diff --git a/README.md b/README.md
index 99dd458..88d8d29 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,6 @@ The available properties of an element can be listed by using `--describe` follo
(pytm) ➜ pytm git:(master) ✗ ./tm.py --describe Element
Element class attributes:
- OS
definesConnectionTimeout default: False
description
handlesResources default: False
@@ -53,10 +52,8 @@ Element class attributes:
implementsNonce default: False
inBoundary
inScope Is the element in scope of the threat model, default: True
- isAdmin default: False
isHardened default: False
name required
- onAWS default: False
```
@@ -83,14 +80,11 @@ user = Actor("User")
user.inBoundary = User_Web
web = Server("Web Server")
-web.OS = "CloudOS"
web.isHardened = True
db = Datastore("SQL Database (*)")
-db.OS = "CentOS"
db.isHardened = False
db.inBoundary = Web_DB
-db.isSql = True
db.inScope = False
my_lambda = Lambda("cleanDBevery6hours")
@@ -260,7 +254,7 @@ If `target` is a Dataflow, remember you can access `target.source` and/or `targe
Conditions on assets can analyze all incoming and outgoing Dataflows by inspecting
the `target.input` and `target.output` attributes. For example, to match a threat only against
servers with incoming traffic, use `any(target.inputs)`. A more advanced example,
-matching elements connecting to SQL datastores, would be `any(f.sink.oneOf(Datastore) and f.sink.isSQL for f in target.outputs)`.
+matching elements connecting to SQL datastores, would be `any(f.sink.oneOf(Datastore) for f in target.outputs) and target.protocol == 'SQL'`.
## Currently supported threats
diff --git a/docs/pytm/index.html b/docs/pytm/index.html
index a96d5c3..fea751c 100644
--- a/docs/pytm/index.html
+++ b/docs/pytm/index.html
@@ -191,7 +191,8 @@
Class variables
for example by verifying the authenticity of a digital certificate.""")
checksDestinationRevocation = varBool(False, doc="""Correctly checks the revocation status
of credentials used to authenticate the destination""")
- isAdmin = varBool(False)
+ # should not be settable, but accessible
+ providesIntegrity = False
def __init__(self, name, **kwargs):
super().__init__(name, **kwargs)
@@ -200,6 +201,13 @@ Ancestors
+Class variables
+
+var providesIntegrity
+-
+
+
+
Instance variables
var authenticatesDestination
@@ -268,22 +276,6 @@ Instance variables
return self.data.get(instance, self.default)
-var isAdmin
--
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var outputs
-
@@ -593,10 +585,8 @@
Instance variables
for example by verifying the authenticity of a digital certificate.""")
checksDestinationRevocation = varBool(False, doc="""Correctly checks the revocation status
of credentials used to authenticate the destination""")
- authenticatedWith = varBool(False)
order = varInt(-1, doc="Number of this data flow in the threat model")
implementsAuthenticationScheme = varBool(False)
- implementsCommunicationProtocol = varBool(False)
note = varString("")
usesVPN = varBool(False)
authorizesSource = varBool(False)
@@ -657,22 +647,6 @@ Ancestors
Instance variables
-var authenticatedWith
--
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var authenticatesDestination
-
Verifies the identity of the destination,
@@ -771,22 +745,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var implementsCommunicationProtocol
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var isEncrypted
-
@@ -1046,19 +1004,10 @@
Methods
class Datastore(Asset):
"""An entity storing data"""
- onRDS = varBool(False)
- storesLogData = varBool(False)
- storesPII = varBool(False, doc="""Personally Identifiable Information
-is any information relating to an identifiable person.""")
