DE01 Data Flow Sniffing - condition needs improvement

[colesmj]

"DE01": { "description": "Data Flow Sniffing", "source": (Process, Element, Datastore), "target": Dataflow, "condition": "target.protocol == 'HTTP' and target.isEncrypted is False", },

In this threat, it checks to see if the protocol is HTTP and if the channel is unencrypted. A user by error may set the protocol but not the flag, or vice versa, unless there is code somewhere which makes the connection automatically. Instead, it may be best to make this an OR condition - either http or unencrypted will trigger the threat.

[nineinchnick]

Can you check this issue is still valid? The condition now is: not target.isEncrypted or (target.source.inScope and not target.isResponse and (not target.authenticatesDestination or not target.checksDestinationRevocation))

[colesmj]

Reviewing to clean up issues, and it seems this one has changed. Yes, DE01 seems "better" now, but DE03, which may be a duplicate threat, needs work. Will raise a separate PR for that issue.