def testAttacker(self): iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"]),AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][1]["theName"],self.iAttackers[0]["theEnvironmentProperties"][1]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][1]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][1]["theCapabilities"])] iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],iatkeps) b = Borg() b.dbProxy.addAttacker(iatk) oAttackers = b.dbProxy.getAttackers() o = oAttackers[self.iAttackers[0]["theName"]] self.assertEqual(iatk.name(), o.name()) self.assertEqual(iatk.description(),o.description()) self.assertEqual(iatk.image(),o.image()) oatkeps = o.environmentProperties() self.assertEqual(iatkeps[0].name(), oatkeps[0].name()) self.assertEqual(str(iatkeps[0].roles()[0]), str(oatkeps[0].roles()[0])) self.assertEqual(str(iatkeps[0].roles()[0]), o.roles('Day','')[0]) self.assertEqual(iatkeps[0].roles(), list(o.roles('','Maximise'))) self.assertEqual(str(iatkeps[0].motives()[0]), str(oatkeps[0].motives()[0])) self.assertEqual(str(iatkeps[0].motives()[0]), str(o.motives('Day','')[0])) self.assertEqual(iatkeps[0].motives(), list(o.motives('','Maximise'))) self.assertEqual(str(iatkeps[0].capabilities()[0][0]), str(oatkeps[0].capabilities()[0][0])) self.assertEqual(str(iatkeps[0].capabilities()[0][1]), str(oatkeps[0].capabilities()[0][1])) self.assertEqual(iatkeps[0].capabilities()[0][0], o.capability('Day','')[0][0]) self.assertEqual(iatkeps[0].capabilities()[0][0], list(o.capability('','Maximise'))[0][0]) iatk.theName = 'Updated name' iatk.setId(o.id()) b.dbProxy.updateAttacker(iatk) oAttackers = b.dbProxy.getAttackers() o = oAttackers["Updated name"] self.assertEqual(o.name(),'Updated name') b.dbProxy.deleteAttacker(o.id())
def testAttacker(self): iatkeps = [ AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][0]["theName"], self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][0] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [0]["theCapabilities"]) ] iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"], [], iatkeps) b = Borg() b.dbProxy.addAttacker(iatk) oAttackers = b.dbProxy.getAttackers() o = oAttackers[self.iAttackers[0]["theName"]] self.assertEqual(iatk.name(), o.name()) self.assertEqual(iatk.description(), o.description()) self.assertEqual(iatk.image(), o.image()) oatkeps = o.environmentProperties() self.assertEqual(iatkeps[0].name(), oatkeps[0].name()) self.assertEqual(str(iatkeps[0].roles()[0]), str(oatkeps[0].roles()[0])) self.assertEqual(str(iatkeps[0].motives()[0]), str(oatkeps[0].motives()[0])) self.assertEqual(str(iatkeps[0].capabilities()[0][0]), str(oatkeps[0].capabilities()[0][0])) self.assertEqual(str(iatkeps[0].capabilities()[0][1]), str(oatkeps[0].capabilities()[0][1])) b.dbProxy.deleteAttacker(o.id())
def testAttacker(self): iatkeps = [ AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][0]["theName"], self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][0] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [0]["theCapabilities"]), AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][1]["theName"], self.iAttackers[0]["theEnvironmentProperties"][1]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][1] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [1]["theCapabilities"]) ] iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"], [], iatkeps) b = Borg() b.dbProxy.addAttacker(iatk) oAttackers = b.dbProxy.getAttackers() o = oAttackers[self.iAttackers[0]["theName"]] self.assertEqual(iatk.name(), o.name()) self.assertEqual(iatk.description(), o.description()) self.assertEqual(iatk.image(), o.image()) oatkeps = o.environmentProperties() self.assertEqual(iatkeps[0].name(), oatkeps[0].name()) self.assertEqual(str(iatkeps[0].roles()[0]), str(oatkeps[0].roles()[0])) self.assertEqual(str(iatkeps[0].roles()[0]), o.roles('Day', '')[0]) self.assertEqual(iatkeps[0].roles(), list(o.roles('', 'Maximise'))) self.assertEqual(str(iatkeps[0].motives()[0]), str(oatkeps[0].motives()[0])) self.assertEqual(str(iatkeps[0].motives()[0]), str(o.motives('Day', '')[0])) self.assertEqual(iatkeps[0].motives(), list(o.motives('', 'Maximise'))) self.assertEqual(str(iatkeps[0].capabilities()[0][0]), str(oatkeps[0].capabilities()[0][0])) self.assertEqual(str(iatkeps[0].capabilities()[0][1]), str(oatkeps[0].capabilities()[0][1])) self.assertEqual(iatkeps[0].capabilities()[0][0], o.capability('Day', '')[0][0]) self.assertEqual(iatkeps[0].capabilities()[0][0], list(o.capability('', 'Maximise'))[0][0]) iatk.theName = 'Updated name' iatk.setId(o.id()) b.dbProxy.updateAttacker(iatk) oAttackers = b.dbProxy.getAttackers() o = oAttackers["Updated name"] self.assertEqual(o.name(), 'Updated name') b.dbProxy.deleteAttacker(o.id())
