def test_AA04(self): web = Server("Web Server") web.implementsServerSideValidation = False web.providesIntegrity = False web.authorizesSource = False threat = threats["AA04"] self.assertTrue(threat.apply(web))
def test_AC09(self): web = Server("Web Server") web.hasAccessControl = False web.authorizesSource = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC09")) self.assertTrue(ThreatObj.apply(web))
def test_AC10(self): web = Server("Web Server") web.usesLatestTLSversion = False web.implementsAuthenticationScheme = False web.authorizesSource = False threat = threats["AC10"] self.assertTrue(threat.apply(web))
def test_AA04(self): web = Server("Web Server") web.implementsServerSideValidation = False web.providesIntegrity = False web.authorizesSource = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AA04")) self.assertTrue(ThreatObj.apply(web))
def test_AC10(self): web = Server("Web Server") web.usesLatestTLSversion = False web.implementsAuthenticationScheme = False web.authorizesSource = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC10")) self.assertTrue(ThreatObj.apply(web))
def test_AC05(self): process1 = Process("Process1") web = Server("Web Server") process1.providesIntegrity = False process1.authorizesSource = False web.providesIntegrity = False web.authorizesSource = False threat = threats["AC05"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web))
def test_AC05(self): process1 = Process("Process1") web = Server("Web Server") process1.providesIntegrity = False process1.authorizesSource = False web.providesIntegrity = False web.authorizesSource = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC05")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web))
def test_AC10(self): user = Actor("User") web = Server("Web Server") web.minTLSVersion = TLSVersion.TLSv11 web.implementsAuthenticationScheme = False web.authorizesSource = False user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTPS" user_to_web.isEncrypted = True user_to_web.tlsVersion = TLSVersion.SSLv3 web.inputs = [user_to_web] threat = threats["AC10"] self.assertTrue(threat.apply(web))
def test_AC01(self): web = Server("Web Server") process1 = Process("Process1") db = Datastore("DB") web.hasAccessControl = False web.authorizesSource = True process1.hasAccessControl = False process1.authorizesSource = False db.hasAccessControl = False db.authorizesSource = False threat = threats["AC01"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web)) self.assertTrue(threat.apply(db))
def test_AC01(self): web = Server("Web Server") process1 = Process("Process1") db = Datastore("DB") web.hasAccessControl = False web.authorizesSource = True process1.hasAccessControl = False process1.authorizesSource = False db.hasAccessControl = False db.authorizesSource = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC01")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web)) self.assertTrue(ThreatObj.apply(db))
def test_AC09(self): web = Server("Web Server") web.hasAccessControl = False web.authorizesSource = False threat = threats["AC09"] self.assertTrue(threat.apply(web))
internet = Boundary("Internet") server_db = Boundary("Server/DB") server_db.levels = [2] vpc = Boundary("AWS VPC") user = Actor("User") user.inBoundary = internet user.levels = [2] web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False web.sourceFiles = ["pytm/json.py", "docs/template.md"] db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True db.maxClassification = Classification.RESTRICTED db.levels = [2] secretDb = Datastore("Real Identity Database") secretDb.OS = "CentOS" secretDb.sourceFiles = ["pytm/pytm.py"] secretDb.isHardened = True