ControlsController¶
- Namespace:
Insorce.Controllers - Project:
Andromeda.Web
Overview¶
The ControlsController manages features related to project controls, objectives, risks, activities, and metrics within a risk management system. It supports data retrieval, creation, update, deletion, and validation operations for controls and associated entities.
Feature Summary¶
- Implements management of project objectives, risk activities, controls, and metrics.
- Supports file upload/download for objective-related documents.
- Provides views for objectives, control environment, control configuration, metrics, and control identification.
- Enables adding, editing, deleting, and mapping of controls, risks, activities, and groups.
- Handles control pattern XML validation, saving, and retrieval.
- Calculates risk priority numbers (RPN) and control effectiveness metrics.
- Supports operationalizing controls from different contexts and applying control lines.
- Manages compensatory controls and business rule associations.
UX Summary¶
- Multiple views provide detailed UI for objectives, controls, metrics, and control environment.
- JSON responses are used extensively for dynamic UI updates and client-side processing.
- File upload/download features impact user workflow and require clear error handling.
- User actions such as adding/editing objectives, controls, and metrics trigger UI updates and notifications.
- Some methods lack proper input validation and error feedback, potentially harming user experience.
- Session and cookie usage affect user flow and session continuity.
- Complex data transformations and large data sets may cause UI delays or confusion without proper handling.
Data Dependencies¶
- Relies on project data including objectives, risks, activities, controls, metrics, and implementation plans.
- Uses repositories or models for data access and manipulation (e.g., controlModel).
- Processes JSON and XML data for control patterns and metrics.
- Performs grouping, filtering, and aggregation of entities for view models.
- Handles file system operations for objective file uploads and downloads.
- Manages session state and cookies for user context and workflow.
Authentication / Authorization Notes¶
- Several methods lack explicit authentication or authorization checks, exposing risks of unauthorized data access.
- Input parameters often require sanitization to prevent SQL injection and data tampering.
- Session variables are used to maintain user context but require validation to prevent tampering.
- Some endpoints return 403 errors for unauthorized actions, indicating partial permission enforcement.
- Security risks include SQL injection, JSON deserialization vulnerabilities, path traversal, and XSS attacks due to insufficient input validation.
Controller Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_Execute["Andromeda.Core.DataManager.Execute"]
Andromeda_Core_DataManager_GetData["Andromeda.Core.DataManager.GetData"]
Andromeda_Core_DataManager_GetDataList["Andromeda.Core.DataManager.GetDataList"]
Andromeda_Core_Database_helper_SqlParameters["Andromeda.Core.Database.helper.SqlParameters"]
Andromeda_Core_Entities_ActivityActorArrow_Clone["Andromeda.Core.Entities.ActivityActorArrow.Clone"]
Andromeda_Core_Entities_ActivityControl_Clone["Andromeda.Core.Entities.ActivityControl.Clone"]
Andromeda_Core_Entities_Activity_Clone["Andromeda.Core.Entities.Activity.Clone"]
Andromeda_Core_Entities_Activity_ReworkEffort["Andromeda.Core.Entities.Activity.ReworkEffort"]
Andromeda_Core_Entities_Activity_TotalEffort["Andromeda.Core.Entities.Activity.TotalEffort"]
Andromeda_Core_Entities_Actor_GetLocation["Andromeda.Core.Entities.Actor.GetLocation"]
Andromeda_Core_Entities_Arrow_Clone["Andromeda.Core.Entities.Arrow.Clone"]
Andromeda_Core_Entities_ControlTheRisks_GetRisks["Andromeda.Core.Entities.ControlTheRisks.GetRisks"]
Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone["Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone"]
Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks["Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks"]
Andromeda_Core_Entities_Project_GetTags["Andromeda.Core.Entities.Project.GetTags"]
Andromeda_Core_Entities_Risks_GetControls["Andromeda.Core.Entities.Risks.GetControls"]
Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone["Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone"]
Andromeda_Core_Extensions_LinqExtensions_DistinctBy["Andromeda.Core.Extensions.LinqExtensions.DistinctBy"]
Andromeda_Core_Extensions_LinqExtensions_RemoveLineBreakChars["Andromeda.Core.Extensions.LinqExtensions.RemoveLineBreakChars"]
Andromeda_Core_LoggingManager_Debug["Andromeda.Core.LoggingManager.Debug"]
Andromeda_Core_LoggingManager_Error["Andromeda.Core.LoggingManager.Error"]
Andromeda_Core_LoggingManager_Exception["Andromeda.Core.LoggingManager.Exception"]
Andromeda_Core_LoggingManager_Info["Andromeda.Core.LoggingManager.Info"]
Andromeda_Core_Models_ActivitySearch_CreateIndex["Andromeda.Core.Models.ActivitySearch.CreateIndex"]
Andromeda_Core_Models_ActivitySearch_Search["Andromeda.Core.Models.ActivitySearch.Search"]
Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows["Andromeda.Core.Services.Algorithms.Delooper.GetLoopingArrows"]
Andromeda_Core_Services_Algorithms_Delooper_PossiblePath["Andromeda.Core.Services.Algorithms.Delooper.PossiblePath"]
Andromeda_Core_Services_Algorithms_Delooper_deloop["Andromeda.Core.Services.Algorithms.Delooper.deloop"]
Andromeda_Core_Services_ProcessExtensions_FindByID["Andromeda.Core.Services.ProcessExtensions.FindByID"]
Andromeda_Validation_ProcessMapValidation_Validate["Andromeda.Validation.ProcessMapValidation.Validate"]
Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities["Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities"]
ControlsController_Adequacy["ControlsController.Adequacy"]
ControlsController_CalculaterRPN["ControlsController.CalculaterRPN"]
ControlsController_ControlConfiguration["ControlsController.ControlConfiguration"]
ControlsController_ControlEnvironment["ControlsController.ControlEnvironment"]
ControlsController_ControlExistence["ControlsController.ControlExistence"]
ControlsController_ControlIdentification["ControlsController.ControlIdentification"]
ControlsController_DeleteObjective["ControlsController.DeleteObjective"]
ControlsController_DeleteObjectiveData["ControlsController.DeleteObjectiveData"]
ControlsController_DeleteObjectiveFile["ControlsController.DeleteObjectiveFile"]
ControlsController_EditMetric["ControlsController.EditMetric"]
ControlsController_Effectiveness["ControlsController.Effectiveness"]
ControlsController_GetActivityRanks["ControlsController.GetActivityRanks"]
ControlsController_GetAllActivityRanking["ControlsController.GetAllActivityRanking"]
ControlsController_GetMetricsData["ControlsController.GetMetricsData"]
ControlsController_IdentifyControl["ControlsController.IdentifyControl"]
ControlsController_IdentifyControlPartial["ControlsController.IdentifyControlPartial"]
ControlsController_Index["ControlsController.Index"]
ControlsController_Metrics["ControlsController.Metrics"]
ControlsController_Objectives["ControlsController.Objectives"]
ControlsController_RefreshObjectControlMapping["ControlsController.RefreshObjectControlMapping"]
ControlsController_SaveControlPatterninDB["ControlsController.SaveControlPatterninDB"]
ControlsController_SaveNewObjective["ControlsController.SaveNewObjective"]
ControlsController_SaveObjectiveData["ControlsController.SaveObjectiveData"]
ControlsController_SavePatternXml["ControlsController.SavePatternXml"]
ControlsController_ValidateAndSavePatternXml["ControlsController.ValidateAndSavePatternXml"]
ControlsController_ValidateControlPatternXml["ControlsController.ValidateControlPatternXml"]
Insorce_Helpers_Helpers_BuildCompRow["Insorce.Helpers.Helpers.BuildCompRow"]
Insorce_Helpers_Helpers_FormatTime["Insorce.Helpers.Helpers.FormatTime"]
Insorce_Helpers_Helpers_SetDashboardIdToCookie["Insorce.Helpers.Helpers.SetDashboardIdToCookie"]
Insorce_Helpers_Helpers_getDashboardIdFromCookie["Insorce.Helpers.Helpers.getDashboardIdFromCookie"]
Andromeda_Core_DataManager_Execute --> Andromeda_Core_Database_helper_SqlParameters
Andromeda_Core_DataManager_Execute --> Andromeda_Core_LoggingManager_Debug
Andromeda_Core_Entities_Actor_GetLocation --> Andromeda_Core_DataManager_GetData
Andromeda_Core_Entities_ControlTheRisks_GetRisks --> Andromeda_Core_DataManager_GetDataList
Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks --> Andromeda_Core_DataManager_GetDataList
Andromeda_Core_Entities_Risks_GetControls --> Andromeda_Core_DataManager_GetDataList
Andromeda_Core_Services_Algorithms_Delooper_PossiblePath --> Andromeda_Core_LoggingManager_Exception
Andromeda_Core_Services_Algorithms_Delooper_PossiblePath --> Andromeda_Core_Services_ProcessExtensions_FindByID
Andromeda_Core_Services_Algorithms_Delooper_deloop --> Andromeda_Core_LoggingManager_Error
Andromeda_Core_Services_Algorithms_Delooper_deloop --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_Adequacy --> Andromeda_Core_Entities_Activity_Clone
ControlsController_Adequacy --> Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows
ControlsController_Adequacy --> Andromeda_Core_Services_Algorithms_Delooper_deloop
ControlsController_Adequacy --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_Adequacy --> Insorce_Helpers_Helpers_FormatTime
ControlsController_CalculaterRPN --> Andromeda_Core_Entities_ActivityControl_Clone
ControlsController_CalculaterRPN --> Insorce_Helpers_Helpers_BuildCompRow
ControlsController_ControlConfiguration --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_ControlEnvironment --> Andromeda_Core_Entities_Actor_GetLocation
ControlsController_ControlExistence --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_ControlExistence --> Insorce_Helpers_Helpers_FormatTime
ControlsController_ControlIdentification --> Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks
ControlsController_DeleteObjective --> Andromeda_Core_LoggingManager_Info
ControlsController_DeleteObjectiveData --> Andromeda_Core_LoggingManager_Error
ControlsController_DeleteObjectiveFile --> Andromeda_Core_DataManager_Execute
ControlsController_EditMetric --> Andromeda_Core_DataManager_Execute
ControlsController_Effectiveness --> Andromeda_Core_Entities_Activity_Clone
ControlsController_Effectiveness --> Andromeda_Core_Entities_Activity_ReworkEffort
ControlsController_Effectiveness --> Andromeda_Core_Entities_Activity_TotalEffort
ControlsController_Effectiveness --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_GetActivityRanks --> Andromeda_Core_Services_Algorithms_Delooper_PossiblePath
ControlsController_GetActivityRanks --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_GetAllActivityRanking --> Andromeda_Core_Models_ActivitySearch_CreateIndex
ControlsController_GetAllActivityRanking --> Andromeda_Core_Models_ActivitySearch_Search
ControlsController_GetMetricsData --> Andromeda_Core_DataManager_GetDataList
ControlsController_IdentifyControl --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_IdentifyControl --> Insorce_Helpers_Helpers_FormatTime
ControlsController_IdentifyControlPartial --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_Index --> Andromeda_Core_Entities_Actor_GetLocation
ControlsController_Index --> Insorce_Helpers_Helpers_SetDashboardIdToCookie
ControlsController_Index --> Insorce_Helpers_Helpers_getDashboardIdFromCookie
ControlsController_Metrics --> Andromeda_Core_Entities_ControlTheRisks_GetRisks
ControlsController_Metrics --> Andromeda_Core_Entities_Risks_GetControls
ControlsController_Metrics --> Andromeda_Core_Extensions_LinqExtensions_DistinctBy
ControlsController_Objectives --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_Objectives --> Andromeda_Core_Entities_Arrow_Clone
ControlsController_Objectives --> Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks
ControlsController_Objectives --> Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows
ControlsController_Objectives --> Andromeda_Core_Services_Algorithms_Delooper_deloop
ControlsController_Objectives --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_RefreshObjectControlMapping --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_SaveControlPatterninDB --> Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone
ControlsController_SaveControlPatterninDB --> Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone
ControlsController_SaveControlPatterninDB --> Andromeda_Validation_ProcessMapValidation_Validate
ControlsController_SaveControlPatterninDB --> Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities
ControlsController_SaveNewObjective --> Andromeda_Core_Entities_Project_GetTags
ControlsController_SaveObjectiveData --> Andromeda_Core_Entities_Project_GetTags
ControlsController_SaveObjectiveData --> Andromeda_Core_LoggingManager_Error
ControlsController_SavePatternXml --> Andromeda_Core_Extensions_LinqExtensions_RemoveLineBreakChars
ControlsController_ValidateAndSavePatternXml --> Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone
ControlsController_ValidateAndSavePatternXml --> Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone
ControlsController_ValidateAndSavePatternXml --> Andromeda_Validation_ProcessMapValidation_Validate
ControlsController_ValidateAndSavePatternXml --> Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities
ControlsController_ValidateControlPatternXml --> Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone
ControlsController_ValidateControlPatternXml --> Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone
ControlsController_ValidateControlPatternXml --> Andromeda_Validation_ProcessMapValidation_Validate
ControlsController_ValidateControlPatternXml --> Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities
Insorce_Helpers_Helpers_BuildCompRow --> Andromeda_Core_Entities_ActivityControl_Clone
System Dependencies¶
Incoming Dependencies (Fan-In): None
Outgoing Dependencies (Fan-Out): None
Cycle Detection¶
No dependency cycles detected for this controller.
View → Action Mapping¶
| Action | View | Model | Path |
|---|---|---|---|
adequacy |
Adequacy |
- |
Andromeda.Web\Views\Controls\Adequacy.cshtml |
bcplocations |
BCPLocations |
- |
Andromeda.Web\Views\Controls\BCPLocations.cshtml |
controlconfiguration |
ControlConfiguration |
- |
Andromeda.Web\Views\Controls\ControlConfiguration.cshtml |
controlenvironment |
ControlEnvironment |
Tuple<IList<Andromeda.Core.Entities.Arrow>, IList<Andromeda.Core.Entities.EnrichActivityModel>, List<Andromeda.Core.Entities.Arrow>> |
Andromeda.Web\Views\Controls\ControlEnvironment.cshtml |
controlexistence |
ControlExistence |
Tuple<IList<Andromeda.Core.Entities.ObjectRiskActivities>, List<Andromeda.Core.Entities.Risks>, IList<Andromeda.Core.Entities.ActivityActorArrow>> |
Andromeda.Web\Views\Controls\ControlExistence.cshtml |
controlidentification |
ControlIdentification |
IList<Andromeda.Core.Entities.ActivityGroup> |
Andromeda.Web\Views\Controls\ControlIdentification.cshtml |
controlpatterninputdata |
ControlPatternInputData |
- |
Andromeda.Web\Views\Controls\ControlPatternInputData.cshtml |
deadline |
DeadLine |
- |
Andromeda.Web\Views\Controls\DeadLine.cshtml |
effectiveness |
Effectiveness |
- |
Andromeda.Web\Views\Controls\Effectiveness.cshtml |
identifycontrol |
IdentifyControl |
Tuple<IList<Andromeda.Core.Entities.Risks>, IList<Andromeda.Core.Entities.ObjectRiskActivities>> |
Andromeda.Web\Views\Controls\IdentifyControl.cshtml |
identifycontrolpartial |
IdentifyControlPartial |
List<Andromeda.Validation.SwimlaneInfo> |
Andromeda.Web\Views\Controls\IdentifyControlPartial.cshtml |
index |
Index |
IList<Andromeda.Core.Entities.CustomWidgetView> |
Andromeda.Web\Views\Controls\Index.cshtml |
insufficientdata |
InsufficientData |
- |
Andromeda.Web\Views\Controls\InsufficientData.cshtml |
metrics |
Metrics |
dynamic |
Andromeda.Web\Views\Controls\Metrics.cshtml |
mitigation |
Mitigation |
Tuple<IList<Andromeda.Core.Entities.ActivityActorArrow>, IList<Andromeda.Core.Entities.Risks>, IList<Andromeda.Core.Entities.ObjectRiskActivities>> |
Andromeda.Web\Views\Controls\Mitigation.cshtml |
objectivecontrolactivities |
ObjectiveControlActivities |
Tuple<IList<Andromeda.Core.Entities.ControlTheRisks>, string> |
Andromeda.Web\Views\Controls\ObjectiveControlActivities.cshtml |
objectiverisktypes |
ObjectiveRiskTypes |
- |
Andromeda.Web\Views\Controls\ObjectiveRiskTypes.cshtml |
objectives |
Objectives |
Tuple<IList<Andromeda.Core.Entities.ObjectRiskActivities>, List<IGrouping<string, Andromeda.Core.Entities.Risks>>, IList<Andromeda.Core.Entities.ActivityActorArrow>> |
Andromeda.Web\Views\Controls\Objectives.cshtml |
Methods at a Glance¶
Command / Save Operations¶
| Type | Method | HTTP | URL | Summary |
|---|---|---|---|---|
| entrypoint | SaveNewObjective |
POST |
/Controls/SaveNewObjective |
Decode request data, save the objective, update project status, and return the... |
| entrypoint | RefreshObjectControlMapping |
`` | /Controls/RefreshObjectControlMapping |
RefreshObjectControlMapping retrieves project data, filters it by objective... |
| entrypoint | saveObjData |
`` | /Controls/saveObjData |
The method manages project objectives by retrieving data, saving new entries... |
| entrypoint | SaveNewObjectiveFromTree |
POST |
/Controls/SaveNewObjectiveFromTree |
Decode objective data from the request, save it, create a related... |
| entrypoint | ControlEnvironment |
GET |
/Controls/ControlEnvironment |
Retrieve and filter control-related data, enrich views with detailed activity... |
| entrypoint | DeleteObjectiveDataFromTree |
POST |
/Controls/DeleteObjectiveDataFromTree |
The method deletes an objective from the tree and creates a corresponding... |
| entrypoint | EditObjectiveTextFromTree |
POST |
/Controls/EditObjectiveTextFromTree |
Extract form data, compare old and new objective details, update objective and... |
| entrypoint | ApplyControls |
POST |
/Controls/ApplyControls |
ApplyControls retrieves form data, saves controls, fetches updated control... |
| entrypoint | SaveApplyControls |
`` | /Controls/SaveApplyControls |
Retrieve project ID, update impact statuses, save and apply controls, then... |
| entrypoint | UpdateBCPActivity |
GET |
/Controls/UpdateBCPActivity |
UpdateBCPActivity calls the model to update activity by ProjectID and returns... |
| entrypoint | SaveMetrics |
POST |
/Controls/SaveMetrics |
Retrieve, deserialize, save metrics data, and update impact statuses... |
| entrypoint | ControlIdentification |
GET |
/Controls/ControlIdentification |
Retrieve project data, update and insert objective controls, set view data and... |
| entrypoint | DeleteGroupActivities |
POST |
/Controls/DeleteGroupActivities |
DeleteGroupActivities deletes an activity group by groupId, updates project... |
| entrypoint | AddCompensatoryControls |
POST |
/Controls/AddCompensatoryControls |
AddCompensatoryControls retrieves and updates project data, manages objectives... |
| entrypoint | DeleteAddObjectiveInfo |
POST |
/Controls/DeleteAddObjectiveInfo |
DeleteAddObjectiveInfo handles a POST request to fetch and return filtered risk... |
| entrypoint | MapControlRiskActivities |
`` | /Controls/MapControlRiskActivities |
Retrieve and filter activities, update collections by adding or removing... |
| entrypoint | RemoveControlActivity |
POST |
/Controls/RemoveControlActivity |
Extract form data, delete relevant objective controls and control activity... |
| entrypoint | UpdateObjectiveRisks |
POST |
/Controls/UpdateObjectiveRisks |
Update objective risks by retrieving IDs, creating risk activity objects... |
| entrypoint | RemoveEmptyGroup |
POST |
/Controls/RemoveEmptyGroup |
RemoveEmptyGroup deletes all objective controls linked to a group, removes the... |
| entrypoint | ControlPatternInputData |
`` | /Controls/ControlPatternInputData |
Filter controls and activities by input parameters, update activity details... |
File & Import Operations¶
| Type | Method | HTTP | URL | Summary |
|---|---|---|---|---|
| entrypoint | ObjectiveFileUpload |
POST |
/Controls/ObjectiveFileUpload |
Prepare upload directory, retrieve objective data, truncate filename, save file... |
| entrypoint | GenerateMD5 |
`` | /Controls/GenerateMD5 |
GenerateMD5 computes and returns the MD5 hash string of an uploaded file's... |
| entrypoint | ObjectiveFileDownload |
`` | /Controls/ObjectiveFileDownload |
ObjectiveFileDownload retrieves and returns a verified file for download using... |
| entrypoint | DeleteObjectiveFile |
POST |
/Controls/DeleteObjectiveFile |
DeleteObjectiveFile removes the physical file and database records based on... |
| entrypoint | GetPatternXml |
GET |
/Controls/GetPatternXml |
Retrieve pattern XML from controls or load from file if not found in controls. |
| entrypoint | SaveNewPatternXml |
POST |
/Controls/SaveNewPatternXml |
Parse JSON data from the request, create domain objects, generate XML elements... |
| entrypoint | DeleteObjectiveData |
POST |
/Controls/DeleteObjectiveData |
Profile and execute deletion of objective data for a specified project. |
Query & View Methods¶
| Type | Method | HTTP | URL | Summary |
|---|---|---|---|---|
| entrypoint | Objectives |
GET |
/Controls/Objectives |
Fetch and filter project data, calculate effectiveness, and prepare grouped... |
| entrypoint | Index |
GET |
/Controls/Index |
The method sets a dashboard ID cookie and populates the dashboard view with... |
| entrypoint | GetMetricsData |
GET |
/Controls/GetMetricsData |
The method handles an HTTP GET request, retrieves metrics data from the model... |
| entrypoint | GetMetricRiskControlsData |
GET |
/Controls/GetMetricRiskControlsData |
The method handles an HTTP GET request by fetching MetricRiskControl data... |
| entrypoint | GetJsonForObjActivityRiskControl |
`` | /Controls/GetJsonForObjActivityRiskControl |
Fetch objective activity risk control and compensatory activities, then return... |
| entrypoint | GetTODFormat |
`` | /Controls/GetTODFormat |
No key flows are defined for the GetTODFormat method. |
| entrypoint | GetAllActivityRanking |
GET |
/Controls/GetAllActivityRanking |
GetAllActivityRanking retrieves and returns the complete activity ranking list. |
| entrypoint | BCPLocations |
GET |
/Controls/BCPLocations |
BCPLocations handles an HTTP GET request, retrieves BCP teams, and returns a... |
| entrypoint | RiskType |
GET |
/Controls/RiskType |
Handles HTTP GET request by invoking ControlExistence with 'RiskType' and... |
| entrypoint | Vulnerability |
GET |
/Controls/Vulnerability |
The method handles an HTTP GET request by invoking ControlExistence with... |
| entrypoint | UnderControlled |
GET |
/Controls/UnderControlled |
UnderControlled handles GET requests by clearing a session variable and... |
| entrypoint | OverControlled |
GET |
/Controls/OverControlled |
Handles GET request by invoking Adequacy with 'OverControlled' and returns the... |
| entrypoint | GetObjectiveRisks |
GET |
/Controls/GetObjectiveRisks |
Retrieve and return risk IDs for a given objective ID or return an empty list... |
| entrypoint | GetObjectiveControls |
GET |
/Controls/GetObjectiveControls |
Fetch controls linked to a valid objective ID and return them as JSON. |
| entrypoint | ObjectiveRiskTypes |
GET |
/Controls/ObjectiveRiskTypes |
Retrieve and group risks by type for a given objId, then return the view with... |
| entrypoint | ObjectiveControlActivities |
GET |
/Controls/ObjectiveControlActivities |
Return empty view if no IDs; otherwise, retrieve and filter activities... |
Validation & Rules¶
| Type | Method | HTTP | URL | Summary |
|---|---|---|---|---|
| entrypoint | isEnrichedPattern |
`` | /Controls/isEnrichedPattern |
Checks if any activity matches ControlActivities IDs and has ProductId or... |
| entrypoint | ValidateControlPatternXml |
POST |
/Controls/ValidateControlPatternXml |
Decode JSON data into objects, validate process map and activities, then return... |
| entrypoint | ValidateAndSavePatternXml |
