def test_INP23(self): process1 = Process("Process") process1.hasAccessControl = False process1.sanitizesInput = False process1.validatesInput = False threat = threats["INP23"] self.assertTrue(threat.apply(process1))
def test_AC13(self): process1 = Process("Process") process1.hasAccessControl = False process1.implementsPOLP = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC13")) self.assertTrue(ThreatObj.apply(process1))
def test_INP23(self): process1 = Process("Process") process1.hasAccessControl = False process1.sanitizesInput = False process1.validatesInput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP23")) self.assertTrue(ThreatObj.apply(process1))
def test_AC01(self): web = Server("Web Server") process1 = Process("Process1") db = Datastore("DB") web.hasAccessControl = False web.authorizesSource = True process1.hasAccessControl = False process1.authorizesSource = False db.hasAccessControl = False db.authorizesSource = False threat = threats["AC01"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web)) self.assertTrue(threat.apply(db))
def test_AC01(self): web = Server("Web Server") process1 = Process("Process1") db = Datastore("DB") web.hasAccessControl = False web.authorizesSource = True process1.hasAccessControl = False process1.authorizesSource = False db.hasAccessControl = False db.authorizesSource = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC01")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web)) self.assertTrue(ThreatObj.apply(db))
def test_AC13(self): process1 = Process("Process") process1.hasAccessControl = False process1.implementsPOLP = False threat = threats["AC13"] self.assertTrue(threat.apply(process1))