Add new test cases for server-based sanitization against reflected XSS #173
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* New XML Format post 10.x release * take care of xpath issues
* XSS Scenarios * xss mods * review comments incorporated * Renamed Intermediate class & removed the commented out code Co-authored-by: user <[email protected]> Co-authored-by: gituser <[email protected]> Co-authored-by: kaveti.l <[email protected]>
* XSS Scenarios * xss mods * review comments incorporated * scripts to create several SAST reports * Update AppScanDynamicReader2.java per pull request OWASP-Benchmark#157, with additional changes by me, including running spotless properly. * Update codeql-analysis.yml CodeQL auto build is failing with a "Picked up JAVA_TOOL_OPTIONS:..." message, so let's try a plain old Maven build. * Update codeql-analysis.yml Ensure that the CodeQL workflow checks out enough git history to support the spotless ratchetFrom test in the Maven build. * Update README.md Trivial grammar fix. * Renamed Intermediate class & removed the commented out code * change horusec to docker * prevent installation outputs * insider - check for availability and updates * use docker instead of calling semgrep directly * require docker * fix typo * Upgrade a bunch of dependencies and remove a few unused ones. * fix insider installation check 🙈 * execute bit for docker script * more preconditions checks * store sonarqube credentials in seperate file * prevent adding of sonarqube credentials * docker cleanup * Revert "docker cleanup" This reverts commit 70e7c48. * docker cleanup * Add dependency used by a script. Minor tweaks to a few scripts. * A few minor fixes to the other IAST run scripts. * This is a MAJOR change. This commit rips out all the utilities included with Benchmark to score it, run crawlers on it, etc. Those utilities are now in a seperate project called BenchmarkUtils. BenchmarkUtils produces a maven plugin that is now used by all the scoring and crawling scripts updated in this commit. You have to clone BenchmarkUtils, then run: mvn install, to get the plugin (which is built and installed locally). * Proxy Settings added to OWASP Benchmark Crawler to enable different hosts (#1) * Simplify configuration of 2 config files. Minor updates to a number of test cases. * Updated the Dockerfile to reflect the repo change to BenchmarkJava * Fix utility method so more 'standard' headers are filtered out when trying to identify the custom header for test cases that use that. * Intermediate file is deleted Co-authored-by: user <[email protected]> Co-authored-by: gituser <[email protected]> Co-authored-by: kaveti.l <[email protected]> Co-authored-by: Sascha Knoop <[email protected]> Co-authored-by: Dave Wichers <[email protected]> Co-authored-by: dandersonaspect <[email protected]> Co-authored-by: Arun Muthu <[email protected]> Co-authored-by: Arun Muthu <[email protected]> Co-authored-by: shivababuh <[email protected]>
|
Thanks for submitting these. However, the Benchmark is synthetically generated, not built by hand like this. With that said, I'll review these improvements and see which of them I can roll into the generator so they are included in Benchmark 1.3, which is getting close to ready for release. So the timing of your contribution is good on that score. |
|
Hi @davewichers I know this thread is pretty old. Do you know when the v1.3 will be released? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
6 new test cases were added to demonstrate proper (and improper) sanitization of reflected user input against XSS. The tainted user input is reflected in an HTML attribute (2 cases), in an HTML tag (2 cases), and directly in an inner HTML text (2 cases). For each of the reflected locations, one case provides proper sanitization that prevents exploitation, while another provides inadequate sanitization resulting in reflected XSS