| 1 | import time |
| 2 | |
| 3 | from cti.approval import make_token, render_email, verify_token |
| 4 | |
| 5 | |
| 6 | def test_token_roundtrip(): |
| 7 | token = make_token("secret", "cti-20260527-120000") |
| 8 | assert verify_token("secret", token, 60) == "cti-20260527-120000" |
| 9 | |
| 10 | |
| 11 | def test_token_rejects_wrong_secret(): |
| 12 | token = make_token("secret", "bundle") |
| 13 | assert verify_token("other", token, 60) is None |
| 14 | |
| 15 | |
| 16 | def test_token_expires(): |
| 17 | token = make_token("secret", "bundle") |
| 18 | time.sleep(1) |
| 19 | assert verify_token("secret", token, 0) is None |
| 20 | |
| 21 | |
| 22 | def test_email_renders_summary(): |
| 23 | html = render_email({ |
| 24 | "bundle_id": "cti-20260527-120000", |
| 25 | "generated_at": "2026-05-27T12:00:00Z", |
| 26 | "counts": {"ip": 5, "domain": 3}, |
| 27 | "diff": {"added": 6, "removed": 1, "total": 8}, |
| 28 | "techniques": [{"technique_id": "T1071.001", "tactic": "command-and-control", "indicator_count": 4}], |
| 29 | "top_malware": [("Cobalt Strike", 2)], |
| 30 | "review_url": "http://localhost:8080/review/abc", |
| 31 | "list_sizes": {"cti-malicious-ip": 5}, |
| 32 | }) |
| 33 | assert "cti-20260527-120000" in html |
| 34 | assert "T1071.001" in html |
| 35 | assert "http://localhost:8080/review/abc" in html |