diff --git a/src/test/java/org/sasanlabs/service/vulnerability/xss/reflected/PersistentXSSInHTMLTagVulnerabilityTest.java b/src/test/java/org/sasanlabs/service/vulnerability/xss/reflected/PersistentXSSInHTMLTagVulnerabilityTest.java new file mode 100644 index 00000000..c8c7024e --- /dev/null +++ b/src/test/java/org/sasanlabs/service/vulnerability/xss/reflected/PersistentXSSInHTMLTagVulnerabilityTest.java @@ -0,0 +1,126 @@ +package org.sasanlabs.service.vulnerability.xss.reflected; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import org.sasanlabs.service.vulnerability.xss.persistent.PersistentXSSInHTMLTagVulnerability; +import org.sasanlabs.service.vulnerability.xss.persistent.PostRepository; +import org.springframework.http.ResponseEntity; + +import java.util.HashMap; +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.*; + + +public class PersistentXSSInHTMLTagVulnerabilityTest { + @Mock + private PostRepository postRepository; + + private PersistentXSSInHTMLTagVulnerability vulnerability; + + @BeforeEach + public void setup() { + MockitoAnnotations.initMocks(this); + vulnerability = new PersistentXSSInHTMLTagVulnerability(postRepository); + } + + @Test + public void testGetVulnerablePayloadLevel1() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel1(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel1WithXSSInAttributeValue() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", "Click me"); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel1(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel2() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel2(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel3() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel3(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel4() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel4(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel5() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel5(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel6() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel6(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } + + @Test + public void testGetVulnerablePayloadLevel7() { + Map queryParams = new HashMap<>(); + queryParams.put("comment", ""); + + ResponseEntity response = vulnerability.getVulnerablePayloadLevel7(queryParams); + + verify(postRepository, times(1)).save(any()); + + assertEquals(200, response.getStatusCodeValue()); + } +} \ No newline at end of file