POST |
/Controls/ValidateAndSavePatternXml |
The method decodes JSON data, converts and validates domain objects, handles... |
| entrypoint | DeleteObjective |
`` | /Controls/DeleteObjective |
Retrieve objectives by ProjectId, verify ObjectiveID exists, then delete the... |
| entrypoint | EditMetric |
POST |
/Controls/EditMetric |
Retrieve metric data from the request, verify condition, and update metric via... |
| entrypoint | GetPattern |
GET |
/Controls/GetPattern |
Check and assign project ID, retrieve and parse XML pattern, extract and... |
| entrypoint | RiskObjective |
GET |
/Controls/RiskObjective |
Handle HTTP GET request to RiskObjective endpoint by verifying control... |
| entrypoint | SaveObjectiveControls |
POST |
/Controls/SaveObjectiveControls |
Manage activity groups, objective controls, and objectives by inserting... |
| entrypoint | SaveControlPatterninDB |
POST |
/Controls/SaveControlPatterninDB |
SaveControlPatterninDB validates input, updates the database, and returns JSON... |
| entrypoint | GetControlRiskActivitiesBR |
GET |
/Controls/GetControlRiskActivitiesBR |
Fetch and filter project-related activities and controls, then group and... |
Workflow & Routing¶
| Type | Method | HTTP | URL | Summary |
|---|---|---|---|---|
| entrypoint | SaveObjectiveData |
POST |
/Controls/SaveObjectiveData |
SaveObjectiveData processes objectives and related risks, updates statuses... |
| entrypoint | SaveObjectiveDataFromTree |
POST |
/Controls/SaveObjectiveDataFromTree |
SaveObjectiveDataFromTree processes and saves objective data extracted from a... |
| entrypoint | ControlConfiguration |
GET |
/Controls/ControlConfiguration |
The method retrieves project data, actors, activities, and controls, processes... |
| entrypoint | SavePatternXml |
POST |
/Controls/SavePatternXml |
Process valid XML input, extract data, and update control pattern activities. |
| entrypoint | Metrics |
GET |
/Controls/Metrics |
Aggregate project-specific controls and risks, fetch and process metrics data... |
| entrypoint | EditObjectiveText |
POST |
/Controls/EditObjectiveText |
EditObjectiveText processes valid form data, updates the objective, and returns... |
| entrypoint | ApplyControlsFromTree |
POST |
/Controls/ApplyControlsFromTree |
Processes POST request to apply controls, save them, and create an... |
| entrypoint | CalculaterRPN |
`` | /Controls/CalculaterRPN |
Calculate RPN by retrieving project activities and risks, processing controls... |
| entrypoint | IdentifyControl |
GET |
/Controls/IdentifyControl |
Retrieve and process project data, aggregate activity properties, associate... |
| entrypoint | GetActivityRanks |
GET |
/Controls/GetActivityRanks |
Retrieve and process activities by valid ID and type, then calculate ranks and... |
| entrypoint | DoNotMitigate |
POST |
/Controls/DoNotMitigate |
The method processes requests exclusively via HTTP POST and disables HTTP GET... |
| entrypoint | SaveDoNotMitigate |
`` | /Controls/SaveDoNotMitigate |
SaveDoNotMitigate processes input parameters, calls controlModel to save data... |
| entrypoint | SaveNewMetric |
POST |
/Controls/SaveNewMetric |
Process form data to create a new metric with associated risks and controls... |
| entrypoint | SaveBcpOfficeLocations |
POST |
/Controls/SaveBcpOfficeLocations |
SaveBcpOfficeLocations processes a POST request to save BCP office locations... |
| entrypoint | ControlExistence |
GET |
/Controls/ControlExistence |
Retrieve and process project data to aggregate activities, risks, controls, and... |
| entrypoint | Adequacy |
GET |
/Controls/Adequacy |
Aggregate and process project data to evaluate controls, group activities, and... |
| entrypoint | ApplyLineOfControl |
POST |
/Controls/ApplyLineOfControl |
Process and synchronize pre-activities and compensatory activities with... |
| entrypoint | RemoveLineOfControl |
POST |
/Controls/RemoveLineOfControl |
RemoveLineOfControl processes POST requests to remove control by Id and IdType... |
| entrypoint | OperationalizeControlsFromCE |
GET |
/Controls/OperationalizeControlsFromCE |
The method processes valid inputs, sets session variables, and returns... |
| entrypoint | Effectiveness |
GET |
/Controls/Effectiveness |
Retrieve and process project data to calculate control effectiveness metrics... |
| entrypoint | AddGroupActivities |
POST |
/Controls/AddGroupActivities |
Extract group and activities from request, update process status, and return... |
| entrypoint | UpdateGroupActivities |
POST |
/Controls/UpdateGroupActivities |
UpdateGroupActivities processes a POST request to update group activities and... |
| entrypoint | SaveObjRiskActivities |
POST |
/Controls/SaveObjRiskActivities |
Process POST request to update risk activities by deserializing data, mapping... |
| entrypoint | MapRiskActivitytoControl |
POST |
/Controls/MapRiskActivitytoControl |
Map risk activities to controls by retrieving project data, filtering relevant... |
| entrypoint | UpdateControlCtrlType |
POST |
/Controls/UpdateControlCtrlType |
Process POST parameters, update control types, group names, and objectives... |
Other Methods¶
| Type | Method | HTTP | URL | Summary |
|---|---|---|---|---|
| entrypoint | ConvertJsonStringToDateTime |
GET |
/Controls/ConvertJsonStringToDateTime |
Parse milliseconds and time zone offset from string, then compute DateTime from... |
| entrypoint | JsonDateParse |
GET |
/Controls/JsonDateParse |
The method finds all date-like substrings in the input and replaces them with... |
| entrypoint | DoNotMitigateFromTree |
POST |
/Controls/DoNotMitigateFromTree |
No key flows are defined in the DoNotMitigateFromTree method. |
| entrypoint | IdentifyControlPartial |
GET |
/Controls/IdentifyControlPartial |
Retrieve and filter project activities, properties, objectives, risks, and... |
| entrypoint | AddRiskActivity |
POST |
/Controls/AddRiskActivity |
Add a new risk activity to the project if it does not already exist and return... |
| entrypoint | OperationalizeControlsFromUC |
GET |
/Controls/OperationalizeControlsFromUC |
The method sets session variables from optional IDs and calls... |
Associated Screens / Views¶
- Objectives →
Objectives(Andromeda.Web\Views\Controls\Objectives.cshtml) - Index →
Index(Andromeda.Web\Views\Controls\Index.cshtml) - ControlEnvironment →
ControlEnvironment(Andromeda.Web\Views\Controls\ControlEnvironment.cshtml) - ControlConfiguration →
ControlConfiguration(Andromeda.Web\Views\Controls\ControlConfiguration.cshtml) - Metrics →
Metrics(Andromeda.Web\Views\Controls\Metrics.cshtml) - IdentifyControl →
IdentifyControl(Andromeda.Web\Views\Controls\IdentifyControl.cshtml) - BCPLocations →
BCPLocations(Andromeda.Web\Views\Controls\BCPLocations.cshtml) - ControlExistence →
ControlExistence(Andromeda.Web\Views\Controls\ControlExistence.cshtml) - Adequacy →
Adequacy(Andromeda.Web\Views\Controls\Adequacy.cshtml) - IdentifyControlPartial →
IdentifyControlPartial(Andromeda.Web\Views\Controls\IdentifyControlPartial.cshtml) - Effectiveness →
Effectiveness(Andromeda.Web\Views\Controls\Effectiveness.cshtml) - ControlIdentification →
ControlIdentification(Andromeda.Web\Views\Controls\ControlIdentification.cshtml) - ObjectiveRiskTypes →
ObjectiveRiskTypes(Andromeda.Web\Views\Controls\ObjectiveRiskTypes.cshtml) - ObjectiveControlActivities →
ObjectiveControlActivities(Andromeda.Web\Views\Controls\ObjectiveControlActivities.cshtml) - ControlPatternInputData →
ControlPatternInputData(Andromeda.Web\Views\Controls\ControlPatternInputData.cshtml)
Entrypoint Methods¶
Objectives¶
Summary: Fetch and filter project data, calculate effectiveness, and prepare grouped risk-activity objects for the view.
ActionResult ControlsController.Objectives(int? id)
Routing
- HTTP:
GET - URL:
/Controls/Objectives
Cross-layer call chain - ControlsController.Objectives → Andromeda.Core.Entities.Arrow.Clone - ControlsController.Objectives → Andromeda.Core.Services.ProcessExtensions.FindByID - ControlsController.Objectives → Andromeda.Core.Services.Algorithms.Delooper.deloop - ControlsController.Objectives → Andromeda.Core.Services.Algorithms.Delooper.GetLoopingArrows - ControlsController.Objectives → Andromeda.Core.Entities.ActivityActorArrow.Clone - ControlsController.Objectives → Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks - Andromeda.Core.Services.Algorithms.Delooper.deloop → Andromeda.Core.LoggingManager.Error - Andromeda.Core.Services.Algorithms.Delooper.deloop → Andromeda.Core.Services.ProcessExtensions.FindByID - Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks → Andromeda.Core.DataManager.GetDataList
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_GetDataList["Andromeda.Core.DataManager.GetDataList"]
Andromeda_Core_Entities_ActivityActorArrow_Clone["Andromeda.Core.Entities.ActivityActorArrow.Clone"]
Andromeda_Core_Entities_Arrow_Clone["Andromeda.Core.Entities.Arrow.Clone"]
Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks["Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks"]
Andromeda_Core_LoggingManager_Error["Andromeda.Core.LoggingManager.Error"]
Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows["Andromeda.Core.Services.Algorithms.Delooper.GetLoopingArrows"]
Andromeda_Core_Services_Algorithms_Delooper_deloop["Andromeda.Core.Services.Algorithms.Delooper.deloop"]
Andromeda_Core_Services_ProcessExtensions_FindByID["Andromeda.Core.Services.ProcessExtensions.FindByID"]
ControlsController_Objectives["ControlsController.Objectives"]
Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks --> Andromeda_Core_DataManager_GetDataList
Andromeda_Core_Services_Algorithms_Delooper_deloop --> Andromeda_Core_LoggingManager_Error
Andromeda_Core_Services_Algorithms_Delooper_deloop --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_Objectives --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_Objectives --> Andromeda_Core_Entities_Arrow_Clone
ControlsController_Objectives --> Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks
ControlsController_Objectives --> Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows
ControlsController_Objectives --> Andromeda_Core_Services_Algorithms_Delooper_deloop
ControlsController_Objectives --> Andromeda_Core_Services_ProcessExtensions_FindByID
View Metadata
- View:
Objectives(Andromeda.Web\Views\Controls\Objectives.cshtml) - Model:
Tuple<IList<Andromeda.Core.Entities.ObjectRiskActivities>, List<IGrouping<string, Andromeda.Core.Entities.Risks>>, IList<Andromeda.Core.Entities.ActivityActorArrow>>
Detailed Analysis
Key Flows - Summary: Fetch and filter project data, calculate effectiveness, and prepare grouped risk-activity objects for the view. - Calculate effectiveness metrics from controls, activities, and risk data - Fetch risk controls, compensatory activities, products, and actor details - Redirect to ProcessCreation if no activities remain after filtering - Retrieve project ID, objectives, activities, and activity groups, Filter activities linked to objectives or with non-empty PageID, Group activities and risks by objective into ObjectRiskActivities for the view
Error Flows - Summary: Redirect to ProcessCreation when no activities exist after filtering. - Redirect to ProcessCreation action on empty filtered activities
Security Issues - Summary: Prevent SQL injection by sanitizing all user inputs before database queries. - SQL injection risk from unsanitized user input, Lack of input sanitization before database queries
Performance Issues - Summary: Sequential database queries and inefficient LINQ usage degrade performance. - Sequential database queries causing delays, Inefficient LINQ methods on large collections, Excessive ToList() and ToDictionary() calls increasing memory use, String concatenation in loops impacting performance
Maintainability Issues - Summary: The method's complexity and unclear naming reduce maintainability and code clarity. - Multiple unrelated tasks in one method increase complexity, Use of magic strings reduces clarity and increases brittleness, Poorly descriptive variable names hinder readability, Nested LINQ queries and anonymous types complicate understanding, Incomplete or unclear code snippets reduce clarity
UX Impact Notes - Summary: Redirect disrupts workflow; detailed models enhance Objectives UI. - Detailed view models with aggregated data enhance Objectives UI - Redirect disrupts user workflow when no activities found
Test Case Ideas - Summary: Verify correct objectives retrieval, filtering, data aggregation, and performance under load. - Filtering logic with empty and populated collections - Performance testing with large datasets - Redirect to ProcessCreation when no activities found
Dependencies & Called Services - Summary: Uses models, collections, primitives, and extensions for objective-related processing. - ActivityActorArrow, Arrow, Enumerable, IActorModel, IControlModel, IProcessModel, IRiskModel, Int32, List, ObjectiveRisksMaster, String, TimeSpan - ProcessExtensions
ObjectiveFileUpload¶
Summary: Prepare upload directory, retrieve objective data, truncate filename, save file and metadata.
JsonResult ControlsController.ObjectiveFileUpload(HttpPostedFileBase file)
Routing
- HTTP:
POST - URL:
/Controls/ObjectiveFileUpload
Detailed Analysis
Key Flows - Summary: Prepare upload directory, retrieve objective data, truncate filename, save file and metadata. - Retrieve and create upload folder from settings
Error Flows - Summary: Handle upload directory creation failures - File name conflicts returning error response - Unhandled exceptions from incomplete code branches
Security Issues - Summary: Validate inputs to prevent SQL injection and path traversal vulnerabilities. - SQL injection risk from unvalidated ObjectiveId input
Performance Issues - Summary: Avoid overwriting files by checking existence before saving to improve performance. - Lack of file existence checks before saving
Maintainability Issues - Summary: Incomplete code, unclear naming, and hardcoded values reduce maintainability. - Incomplete and malformed code with missing variables, Use of magic strings and hardcoded keys, Unclear and inconsistent variable names, Incorrect or non-standard method usage, Unclear method calls and variable declarations
UX Impact Notes - Summary: File upload issues cause errors and confusion, harming user experience. - Upload directory absence causes unexpected behavior, File name truncation hinders file identification, Malformed JSON responses disrupt client processing, File name conflicts trigger error responses
Test Case Ideas - Summary: Test file upload handling, metadata storage, error responses, and response content types. - Correct response content type setting
Dependencies & Called Services - Summary: ObjectiveFileUpload uses file handling, path management, HTTP file input, and risk modeling services. - File handling controls, File format conversion, Directory management, HttpPostedFileBase for HTTP file input, IRiskModel for risk assessment, Path utilities, String operations
GenerateMD5¶
Summary: GenerateMD5 computes and returns the MD5 hash string of an uploaded file's input stream.
string ControlsController.GenerateMD5(HttpPostedFileBase file)
Routing
- URL:
/Controls/GenerateMD5
Detailed Analysis
Key Flows - Summary: GenerateMD5 computes and returns the MD5 hash string of an uploaded file's input stream. - Return concatenated string of MD5 hash bytes
Error Flows - Summary: Handle null input streams and complete return statements to prevent errors. - Complete return statements
Security Issues - Summary: No security issues identified in GenerateMD5 method.
Performance Issues - Summary: Optimize hash computation and reduce repeated string conversions for better performance. - Slow hash computation for large input streams, Performance degradation from repeated ToString() calls in loops
Maintainability Issues - Summary: Replace obsolete MD5CryptoServiceProvider with a modern hashing algorithm. - Use modern hashing algorithm instead of obsolete MD5CryptoServiceProvider
Test Case Ideas - Summary: Verify GenerateMD5 produces correct and valid hashes for various input sizes. - Empty input stream hash correctness, Large input stream performance and correctness, Valid MD5 hash string output
Dependencies & Called Services - Summary: GenerateMD5 uses Byte operations and HashAlgorithm for hashing. - Byte operations, HashAlgorithm usage
ObjectiveFileDownload¶
Summary: ObjectiveFileDownload retrieves and returns a verified file for download using encoded file paths.
ActionResult ControlsController.ObjectiveFileDownload(int? f, int? o)
Routing
- URL:
/Controls/ObjectiveFileDownload
Detailed Analysis
Key Flows - Summary: ObjectiveFileDownload retrieves and returns a verified file for download using encoded file paths. - Check f and o parameters for values - Return file with correct content type for download
Error Flows - Summary: Handle missing files and invalid parameters with proper HTTP responses. - Return 404 status and NotFoundResult if file path does not exist - Return null if parameters f or o are null or invalid
Security Issues - Summary: Sanitize inputs to prevent SQL injection, directory traversal, and data exposure. - Unsanitized input risks SQL injection and data exposure in file name and path retrieval, Improper FilePath sanitization enables directory traversal attacks, Server.HtmlEncode on FilePath mitigates HTML injection but not path traversal
Performance Issues - Summary: Replace Convert.ToInt32 with TryParse to improve performance and robustness. - Inefficient use of Convert.ToInt32 for parameter conversion, Use TryParse for safer and faster parsing
Maintainability Issues - Summary: Fix malformed conditionals, improve variable naming, avoid hardcoded paths and content types. - Malformed conditional statements causing compilation and maintenance issues, Non-descriptive variable names reducing readability, Hardcoded backslash harming cross-platform compatibility, Hardcoded content type limiting file type flexibility
UX Impact Notes - Summary: Users see clear 404 errors for missing files but get no feedback for missing parameters. - Potential negative UX from unhandled file retrieval errors
Test Case Ideas - Summary: Verify secure, correct file download handling and proper error responses. - Method returns control correctly in all execution paths
Dependencies & Called Services - Summary: Uses file conversion and risk model services with file path handling. - File conversion service, Risk model interface, File path management
DeleteObjectiveFile¶
Summary: DeleteObjectiveFile removes the physical file and database records based on file count, then refreshes state.
void ControlsController.DeleteObjectiveFile()
Routing
- HTTP:
POST - URL:
/Controls/DeleteObjectiveFile
Cross-layer call chain - ControlsController.DeleteObjectiveFile → Andromeda.Core.DataManager.Execute - Andromeda.Core.DataManager.Execute → Andromeda.Core.LoggingManager.Debug - Andromeda.Core.DataManager.Execute → Andromeda.Core.Database.helper.SqlParameters
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_Execute["Andromeda.Core.DataManager.Execute"]
Andromeda_Core_Database_helper_SqlParameters["Andromeda.Core.Database.helper.SqlParameters"]
Andromeda_Core_LoggingManager_Debug["Andromeda.Core.LoggingManager.Debug"]
ControlsController_DeleteObjectiveFile["ControlsController.DeleteObjectiveFile"]
Andromeda_Core_DataManager_Execute --> Andromeda_Core_Database_helper_SqlParameters
Andromeda_Core_DataManager_Execute --> Andromeda_Core_LoggingManager_Debug
ControlsController_DeleteObjectiveFile --> Andromeda_Core_DataManager_Execute
Detailed Analysis
Key Flows - Summary: DeleteObjectiveFile removes the physical file and database records based on file count, then refreshes state. - Retrieve identifiers from request, Count objective files, If count is one, delete physical file and database records, If count is not one, delete only database record, Refresh state by calling loads method with FileID
Error Flows - risking unhandled errors. - Missing input validation for request parameters, No exception handling for file deletion errors, No exception handling for database operation errors
Security Issues - Summary: Fix SQL injection and path traversal vulnerabilities in file deletion. - SQL injection risk from unvalidated integer conversion of user input
Performance Issues - Summary: Repeatedly accessing ConfigurationManager.AppSettings degrades performance. - Repeated access to ConfigurationManager.AppSettings
Maintainability Issues - Summary: Replace magic strings and numbers, decouple dependencies, and improve code clarity and completeness. - Avoid magic numbers in condition checks - Add explicit return statements or comments to enhance understandability
UX Impact Notes - Summary: Deleting files can disrupt users if files are in use or deletion is unexpected. - File deletion disrupts active use, Unexpected deletion harms user experience
Test Case Ideas - Summary: Verify DeleteObjectiveFile handles input - Delete physical file and call model deletion when count equals one - Handle incomplete or malformed input parameters robustly - Retrieve project ID, file ID, objective ID, and file name from request, Call GetObjectiveFilesCount with correct file ID, Call only model's DeleteObjectiveFile when count differs from one, Call loads method with correct FileID
Dependencies & Called Services - Summary: DeleteObjectiveFile uses file conversion, path handling, and risk model services. - File conversion service, File path handling, Risk model interface
SaveNewObjective¶
Summary: Decode request data, save the objective, update project status, and return the objective key-value JSON.
JsonResult ControlsController.SaveNewObjective()
Routing
- HTTP:
POST - URL:
/Controls/SaveNewObjective
Cross-layer call chain - ControlsController.SaveNewObjective → Andromeda.Core.Entities.Project.GetTags
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_Project_GetTags["Andromeda.Core.Entities.Project.GetTags"]
ControlsController_SaveNewObjective["ControlsController.SaveNewObjective"]
ControlsController_SaveNewObjective --> Andromeda_Core_Entities_Project_GetTags
Detailed Analysis
Key Flows - update project status - and return the objective key-value JSON. - Return JSON with objective key and value - Process project tag names - Update project reviewed status
Error Flows - Summary: Handle invalid request data and invalid integers in reviewed status updates. - Invalid integer values for reviewed status updates
Security Issues - Summary: Fix deserialization and SQL injection vulnerabilities in SaveNewObjective. - Registry.LoggedInUser.UserName
Performance Issues - Summary: SaveNewObjective may slow down due to database operations, large tag lists, and invalid integer conversions. - Database or storage operations impact SaveObjective performance, Large tag lists cause slow iteration, Invalid integer conversions degrade performance
Maintainability Issues - Summary: Improve variable naming, clarify tag processing, and replace magic numbers for maintainability. - Confusing similar variable names 'objective' and 'Objective', Unclear and incomplete tag processing code, Use of magic numbers like PermisionModule.Controls
UX Impact Notes - Summary: The method's JSON output influences user flow and triggers UI actions. - JSON triggers UI updates or actions
Test Case Ideas - handles tags - and returns expected JSON. - Handle valid request data - Process empty tag collection, Process large tag collection for performance - Validate GetTags method returns expected tags - Validate returned JSON contains expected key and value - Verify UpdateIsReviewedStatus called with correct parameters
Dependencies & Called Services - Summary: Convert models and project data during new objective saving. - Convert data, Use IProcessModel, Use IRiskModel, Use Project
SaveObjectiveData¶
Summary: SaveObjectiveData processes objectives and related risks, updates statuses, refreshes mappings, and returns a save result.
