def test_AC09(self): web = Server("Web Server") web.hasAccessControl = False web.authorizesSource = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC09")) self.assertTrue(ThreatObj.apply(web))
def test_SC03(self): web = Server("Web Server") web.validatesInput = False web.sanitizesInput = False web.hasAccessControl = False threat = threats["SC03"] self.assertTrue(threat.apply(web))
def test_AC06(self): web = Server("Web Server") web.isHardened = False web.hasAccessControl = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC06")) self.assertTrue(ThreatObj.apply(web))
def test_SC03(self): web = Server("Web Server") web.validatesInput = False web.sanitizesInput = False web.hasAccessControl = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "SC03")) self.assertTrue(ThreatObj.apply(web))
def test_AC01(self): web = Server("Web Server") process1 = Process("Process1") db = Datastore("DB") web.hasAccessControl = False web.authorizesSource = True process1.hasAccessControl = False process1.authorizesSource = False db.hasAccessControl = False db.authorizesSource = False threat = threats["AC01"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web)) self.assertTrue(threat.apply(db))
def test_AC01(self): web = Server("Web Server") process1 = Process("Process1") db = Datastore("DB") web.hasAccessControl = False web.authorizesSource = True process1.hasAccessControl = False process1.authorizesSource = False db.hasAccessControl = False db.authorizesSource = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC01")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web)) self.assertTrue(ThreatObj.apply(db))
def test_AC09(self): web = Server("Web Server") web.hasAccessControl = False web.authorizesSource = False threat = threats["AC09"] self.assertTrue(threat.apply(web))
def test_AC08(self): web = Server("Web Server") web.hasAccessControl = False threat = threats["AC08"] self.assertTrue(threat.apply(web))
user = Actor("User/Browser") user.inBoundary = machine apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True apigee = Element("Apigee") apigee.inBoundary = internet apigee.isHardened = True server = Server("Apps Server") server.inBoundary = apps_vpc server.isHardened = True server.hasAccessControl = True server.encodesOutput = True db = Datastore("MySQL DB") db.isHardened = True db.hasAccessControl = True db.inBoundary = apps_vpc db.inBoundary = rds_boundary db.isSQL = True db.inScope = True db.onAWS = True db.isShared = True db.storesSensitiveData = False redis = Datastore("Redis") redis.isHardened = True