- storesSensitiveData = varBool(False)
- isSQL = varBool(True)
- providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
isShared = varBool(False)
- hasWriteAccess = varBool(False)
handlesResourceConsumption = varBool(False)
isResilient = varBool(False)
- handlesInterruptions = varBool(False)
usesEncryptionAlgorithm = varString("")
implementsPOLP = varBool(False, doc="""The principle of least privilege (PoLP),
also known as the principle of minimal privilege or the principle of least authority,
@@ -1093,22 +1042,6 @@ Ancestors
Instance variables
-var handlesInterruptions
--
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var handlesResourceConsumption
-
@@ -1125,22 +1058,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var hasWriteAccess
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var implementsPOLP
-
The principle of least privilege (PoLP),
@@ -1178,22 +1095,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var isSQL
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var isShared
-
@@ -1210,38 +1111,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var onRDS
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
-
var providesConfidentiality
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var providesIntegrity
-
@@ -1258,55 +1127,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var storesLogData
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
-
var storesPII
-
-
-
Personally Identifiable Information
-is any information relating to an identifiable person.
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
-
var storesSensitiveData
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var usesEncryptionAlgorithm
-
@@ -1762,7 +1582,6 @@
Instance variables
class Lambda(Asset):
"""A lambda function running in a Function-as-a-Service (FaaS) environment"""
- onAWS = varBool(True)
environment = varString("")
implementsAPI = varBool(False)
@@ -1837,22 +1656,6 @@ Instance variables
return self.data.get(instance, self.default)
-
var onAWS
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
@@ -1868,16 +1671,10 @@ Instance variables
class Process(Asset):
"""An entity processing data"""
- codeType = varString("Unmanaged")
- implementsCommunicationProtocol = varBool(False)
- providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
isResilient = varBool(False)
- tracksExecutionFlow = varBool(False)
implementsCSRFToken = varBool(False)
handlesResourceConsumption = varBool(False)
- handlesCrashes = varBool(False)
- handlesInterruptions = varBool(False)
implementsAPI = varBool(False)
usesSecureFunctions = varBool(False)
environment = varString("")
@@ -1933,22 +1730,6 @@ Instance variables
return self.data.get(instance, self.default)
-var codeType
--
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var disablesiFrames
-
@@ -2013,38 +1794,6 @@
Instance variables
return self.data.get(instance, self.default)
-var handlesCrashes
--
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
-
var handlesInterruptions
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var handlesResourceConsumption
-
@@ -2093,22 +1842,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var implementsCommunicationProtocol
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var implementsPOLP
-
The principle of least privilege (PoLP),
@@ -2146,22 +1879,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var providesConfidentiality
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var providesIntegrity
-
@@ -2178,22 +1895,6 @@
Instance variables
return self.data.get(instance, self.default)
-
var tracksExecutionFlow
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var usesMFA
-
Multi-factor authentication is an authentication method
@@ -2293,7 +1994,6 @@
Instance variables
class Server(Asset):
"""An entity processing data"""
- providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
validatesHeaders = varBool(False)
encodesHeaders = varBool(False)
@@ -2465,22 +2165,6 @@ Instance variables
return self.data.get(instance, self.default)
-
var providesConfidentiality
-
-
-
-
-
-Expand source code
-