JsonResult ControlsController.SaveObjectiveData()
Routing
- HTTP:
POST - URL:
/Controls/SaveObjectiveData
Cross-layer call chain - ControlsController.SaveObjectiveData → Andromeda.Core.Entities.Project.GetTags - ControlsController.SaveObjectiveData → Andromeda.Core.LoggingManager.Error
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_Project_GetTags["Andromeda.Core.Entities.Project.GetTags"]
Andromeda_Core_LoggingManager_Error["Andromeda.Core.LoggingManager.Error"]
ControlsController_SaveObjectiveData["ControlsController.SaveObjectiveData"]
ControlsController_SaveObjectiveData --> Andromeda_Core_Entities_Project_GetTags
ControlsController_SaveObjectiveData --> Andromeda_Core_LoggingManager_Error
Detailed Analysis
Key Flows - updates statuses - and returns a save result. - Create ObjectRiskActivities and collect objective IDs - Create risk and activity objects for each objective - Return JSON response with save operation result - Update impact and complete impact statuses for objectives - Update reviewed status and log errors
Error Flows - Summary: Handle JSON deserialization errors and null references in collections during data saving. - JSON deserialization failure handling, Null reference exceptions in collection iterations, Malformed code causing compilation or runtime errors
Security Issues - Summary: Prevent JSON deserialization and SQL injection vulnerabilities in SaveObjectiveData. - JSON deserialization vulnerability from Request.Form[0], SQL injection risk from unsanitized ProjectId in database queries
Performance Issues - Summary: Repeated object creation and multiple database queries degrade performance in SaveObjectiveData. - Repeated object creation in loops for objectives, risks, and activities, Multiple database queries without caching or optimization, Inefficient iteration over large collections like objectives, risks, project tags, and activities, Incomplete or corrupted code causing inefficient execution or compilation failure
Maintainability Issues - Summary: Refactor SaveObjectiveData to improve code clarity and reduce redundancy. - Repeated property assignments and similar method calls require refactoring
UX Impact Notes - Summary: Handle JSON errors and provide user feedback to prevent UI issues. - Malformed or incomplete JSON causes UI errors, Missing error handling for JSON deserialization and null references, No user-facing feedback or error messages
Test Case Ideas - Summary: Validate data saving - status updates - Create and populate ObjectRiskActivities - Handle incomplete or corrupted code sections - Log errors accurately - Retrieve current project ID, Initialize empty collections, Iterate empty and large collections of objectives, risks, activities, tags, Test sksMaster method with various tagName and obj values - Update impact status for objectives - Update reviewed status correctly - Validate JSON response correctness and error handling
Dependencies & Called Services - Summary: Uses collections, models, logging, and profiling services for data processing and control. - Collection interfaces and classes, Control and model interfaces, DateTime utilities, Profiling extensions, String utilities - Logging service
RefreshObjectControlMapping¶
Summary: RefreshObjectControlMapping retrieves project data, filters it by objective, and updates risk control activity mappings.
void ControlsController.RefreshObjectControlMapping(List<int> objList, int ProjectId)
Routing
- URL:
/Controls/RefreshObjectControlMapping
Cross-layer call chain - ControlsController.RefreshObjectControlMapping → Andromeda.Core.Services.ProcessExtensions.FindByID
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Services_ProcessExtensions_FindByID["Andromeda.Core.Services.ProcessExtensions.FindByID"]
ControlsController_RefreshObjectControlMapping["ControlsController.RefreshObjectControlMapping"]
ControlsController_RefreshObjectControlMapping --> Andromeda_Core_Services_ProcessExtensions_FindByID
Detailed Analysis
Key Flows - and updates risk control activity mappings. - Retrieve project-related data sets from multiple models - Update risk control activity mappings per objective using AutoMapRiskControlActivity
Error Flows - allowing errors to propagate unhandled. - Absence of explicit error handling, Unmanaged error propagation during data retrieval or processing
Performance Issues - Summary: Repeated LINQ queries inside loops degrade performance. - Repeated LINQ Where calls inside loops, Excessive ToList calls inside loops
Maintainability Issues - Summary: The method's tight coupling and long lines reduce maintainability and readability. - Tight coupling with multiple models and dependencies, Long lines with many method calls
Test Case Ideas - Summary: Verify correct calls and data handling in RefreshObjectControlMapping method. - Call AutoMapRiskControlActivity for each objective, Pass accurate filtered data to AutoMapRiskControlActivity, Ensure proper definition and iteration of tivityGroups - Validate behavior of tRiskControls method
Dependencies & Called Services - Summary: Uses collections and interfaces for actor, control, and risk models with process extensions. - Enumerable for collection operations, IActorModel interface, IControlModel interface, IRiskModel interface, List collection - ProcessExtensions utilities
saveObjData¶
Summary: The method manages project objectives by retrieving data, saving new entries, updating existing ones, and deleting obsolete risks and activities.
void ControlsController.saveObjData(IList<ObjectRiskActivities> objRskActivities, IDictionary<int, string> objectivesId, int ProjectId)
Routing
- URL:
/Controls/saveObjData
Detailed Analysis
Key Flows - Summary: The method manages project objectives by retrieving data, saving new entries, updating existing ones, and deleting obsolete risks and activities. - Delete obsolete objective risks and activities using model.DeleteObjectiveRisk and model.DeleteObjectiveActivity - Save activities linked to objectives with duplicate checks using model.EnterActivityForObjectivesIntoDB - Update existing objectives and related risks and activities via model.UpdateObjective
Performance Issues - Summary: Optimize LINQ usage and reduce repeated database calls inside loops to improve performance. - Complex string and collection conditionals impacting performance on large datasets
Maintainability Issues - Summary: Replace magic numbers, improve naming, refactor complex code, and remove incomplete snippets. - Replace magic numbers with named constants, Remove incomplete and commented-out code snippets, Use descriptive variable names, Refactor complex and nested conditionals into smaller methods, Eliminate incomplete code and missing context, Simplify long method calls with many parameters
UX Impact Notes - Summary: Deleting activities without proper handling degrades user experience. - Improper handling of deleted activities, Negative user experience impact
Test Case Ideas - and performance with varied datasets. - Delete objective risks and activities conditionally, ensuring proper DeleteObjectiveRisk and DeleteObjectiveActivity calls - Iterate risks and activities with empty and large datasets for correctness and performance - Assess performance bottlenecks from LINQ queries and multiple database calls on large datasets - Handle deleted activities to maintain data consistency - Update objectives with matching and non-matching texts to validate UpdateObjective calls
Dependencies & Called Services - Summary: Uses interfaces and collections for data processing and risk control. - IControlModel for control logic
SaveObjectiveDataFromTree¶
Summary: SaveObjectiveDataFromTree processes and saves objective data extracted from a data tree structure.
JsonResult ControlsController.SaveObjectiveDataFromTree()
Routing
- HTTP:
POST - URL:
/Controls/SaveObjectiveDataFromTree
Detailed Analysis
Key Flows - Summary: SaveObjectiveDataFromTree processes and saves objective data extracted from a data tree structure. - Persist validated data to storage - Validate extracted data
Security Issues - Summary: The method risks injection and XSS attacks by using unvalidated user input and unsafe string concatenation. - Use of unvalidated Request.Form data risking injection attacks
Performance Issues - Summary: Optimize data retrieval, object creation, LINQ usage, and string concatenation to improve performance. - String concatenation in loops degrading performance with large data sets
Maintainability Issues - and has repetitive assignments. - Repeated property assignments and string concatenations reduce readability
UX Impact Notes - Summary: Dynamically generated HTML affects UI by displaying risks and activities with potential formatting and security issues. - Dynamic HTML construction for SubTask display, Display of added and removed risks and activities, Risk of improper formatting affecting UI, Lack of HTML sanitization causing security warnings
Test Case Ideas - filtering logic - and performance with large datasets. - Filtering logic for added and deleted risks and activities - Correct creation of implementation plan via CreateImplementationPlan
Dependencies & Called Services - Summary: Uses collections and interfaces to manage control, actor, and risk models. - Controls management, Enumerable collections, IActorModel interface, ICollection interface, IControlModel interface, IRiskModel interface, List collection, String handling
SaveNewObjectiveFromTree¶
Summary: Decode objective data from the request, save it, create a related implementation plan, and return a JSON result.
JsonResult ControlsController.SaveNewObjectiveFromTree()
Routing
- HTTP:
POST - URL:
/Controls/SaveNewObjectiveFromTree
Detailed Analysis
Key Flows - create a related implementation plan - and return a JSON result. - Create implementation plan linked to saved objective - Return JSON result with operation outcome
Error Flows - Summary: Handle invalid or missing request form data errors. - Invalid or missing request form data handling
Security Issues - Summary: Direct use of user input in 'objective' risks SQL injection. - SQL injection risk from unsanitized 'objective' input
Performance Issues - Summary: Json.Decode causes performance issues with large request forms. - Use of Json.Decode on large request forms
Maintainability Issues - Summary: Replace magic strings with constants or enums to improve maintainability. - Use of magic strings, Lack of constants or enumerations
UX Impact Notes - Summary: Implementation plan creation triggers UI updates and notifications affecting user experience. - UI updates triggered by implementation plan creation
Test Case Ideas - Summary: Verify SaveNewObjectiveFromTree processes POST requests, decodes objectives, and saves implementation plans. - Create implementation plan with correct Lever - Invoke SaveNewObjectiveFromTree on HTTP POST, Decode objective from request form, Save objective to database
Dependencies & Called Services - Summary: Uses actor and risk models to save new objectives from tree data. - IActorModel dependency, IRiskModel dependency
Index¶
Summary: The method sets a dashboard ID cookie and populates the dashboard view with project data when the 'view' parameter is provided.
ActionResult ControlsController.Index(int? view)
Routing
- HTTP:
GET - URL:
/Controls/Index
Cross-layer call chain - ControlsController.Index → Insorce.Helpers.Helpers.getDashboardIdFromCookie - ControlsController.Index → Insorce.Helpers.Helpers.SetDashboardIdToCookie - ControlsController.Index → Andromeda.Core.Entities.Actor.GetLocation - Andromeda.Core.Entities.Actor.GetLocation → Andromeda.Core.DataManager.GetData
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_GetData["Andromeda.Core.DataManager.GetData"]
Andromeda_Core_Entities_Actor_GetLocation["Andromeda.Core.Entities.Actor.GetLocation"]
ControlsController_Index["ControlsController.Index"]
Insorce_Helpers_Helpers_SetDashboardIdToCookie["Insorce.Helpers.Helpers.SetDashboardIdToCookie"]
Insorce_Helpers_Helpers_getDashboardIdFromCookie["Insorce.Helpers.Helpers.getDashboardIdFromCookie"]
Andromeda_Core_Entities_Actor_GetLocation --> Andromeda_Core_DataManager_GetData
ControlsController_Index --> Andromeda_Core_Entities_Actor_GetLocation
ControlsController_Index --> Insorce_Helpers_Helpers_SetDashboardIdToCookie
ControlsController_Index --> Insorce_Helpers_Helpers_getDashboardIdFromCookie
View Metadata
- View:
Index(Andromeda.Web\Views\Controls\Index.cshtml) - Model:
IList<Andromeda.Core.Entities.CustomWidgetView>
Detailed Analysis
Key Flows - Summary: The method sets a dashboard ID cookie and populates the dashboard view with project data when the 'view' parameter is provided. - Set dashboard ID cookie from 'view' parameter
Error Flows - Summary: The method lacks explicit error handling for cookie retrieval and data model failures. - Missing error handling for cookie retrieval failures, Missing error handling for data model call failures
Security Issues - Summary: Dashboard ID and project data handling expose risks of tampering and unauthorized access. - Reliance on cookie data for dashboard ID risks tampering and unauthorized access, Storing project data in session variables risks exposure if session management is weak
Performance Issues - Summary: Processing large data sets from multiple models degrades performance. - Large data retrieval from multiple models, High processing load on custom reports and views, Performance impact from dashboard widgets
Maintainability Issues - Summary: The method's tight coupling and unclear naming reduce modularity and code clarity. - Tight coupling between controller and multiple models reduces modularity, Misspelled or incomplete method name 'getDashboardIdFromCooki' causes confusion, Undefined method 'e' with hardcoded argument reduces code clarity
UX Impact Notes - Summary: The method relies on cookies for dashboard ID, affecting user flow and session continuity. - Dependence on cookie for dashboard ID retrieval, Cookie handling impacts user flow and session continuity
Test Case Ideas - session setup - Check dashboard view populates data from models - Validate Index method with valid 'view' parameter - Validate dashboard ID cookie setting - Verify getDashboardIdFromCooki returns correct dashboard ID for cookies - Confirm 'view' variable assignment after getDashboardIdFromCooki call - Test else branch setting dashboard ID cookie and ToString call - Verify session variables set with project data
Dependencies & Called Services - Summary: Uses core utilities and interfaces for processing and project modeling. - Enumerable utilities, Helper functions, IProcessModel interface, IProjectModel interface, Int32 data type
ConvertJsonStringToDateTime¶
Summary: Parse milliseconds and time zone offset from string, then compute DateTime from Unix epoch with offset.
DateTime ControlsController.ConvertJsonStringToDateTime(string jsonTime)
Routing
- HTTP:
GET - URL:
/Controls/ConvertJsonStringToDateTime
Detailed Analysis
Key Flows - Summary: Parse milliseconds and time zone offset from string - then compute DateTime from Unix epoch with offset. - Calculate DateTime by adding offset to Unix epoch - Extract milliseconds and time zone offset sign and hours
Error Flows - Summary: The method lacks error handling for invalid or malformed input strings. - No handling of invalid or malformed input strings, No exception handling for conversion errors or unexpected formats
Security Issues - Summary: Using [HttpGet] on a private method causes security risks. - Misuse of [HttpGet] attribute on private method, Potential unauthorized access due to incorrect attribute usage
Performance Issues - Summary: Repeated 'IndexOf' calls degrade performance on large input strings. - Repeated 'IndexOf' calls on input string, Performance impact on large strings
Maintainability Issues - Summary: Incomplete method with unclear code and unexplained magic numbers reduces maintainability. - Unclear return statements and code snippets
UX Impact Notes - Summary: Inaccurate date/time conversion harms user-facing features relying on correct time. - Incorrect date/time calculations, Negative impact on user-facing functionality, Dependence on accurate time conversion
Test Case Ideas - parsing logic - Handling positive and negative time zone offsets
Dependencies & Called Services - Summary: Convert JSON string to DateTime object. - Convert JSON string, Parse DateTime
isEnrichedPattern¶
Summary: Checks if any activity matches ControlActivities IDs and has ProductId or ActorId equal to zero, but returns incorrect result due to a typo.
bool ControlsController.isEnrichedPattern(IList<ActivityActorArrow> activities, IList<CompensatoryActivities> ControlActivities)
Routing
- URL:
/Controls/isEnrichedPattern
Detailed Analysis
Key Flows - Summary: Checks if any activity matches ControlActivities IDs and has ProductId or ActorId equal to zero - but returns incorrect result due to a typo. - Check activities for matching ActivityID and zero ProductId or ActorId - Return boolean indicating presence of such activity - Return value affected by a typo causing incorrect result
Performance Issues - Summary: Using 'Contains' on ControlActivities ID array causes performance issues with large collections. - Inefficient use of 'Contains' on ControlActivities ID array, Performance degradation with large ControlActivities collections
Maintainability Issues - Summary: Correct method name and fix return statement typo to ensure maintainability. - Typo in return statement causes compilation errors
Test Case Ideas - Summary: Verify isEnrichedPattern returns boolean and correctly handles various ControlActivities and activities scenarios. - Handle empty ControlActivities collection - Process activities with matching and non-matching ActivityIDs - Return boolean value
Dependencies & Called Services - Summary: Uses Enumerable for collection processing. - Enumerable dependency for collection handling
ControlEnvironment¶
Summary: Retrieve and filter control-related data, enrich views with detailed activity and project information, and update module statuses.
ActionResult ControlsController.ControlEnvironment()
Routing
- HTTP:
GET - URL:
/Controls/ControlEnvironment
Cross-layer call chain - ControlsController.ControlEnvironment → Andromeda.Core.Entities.Actor.GetLocation - Andromeda.Core.Entities.Actor.GetLocation → Andromeda.Core.DataManager.GetData
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_GetData["Andromeda.Core.DataManager.GetData"]
Andromeda_Core_Entities_Actor_GetLocation["Andromeda.Core.Entities.Actor.GetLocation"]
ControlsController_ControlEnvironment["ControlsController.ControlEnvironment"]
Andromeda_Core_Entities_Actor_GetLocation --> Andromeda_Core_DataManager_GetData
ControlsController_ControlEnvironment --> Andromeda_Core_Entities_Actor_GetLocation
View Metadata
- View:
ControlEnvironment(Andromeda.Web\Views\Controls\ControlEnvironment.cshtml) - Model:
Tuple<IList<Andromeda.Core.Entities.Arrow>, IList<Andromeda.Core.Entities.EnrichActivityModel>, List<Andromeda.Core.Entities.Arrow>>
Detailed Analysis
Key Flows - and update module statuses. - Iterate projects to update module statuses and retrieve project statuses for display
Error Flows - Summary: Return 'InsufficientData' view with error if no valid controls are selected. - Check valid controls based on activity risk and compensatory activities - Return 'InsufficientData' view with 'No Controls selected' error
Security Issues - Summary: Sanitize and validate all inputs to prevent SQL injection - Unvalidated JSON data risks deserialization attacks
Performance Issues - Summary: Optimize database calls and LINQ queries to prevent performance degradation. - Multiple database calls impacting performance, Nested Any() calls and complex LINQ queries, Repeated ToList() and FirstOrDefault() causing multiple enumerations, Dictionary creation inside loops over large collections, Chained LINQ operations with repeated conversions
Maintainability Issues - Summary: ControlEnvironment suffers from unclear code, tight coupling, and hardcoded values reducing maintainability. - Use of magic strings reduces code clarity and maintainability, Complex nested LINQ queries hinder understanding and maintenance, Hardcoded error messages and URLs reduce flexibility, Incomplete or corrupted code snippets impair readability and cause compilation issues, Tight coupling to specific data structures and enums reduces modularity, Long method call chains and repeated conversions reduce code clarity
UX Impact Notes - Summary: ControlEnvironment ensures valid data display and clear error feedback to maintain user experience. - Handle session and data retrieval failures to prevent UX degradation - Prepare data for user display, Avoid magic strings and hardcoded values to improve UI flexibility - Redirect to error view on invalid control selection
Test Case Ideas - status updates - Control model returns no data for risk controls or compensatory activities - properties with varied data sets - Iterate projects to verify module status updates and project status retrieval
Dependencies & Called Services - Summary: Uses interfaces and collections to manage actors, controls, processes, projects, and risks. - Actor management, Control handling, Data conversion utilities, Dictionary and Enumerable collections, Actor, Control, Process, Project, Risk interfaces, Primitive types: Int32, String, TimeSpan
ControlConfiguration¶
Summary: The method retrieves project data, actors, activities, and controls, processes and filters them, and prepares data for the view or redirects as needed.
ActionResult ControlsController.ControlConfiguration(string screen, int? ProjID)
Routing
- HTTP:
GET - URL:
/Controls/ControlConfiguration
Cross-layer call chain - ControlsController.ControlConfiguration → Andromeda.Core.Entities.ActivityActorArrow.Clone
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_ActivityActorArrow_Clone["Andromeda.Core.Entities.ActivityActorArrow.Clone"]
ControlsController_ControlConfiguration["ControlsController.ControlConfiguration"]
ControlsController_ControlConfiguration --> Andromeda_Core_Entities_ActivityActorArrow_Clone
View Metadata
- View:
ControlConfiguration(Andromeda.Web\Views\Controls\ControlConfiguration.cshtml)
Detailed Analysis
Key Flows - and prepares data for the view or redirects as needed. - Aggregate and update activity and group properties - Assign selected controls to ViewBag - Set ViewData with actors - Return grouped activities with IDs - Fetch objective activity risk control data - Redirect to ProcessCreation based on actor count or checks
Error Flows - Summary: Handle missing data - Check for null references in controlModel and actorModel - Redirect to 'ProcessCreation' on missing or invalid data - Return 'InsufficientData' view when no controls selected - Validate and handle exceptions converting session values to integers
Security Issues - Summary: Prevent unauthorized session access and sanitize inputs to avoid SQL injection. - Unauthorized direct session data access, SQL injection from unsanitized input in aggregations
Performance Issues - Summary: Optimize LINQ queries and collection operations to prevent full enumeration and memory overhead. - ToList() and ToArray() load large datasets into memory
Maintainability Issues - Summary: ControlConfiguration suffers from unclear, tightly coupled, and duplicated code that hinders maintenance. - Repeated filtering and aggregation logic causes duplication - Commented-out complex logic adds confusion
UX Impact Notes - Summary: ControlConfiguration manages user flow and data display while handling errors and data filtering. - Sets ViewBag.SelectedControls and ViewData for user data display - Redirects to ProcessCreation or DataInputs based on data availability
Test Case Ideas - control checks - Check control type 'ID' condition in objActivityRiskControl - Handle zero actors count with redirect to ProcessCreation - Verify controlModel.GetObjectiveActivityRiskControl returns expected data - Return InsufficientData view when no controls selected with error message - Aggregate properties for activity groups and create grouped activity actor arrows - Evaluate performance impact of LINQ queries and aggregation on large datasets
Dependencies & Called Services - Summary: Uses interfaces and collections for actor, control, process, and risk models. - ActivityActorArrow service, Convert utility, Enumerable collection operations, IActorModel interface, ICollection interface, IControlModel interface, IProcessModel interface, IRiskModel interface, String type
GetMetricsData¶
Summary: The method handles an HTTP GET request, retrieves metrics data from the model, transforms it, and returns it as JSON.
JsonResult ControlsController.GetMetricsData()
Routing
- HTTP:
GET - URL:
/Controls/GetMetricsData
Cross-layer call chain - ControlsController.GetMetricsData → Andromeda.Core.DataManager.GetDataList
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_GetDataList["Andromeda.Core.DataManager.GetDataList"]
ControlsController_GetMetricsData["ControlsController.GetMetricsData"]
ControlsController_GetMetricsData --> Andromeda_Core_DataManager_GetDataList
Detailed Analysis
Key Flows - Summary: The method handles an HTTP GET request - and returns it as JSON. - Return JSON result - Handle HTTP GET request
Performance Issues - Summary: Loading entire dataset into memory degrades performance on large datasets. - Loading large datasets causes performance degradation - Use of ToList() loads entire dataset into memory
Maintainability Issues - Summary: Anonymous types reduce code clarity and maintainability. - Use of anonymous type for transformed metrics data, Lack of explicit type definition
Test Case Ideas - Summary: Verify method handles GET requests and returns correct data for various inputs. - Handle HTTP GET requests - Return correct data for different inputs
Dependencies & Called Services - Summary: Uses Enumerable and IRiskModel for data processing and risk evaluation. - Enumerable for data iteration, IRiskModel for risk assessment
GetMetricRiskControlsData¶
Summary: The method handles an HTTP GET request by fetching MetricRiskControl data, encoding it to JSON, and returning it with allowed GET behavior.
JsonResult ControlsController.GetMetricRiskControlsData()
Routing
- HTTP:
GET - URL:
/Controls/GetMetricRiskControlsData
Detailed Analysis
Key Flows - Summary: The method handles an HTTP GET request by fetching MetricRiskControl data - and returning it with allowed GET behavior. - Fetch MetricRiskControl list from model - Return JSON string in JsonResult with AllowGet
UX Impact Notes - Summary: Returns JSON to update UI or trigger actions. - JSON result for UI update
Test Case Ideas - Summary: Verify HTTP GET response returns correct JSON data from the model. - Handle HTTP GET request - Return valid JSON response - Return accurate model data
Dependencies & Called Services - Summary: Uses IRiskModel service to obtain metric risk control data. - Dependency on IRiskModel service
GetPatternXml¶
Summary: Retrieve pattern XML from controls or load from file if not found in controls.
string ControlsController.GetPatternXml(int? ActID, string CtrlID, string RiskID, string Projectid, int? ObjId)
Routing
- HTTP:
GET - URL:
/Controls/GetPatternXml
Detailed Analysis
Key Flows - Summary: Retrieve pattern XML from controls or load from file if not found in controls. - Check for controls with non-empty PatternXM property - Load XML content from file into XElement using StreamReader - Assign PatternXM value to pattern XML variable if found - Construct file path for pattern XML using app settings and input IDs if no control found - Verify file existence and handle missing file appropriately - Return XML content as string
Error Flows - Summary: Handle null references and missing files to prevent exceptions and ensure stability. - Check file existence and return early if pattern XML file is missing - Null reference risk converting Projectid to int, NullReferenceException risk accessing property after FirstOrDefault on empty collection, Null reference risk accessing control details or their properties, Incomplete or typo code causing compilation errors
Security Issues - Summary: No security issues identified in GetPatternXml method.
