def test_HA03(self): web = Server("Web Server") web.validatesHeaders = False web.encodesOutput = False web.isHardened = False threat = threats["HA03"] self.assertTrue(threat.apply(web))
def test_SC04(self): web = Server("Web Server") web.sanitizesInput = False web.validatesInput = False web.encodesOutput = False threat = threats["SC04"] self.assertTrue(threat.apply(web))
def test_INP18(self): web = Server("Web Server") web.sanitizesInput = False web.encodesOutput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP18")) self.assertTrue(ThreatObj.apply(web))
def test_SC02(self): web = Server("Web Server") web.validatesInput = False web.encodesOutput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "SC02")) self.assertTrue(ThreatObj.apply(web))
def test_HA03(self): web = Server("Web Server") web.validatesHeaders = False web.encodesOutput = False web.isHardened = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "HA03")) self.assertTrue(ThreatObj.apply(web))
def test_INP29(self): web = Server("Web Server") process1 = Process("Process") web.validatesInput = False web.sanitizesInput = False web.encodesOutput = False process1.validatesInput = False process1.sanitizesInput = False process1.encodesOutput = False threat = threats["INP29"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web))
def test_INP29(self): web = Server("Web Server") process1 = Process("Process") web.validatesInput = False web.sanitizesInput = False web.encodesOutput = False process1.validatesInput = False process1.sanitizesInput = False process1.encodesOutput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP29")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web))
def test_exclude_threats_ignore(self): random.seed(0) TM.reset() excluded_threat = "INP03" remaining_threat = "AA01" TM._threatsExcluded = [excluded_threat] tm = TM("my test tm", description="aaa") web = Server("Web") web.sanitizesInput = False web.encodesOutput = False self.assertTrue(threats[excluded_threat].apply(web)) self.assertTrue(threats[remaining_threat].apply(web)) tm.resolve() self.assertNotIn(excluded_threat, [t.threat_id for t in tm.findings]) self.assertIn(remaining_threat, [t.threat_id for t in tm.findings])
def test_INP18(self): web = Server("Web Server") web.sanitizesInput = False web.encodesOutput = False threat = threats["INP18"] self.assertTrue(threat.apply(web))
def test_INP03(self): web = Server('Web') web.sanitizesInput = False web.encodesOutput = False threat = threats["INP03"] self.assertTrue(threat.apply(web))
tm.mergeResponses = True internet = Boundary("Internet") server_db = Boundary("Server/DB") server_db.levels = [2] vpc = Boundary("AWS VPC") user = Actor("User") user.inBoundary = internet user.levels = [2] web = Server("Web Server") web.OS = "Ubuntu" web.isHardened = True web.sanitizesInput = False web.encodesOutput = True web.authorizesSource = False web.sourceFiles = ["pytm/json.py", "docs/template.md"] db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = server_db db.isSQL = True db.inScope = True db.maxClassification = Classification.RESTRICTED db.levels = [2] secretDb = Datastore("Real Identity Database") secretDb.OS = "CentOS" secretDb.sourceFiles = ["pytm/pytm.py"]
user = Actor("User/Browser") user.inBoundary = machine apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True server = Server("Apps Server") server.inBoundary = apps_vpc server.isHardened = True server.hasAccessControl = True server.encodesOutput = True db = Datastore("MySQL DB") db.isHardened = True db.hasAccessControl = True db.inBoundary = apps_vpc db.inBoundary = rds_boundary db.isSQL = True db.inScope = True db.onAWS = True db.isShared = True db.storesSensitiveData = False redis = Datastore("Redis") redis.isHardened = True redis.inBoundary = apps_vpc