def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a MUOContainer object, but can be used to do any default settings """ muo_container_type = ContentType.objects.get(app_label='muo', model='muocontainer') perm = Permission.objects.get(codename='can_approve', content_type=muo_container_type) self.reject_msg = "This MUO is rejected!" self.reviewer = User(username='******') self.reviewer.save() self.reviewer.user_permissions.add(perm) self.user = User(username='******') self.user.save() misuse_case = MisuseCase() misuse_case.save() muo_container = MUOContainer.objects.create( misuse_case=misuse_case ) # MUOContainer cannot be created without misuse case muo_container.save() # The id field is auto incremental and we need to know the id of the currently created object self.current_id = muo_container.id use_case = UseCase(muo_container=muo_container ) # Usecase cannot be created without MUOContainer use_case.save() # save in the database
def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a custom MUOContainer object """ test_user = User(username='******', is_active=True) test_user.save() self.user = test_user cwe1 = CWE(code=1, name='CWE-1') cwe1.save() cwe2 = CWE(code=2, name='CWE-2') cwe2.save() misuse_case = MisuseCase() misuse_case.save() misuse_case.cwes.add(*[cwe1, cwe2]) muo_container = MUOContainer.objects.create(misuse_case=misuse_case, is_custom=True, status='draft') muo_container.save() muo_container.cwes.add(*[cwe1, cwe2]) # The id field is auto incremental and we need to know the id of the currently created object self.current_id = muo_container.id use_case = UseCase(muo_container=muo_container, misuse_case=misuse_case) use_case.save()
def _create_issue_report(self, issue_report_status='open'): cwe101 = CWE.objects.get(code=101) # Create the misuse case and establish the relationship with the CWEs misuse_case = MisuseCase( misuse_case_description="Misuse case #1", misuse_case_primary_actor="Primary actor #1", misuse_case_secondary_actor="Secondary actor #1", misuse_case_precondition="Pre-condition #1", misuse_case_flow_of_events="Event flow #1", misuse_case_postcondition="Post-condition #1", misuse_case_assumption="Assumption #1", misuse_case_source="Source #1") misuse_case.save() misuse_case.cwes.add( cwe101 ) # Establish the relationship between the misuse case and CWEs # Create the MUO container for the misuse case and establish the relationship between the # MUO Container and CWEs. muo_container = MUOContainer(is_custom=False, status='draft', misuse_case=misuse_case, misuse_case_type="new") muo_container.save() muo_container.cwes.add( cwe101 ) # Establish the relationship between the muo container and cwes # Create some use cases(with OSRs) uc = UseCase( use_case_description="Use Case #1", use_case_primary_actor="Primary actor #1", use_case_secondary_actor="Secondary actor #1", use_case_precondition="Pre-condition #1", use_case_flow_of_events="Event flow #1", use_case_postcondition="Post-condition #1", use_case_assumption="Assumption #1", use_case_source="Source #1", osr_pattern_type="ubiquitous", osr="Overlooked Security Requirement #1", muo_container=muo_container, ) uc.muo_container = muo_container uc.misuse_case = misuse_case uc.save() # START issue_report_01 = IssueReport(name="Issue/00001", active=1, description="sample description", resolve_reason="/", usecase=uc, status=issue_report_status) issue_report_01.save() # END return issue_report_01
def setUp(self): self.user = User(username='******') self.user.save() misuse_case = MisuseCase() misuse_case.save() muo_container = MUOContainer.objects.create(misuse_case = misuse_case) # MUOContainer cannot be created without misuse case muo_container.save() # The id field is auto incremental and we need to know the id of the currently created object self.current_id = muo_container.id use_case = UseCase(muo_container=muo_container) # Usecase cannot be created without MUOContainer use_case.save() # save in the database
def test_action_submit_with_status_draft_and_without_usecase_in_muocontainer( self): """ 'action_aubmit' should raise the Validation Error when an attempt is made to submit the muo container without the use case i.e. when container is not complete """ misuse_case = MisuseCase() misuse_case.save() muo_container = MUOContainer.objects.create( misuse_case=misuse_case ) # MUOContainer cannot be created without misuse case muo_container.status = 'draft' muo_container.save() self.assertRaises(ValidationError, muo_container.action_submit)
def _create_draft_muo(self, muc_type): cwe101 = CWE.objects.get(code=101) # Create the misuse case and establish the relationship with the CWEs misuse_case = MisuseCase( misuse_case_description="Misuse case #1", misuse_case_primary_actor="Primary actor #1", misuse_case_secondary_actor="Secondary actor #1", misuse_case_precondition="Pre-condition #1", misuse_case_flow_of_events="Event flow #1", misuse_case_postcondition="Post-condition #1", misuse_case_assumption="Assumption #1", misuse_case_source="Source #1") misuse_case.save() misuse_case.cwes.add( cwe101 ) # Establish the relationship between the misuse case and CWEs # Create the MUO container for the misuse case and establish the relationship between the # MUO Container and CWEs. muo_container = MUOContainer(is_custom=False, status='draft', misuse_case=misuse_case, misuse_case_type=muc_type) muo_container.save() muo_container.cwes.add( cwe101 ) # Establish the relationship between the muo container and cwes # Create some use cases(with OSRs) uc = UseCase(use_case_description="Use Case #1", use_case_primary_actor="Primary actor #1", use_case_secondary_actor="Secondary actor #1", use_case_precondition="Pre-condition #1", use_case_flow_of_events="Event flow #1", use_case_postcondition="Post-condition #1", use_case_assumption="Assumption #1", use_case_source="Source #1", osr_pattern_type="ubiquitous", osr="Overlooked Security Requirement #1") uc.muo_container = muo_container uc.misuse_case = misuse_case uc.save() return muo_container
