def test_CR01(self):
user = Actor("User")
web = Server("Web Server")
web.protocol = "HTTP"
web.usesVPN = False
web.usesSessionTokens = True
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = "HTTP"
user_to_web.usesVPN = False
user_to_web.usesSessionTokens = True
threat = threats["CR01"]
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(user_to_web))
def test_CR01(self):
user = Actor("User")
web = Server("Web Server")
web.protocol = 'HTTP'
web.usesVPN = False
web.usesSessionTokens = True
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = 'HTTP'
user_to_web.usesVPN = False
user_to_web.usesSessionTokens = True
ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "CR01"))
self.assertTrue(ThreatObj.apply(web))
self.assertTrue(ThreatObj.apply(user_to_web))
def test_CR02(self):
user = Actor("User")
web = Server("Web Server")
web.protocol = 'HTTP'
web.sanitizesInput = False
web.validatesInput = False
web.usesSessionTokens = True
user_to_web = Dataflow(user, web, "User enters comments (*)")
user_to_web.protocol = 'HTTP'
user_to_web.sanitizesInput = False
user_to_web.validatesInput = False
user_to_web.usesSessionTokens = True
threat = threats["CR02"]
self.assertTrue(threat.apply(web))
self.assertTrue(threat.apply(user_to_web))
