Skip to content

Commit

Permalink
Pushing test for Persistent XSS in HTML
Browse files Browse the repository at this point in the history
  • Loading branch information
Dominik Knut committed Nov 18, 2023
1 parent cd5f33b commit f52eb86
Showing 1 changed file with 126 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
package org.sasanlabs.service.vulnerability.xss.reflected;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;

import org.sasanlabs.service.vulnerability.xss.persistent.PersistentXSSInHTMLTagVulnerability;
import org.sasanlabs.service.vulnerability.xss.persistent.PostRepository;
import org.springframework.http.ResponseEntity;

import java.util.HashMap;
import java.util.Map;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.Mockito.*;


public class PersistentXSSInHTMLTagVulnerabilityTest {
@Mock
private PostRepository postRepository;

private PersistentXSSInHTMLTagVulnerability vulnerability;

@BeforeEach
public void setup() {
MockitoAnnotations.initMocks(this);
vulnerability = new PersistentXSSInHTMLTagVulnerability(postRepository);
}

@Test
public void testGetVulnerablePayloadLevel1() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<script>alert('XSS')</script>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel1(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel1WithXSSInAttributeValue() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<a href='javascript:alert(1)'>Click me</a>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel1(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel2() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<img src='x' onerror='alert(1)'>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel2(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel3() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<script>alert('XSS')</script>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel3(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel4() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<img src='x' onerror='alert(1)'>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel4(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel5() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<script>alert('XSS')</script>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel5(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel6() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<img src='x' onerror='alert(1)'>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel6(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}

@Test
public void testGetVulnerablePayloadLevel7() {
Map<String, String> queryParams = new HashMap<>();
queryParams.put("comment", "<script>alert('XSS')</script>");

ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel7(queryParams);

verify(postRepository, times(1)).save(any());

assertEquals(200, response.getStatusCodeValue());
}
}

0 comments on commit f52eb86

Please sign in to comment.