Performance Issues - collection checks - Inefficient collection iteration using Any() with lambda, Improper StreamReader disposal without using statement - Loading entire dataset into memory with ToList()
Maintainability Issues - Summary: Method name misleads; code contains typos, magic strings, hardcoded paths, and resource management flaws. - Misleading method name GetPatternXml, Use of magic string 'PatternXM' instead of constant or enum, Typo in property name 'Patte' causing confusion, Hardcoded backslash in file path risking cross-platform issues, Missing using statement for StreamReader reducing resource safety, Incomplete or typo code lines like 'rnXML;' and partial calls, Undefined variable 'lType' reducing code clarity
UX Impact Notes - Summary: Missing pattern XML files degrade user experience due to failed file checks. - File existence checks
Test Case Ideas - Summary: Verify GetPatternXml handles various control collections and XML file scenarios correctly. - Assignment of patterXml when PatternXM exists - File existence checks for existing and missing files - Returned string is valid XML and matches expected content - Loading XML content including malformed XML
Dependencies & Called Services - Summary: Uses XML processing, file IO, and model interfaces for pattern retrieval. - XElement and XNode for XML manipulation, File and StreamReader for file input, Enumerable for collection handling, IControlModel and IRiskModel interfaces for model abstraction, String and TextReader for text processing
ValidateControlPatternXml¶
Summary: Decode JSON data into objects, validate process map and activities, then return success or error JSON response.
JsonResult ControlsController.ValidateControlPatternXml()
Routing
- HTTP:
POST - URL:
/Controls/ValidateControlPatternXml
Cross-layer call chain - ControlsController.ValidateControlPatternXml → Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone - ControlsController.ValidateControlPatternXml → Andromeda.Validation.ProcessMapValidation.Validate - ControlsController.ValidateControlPatternXml → Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone - ControlsController.ValidateControlPatternXml → Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone["Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone"]
Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone["Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone"]
Andromeda_Validation_ProcessMapValidation_Validate["Andromeda.Validation.ProcessMapValidation.Validate"]
Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities["Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities"]
ControlsController_ValidateControlPatternXml["ControlsController.ValidateControlPatternXml"]
ControlsController_ValidateControlPatternXml --> Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone
ControlsController_ValidateControlPatternXml --> Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone
ControlsController_ValidateControlPatternXml --> Andromeda_Validation_ProcessMapValidation_Validate
ControlsController_ValidateControlPatternXml --> Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities
Detailed Analysis
Key Flows - validate process map and activities - then return success or error JSON response. - set flags - validate process map and out-of-process activities - Return JSON with success status and error details if validation fails
Error Flows - Summary: Handle JSON deserialization - and return validation error responses. - Return JSON response with validation errors from ProcessMapValidation
Security Issues - Summary: Validate JSON input to prevent deserialization vulnerabilities. - Unvalidated JSON deserialization using System.Web.Helpers.Json.Decode
Performance Issues - Summary: Repeated decoding, conversions, and multiple collection enumerations degrade performance on large data. - Repeated Json.Decode calls on request form data, Repeated Convert.ToInt32 and Convert.ToDouble calls without caching or error handling, Multiple enumerations using ToList() and Select() during cloning and validation, Inefficient iteration over large collections like SwimL and edgeInfo
Maintainability Issues - Summary: Inconsistent naming, magic values, tight coupling, and anonymous types reduce maintainability. - Inconsistent variable naming between JSON and typed collections, Use of magic strings and numbers reduces readability, Tight coupling with ProcessMapValidation and cloning hinders modification, Anonymous types in error responses complicate maintenance
UX Impact Notes - Summary: Returning detailed JSON validation errors impacts user experience based on client handling. - Detailed JSON validation errors, User experience depends on error display and handling
Test Case Ideas - Summary: Validate XML control pattern with various input data and verify JSON responses. - Return of validation errors from ProcessMapValidation in JSON response
Dependencies & Called Services - Summary: Uses data structures and processing methods for XML control pattern validation. - Data structure conversions, Edge and shape information handling, Enumerable collections, Integer operations, List management, Map validation processing
ValidateAndSavePatternXml¶
Summary: The method decodes JSON data, converts and validates domain objects, handles errors, and updates activity risk controls.
JsonResult ControlsController.ValidateAndSavePatternXml()
Routing
- HTTP:
POST - URL:
/Controls/ValidateAndSavePatternXml
Cross-layer call chain - ControlsController.ValidateAndSavePatternXml → Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone - ControlsController.ValidateAndSavePatternXml → Andromeda.Validation.ProcessMapValidation.Validate - ControlsController.ValidateAndSavePatternXml → Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone - ControlsController.ValidateAndSavePatternXml → Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone["Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone"]
Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone["Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone"]
Andromeda_Validation_ProcessMapValidation_Validate["Andromeda.Validation.ProcessMapValidation.Validate"]
Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities["Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities"]
ControlsController_ValidateAndSavePatternXml["ControlsController.ValidateAndSavePatternXml"]
ControlsController_ValidateAndSavePatternXml --> Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone
ControlsController_ValidateAndSavePatternXml --> Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone
ControlsController_ValidateAndSavePatternXml --> Andromeda_Validation_ProcessMapValidation_Validate
ControlsController_ValidateAndSavePatternXml --> Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities
Detailed Analysis
Key Flows - converts and validates domain objects - handles errors - and updates activity risk controls. - Convert string properties to integers/doubles and create domain objects - Clone entities and validate process map and activities - Return JSON response with errors if validation fails - Retrieve activity by ActivityID and update control pattern activities - Manage session variables to retrieve or create risk control objects and update model
Error Flows - Summary: ValidateAndSavePatternXml handles invalid IDs and validation errors but lacks input conversion error handling. - Return empty JSON if ID parameter is zero or negative - Return JSON with isSuccess false and error details on validation failures
Security Issues - Summary: Validate user input to prevent SQL injection and XSS vulnerabilities. - Risk of SQL injection from unvalidated integers and strings
Performance Issues - Summary: Optimize JSON decoding, type conversions, collection enumerations, and activity filtering for better performance. - Excessive JSON decoding on large data, Repeated type conversions without error handling in loops, Multiple collection enumerations during cloning and validation, Inefficient activity retrieval and filtering on large lists
Maintainability Issues - Summary: The method uses unclear naming, magic strings, and tightly coupled code, reducing maintainability. - Use of magic strings for form fields and session keys, Inconsistent and ambiguous variable naming, Incomplete code snippets and unused variables, Tightly coupled code with multiple dependencies, Complex chained LINQ expressions, Anonymous types in error response reduce clarity
UX Impact Notes - Summary: Provide clear validation feedback and handle errors to maintain smooth user flow. - Conditional 'screen' checks affect user flow and display - Missing null checks risk exceptions and degrade UX
Test Case Ideas - Summary: Validate JSON decoding - Processing empty and large collections of swimlanes, shapes, edges, off-page elements - ProjectID retrieval with and without simulation settings
Dependencies & Called Services - Summary: Uses data structures and models to validate and process pattern XML. - Convert utility, EdgeInfo data structure, Enumerable collections, IControlModel interface, IRiskModel interface, Int32 type, List collection, ShapeInfo data structure, String type - ProcessMapValidation service
SavePatternXml¶
Summary: Process valid XML input, extract data, and update control pattern activities.
JsonResult ControlsController.SavePatternXml()
Routing
- HTTP:
POST - URL:
/Controls/SavePatternXml
Cross-layer call chain - ControlsController.SavePatternXml → Andromeda.Core.Extensions.LinqExtensions.RemoveLineBreakChars
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Extensions_LinqExtensions_RemoveLineBreakChars["Andromeda.Core.Extensions.LinqExtensions.RemoveLineBreakChars"]
ControlsController_SavePatternXml["ControlsController.SavePatternXml"]
ControlsController_SavePatternXml --> Andromeda_Core_Extensions_LinqExtensions_RemoveLineBreakChars
Detailed Analysis
Key Flows - and update control pattern activities. - Receive valid XML string from form request, Extract data into multiple lists, Call ModifyControlPatternActivities with extracted data and IDs
Error Flows - Summary: Handle incomplete Registry.CurrentProjectId comparison to prevent unexpected behavior. - Incomplete Registry.CurrentProjectId comparison, Lack of explicit exception handling
Security Issues - Summary: Sanitize XML input and fix incomplete Registry.CurrentProjectId check to prevent security risks. - SQL or XML injection risk from unsanitized XML input, Incomplete Registry.CurrentProjectId comparison causing security vulnerabilities
Performance Issues - Summary: Multiple LINQ queries degrade performance on large XML files. - Multiple LINQ queries on XML data, Performance impact on large XML processing
Maintainability Issues - Summary: High complexity and incomplete conditionals reduce code maintainability and clarity. - High complexity from multiple LINQ queries and data transformations, Incomplete conditional comparisons reducing code clarity
UX Impact Notes - Summary: Returns JsonResult to support client-side data handling without direct UX changes. - Return JsonResult for client-side data
Test Case Ideas - Summary: Verify SavePatternXml processes XML correctly and returns JsonResult on valid POST. - Handle various project IDs with Registry.CurrentProjectId - Return JsonResult on valid HTTP POST
Dependencies & Called Services - Summary: Uses XML and LINQ libraries to convert and manipulate control model data. - Convert data types, Use LINQ extensions, Manipulate XML elements and containers - Handle strings and URIs - Process control model collections
SaveNewPatternXml¶
Summary: Parse JSON data from the request, create domain objects, generate XML elements, and securely save the XML file.
JsonResult ControlsController.SaveNewPatternXml()
Routing
- HTTP:
POST - URL:
/Controls/SaveNewPatternXml
Detailed Analysis
Key Flows - create domain objects - Create SwimlaneInfo objects from swimlane data - Create ShapeInfo objects with mapped and converted properties - Create EdgeInfo objects with mapped and converted properties - Decode JSON for edges, shapes, and swimlanes from POST data, Generate XML elements for swimlanes, shapes, and edges using LINQ, Securely construct file path and save XML document
Error Flows - Summary: Handle exceptions during JSON deserialization - Exceptions during JSON deserialization from invalid input, Type conversion errors converting strings to integers or doubles, Failures in file path construction or XML saving due to invalid or inaccessible paths
Security Issues - Summary: Fix JSON deserialization and path traversal vulnerabilities in SaveNewPatternXml. - JSON deserialization vulnerability from unvalidated System.Web.Helpers.Json.Decode
Performance Issues - Summary: Repeated decoding, type conversions, LINQ queries, and large collection loops degrade performance. - Multiple LINQ queries for XML generation on large data sets
Maintainability Issues - Summary: The method uses unclear magic strings and numbers, lacks error handling, and has poor naming. - Use of magic strings for form field names reduces code clarity, Use of magic numbers and strings in XML generation and boolean conversions reduces readability, Lack of error handling around type conversions makes code fragile, Unclear variable and collection naming complicates maintenance, Incomplete code snippets reduce understandability
Test Case Ideas - Summary: Validate input handling - Boolean conversion logic with varied string inputs - Correct assignment of 'niqID' from shape data
Dependencies & Called Services - Summary: Uses XML manipulation and web utilities to process and save new pattern data. - XML manipulation with XContainer and XElement, HTTP utilities via HttpServerUtility, Control model interface IControlModel, Generic List collection, Data conversion utilities
Metrics¶
Summary: Aggregate project-specific controls and risks, fetch and process metrics data, then filter and order results.
ActionResult ControlsController.Metrics()
Routing
- HTTP:
GET - URL:
/Controls/Metrics
Cross-layer call chain - ControlsController.Metrics → Andromeda.Core.Entities.Risks.GetControls - ControlsController.Metrics → Andromeda.Core.Entities.ControlTheRisks.GetRisks - ControlsController.Metrics → Andromeda.Core.Extensions.LinqExtensions.DistinctBy - Andromeda.Core.Entities.Risks.GetControls → Andromeda.Core.DataManager.GetDataList - Andromeda.Core.Entities.ControlTheRisks.GetRisks → Andromeda.Core.DataManager.GetDataList
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_GetDataList["Andromeda.Core.DataManager.GetDataList"]
Andromeda_Core_Entities_ControlTheRisks_GetRisks["Andromeda.Core.Entities.ControlTheRisks.GetRisks"]
Andromeda_Core_Entities_Risks_GetControls["Andromeda.Core.Entities.Risks.GetControls"]
Andromeda_Core_Extensions_LinqExtensions_DistinctBy["Andromeda.Core.Extensions.LinqExtensions.DistinctBy"]
ControlsController_Metrics["ControlsController.Metrics"]
Andromeda_Core_Entities_ControlTheRisks_GetRisks --> Andromeda_Core_DataManager_GetDataList
Andromeda_Core_Entities_Risks_GetControls --> Andromeda_Core_DataManager_GetDataList
ControlsController_Metrics --> Andromeda_Core_Entities_ControlTheRisks_GetRisks
ControlsController_Metrics --> Andromeda_Core_Entities_Risks_GetControls
ControlsController_Metrics --> Andromeda_Core_Extensions_LinqExtensions_DistinctBy
View Metadata
- View:
Metrics(Andromeda.Web\Views\Controls\Metrics.cshtml) - Model:
dynamic
Detailed Analysis
Key Flows - Summary: Aggregate project-specific controls and risks, fetch and process metrics data, then filter and order results. - Combine all risks and controls into a single ordered list, Retrieve project-specific controls and risks from the model, Aggregate associated risks for each project control, Filter and order controls and risks data for further use - Fetch and process metrics data with risk controls into dynamic objects
Performance Issues - Summary: Multiple database queries and inefficient data handling degrade performance. - Multiple database queries causing overhead, Resource-intensive loops over large collections, Repeated ToList() calls causing multiple data enumerations, Performance overhead from dynamic objects and ExpandoObject usage
Maintainability Issues - Summary: Anonymous and dynamic objects with tight coupling reduce code clarity and maintainability. - Use of anonymous objects and unclear variable names, Tight coupling with GetRisks method and ControlsRisks list, Use of dynamic objects and ExpandoObject complicates code understanding
Test Case Ideas - Summary: Verify correct data retrieval, filtering, ordering, aggregation, and performance for controls and risks. - Correct data retrieval from GetAllRisks and GetAllControls, Project-specific controls retrieval from GetControlsFromObjectiveActivityTable, Project-specific risks retrieval from GetRisksFromObjectiveRiskTable, Handling empty project controls collection, Performance with large project controls collection, Correct population of ControlsRisks list after iteration, Invocation of GetRisks method for each control during aggregation, Accurate retrieval, processing, and mapping of metrics data into dynamic objects, Filtering controls to exclude compensatory controls and ordering by name, Selecting distinct risk data ordered by name
Dependencies & Called Services - Summary: Uses collections and risk-related interfaces for risk control and data manipulation. - ControlTheRisks module, Enumerable utilities, ICollection interface, IRiskModel interface, LinqExtensions methods, Risks data structures
DeleteObjectiveData¶
Summary: Profile and execute deletion of objective data for a specified project.
void ControlsController.DeleteObjectiveData()
Routing
- HTTP:
POST - URL:
/Controls/DeleteObjectiveData
Cross-layer call chain - ControlsController.DeleteObjectiveData → Andromeda.Core.LoggingManager.Error
Call Chain Diagram¶
flowchart TD
Andromeda_Core_LoggingManager_Error["Andromeda.Core.LoggingManager.Error"]
ControlsController_DeleteObjectiveData["ControlsController.DeleteObjectiveData"]
ControlsController_DeleteObjectiveData --> Andromeda_Core_LoggingManager_Error
Detailed Analysis
Key Flows - Summary: Profile and execute deletion of objective data for a specified project. - Start profiling step with MiniProfiler, Retrieve project ID from request form, Get current project from registry, Call DeleteObjective with project ID and current project
Error Flows - Summary: The method lacks explicit exception handling for data conversion and deletion errors. - Missing exception handling, Uncaught errors during data conversion, Uncaught errors during data deletion
Security Issues - Summary: DeleteObjectiveData lacks input validation, risking SQL injection and data tampering. - Public method exposes security risks without input checks
Performance Issues - Summary: No performance issues identified in DeleteObjectiveData method.
Maintainability Issues - Summary: The method uses unclear constants and has an incomplete initial definition. - Use of magic strings and numeric constants reduces clarity, Partially empty initial method definition causes confusion
UX Impact Notes - Summary: No user experience impact as method lacks user-facing code. - No user-facing code, No UX impact
Test Case Ideas - Summary: Verify DeleteObjectiveData endpoint returns 200 OK and profiles execution across projects. - Check endpoint returns 200 OK status - Ensure MiniProfiler Step starts, stops, and collects data, Test DeleteObjective with various project IDs
Dependencies & Called Services - Summary: Uses services for data conversion, process control, logging, and performance profiling. - Data conversion utilities, Performance profiling extensions, DateTime utilities, Control components - Logging management - Process model interface
DeleteObjective¶
Summary: Retrieve objectives by ProjectId, verify ObjectiveID exists, then delete the matching objective.
void ControlsController.DeleteObjective(int ObjectiveID, int ProjectId)
Routing
- URL:
/Controls/DeleteObjective
Cross-layer call chain - ControlsController.DeleteObjective → Andromeda.Core.LoggingManager.Info
Call Chain Diagram¶
flowchart TD
Andromeda_Core_LoggingManager_Info["Andromeda.Core.LoggingManager.Info"]
ControlsController_DeleteObjective["ControlsController.DeleteObjective"]
ControlsController_DeleteObjective --> Andromeda_Core_LoggingManager_Info
Detailed Analysis
Key Flows - Summary: Retrieve objectives by ProjectId, verify ObjectiveID exists, then delete the matching objective. - Delete matching objective via control model - Retrieve objectives by ProjectId, Verify existence of ObjectiveID
Error Flows - Summary: Log unauthorized deletion attempts and throw 403 HttpException for invalid objectives. - Log unauthorized deletion attempt for unmatched ObjectiveID - Throw HttpException 403 with message on invalid project objective
Security Issues - Summary: No security issues identified in DeleteObjective method.
Performance Issues - Summary: No performance issues identified in DeleteObjective method.
Maintainability Issues - Summary: Fix typos and incomplete code to improve readability and prevent compilation errors. - Typo in variable name 'actvitiesByObjective', Incomplete and improperly formatted code blocks, Non-code text causing compilation errors
UX Impact Notes - Summary: Display 403 error for unauthorized objective deletion outside selected project. - 403 error on unauthorized deletion, Objective-project mismatch notification
Test Case Ideas - Summary: Verify DeleteObjective deletes existing objectives and handles absence correctly without errors. - Check Any method returns false for no matching activities - Delete objective with valid ObjectiveID - Return control without errors
Dependencies & Called Services - and logging. - IControlModel for control logic - LoggingManager for logging operations
DeleteObjectiveDataFromTree¶
Summary: The method deletes an objective from the tree and creates a corresponding implementation plan.
void ControlsController.DeleteObjectiveDataFromTree()
Routing
- HTTP:
POST - URL:
/Controls/DeleteObjectiveDataFromTree
Detailed Analysis
Key Flows - Summary: The method deletes an objective from the tree and creates a corresponding implementation plan. - Call IActorModel.createimplementationplan to create deletion plan with subtask details
Error Flows - allowing exceptions to propagate unhandled. - Potential unhandled errors during deletion or plan creation
Security Issues - Summary: Direct use of Request.Form data risks SQL injection and XSS vulnerabilities. - Unvalidated Request.Form data
Maintainability Issues - Summary: Replace magic string 'ControlExistence' with a constant or enum for maintainability. - Magic string 'ControlExistence' usage, Lack of constant or enum for string
UX Impact Notes - Summary: Deletes an objective and creates an implementation plan - Objective deletion, Implementation plan creation, User workflow impact
Test Case Ideas - Summary: Verify DeleteObjectiveDataFromTree handles HTTP POST correctly and deletes objectives. - Create implementation plan with correct details - Delete objective successfully - Invoke method on HTTP POST requests, Reject method on non-POST HTTP methods
Dependencies & Called Services - Summary: Uses Controls, Convert, and IActorModel services for data deletion operations. - Controls service, Convert utility, IActorModel interface
EditObjectiveText¶
Summary: EditObjectiveText processes valid form data, updates the objective, and returns a JsonResult.
JsonResult ControlsController.EditObjectiveText()
Routing
- HTTP:
POST - URL:
/Controls/EditObjectiveText
Detailed Analysis
Key Flows - updates the objective - and returns a JsonResult. - Call UpdateObjective with parameters - Return JsonResult with update status
Error Flows - Summary: Handle invalid or unconvertible form data to prevent method failure or errors. - Invalid form data handling, Missing explicit error handling for conversion failures
Security Issues - Summary: Direct use of Request.Form data risks SQL injection and data tampering. - Lack of input validation, No data sanitization, SQL injection vulnerability, Data tampering risk
Maintainability Issues - Summary: Replace magic number '0' with a named constant to improve code clarity and maintainability. - Use named constant instead of magic number '0' in UpdateObjective method call
UX Impact Notes - Summary: Returning JsonResult risks user flow disruption if client mishandles JSON or errors occur. - User flow disruption from unhandled JSON response
Test Case Ideas - Summary: Verify EditObjectiveText updates objective and returns correct JsonResult on POST. - Return correct JsonResult - Update objective with valid form data
Dependencies & Called Services - Summary: Uses IRiskModel to convert risk data. - IRiskModel dependency, Risk data conversion
EditObjectiveTextFromTree¶
Summary: Extract form data, compare old and new objective details, update objective and implementation plan accordingly.
JsonResult ControlsController.EditObjectiveTextFromTree()
Routing
- HTTP:
POST - URL:
/Controls/EditObjectiveTextFromTree
Detailed Analysis
Key Flows - update objective and implementation plan accordingly. - Call UpdateObjective with objective ID - Call CreateImplementationPlan with project ID and implementation plan - Update SubTask string if only objective group changes
Error Flows - Summary: Method lacks exception handling for invalid or missing form data causing conversion failures. - Conversion failure of objective ID from form due to invalid input, Absence of explicit exception handling for invalid or missing form data
Security Issues - Summary: User input lacks validation and sanitization, causing injection and XSS risks. - Convert user input to integer without validation risks runtime errors and injection, Concatenate user input into HTML without sanitization causes XSS vulnerability
Maintainability Issues - Summary: Replace magic strings and numbers with constants to improve code clarity and maintainability. - Use named constants instead of magic strings, Avoid magic numbers in method parameters, Ensure code snippets are complete and contextually clear
UX Impact Notes - Summary: Display of HTML-formatted SubTask strings affects user understanding and risks malicious content exposure. - HTML-formatted SubTask string affects user understanding, Lack of input sanitization risks rendering malicious content
Test Case Ideas - Summary: Test objective text and group changes to verify update logic and method calls. - Handle missing or empty request form data - Validate SubTask string construction for all old/new objective text and group combinations - Verify no updates when new and old objective text and group are identical - Confirm UpdateObjective method called with correct parameters - Confirm CreateImplementationPlan method called with correct parameters
Dependencies & Called Services - Summary: Convert IActorModel and IRiskModel dependencies. - Convert IActorModel, Convert IRiskModel
JsonDateParse¶
Summary: The method finds all date-like substrings in the input and replaces them with '1900'.
string ControlsController.JsonDateParse(string data)
Routing
- HTTP:
GET - URL:
/Controls/JsonDateParse
Detailed Analysis
Key Flows - Summary: The method finds all date-like substrings in the input and replaces them with '1900'. - Return modified string
Error Flows - Summary: JsonDateParse lacks explicit error handling for malformed or empty inputs. - No explicit error handling for malformed input, No exceptions thrown on invalid or empty strings, Undefined behavior on invalid date formats
Security Issues - Summary: Unsanitized input risks ReDoS in JsonDateParse method. - Unsanitized input causes ReDoS vulnerability, Lack of input validation enables denial of service
Performance Issues - Summary: Optimize JsonDateParse by reducing regex creation, large string matches, and repeated replacements. - Frequent creation of new Regex objects, High resource use on large input string matches, Performance degradation from repeated string replacements in loops
Maintainability Issues - Summary: Hardcoded patterns and unclear naming reduce flexibility and readability. - Hardcoded regex pattern and options limit date parsing flexibility, Non-descriptive variable names reduce code readability, Hardcoded replacement value '1900' reduces adaptability, Magic numbers and unclear comments lack named constants for clarity
Test Case Ideas - Summary: Test JsonDateParse for performance and correct date substring replacement. - Performance testing with large input strings, Verify correct replacement of matched date substrings with '1900'
Dependencies & Called Services - Summary: Parse JSON dates using regex on strings. - Regex for pattern matching, String manipulation for date parsing
ApplyControls¶
Summary: ApplyControls retrieves form data, saves controls, fetches updated control data, and returns it as JSON while profiling performance.
