def test_CR02(self): user = Actor("User") web = Server("Web Server") web.protocol = "HTTP" web.sanitizesInput = False web.validatesInput = False web.usesSessionTokens = True user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP" user_to_web.sanitizesInput = False user_to_web.validatesInput = False user_to_web.usesSessionTokens = True threat = threats["CR02"] self.assertTrue(threat.apply(web)) self.assertTrue(threat.apply(user_to_web))
def test_CR02(self): user = Actor("User") web = Server("Web Server") web.protocol = 'HTTP' web.sanitizesInput = False web.validatesInput = False web.usesSessionTokens = True user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = 'HTTP' user_to_web.sanitizesInput = False user_to_web.validatesInput = False user_to_web.usesSessionTokens = True ThreatObj = Threat(next(item for item in threats_json if item["SID"] == "CR02")) self.assertTrue(ThreatObj.apply(web)) self.assertTrue(ThreatObj.apply(user_to_web))