def setUp(self):
"""
This method does the general setup needed for the test methods.
For now it just creates a MUOContainer object, but can be used to
do any default settings
"""
muo_container_type = ContentType.objects.get(app_label='muo',
model='muocontainer')
perm = Permission.objects.get(codename='can_approve',
content_type=muo_container_type)
self.reject_msg = "This MUO is rejected!"
self.reviewer = User(username='******')
self.reviewer.save()
self.reviewer.user_permissions.add(perm)
self.user = User(username='******')
self.user.save()
misuse_case = MisuseCase()
misuse_case.save()
muo_container = MUOContainer.objects.create(
misuse_case=misuse_case
) # MUOContainer cannot be created without misuse case
muo_container.save()
# The id field is auto incremental and we need to know the id of the currently created object
self.current_id = muo_container.id
use_case = UseCase(muo_container=muo_container
) # Usecase cannot be created without MUOContainer
use_case.save() # save in the database
def setUp(self):
"""
This method does the general setup needed for the test methods.
For now it just creates a custom MUOContainer object
"""
test_user = User(username='******', is_active=True)
test_user.save()
self.user = test_user
cwe1 = CWE(code=1, name='CWE-1')
cwe1.save()
cwe2 = CWE(code=2, name='CWE-2')
cwe2.save()
misuse_case = MisuseCase()
misuse_case.save()
misuse_case.cwes.add(*[cwe1, cwe2])
muo_container = MUOContainer.objects.create(misuse_case=misuse_case,
is_custom=True,
status='draft')
muo_container.save()
muo_container.cwes.add(*[cwe1, cwe2])
# The id field is auto incremental and we need to know the id of the currently created object
self.current_id = muo_container.id
use_case = UseCase(muo_container=muo_container,
misuse_case=misuse_case)
use_case.save()
def _create_issue_report(self, issue_report_status='open'):
cwe101 = CWE.objects.get(code=101)
# Create the misuse case and establish the relationship with the CWEs
misuse_case = MisuseCase(
misuse_case_description="Misuse case #1",
misuse_case_primary_actor="Primary actor #1",
misuse_case_secondary_actor="Secondary actor #1",
misuse_case_precondition="Pre-condition #1",
misuse_case_flow_of_events="Event flow #1",
misuse_case_postcondition="Post-condition #1",
misuse_case_assumption="Assumption #1",
misuse_case_source="Source #1")
misuse_case.save()
misuse_case.cwes.add(
cwe101
) # Establish the relationship between the misuse case and CWEs
# Create the MUO container for the misuse case and establish the relationship between the
# MUO Container and CWEs.
muo_container = MUOContainer(is_custom=False,
status='draft',
misuse_case=misuse_case,
misuse_case_type="new")
muo_container.save()
muo_container.cwes.add(
cwe101
) # Establish the relationship between the muo container and cwes
# Create some use cases(with OSRs)
uc = UseCase(
use_case_description="Use Case #1",
use_case_primary_actor="Primary actor #1",
use_case_secondary_actor="Secondary actor #1",
use_case_precondition="Pre-condition #1",
use_case_flow_of_events="Event flow #1",
use_case_postcondition="Post-condition #1",
use_case_assumption="Assumption #1",
use_case_source="Source #1",
osr_pattern_type="ubiquitous",
osr="Overlooked Security Requirement #1",
muo_container=muo_container,
)
uc.muo_container = muo_container
uc.misuse_case = misuse_case
uc.save()
# START
issue_report_01 = IssueReport(name="Issue/00001",
active=1,
description="sample description",
resolve_reason="/",
usecase=uc,
status=issue_report_status)
issue_report_01.save()
# END
return issue_report_01
def setUp(self):
self.user = User(username='******')
self.user.save()
misuse_case = MisuseCase()
misuse_case.save()
muo_container = MUOContainer.objects.create(misuse_case = misuse_case) # MUOContainer cannot be created without misuse case
muo_container.save()
# The id field is auto incremental and we need to know the id of the currently created object
self.current_id = muo_container.id
use_case = UseCase(muo_container=muo_container) # Usecase cannot be created without MUOContainer
use_case.save() # save in the database
def test_action_submit_with_status_draft_and_without_usecase_in_muocontainer(
self):
"""
'action_aubmit' should raise the Validation Error when an attempt is made to submit the muo container
without the use case i.e. when container is not complete
"""
misuse_case = MisuseCase()
misuse_case.save()
muo_container = MUOContainer.objects.create(
misuse_case=misuse_case
) # MUOContainer cannot be created without misuse case
muo_container.status = 'draft'
muo_container.save()
self.assertRaises(ValidationError, muo_container.action_submit)
def _create_draft_muo(self, muc_type):
cwe101 = CWE.objects.get(code=101)
# Create the misuse case and establish the relationship with the CWEs
misuse_case = MisuseCase(
misuse_case_description="Misuse case #1",
misuse_case_primary_actor="Primary actor #1",
misuse_case_secondary_actor="Secondary actor #1",
misuse_case_precondition="Pre-condition #1",
misuse_case_flow_of_events="Event flow #1",
misuse_case_postcondition="Post-condition #1",
misuse_case_assumption="Assumption #1",
misuse_case_source="Source #1")
misuse_case.save()