JsonResult ControlsController.ApplyControls()
Routing
- HTTP:
POST - URL:
/Controls/ApplyControls
Detailed Analysis
Key Flows - fetches updated control data - and returns it as JSON while profiling performance. - Fetch updated control data via GetJsonForObjActivityRiskControl - Return updated data as JsonResult
Error Flows - Summary: ApplyControls lacks error handling for data conversion and saving exceptions. - Convert.ToInt32 usage without error handling, No exception handling during data conversion, No error handling during data saving, Uncaught exceptions degrade user experience
Security Issues - Summary: Using Request.Form data without validation risks SQL injection and XSS attacks. - Unvalidated Request.Form data
Performance Issues - Summary: No performance issues identified in ApplyControls method.
Maintainability Issues - Summary: The method's tight coupling and missing error handling reduce maintainability. - Tight coupling with Request.Form and SaveApplyControls hinders testing and maintenance, Lack of error handling and input validation reduces code robustness
UX Impact Notes - Summary: Lack of error handling and feedback harms user experience during form errors or save failures. - Negative user experience from unhandled errors
Test Case Ideas - Summary: Verify ApplyControls handles POST - and returns correct JSON. - Handle HTTP POST requests - Return JsonResult - Return expected JSON from GetJsonForObjActivityRiskControl
Dependencies & Called Services - Summary: ApplyControls uses Controls, Convert, and MiniProfilerExtensions dependencies. - Controls dependency, Convert utility, MiniProfilerExtensions profiling tool
SaveApplyControls¶
Summary: Retrieve project ID, update impact statuses, save and apply controls, then return the result.
Tuple<ImplemenationPlan, string> ControlsController.SaveApplyControls(int objectiveId, int activityId, string riskId, List<string> SelectedControls, string comment, List<CompensatoryActivities> compensateActivityControls, string IdType)
Routing
- URL:
/Controls/SaveApplyControls
Detailed Analysis
Key Flows - update impact statuses - then return the result. - Return result tuple from control model's SaveApplyControls - Update project impact status with specific fields - Update complete project impact status with navigation URI
Maintainability Issues - Summary: Long method call chain with many parameters reduces readability and maintainability. - Long method call chain, Excessive method parameters, Reduced readability, Reduced maintainability
Test Case Ideas - Summary: Verify SaveApplyControls updates impact statuses and returns expected results. - Confirm complete impact status updates for given project ID - Verify method returns expected result from control model - Validate method returns expected tuple structure
Dependencies & Called Services - Summary: SaveApplyControls depends on IControlModel and IImpactModel services. - Dependency on IControlModel service, Dependency on IImpactModel service
ApplyControlsFromTree¶
Summary: Processes POST request to apply controls, save them, and create an implementation plan.
JsonResult ControlsController.ApplyControlsFromTree()
Routing
- HTTP:
POST - URL:
/Controls/ApplyControlsFromTree
Detailed Analysis
Key Flows - and create an implementation plan. - Process POST request for control application - Generate implementation plan with IActorModel.createimplementationplan
Security Issues - Summary: Unvalidated session values pose security risks. - Use of session values without validation, Lack of input sanitization on session data
Performance Issues - Summary: No performance issues identified in ApplyControlsFromTree method.
Maintainability Issues - Summary: Remove commented-out code to improve maintainability and reduce dead code. - Commented-out code indicating dead or outdated implementations
Test Case Ideas - and returns valid results. - Return valid JsonResult - Integrate with IActorModel.createimplementationplan for plan creation
Dependencies & Called Services - Summary: ApplyControlsFromTree uses Controls, Convert, and IActorModel dependencies. - Controls dependency, Convert utility, IActorModel interface
GetJsonForObjActivityRiskControl¶
Summary: Fetch objective activity risk control and compensatory activities, then return as JSON.
JsonResult ControlsController.GetJsonForObjActivityRiskControl()
Routing
- URL:
/Controls/GetJsonForObjActivityRiskControl
Detailed Analysis
Key Flows - then return as JSON. - Return data as JsonResult
Performance Issues - Summary: Multiple LINQ queries degrade performance on large data sets. - Performance degradation on large data sets
Maintainability Issues - Summary: Complex LINQ queries reduce code maintainability and readability. - Complex LINQ queries, Difficult to understand and maintain code
Test Case Ideas - Summary: Verify JsonResult output, correct nested data, empty data handling, and performance with large data. - Handle empty data sets without errors - Return JsonResult object - Return correct nested dictionary for project - Ensure performance and correctness with large data sets
Dependencies & Called Services - Summary: Uses data collections and control models with integer and string types. - Enumerable collections, IControlModel interface, Integer data types, String data types
UpdateBCPActivity¶
Summary: UpdateBCPActivity calls the model to update activity by ProjectID and returns the updated BCP object.
BCP ControlsController.UpdateBCPActivity(int activity, int ProjectID)
Routing
- HTTP:
GET - URL:
/Controls/UpdateBCPActivity
Detailed Analysis
Key Flows - Summary: UpdateBCPActivity calls the model to update activity by ProjectID and returns the updated BCP object. - Call controlModel.UpdateBCPActivity with parameters - Return updated BCP object from model
Maintainability Issues - Summary: Method name conflicts with class method name, causing confusion. - Method name duplicates class method name, Potential confusion from naming conflict
Test Case Ideas - Summary: Verify method handles GET requests and updates BCP with valid inputs. - Handle HTTP GET requests correctly - Return correct updated BCP object - Update BCP with valid activity and ProjectID
Dependencies & Called Services - Summary: UpdateBCPActivity depends on IControlModel service. - IControlModel service dependency
CalculaterRPN¶
Summary: Calculate RPN by retrieving project activities and risks, processing controls, and applying control factors to update RPN values.
int ControlsController.CalculaterRPN(int ActivityID, IList<ActivityControl> activityControls, IList<ActivityControlDetails> activityControlDetails, int ObjectiveId, IList<Objectives> objectives)
Routing
- URL:
/Controls/CalculaterRPN
Cross-layer call chain - ControlsController.CalculaterRPN → Andromeda.Core.Entities.ActivityControl.Clone - ControlsController.CalculaterRPN → Insorce.Helpers.Helpers.BuildCompRow - Insorce.Helpers.Helpers.BuildCompRow → Andromeda.Core.Entities.ActivityControl.Clone
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_ActivityControl_Clone["Andromeda.Core.Entities.ActivityControl.Clone"]
ControlsController_CalculaterRPN["ControlsController.CalculaterRPN"]
Insorce_Helpers_Helpers_BuildCompRow["Insorce.Helpers.Helpers.BuildCompRow"]
ControlsController_CalculaterRPN --> Andromeda_Core_Entities_ActivityControl_Clone
ControlsController_CalculaterRPN --> Insorce_Helpers_Helpers_BuildCompRow
Insorce_Helpers_Helpers_BuildCompRow --> Andromeda_Core_Entities_ActivityControl_Clone
Detailed Analysis
Key Flows - and applying control factors to update RPN values. - Process compensatory controls by splitting and cloning - Apply control attribute factors and update revised RPN - Return final calculated RPN value
Error Flows - Summary: Handle null references and fix malformed code to prevent runtime and compilation errors. - Null reference exceptions from unchecked collections or properties
Security Issues - Summary: No security vulnerabilities found in the CalculaterRPN method. - No security vulnerabilities identified
Performance Issues - Summary: Optimize database calls, LINQ usage, and large collection iterations to improve performance. - RemoveAll method slowing down on large datasets
Maintainability Issues - complex logic - Use of anonymous types and magic strings reduces clarity and maintainability, Non-descriptive variable names hinder code understanding, Incomplete and malformed code snippets cause readability and compilation issues, Complex conditional statements and LINQ expressions lack explanatory comments, Fragile assumptions about input string formatting risk errors, Magic constants used without named constants reduce readability
Test Case Ideas - Summary: Validate RPN calculation correctness - Correct invocation of model update methods with proper parameters
Dependencies & Called Services - Summary: CalculaterRPN uses core data structures, string manipulation, enumeration, conversion, and risk modeling services. - Core data structures: List, Int32, String, Enumeration utilities: Enumerable, Conversion utilities: Convert, Activity control services: ActivityControl, Helper functions: Helpers, Risk modeling interface: IRiskModel
SaveMetrics¶
Summary: Retrieve, deserialize, save metrics data, and update impact statuses successfully.
ActionResult ControlsController.SaveMetrics(FormCollection frm)
Routing
- HTTP:
POST - URL:
/Controls/SaveMetrics
Detailed Analysis
Key Flows - and update impact statuses successfully. - Retrieve metrics data from form, Deserialize metrics data, Save metrics data - Update impact statuses
Error Flows - Summary: SaveMetrics lacks explicit error handling for invalid or missing metrics data. - Missing explicit error handling for invalid metrics data, No visible handling for absent metrics input
Security Issues - Summary: Deserialization vulnerability risks in Json.Decode during metrics data processing. - Deserialization vulnerability in Json.Decode, Unsafe decoding of metrics data from form
Performance Issues - Summary: Using Distinct on large metric ID collections degrades performance. - Use of Distinct on large metric ID collections
Maintainability Issues - Summary: Replace magic strings with named constants to improve code readability and maintainability. - Use named constants instead of magic strings for Request.Form keys
UX Impact Notes - Summary: Updates to impact status indirectly affect user flows. - Indirect user flow impact from status updates
Test Case Ideas - Summary: Verify SaveMetrics handles POST requests - and updates impact status correctly. - Perform impact status updates after saving metrics
Dependencies & Called Services - Summary: Uses collections and interfaces for impact and risk modeling. - Enumerable collection, IImpactModel interface, IRiskModel interface
GetTODFormat¶
Summary: No key flows are defined for the GetTODFormat method.
string ControlsController.GetTODFormat(Arrow waittype)
Routing
- URL:
/Controls/GetTODFormat
Detailed Analysis
Key Flows - Summary: No key flows are defined for the GetTODFormat method.
Error Flows - Summary: The method lacks exception handling and contains incomplete code, causing runtime and compilation errors. - Missing exception handling for invalid waittype.TOD values, Incomplete conditionals causing compilation or runtime errors
Performance Issues - Summary: Optimize repeated string conversions and complex conditional parsing for better performance. - Repeated calls to waittype.TOD.ToString() causing inefficiencies, Repeated string-to-DateTime conversions, Complex conditional expressions inside TimeSpan.Parse, Repeated string operations
Maintainability Issues - Summary: Refactor method to remove repeated conversions and replace magic strings with constants. - Repeated conversions violate DRY principle, Magic strings reduce readability and maintainability, Incomplete code hinders understanding and maintenance
UX Impact Notes - Summary: Correct time formatting improves user experience by ensuring clarity. - Accurate singular/plural time units, Clear time string formatting
Test Case Ideas - Summary: Test TOD parsing and conversion for spaces, varied values, and zero time components. - TOD with and without spaces to cover branches, Various TOD values for correct TimeSpan conversion, Edge cases with zero days, hours, minutes, seconds
Dependencies & Called Services - Summary: Uses Convert, String, and TimeSpan classes for data conversion and time manipulation. - Convert class usage, String operations, TimeSpan manipulation
IdentifyControl¶
Summary: Retrieve and process project data, aggregate activity properties, associate risks and controls, and identify missing control mappings.
ActionResult ControlsController.IdentifyControl()
Routing
- HTTP:
GET - URL:
/Controls/IdentifyControl
Cross-layer call chain - ControlsController.IdentifyControl → Andromeda.Core.Entities.ActivityActorArrow.Clone - ControlsController.IdentifyControl → Insorce.Helpers.Helpers.FormatTime
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_ActivityActorArrow_Clone["Andromeda.Core.Entities.ActivityActorArrow.Clone"]
ControlsController_IdentifyControl["ControlsController.IdentifyControl"]
Insorce_Helpers_Helpers_FormatTime["Insorce.Helpers.Helpers.FormatTime"]
ControlsController_IdentifyControl --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_IdentifyControl --> Insorce_Helpers_Helpers_FormatTime
View Metadata
- View:
IdentifyControl(Andromeda.Web\Views\Controls\IdentifyControl.cshtml) - Model:
Tuple<IList<Andromeda.Core.Entities.Risks>, IList<Andromeda.Core.Entities.ObjectRiskActivities>>
Detailed Analysis
Key Flows - Summary: Retrieve and process project data, aggregate activity properties, associate risks and controls, and identify missing control mappings. - Retrieve project data: activities, objectives, risks, activity groups, Aggregate BusinessRule, DOE, and Form properties in activities and groups, Sort and aggregate activity actor arrows; calculate total effort, Associate objectives with relevant risks and activities via ObjectRiskActivities, Retrieve and filter controls to find missing mappings in activity control tables
Error Flows - Summary: Handle empty ObjectRiskActivities and prevent null reference exceptions during aggregation. - Return 'InsufficientData' view if ObjectRiskActivities list is empty
Security Issues - Summary: Prevent SQL injection by sanitizing parameters and complete code handling. - SQL injection risk from unsanitized ProjectId and objectiveID in database calls, Incomplete code and variable declarations risking security vulnerabilities
Performance Issues - Summary: Repeated and nested LINQ calls with ToList() cause performance and memory issues. - Repeated LINQ methods on large collections causing bottlenecks, Use of ToList() in loops causing unnecessary memory allocation, Nested LINQ queries and multiple Any() calls reducing performance
Maintainability Issues - duplicated logic - Duplicated filtering and aggregation logic
UX Impact Notes - handles missing data with fixed error message - risks slow UI on large datasets. - Return fixed 'InsufficientData' error view for missing data - Risk slow page loads and unresponsive UI with large datasets
Test Case Ideas - Summary: Verify correct data retrieval, object creation, filtering, error handling, and method calls in IdentifyControl. - Correct data return for valid ProjectId including activities - Aggregation and assignment of activity properties to activity objects - Return of InsufficientData view with correct error message when no ObjectRiskActivities found
Dependencies & Called Services - Summary: Uses interfaces and collections to model and process control-related data. - ActivityActorArrow service, Enumerable utilities, Helper functions, IActorModel interface, ICollection interface, IControlModel interface, IProcessModel interface, IRiskModel interface, Int32 type, List collection, String type, TimeSpan type
GetActivityRanks¶
Summary: Retrieve and process activities by valid ID and type, then calculate ranks and levels for activities and groups.
JsonResult ControlsController.GetActivityRanks(int actId, String Type)
Routing
- HTTP:
GET - URL:
/Controls/GetActivityRanks
Cross-layer call chain - ControlsController.GetActivityRanks → Andromeda.Core.Services.ProcessExtensions.FindByID - ControlsController.GetActivityRanks → Andromeda.Core.Services.Algorithms.Delooper.PossiblePath - Andromeda.Core.Services.Algorithms.Delooper.PossiblePath → Andromeda.Core.Services.ProcessExtensions.FindByID - Andromeda.Core.Services.Algorithms.Delooper.PossiblePath → Andromeda.Core.LoggingManager.Exception
Call Chain Diagram¶
flowchart TD
Andromeda_Core_LoggingManager_Exception["Andromeda.Core.LoggingManager.Exception"]
Andromeda_Core_Services_Algorithms_Delooper_PossiblePath["Andromeda.Core.Services.Algorithms.Delooper.PossiblePath"]
Andromeda_Core_Services_ProcessExtensions_FindByID["Andromeda.Core.Services.ProcessExtensions.FindByID"]
ControlsController_GetActivityRanks["ControlsController.GetActivityRanks"]
Andromeda_Core_Services_Algorithms_Delooper_PossiblePath --> Andromeda_Core_LoggingManager_Exception
Andromeda_Core_Services_Algorithms_Delooper_PossiblePath --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_GetActivityRanks --> Andromeda_Core_Services_Algorithms_Delooper_PossiblePath
ControlsController_GetActivityRanks --> Andromeda_Core_Services_ProcessExtensions_FindByID
Detailed Analysis
Key Flows - Summary: Retrieve and process activities by valid ID and type, then calculate ranks and levels for activities and groups. - Calculate ranks and levels for activities and groups - Retrieve activities, arrows, product factors, and properties by valid activity ID and type, Iterate and filter activity groups by matching IDs and types, Aggregate rank data for valid activity groups
Error Flows - Summary: Handle invalid input and prevent null reference exceptions in activity and group processing. - Return JSON false for invalid or missing input data
Performance Issues - Summary: Optimize LINQ usage and collection handling to improve performance on large datasets. - Inefficient use of FirstOrDefault and OrderBy on large datasets
Maintainability Issues - Summary: Refactor method to separate concerns, clarify code, and remove dead code. - Unused or unpopulated variables indicate dead code or missing logic
UX Impact Notes - Summary: Returning JSON requires robust error handling to ensure accurate user information. - Dependence on proper JSON formatting and error handling, Client-side handling for false JSON responses to inform users, Risk of incomplete or incorrect data causing misleading user information
Test Case Ideas - Summary: Verify correct activity ranks, type handling, arrow filtering, and rank calculations. - Initialization logic in baseActivities lambda - Return of anonymous object with expected properties
Dependencies & Called Services - Summary: Uses collections, math, string operations, process extensions, and actor, control, risk models. - Dictionary usage, Enumerable operations, List usage, Math functions, String operations, IActorModel interface, IControlModel interface, IRiskModel interface - ProcessExtensions utilities
DoNotMitigate¶
Summary: The method processes requests exclusively via HTTP POST and disables HTTP GET access.
JsonResult ControlsController.DoNotMitigate()
Routing
- HTTP:
POST - URL:
/Controls/DoNotMitigate
Detailed Analysis
Key Flows - Summary: The method processes requests exclusively via HTTP POST and disables HTTP GET access. - Invoke method via HTTP POST only, Disable HTTP GET access
Maintainability Issues - Summary: The method contains incomplete and commented-out code, reducing maintainability. - Incomplete code, Commented-out code
Test Case Ideas - Summary: Verify method access restrictions and valid response for correct input. - Return valid ActionResult for valid project ID
Dependencies & Called Services - Summary: Uses Controls and Convert services for dependency management. - Controls service usage, Convert service usage
SaveDoNotMitigate¶
Summary: SaveDoNotMitigate processes input parameters, calls controlModel to save data, and returns the updated ImplementationPlan.
ImplemenationPlan ControlsController.SaveDoNotMitigate(int objectiveId, int activityId, string riskId, string commentText, int doNotApplyType, string IdType)
Routing
- URL:
/Controls/SaveDoNotMitigate
Detailed Analysis
Key Flows - and returns the updated ImplementationPlan. - Return updated ImplementationPlan from controlModel
Maintainability Issues - Summary: Improve method and parameter naming for better code clarity. - Non-descriptive method name, Inconsistent parameter naming conventions
Test Case Ideas - and returns expected result. - Return expected ImplementationPlan result
Dependencies & Called Services - Summary: SaveDoNotMitigate depends on IControlModel service. - IControlModel service dependency
DoNotMitigateFromTree¶
Summary: No key flows are defined in the DoNotMitigateFromTree method.
JsonResult ControlsController.DoNotMitigateFromTree()
Routing
- HTTP:
POST - URL:
/Controls/DoNotMitigateFromTree
Detailed Analysis
Key Flows - Summary: No key flows are defined in the DoNotMitigateFromTree method.
Error Flows - Summary: Handle missing or invalid input parameters to prevent exceptions and incorrect processing. - Missing input parameter validation, Exceptions from invalid inputs, Incorrect processing due to invalid inputs
Security Issues - Summary: Directly converting user input to integers without validation risks SQL injection and data tampering. - Lack of input validation, SQL injection vulnerability, Data tampering risk
Performance Issues - Summary: No performance issues identified.
Maintainability Issues - Summary: Replace magic strings with constants or enums to improve maintainability. - Use of magic strings for parameter keys, Lack of constants or enums for parameter keys
UX Impact Notes - Summary: Missing input validation and error handling degrade user experience and cause errors. - Lack of input validation, Absence of error handling, Poor user experience on invalid or missing parameters
Test Case Ideas - Summary: Verify DoNotMitigateFromTree processes POST requests and calls dependent methods with correct parameters. - Call CreateImplementationPlan with correct parameters after saving - Handle HTTP POST requests
Dependencies & Called Services - Summary: Uses Controls, Convert, and IActorModel dependencies. - Controls dependency, Convert dependency, IActorModel dependency
GetAllActivityRanking¶
Summary: GetAllActivityRanking retrieves and returns the complete activity ranking list.
JsonResult ControlsController.GetAllActivityRanking(int objectiveId, string objectiveText)
Routing
- HTTP:
GET - URL:
/Controls/GetAllActivityRanking
Cross-layer call chain - ControlsController.GetAllActivityRanking → Andromeda.Core.Models.ActivitySearch.CreateIndex - ControlsController.GetAllActivityRanking → Andromeda.Core.Models.ActivitySearch.Search
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Models_ActivitySearch_CreateIndex["Andromeda.Core.Models.ActivitySearch.CreateIndex"]
Andromeda_Core_Models_ActivitySearch_Search["Andromeda.Core.Models.ActivitySearch.Search"]
ControlsController_GetAllActivityRanking["ControlsController.GetAllActivityRanking"]
ControlsController_GetAllActivityRanking --> Andromeda_Core_Models_ActivitySearch_CreateIndex
ControlsController_GetAllActivityRanking --> Andromeda_Core_Models_ActivitySearch_Search
Detailed Analysis
Key Flows - Summary: GetAllActivityRanking retrieves and returns the complete activity ranking list. - Fetch all activity rankings - Return complete ranking data
Error Flows - Summary: The method lacks explicit error handling and exception management. - No explicit error handling, No exception management implemented
Maintainability Issues - Summary: Remove commented-out code and incomplete fragments to improve maintainability. - Commented-out code reduces maintainability and clarity, Empty statements and incomplete code fragments decrease code clarity
Test Case Ideas - Summary: Ensure GetAllActivityRanking executes without errors and returns expected default results. - Return expected default JsonResult
Dependencies & Called Services - Summary: Uses ActivitySearch, Enumerable, and IRiskModel services for activity ranking. - ActivitySearch service, Enumerable utility, IRiskModel interface
SaveNewMetric¶
Summary: Process form data to create a new metric with associated risks and controls, then return it as JSON.