def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a MUOContainer object and an issue report on that MUO Container """ self.reviewer = User(username='******') self.reviewer.save() misuse_case = MisuseCase() misuse_case.save() muo_container = MUOContainer.objects.create(misuse_case=misuse_case, status='approved') muo_container.save() use_case = UseCase(muo_container=muo_container) use_case.save() # save in the database issue_report = IssueReport.objects.create( description="this is the issue", type="spam", usecase=use_case) issue_report.save() self.issue_report = issue_report
def setUp(self): test_user = User(username='******') test_user.save() self.user = test_user cwe1 = CWE(code=1, name='CWE-1') cwe1.save() misuse_case = MisuseCase() misuse_case.save() misuse_case.cwes.add(*[cwe1]) muo_container = MUOContainer.objects.create(misuse_case=misuse_case, created_by=self.user) muo_container.save() muo_container.cwes.add(*[cwe1]) use_case = UseCase(muo_container=muo_container) # Usecase cannot be created without MUOContainer use_case.save() # save in the database self.muo_container = muo_container
def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a MUOContainer object, but can be used to do any default settings """ self.author = User(username='******') self.author.save() # Set 1 self.misuse_case_1 = MisuseCase() self.misuse_case_1.save() self.misuse_case_1_id = self.misuse_case_1.id self.muo_container_1 = MUOContainer.objects.create( misuse_case=self.misuse_case_1, status='draft') self.muo_container_1.save() self.muo_container_1_id = self.muo_container_1.id self.use_case_1 = UseCase(muo_container=self.muo_container_1) self.use_case_1.save() # Set 2 self.misuse_case_2 = MisuseCase() self.misuse_case_2.save() self.misuse_case_2_id = self.misuse_case_2.id self.muo_container_2 = MUOContainer.objects.create( misuse_case=self.misuse_case_2, status='rejected') self.muo_container_2.save() self.muo_container_2_id = self.muo_container_2.id self.muo_container_3 = MUOContainer.objects.create( misuse_case=self.misuse_case_2, status='approved') self.muo_container_3.save() self.muo_container_3_id = self.muo_container_3.id self.use_case_2 = UseCase(muo_container=self.muo_container_2) self.use_case_2.save()
def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a MUOContainer object, but can be used to do any default settings """ self.reject_msg = "This MUO is rejected!" self.reviewer = User(username='******') self.reviewer.save() misuse_case = MisuseCase() misuse_case.save() muo_container = MUOContainer.objects.create( misuse_case=misuse_case ) # MUOContainer cannot be created without misuse case muo_container.save() # The id field is auto incremental and we need to know the id of the currently created object self.current_id = muo_container.id use_case = UseCase(muo_container=muo_container ) # Usecase cannot be created without MUOContainer use_case.save() # save in the database
class TestMUODeletion(TestCase): """ This class is the test suite to test the deletion behavior of MisuseCase, UseCase and OSR """ def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a MUOContainer object, but can be used to do any default settings """ self.author = User(username='******') self.author.save() # Set 1 self.misuse_case_1 = MisuseCase() self.misuse_case_1.save() self.misuse_case_1_id = self.misuse_case_1.id self.muo_container_1 = MUOContainer.objects.create( misuse_case=self.misuse_case_1, status='draft') self.muo_container_1.save() self.muo_container_1_id = self.muo_container_1.id self.use_case_1 = UseCase(muo_container=self.muo_container_1) self.use_case_1.save() # Set 2 self.misuse_case_2 = MisuseCase() self.misuse_case_2.save() self.misuse_case_2_id = self.misuse_case_2.id self.muo_container_2 = MUOContainer.objects.create( misuse_case=self.misuse_case_2, status='rejected') self.muo_container_2.save() self.muo_container_2_id = self.muo_container_2.id self.muo_container_3 = MUOContainer.objects.create( misuse_case=self.misuse_case_2, status='approved') self.muo_container_3.save() self.muo_container_3_id = self.muo_container_3.id self.use_case_2 = UseCase(muo_container=self.muo_container_2) self.use_case_2.save() def test_muo_deletion_with_draft_status_and_not_sharing_misusecase_with_other_muo_containers( self): """ This method test the deletion of a muo container that is in draft state and not sharing the misuse case with any other container. After delete, the muo container should get deleted and also the corresponding misuse case should get deleted """ self.muo_container_1.delete() self.assertRaises(MUOContainer.DoesNotExist, MUOContainer.objects.get, pk=self.muo_container_1_id) self.assertRaises(MisuseCase.DoesNotExist, MisuseCase.objects.get, pk=self.misuse_case_1_id) def test_muo_deletion_with_rejected_status_and_sharing_misusecase_with_other_muo_containers( self): """ This method tests the deletion of a muo container that is in rejected state and has the associated misuse case which is also associated with some other misuse case. In this case, the muo container should get deleted but the associated misuse case should not be deleted """ self.muo_container_2.delete() self.assertRaises(MUOContainer.DoesNotExist, MUOContainer.objects.get, pk=self.muo_container_2_id) self.assertIsNotNone(MisuseCase.objects.get(pk=self.misuse_case_2_id)) def test_muo_deletion_with_approved_status(self): """ This method tests the deletion of the muo container that is in approved state. On deleting the muo container in approved state, validation error is raised. """ self.assertRaises(ValidationError, self.muo_container_3.delete) def test_muo_deletion_with_in_review_status(self): """ This method test the deletion of a muo container that is in in_review state and not sharing the misuse case with any other container. After delete, the muo container should get deleted and also the corresponding misuse case should get deleted """ self.muo_container_3.status = 'in_review' self.muo_container_3.delete() self.assertRaises(MUOContainer.DoesNotExist, MUOContainer.objects.get, pk=self.muo_container_3_id)