misuse_case.cwes.add(
cwe101
) # Establish the relationship between the misuse case and CWEs
# Create the MUO container for the misuse case and establish the relationship between the
# MUO Container and CWEs.
muo_container = MUOContainer(is_custom=False,
status='draft',
misuse_case=misuse_case,
misuse_case_type=muc_type)
muo_container.save()
muo_container.cwes.add(
cwe101
) # Establish the relationship between the muo container and cwes
# Create some use cases(with OSRs)
uc = UseCase(use_case_description="Use Case #1",
use_case_primary_actor="Primary actor #1",
use_case_secondary_actor="Secondary actor #1",
use_case_precondition="Pre-condition #1",
use_case_flow_of_events="Event flow #1",
use_case_postcondition="Post-condition #1",
use_case_assumption="Assumption #1",
use_case_source="Source #1",
osr_pattern_type="ubiquitous",
osr="Overlooked Security Requirement #1")
uc.muo_container = muo_container
uc.misuse_case = misuse_case
uc.save()
return muo_container
def setUp(self):
"""
This method does the general setup needed for the test methods.
For now it just creates a MUOContainer object and an issue report on that MUO Container
"""
self.reviewer = User(username='******')
self.reviewer.save()
misuse_case = MisuseCase()
misuse_case.save()
muo_container = MUOContainer.objects.create(misuse_case=misuse_case,
status='approved')
muo_container.save()
use_case = UseCase(muo_container=muo_container)
use_case.save() # save in the database
issue_report = IssueReport.objects.create(
description="this is the issue", type="spam", usecase=use_case)
issue_report.save()
self.issue_report = issue_report
def setUp(self):
test_user = User(username='******')
test_user.save()
self.user = test_user
cwe1 = CWE(code=1, name='CWE-1')
cwe1.save()
misuse_case = MisuseCase()
misuse_case.save()
misuse_case.cwes.add(*[cwe1])
muo_container = MUOContainer.objects.create(misuse_case=misuse_case, created_by=self.user)
muo_container.save()
muo_container.cwes.add(*[cwe1])
use_case = UseCase(muo_container=muo_container) # Usecase cannot be created without MUOContainer
use_case.save() # save in the database
self.muo_container = muo_container
def setUp(self):
"""
This method does the general setup needed for the test methods.
For now it just creates a MUOContainer object, but can be used to
do any default settings
"""
self.author = User(username='******')
self.author.save()
# Set 1
self.misuse_case_1 = MisuseCase()
self.misuse_case_1.save()
self.misuse_case_1_id = self.misuse_case_1.id
self.muo_container_1 = MUOContainer.objects.create(
misuse_case=self.misuse_case_1, status='draft')
self.muo_container_1.save()
self.muo_container_1_id = self.muo_container_1.id
self.use_case_1 = UseCase(muo_container=self.muo_container_1)
self.use_case_1.save()
# Set 2
self.misuse_case_2 = MisuseCase()
self.misuse_case_2.save()
self.misuse_case_2_id = self.misuse_case_2.id
self.muo_container_2 = MUOContainer.objects.create(
misuse_case=self.misuse_case_2, status='rejected')
self.muo_container_2.save()
self.muo_container_2_id = self.muo_container_2.id
self.muo_container_3 = MUOContainer.objects.create(
misuse_case=self.misuse_case_2, status='approved')
self.muo_container_3.save()
self.muo_container_3_id = self.muo_container_3.id
self.use_case_2 = UseCase(muo_container=self.muo_container_2)
self.use_case_2.save()
def setUp(self):
"""
This method does the general setup needed for the test methods.