JsonResult ControlsController.SaveNewMetric()
Routing
- HTTP:
POST - URL:
/Controls/SaveNewMetric
Detailed Analysis
Key Flows - Summary: Process form data to create a new metric with associated risks and controls - then return it as JSON. - Create metric object via IControlModel.CreateMetric - Create metric risk controls for each control via IControlModel.CreateMetricRiskControl - Decode 'Ris' JSON to assign Risk property if present - Assign RiskId to metric - Return serialized metric object as JSON response
Error Flows - Summary: Handle missing form keys and malformed JSON to prevent runtime errors and vulnerabilities. - Early returns from empty or null string checks
Security Issues - Summary: Prevent JSON deserialization vulnerabilities from malicious Request.Form data. - JSON deserialization vulnerability from Request.Form data
Performance Issues - Summary: Optimize repeated conversions, collection operations, and large control iterations to improve performance. - Repeated Convert.ToBoolean calls without optimization, Use of Distinct() and ToList() on large collections, Creating metric risk control for each control in large Controls collection
Maintainability Issues - Summary: Refactor to remove repeated code, clarify variables, and eliminate incomplete statements. - Repeated code violates DRY principle in form data boolean conversion, Use of magic strings reduces code clarity and maintainability, Undefined or unclear variables complicate code understanding, Incomplete code chunks and empty statements reduce readability and confuse maintainers
UX Impact Notes - Summary: User receives metric JSON response; errors cause silent save failures harming UX. - User receives JSON response with metric object, Form data or JSON errors cause silent metric save failures, Lack of clear user feedback on save errors
Test Case Ideas - Summary: Validate form data parsing - conditional logic - Convert form data to expected C# types including booleans, Deserialize JSON from 'Ris' and 'ols' with valid and malicious inputs, Test conditional branches for risk IDs and flags, Verify method response JSON structure and content, Assess performance with large Controls collections - Handle missing or malformed form data keys
Dependencies & Called Services - Summary: Uses conversion and enumeration utilities with control model and string types. - Conversion utilities, Enumeration utilities, Control model interface, String type
EditMetric¶
Summary: Retrieve metric data from the request, verify condition, and update metric via controlModel.
JsonResult ControlsController.EditMetric()
Routing
- HTTP:
POST - URL:
/Controls/EditMetric
Cross-layer call chain - ControlsController.EditMetric → Andromeda.Core.DataManager.Execute - Andromeda.Core.DataManager.Execute → Andromeda.Core.LoggingManager.Debug - Andromeda.Core.DataManager.Execute → Andromeda.Core.Database.helper.SqlParameters
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_Execute["Andromeda.Core.DataManager.Execute"]
Andromeda_Core_Database_helper_SqlParameters["Andromeda.Core.Database.helper.SqlParameters"]
Andromeda_Core_LoggingManager_Debug["Andromeda.Core.LoggingManager.Debug"]
ControlsController_EditMetric["ControlsController.EditMetric"]
Andromeda_Core_DataManager_Execute --> Andromeda_Core_Database_helper_SqlParameters
Andromeda_Core_DataManager_Execute --> Andromeda_Core_LoggingManager_Debug
ControlsController_EditMetric --> Andromeda_Core_DataManager_Execute
Detailed Analysis
Key Flows - and update metric via controlModel. - Check 'IsMet' condition to continue or return - Retrieve metric data and flags from POST form - Update metric using controlModel.EditMetric
Error Flows - Summary: Handle missing keys and failed edits with proper JSON error responses. - Return JSON failure if EditMetric returns false
Security Issues - Summary: No security concerns identified in EditMetric method.
Maintainability Issues - Summary: EditMetric uses unclear names, magic strings, and incomplete code, reducing maintainability. - Use of magic strings for Request.Form keys reduces maintainability, Incomplete and malformed code fragments hinder understanding and maintenance, Method name 'EditMetric' poorly reflects condition 'IsMet', causing confusion, Unclear variable usage and lack of context reduce code clarity
UX Impact Notes - Summary: Early failure responses and malformed JSON cause UI errors and confusion. - Early returns with failure JSON disrupt user flows and trigger error messages - Incomplete or malformed return statements cause unexpected user errors - Undefined or partial JSON properties lead to improper UI updates and confusion
Test Case Ideas - Summary: Verify EditMetric handles form data - conditional logic - Return early if 'IsMet' is false; proceed if true - Validate conditional branches for 'metricText' and metric identifiers
Dependencies & Called Services - Summary: EditMetric uses Convert and IControlModel dependencies. - Convert dependency, IControlModel dependency
GetPattern¶
Summary: Check and assign project ID, retrieve and parse XML pattern, extract and organize elements, return JSON result.
JsonResult ControlsController.GetPattern(int? actID, string ctrlID, string rID, string Proj, int? objId)
Routing
- HTTP:
GET - URL:
/Controls/GetPattern
Detailed Analysis
Key Flows - Summary: Check and assign project ID - return JSON result. - Return organized data as JSON result - Check and assign Registry.SimulationProjectId to Proj
Error Flows - Summary: Handle XML parsing errors and complete conditional checks to prevent runtime failures. - Incomplete conditional checks causing potential runtime errors
Security Issues - Summary: Prevent XML injection by sanitizing input XML strings before parsing. - XML injection vulnerability, Lack of input XML sanitization before parsing
Performance Issues - Summary: No performance issues identified in GetPattern method.
Maintainability Issues - Summary: Fix incomplete comparisons, typos, unclear variable names, magic strings, and improve JSON result clarity. - Incomplete if statement comparison with Registry.SimulationProjectId, Typo in 'ToString' method call, Anonymous objects reduce JSON result clarity and maintainability, Non-descriptive variable names (actID, ctrlID, rID, Proj, objId), Use of magic strings instead of named constants or enums
UX Impact Notes - Summary: GetPattern returns JSON data affecting web page display and application usage. - JsonResult provides data for web page or application, No direct UX impact from backend XML parsing
Test Case Ideas - Summary: Verify GetPattern behavior with Registry.SimulationProjectId, XML parsing, and JSON output. - Test GetPatternXml call with correct parameters and expected XML return
Dependencies & Called Services - Summary: Uses core system and XML classes for data manipulation and control. - System Controls, Data Conversion utilities, Enumerable collections, Integer operations, String handling, Text reading, XML container manipulation, XML element processing
BCPLocations¶
Summary: BCPLocations handles an HTTP GET request, retrieves BCP teams, and returns a populated view.
ActionResult ControlsController.BCPLocations()
Routing
- HTTP:
GET - URL:
/Controls/BCPLocations
View Metadata
- View:
BCPLocations(Andromeda.Web\Views\Controls\BCPLocations.cshtml)
Detailed Analysis
Key Flows - Summary: BCPLocations handles an HTTP GET request - and returns a populated view. - Return view with GetBcpTeams data
UX Impact Notes - Summary: Returns a View displaying BCP teams data to the user. - Return View
Test Case Ideas - Summary: Verify BCPLocations handles GET requests - and returns the expected view. - Return view with expected data - Handle HTTP GET requests correctly
Dependencies & Called Services - Summary: BCPLocations depends on IControlModel service. - Dependency on IControlModel service
SaveBcpOfficeLocations¶
Summary: SaveBcpOfficeLocations processes a POST request to save BCP office locations and update impact status, returning a JSON result.
JsonResult ControlsController.SaveBcpOfficeLocations()
Routing
- HTTP:
POST - URL:
/Controls/SaveBcpOfficeLocations
Detailed Analysis
Key Flows - Summary: SaveBcpOfficeLocations processes a POST request to save BCP office locations and update impact status - returning a JSON result. - Return JSON result with operation outcome - Update impact status via IImpactModel.setcompleteimpactstatus or setimpactstatus
Error Flows - Summary: Handle JSON deserialization errors gracefully in SaveBcpOfficeLocations. - JSON deserialization failure handling, Graceful error management for invalid input
Security Issues - Summary: Prevent JSON deserialization attacks by validating input before decoding. - Lack of input validation before JSON deserialization, Use of System.Web.Helpers.Json.Decode without safeguards
Performance Issues - Summary: Json.Decode causes performance issues with large JSON inputs. - Use of System.Web.Helpers.Json.Decode, Performance impact on large JSON processing
Maintainability Issues - Summary: Replace magic string with constant to improve maintainability. - Use constant instead of magic string 'BCPLocations' for request form access
UX Impact Notes - Summary: Return JSON requires proper client-side handling for smooth UX. - JSON result return
Test Case Ideas - Summary: Verify SaveBcpOfficeLocations handles POST requests - and updates impact status. - Invoke SaveBcpOfficeLocations on HTTP POST, Save BCP office locations with valid JSON input - Update impact status after saving locations
Dependencies & Called Services - Summary: Uses IActorModel and IImpactModel services for data operations. - IActorModel service dependency, IImpactModel service dependency
ControlExistence¶
Summary: Retrieve and process project data to aggregate activities, risks, controls, and metrics for view presentation.
ActionResult ControlsController.ControlExistence(string screen)
Routing
- HTTP:
GET - URL:
/Controls/ControlExistence
Cross-layer call chain - ControlsController.ControlExistence → Andromeda.Core.Entities.ActivityActorArrow.Clone - ControlsController.ControlExistence → Insorce.Helpers.Helpers.FormatTime
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_ActivityActorArrow_Clone["Andromeda.Core.Entities.ActivityActorArrow.Clone"]
ControlsController_ControlExistence["ControlsController.ControlExistence"]
Insorce_Helpers_Helpers_FormatTime["Insorce.Helpers.Helpers.FormatTime"]
ControlsController_ControlExistence --> Andromeda_Core_Entities_ActivityActorArrow_Clone
ControlsController_ControlExistence --> Insorce_Helpers_Helpers_FormatTime
View Metadata
- View:
ControlExistence(Andromeda.Web\Views\Controls\ControlExistence.cshtml) - Model:
Tuple<IList<Andromeda.Core.Entities.ObjectRiskActivities>, List<Andromeda.Core.Entities.Risks>, IList<Andromeda.Core.Entities.ActivityActorArrow>>
Detailed Analysis
Key Flows - Summary: Retrieve and process project data to aggregate activities, risks, controls, and metrics for view presentation. - Calculate control coverage percentages per objective and assign metrics to ViewData for display - Process activity groups by filtering activities and assigning aggregated business rules and DOE values - Assign processed data to ViewBag for activity control risk objectives
Error Flows - Summary: ControlExistence lacks explicit error handling for invalid or missing input parameters. - No explicit exception handling, No validation for invalid or missing projectId
Security Issues - Summary: ControlExistence risks SQL injection and ID manipulation without input validation. - SQL injection from unsanitized input parameters, ID manipulation without explicit validation or sanitization
Performance Issues - Summary: Excessive LINQ calls and repeated enumerations degrade performance on large datasets. - Division by zero handled but calculations on large data impact performance
Maintainability Issues - Summary: Refactor complex, repetitive, and unclear code to improve readability and maintainability. - Repeated filtering and aggregation logic requires extraction into methods
UX Impact Notes - Summary: Processes backend data affecting displayed control coverage information. - Assign control coverage percentages to ViewBag/ViewData - Process backend data
Test Case Ideas - Summary: Verify data correctness, filtering, aggregation, relationships, performance, and ViewBag population. - Calculate control coverage percentages with division by zero handling - Handle activities with no matching properties - Process activity groups including business rules, DOE, and form values - Return correct data for valid project ID - Ensure performance and correctness with large datasets - Generate and assign process map data
Dependencies & Called Services - and utility classes for control existence checks. - Helpers and ActivityActorArrow for domain-specific logic
RiskObjective¶
Summary: Handle HTTP GET request to RiskObjective endpoint by verifying control existence and returning the result.
ActionResult ControlsController.RiskObjective()
Routing
- HTTP:
GET - URL:
/Controls/RiskObjective
Detailed Analysis
Key Flows - Summary: Handle HTTP GET request to RiskObjective endpoint by verifying control existence and returning the result. - Return ActionResult to client
UX Impact Notes - Summary: Returns ActionResult affecting user navigation or display based on control existence. - ActionResult return
Test Case Ideas - Summary: Verify RiskObjective handles GET requests - and returns correct ActionResult. - Return expected ActionResult based on ControlExistence response - Handle HTTP GET request
Dependencies & Called Services - Summary: Uses Controls service for risk objective management. - Controls service dependency
RiskType¶
Summary: Handles HTTP GET request by invoking ControlExistence with 'RiskType' and returns its result.
ActionResult ControlsController.RiskType()
Routing
- HTTP:
GET - URL:
/Controls/RiskType
Detailed Analysis
Key Flows - Summary: Handles HTTP GET request by invoking ControlExistence with 'RiskType' and returns its result. - Return ActionResult from ControlExistence
UX Impact Notes - Summary: The method's GET access and dependency on ControlExistence affect user interaction flow. - User flow depends on ControlExistence method result returned by this method
Test Case Ideas - Summary: Verify RiskType handles GET requests - and returns correct ActionResult. - Return ActionResult based on ControlExistence output - Handle HTTP GET requests
Dependencies & Called Services - Summary: Uses Controls service for risk type management. - Controls service dependency
Vulnerability¶
Summary: The method handles an HTTP GET request by invoking ControlExistence with 'Vulnerability' and returns its result.
ActionResult ControlsController.Vulnerability()
Routing
- HTTP:
GET - URL:
/Controls/Vulnerability
Detailed Analysis
Key Flows - Summary: The method handles an HTTP GET request by invoking ControlExistence with 'Vulnerability' and returns its result. - Return ActionResult from ControlExistence
Test Case Ideas - Summary: Verify method handles GET requests - and returns its ActionResult. - Return ActionResult from ControlExistence - Handle HTTP GET request
Dependencies & Called Services - Summary: Controls manages and secures called services dependencies. - Controls dependency usage, Manages called services, Secures service interactions
Adequacy¶
Summary: Aggregate and process project data to evaluate controls, group activities, and prepare detailed view data.
ActionResult ControlsController.Adequacy(string screen)
Routing
- HTTP:
GET - URL:
/Controls/Adequacy
Cross-layer call chain - ControlsController.Adequacy → Andromeda.Core.Services.ProcessExtensions.FindByID - ControlsController.Adequacy → Andromeda.Core.Services.Algorithms.Delooper.GetLoopingArrows - ControlsController.Adequacy → Andromeda.Core.Services.Algorithms.Delooper.deloop - ControlsController.Adequacy → Andromeda.Core.Entities.Activity.Clone - ControlsController.Adequacy → Insorce.Helpers.Helpers.FormatTime - Andromeda.Core.Services.Algorithms.Delooper.deloop → Andromeda.Core.LoggingManager.Error - Andromeda.Core.Services.Algorithms.Delooper.deloop → Andromeda.Core.Services.ProcessExtensions.FindByID
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_Activity_Clone["Andromeda.Core.Entities.Activity.Clone"]
Andromeda_Core_LoggingManager_Error["Andromeda.Core.LoggingManager.Error"]
Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows["Andromeda.Core.Services.Algorithms.Delooper.GetLoopingArrows"]
Andromeda_Core_Services_Algorithms_Delooper_deloop["Andromeda.Core.Services.Algorithms.Delooper.deloop"]
Andromeda_Core_Services_ProcessExtensions_FindByID["Andromeda.Core.Services.ProcessExtensions.FindByID"]
ControlsController_Adequacy["ControlsController.Adequacy"]
Insorce_Helpers_Helpers_FormatTime["Insorce.Helpers.Helpers.FormatTime"]
Andromeda_Core_Services_Algorithms_Delooper_deloop --> Andromeda_Core_LoggingManager_Error
Andromeda_Core_Services_Algorithms_Delooper_deloop --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_Adequacy --> Andromeda_Core_Entities_Activity_Clone
ControlsController_Adequacy --> Andromeda_Core_Services_Algorithms_Delooper_GetLoopingArrows
ControlsController_Adequacy --> Andromeda_Core_Services_Algorithms_Delooper_deloop
ControlsController_Adequacy --> Andromeda_Core_Services_ProcessExtensions_FindByID
ControlsController_Adequacy --> Insorce_Helpers_Helpers_FormatTime
View Metadata
- View:
Adequacy(Andromeda.Web\Views\Controls\Adequacy.cshtml)
Detailed Analysis
Key Flows - Summary: Aggregate and process project data to evaluate controls, group activities, and prepare detailed view data. - Calculate control effectiveness and identify critical activities - Filter and assign properties to activities
Error Flows - Summary: The method lacks explicit error handling or exception management. - Absence of error handling, No exception management
Security Issues - Summary: Prevent SQL injection and JSON deserialization vulnerabilities by sanitizing inputs. - SQL injection risk from unsanitized input in LINQ queries and aggregations, JSON deserialization risk from unsanitized input using System.Web.Helpers.Json.Decode
Performance Issues - Summary: Optimize database calls and collection operations to improve performance and scalability. - Multiple ToList() calls load large data sets fully into memory
Maintainability Issues - Summary: Tight coupling and unclear code reduce maintainability and increase error risk. - Tight coupling with multiple domain models complicates testing and maintenance, Use of magic strings reduces readability and increases error risk, Complex LINQ queries and data transformations reduce code clarity, Anonymous types in projections hinder code understanding and maintenance, Incomplete or unclear code snippets cause compilation issues, Lambda expressions with non-descriptive variable names reduce readability
UX Impact Notes - Summary: Prepares comprehensive ViewData enhancing UI detail without direct user interaction. - Populate ViewData with detailed data sets
Test Case Ideas - Summary: Verify data accuracy, aggregation, filtering, calculations, and performance under various conditions. - Correct and complete data return for projects - Performance with large data sets
Dependencies & Called Services - Summary: Uses core system types, collections, interfaces, and utility classes for process and risk modeling. - Core system types: Int32, String, TimeSpan, Collections: List, ICollection, Enumerable, Interfaces: IActorModel, IControlModel, IProcessModel, IRiskModel, Utility classes: Activity, Dictionary, Helpers, Math, ProcessExtensions
UnderControlled¶
Summary: UnderControlled handles GET requests by clearing a session variable and invoking Adequacy with a specific parameter.
ActionResult ControlsController.UnderControlled()
Routing
- HTTP:
GET - URL:
/Controls/UnderControlled
Detailed Analysis
Key Flows - Summary: UnderControlled handles GET requests by clearing a session variable and invoking Adequacy with a specific parameter. - Return Adequacy method result
UX Impact Notes - Summary: Redirect or result display occurs after session variable clearance. - User redirection based on Adequacy method
Test Case Ideas - Summary: Verify UnderControlled method's HTTP GET response, session clearing, and Adequacy method behavior. - HTTP GET response of UnderControlled method, Clearing of 'CompenActId' session variable after UnderControlled call, Adequacy method result with 'UnderControlled' parameter
Dependencies & Called Services - Summary: Controls manages service dependencies under controlled conditions. - Service dependency control, Managed service interactions
OverControlled¶
Summary: Handles GET request by invoking Adequacy with 'OverControlled' and returns the ActionResult.
ActionResult ControlsController.OverControlled()
Routing
- HTTP:
GET - URL:
/Controls/OverControlled
Detailed Analysis
Key Flows - Summary: Handles GET request by invoking Adequacy with 'OverControlled' and returns the ActionResult. - Return ActionResult
Test Case Ideas - Summary: Verify OverControlled handles GET requests - and returns its ActionResult. - Return ActionResult from Adequacy call - Handle GET request in OverControlled
Dependencies & Called Services - Summary: Controls manages and restricts access to called services. - Access control, Service restriction
IdentifyControlPartial¶
Summary: Retrieve and filter project activities, properties, objectives, risks, and controls, then aggregate and group relevant data.
JsonResult ControlsController.IdentifyControlPartial(int? objectiveId, string riskId)
Routing
- HTTP:
GET - URL:
/Controls/IdentifyControlPartial
Cross-layer call chain - ControlsController.IdentifyControlPartial → Andromeda.Core.Entities.ActivityActorArrow.Clone
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_ActivityActorArrow_Clone["Andromeda.Core.Entities.ActivityActorArrow.Clone"]
ControlsController_IdentifyControlPartial["ControlsController.IdentifyControlPartial"]
ControlsController_IdentifyControlPartial --> Andromeda_Core_Entities_ActivityActorArrow_Clone
View Metadata
- View:
IdentifyControlPartial(Andromeda.Web\Views\Controls\IdentifyControlPartial.cshtml) - Model:
List<Andromeda.Validation.SwimlaneInfo>
Detailed Analysis
Key Flows - Summary: Retrieve and filter project activities, properties, objectives, risks, and controls, then aggregate and group relevant data. - create ObjectRiskActivities when applicable
Error Flows - Summary: Ensure complete null and empty checks to prevent runtime errors and exceptions. - Incomplete null or empty parameter checks causing runtime errors
Security Issues - Summary: Unsanitized inputs and unclear typing create SQL injection and type safety risks. - SQL injection risk from unsanitized ProjectId, objectiveId, riskId, Injection and data integrity risks from unsanitized business rules and form data, Type safety issues from object-typed variable 'riska'
Performance Issues - Summary: Optimize database queries and LINQ usage to prevent performance degradation. - Multiple sequential database queries without caching or optimization, Repeated LINQ methods on large collections causing slowdowns, Use of ToList() loading entire collections into memory, Nested enumeration in LINQ causing performance bottlenecks
Maintainability Issues - Summary: Refactor code to improve readability, reduce coupling, and replace magic strings with constants. - Use constants or enums instead of magic strings, Simplify complex LINQ queries with anonymous types, Reduce tight coupling by minimizing direct model method calls, Improve variable naming for clarity and correctness, Remove or replace empty or placeholder code blocks
UX Impact Notes - Summary: The method returns JSON that requires proper client handling to avoid UX issues. - JSON response impacts user experience if mishandled
Test Case Ideas - Summary: Verify correct JSON response, data filtering, aggregation, and performance under various conditions. - Handle empty collections gracefully - Process compensatory activities and objective activity risk controls correctly - Return JsonResult with valid parameters - Ensure performance and correctness with large datasets and LINQ queries - Return expected data structures for complex aggregated data - Prevent runtime errors from incorrect variable assignments
Dependencies & Called Services - Summary: Uses collections and interfaces for control, actor, and risk model management. - Collection types: List, ICollection, Enumerable, Interfaces: IActorModel, IControlModel, IRiskModel, Data types: Int32, String, ActivityActorArrow for actor representation
AddRiskActivity¶
Summary: Add a new risk activity to the project if it does not already exist and return the operation result.
JsonResult ControlsController.AddRiskActivity()
Routing
- HTTP:
POST - URL:
/Controls/AddRiskActivity
Detailed Analysis
Key Flows - Summary: Add a new risk activity to the project if it does not already exist and return the operation result. - Fetch existing project activities with GetObjectiveActivityByProj - Return JSON result indicating success or failure - Validate activity and objective IDs are positive and unique
Error Flows - Summary: Handle input conversion errors - and complete return statements. - Incomplete return statement causing errors
Security Issues - Summary: Directly using user input from Request.Form without validation risks SQL injection and data tampering. - Lack of input validation and sanitization, Exposure to SQL injection vulnerabilities, Risk of data tampering from untrusted input
Performance Issues - Summary: LINQ Any() on large project activity collections degrades performance. - Performance degradation with large datasets
Maintainability Issues - and complete return statements for maintainability. - Incomplete return statement risks errors
UX Impact Notes - Summary: Returning unclear JSON harms client-side processing and user experience. - Unclear JSON structure, Negative client-side handling impact, Degraded user experience
Test Case Ideas - Summary: Verify AddRiskActivity adds new activities correctly and returns valid JSON responses. - Call GetObjectiveActivityByProj with varied project settings - Return valid JSON response handled by client
Dependencies & Called Services - Summary: Uses Enumerable to convert IRiskModel collections. - Enumerable conversion, IRiskModel collection handling
ApplyLineOfControl¶
Summary: Process and synchronize pre-activities and compensatory activities with objective activity risk controls, updating the control model and managing session state.