-def __get__(self, instance, owner):
- # when x.d is called we get here
- # instance = x
- # owner = type(x)
- if instance is None:
- return self
- return self.data.get(instance, self.default)
-
-
var providesIntegrity
-
@@ -3582,10 +3266,10 @@
checksDestinationRevocation
data
inputs
-isAdmin
outputs
port
protocol
+providesIntegrity
-
@@ -3615,7 +3299,6 @@
-
hasDataLeaks
implementsAuthenticationScheme
-implementsCommunicationProtocol
isEncrypted
isResponse
note
@@ -3643,19 +3325,11 @@
@@ -3687,29 +3361,22 @@
-
allowsClientSideScripting
-codeType
disablesiFrames
encryptsCookies
encryptsSessionData
environment
-handlesCrashes
-handlesInterruptions
handlesResourceConsumption
implementsAPI
implementsCSRFToken
-implementsCommunicationProtocol
implementsPOLP
isResilient
-providesConfidentiality
providesIntegrity
-tracksExecutionFlow
usesMFA
usesParameterizedInput
usesSecureFunctions
@@ -3728,7 +3395,6 @@
implementsStrictHTTPValidation
invokesScriptFilters
isResilient
-providesConfidentiality
providesIntegrity
usesCache
usesCodeSigning
diff --git a/pytm/pytm.py b/pytm/pytm.py
index 5b17721..45ab828 100644
--- a/pytm/pytm.py
+++ b/pytm/pytm.py
@@ -976,7 +976,6 @@ class Asset(Element):
data = varData([], doc="Default type of data in incoming data flows")
inputs = varElements([], doc="incoming Dataflows")
outputs = varElements([], doc="outgoing Dataflows")
- onAWS = varBool(False)
isHardened = varBool(False)
implementsAuthenticationScheme = varBool(False)
implementsNonce = varBool(False, doc="""Nonce is an arbitrary number
@@ -999,16 +998,13 @@ class Asset(Element):
checksInputBounds = varBool(False)
encodesOutput = varBool(False)
handlesResourceConsumption = varBool(False)
- authenticationScheme = varString("")
usesEnvironmentVariables = varBool(False)
- OS = varString("")
providesIntegrity = varBool(False)
class Lambda(Asset):
"""A lambda function running in a Function-as-a-Service (FaaS) environment"""
- onAWS = varBool(True)
environment = varString("")
implementsAPI = varBool(False)
@@ -1048,7 +1044,6 @@ def _shape(self):
class Server(Asset):
"""An entity processing data"""
- providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
validatesHeaders = varBool(False)
encodesHeaders = varBool(False)
@@ -1091,19 +1086,10 @@ def __init__(self, name, **kwargs):
class Datastore(Asset):
"""An entity storing data"""
- onRDS = varBool(False)
- storesLogData = varBool(False)
- storesPII = varBool(False, doc="""Personally Identifiable Information
-is any information relating to an identifiable person.""")
- storesSensitiveData = varBool(False)
- isSQL = varBool(True)
- providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
isShared = varBool(False)
- hasWriteAccess = varBool(False)
handlesResourceConsumption = varBool(False)
isResilient = varBool(False)
- handlesInterruptions = varBool(False)
usesEncryptionAlgorithm = varString("")
implementsPOLP = varBool(False, doc="""The principle of least privilege (PoLP),
also known as the principle of minimal privilege or the principle of least authority,
@@ -1144,7 +1130,6 @@ class Actor(Element):
for example by verifying the authenticity of a digital certificate.""")
checksDestinationRevocation = varBool(False, doc="""Correctly checks the revocation status
of credentials used to authenticate the destination""")
- isAdmin = varBool(False)
# should not be settable, but accessible
providesIntegrity = False
@@ -1155,16 +1140,10 @@ def __init__(self, name, **kwargs):
class Process(Asset):
"""An entity processing data"""
- codeType = varString("Unmanaged")
- implementsCommunicationProtocol = varBool(False)
- providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
isResilient = varBool(False)
- tracksExecutionFlow = varBool(False)
implementsCSRFToken = varBool(False)
handlesResourceConsumption = varBool(False)
- handlesCrashes = varBool(False)
- handlesInterruptions = varBool(False)
implementsAPI = varBool(False)
usesSecureFunctions = varBool(False)
environment = varString("")
@@ -1220,10 +1199,8 @@ class Dataflow(Element):
for example by verifying the authenticity of a digital certificate.""")
