def test_INP23(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.sanitizesInput = False
process1.validatesInput = False
threat = threats["INP23"]
self.assertTrue(threat.apply(process1))
def test_AC13(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.implementsPOLP = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC13"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP23(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.sanitizesInput = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP23"))
self.assertTrue(ThreatObj.apply(process1))
def test_AC01(self):
web = Server("Web Server")
process1 = Process("Process1")
db = Datastore("DB")
web.hasAccessControl = False
web.authorizesSource = True
process1.hasAccessControl = False
process1.authorizesSource = False
db.hasAccessControl = False
db.authorizesSource = False
threat = threats["AC01"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(db))
def test_AC01(self):
web = Server("Web Server")
process1 = Process("Process1")
db = Datastore("DB")
web.hasAccessControl = False
web.authorizesSource = True
process1.hasAccessControl = False
process1.authorizesSource = False
db.hasAccessControl = False
db.authorizesSource = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC01"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(db))
def test_AC13(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.implementsPOLP = False
threat = threats["AC13"]
self.assertTrue(threat.apply(process1))