JsonResult ControlsController.ApplyLineOfControl()
Routing
- HTTP:
POST - URL:
/Controls/ApplyLineOfControl
Detailed Analysis
Key Flows - Summary: Process and synchronize pre-activities and compensatory activities with objective activity risk controls, updating the control model and managing session state. - Add new compensatory activities and update control model
Error Flows - Summary: Handle JSON decoding and integer conversion errors to prevent runtime exceptions. - Lack of error handling for JSON decoding of request form data, Integer conversion without validation causing exceptions, Incomplete code risking runtime errors and unexpected behavior
Security Issues - Summary: Unvalidated Request.Form inputs create SQL injection and XSS vulnerabilities. - Unvalidated Request.Form inputs
Performance Issues - Summary: Optimize data processing and reduce costly operations inside loops to improve performance. - Loading entire datasets with ToList() causes memory and performance issues - Where) inside loops slow large dataset processing
Maintainability Issues - Summary: Improve code readability and flexibility by removing magic strings and unclear variable names. - Use of magic strings in Request.Form keys and control type identifiers, Tight coupling with controlModel and riskModel objects, Non-descriptive variable names like 'curreCompen'
UX Impact Notes - Summary: Method has no direct UX impact but security flaws can harm user trust. - No direct UX impact, Potential security vulnerabilities affecting user trust
Test Case Ideas - Summary: Test method behavior, conditional branches, data handling, and object additions under varied inputs. - Performance and correctness with large datasets - UpdateCompensatoryActivities with varied control models and data sizes
Dependencies & Called Services - Summary: ApplyLineOfControl uses collections and model interfaces for data processing. - Convert utility, Enumerable operations, ICollection interface, IControlModel interface, IRiskModel interface, List collection, String operations
RemoveLineOfControl¶
Summary: RemoveLineOfControl processes POST requests to remove control by Id and IdType, returning JSON success.
JsonResult ControlsController.RemoveLineOfControl()
Routing
- HTTP:
POST - URL:
/Controls/RemoveLineOfControl
Detailed Analysis
Key Flows - returning JSON success. - Return JSON result indicating success
Error Flows - allowing exceptions to propagate unhandled. - Unhandled exceptions during data conversion or removal
Security Issues - Summary: Direct user input conversion risks SQL injection and data tampering. - Lack of input validation, SQL injection vulnerability, Data tampering risk
Maintainability Issues - Summary: Replace magic strings with constants or enums to improve maintainability. - Use of magic strings for form field names, Lack of constants or enums for field names
Test Case Ideas - Summary: Verify RemoveLineOfControl handles POST requests - and returns JsonResult. - Return successful JsonResult - Handle HTTP POST request
Dependencies & Called Services - Summary: RemoveLineOfControl depends on converting IControlModel. - Convert IControlModel
OperationalizeControlsFromCE¶
Summary: The method processes valid inputs, sets session variables, and returns ControlConfiguration successfully.
ActionResult ControlsController.OperationalizeControlsFromCE(int? objId, int? ActId, string RiskId)
Routing
- HTTP:
GET - URL:
/Controls/OperationalizeControlsFromCE
Detailed Analysis
Key Flows - sets session variables - and returns ControlConfiguration successfully. - Set session variables - Return ControlConfiguration result
Security Issues - Summary: Validate input parameters to prevent session tampering and unauthorized access. - Input parameter validation, Prevent session tampering, Prevent unauthorized access
Maintainability Issues - Summary: Replace magic strings with constants to improve maintainability and prevent typos. - Use constants for session variable names, Avoid magic strings to reduce typo risk
Test Case Ideas - session variable setting - Handle HTTP GET request correctly - Set session variables with valid inputs
Dependencies & Called Services - Summary: OperationalizeControlsFromCE depends on Controls service. - Controls service dependency
OperationalizeControlsFromUC¶
Summary: The method sets session variables from optional IDs and calls ControlConfiguration with these parameters.
ActionResult ControlsController.OperationalizeControlsFromUC(int? objId, int? ActId, string RiskId, int? ProjId)
Routing
- HTTP:
GET - URL:
/Controls/OperationalizeControlsFromUC
Detailed Analysis
Key Flows - Summary: The method sets session variables from optional IDs and calls ControlConfiguration with these parameters. - Set session variables for ObjectiveId
Security Issues - Summary: No security issues identified in OperationalizeControlsFromUC method.
Maintainability Issues - Summary: Replace magic strings with constants or enums for better maintainability. - Magic strings for session variable names, Lack of constants or enums for session keys
Test Case Ideas - session variable assignment - Handle HTTP GET requests correctly - Set session variables ObjectiveId - Invoke ControlConfiguration with correct parameters after session setup
Dependencies & Called Services - Summary: OperationalizeControlsFromUC depends on Controls service. - Controls service dependency
Effectiveness¶
Summary: Retrieve and process project data to calculate control effectiveness metrics and filter results based on input parameters.
ActionResult ControlsController.Effectiveness(string ScreenFrom)
Routing
- HTTP:
GET - URL:
/Controls/Effectiveness
Cross-layer call chain - ControlsController.Effectiveness → Andromeda.Core.Entities.Activity.Clone - ControlsController.Effectiveness → Andromeda.Core.Services.ProcessExtensions.FindByID - ControlsController.Effectiveness → Andromeda.Core.Entities.Activity.TotalEffort - ControlsController.Effectiveness → Andromeda.Core.Entities.Activity.ReworkEffort
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_Activity_Clone["Andromeda.Core.Entities.Activity.Clone"]
Andromeda_Core_Entities_Activity_ReworkEffort["Andromeda.Core.Entities.Activity.ReworkEffort"]
Andromeda_Core_Entities_Activity_TotalEffort["Andromeda.Core.Entities.Activity.TotalEffort"]
Andromeda_Core_Services_ProcessExtensions_FindByID["Andromeda.Core.Services.ProcessExtensions.FindByID"]
ControlsController_Effectiveness["ControlsController.Effectiveness"]
ControlsController_Effectiveness --> Andromeda_Core_Entities_Activity_Clone
ControlsController_Effectiveness --> Andromeda_Core_Entities_Activity_ReworkEffort
ControlsController_Effectiveness --> Andromeda_Core_Entities_Activity_TotalEffort
ControlsController_Effectiveness --> Andromeda_Core_Services_ProcessExtensions_FindByID
View Metadata
- View:
Effectiveness(Andromeda.Web\Views\Controls\Effectiveness.cshtml)
Detailed Analysis
Key Flows - Summary: Retrieve and process project data to calculate control effectiveness metrics and filter results based on input parameters. - Calculate control effectiveness: rating counts, average ranks, minimum FTE - Retrieve project data: activities, actors, products, risks, control ratings, Group control ratings by risk activities and controls; compute average handling times, Filter and process data conditionally based on input parameters and control types
Error Flows - Summary: Error handling relies on higher-level mechanisms or is absent. - Lack of explicit exception handling, Dependence on higher-level error management
Security Issues - Summary: Prevent SQL injection by sanitizing projectId before database queries. - SQL injection risk from unsanitized projectId, Lack of input validation on projectId
Performance Issues - Summary: Excessive database queries and repeated LINQ operations degrade performance on large datasets. - Multiple LINQ Any() and Where() calls slowing execution on large datasets
Maintainability Issues - Summary: Complex LINQ, magic strings, anonymous types, tight coupling, and unclear naming reduce maintainability. - Complex and deeply nested LINQ queries reduce readability and maintainability, Use of magic strings increases error risk and maintenance difficulty, Anonymous types in LINQ queries complicate understanding and modifications, Tight coupling with specific methods reduces flexibility and hinders component replacement, Unclear and incomplete variable naming causes confusion, Incomplete code snippets and missing variable declarations hinder maintainability
UX Impact Notes - Summary: Input checks and data transformation directly affect user interface content. - Conditional input parameter checks affecting displayed data
Test Case Ideas - Summary: Verify data retrieval, metric calculations, dictionary initialization, data filtering, and ViewData population. - Calculate control effectiveness metrics with typical and edge data - Handle empty - Retrieve data from activities, actors, products, and risks, Initialize and populate actorEffort dictionary, Populate ViewData properties with transformed data, Filter and process data by business rules and rank thresholds - Validate GetMinFTEFromActivities minimum FTE calculation
Dependencies & Called Services - Summary: Uses core data types, collections, math utilities, and domain-specific models for processing. - Core data types (Int32, String), Collections and LINQ (Dictionary, Enumerable), Mathematical utilities (Math), Domain models (IActorModel, IControlModel, IProcessModel, IRiskModel, ISemanticSimilarity) - Process-related classes (Activity, Convert, ProcessExtensions)
ControlIdentification¶
Summary: Retrieve project data, update and insert objective controls, set view data and flags, and conditionally redirect.
ActionResult ControlsController.ControlIdentification()
Routing
- HTTP:
GET - URL:
/Controls/ControlIdentification
Cross-layer call chain - ControlsController.ControlIdentification → Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks - Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks → Andromeda.Core.DataManager.GetDataList
Call Chain Diagram¶
flowchart TD
Andromeda_Core_DataManager_GetDataList["Andromeda.Core.DataManager.GetDataList"]
Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks["Andromeda.Core.Entities.ObjectiveRisksMaster.GetRisks"]
ControlsController_ControlIdentification["ControlsController.ControlIdentification"]
Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks --> Andromeda_Core_DataManager_GetDataList
ControlsController_ControlIdentification --> Andromeda_Core_Entities_ObjectiveRisksMaster_GetRisks
View Metadata
- View:
ControlIdentification(Andromeda.Web\Views\Controls\ControlIdentification.cshtml) - Model:
IList<Andromeda.Core.Entities.ActivityGroup>
Detailed Analysis
Key Flows - update and insert objective controls - set view data and flags - and conditionally redirect. - Check actor count and redirect to ProcessCreation if conditions met - Fetch activity groups, product factors, risks, controls, and objective activities - Set flags for reviewed controls and retrieve configuration values for view rendering - Update objective controls with names
Error Flows - Summary: Fix incomplete code and add null checks to prevent compilation errors and runtime exceptions. - Missing return statements leading to undefined method outcomes - Null reference exceptions from unchecked collections
Security Issues - Summary: ControlIdentification exposes project ID without authentication or authorization checks. - Information disclosure risk, Lack of authentication, Lack of authorization
Performance Issues - Summary: Optimize database calls and LINQ usage to prevent performance degradation. - Unoptimized Count() on large datasets - FirstOrDefault on large collections without checks
Maintainability Issues - Summary: The method suffers from incomplete implementation, unclear naming, and complex code. - Incomplete method implementation with missing return statements and syntax errors
UX Impact Notes - Summary: Redirection and data handling affect user workflow and interface clarity. - Redirection to 'ProcessCreation' action impacts user workflow - ViewData properties indicate control review status in UI, Incomplete or incorrect data handling causes unexpected user experiences
Test Case Ideas - redirection - and flag settings under varied conditions. - Handling empty and large datasets for actors and controls - Accurate redirection to ProcessCreation based on conditions - Correctness of data retrieval and processing logic - Accurate setting of IsAnyoneAccReviewed flag based on control review - Performance with large datasets and multiple database calls - Expected behavior of variable assignments and conditional branches
Dependencies & Called Services - Summary: Uses collections, enums, interfaces, and domain models for control identification. - Dictionary, Enum, Enumerable, IActorModel, ICollection, IControlModel, IProcessModel, IProjectModel, IRiskModel, ObjectiveRisksMaster, String, TimeSpan
AddGroupActivities¶
Summary: Extract group and activities from request, update process status, and return success response.
JsonResult ControlsController.AddGroupActivities()
Routing
- HTTP:
POST - URL:
/Controls/AddGroupActivities
Detailed Analysis
Key Flows - update process status - and return success response. - Return JSON success response to client - Update process model reviewed status after insertion
Security Issues - Summary: Prevent SQL injection and deserialization vulnerabilities in AddGroupActivities. - SQL injection risk from unsanitized Request.Form values, Deserialization vulnerability in JSON decoding of activityList
Performance Issues - Summary: No performance issues identified in AddGroupActivities method.
Maintainability Issues - Summary: The method's tight coupling with model and registry reduces testability and maintainability. - Tight coupling with model, Tight coupling with registry, Reduced testability, Reduced maintainability
UX Impact Notes - Summary: Returning JSON results affects user flow on request failure. - JSON result return
Test Case Ideas - Summary: Verify AddGroupActivities handles POST requests - updates model and status - and returns JSON. - Return JSON result - Update reviewed status
Dependencies & Called Services - Summary: AddGroupActivities uses Convert, IProcessModel, and IRiskModel services. - Convert service, IProcessModel interface, IRiskModel interface
UpdateGroupActivities¶
Summary: UpdateGroupActivities processes a POST request to update group activities and their reviewed status in the database.
JsonResult ControlsController.UpdateGroupActivities()
Routing
- HTTP:
POST - URL:
/Controls/UpdateGroupActivities
Detailed Analysis
Key Flows - Summary: UpdateGroupActivities processes a POST request to update group activities and their reviewed status in the database. - Receive HTTP POST request, Extract group ID and activity list from form data - Update activity group in database - Update reviewed status for activity group
Error Flows - Summary: Validate and handle malformed input to prevent exceptions and update failures. - Lack of input validation for integer conversion, No exception handling for invalid or malformed input
Security Issues - Summary: Validate and sanitize user input to prevent SQL injection and data tampering. - Risk of SQL injection from unvalidated input
Performance Issues - Summary: Sequential multiple database updates degrade performance in UpdateGroupActivities. - Sequential multiple database updates
Maintainability Issues - Summary: Decoupling controller and model improves maintainability. - Tight coupling between controller and model
UX Impact Notes - Summary: Returning JsonResult requires proper client-side handling to maintain user flow. - JsonResult return type
Test Case Ideas - Summary: Verify UpdateGroupActivities handles POST requests and updates activity group and review status correctly. - Invoke method on HTTP POST request - Update activity group with valid data - Update reviewed status after activity update
Dependencies & Called Services - Summary: UpdateGroupActivities uses conversion and processing services for models. - Convert service, IProcessModel interface, IRiskModel interface
DeleteGroupActivities¶
Summary: DeleteGroupActivities deletes an activity group by groupId, updates project review status, and returns the result.
JsonResult ControlsController.DeleteGroupActivities()
Routing
- HTTP:
POST - URL:
/Controls/DeleteGroupActivities
Detailed Analysis
Key Flows - updates project review status - and returns the result. - Delete activity group by groupId - Return JsonResult with outcome - Update project reviewed status
Error Flows - Summary: DeleteGroupActivities lacks error handling for invalid input and deletion failures. - No exception handling for deletion or status update errors
Security Issues - Summary: Directly using user input for groupId causes SQL injection and data tampering risks. - Lack of validation or sanitization on groupId input, Direct conversion of user input to groupId, Potential SQL injection vulnerability, Risk of data tampering via unsanitized input
Performance Issues - Summary: No performance issues identified in DeleteGroupActivities method.
Maintainability Issues - Summary: The method reduces maintainability by using unexplained magic strings and numbers. - Use of unexplained magic strings, Lack of constants for key identifiers, Reduced code readability
UX Impact Notes - Summary: The method returns JSON; UX depends on client-side handling of the response. - JsonResult return type
Test Case Ideas - Summary: Verify DeleteGroupActivities enforces POST and correctly deletes groups with valid IDs. - Delete activity group with valid groupId - Enforce HTTP POST method for DeleteGroupActivities - Update reviewed status after deletion
Dependencies & Called Services - Summary: DeleteGroupActivities depends on Convert, IProcessModel, and IRiskModel services. - Convert service, IProcessModel interface, IRiskModel interface
AddCompensatoryControls¶
Summary: AddCompensatoryControls retrieves and updates project data, manages objectives and activities, associates risks, and returns operation status.
JsonResult ControlsController.AddCompensatoryControls()
Routing
- HTTP:
POST - URL:
/Controls/AddCompensatoryControls
Detailed Analysis
Key Flows - Summary: AddCompensatoryControls retrieves and updates project data - and returns operation status. - Create and save new objectives if absent - Decode risk data and create DISObjectiveInfo objects - Return JSON response with success status and group identifier - Update impact statuses for objectives and risks
Error Flows - Summary: Handle JSON deserialization errors - Null reference exceptions from unhandled null objects
Security Issues - Summary: Fix JSON deserialization, SQL injection, and string comparison vulnerabilities. - JSON deserialization vulnerability in Request.Form["Controls"], SQL injection risk in SaveObjective and EnterActivityForObjectivesIntoDB methods, Insecure use of string.Equals with StringComparison.InvariantCultureIgnoreCase, Risk from incomplete or corrupted code fragments
Performance Issues - Summary: Optimize database calls, loops, and data conversions to reduce performance overhead. - Multiple sequential database calls degrade performance, Nested loops with LINQ methods cause inefficient data processing, Repeated deserialization and conversions inside loops impact performance, Use of ToList() and ToArray() on large collections causes memory overhead, Contains method inside loops leads to O(n^2) complexity, Reinitializing collections inside loops causes unnecessary overhead
Maintainability Issues - Summary: Code uses unclear names, magic strings, incomplete snippets, and tight coupling, reducing maintainability. - Unused variables and incomplete assignments indicate dead or incomplete code
UX Impact Notes - Summary: Updates compensatory controls and returns operation status - Handle database and deserialization errors to prevent UX degradation - Return JSON response with success status and group identifiers - Update compensatory controls and impact statuses affecting user flows
Test Case Ideas - Summary: Verify correct creation, association, persistence, and error handling of objectives, activities, and risks. - Create new objectives when none exist - Handle varying GroupActivities counts - Invoke and handle errors in database operations for objectives and risks - Set correct impact statuses for objectives and risks - Return expected values for actOrGrpId and related variables - Validate JSON serialization output
Dependencies & Called Services - Summary: Utilizes collections, models, serialization, and conversion utilities for compensatory controls. - Enumerable utilities, Collection interfaces, Actor, Control, Impact, Risk models, JavaScript serialization, List and String types
DeleteAddObjectiveInfo¶
Summary: DeleteAddObjectiveInfo handles a POST request to fetch and return filtered risk control and compensatory activity data as JSON.
JsonResult ControlsController.DeleteAddObjectiveInfo()
Routing
- HTTP:
POST - URL:
/Controls/DeleteAddObjectiveInfo
Detailed Analysis
Key Flows - Summary: DeleteAddObjectiveInfo handles a POST request to fetch and return filtered risk control and compensatory activity data as JSON. - Fetch compensatory activities filtered by type and risk control IDs using LINQ - Handle HTTP POST request - Construct and return JSON response with processed data
Error Flows - Summary: The method lacks explicit handling for database connection and data retrieval errors. - Database connection errors, Data retrieval failures
Security Issues - Summary: Prevent SQL injection and protect sensitive data in JSON responses. - Sanitize user input to prevent SQL injection, Encrypt or protect sensitive data in JSON responses
Performance Issues - Summary: Excessive database queries and inefficient LINQ methods degrade performance. - Multiple database queries and LINQ operations degrade performance on large datasets
Maintainability Issues - Summary: Remove magic strings and simplify LINQ queries to improve code clarity and maintainability. - Use of magic strings reduces code clarity, Complex LINQ queries hinder readability
UX Impact Notes - Summary: Returns JSON to update user interface with relevant data. - Return JSON object - Update user interface
Test Case Ideas - Summary: Ensure DeleteAddObjectiveInfo handles POST requests - returns correct data - Handle database connection errors - Return correct and complete project data - Maintain performance with large datasets
Dependencies & Called Services - Summary: Uses collections, control and risk models, and string operations. - Enumerable collections, Control model interface, Risk model interface, String operations
SaveObjectiveControls¶
Summary: Manage activity groups, objective controls, and objectives by inserting, updating, or removing entries based on existence and type checks.
JsonResult ControlsController.SaveObjectiveControls()
Routing
- HTTP:
POST - URL:
/Controls/SaveObjectiveControls
Detailed Analysis
Key Flows - or removing entries based on existence and type checks. - Manage activity groups by checking existence - Process objectives by inserting or updating, and manage associated risks by adding new and removing obsolete
Error Flows - Summary: Handle deserialization - Incorrect conditional checks and syntax errors causing runtime or compilation failures
Security Issues - Summary: SaveObjectiveControls risks SQL injection, deserialization attacks, and unauthorized data access. - SQL injection and data tampering from unvalidated user input conversion - Unauthorized access and tampering from unchecked Registry.LoggedIn and user data
Performance Issues - Summary: Optimize database calls and LINQ usage to prevent performance bottlenecks with large data. - Multiple database calls in one method causing bottlenecks, Inefficient LINQ usage (Any, First, FirstOrDefault, Where, ToList) inside loops, Inefficient RemoveAll calls on large collections within loops, Nested Any calls and complex lambdas slowing performance on large data
Maintainability Issues - Summary: Refactor SaveObjectiveControls to improve clarity, naming, and modularity. - Combine data retrieval, processing, and persistence complicates maintenance and testing, Incomplete code snippets and syntax errors reduce readability, Magic strings decrease maintainability, Unclear and inconsistent variable names hinder understanding, Complex lambda expressions and conditionals impair readability, Unclear code fragments and comments reduce clarity, Use of custom non-standard methods without context confuses maintainers
UX Impact Notes - Summary: SaveObjectiveControls returns JsonResult affecting UI updates and error handling. - Bookmark and review status updates affect control review UI elements
Test Case Ideas - Summary: Test SaveObjectiveControls for data handling, CRUD operations, filtering, type processing, and performance. - Deserialize risk data and handle errors - Insert and update activity groups with existence checks - Evaluate performance with large datasets of controls - Process objectives by ObjectiveType with group assignments
Dependencies & Called Services - Summary: Uses collections, enums, and model interfaces for control and process management. - Collections: List, ICollection, Enumerable, Enums for type definitions, Model interfaces: IActorModel, IControlModel, IProcessModel, IRiskModel, String manipulation utilities, Control conversion utilities
SaveObjRiskActivities¶
Summary: Process POST request to update risk activities by deserializing data, mapping controls, and updating statuses.
JsonResult ControlsController.SaveObjRiskActivities()
Routing
- HTTP:
POST - URL:
/Controls/SaveObjRiskActivities
Detailed Analysis
Key Flows - Summary: Process POST request to update risk activities by deserializing data - Receive POST request with risk activities and objective ID, Convert objective ID to integer, Deserialize risk activities JSON to ObjectiveActivity list, Retrieve and filter objective controls by objective ID, Map risk activities to control activities, Retrieve compensatory activities for the objective - Update reviewed status of controls and risk control activities
Error Flows - Summary: Handle invalid input and database query failures during risk activities saving. - Invalid or malformed objective ID causes conversion errors, Invalid JSON in risk activities form causes deserialization failures, Uncaught database query failures retrieving controls or compensatory activities
Security Issues - Summary: Unvalidated input risks SQL injection and JSON deserialization vulnerabilities. - SQL injection risk from unvalidated Convert.ToInt32(Request.Form["ObjId"]) - JSON deserialization risk from unvalidated System.Web.Helpers.Json.Decode
Performance Issues - Summary: Multiple database queries degrade performance under heavy load or large data. - Multiple database queries, Performance degradation with large or heavily loaded database
Maintainability Issues - Summary: Replace magic strings with constants to improve maintainability and reduce errors. - Use of magic strings, Lack of constants for key identifiers
UX Impact Notes - Summary: Returns JSON with objective data and activities for dynamic UI updates. - Supports dynamic user interface updates
Test Case Ideas - Summary: Verify SaveObjRiskActivities handles POST requests and updates risk and control activities correctly. - Invoke SaveObjRiskActivities on HTTP POST, Map risk activities to control activities, Retrieve compensatory activities
Dependencies & Called Services - Summary: Uses control, process, and risk models with string conversion and enumerable operations. - Control models, Risk models, String conversion, Enumerable operations - Process models
MapControlRiskActivities¶
Summary: Retrieve and filter activities, update collections by adding or removing activities, then map risk controls automatically.
void ControlsController.MapControlRiskActivities(int objId, List<ObjectiveActivity> riskActivities, List<Arrow> loopingArrows, int projectId)
Routing
- URL:
/Controls/MapControlRiskActivities
Detailed Analysis
Key Flows - update collections by adding or removing activities - Delete unlinked activities using DeleteObjectiveActivity - Retrieve activities, controls, risks, and arrows by project and objective IDs, Filter activities not linked to risk activities, Add or remove activities from collections based on conditions, Map risk controls automatically with AutoMapRiskControlActivity
Performance Issues - Summary: Repeated LINQ Any calls and iterations degrade performance on large collections. - Repeated LINQ Any calls inside loops, Inefficient iteration over large ObjectiveActivity collections, Repeated operations on removeList causing performance degradation
Maintainability Issues - Summary: Refactor large method and complex calls to improve readability and reduce coupling. - Refactor extensive data retrieval into smaller methods, Extract lambda filters into separate methods, Avoid incomplete or truncated code snippets, Reduce parameter count in AutoMapRiskControlActivity calls, Decouple from DeleteObjectiveActivity and its parameters
UX Impact Notes - Summary: Large removeList causes user delays due to multiple activity removal calls. - User delays from large removeList, Multiple method calls per activity removal
Test Case Ideas - collection updates - Filtering logic excluding existing risk activities - Performance and correctness with large datasets
Dependencies & Called Services - Summary: Uses collections and domain models for actors, controls, processes, and risks. - Enumerable for collection operations, IActorModel domain interface, IControlModel domain interface, IProcessModel domain interface, IRiskModel domain interface, List collection type
MapRiskActivitytoControl¶
Summary: Map risk activities to controls by retrieving project data, filtering relevant items, applying new controls, and managing session state.
