Beispiel #1
0
 def test_SC03(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     web.hasAccessControl = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "SC03"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #2
0
 def test_INP17(self):
     web = Server("Web Server")
     web.validatesContentType = False
     web.invokesScriptFilters = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP17"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #3
0
 def test_AC16(self):
     web = Server("web")
     web.usesStrongSessionIdentifiers = False
     web.encryptsCookies = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC16"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #4
0
 def test_HA03(self):
     web = Server("Web Server")
     web.validatesHeaders = False
     web.encodesOutput = False
     web.isHardened = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "HA03"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #5
0
 def test_DO03(self):
     user = Actor("User")
     web = Server("Web Server")  
     user_to_web = Dataflow(user, web, "User enters comments (*)")
     user_to_web.data = 'XML' 
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DO03"))
     self.assertTrue(ThreatObj.apply(user_to_web))
Beispiel #6
0
 def test_CR04(self):
     web = Server("Web Server")
     web.usesSessionTokens = True
     web.implementsNonce = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "CR04"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #7
0
 def test_SC02(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.encodesOutput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC02"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #8
0
 def test_INP15(self):
     web = Server("Web Server")
     web.protocol = 'IMAP'
     web.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP15"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #9
0
 def test_AC06(self):
     web = Server("Web Server")
     web.isHardened = False
     web.hasAccessControl = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC06"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #10
0
 def test_HA01(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "HA01"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #11
0
 def test_SC01(self):
     process1 = Process("Process1")
     process1.implementsNonce = False
     process1.data = 'JSON'
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC01"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #12
0
 def test_SC05(self):
     web = Server("Web Server")
     web.providesIntegrity = False
     web.usesCodeSigning = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC05"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #13
0
 def test_INP04(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.validatesHeaders = False
     web.protocol = 'HTTP'
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP04"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #14
0
 def test_DE04(self):
     data = Datastore("DB")
     data.validatesInput = False
     data.implementsPOLP = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "DE04"))
     self.assertTrue(ThreatObj.apply(data))
Beispiel #15
0
 def test_AC09(self):
     web = Server("Web Server")
     web.hasAccessControl = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC09"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #16
0
 def test_INP18(self):
     web = Server("Web Server")
     web.sanitizesInput = False
     web.encodesOutput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP18"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #17
0
 def test_INP35(self):
     process1 = Process("Process")
     process1.validatesInput = False
     process1.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP35"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #18
0
 def test_AC13(self):
     process1 = Process("Process")
     process1.hasAccessControl = False
     process1.implementsPOLP = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC13"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #19
0
 def test_INP22(self):
     web = Server("Web Server")
     web.usesXMLParser = False
     web.disablesDTD = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP22"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #20
0
 def test_AC21(self):
     process1 = Process("Process")
     process1.implementsCSRFToken = False
     process1.verifySessionIdentifiers = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC21"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #21
0
 def test_INP37(self):
     web = Server("web")
     web.implementsStrictHTTPValidation = False
     web.encodesHeaders = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP37"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #22
0
 def test_AC14(self):
     process1 = Process("Process")
     process1.implementsPOLP = False
     process1.usesEnvironmentVariables = False
     process1.validatesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC14"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #23
0
 def test_DO05(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     web.usesXMLParser = True
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "DO05"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #24
0
 def test_AA04(self):
     web = Server("Web Server")
     web.implementsServerSideValidation = False
     web.providesIntegrity = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AA04"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #25
0
 def test_AC10(self):
     web = Server("Web Server")
     web.usesLatestTLSversion = False
     web.implementsAuthenticationScheme = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC10"))
     self.assertTrue(ThreatObj.apply(web))
Beispiel #26
0
 def test_INP40(self):
     process1 = Process("Process")
     process1.allowsClientSideScripting = True
     process1.sanitizesInput = False
     process1.validatesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP40"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #27
0
 def test_AA02(self):
     web = Server("Web Server")
     process1 = Process("process")
     web.authenticatesSource = False
     process1.authenticatesSource = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AA02"))
     self.assertTrue(ThreatObj.apply(web))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #28
0
 def test_AC20(self):
     process1 = Process("Process")
     process1.definesConnectionTimeout = False
     process1.usesMFA = False
     process1.encryptsSessionData = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC20"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #29
0
 def test_AC18(self):
     process1 = Process("Process")
     process1.usesStrongSessionIdentifiers = False
     process1.encryptsCookies = False
     process1.definesConnectionTimeout = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC18"))
     self.assertTrue(ThreatObj.apply(process1))
Beispiel #30
0
 def test_AA03(self):
     web = Server("Web Server")
     web.providesIntegrity = False
     web.authenticatesSource = False
     web.usesStrongSessionIdentifiers = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AA03"))
     self.assertTrue(ThreatObj.apply(web))