checksDestinationRevocation = varBool(False, doc="""Correctly checks the revocation status
of credentials used to authenticate the destination""")
- authenticatedWith = varBool(False)
order = varInt(-1, doc="Number of this data flow in the threat model")
implementsAuthenticationScheme = varBool(False)
- implementsCommunicationProtocol = varBool(False)
note = varString("")
usesVPN = varBool(False)
authorizesSource = varBool(False)
diff --git a/tests/output.json b/tests/output.json
index aedb064..88d323e 100644
--- a/tests/output.json
+++ b/tests/output.json
@@ -32,7 +32,6 @@
"inputs": [
"Show comments (*)"
],
- "isAdmin": false,
"maxClassification": "Classification.UNKNOWN",
"name": "User",
"outputs": [
@@ -43,11 +42,9 @@
"providesIntegrity": false
},
{
- "OS": "",
"__class__": "Server",
"authenticatesDestination": false,
"authenticatesSource": false,
- "authenticationScheme": "",
"authorizesSource": false,
"checksDestinationRevocation": false,
"checksInputBounds": false,
@@ -79,7 +76,6 @@
"isResilient": false,
"maxClassification": "Classification.UNKNOWN",
"name": "Web Server",
- "onAWS": false,
"outputs": [
"Insert query with comments",
"Call func",
@@ -87,7 +83,6 @@
],
"port": -1,
"protocol": "",
- "providesConfidentiality": false,
"providesIntegrity": false,
"sanitizesInput": false,
"usesCache": false,
@@ -104,11 +99,9 @@
"validatesInput": false
},
{
- "OS": "",
"__class__": "Lambda",
"authenticatesDestination": false,
"authenticatesSource": false,
- "authenticationScheme": "",
"authorizesSource": false,
"checksDestinationRevocation": false,
"checksInputBounds": false,
@@ -133,7 +126,6 @@
"isHardened": false,
"maxClassification": "Classification.UNKNOWN",
"name": "Lambda func",
- "onAWS": true,
"outputs": [],
"port": -1,
"protocol": "",
@@ -143,16 +135,13 @@
"validatesInput": false
},
{
- "OS": "",
"__class__": "Process",
"allowsClientSideScripting": false,
"authenticatesDestination": false,
"authenticatesSource": false,
- "authenticationScheme": "",
"authorizesSource": false,
"checksDestinationRevocation": false,
"checksInputBounds": false,
- "codeType": "Unmanaged",
"data": [],
"definesConnectionTimeout": false,
"description": "",
@@ -162,15 +151,12 @@
"encryptsSessionData": false,
"environment": "",
"findings": [],
- "handlesCrashes": false,
- "handlesInterruptions": false,
"handlesResourceConsumption": false,
"handlesResources": false,
"hasAccessControl": false,
"implementsAPI": false,
"implementsAuthenticationScheme": false,
"implementsCSRFToken": false,
- "implementsCommunicationProtocol": false,
"implementsNonce": false,
"implementsPOLP": false,
"inBoundary": null,
@@ -181,16 +167,13 @@
"isResilient": false,
"maxClassification": "Classification.UNKNOWN",
"name": "Task queue worker",
- "onAWS": false,
"outputs": [
"Query for tasks"
],
"port": -1,
"protocol": "",
- "providesConfidentiality": false,
"providesIntegrity": false,
"sanitizesInput": false,
- "tracksExecutionFlow": false,
"usesEnvironmentVariables": false,
"usesMFA": false,
"usesParameterizedInput": false,
@@ -200,11 +183,9 @@
"verifySessionIdentifiers": false
},
{
- "OS": "",
"__class__": "Datastore",
"authenticatesDestination": false,
"authenticatesSource": false,
- "authenticationScheme": "",
"authorizesSource": false,
"checksDestinationRevocation": false,
"checksInputBounds": false,
@@ -213,11 +194,9 @@
"description": "",
"encodesOutput": false,
"findings": [],
- "handlesInterruptions": false,
"handlesResourceConsumption": false,
"handlesResources": false,
"hasAccessControl": false,
- "hasWriteAccess": false,
"implementsAuthenticationScheme": false,