JsonResult ControlsController.MapRiskActivitytoControl()
Routing
- HTTP:
POST - URL:
/Controls/MapRiskActivitytoControl
Detailed Analysis
Key Flows - Summary: Map risk activities to controls by retrieving project data, filtering relevant items, applying new controls, and managing session state. - Fetch objective activity risks and identify objective IDs - Retrieve projectId and activityId from request, default to current project, Retrieve project activities, arrows, risks, and controls, Filter objective activities, risks, and controls by objective IDs, Map risk activities to controls via AutoMapRiskControlActivity, Decode and save new controls from JSON using SaveApplyControls, Manage session variables for selected activity IDs and types
Error Flows - Summary: Handle input validation - Missing or invalid projectId or activityId inputs without validation, Exceptions from malformed JSON deserialization of new controls, Runtime errors from incorrect session variable syntax
Security Issues - Summary: Validate inputs to prevent injection and deserialization vulnerabilities. - Lack of input validation before integer conversion risks SQL injection and data tampering, Unsafe JSON deserialization from request form risks code injection
Performance Issues - Summary: Repeated database queries and inefficient collection operations degrade performance. - Repeated database queries inside loops, Multiple calls to GetObjectiveControlsByProj and GetRiskControls without caching, Inefficient LINQ operations causing high memory usage, Excessive ToString calls and non-standard string methods impacting speed
Maintainability Issues - Summary: The method uses unclear coding practices and tight coupling, reducing maintainability and readability. - Potential misuse of bitwise AND instead of logical AND
UX Impact Notes - Summary: Handle input and session correctly to ensure consistent user feedback and experience. - Return JSON with activity details to provide user feedback - Handle invalid or missing input to prevent errors
Test Case Ideas - Summary: Verify data retrieval, processing, method calls, JSON output, and performance under load. - Integer conversion and replacement logic for IDs - Performance testing with large data sets
Dependencies & Called Services - Summary: Uses collections and interfaces to map risk activities to controls. - Enumerable for collection operations, IActorModel interface for actor data, IControlModel interface for control data, IRiskModel interface for risk data, Int32 for indexing or identifiers, List for storing collections
RemoveControlActivity¶
Summary: Extract form data, delete relevant objective controls and control activity, update control lists and statuses, handle group deletions, and update related project data.
JsonResult ControlsController.RemoveControlActivity()
Routing
- HTTP:
POST - URL:
/Controls/RemoveControlActivity
Detailed Analysis
Key Flows - update control lists and statuses - handle group deletions - and update related project data. - Delete relevant objective controls - Extract form data, Retrieve and filter objective controls, Remove control activity, Retrieve related project data, Auto-map risk control activities - Handle group-specific deletions - Update control lists - Update reviewed status
Error Flows - Summary: RemoveControlActivity risks exceptions from invalid input and null model references. - Lack of input validation causes invalid or malicious data errors, Null reference exception from null model in DeleteActivityGroup, Integer conversion throws exceptions on invalid or overflow inputs
Security Issues - Summary: Validate and sanitize user input to prevent SQL injection and data tampering. - Lack of input validation, Risk of SQL injection, Risk of data tampering
Performance Issues - Summary: Optimize data retrieval and reduce repeated method calls to improve performance. - High cost of Distinct() and ToList() on large datasets
Maintainability Issues - Summary: RemoveControlActivity uses unclear magic strings, complex expressions, and unclear variables, reducing maintainability. - Use named constants instead of magic strings like 'Id', 'IdType', 'Group', 'gArrows', 'ProjectId', 'PermisionModule.Controls', Avoid complex lambda expressions and long method call chains to improve code clarity, Fix typos and unmatched parentheses to ensure code completeness and readability, Reduce high dependency on multiple models and methods to simplify testing and maintenance, Define all variables clearly to enhance code understanding
Test Case Ideas - Summary: Verify control removal, filtering, related data retrieval, method calls, and performance impacts. - Remove control activity and update control lists - Call UpdateIsReviewedStatus with various parameters
Dependencies & Called Services - Summary: Uses collections and interfaces for actor, control, process, and risk models. - Enumerable utilities, List collection, String operations, IActorModel interface, IControlModel interface, IProcessModel interface, IRiskModel interface
GetObjectiveRisks¶
Summary: Retrieve and return risk IDs for a given objective ID or return an empty list if none provided.
JsonResult ControlsController.GetObjectiveRisks(int? objId)
Routing
- HTTP:
GET - URL:
/Controls/GetObjectiveRisks
Detailed Analysis
Key Flows - Summary: Retrieve and return risk IDs for a given objective ID or return an empty list if none provided. - Return associated risk IDs as JSON array - Return empty JSON list if objId not provided
Performance Issues - Summary: LINQ Where and Select cause performance degradation on large datasets. - Performance degradation processing large datasets
Maintainability Issues - Summary: Clarify variable naming and correct JSON request behavior string. - Unclear variable name 'ProjectId', Incorrect JSON request behavior string 'Allow' instead of 'AllowGet'
UX Impact Notes - Summary: Returning empty list without objective ID confuses clients. - Empty list return on missing objective ID
Test Case Ideas - Summary: Validate GetObjectiveRisks with valid and invalid objId inputs. - Valid objId retrieves and filters risk IDs correctly, Non-integer objId triggers input validation errors
Dependencies & Called Services - Summary: Uses Enumerable and IRiskModel interfaces for risk data processing. - Enumerable interface, IRiskModel interface
GetObjectiveControls¶
Summary: Fetch controls linked to a valid objective ID and return them as JSON.
JsonResult ControlsController.GetObjectiveControls(int? objId)
Routing
- HTTP:
GET - URL:
/Controls/GetObjectiveControls
Detailed Analysis
Key Flows - Summary: Fetch controls linked to a valid objective ID and return them as JSON. - Fetch risks filtered by objective ID - Return control data as JSON
Error Flows - Summary: Return empty JSON list if objId is null to prevent exceptions. - Return empty JSON list on missing objId
Security Issues - Summary: Ensure parameterized queries to prevent SQL injection in downstream methods. - SQL injection risk in GetObjRisksByProject, SQL injection risk in GetRiskControls, Need for proper query parameterization
Performance Issues - Summary: Reduce multiple database calls to improve performance. - Multiple database calls to GetObjRisksByProject, Multiple database calls to GetRiskControls, Multiple database calls to GetAllControls
Maintainability Issues - Summary: Replace hardcoded strings with constants to improve maintainability. - Use of hardcoded strings like 'ControlId' and 'ControlName', Lack of constants for repeated string values
UX Impact Notes - Summary: Returning JSON data enables client-side processing but empty results show no controls. - Returning JSON enables client-side processing
Test Case Ideas - Summary: Verify method returns empty list for project ID without risks or controls. - Method returns empty list
Dependencies & Called Services - Summary: Uses Enumerable for collection operations and IRiskModel for risk assessment. - Enumerable for collection handling, IRiskModel for risk evaluation
UpdateObjectiveRisks¶
Summary: Update objective risks by retrieving IDs, creating risk activity objects, adding risks, saving data, and refreshing control mappings.
JsonResult ControlsController.UpdateObjectiveRisks()
Routing
- HTTP:
POST - URL:
/Controls/UpdateObjectiveRisks
Detailed Analysis
Key Flows - Summary: Update objective risks by retrieving IDs - Save updated ObjectRiskActivities data
Error Flows - Summary: The method lacks explicit error handling for input conversion and database failures. - Missing input conversion error handling, No database query failure management
Security Issues - Summary: Prevent SQL injection by validating and sanitizing user input before database queries. - Direct user input conversion to integers without validation, Use of untrusted input in database queries risking SQL injection, Lack of input sanitization enabling data tampering
Performance Issues - Summary: Optimize database queries and collection processing to prevent slowdowns and memory issues. - Inefficient FirstOrDefault usage in large database queries, High memory and processing time for large risk ID collections, Memory leaks from improper dictionary management of objectivesId
Maintainability Issues - Summary: Replace magic strings and numbers with named constants to improve maintainability. - Use named constants instead of magic strings for form field names, Define and use constants for magic numbers like ProjectId
Test Case Ideas - and mapping in UpdateObjectiveRisks. - Retrieve objective and risk activity group from database, Save risk activity data with saveObjData - Update objRskAct.risks collection for various inputs - Update object control mapping with RefreshObjectControlMapping
Dependencies & Called Services - Summary: Uses collections and interfaces to manage and convert risk model data. - Controls management, Enumerable operations, ICollection interface usage, IRiskModel interface usage, List data structure, Data conversion utilities
UpdateControlCtrlType¶
Summary: Process POST parameters, update control types, group names, and objectives, then return JSON result.
JsonResult ControlsController.UpdateControlCtrlType()
Routing
- HTTP:
POST - URL:
/Controls/UpdateControlCtrlType
Detailed Analysis
Key Flows - update control types - then return JSON result. - Return JSON result with update status - Update control activity control types if CIds is not empty - Update group name if IdType equals 'Group' - Update controls for each objective
Error Flows - Summary: Validate user input before integer conversion to prevent exceptions and ensure complete error handling. - Lack of input validation before integer conversion causing exceptions, Incomplete error handling due to missing or partial context
Security Issues - Summary: Direct conversion of user input to integers risks SQL injection and data tampering. - Lack of input validation before integer conversion, Risk of SQL injection, Risk of data tampering
Performance Issues - Summary: Optimize database queries and data handling to improve performance. - Uncached multiple database queries degrade performance, Use of ToList() causes unnecessary full list loading, Inefficient iteration over large objectives collection
Maintainability Issues - Summary: Magic strings and fragmented code reduce code clarity and maintainability. - Use of magic strings for request form parameters, Incomplete and fragmented code snippets
UX Impact Notes - Summary: Updating group name changes user view and interaction with control. - Group name update affects user interaction
Test Case Ideas - Summary: Test UpdateControlCtrlType for correct data handling - conditional logic - Conditional updates with empty and non-empty CIds collections - Group name updates based on IdType equality to 'Group' - UpdateGroupName method with diverse inputs - UpdateObjectiveControls behavior with varied ObjectiveID
Dependencies & Called Services - Summary: Uses conversion and enumeration utilities with control and risk models and strings. - Conversion utilities, Enumeration utilities, Control model interface, Risk model interface, String operations
ObjectiveRiskTypes¶
Summary: Retrieve and group risks by type for a given objId, then return the view with risk data.
ActionResult ControlsController.ObjectiveRiskTypes(int? objId)
Routing
- HTTP:
GET - URL:
/Controls/ObjectiveRiskTypes
View Metadata
- View:
ObjectiveRiskTypes(Andromeda.Web\Views\Controls\ObjectiveRiskTypes.cshtml)
Detailed Analysis
Key Flows - then return the view with risk data. - Return view with risk data and risk IDs
Performance Issues - Summary: Optimize risk retrieval by filtering before grouping to improve performance. - Inefficient retrieval of all risks before grouping, Need to filter risks prior to grouping
Maintainability Issues - Summary: Replace magic variable 'Registry.CurrentProjectId' with a named constant or configurable value. - Use of magic variable 'Registry.CurrentProjectId', Replace with named constant or configurable value
UX Impact Notes - Summary: Display empty list when objective ID is missing. - Empty list shown without objective ID
Test Case Ideas - Summary: Verify method returns correct risk data and IDs grouped by risk type for valid objId. - Return correct risk data for valid objId
Dependencies & Called Services - Summary: Uses Enumerable and IRiskModel interfaces for risk type operations. - Enumerable interface usage, IRiskModel interface usage
ObjectiveControlActivities¶
Summary: Return empty view if no IDs; otherwise, retrieve and filter activities, controls, and compensatory controls by IDs and project.
ActionResult ControlsController.ObjectiveControlActivities(int? objId, int? ctrlId, string ActType)
Routing
- HTTP:
GET - URL:
/Controls/ObjectiveControlActivities
View Metadata
- View:
ObjectiveControlActivities(Andromeda.Web\Views\Controls\ObjectiveControlActivities.cshtml) - Model:
Tuple<IList<Andromeda.Core.Entities.ControlTheRisks>, string>
Detailed Analysis
Key Flows - Summary: Return empty view if no IDs; otherwise - Check existence of compensatory activities for control and project IDs - Return empty view if objId and ctrlId are missing - Assign group or activity control name to ViewData based on ctrlId - Return tuple of all controls and compensatory controls string
Error Flows - Summary: The method handles missing IDs and null objects to prevent errors but contains incomplete code risking failures. - Return empty list if objId and ctrlId are missing - Perform null checks on objControls and IsExists to avoid NullReferenceExceptions
Security Issues - Summary: Unused variable 'trolId' indicates incomplete code that risks security vulnerabilities. - Unused variable 'trolId' indicating incomplete code, Incomplete code risking security vulnerabilities
Performance Issues - Summary: FirstOrDefault usage causes inefficient queries in retrieving activities and controls. - Inefficient queries from FirstOrDefault usage, Performance impact on retrieving compensatory activities, Performance impact on retrieving objective controls
Maintainability Issues - Summary: Inconsistent naming, incomplete code, unused variables, and unexplained magic numbers reduce maintainability. - Inconsistent and unclear variable naming conventions, Incomplete if statements and partial code snippets, Unused variables cluttering the code, Magic numbers and variables without clear explanation
UX Impact Notes - Summary: Empty views and incorrect control names degrade user experience and clarity. - Empty view with no objId or ctrlId shows empty content, Incorrect or missing control names in ViewData confuse users, Correct control names in ViewData improve clarity
Test Case Ideas - Summary: Verify method returns correct views and data based on objId - Return empty list view when objId and ctrlId are absent - Assign correct activity control name to ViewData for valid ctrlId - Ensure GetObjectiveControlsByProj returns expected results and filters by ctrlId - Validate conditional logic for different ActType values
Dependencies & Called Services - Summary: Uses collections and interfaces for control and risk models with string identifiers. - Enumerable collections, IControlModel interface, IRiskModel interface, String identifiers
RemoveEmptyGroup¶
Summary: RemoveEmptyGroup deletes all objective controls linked to a group, removes the group, and updates project status.
JsonResult ControlsController.RemoveEmptyGroup()
Routing
- HTTP:
POST - URL:
/Controls/RemoveEmptyGroup
Detailed Analysis
Key Flows - and updates project status. - Fetch all project objective controls - Parse group ID from request, Filter controls by group ID and 'IdType' equals 'Group', Collect objective IDs and delete each filtered control, Invoke RemoveControl for the group, Invoke DeleteActivityGroup for the project - Update project's reviewed status
Error Flows - Summary: Lack of error handling and transaction management risks exceptions and data inconsistency. - No error handling for invalid or missing group ID causing exceptions, Multiple database calls without transaction management risking inconsistent state
Security Issues - Summary: Validate and sanitize user input to prevent SQL injection and data tampering. - Potential data tampering via unvalidated user input
Performance Issues - Summary: Avoid inefficient list materialization and unbatched database deletes to improve performance. - Inefficient ToList() calls on large result sets
Maintainability Issues - Summary: Fix incomplete code, reduce tight coupling, and improve string comparison method. - Incomplete or typo code causing compilation errors, Tight coupling with multiple methods and classes hindering maintainability, Use culture-agnostic string comparison instead of InvariantCultureIgnoreCase
UX Impact Notes - Summary: Users face delays and errors from unhandled database call failures. - Lack of error handling for database calls, Absence of transaction management causing delays and errors
Test Case Ideas - Summary: Verify RemoveEmptyGroup filters, processes, and deletes objective controls correctly and efficiently. - Fetch correct objective controls for current project - Handle empty objective controls without deletions - Call UpdateIsReviewedStatus with correct parameters - Ensure performance with large objective control sets
Dependencies & Called Services - Summary: RemoveEmptyGroup uses collections and model interfaces for data processing. - Enumerable for collection operations, IControlModel interface, IProcessModel interface, IRiskModel interface, List collection, String type, Convert utility
SaveControlPatterninDB¶
Summary: SaveControlPatterninDB validates input, updates the database, and returns JSON success or error responses.
JsonResult ControlsController.SaveControlPatterninDB()
Routing
- HTTP:
POST - URL:
/Controls/SaveControlPatterninDB
Cross-layer call chain - ControlsController.SaveControlPatterninDB → Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone - ControlsController.SaveControlPatterninDB → Andromeda.Validation.ProcessMapValidation.Validate - ControlsController.SaveControlPatterninDB → Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone - ControlsController.SaveControlPatterninDB → Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities
Call Chain Diagram¶
flowchart TD
Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone["Andromeda.Core.Entities.EdgeInfo.EdgeEntityClone"]
Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone["Andromeda.Core.Entities.ShapeInfo.ShapeEntityClone"]
Andromeda_Validation_ProcessMapValidation_Validate["Andromeda.Validation.ProcessMapValidation.Validate"]
Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities["Andromeda.Validation.ProcessMapValidation.ValidateOutProcessActivities"]
ControlsController_SaveControlPatterninDB["ControlsController.SaveControlPatterninDB"]
ControlsController_SaveControlPatterninDB --> Andromeda_Core_Entities_EdgeInfo_EdgeEntityClone
ControlsController_SaveControlPatterninDB --> Andromeda_Core_Entities_ShapeInfo_ShapeEntityClone
ControlsController_SaveControlPatterninDB --> Andromeda_Validation_ProcessMapValidation_Validate
ControlsController_SaveControlPatterninDB --> Andromeda_Validation_ProcessMapValidation_ValidateOutProcessActivities
Detailed Analysis
Key Flows - Summary: SaveControlPatterninDB validates input - updates the database - and returns JSON success or error responses. - Return success JSON on completion - Return empty JSON if project ID invalid - Return error JSON with validation errors - Update simulation cart data - Validate positive project ID - Validate process map with error checking
Error Flows - Summary: Handle invalid project ID and validation errors with JSON error responses. - Return empty JSON if Registry.CurrentProjectId is invalid - Return JSON with error details for process map or activity validation failures
Security Issues - Summary: The method lacks input validation, risking SQL injection, XSS, and XML injection. - No input validation or sanitization on form data, SQL injection risk from direct data conversion, XSS vulnerability from unsanitized string inputs, XML injection risk from unsanitized XML element construction
Performance Issues - Summary: Optimize data retrieval and processing to prevent performance degradation with large datasets. - Inefficient use of FirstOrDefault on large datasets
Maintainability Issues - Summary: Method name misleads; unclear variables and magic strings reduce maintainability. - Misleading method name without database operations, Excessive use of magic strings, Unclear and inconsistent variable names, Tight coupling with ProcessMapValidation class, Implicit conversions and magic numbers without culture/format specification, Unused variables and incomplete code fragments
UX Impact Notes - Summary: Return JSON responses require clear client-side handling to inform users of errors. - Validation errors returned as JSON inform users of issues - JsonResult return demands proper client-side handling for good UX
Test Case Ideas - Summary: Validate JSON handling - Handle empty and large collections for shapes and edges to test performance and correctness - Return JsonResult on valid HTTP POST - Return empty JSON if CurrentProjectId <= 0 - Call and handle errors from ProcessMapValidation.Validate and ValidateOutProcessActivities - Return JSON with isSuccess false and error details on validation failure - Test conditional logic for ObjectiveId - Assign re.PatternXML and call InsertSimulationCartData and Encode methods - Insert data into database and return successful JSON response
Dependencies & Called Services - Summary: Uses data structures, XML processing, and domain models for control pattern saving. - Data structures: List, Enumerable, Int32, String, XML processing: XContainer, XNode, Domain models: EdgeInfo, ShapeInfo, IActorModel, IRiskModel, Convert utility - ProcessMapValidation service
ControlPatternInputData¶
Summary: Filter controls and activities by input parameters, update activity details, and prepare data for rendering.
ActionResult ControlsController.ControlPatternInputData(int ObjId, string RskID, int ActID, string CtrlID)
Routing
- URL:
/Controls/ControlPatternInputData
View Metadata
- View:
ControlPatternInputData(Andromeda.Web\Views\Controls\ControlPatternInputData.cshtml)
Detailed Analysis
Key Flows - update activity details - Filter activity risk controls by input parameters and control IDs, Retrieve compensatory activity IDs and filter activities, Populate ViewData with arrows, control pattern acts, and actors - Update filtered activities and collect control pattern act details
Performance Issues - Summary: Optimize collection filtering and database queries to prevent performance degradation. - Unnecessary full dataset loading due to ToList()
Maintainability Issues - Summary: The method's tight coupling, unclear naming, complex expressions, and commented-out code reduce maintainability. - Tight coupling with Registry and model classes, Unrelated method call 'ist()' causing confusion, Complex lambda expression in FirstOrDefault(), Non-descriptive variable names like 'Acts', 'CompIds', 'ProcessActivities', Commented-out code indicating incomplete or abandoned code, Incomplete code lacking context, Complex tuple with multiple parameters reducing readability
Test Case Ideas - property updates - Handle multiple control IDs correctly - Handle empty CompIds list - Return correct compensatory activity IDs - Return correct activity from FirstOrDefault() - Assign ctId from current activity ProductId - Process multiple matching ActivityID values - Update act.Volume to default if <= 0 - Update act.AvgHandlingTime to default if <= 0 - Validate LINQ query results
Dependencies & Called Services - Summary: Uses collections and interfaces for control, process, and risk modeling. - Enumerable collection, IControlModel interface, IProcessModel interface, IRiskModel interface, List collection, String type, TimeSpan type
GetControlRiskActivitiesBR¶
Summary: Fetch and filter project-related activities and controls, then group and associate them with business rules and metadata for JSON output.
JsonResult ControlsController.GetControlRiskActivitiesBR()
Routing
- HTTP:
GET - URL:
/Controls/GetControlRiskActivitiesBR
Detailed Analysis
Key Flows - Summary: Fetch and filter project-related activities and controls, then group and associate them with business rules and metadata for JSON output. - Retrieve project ID and related datasets
Error Flows - Summary: The method lacks explicit exception handling for database and null reference errors. - Missing explicit exception handling, Unmanaged database retrieval errors, Unprotected null reference access
Security Issues - Summary: No direct security issues found in the analyzed method.
Performance Issues - Summary: Optimize LINQ queries to reduce database calls and improve filtering on large collections. - Inefficient use of 'Contains' in LINQ on large collections, Multiple ToList() and FirstOrDefault() calls causing extra queries and memory use, Performance impact filtering large activityGroups and activityProperties collections
Maintainability Issues - Summary: Refactor method to improve clarity, remove incomplete code, and replace magic strings with constants. - Anonymous objects for return values hinder code understanding
Test Case Ideas - Summary: Verify method returns correct - Check presence and absence of BusinessRule in activityProperties - Handle empty compensatory activities list - Handle database calls returning no or partial data - Return expected data for valid compensatory activities and risk controls - Return correctly structured JSON with expected properties - Validate behavior for different ca.Key.IdType values
Dependencies & Called Services - Summary: Uses models and collections to manage control risk activities. - Enumerable utilities, Control model interface, Risk model interface, List collection, String type - Process model interface