def testAttacker(self): iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])] iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],iatkeps) b = Borg() b.dbProxy.addAttacker(iatk) oAttackers = b.dbProxy.getAttackers() o = oAttackers[self.iAttackers[0]["theName"]] self.assertEqual(iatk.name(), o.name()) self.assertEqual(iatk.description(),o.description()) self.assertEqual(iatk.image(),o.image()) oatkeps = o.environmentProperties() self.assertEqual(iatkeps[0].name(), oatkeps[0].name()) self.assertEqual(str(iatkeps[0].roles()[0]), str(oatkeps[0].roles()[0])) self.assertEqual(str(iatkeps[0].motives()[0]), str(oatkeps[0].motives()[0])) self.assertEqual(str(iatkeps[0].capabilities()[0][0]), str(oatkeps[0].capabilities()[0][0])) self.assertEqual(str(iatkeps[0].capabilities()[0][1]), str(oatkeps[0].capabilities()[0][1])) b.dbProxy.deleteAttacker(o.id())
class ResponseTest(unittest.TestCase): def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"], self.ienvs[0]["theShortCode"], self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep1) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"], []) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters( self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"], self.iPersonas[0]["theAttitudes"], self.iPersonas[0]["theAptitudes"], self.iPersonas[0]["theMotivations"], self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"], self.iPersonas[0]["theContextual"], "", "0", self.iPersonas[0]["thePersonaType"], [], [ PersonaEnvironmentProperties( self.iPersonas[0]["theEnvironmentProperties"][0] ["theName"], (self.iPersonas[0]["theEnvironmentProperties"] [0]["theDirectFlag"] == "True"), self.iPersonas[0]["theEnvironmentProperties"][0] ["theNarrative"], self.iPersonas[0] ["theEnvironmentProperties"][0]["theRole"]) ], []) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters( self.iExternalDocuments[0]["theName"], self.iExternalDocuments[0]["theVersion"], self.iExternalDocuments[0]["thePublicationDate"], self.iExternalDocuments[0]["theAuthors"], self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters( self.iExternalDocuments[1]["theName"], self.iExternalDocuments[1]["theVersion"], self.iExternalDocuments[1]["thePublicationDate"], self.iExternalDocuments[1]["theAuthors"], self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters( self.iDocumentReferences[0]["theName"], self.iDocumentReferences[0]["theDocName"], self.iDocumentReferences[0]["theContributor"], self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters( self.iDocumentReferences[1]["theName"], self.iDocumentReferences[1]["theDocName"], self.iDocumentReferences[1]["theContributor"], self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters( self.iPersonaCharacteristics[0]["thePersonaName"], self.iPersonaCharacteristics[0]["theModQual"], self.iPersonaCharacteristics[0]["theVariable"], self.iPersonaCharacteristics[0]["theCharacteristic"], [(self.iPersonaCharacteristics[0]["ground"], '', 'document')], [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [], []) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [ AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][0]["theName"], self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][0] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [0]["theCapabilities"]) ] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"], [], self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.ovtt = b.dbProxy.getValueTypes('threat_type') self.ovtv = b.dbProxy.getValueTypes('vulnerability_type') self.iassets = d['assets'] self.iaeps1 = [ AssetEnvironmentProperties( self.iassets[0]["theEnvironmentProperties"][0][0], self.iassets[0]["theEnvironmentProperties"][0][1], self.iassets[0]["theEnvironmentProperties"][0][2]) ] self.iaeps2 = [ AssetEnvironmentProperties( self.iassets[1]["theEnvironmentProperties"][0][0], self.iassets[1]["theEnvironmentProperties"][0][1], self.iassets[1]["theEnvironmentProperties"][0][2]) ] self.iaeps3 = [ AssetEnvironmentProperties( self.iassets[2]["theEnvironmentProperties"][0][0], self.iassets[2]["theEnvironmentProperties"][0][1], self.iassets[2]["theEnvironmentProperties"][0][2]) ] self.iap1 = AssetParameters(self.iassets[0]["theName"], self.iassets[0]["theShortCode"], self.iassets[0]["theDescription"], self.iassets[0]["theSignificance"], self.iassets[0]["theType"], "0", "N/A", [], [], self.iaeps1) self.iap2 = AssetParameters(self.iassets[1]["theName"], self.iassets[1]["theShortCode"], self.iassets[1]["theDescription"], self.iassets[1]["theSignificance"], self.iassets[1]["theType"], "0", "N/A", [], [], self.iaeps2) self.iap3 = AssetParameters(self.iassets[2]["theName"], self.iassets[2]["theShortCode"], self.iassets[2]["theDescription"], self.iassets[2]["theSignificance"], self.iassets[2]["theType"], "0", "N/A", [], [], self.iaeps3) b.dbProxy.addAsset(self.iap1) b.dbProxy.addAsset(self.iap2) b.dbProxy.addAsset(self.iap3) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] self.iteps = [ ThreatEnvironmentProperties( self.iThreats[0]["theEnvironmentProperties"][0]["theName"], self.iThreats[0]["theEnvironmentProperties"][0] ["theLikelihood"], self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"], self.iThreats[0]["theEnvironmentProperties"][0] ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"] [0]["theProperties"][0][1], self.iThreats[0] ["theEnvironmentProperties"][0]["theProperties"][0][1]) ] self.itps = ThreatParameters(self.iThreats[0]["theName"], self.iThreats[0]["theType"], self.iThreats[0]["theMethod"], [], self.iteps) b.dbProxy.addThreat(self.itps) self.otps = b.dbProxy.getThreats() self.iVuln = d['vulnerabilities'] self.iveps = [ VulnerabilityEnvironmentProperties( self.iVuln[0]["theEnvironmentProperties"][0]["theName"], self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"]) ] self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"], self.iVuln[0]["theDescription"], self.iVuln[0]["theType"], [], self.iveps) b.dbProxy.addVulnerability(self.ivp) self.ovp = b.dbProxy.getVulnerabilities() self.imc = d['misuseCase'] self.iRisks = d['risks'] imcep = [ MisuseCaseEnvironmentProperties( self.imc[0]["theEnvironmentProperties"][0]["theName"], self.imc[0]["theEnvironmentProperties"][0]["theDescription"]) ] imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep, self.imc[0]["theRisk"]) irp = RiskParameters(self.iRisks[0]["theName"], self.iRisks[0]["threatName"], self.iRisks[0]["vulName"], imcp, []) b.dbProxy.addRisk(irp) oRisks = b.dbProxy.getRisks() self.r = oRisks[self.iRisks[0]["theName"]] self.iResponses = d['responses'] def testResponse(self): iar1Name = self.iResponses[0]["theType"] + " " + self.iResponses[0][ "theRisk"] iaep1 = AcceptEnvironmentProperties( self.iResponses[0]["theEnvironmentProperties"][0], self.iResponses[0]["theEnvironmentProperties"][1], self.iResponses[0]["theEnvironmentProperties"][2]) iar1 = ResponseParameters(iar1Name, self.iResponses[0]["theRisk"], [], [iaep1], self.iResponses[0]["theType"]) iar2Name = self.iResponses[1]["theType"] + " " + self.iResponses[1][ "theRisk"] iaep2 = MitigateEnvironmentProperties( self.iResponses[1]["theEnvironmentProperties"], self.iResponses[1]["theType"]) iar2 = ResponseParameters(iar2Name, self.iResponses[1]["theRisk"], [], [iaep2], self.iResponses[1]["theType"]) b = Borg() b.dbProxy.addResponse(iar1) b.dbProxy.addResponse(iar2) self.ors = b.dbProxy.getResponses() self.oar1 = self.ors[iar1Name] self.oar2 = self.ors[iar2Name] self.assertEqual(iar1.name(), self.oar1.name()) self.assertEqual(iar1.risk(), self.oar1.risk()) self.assertEqual(iar1.responseType(), self.oar1.responseType()) self.assertEqual(iar1.environmentProperties()[0].cost(), self.oar1.environmentProperties()[0].cost()) self.assertEqual(iar1.environmentProperties()[0].description(), self.oar1.environmentProperties()[0].description()) self.assertEqual(iar2.name(), self.oar2.name()) self.assertEqual(iar2.risk(), self.oar2.risk()) self.assertEqual(iar2.responseType(), self.oar2.responseType()) rgp = cairis.core.GoalFactory.build(self.oar2) riskParameters = rgp[0] riskGoalId = b.dbProxy.addGoal(riskParameters) b.dbProxy.addTrace('response_goal', self.oar2.id(), riskGoalId) if (rgp > 1): threatParameters = rgp[1] vulnerabilityParameters = rgp[2] b.dbProxy.addGoal(vulnerabilityParameters) b.dbProxy.addGoal(threatParameters) b.dbProxy.relabelGoals(iaep2.name()) oGoals = b.dbProxy.getGoals() print oGoals rg = oGoals['Deter' + self.oar2.risk()] vg = oGoals[vulnerabilityParameters.name()] tg = oGoals[threatParameters.name()] ogops = b.dbProxy.getGoalAssociations() ogop1 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + threatParameters.name() + '/or'] ogop2 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + vulnerabilityParameters.name() + '/or'] b.dbProxy.deleteGoalAssociation(ogop1.id(), ogop1.goal(), ogop1.subGoal()) b.dbProxy.deleteGoalAssociation(ogop2.id(), ogop2.goal(), ogop2.subGoal()) b.dbProxy.deleteTrace('response', self.oar2.name(), 'goal', rg.name()) b.dbProxy.deleteGoal(tg.id()) b.dbProxy.deleteGoal(vg.id()) b.dbProxy.deleteGoal(rg.id()) b.dbProxy.deleteResponse(self.oar2.id()) b.dbProxy.deleteResponse(self.oar1.id()) def tearDown(self): b = Borg() b.dbProxy.deleteRisk(self.r.id()) b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id()) b.dbProxy.deleteThreat(self.otps[self.itps.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id()) b.dbProxy.deleteVulnerabilityType(0) b.dbProxy.deleteThreatType(0) b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id()) b.dbProxy.deletePersona(self.opp[self.ipp.name()].id()) b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id()) b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id()) b.dbProxy.close() call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