"implementsNonce": false,
"implementsPOLP": false,
@@ -230,23 +209,16 @@
"isEncrypted": false,
"isHardened": false,
"isResilient": false,
- "isSQL": true,
"isShared": false,
"maxClassification": "Classification.UNKNOWN",
"name": "SQL Database",
- "onAWS": false,
- "onRDS": false,
"outputs": [
"Retrieve comments"
],
"port": -1,
"protocol": "",
- "providesConfidentiality": false,
"providesIntegrity": false,
"sanitizesInput": false,
- "storesLogData": false,
- "storesPII": false,
- "storesSensitiveData": false,
"usesEncryptionAlgorithm": "",
"usesEnvironmentVariables": false,
"validatesInput": false
@@ -255,7 +227,6 @@
"findings": [],
"flows": [
{
- "authenticatedWith": false,
"authenticatesDestination": false,
"authorizesSource": false,
"checksDestinationRevocation": false,
@@ -264,7 +235,6 @@
"dstPort": -1,
"findings": [],
"implementsAuthenticationScheme": false,
- "implementsCommunicationProtocol": false,
"inBoundary": null,
"inScope": true,
"isEncrypted": false,
@@ -284,7 +254,6 @@
"usesVPN": false
},
{
- "authenticatedWith": false,
"authenticatesDestination": false,
"authorizesSource": false,
"checksDestinationRevocation": false,
@@ -293,7 +262,6 @@
"dstPort": -1,
"findings": [],
"implementsAuthenticationScheme": false,
- "implementsCommunicationProtocol": false,
"inBoundary": null,
"inScope": true,
"isEncrypted": false,
@@ -313,7 +281,6 @@
"usesVPN": false
},
{
- "authenticatedWith": false,
"authenticatesDestination": false,
"authorizesSource": false,
"checksDestinationRevocation": false,
@@ -322,7 +289,6 @@
"dstPort": -1,
"findings": [],
"implementsAuthenticationScheme": false,
- "implementsCommunicationProtocol": false,
"inBoundary": null,
"inScope": true,
"isEncrypted": false,
@@ -342,7 +308,6 @@
"usesVPN": false
},
{
- "authenticatedWith": false,
"authenticatesDestination": false,
"authorizesSource": false,
"checksDestinationRevocation": false,
@@ -351,7 +316,6 @@
"dstPort": -1,
"findings": [],
"implementsAuthenticationScheme": false,
- "implementsCommunicationProtocol": false,
"inBoundary": null,
"inScope": true,
"isEncrypted": false,
@@ -371,7 +335,6 @@
"usesVPN": false
},
{
- "authenticatedWith": false,
"authenticatesDestination": false,
"authorizesSource": false,
"checksDestinationRevocation": false,
@@ -380,7 +343,6 @@
"dstPort": -1,
"findings": [],
"implementsAuthenticationScheme": false,
- "implementsCommunicationProtocol": false,
"inBoundary": null,
"inScope": true,
"isEncrypted": false,
@@ -400,7 +362,6 @@
"usesVPN": false
},
{
- "authenticatedWith": false,
"authenticatesDestination": false,
"authorizesSource": false,
"checksDestinationRevocation": false,
@@ -409,7 +370,6 @@
"dstPort": -1,
"findings": [],
"implementsAuthenticationScheme": false,
- "implementsCommunicationProtocol": false,
"inBoundary": null,
"inScope": true,
"isEncrypted": false,
diff --git a/tests/test_private_func.py b/tests/test_private_func.py
index bd0bb69..f3817bd 100644
--- a/tests/test_private_func.py
+++ b/tests/test_private_func.py
@@ -1,7 +1,17 @@
import random
import unittest
-from pytm.pytm import Actor, Boundary, Data, Dataflow, Datastore, Process, Server, TM, Threat
+from pytm.pytm import (
+ TM,
+ Actor,
+ Boundary,
+ Data,
+ Dataflow,
+ Datastore,
+ Process,
+ Server,
+ Threat,
+)
class TestUniqueNames(unittest.TestCase):
@@ -27,12 +37,12 @@ def test_write_once(self):
user.name = "Computer"
def test_kwargs(self):
- user = Actor("User", isAdmin=True)
- self.assertEqual(user.isAdmin, True)
+ user = Actor("User", authenticatesDestination=True)
+ self.assertEqual(user.authenticatesDestination, True)
user = Actor("User")
