def test_SC03(self):
web = Server("Web Server")
web.validatesInput = False
web.sanitizesInput = False
web.hasAccessControl = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "SC03"))
self.assertTrue(ThreatObj.apply(web))
def test_INP17(self):
web = Server("Web Server")
web.validatesContentType = False
web.invokesScriptFilters = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP17"))
self.assertTrue(ThreatObj.apply(web))
def test_AC16(self):
web = Server("web")
web.usesStrongSessionIdentifiers = False
web.encryptsCookies = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC16"))
self.assertTrue(ThreatObj.apply(web))
def test_HA03(self):
web = Server("Web Server")
web.validatesHeaders = False
web.encodesOutput = False
web.isHardened = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "HA03"))
self.assertTrue(ThreatObj.apply(web))
def test_DO03(self):
user = Actor("User")
web = Server("Web Server")
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.data = 'XML'
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DO03"))
self.assertTrue(ThreatObj.apply(user_to_web))
def test_CR04(self):
web = Server("Web Server")
web.usesSessionTokens = True
web.implementsNonce = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "CR04"))
self.assertTrue(ThreatObj.apply(web))
def test_SC02(self):
web = Server("Web Server")
web.validatesInput = False
web.encodesOutput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "SC02"))
self.assertTrue(ThreatObj.apply(web))
def test_INP15(self):
web = Server("Web Server")
web.protocol = 'IMAP'
web.sanitizesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP15"))
self.assertTrue(ThreatObj.apply(web))
def test_AC06(self):
web = Server("Web Server")
web.isHardened = False
web.hasAccessControl = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC06"))
self.assertTrue(ThreatObj.apply(web))
def test_HA01(self):
web = Server("Web Server")
web.validatesInput = False
web.sanitizesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "HA01"))
self.assertTrue(ThreatObj.apply(web))
def test_SC01(self):
process1 = Process("Process1")
process1.implementsNonce = False
process1.data = 'JSON'
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "SC01"))
self.assertTrue(ThreatObj.apply(process1))
def test_SC05(self):
web = Server("Web Server")
web.providesIntegrity = False
web.usesCodeSigning = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "SC05"))
self.assertTrue(ThreatObj.apply(web))
def test_INP04(self):
web = Server("Web Server")
web.validatesInput = False
web.validatesHeaders = False
web.protocol = 'HTTP'
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP04"))
self.assertTrue(ThreatObj.apply(web))
def test_DE04(self):
data = Datastore("DB")
data.validatesInput = False
data.implementsPOLP = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "DE04"))
self.assertTrue(ThreatObj.apply(data))
def test_AC09(self):
web = Server("Web Server")
web.hasAccessControl = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC09"))
self.assertTrue(ThreatObj.apply(web))
def test_INP18(self):
web = Server("Web Server")
web.sanitizesInput = False
web.encodesOutput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP18"))
self.assertTrue(ThreatObj.apply(web))
def test_INP35(self):
process1 = Process("Process")
process1.validatesInput = False
process1.sanitizesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP35"))
self.assertTrue(ThreatObj.apply(process1))
def test_AC13(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.implementsPOLP = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC13"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP22(self):
web = Server("Web Server")
web.usesXMLParser = False
web.disablesDTD = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP22"))
self.assertTrue(ThreatObj.apply(web))
def test_AC21(self):
process1 = Process("Process")
process1.implementsCSRFToken = False
process1.verifySessionIdentifiers = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC21"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP37(self):
web = Server("web")
web.implementsStrictHTTPValidation = False
web.encodesHeaders = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP37"))
self.assertTrue(ThreatObj.apply(web))
def test_AC14(self):
process1 = Process("Process")
process1.implementsPOLP = False
process1.usesEnvironmentVariables = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC14"))
self.assertTrue(ThreatObj.apply(process1))
def test_DO05(self):
web = Server("Web Server")
web.validatesInput = False
web.sanitizesInput = False
web.usesXMLParser = True
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "DO05"))
self.assertTrue(ThreatObj.apply(web))
def test_AA04(self):
web = Server("Web Server")
web.implementsServerSideValidation = False
web.providesIntegrity = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AA04"))
self.assertTrue(ThreatObj.apply(web))
def test_AC10(self):
web = Server("Web Server")
web.usesLatestTLSversion = False
web.implementsAuthenticationScheme = False
web.authorizesSource = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC10"))
self.assertTrue(ThreatObj.apply(web))
def test_INP40(self):
process1 = Process("Process")
process1.allowsClientSideScripting = True
process1.sanitizesInput = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP40"))
self.assertTrue(ThreatObj.apply(process1))
def test_AA02(self):
web = Server("Web Server")
process1 = Process("process")
web.authenticatesSource = False
process1.authenticatesSource = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AA02"))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(process1))
def test_AC20(self):
process1 = Process("Process")
process1.definesConnectionTimeout = False
process1.usesMFA = False
process1.encryptsSessionData = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC20"))
self.assertTrue(ThreatObj.apply(process1))
def test_AC18(self):
process1 = Process("Process")
process1.usesStrongSessionIdentifiers = False
process1.encryptsCookies = False
process1.definesConnectionTimeout = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC18"))
self.assertTrue(ThreatObj.apply(process1))
def test_AA03(self):
web = Server("Web Server")
web.providesIntegrity = False
web.authenticatesSource = False
web.usesStrongSessionIdentifiers = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AA03"))
self.assertTrue(ThreatObj.apply(web))
