tmnpy.dsl.threat.Weakness

class tmnpy.dsl.threat.Weakness(name: str, alt_name: str = None, desc: str = None, mode_introduction: list = [], detection_methods: list = [], **kwargs)

A weakness is a potential issue in the design of the system in question. The basic attributes of a weakness are based in part on the Common Weakness Enumeration List maintained by MITRE.

Parameters:

namestr

Name of the weakness, can be a short hand.

descstr, default None

A short description of the weakness to help understand it’s applicability.

mode_introductionlist, default None

What development phase this weakness is introduced. Each value should consist of a dictionary with a phase, which is required, and a notes, which is optional to give more context. Valid phase options are: Policy, Requirements, Architecture and Design, Implementation, Build and Compilation, Testing, Documentation, Bundling, Distribution, Installation, System Configuration, Operation, Patching and Maintenance, Porting, Integration, Manufacturing, Decommissioning and End-of-Life.

SOURCE: PhaseEnumeration MITRE CWE <https://cwe.mitre.org/data/xsd/cwe_schema_latest.xsd>

detection_methodslist, default None

Detection methods are used to identify methods that may be employed to detect this weakness, including their strengths and limitations. Each method consists of desc, effectiveness, and notes. The required desc is intended to provide some context of how this method can be applied to a specific weakness. The optional effectiveness explains how effective the detection method may be in detecting the associated weakness. This assumes the use of best-of-breed tools, analysts, and methods. There is limited consideration for financial costs, labor, or time. The optional notes provides additional discussion of the strengths and shortcomings of this detection method.

Source: DetectionMethodsType MITRE CWE <https://cwe.mitre.org/data/xsd/cwe_schema_latest.xsd>

**kwargs

See Issue().

Attributes:

children: Children Elements.
consequences: Consquences refers to the potential impact of an issue.
desc: Description of the Element
detection_methods
meta: meta consists of the meta data associated with an Issue. In particular,
modes_of_introduction
name: Name of the Element
parent: Parent Element.

Methods

`add_child`(child)	add_child allows you to add a single child to an Element.
`add_consequence`(scope, impact[, likelihood, ...])	Adding a consequence to an issue.
`remove_child`(child)	remove_child allows you to remove a single child to an Element.
`remove_consequence`(cid)	Removing a consequence from an issue.

add_detection_method
add_introduction

__init__(name: str, alt_name: str = None, desc: str = None, mode_introduction: list = [], detection_methods: list = [], **kwargs) → None

Methods

`__init__`(name[, alt_name, desc, ...])
`add_child`(child)	add_child allows you to add a single child to an Element.
`add_consequence`(scope, impact[, likelihood, ...])	Adding a consequence to an issue.
`add_detection_method`(desc[, effectiveness, ...])
`add_introduction`(phase[, notes])
`remove_child`(child)	remove_child allows you to remove a single child to an Element.
`remove_consequence`(cid)	Removing a consequence from an issue.

Attributes

`children`	Children Elements.
`consequences`	Consquences refers to the potential impact of an issue.
`desc`	Description of the Element
`detection_methods`
`meta`	meta consists of the meta data associated with an Issue.
`modes_of_introduction`
`name`	Name of the Element
`parent`	Parent Element.