Exemple #1
0
 def test_DE04(self):
     data = Datastore("DB")
     data.validatesInput = False
     data.implementsPOLP = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "DE04"))
     self.assertTrue(ThreatObj.apply(data))
Exemple #2
0
 def test_INP37(self):
     web = Server("web")
     web.implementsStrictHTTPValidation = False
     web.encodesHeaders = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP37"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #3
0
 def test_INP22(self):
     web = Server("Web Server")
     web.usesXMLParser = False
     web.disablesDTD = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP22"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #4
0
 def test_AC13(self):
     process1 = Process("Process")
     process1.hasAccessControl = False
     process1.implementsPOLP = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC13"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #5
0
 def test_INP03(self):
     web = Server('Web')
     web.sanitizesInput = False
     web.encodesOutput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP03"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #6
0
 def test_SC01(self):
     process1 = Process("Process1")
     process1.implementsNonce = False
     process1.data = 'JSON'
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC01"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #7
0
 def test_SC02(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.encodesOutput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC02"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #8
0
 def test_AC19(self):
     web = Server("web")
     web.usesSessionTokens = True
     web.implementsNonce = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC19"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #9
0
 def test_INP11(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP11"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #10
0
 def test_AC06(self):
     web = Server("Web Server")
     web.isHardened = False
     web.hasAccessControl = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC06"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #11
0
 def test_INP15(self):
     web = Server("Web Server")
     web.protocol = 'IMAP'
     web.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP15"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #12
0
 def test_INP04(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.validatesHeaders = False
     web.protocol = 'HTTP'
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP04"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #13
0
 def test_SC03(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     web.hasAccessControl = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "SC03"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #14
0
 def test_HA03(self):
     web = Server("Web Server")
     web.validatesHeaders = False
     web.encodesOutput = False
     web.isHardened = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "HA03"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #15
0
 def test_SC05(self):
     web = Server("Web Server")
     web.providesIntegrity = False
     web.usesCodeSigning = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC05"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #16
0
 def test_INP41(self):
     process1 = Process("Process")
     process1.validatesInput = False
     process1.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP41"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #17
0
 def test_INP17(self):
     web = Server("Web Server")
     web.validatesContentType = False
     web.invokesScriptFilters = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP17"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #18
0
 def test_AC21(self):
     process1 = Process("Process")
     process1.implementsCSRFToken = False
     process1.verifySessionIdentifiers = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC21"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #19
0
 def test_AC09(self):
     web = Server("Web Server")
     web.hasAccessControl = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC09"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #20
0
 def test_CR02(self):
     user = Actor("User")
     web = Server("Web Server")
     web.protocol = 'HTTP'
     web.sanitizesInput = False
     web.validatesInput = False
     web.usesSessionTokens = True
     user_to_web = Dataflow(user, web, "User enters comments (*)")
     user_to_web.protocol = 'HTTP'
     user_to_web.sanitizesInput = False
     user_to_web.validatesInput = False
     user_to_web.usesSessionTokens = True
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "CR02"))
     self.assertTrue(ThreatObj.apply(web))
     self.assertTrue(ThreatObj.apply(user_to_web))
Exemple #21
0
 def test_AC16(self):
     web = Server("web")
     web.usesStrongSessionIdentifiers = False
     web.encryptsCookies = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC16"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #22
0
 def test_DO03(self):
     user = Actor("User")
     web = Server("Web Server")  
     user_to_web = Dataflow(user, web, "User enters comments (*)")
     user_to_web.data = 'XML' 
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DO03"))
     self.assertTrue(ThreatObj.apply(user_to_web))
Exemple #23
0
 def test_AC18(self):
     process1 = Process("Process")
     process1.usesStrongSessionIdentifiers = False
     process1.encryptsCookies = False
     process1.definesConnectionTimeout = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC18"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #24
0
 def test_AC14(self):
     process1 = Process("Process")
     process1.implementsPOLP = False
     process1.usesEnvironmentVariables = False
     process1.validatesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC14"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #25
0
 def test_INP40(self):
     process1 = Process("Process")
     process1.allowsClientSideScripting = True
     process1.sanitizesInput = False
     process1.validatesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP40"))
     self.assertTrue(ThreatObj.apply(process1))
Exemple #26
0
 def test_DO05(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     web.usesXMLParser = True
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "DO05"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #27
0
 def test_AA04(self):
     web = Server("Web Server")
     web.implementsServerSideValidation = False
     web.providesIntegrity = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AA04"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #28
0
 def test_AC10(self):
     web = Server("Web Server")
     web.usesLatestTLSversion = False
     web.implementsAuthenticationScheme = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC10"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #29
0
 def test_AA03(self):
     web = Server("Web Server")
     web.providesIntegrity = False
     web.authenticatesSource = False
     web.usesStrongSessionIdentifiers = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AA03"))
     self.assertTrue(ThreatObj.apply(web))
Exemple #30
0
 def test_AC20(self):
     process1 = Process("Process")
     process1.definesConnectionTimeout = False
     process1.usesMFA = False
     process1.encryptsSessionData = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC20"))
     self.assertTrue(ThreatObj.apply(process1))