diff --git a/syntribos/tests/fuzz/xml_external.py b/syntribos/tests/fuzz/xml_external.py index 6eb8886b..b4dd18c8 100644 --- a/syntribos/tests/fuzz/xml_external.py +++ b/syntribos/tests/fuzz/xml_external.py @@ -49,7 +49,7 @@ class XMLExternalEntityBody(base_fuzz.BaseFuzzTestCase): text=("A string known to be commonly returned after a " "successful XML external entity attack was included " "in the response. This could indicate a " - "vulnerability to XML entity attacks attacks."), + "vulnerability to XML entity attacks."), assertions=self.data_driven_failure_cases())) self.test_issues() diff --git a/syntribos/tests/fuzz/xss.py b/syntribos/tests/fuzz/xss.py new file mode 100644 index 00000000..b05b85c6 --- /dev/null +++ b/syntribos/tests/fuzz/xss.py @@ -0,0 +1,82 @@ +""" +Copyright 2016 Rackspace + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +""" + +from syntribos.issue import Issue +from syntribos.tests.fuzz import base_fuzz + + +class XSSBody(base_fuzz.BaseFuzzTestCase): + test_name = "XSS_BODY" + test_type = "data" + data_key = "xss.txt" + failure_keys = [ + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """""", + """