def test_INP40(self):
process1 = Process("Process")
process1.allowsClientSideScripting = True
process1.sanitizesInput = False
process1.validatesInput = False
threat = threats["INP40"]
self.assertTrue(threat.apply(process1))
def test_INP31(self):
process1 = Process("Process")
process1.validatesInput = False
process1.sanitizesInput = False
process1.usesParameterizedInput = False
threat = threats["INP31"]
self.assertTrue(threat.apply(process1))
def test_INP32(self):
process1 = Process("Process")
process1.validatesInput = False
process1.sanitizesInput = False
process1.encodesOutput = False
threat = threats["INP32"]
self.assertTrue(threat.apply(process1))
def test_INP35(self):
process1 = Process("Process")
process1.validatesInput = False
process1.sanitizesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP35"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP23(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.sanitizesInput = False
process1.validatesInput = False
threat = threats["INP23"]
self.assertTrue(threat.apply(process1))
def test_INP40(self):
process1 = Process("Process")
process1.allowsClientSideScripting = True
process1.sanitizesInput = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP40"))
self.assertTrue(ThreatObj.apply(process1))
def test_DE02(self):
web = Server("Web Server")
process1 = Process("Process1")
web.validatesInput = False
web.sanitizesInput = False
process1.validatesInput = False
process1.sanitizesInput = False
threat = threats["DE02"]
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(process1))
def test_INP26(self):
process1 = Process("Process")
lambda1 = Lambda("lambda")
process1.validatesInput = False
process1.sanitizesInput = False
lambda1.validatesInput = False
lambda1.sanitizesInput = False
threat = threats["INP26"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_DE02(self):
web = Server("Web Server")
process1 = Process("Process1")
web.validatesInput = False
web.sanitizesInput = False
process1.validatesInput = False
process1.sanitizesInput = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DE02"))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(process1))
def test_LB01(self):
process1 = Process("Process1")
process1.implementsAPI = True
process1.validatesInput = False
process1.sanitizesInput = False
lambda1 = Lambda("Lambda1")
lambda1.implementsAPI = True
lambda1.validatesInput = False
lambda1.sanitizesInput = False
threat = threats["LB01"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_INP01(self):
lambda1 = Lambda("mylambda")
process1 = Process("myprocess")
lambda1.usesEnvironmentVariables = True
lambda1.sanitizesInput = False
lambda1.checksInputBounds = False
process1.usesEnvironmentVariables = True
process1.sanitizesInput = False
process1.checksInputBounds = False
threat = threats["INP01"]
self.assertTrue(threat.apply(lambda1))
self.assertTrue(threat.apply(process1))
def test_INP29(self):
web = Server("Web Server")
process1 = Process("Process")
web.validatesInput = False
web.sanitizesInput = False
web.encodesOutput = False
process1.validatesInput = False
process1.sanitizesInput = False
process1.encodesOutput = False
threat = threats["INP29"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
def test_LB01(self):
process1 = Process("Process1")
process1.implementsAPI = True
process1.validatesInput = False
process1.sanitizesInput = False
lambda1 = Lambda("Lambda1")
lambda1.implementsAPI = True
lambda1.validatesInput = False
lambda1.sanitizesInput = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "LB01"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(lambda1))
def test_INP01(self):
lambda1 = Lambda('mylambda')
process1 = Process('myprocess')
lambda1.usesEnvironmentVariables = True
lambda1.sanitizesInput = False
lambda1.checksInputBounds = False
process1.usesEnvironmentVariables = True
process1.sanitizesInput = False
process1.checksInputBounds = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP01"))
self.assertTrue(ThreatObj.apply(lambda1))
self.assertTrue(ThreatObj.apply(process1))
def test_INP08(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
web = Server("Web Server")
process1.validatesInput = False
process1.sanitizesInput = False
lambda1.validatesInput = False
lambda1.sanitizesInput = False
web.validatesInput = False
web.sanitizesInput = False
threat = threats["INP08"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
self.assertTrue(threat.apply(web))
def test_INP08(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
web = Server("Web Server")
process1.validatesInput = False
process1.sanitizesInput = False
lambda1.validatesInput = False
lambda1.sanitizesInput = False
web.validatesInput = False
web.sanitizesInput = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP08"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(lambda1))
self.assertTrue(ThreatObj.apply(web))
