def test_DS02(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.environment = 'Production'
lambda1.environment = 'Production'
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DS02"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(lambda1))
def test_INP31(self):
process1 = Process("Process")
process1.validatesInput = False
process1.sanitizesInput = False
process1.usesParameterizedInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP31"))
self.assertTrue(ThreatObj.apply(process1))
def test_AC18(self):
process1 = Process("Process")
process1.usesStrongSessionIdentifiers = False
process1.encryptsCookies = False
process1.definesConnectionTimeout = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC18"))
self.assertTrue(ThreatObj.apply(process1))
def test_AC20(self):
process1 = Process("Process")
process1.definesConnectionTimeout = False
process1.usesMFA = False
process1.encryptsSessionData = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC20"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP13(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.validatesInput = False
lambda1.validatesInput = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP13"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(lambda1))
def test_API01(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.implementsAPI = True
lambda1.implementsAPI = True
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "API01"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(lambda1))
def test_AC14(self):
process1 = Process("Process")
process1.implementsPOLP = False
process1.usesEnvironmentVariables = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "AC14"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP32(self):
process1 = Process("Process")
process1.validatesInput = False
process1.sanitizesInput = False
process1.encodesOutput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP32"))
self.assertTrue(ThreatObj.apply(process1))
def test_CR03(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.implementsAuthenticationScheme = False
web.implementsAuthenticationScheme = False
threat = threats["CR03"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
def test_AA02(self):
web = Server("Web Server")
process1 = Process("process")
web.authenticatesSource = False
process1.authenticatesSource = False
threat = threats["AA02"]
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(process1))
def test_DS02(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.environment = "Production"
lambda1.environment = "Production"
threat = threats["DS02"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_INP13(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.validatesInput = False
lambda1.validatesInput = False
threat = threats["INP13"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_API01(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.implementsAPI = True
lambda1.implementsAPI = True
threat = threats["API01"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_AA02(self):
web = Server("Web Server")
process1 = Process("process")
web.authenticatesSource = False
process1.authenticatesSource = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AA02"))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(process1))
def test_CR03(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.implementsAuthenticationScheme = False
web.implementsAuthenticationScheme = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "CR03"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
def test_INP23(self):
process1 = Process("Process")
process1.hasAccessControl = False
process1.sanitizesInput = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP23"))
self.assertTrue(ThreatObj.apply(process1))
def test_INP40(self):
process1 = Process("Process")
process1.allowsClientSideScripting = True
process1.sanitizesInput = False
process1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP40"))
self.assertTrue(ThreatObj.apply(process1))
def test_DO01(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.handlesResourceConsumption = False
process1.isResilient = False
web.handlesResourceConsumption = True
threat = threats["DO01"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
def test_AC05(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.authenticatesDestination = False
proc_to_web = Dataflow(process1, web, "Process calls a web API")
proc_to_web.protocol = "HTTPS"
proc_to_web.isEncrypted = True
threat = threats["AC05"]
self.assertTrue(threat.apply(proc_to_web))
def test_AC05(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.providesIntegrity = False
process1.authorizesSource = False
web.providesIntegrity = False
web.authorizesSource = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC05"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
def test_INP26(self):
process1 = Process("Process")
lambda1 = Lambda("lambda")
process1.validatesInput = False
process1.sanitizesInput = False
lambda1.validatesInput = False
lambda1.sanitizesInput = False
threat = threats["INP26"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_INP24(self):
process1 = Process("Process")
lambda1 = Lambda("lambda")
process1.checksInputBounds = False
process1.validatesInput = False
lambda1.checksInputBounds = False
lambda1.validatesInput = False
threat = threats["INP24"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_AC05(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.providesIntegrity = False
process1.authorizesSource = False
web.providesIntegrity = False
web.authorizesSource = False
threat = threats["AC05"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(web))
def test_DO01(self):
process1 = Process("Process1")
web = Server("Web Server")
process1.handlesResourceConsumption = False
process1.isResilient = False
web.handlesResourceConsumption = True
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "DO01"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(web))
def test_DE02(self):
web = Server("Web Server")
process1 = Process("Process1")
web.validatesInput = False
web.sanitizesInput = False
process1.validatesInput = False
process1.sanitizesInput = False
threat = threats["DE02"]
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(process1))
def test_API02(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
process1.implementsAPI = True
process1.validatesInput = False
lambda1.implementsAPI = True
lambda1.validatesInput = False
threat = threats["API02"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
def test_DE02(self):
web = Server("Web Server")
process1 = Process("Process1")
web.validatesInput = False
web.sanitizesInput = False
process1.validatesInput = False
process1.sanitizesInput = False
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DE02"))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(process1))
def test_INP24(self):
process1 = Process("Process")
lambda1 = Lambda("lambda")
process1.checksInputBounds = False
process1.validatesInput = False
lambda1.checksInputBounds = False
lambda1.validatesInput = False
ThreatObj = Threat(
next(item for item in threats_json if item["SID"] == "INP24"))
self.assertTrue(ThreatObj.apply(process1))
self.assertTrue(ThreatObj.apply(lambda1))
def test_INP14(self):
process1 = Process("Process1")
lambda1 = Lambda("Lambda1")
web = Server("Web Server")
process1.validatesInput = False
lambda1.validatesInput = False
web.validatesInput = False
threat = threats["INP14"]
self.assertTrue(threat.apply(process1))
self.assertTrue(threat.apply(lambda1))
self.assertTrue(threat.apply(web))
def test_INP01(self):
lambda1 = Lambda("mylambda")
process1 = Process("myprocess")
lambda1.usesEnvironmentVariables = True
lambda1.sanitizesInput = False
lambda1.checksInputBounds = False
process1.usesEnvironmentVariables = True
process1.sanitizesInput = False
process1.checksInputBounds = False
threat = threats["INP01"]
self.assertTrue(threat.apply(lambda1))
self.assertTrue(threat.apply(process1))
