def test_AA04(self):
web = Server("Web Server")
web.implementsServerSideValidation = False
web.providesIntegrity = False
web.authorizesSource = False
threat = threats["AA04"]
self.assertTrue(threat.apply(web))
def test_AC09(self):
web = Server("Web Server")
web.hasAccessControl = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC09"))
self.assertTrue(ThreatObj.apply(web))
def test_AC10(self):
web = Server("Web Server")
web.usesLatestTLSversion = False
web.implementsAuthenticationScheme = False
web.authorizesSource = False
threat = threats["AC10"]
self.assertTrue(threat.apply(web))
def test_AA04(self):
web = Server("Web Server")
web.implementsServerSideValidation = False
web.providesIntegrity = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AA04"))
self.assertTrue(ThreatObj.apply(web))
def test_AC10(self):
web = Server("Web Server")
web.usesLatestTLSversion = False
web.implementsAuthenticationScheme = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC10"))
self.assertTrue(ThreatObj.apply(web))
def test_AC05(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.providesIntegrity = False
process1.authorizesSource = False
web.providesIntegrity = False
web.authorizesSource = False
threat = threats["AC05"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
def test_AC05(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.providesIntegrity = False
process1.authorizesSource = False
web.providesIntegrity = False
web.authorizesSource = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC05"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
def test_AC10(self):
user = Actor("User")
web = Server("Web Server")
web.minTLSVersion = TLSVersion.TLSv11
web.implementsAuthenticationScheme = False
web.authorizesSource = False
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTPS"
user_to_web.isEncrypted = True
user_to_web.tlsVersion = TLSVersion.SSLv3
web.inputs = [user_to_web]
threat = threats["AC10"]
self.assertTrue(threat.apply(web))
def test_AC01(self):
web = Server("Web Server")
process1 = Process("Process1")
db = Datastore("DB")
web.hasAccessControl = False
web.authorizesSource = True
process1.hasAccessControl = False
process1.authorizesSource = False
db.hasAccessControl = False
db.authorizesSource = False
threat = threats["AC01"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(db))
def test_AC01(self):
web = Server("Web Server")
process1 = Process("Process1")
db = Datastore("DB")
web.hasAccessControl = False
web.authorizesSource = True
process1.hasAccessControl = False
process1.authorizesSource = False
db.hasAccessControl = False
db.authorizesSource = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC01"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(db))
def test_AC09(self):
web = Server("Web Server")
web.hasAccessControl = False
web.authorizesSource = False
threat = threats["AC09"]
self.assertTrue(threat.apply(web))
internet = Boundary("Internet")
server_db = Boundary("Server/DB")
server_db.levels = [2]
vpc = Boundary("AWS VPC")
user = Actor("User")
user.inBoundary = internet
user.levels = [2]
web = Server("Web Server")
web.OS = "Ubuntu"
web.isHardened = True
web.sanitizesInput = False
web.encodesOutput = True
web.authorizesSource = False
web.sourceFiles = ["pytm/json.py", "docs/template.md"]
db = Datastore("SQL Database")
db.OS = "CentOS"
db.isHardened = False
db.inBoundary = server_db
db.isSQL = True
db.inScope = True
db.maxClassification = Classification.RESTRICTED
db.levels = [2]
secretDb = Datastore("Real Identity Database")
secretDb.OS = "CentOS"
secretDb.sourceFiles = ["pytm/pytm.py"]
secretDb.isHardened = True
