def testStandardVulnerability(self):
iveps1 = [
VulnerabilityEnvironmentProperties(
self.iVuln[0]["theEnvironmentProperties"][0]["theName"],
self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])
]
iveps2 = [
VulnerabilityEnvironmentProperties(
self.iVuln[1]["theEnvironmentProperties"][0]["theName"],
self.iVuln[1]["theEnvironmentProperties"][0]["theSeverity"],
self.iVuln[1]["theEnvironmentProperties"][0]["theAssets"])
]
iveps3 = [
VulnerabilityEnvironmentProperties(
self.iVuln[2]["theEnvironmentProperties"][0]["theName"],
self.iVuln[2]["theEnvironmentProperties"][0]["theSeverity"],
self.iVuln[2]["theEnvironmentProperties"][0]["theAssets"])
]
ivp1 = VulnerabilityParameters(self.iVuln[0]["theName"],
self.iVuln[0]["theDescription"],
self.iVuln[0]["theType"], [], iveps1)
ivp2 = VulnerabilityParameters(self.iVuln[1]["theName"],
self.iVuln[1]["theDescription"],
self.iVuln[1]["theType"], [], iveps2)
ivp3 = VulnerabilityParameters(self.iVuln[2]["theName"],
self.iVuln[2]["theDescription"],
self.iVuln[2]["theType"], [], iveps3)
b = Borg()
b.dbProxy.addVulnerability(ivp1)
b.dbProxy.addVulnerability(ivp2)
b.dbProxy.addVulnerability(ivp3)
ovps = b.dbProxy.getVulnerabilities()
ovp1 = ovps[self.iVuln[0]["theName"]]
ovep1 = ovp1.environmentProperties()
self.assertEqual(ivp1.name(), ovp1.name())
self.assertEqual(ivp1.type(), ovp1.type())
self.assertEqual(ivp1.description(), ovp1.description())
self.assertEqual(
self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
ovep1[0].severity())
self.assertEqual(
str(self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"][0]),
str(ovep1[0].assets()[0]))
ovp2 = ovps[self.iVuln[1]["theName"]]
ovep2 = ovp2.environmentProperties()
self.assertEqual(ivp2.name(), ovp2.name())
self.assertEqual(ivp2.type(), ovp2.type())
self.assertEqual(ivp2.description(), ovp2.description())
self.assertEqual(
self.iVuln[1]["theEnvironmentProperties"][0]["theSeverity"],
ovp2.environmentProperties()[0].severity())
self.assertEqual(
str(self.iVuln[1]["theEnvironmentProperties"][0]["theAssets"][0]),
str(ovep2[0].assets()[0]))
ovp3 = ovps[self.iVuln[2]["theName"]]
ovep3 = ovp3.environmentProperties()
self.assertEqual(ivp3.name(), ovp3.name())
self.assertEqual(ivp3.type(), ovp3.type())
self.assertEqual(ivp3.description(), ovp3.description())
self.assertEqual(
self.iVuln[2]["theEnvironmentProperties"][0]["theSeverity"],
ovep3[0].severity())
self.assertEqual(
str(self.iVuln[2]["theEnvironmentProperties"][0]["theAssets"][0]),
str(ovep3[0].assets()[0]))
ovp3.theVulnerabilityName = 'updated name'
ovp3.theVulnerabilityDescription = 'updated description'
b.dbProxy.updateVulnerability(ovp3)
ovps = b.dbProxy.getVulnerabilities()
ovp4 = ovps['updated name']
self.assertEqual(ovp3.name(), ovp4.name())
self.assertEqual(ovp3.type(), ovp4.type())
self.assertEqual(ovp3.description(), ovp4.description())
b.dbProxy.deleteVulnerability(ovp1.id())
b.dbProxy.deleteVulnerability(ovp2.id())
b.dbProxy.deleteVulnerability(ovp3.id())
def setUp(self):
call([os.environ['CAIRIS_CFG_DIR'] + "/initdb.sh"])