For now it just creates a MUOContainer object, but can be used to
do any default settings
"""
self.reject_msg = "This MUO is rejected!"
self.reviewer = User(username='******')
self.reviewer.save()
misuse_case = MisuseCase()
misuse_case.save()
muo_container = MUOContainer.objects.create(
misuse_case=misuse_case
) # MUOContainer cannot be created without misuse case
muo_container.save()
# The id field is auto incremental and we need to know the id of the currently created object
self.current_id = muo_container.id
use_case = UseCase(muo_container=muo_container
) # Usecase cannot be created without MUOContainer
use_case.save() # save in the database
class TestMUODeletion(TestCase):
"""
This class is the test suite to test the deletion behavior of MisuseCase, UseCase and OSR
"""
def setUp(self):
"""
This method does the general setup needed for the test methods.
For now it just creates a MUOContainer object, but can be used to
do any default settings
"""
self.author = User(username='******')
self.author.save()
# Set 1
self.misuse_case_1 = MisuseCase()
self.misuse_case_1.save()
self.misuse_case_1_id = self.misuse_case_1.id
self.muo_container_1 = MUOContainer.objects.create(
misuse_case=self.misuse_case_1, status='draft')
self.muo_container_1.save()
self.muo_container_1_id = self.muo_container_1.id
self.use_case_1 = UseCase(muo_container=self.muo_container_1)
self.use_case_1.save()
# Set 2
self.misuse_case_2 = MisuseCase()
self.misuse_case_2.save()
self.misuse_case_2_id = self.misuse_case_2.id
self.muo_container_2 = MUOContainer.objects.create(
misuse_case=self.misuse_case_2, status='rejected')
self.muo_container_2.save()
self.muo_container_2_id = self.muo_container_2.id
self.muo_container_3 = MUOContainer.objects.create(
misuse_case=self.misuse_case_2, status='approved')
self.muo_container_3.save()
self.muo_container_3_id = self.muo_container_3.id
self.use_case_2 = UseCase(muo_container=self.muo_container_2)
self.use_case_2.save()
def test_muo_deletion_with_draft_status_and_not_sharing_misusecase_with_other_muo_containers(
self):
"""
This method test the deletion of a muo container that is in draft state and not sharing the misuse case
with any other container. After delete, the muo container should get deleted and also the corresponding
misuse case should get deleted
"""
self.muo_container_1.delete()
self.assertRaises(MUOContainer.DoesNotExist,
MUOContainer.objects.get,
pk=self.muo_container_1_id)
self.assertRaises(MisuseCase.DoesNotExist,
MisuseCase.objects.get,
pk=self.misuse_case_1_id)
def test_muo_deletion_with_rejected_status_and_sharing_misusecase_with_other_muo_containers(
self):
"""
This method tests the deletion of a muo container that is in rejected state and has the associated
misuse case which is also associated with some other misuse case. In this case, the muo container
should get deleted but the associated misuse case should not be deleted
"""
self.muo_container_2.delete()
self.assertRaises(MUOContainer.DoesNotExist,
MUOContainer.objects.get,
pk=self.muo_container_2_id)
self.assertIsNotNone(MisuseCase.objects.get(pk=self.misuse_case_2_id))
def test_muo_deletion_with_approved_status(self):
"""
This method tests the deletion of the muo container that is in approved state. On deleting the
muo container in approved state, validation error is raised.
"""
self.assertRaises(ValidationError, self.muo_container_3.delete)
def test_muo_deletion_with_in_review_status(self):
"""
This method test the deletion of a muo container that is in in_review state and not sharing the misuse case
with any other container. After delete, the muo container should get deleted and also the corresponding
misuse case should get deleted
"""
self.muo_container_3.status = 'in_review'
self.muo_container_3.delete()
self.assertRaises(MUOContainer.DoesNotExist,
MUOContainer.objects.get,
pk=self.muo_container_3_id)