class RiskTest(unittest.TestCase): def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/risks.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"], self.ienvs[0]["theShortCode"], self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep1) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"], []) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters( self.iPersonas[0]["theName"], self.iPersonas[0]["theActivities"], self.iPersonas[0]["theAttitudes"], self.iPersonas[0]["theAptitudes"], self.iPersonas[0]["theMotivations"], self.iPersonas[0]["theSkills"], self.iPersonas[0]["theIntrinsic"], self.iPersonas[0]["theContextual"], "", "0", self.iPersonas[0]["thePersonaType"], [], [ PersonaEnvironmentProperties( self.iPersonas[0]["theEnvironmentProperties"][0] ["theName"], (self.iPersonas[0]["theEnvironmentProperties"] [0]["theDirectFlag"] == "True"), self.iPersonas[0]["theEnvironmentProperties"][0] ["theNarrative"], self.iPersonas[0] ["theEnvironmentProperties"][0]["theRole"]) ], []) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters( self.iExternalDocuments[0]["theName"], self.iExternalDocuments[0]["theVersion"], self.iExternalDocuments[0]["thePublicationDate"], self.iExternalDocuments[0]["theAuthors"], self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters( self.iExternalDocuments[1]["theName"], self.iExternalDocuments[1]["theVersion"], self.iExternalDocuments[1]["thePublicationDate"], self.iExternalDocuments[1]["theAuthors"], self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters( self.iDocumentReferences[0]["theName"], self.iDocumentReferences[0]["theDocName"], self.iDocumentReferences[0]["theContributor"], self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters( self.iDocumentReferences[1]["theName"], self.iDocumentReferences[1]["theDocName"], self.iDocumentReferences[1]["theContributor"], self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters( self.iPersonaCharacteristics[0]["thePersonaName"], self.iPersonaCharacteristics[0]["theModQual"], self.iPersonaCharacteristics[0]["theVariable"], self.iPersonaCharacteristics[0]["theCharacteristic"], [(self.iPersonaCharacteristics[0]["ground"], '', 'document')], [(self.iPersonaCharacteristics[0]["warrant"], '', 'document')], [], []) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [ AttackerEnvironmentProperties( self.iAttackers[0]["theEnvironmentProperties"][0]["theName"], self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"], self.iAttackers[0]["theEnvironmentProperties"][0] ["theMotives"], self.iAttackers[0]["theEnvironmentProperties"] [0]["theCapabilities"]) ] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"], [], self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.ovtt = b.dbProxy.getValueTypes('threat_type') self.ovtv = b.dbProxy.getValueTypes('vulnerability_type') self.iassets = d['assets'] self.iaeps1 = [ AssetEnvironmentProperties( self.iassets[0]["theEnvironmentProperties"][0][0], self.iassets[0]["theEnvironmentProperties"][0][1], self.iassets[0]["theEnvironmentProperties"][0][2]) ] self.iaeps2 = [ AssetEnvironmentProperties( self.iassets[1]["theEnvironmentProperties"][0][0], self.iassets[1]["theEnvironmentProperties"][0][1], self.iassets[1]["theEnvironmentProperties"][0][2]) ] self.iaeps3 = [ AssetEnvironmentProperties( self.iassets[2]["theEnvironmentProperties"][0][0], self.iassets[2]["theEnvironmentProperties"][0][1], self.iassets[2]["theEnvironmentProperties"][0][2]) ] self.iap1 = AssetParameters(self.iassets[0]["theName"], self.iassets[0]["theShortCode"], self.iassets[0]["theDescription"], self.iassets[0]["theSignificance"], self.iassets[0]["theType"], "0", "N/A", [], [], self.iaeps1) self.iap2 = AssetParameters(self.iassets[1]["theName"], self.iassets[1]["theShortCode"], self.iassets[1]["theDescription"], self.iassets[1]["theSignificance"], self.iassets[1]["theType"], "0", "N/A", [], [], self.iaeps2) self.iap3 = AssetParameters(self.iassets[2]["theName"], self.iassets[2]["theShortCode"], self.iassets[2]["theDescription"], self.iassets[2]["theSignificance"], self.iassets[2]["theType"], "0", "N/A", [], [], self.iaeps3) b.dbProxy.addAsset(self.iap1) b.dbProxy.addAsset(self.iap2) b.dbProxy.addAsset(self.iap3) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] self.iteps = [ ThreatEnvironmentProperties( self.iThreats[0]["theEnvironmentProperties"][0]["theName"], self.iThreats[0]["theEnvironmentProperties"][0] ["theLikelihood"], self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"], self.iThreats[0]["theEnvironmentProperties"][0] ["theAttackers"], self.iThreats[0]["theEnvironmentProperties"] [0]["theProperties"][0][1], self.iThreats[0] ["theEnvironmentProperties"][0]["theProperties"][0][1]) ] self.itps = ThreatParameters(self.iThreats[0]["theName"], self.iThreats[0]["theType"], self.iThreats[0]["theMethod"], [], self.iteps) b.dbProxy.addThreat(self.itps) self.otps = b.dbProxy.getThreats() self.iVuln = d['vulnerabilities'] self.iveps = [ VulnerabilityEnvironmentProperties( self.iVuln[0]["theEnvironmentProperties"][0]["theName"], self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"], self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"]) ] self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"], self.iVuln[0]["theDescription"], self.iVuln[0]["theType"], [], self.iveps) b.dbProxy.addVulnerability(self.ivp) self.ovp = b.dbProxy.getVulnerabilities() self.imc = d['misuseCase'] self.iRisks = d['risks'] def testRisk(self): imcep = [ MisuseCaseEnvironmentProperties( self.imc[0]["theEnvironmentProperties"][0]["theName"], self.imc[0]["theEnvironmentProperties"][0]["theDescription"]) ] imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep, self.imc[0]["theRisk"]) irp = RiskParameters(self.iRisks[0]["theName"], self.iRisks[0]["threatName"], self.iRisks[0]["vulName"], imcp, []) b = Borg() b.dbProxy.addRisk(irp) oRisks = b.dbProxy.getRisks() o = oRisks[self.iRisks[0]["theName"]] self.assertEqual(irp.name(), o.name()) self.assertEqual(irp.threat(), o.threat()) self.assertEqual(irp.vulnerability(), o.vulnerability()) b.dbProxy.deleteRisk(o.id()) def tearDown(self): b = Borg() b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id()) b.dbProxy.deleteThreat(self.otps[self.itps.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id()) b.dbProxy.deleteVulnerabilityType(0) b.dbProxy.deleteThreatType(0) b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id()) b.dbProxy.deletePersona(self.opp[self.ipp.name()].id()) b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id()) b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id()) b.dbProxy.close() call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
class ResponseTest(unittest.TestCase): def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/responses.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep1) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[]) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[]) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[]) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.ovtt = b.dbProxy.getValueTypes('threat_type') self.ovtv = b.dbProxy.getValueTypes('vulnerability_type') self.iassets = d['assets'] self.iaeps1 = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])] self.iaeps2 = [AssetEnvironmentProperties(self.iassets[1]["theEnvironmentProperties"][0][0],self.iassets[1]["theEnvironmentProperties"][0][1],self.iassets[1]["theEnvironmentProperties"][0][2])] self.iaeps3 = [AssetEnvironmentProperties(self.iassets[2]["theEnvironmentProperties"][0][0],self.iassets[2]["theEnvironmentProperties"][0][1],self.iassets[2]["theEnvironmentProperties"][0][2])] self.iap1 = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps1) self.iap2 = AssetParameters(self.iassets[1]["theName"],self.iassets[1]["theShortCode"],self.iassets[1]["theDescription"],self.iassets[1]["theSignificance"],self.iassets[1]["theType"],"0","N/A",[],[],self.iaeps2) self.iap3 = AssetParameters(self.iassets[2]["theName"],self.iassets[2]["theShortCode"],self.iassets[2]["theDescription"],self.iassets[2]["theSignificance"],self.iassets[2]["theType"],"0","N/A",[],[],self.iaeps3) b.dbProxy.addAsset(self.iap1) b.dbProxy.addAsset(self.iap2) b.dbProxy.addAsset(self.iap3) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] self.iteps = [ThreatEnvironmentProperties(self.iThreats[0]["theEnvironmentProperties"][0]["theName"],self.iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],self.iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])] self.itps = ThreatParameters(self.iThreats[0]["theName"],self.iThreats[0]["theType"],self.iThreats[0]["theMethod"],[],self.iteps) b.dbProxy.addThreat(self.itps) self.otps = b.dbProxy.getThreats() self.iVuln = d['vulnerabilities'] self.iveps = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])] self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], self.iveps) b.dbProxy.addVulnerability(self.ivp) self.ovp = b.dbProxy.getVulnerabilities() self.imc = d['misuseCase'] self.iRisks = d['risks'] imcep = [MisuseCaseEnvironmentProperties(self.imc[0]["theEnvironmentProperties"][0]["theName"],self.imc[0]["theEnvironmentProperties"][0]["theDescription"])] imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,self.imc[0]["theRisk"]) irp = RiskParameters(self.iRisks[0]["theName"],self.iRisks[0]["threatName"],self.iRisks[0]["vulName"], imcp,[]) b.dbProxy.addRisk(irp) oRisks = b.dbProxy.getRisks() self.r = oRisks[self.iRisks[0]["theName"]] self.iResponses = d['responses'] def testResponse(self): iar1Name = self.iResponses[0]["theType"] + " " + self.iResponses[0]["theRisk"] iaep1 = AcceptEnvironmentProperties(self.iResponses[0]["theEnvironmentProperties"][0],self.iResponses[0]["theEnvironmentProperties"][1],self.iResponses[0]["theEnvironmentProperties"][2]) iar1 = ResponseParameters(iar1Name,self.iResponses[0]["theRisk"],[],[iaep1], self.iResponses[0]["theType"]) iar2Name = self.iResponses[1]["theType"] + " " + self.iResponses[1]["theRisk"] iaep2 = MitigateEnvironmentProperties(self.iResponses[1]["theEnvironmentProperties"],self.iResponses[1]["theType"]) iar2 = ResponseParameters(iar2Name,self.iResponses[1]["theRisk"],[],[iaep2], self.iResponses[1]["theType"]) b = Borg() b.dbProxy.addResponse(iar1) b.dbProxy.addResponse(iar2) self.ors = b.dbProxy.getResponses() self.oar1 = self.ors[iar1Name] self.oar2 = self.ors[iar2Name] self.assertEqual(iar1.name(),self.oar1.name()) self.assertEqual(iar1.risk(),self.oar1.risk()) self.assertEqual(iar1.responseType(),self.oar1.responseType()) self.assertEqual(iar1.environmentProperties()[0].cost(),self.oar1.environmentProperties()[0].cost()) self.assertEqual(iar1.environmentProperties()[0].description(),self.oar1.environmentProperties()[0].description()) self.assertEqual(iar2.name(),self.oar2.name()) self.assertEqual(iar2.risk(),self.oar2.risk()) self.assertEqual(iar2.responseType(),self.oar2.responseType()) rgp = cairis.core.GoalFactory.build(self.oar2) riskParameters = rgp[0] riskGoalId = b.dbProxy.addGoal(riskParameters) b.dbProxy.addTrace('response_goal',self.oar2.id(),riskGoalId) if (rgp > 1): threatParameters = rgp[1] vulnerabilityParameters = rgp[2] b.dbProxy.addGoal(vulnerabilityParameters) b.dbProxy.addGoal(threatParameters) b.dbProxy.relabelGoals(iaep2.name()) oGoals = b.dbProxy.getGoals() print oGoals rg = oGoals['Deter' + self.oar2.risk()] vg = oGoals[vulnerabilityParameters.name()] tg = oGoals[threatParameters.name()] ogops = b.dbProxy.getGoalAssociations() ogop1 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + threatParameters.name() + '/or'] ogop2 = ogops[iaep2.name() + '/' + riskParameters.name() + '/' + vulnerabilityParameters.name() + '/or'] b.dbProxy.deleteGoalAssociation(ogop1.id(),ogop1.goal(),ogop1.subGoal()) b.dbProxy.deleteGoalAssociation(ogop2.id(),ogop2.goal(),ogop2.subGoal()) b.dbProxy.deleteTrace('response',self.oar2.name(),'goal',rg.name()) b.dbProxy.deleteGoal(tg.id()) b.dbProxy.deleteGoal(vg.id()) b.dbProxy.deleteGoal(rg.id()) b.dbProxy.deleteResponse(self.oar2.id()) b.dbProxy.deleteResponse(self.oar1.id()) def tearDown(self): b = Borg() b.dbProxy.deleteRisk(self.r.id()) b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id()) b.dbProxy.deleteThreat(self.otps[self.itps.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id()) b.dbProxy.deleteVulnerabilityType(0) b.dbProxy.deleteThreatType(0) b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id()) b.dbProxy.deletePersona(self.opp[self.ipp.name()].id()) b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id()) b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id()) b.dbProxy.close() call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
class RiskTest(unittest.TestCase): def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/risks.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep1 = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep1) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[]) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[]) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[]) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt1 = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) self.ivt2 = ValueTypeParameters(self.iVtypes[1]["theName"], self.iVtypes[1]["theDescription"], self.iVtypes[1]["theType"]) b.dbProxy.addValueType(self.ivt1) b.dbProxy.addValueType(self.ivt2) self.ovtt = b.dbProxy.getValueTypes('threat_type') self.ovtv = b.dbProxy.getValueTypes('vulnerability_type') self.iassets = d['assets'] self.iaeps1 = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])] self.iap1 = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps1) self.iap2 = AssetParameters(self.iassets[1]["theName"],self.iassets[1]["theShortCode"],self.iassets[1]["theDescription"],self.iassets[1]["theSignificance"],self.iassets[1]["theType"],"0","N/A",[],[],self.iaeps1) self.iap3 = AssetParameters(self.iassets[2]["theName"],self.iassets[2]["theShortCode"],self.iassets[2]["theDescription"],self.iassets[2]["theSignificance"],self.iassets[2]["theType"],"0","N/A",[],[],self.iaeps1) b.dbProxy.addAsset(self.iap1) b.dbProxy.addAsset(self.iap2) b.dbProxy.addAsset(self.iap3) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] self.iteps = [ThreatEnvironmentProperties(self.iThreats[0]["theEnvironmentProperties"][0]["theName"],self.iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],self.iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])] self.itps = ThreatParameters(self.iThreats[0]["theName"],self.iThreats[0]["theType"],self.iThreats[0]["theMethod"],[],self.iteps) b.dbProxy.addThreat(self.itps) self.otps = b.dbProxy.getThreats() self.iVuln = d['vulnerabilities'] self.iveps = [VulnerabilityEnvironmentProperties(self.iVuln[0]["theEnvironmentProperties"][0]["theName"],self.iVuln[0]["theEnvironmentProperties"][0]["theSeverity"],self.iVuln[0]["theEnvironmentProperties"][0]["theAssets"])] self.ivp = VulnerabilityParameters(self.iVuln[0]["theName"],self.iVuln[0]["theDescription"],self.iVuln[0]["theType"], [], self.iveps) b.dbProxy.addVulnerability(self.ivp) self.ovp = b.dbProxy.getVulnerabilities() self.imc = d['misuseCase'] self.iRisks = d['risks'] def testRisk(self): imcep = [MisuseCaseEnvironmentProperties(self.imc[0]["theEnvironmentProperties"][0]["theName"],self.imc[0]["theEnvironmentProperties"][0]["theDescription"])] imcp = MisuseCase(int(0), self.imc[0]["theName"], imcep,self.imc[0]["theRisk"]) irp = RiskParameters(self.iRisks[0]["theName"],self.iRisks[0]["threatName"],self.iRisks[0]["vulName"], imcp,[]) b = Borg() b.dbProxy.addRisk(irp) oRisks = b.dbProxy.getRisks() o = oRisks[self.iRisks[0]["theName"]] self.assertEqual(irp.name(), o.name()) self.assertEqual(irp.threat(),o.threat()) self.assertEqual(irp.vulnerability(),o.vulnerability()) # scoreDetails = b.dbProxy.riskScore(self.iRisks[0]["threatName"],self.iRisks[0]["vulName"],self.iaeps1[0].name()) # preScore = scoreDetails[0][1] # postScore = scoreDetails[0][2] # self.assertEqual(preScore,9) # self.assertEqual(postScore,9) imcp.theName = 'Updated risk' imcp.theId = o.misuseCase().id() irp.theRiskName = 'Updated risk' irp.theMisuseCase = imcp irp.setId(o.id()) b.dbProxy.updateRisk(irp) oRisks = b.dbProxy.getRisks() o = oRisks['Updated risk'] self.assertEqual(o.name(),'Updated risk') self.assertEqual(irp.threat(),o.threat()) self.assertEqual(irp.vulnerability(),o.vulnerability()) b.dbProxy.deleteRisk(o.id()) def tearDown(self): b = Borg() b.dbProxy.deleteVulnerability(self.ovp[self.ivp.name()].id()) b.dbProxy.deleteThreat(self.otps[self.itps.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap3.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap2.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap1.name()].id()) b.dbProxy.deleteVulnerabilityType(0) b.dbProxy.deleteThreatType(0) b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id()) b.dbProxy.deletePersona(self.opp[self.ipp.name()].id()) b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id()) b.dbProxy.deleteEnvironment(self.oenvs[self.iep1.name()].id()) b.dbProxy.close() call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])
class ThreatTest(unittest.TestCase): def setUp(self): call([os.environ['CAIRIS_SRC'] + "/test/initdb.sh"]) cairis.core.BorgFactory.initialise() f = open(os.environ['CAIRIS_SRC'] + '/test/threats.json') d = json.load(f) f.close() self.ienvs = d['environments'] self.iep = EnvironmentParameters(self.ienvs[0]["theName"],self.ienvs[0]["theShortCode"],self.ienvs[0]["theDescription"]) b = Borg() b.dbProxy.addEnvironment(self.iep) self.oenvs = b.dbProxy.getEnvironments() self.iRoles = d['roles'] self.irp = RoleParameters(self.iRoles[0]["theName"], self.iRoles[0]["theType"], self.iRoles[0]["theShortCode"], self.iRoles[0]["theDescription"],[]) b.dbProxy.addRole(self.irp) self.oRoles = b.dbProxy.getRoles() self.iPersonas = d['personas'] self.ipp = PersonaParameters(self.iPersonas[0]["theName"],self.iPersonas[0]["theActivities"],self.iPersonas[0]["theAttitudes"],self.iPersonas[0]["theAptitudes"],self.iPersonas[0]["theMotivations"],self.iPersonas[0]["theSkills"],self.iPersonas[0]["theIntrinsic"],self.iPersonas[0]["theContextual"],"","0",self.iPersonas[0]["thePersonaType"],[],[PersonaEnvironmentProperties(self.iPersonas[0]["theEnvironmentProperties"][0]["theName"],(self.iPersonas[0]["theEnvironmentProperties"][0]["theDirectFlag"] == "True"),self.iPersonas[0]["theEnvironmentProperties"][0]["theNarrative"],self.iPersonas[0]["theEnvironmentProperties"][0]["theRole"])],[]) b.dbProxy.addPersona(self.ipp) self.opp = b.dbProxy.getPersonas() self.iExternalDocuments = d['external_documents'] self.iec1 = ExternalDocumentParameters(self.iExternalDocuments[0]["theName"],self.iExternalDocuments[0]["theVersion"],self.iExternalDocuments[0]["thePublicationDate"],self.iExternalDocuments[0]["theAuthors"],self.iExternalDocuments[0]["theDescription"]) self.iec2 = ExternalDocumentParameters(self.iExternalDocuments[1]["theName"],self.iExternalDocuments[1]["theVersion"],self.iExternalDocuments[1]["thePublicationDate"],self.iExternalDocuments[1]["theAuthors"],self.iExternalDocuments[1]["theDescription"]) b.dbProxy.addExternalDocument(self.iec1) b.dbProxy.addExternalDocument(self.iec2) self.oecs = b.dbProxy.getExternalDocuments() self.iDocumentReferences = d['document_references'] self.idr1 = DocumentReferenceParameters(self.iDocumentReferences[0]["theName"],self.iDocumentReferences[0]["theDocName"],self.iDocumentReferences[0]["theContributor"],self.iDocumentReferences[0]["theExcerpt"]) self.idr2 = DocumentReferenceParameters(self.iDocumentReferences[1]["theName"],self.iDocumentReferences[1]["theDocName"],self.iDocumentReferences[1]["theContributor"],self.iDocumentReferences[1]["theExcerpt"]) b.dbProxy.addDocumentReference(self.idr1) b.dbProxy.addDocumentReference(self.idr2) self.odrs = b.dbProxy.getDocumentReferences() self.iPersonaCharacteristics = d['persona_characteristics'] self.ipc1 = PersonaCharacteristicParameters(self.iPersonaCharacteristics[0]["thePersonaName"],self.iPersonaCharacteristics[0]["theModQual"],self.iPersonaCharacteristics[0]["theVariable"],self.iPersonaCharacteristics[0]["theCharacteristic"],[(self.iPersonaCharacteristics[0]["ground"],'','document')],[(self.iPersonaCharacteristics[0]["warrant"],'','document')],[],[]) b.dbProxy.addPersonaCharacteristic(self.ipc1) self.opcs = b.dbProxy.getPersonaCharacteristics() self.iAttackers = d['attackers'] self.iatkeps = [AttackerEnvironmentProperties(self.iAttackers[0]["theEnvironmentProperties"][0]["theName"],self.iAttackers[0]["theEnvironmentProperties"][0]["theRoles"],self.iAttackers[0]["theEnvironmentProperties"][0]["theMotives"],self.iAttackers[0]["theEnvironmentProperties"][0]["theCapabilities"])] self.iatk = AttackerParameters(self.iAttackers[0]["theName"], self.iAttackers[0]["theDescription"], self.iAttackers[0]["theImage"],[],self.iatkeps) b.dbProxy.addAttacker(self.iatk) self.oAttackers = b.dbProxy.getAttackers() self.iVtypes = d['valuetypes'] self.ivt = ValueTypeParameters(self.iVtypes[0]["theName"], self.iVtypes[0]["theDescription"], self.iVtypes[0]["theType"]) b.dbProxy.addValueType(self.ivt) self.ovt = b.dbProxy.getValueTypes('threat_type') self.iassets = d['assets'] self.iaeps = [AssetEnvironmentProperties(self.iassets[0]["theEnvironmentProperties"][0][0],self.iassets[0]["theEnvironmentProperties"][0][1],self.iassets[0]["theEnvironmentProperties"][0][2])] self.iap = AssetParameters(self.iassets[0]["theName"],self.iassets[0]["theShortCode"],self.iassets[0]["theDescription"],self.iassets[0]["theSignificance"],self.iassets[0]["theType"],"0","N/A",[],[],self.iaeps) b.dbProxy.addAsset(self.iap) self.oap = b.dbProxy.getAssets() self.iThreats = d['threats'] def testThreat(self): iteps = [ThreatEnvironmentProperties(self.iThreats[0]["theEnvironmentProperties"][0]["theName"],self.iThreats[0]["theEnvironmentProperties"][0]["theLikelihood"],self.iThreats[0]["theEnvironmentProperties"][0]["theAssets"],self.iThreats[0]["theEnvironmentProperties"][0]["theAttackers"],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1],self.iThreats[0]["theEnvironmentProperties"][0]["theProperties"][0][1])] itps = ThreatParameters(self.iThreats[0]["theName"],self.iThreats[0]["theType"],self.iThreats[0]["theMethod"],[],iteps) b = Borg() b.dbProxy.addThreat(itps) oThreats = b.dbProxy.getThreats() o = oThreats[self.iThreats[0]["theName"]] self.assertEqual(itps.name(), o.name()) self.assertEqual(itps.type(),o.type()) self.assertEqual(itps.method(),o.method()) oteps = o.environmentProperties() self.assertEqual(iteps[0].name(), oteps[0].name()) self.assertEqual(iteps[0].likelihood()[0], oteps[0].likelihood()[0]) self.assertEqual(str(iteps[0].assets()[0]), str(oteps[0].assets()[0])) self.assertEqual(str(iteps[0].attackers()[0]), str(oteps[0].attackers()[0])) self.assertEqual(str(iteps[0].rationale()[0]), str(oteps[0].rationale()[0])) b.dbProxy.deleteThreat(o.id()) def tearDown(self): b = Borg() # b.dbProxy.deletePersonaCharacteristic(self.opcs[self.ipc1.name()].id()) b.dbProxy.deleteAsset(self.oap[self.iap.name()].id()) b.dbProxy.deleteThreatType(0) b.dbProxy.deleteAttacker(self.oAttackers[self.iatk.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr1.name()].id()) b.dbProxy.deleteDocumentReference(self.odrs[self.idr2.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec1.name()].id()) b.dbProxy.deleteExternalDocument(self.oecs[self.iec2.name()].id()) b.dbProxy.deletePersona(self.opp[self.ipp.name()].id()) b.dbProxy.deleteRole(self.oRoles[self.irp.name()].id()) b.dbProxy.deleteEnvironment(self.oenvs[self.iep.name()].id()) b.dbProxy.close() call([os.environ['CAIRIS_SRC'] + "/test/dropdb.sh"])