalidator/test/RiskLevelCalculatorTester.java
+++ b/src/test/java/uk/ac/soton/itinnovation/security/modelvalidator/test/RiskLevelCalculatorTester.java
@@ -89,6 +89,7 @@ public static void beforeClass() {
 
 		tester = new TestHelper("jena-tdb");
 
+		/*
 		tester.addDomain(0, "modelvalidator/domain-network.rdf.gz", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/domain-network");
 		tester.addDomain(1, "modelvalidator/domain-shield.rdf.gz", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/domain-shield");
 		tester.addDomain(2, "modelvalidator/FOGPROTECT-3j1-5.nq.gz", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/domain-fogprotect");
@@ -99,6 +100,9 @@ public static void beforeClass() {
 		//Test domain model for population support
 		tester.addDomain(6, "modelvalidator/domain-ssm-testing-6a3.nq", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/ssm-testing-6a3");
 		tester.addDomain(7, "modelvalidator/ssm-testing-6a3-0-16-auto-expanded.nq", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/ssm-testing-6a3-expanded");
+		tester.addDomain(8, "modelvalidator/domain-network-v6a3-1-4.nq.gz", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/domain-network");
+		*/
+		tester.addDomain(0, "modelvalidator/domain-network-v6a3-2-2.nq.gz", "http://it-innovation.soton.ac.uk/ontologies/trustworthiness/domain-network");
 
 		//unvalidated system model for testing risk calculator
 		tester.addSystem(0, "modelvalidator/system-network.nq.gz",
@@ -139,7 +143,10 @@ public static void beforeClass() {
 		tester.addSystem(9, "modelvalidator/Test-6a3-1ANB-HighSatC-asserted.nq",
 				"http://it-innovation.soton.ac.uk/system/63b2f38af03b473a0ce2a3b9");
 
-		tester.setUp();
+		tester.addSystem(10, "modelvalidator/system-dataflow-test-singles-validated.nq.gz",
+				"http://it-innovation.soton.ac.uk/system/63d9308f8f6a206408be9010");
+
+				tester.setUp();
 
 		tester.switchModels(0, 0);
 
@@ -418,10 +425,10 @@ public void testAttackPaths() {
 	}
 
 	//TODO: fix or delete this test
-	@Ignore("This test fails for refactored validator but we don't yet know why. Testing the two risk calculations separately works fine (see below).")
+	//@Ignore("This test fails for refactored validator but we don't yet know why. Testing the two risk calculations separately works fine (see below).")
 	@Test
 	public void testCurrentOrFutureRiskCalculation() {
-		tester.switchModels(2, 3);
+		tester.switchModels(0, 10);
 
 		try {
 			IQuerierDB querierDB = new JenaQuerierDB(dataset, tester.getModel(), true);
@@ -430,15 +437,18 @@ public void testCurrentOrFutureRiskCalculation() {
 			rc.calculateRiskLevels(RiskCalculationMode.CURRENT, true, new Progress(tester.getGraph("system"))); //save results, as queried below
 
 			MisbehaviourSet ms = smq.getMisbehaviourSet(tester.getStore(),
-					"http://it-innovation.soton.ac.uk/ontologies/trustworthiness/system#MS-LossOfAvailability-d7369b42",
+					"http://it-innovation.soton.ac.uk/ontologies/trustworthiness/system#MS-LossOfAuthenticity-a40e98cc",
 					false); //no need for causes here
-			assertEquals(2, ms.getLikelihood().getValue());
+			logger.info("Future risk: MS-LossOfAuthenticity-a40e98cc has likelihood {}, value {}",ms.getLikelihood(),ms.getLikelihood().getValue());
+			assertEquals(0, ms.getLikelihood().getValue());
 
 			rc.calculateRiskLevels(RiskCalculationMode.FUTURE, true, new Progress(tester.getGraph("system"))); //save results, as queried below
 			ms = smq.getMisbehaviourSet(tester.getStore(),
-					"http://it-innovation.soton.ac.uk/ontologies/trustworthiness/system#MS-LossOfAvailability-d7369b42",
+					"http://it-innovation.soton.ac.uk/ontologies/trustworthiness/system#MS-LossOfAuthenticity-a40e98cc",
 					false); //no need for causes here
-			assertEquals(1, ms.getLikelihood().getValue());
+			logger.info("Current risk: MS-LossOfAuthenticity-a40e98cc has likelihood {}, value {}",ms.getLikelihood(),ms.getLikelihood().getValue());
+			assertEquals(3, ms.getLikelihood().getValue());
+
 		} catch (Exception e) {
 			logger.error("Exception thrown by risk level calculator", e);
 			fail("Exception thrown by risk level calculator");