Exemplo n.º 1
0
 def test_DE04(self):
     data = Datastore("DB")
     data.validatesInput = False
     data.implementsPOLP = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "DE04"))
     self.assertTrue(ThreatObj.apply(data))
Exemplo n.º 2
0
 def test_INP37(self):
     web = Server("web")
     web.implementsStrictHTTPValidation = False
     web.encodesHeaders = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP37"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 3
0
 def test_INP22(self):
     web = Server("Web Server")
     web.usesXMLParser = False
     web.disablesDTD = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP22"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 4
0
 def test_AC13(self):
     process1 = Process("Process")
     process1.hasAccessControl = False
     process1.implementsPOLP = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC13"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 5
0
 def test_INP03(self):
     web = Server('Web')
     web.sanitizesInput = False
     web.encodesOutput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP03"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 6
0
 def test_SC01(self):
     process1 = Process("Process1")
     process1.implementsNonce = False
     process1.data = 'JSON'
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC01"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 7
0
 def test_SC02(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.encodesOutput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC02"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 8
0
 def test_AC19(self):
     web = Server("web")
     web.usesSessionTokens = True
     web.implementsNonce = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC19"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 9
0
 def test_INP11(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP11"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 10
0
 def test_AC06(self):
     web = Server("Web Server")
     web.isHardened = False
     web.hasAccessControl = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC06"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 11
0
 def test_INP15(self):
     web = Server("Web Server")
     web.protocol = 'IMAP'
     web.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP15"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 12
0
 def test_INP04(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.validatesHeaders = False
     web.protocol = 'HTTP'
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP04"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 13
0
 def test_SC03(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     web.hasAccessControl = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "SC03"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 14
0
 def test_HA03(self):
     web = Server("Web Server")
     web.validatesHeaders = False
     web.encodesOutput = False
     web.isHardened = False
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "HA03"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 15
0
 def test_SC05(self):
     web = Server("Web Server")
     web.providesIntegrity = False
     web.usesCodeSigning = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "SC05"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 16
0
 def test_INP41(self):
     process1 = Process("Process")
     process1.validatesInput = False
     process1.sanitizesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP41"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 17
0
 def test_INP17(self):
     web = Server("Web Server")
     web.validatesContentType = False
     web.invokesScriptFilters = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP17"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 18
0
 def test_AC21(self):
     process1 = Process("Process")
     process1.implementsCSRFToken = False
     process1.verifySessionIdentifiers = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC21"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 19
0
 def test_AC09(self):
     web = Server("Web Server")
     web.hasAccessControl = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC09"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 20
0
 def test_CR02(self):
     user = Actor("User")
     web = Server("Web Server")
     web.protocol = 'HTTP'
     web.sanitizesInput = False
     web.validatesInput = False
     web.usesSessionTokens = True
     user_to_web = Dataflow(user, web, "User enters comments (*)")
     user_to_web.protocol = 'HTTP'
     user_to_web.sanitizesInput = False
     user_to_web.validatesInput = False
     user_to_web.usesSessionTokens = True
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "CR02"))
     self.assertTrue(ThreatObj.apply(web))
     self.assertTrue(ThreatObj.apply(user_to_web))
Exemplo n.º 21
0
 def test_AC16(self):
     web = Server("web")
     web.usesStrongSessionIdentifiers = False
     web.encryptsCookies = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC16"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 22
0
 def test_DO03(self):
     user = Actor("User")
     web = Server("Web Server")  
     user_to_web = Dataflow(user, web, "User enters comments (*)")
     user_to_web.data = 'XML' 
     ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DO03"))
     self.assertTrue(ThreatObj.apply(user_to_web))
Exemplo n.º 23
0
 def test_AC18(self):
     process1 = Process("Process")
     process1.usesStrongSessionIdentifiers = False
     process1.encryptsCookies = False
     process1.definesConnectionTimeout = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC18"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 24
0
 def test_AC14(self):
     process1 = Process("Process")
     process1.implementsPOLP = False
     process1.usesEnvironmentVariables = False
     process1.validatesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC14"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 25
0
 def test_INP40(self):
     process1 = Process("Process")
     process1.allowsClientSideScripting = True
     process1.sanitizesInput = False
     process1.validatesInput = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "INP40"))
     self.assertTrue(ThreatObj.apply(process1))
Exemplo n.º 26
0
 def test_DO05(self):
     web = Server("Web Server")
     web.validatesInput = False
     web.sanitizesInput = False
     web.usesXMLParser = True
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "DO05"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 27
0
 def test_AA04(self):
     web = Server("Web Server")
     web.implementsServerSideValidation = False
     web.providesIntegrity = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AA04"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 28
0
 def test_AC10(self):
     web = Server("Web Server")
     web.usesLatestTLSversion = False
     web.implementsAuthenticationScheme = False
     web.authorizesSource = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC10"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 29
0
 def test_AA03(self):
     web = Server("Web Server")
     web.providesIntegrity = False
     web.authenticatesSource = False
     web.usesStrongSessionIdentifiers = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AA03"))
     self.assertTrue(ThreatObj.apply(web))
Exemplo n.º 30
0
 def test_AC20(self):
     process1 = Process("Process")
     process1.definesConnectionTimeout = False
     process1.usesMFA = False
     process1.encryptsSessionData = False
     ThreatObj = Threat(
         next(item for item in threats_json if item["SID"] == "AC20"))
     self.assertTrue(ThreatObj.apply(process1))