diff --git a/pytm/pytm.py b/pytm/pytm.py index ee271682..47da8236 100644 --- a/pytm/pytm.py +++ b/pytm/pytm.py @@ -228,6 +228,7 @@ def _apply_defaults(flows): e._safeset("dstPort", e.sink.port) if hasattr(e.sink, "isEncrypted"): e._safeset("isEncrypted", e.sink.isEncrypted) + e._safeset("authenticatesDestination", e.source.authenticatesDestination) outputs[e.source].append(e) inputs[e.sink].append(e) @@ -544,6 +545,7 @@ class Element(): hash functions.""") handlesResources = varBool(False) definesConnectionTimeout = varBool(False) + authenticatesDestination = varBool(False) OS = varString("") isAdmin = varBool(False) findings = varFindings([]) @@ -697,7 +699,6 @@ class Server(Element): providesConfidentiality = varBool(False) providesIntegrity = varBool(False) authenticatesSource = varBool(False) - authenticatesDestination = varBool(False) sanitizesInput = varBool(False) encodesOutput = varBool(False) hasAccessControl = varBool(False) @@ -767,7 +768,6 @@ class Datastore(Element): providesConfidentiality = varBool(False) providesIntegrity = varBool(False) authenticatesSource = varBool(False) - authenticatesDestination = varBool(False) isShared = varBool(False) hasWriteAccess = varBool(False) handlesResourceConsumption = varBool(False) @@ -832,7 +832,6 @@ class Process(Element): providesConfidentiality = varBool(False) providesIntegrity = varBool(False) authenticatesSource = varBool(False) - authenticatesDestination = varBool(False) isResilient = varBool(False) hasAccessControl = varBool(False) tracksExecutionFlow = varBool(False) diff --git a/tests/test_private_func.py b/tests/test_private_func.py index 3b7c58e6..968a638f 100644 --- a/tests/test_private_func.py +++ b/tests/test_private_func.py @@ -71,7 +71,7 @@ def test_responses(self): def test_defaults(self): tm = TM("TM") - user = Actor("User", data="HTTP") + user = Actor("User", data="HTTP", authenticatesDestination=True) server = Server( "Server", port=443, protocol="HTTPS", isEncrypted=True, data="JSON" ) @@ -101,36 +101,42 @@ def test_defaults(self): self.assertEqual(req_get.srcPort, -1) self.assertEqual(req_get.dstPort, server.port) self.assertEqual(req_get.isEncrypted, server.isEncrypted) + self.assertEqual(req_get.authenticatesDestination, user.authenticatesDestination) self.assertEqual(req_get.protocol, server.protocol) self.assertEqual(req_get.data, user.data) self.assertEqual(server_query.srcPort, -1) self.assertEqual(server_query.dstPort, db.port) self.assertEqual(server_query.isEncrypted, db.isEncrypted) + self.assertEqual(server_query.authenticatesDestination, server.authenticatesDestination) self.assertEqual(server_query.protocol, db.protocol) self.assertNotEqual(server_query.data, server.data) self.assertEqual(result.srcPort, db.port) self.assertEqual(result.dstPort, -1) self.assertEqual(result.isEncrypted, db.isEncrypted) + self.assertEqual(result.authenticatesDestination, False) self.assertEqual(result.protocol, db.protocol) self.assertEqual(result.data, db.data) self.assertEqual(resp_get.srcPort, server.port) self.assertEqual(resp_get.dstPort, -1) self.assertEqual(resp_get.isEncrypted, server.isEncrypted) + self.assertEqual(resp_get.authenticatesDestination, False) self.assertEqual(resp_get.protocol, server.protocol) self.assertEqual(resp_get.data, server.data) self.assertEqual(req_post.srcPort, -1) self.assertEqual(req_post.dstPort, server.port) self.assertEqual(req_post.isEncrypted, server.isEncrypted) + self.assertEqual(req_post.authenticatesDestination, user.authenticatesDestination) self.assertEqual(req_post.protocol, server.protocol) self.assertNotEqual(req_post.data, user.data) self.assertEqual(resp_post.srcPort, server.port) self.assertEqual(resp_post.dstPort, -1) self.assertEqual(resp_post.isEncrypted, server.isEncrypted) + self.assertEqual(resp_post.authenticatesDestination, False) self.assertEqual(resp_post.protocol, server.protocol) self.assertEqual(resp_post.data, server.data)