cairis.core.BorgFactory.initialise()
f = open(os.environ['CAIRIS_SRC'] + '/test/risks.json')
d = json.load(f)
f.close()
ienvs = d['environments']
iep1 = EnvironmentParameters(ienvs[0]["theName"],
ienvs[0]["theShortCode"],
ienvs[0]["theDescription"])
b = Borg()
b.dbProxy.addEnvironment(iep1)
iRoles = d['roles']
irp = RoleParameters(iRoles[0]["theName"], iRoles[0]["theType"],
iRoles[0]["theShortCode"],
iRoles[0]["theDescription"], [])
b.dbProxy.addRole(irp)
iAttackers = d['attackers']
iatkeps = [
AttackerEnvironmentProperties(
iAttackers[0]["theEnvironmentProperties"][0]["theName"],
iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],
iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],
iAttackers[0]["theEnvironmentProperties"][0]
["theCapabilities"])
]
iatk = AttackerParameters(iAttackers[0]["theName"],
iAttackers[0]["theDescription"],
iAttackers[0]["theImage"], [], iatkeps)
b.dbProxy.addAttacker(iatk)
iVtypes = d['valuetypes']
ivt1 = ValueTypeParameters(iVtypes[0]["theName"],
iVtypes[0]["theDescription"],
iVtypes[0]["theType"])
ivt2 = ValueTypeParameters(iVtypes[1]["theName"],
iVtypes[1]["theDescription"],
iVtypes[1]["theType"])
b.dbProxy.addValueType(ivt1)
b.dbProxy.addValueType(ivt2)
iassets = d['assets']
iaeps1 = [
AssetEnvironmentProperties(
iassets[0]["theEnvironmentProperties"][0][0],
iassets[0]["theEnvironmentProperties"][0][1],
iassets[0]["theEnvironmentProperties"][0][2])
]
iap1 = AssetParameters(iassets[0]["theName"],
iassets[0]["theShortCode"],
iassets[0]["theDescription"],
iassets[0]["theSignificance"],
iassets[0]["theType"], "0", "N/A", [], [],
iaeps1)
iap2 = AssetParameters(iassets[1]["theName"],
iassets[1]["theShortCode"],
iassets[1]["theDescription"],
iassets[1]["theSignificance"],
iassets[1]["theType"], "0", "N/A", [], [],
iaeps1)
iap3 = AssetParameters(iassets[2]["theName"],
iassets[2]["theShortCode"],
iassets[2]["theDescription"],
iassets[2]["theSignificance"],
iassets[2]["theType"], "0", "N/A", [], [],
iaeps1)
b.dbProxy.addAsset(iap1)
b.dbProxy.addAsset(iap2)
b.dbProxy.addAsset(iap3)
iThreats = d['threats']
iteps = [
ThreatEnvironmentProperties(
iThreats[0]["theEnvironmentProperties"][0]["theName"],
iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],
iThreats[0]["theEnvironmentProperties"][0]["theAssets"],
iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],
iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0]
[1], iThreats[0]["theEnvironmentProperties"][0]
["theProperties"][0][1])
]
itps = ThreatParameters(iThreats[0]["theName"], iThreats[0]["theType"],
iThreats[0]["theMethod"], [], iteps)
b.dbProxy.addThreat(itps)
iVuln = d['vulnerabilities']
iveps = [
VulnerabilityEnvironmentProperties(
iVuln[0]["theEnvironmentProperties"][0]["theName"],
iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],
iVuln[0]["theEnvironmentProperties"][0]["theAssets"])
]
ivp = VulnerabilityParameters(iVuln[0]["theName"],
iVuln[0]["theDescription"],
iVuln[0]["theType"], [], iveps)
b.dbProxy.addVulnerability(ivp)
self.imc = d['misuseCase']
self.iRisks = d['risks']