- self.assertEqual(user.isAdmin, False)
- user.isAdmin = True
- self.assertEqual(user.isAdmin, True)
+ self.assertEqual(user.authenticatesDestination, False)
+ user.authenticatesDestination = True
+ self.assertEqual(user.authenticatesDestination, True)
def test_load_threats(self):
tm = TM("TM")
@@ -77,7 +87,6 @@ def test_defaults(self):
)
db = Datastore(
"PostgreSQL",
- isSQL=True,
port=5432,
protocol="PostgreSQL",
isEncrypted=False,
@@ -103,14 +112,18 @@ def test_defaults(self):
self.assertEqual(req_get.srcPort, -1)
self.assertEqual(req_get.dstPort, server.port)
self.assertEqual(req_get.isEncrypted, server.isEncrypted)
- self.assertEqual(req_get.authenticatesDestination, user.authenticatesDestination)
+ self.assertEqual(
+ req_get.authenticatesDestination, user.authenticatesDestination
+ )
self.assertEqual(req_get.protocol, server.protocol)
self.assertTrue(user.data.issubset(req_get.data))
self.assertEqual(server_query.srcPort, -1)
self.assertEqual(server_query.dstPort, db.port)
self.assertEqual(server_query.isEncrypted, db.isEncrypted)
- self.assertEqual(server_query.authenticatesDestination, server.authenticatesDestination)
+ self.assertEqual(
+ server_query.authenticatesDestination, server.authenticatesDestination
+ )
self.assertEqual(server_query.protocol, db.protocol)
self.assertTrue(server.data.issubset(server_query.data))
@@ -131,7 +144,9 @@ def test_defaults(self):
self.assertEqual(req_post.srcPort, -1)
self.assertEqual(req_post.dstPort, server.port)
self.assertEqual(req_post.isEncrypted, server.isEncrypted)
- self.assertEqual(req_post.authenticatesDestination, user.authenticatesDestination)
+ self.assertEqual(
+ req_post.authenticatesDestination, user.authenticatesDestination
+ )
self.assertEqual(req_post.protocol, server.protocol)
self.assertTrue(user.data.issubset(req_post.data))
@@ -150,7 +165,9 @@ def test_defaults(self):
self.assertListEqual(cookie.carriedBy, [req_get, req_post])
self.assertSetEqual(set(cookie.processedBy), set([user, server]))
self.assertIn(cookie, req_get.data)
- self.assertSetEqual(set([d.name for d in req_post.data]), set([cookie.name, "HTTP", "JSON"]))
+ self.assertSetEqual(
+ set([d.name for d in req_post.data]), set([cookie.name, "HTTP", "JSON"])
+ )
class TestMethod(unittest.TestCase):
@@ -163,7 +180,7 @@ def test_defaults(self):
user = Actor("User", inBoundary=internet)
server = Server("Server")
- db = Datastore("DB", inBoundary=cloud, isSQL=True)
+ db = Datastore("DB", inBoundary=cloud)
func = Datastore("Lambda function", inBoundary=cloud)
request = Dataflow(user, server, "request")
@@ -190,7 +207,7 @@ def test_defaults(self):
{"target": func, "condition": "not any(target.inputs)"},
{
"target": server,
- "condition": "any(f.sink.oneOf(Datastore) and f.sink.isSQL "
+ "condition": "any(f.sink.oneOf(Datastore) "
"for f in target.outputs)",
},
]
diff --git a/tm.py b/tm.py
index 401ec6c..bf9ee1f 100755
--- a/tm.py
+++ b/tm.py
@@ -15,27 +15,21 @@
user.inBoundary = internet
web = Server("Web Server")
-web.OS = "Ubuntu"
web.isHardened = True
web.sanitizesInput = False
web.encodesOutput = True
web.authorizesSource = False
db = Datastore("SQL Database")
-db.OS = "CentOS"
db.isHardened = False
db.inBoundary = server_db
-db.isSQL = True
db.inScope = True
db.maxClassification = Classification.RESTRICTED
secretDb = Datastore("Real Identity Database")
-secretDb.OS = "CentOS"
secretDb.isHardened = True
secretDb.inBoundary = server_db
-secretDb.isSQL = True
-secretDb.inScope = True
-secretDb.storesPII = True
+secretDb.inScope = True
secretDb.maxClassification = Classification.TOP_SECRET
my_lambda = Lambda("AWS Lambda")