def test_DS02(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.environment = 'Production' lambda1.environment = 'Production' ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DS02")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(lambda1))
def test_INP31(self): process1 = Process("Process") process1.validatesInput = False process1.sanitizesInput = False process1.usesParameterizedInput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP31")) self.assertTrue(ThreatObj.apply(process1))
def test_AC18(self): process1 = Process("Process") process1.usesStrongSessionIdentifiers = False process1.encryptsCookies = False process1.definesConnectionTimeout = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC18")) self.assertTrue(ThreatObj.apply(process1))
def test_AC20(self): process1 = Process("Process") process1.definesConnectionTimeout = False process1.usesMFA = False process1.encryptsSessionData = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC20")) self.assertTrue(ThreatObj.apply(process1))
def test_INP13(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.validatesInput = False lambda1.validatesInput = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "INP13")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(lambda1))
def test_API01(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.implementsAPI = True lambda1.implementsAPI = True ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "API01")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(lambda1))
def test_AC14(self): process1 = Process("Process") process1.implementsPOLP = False process1.usesEnvironmentVariables = False process1.validatesInput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "AC14")) self.assertTrue(ThreatObj.apply(process1))
def test_INP32(self): process1 = Process("Process") process1.validatesInput = False process1.sanitizesInput = False process1.encodesOutput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP32")) self.assertTrue(ThreatObj.apply(process1))
def test_CR03(self): process1 = Process("Process1") web = Server("Web Server") process1.implementsAuthenticationScheme = False web.implementsAuthenticationScheme = False threat = threats["CR03"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web))
def test_AA02(self): web = Server("Web Server") process1 = Process("process") web.authenticatesSource = False process1.authenticatesSource = False threat = threats["AA02"] self.assertTrue(threat.apply(web)) self.assertTrue(threat.apply(process1))
def test_DS02(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.environment = "Production" lambda1.environment = "Production" threat = threats["DS02"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1))
def test_INP13(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.validatesInput = False lambda1.validatesInput = False threat = threats["INP13"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1))
def test_API01(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.implementsAPI = True lambda1.implementsAPI = True threat = threats["API01"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1))
def test_AA02(self): web = Server("Web Server") process1 = Process("process") web.authenticatesSource = False process1.authenticatesSource = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AA02")) self.assertTrue(ThreatObj.apply(web)) self.assertTrue(ThreatObj.apply(process1))
def test_CR03(self): process1 = Process("Process1") web = Server("Web Server") process1.implementsAuthenticationScheme = False web.implementsAuthenticationScheme = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "CR03")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web))
def test_INP23(self): process1 = Process("Process") process1.hasAccessControl = False process1.sanitizesInput = False process1.validatesInput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP23")) self.assertTrue(ThreatObj.apply(process1))
def test_INP40(self): process1 = Process("Process") process1.allowsClientSideScripting = True process1.sanitizesInput = False process1.validatesInput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP40")) self.assertTrue(ThreatObj.apply(process1))
def test_DO01(self): process1 = Process("Process1") web = Server("Web Server") process1.handlesResourceConsumption = False process1.isResilient = False web.handlesResourceConsumption = True threat = threats["DO01"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web))
def test_AC05(self): process1 = Process("Process1") web = Server("Web Server") process1.authenticatesDestination = False proc_to_web = Dataflow(process1, web, "Process calls a web API") proc_to_web.protocol = "HTTPS" proc_to_web.isEncrypted = True threat = threats["AC05"] self.assertTrue(threat.apply(proc_to_web))
def test_AC05(self): process1 = Process("Process1") web = Server("Web Server") process1.providesIntegrity = False process1.authorizesSource = False web.providesIntegrity = False web.authorizesSource = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "AC05")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web))
def test_INP26(self): process1 = Process("Process") lambda1 = Lambda("lambda") process1.validatesInput = False process1.sanitizesInput = False lambda1.validatesInput = False lambda1.sanitizesInput = False threat = threats["INP26"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1))
def test_INP24(self): process1 = Process("Process") lambda1 = Lambda("lambda") process1.checksInputBounds = False process1.validatesInput = False lambda1.checksInputBounds = False lambda1.validatesInput = False threat = threats["INP24"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1))
def test_AC05(self): process1 = Process("Process1") web = Server("Web Server") process1.providesIntegrity = False process1.authorizesSource = False web.providesIntegrity = False web.authorizesSource = False threat = threats["AC05"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(web))
def test_DO01(self): process1 = Process("Process1") web = Server("Web Server") process1.handlesResourceConsumption = False process1.isResilient = False web.handlesResourceConsumption = True ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "DO01")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(web))
def test_DE02(self): web = Server("Web Server") process1 = Process("Process1") web.validatesInput = False web.sanitizesInput = False process1.validatesInput = False process1.sanitizesInput = False threat = threats["DE02"] self.assertTrue(threat.apply(web)) self.assertTrue(threat.apply(process1))
def test_API02(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") process1.implementsAPI = True process1.validatesInput = False lambda1.implementsAPI = True lambda1.validatesInput = False threat = threats["API02"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1))
def test_DE02(self): web = Server("Web Server") process1 = Process("Process1") web.validatesInput = False web.sanitizesInput = False process1.validatesInput = False process1.sanitizesInput = False ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "DE02")) self.assertTrue(ThreatObj.apply(web)) self.assertTrue(ThreatObj.apply(process1))
def test_INP24(self): process1 = Process("Process") lambda1 = Lambda("lambda") process1.checksInputBounds = False process1.validatesInput = False lambda1.checksInputBounds = False lambda1.validatesInput = False ThreatObj = Threat( next(item for item in threats_json if item["SID"] == "INP24")) self.assertTrue(ThreatObj.apply(process1)) self.assertTrue(ThreatObj.apply(lambda1))
def test_INP14(self): process1 = Process("Process1") lambda1 = Lambda("Lambda1") web = Server("Web Server") process1.validatesInput = False lambda1.validatesInput = False web.validatesInput = False threat = threats["INP14"] self.assertTrue(threat.apply(process1)) self.assertTrue(threat.apply(lambda1)) self.assertTrue(threat.apply(web))
def test_INP01(self): lambda1 = Lambda("mylambda") process1 = Process("myprocess") lambda1.usesEnvironmentVariables = True lambda1.sanitizesInput = False lambda1.checksInputBounds = False process1.usesEnvironmentVariables = True process1.sanitizesInput = False process1.checksInputBounds = False threat = threats["INP01"] self.assertTrue(threat.apply(lambda1)) self.assertTrue(threat.apply(process1))