def test_DR01(self): web = Server("Web Server") db = Datastore("Database") insert = Dataflow(web, db, "Insert query") insert.data = Data("ssn", isPII=True, isStored=True) insert.isEncrypted = False threat = threats["DR01"] self.assertTrue(threat.apply(insert))
def test_DE01(self): user = Actor("User") web = Server("Web Server") user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.isEncrypted = False threat = threats["DE01"] self.assertTrue(threat.apply(user_to_web))
def test_DE01(self): user = Actor("User") web = Server("Web Server") user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = 'HTTP' user_to_web.isEncrypted = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DE01")) self.assertTrue(ThreatObj.apply(user_to_web))
def test_AC05(self): process1 = Process("Process1") web = Server("Web Server") process1.authenticatesDestination = False proc_to_web = Dataflow(process1, web, "Process calls a web API") proc_to_web.protocol = "HTTPS" proc_to_web.isEncrypted = True threat = threats["AC05"] self.assertTrue(threat.apply(proc_to_web))
def test_CR08(self): user = Actor("User") web = Server("Web Server") web.minTLSVersion = TLSVersion.TLSv11 user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTPS" user_to_web.isEncrypted = True user_to_web.tlsVersion = TLSVersion.SSLv3 threat = threats["CR08"] self.assertTrue(threat.apply(user_to_web))
def test_AC22(self): user = Actor("User") web = Server("Web Server") user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.data = Data("password", isCredentials=True, credentialsLife=Lifetime.HARDCODED) user_to_web.protocol = "HTTPS" user_to_web.isEncrypted = True threat = threats["AC22"] self.assertTrue(threat.apply(user_to_web))
def test_AC10(self): user = Actor("User") web = Server("Web Server") web.minTLSVersion = TLSVersion.TLSv11 web.implementsAuthenticationScheme = False web.authorizesSource = False user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTPS" user_to_web.isEncrypted = True user_to_web.tlsVersion = TLSVersion.SSLv3 web.inputs = [user_to_web] threat = threats["AC10"] self.assertTrue(threat.apply(web))
redis.isSQL = False redis.inScope = True db.onAWS = True db.isShared = False db.storesSensitiveData = False third_party = Element("3rd party services") third_party.inBoundary = internet third_party_bim = Element("3rd party BIM360 services") third_party_bim.inBoundary = internet user_to_apigee = Dataflow(user, apigee, "User sends API request to Apps service") user_to_apigee.protocol = "HTTPS" user_to_apigee.isEncrypted = True user_to_apigee.authenticatedWith = True user_to_apigee.dstPort = 443 user_to_apigee.data = 'JSON' user_to_apigee.order = 1 apigee_to_server = Dataflow(apigee, server, "Apigee forwards API request to Apps server") apigee_to_server.protocol = "HTTPS" apigee_to_server.isEncrypted = True apigee_to_server.authenticatedWith = True apigee_to_server.dstPort = 443 apigee_to_server.data = 'JSON' apigee_to_server.order = 2 server_to_third_party = Dataflow(