def test_AC10(self):
web = Server("Web Server")
web.usesLatestTLSversion = False
web.implementsAuthenticationScheme = False
web.authorizesSource = False
threat = threats["AC10"]
self.assertTrue(threat.apply(web))
def test_CR03(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.implementsAuthenticationScheme = False
web.implementsAuthenticationScheme = False
threat = threats["CR03"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
def test_AC10(self):
web = Server("Web Server")
web.usesLatestTLSversion = False
web.implementsAuthenticationScheme = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC10"))
self.assertTrue(ThreatObj.apply(web))
def test_CR03(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.implementsAuthenticationScheme = False
web.implementsAuthenticationScheme = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "CR03"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
def test_AC10(self):
user = Actor("User")
web = Server("Web Server")
web.minTLSVersion = TLSVersion.TLSv11
web.implementsAuthenticationScheme = False
web.authorizesSource = False
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTPS"
user_to_web.isEncrypted = True
user_to_web.tlsVersion = TLSVersion.SSLv3
web.inputs = [user_to_web]
threat = threats["AC10"]
self.assertTrue(threat.apply(web))
