Add new test cases for server-based sanitization against reflected XSS #173
Commits on Sep 8, 2021
-
Generate Scorecard to include the New XML Format post 10.x release (#2)
* New XML Format post 10.x release * take care of xpath issues
Commits on Sep 22, 2021
-
* XSS Scenarios * xss mods * review comments incorporated * Renamed Intermediate class & removed the commented out code Co-authored-by: user <[email protected]> Co-authored-by: gituser <[email protected]> Co-authored-by: kaveti.l <[email protected]>
4 people authoredSep 22, 2021
Commits on Dec 15, 2021
-
* XSS Scenarios * xss mods * review comments incorporated * scripts to create several SAST reports * Update AppScanDynamicReader2.java per pull request OWASP-Benchmark#157, with additional changes by me, including running spotless properly. * Update codeql-analysis.yml CodeQL auto build is failing with a "Picked up JAVA_TOOL_OPTIONS:..." message, so let's try a plain old Maven build. * Update codeql-analysis.yml Ensure that the CodeQL workflow checks out enough git history to support the spotless ratchetFrom test in the Maven build. * Update README.md Trivial grammar fix. * Renamed Intermediate class & removed the commented out code * change horusec to docker * prevent installation outputs * insider - check for availability and updates * use docker instead of calling semgrep directly * require docker * fix typo * Upgrade a bunch of dependencies and remove a few unused ones. * fix insider installation check 🙈 * execute bit for docker script * more preconditions checks * store sonarqube credentials in seperate file * prevent adding of sonarqube credentials * docker cleanup * Revert "docker cleanup" This reverts commit 70e7c48. * docker cleanup * Add dependency used by a script. Minor tweaks to a few scripts. * A few minor fixes to the other IAST run scripts. * This is a MAJOR change. This commit rips out all the utilities included with Benchmark to score it, run crawlers on it, etc. Those utilities are now in a seperate project called BenchmarkUtils. BenchmarkUtils produces a maven plugin that is now used by all the scoring and crawling scripts updated in this commit. You have to clone BenchmarkUtils, then run: mvn install, to get the plugin (which is built and installed locally). * Proxy Settings added to OWASP Benchmark Crawler to enable different hosts (#1) * Simplify configuration of 2 config files. Minor updates to a number of test cases. * Updated the Dockerfile to reflect the repo change to BenchmarkJava * Fix utility method so more 'standard' headers are filtered out when trying to identify the custom header for test cases that use that. * Intermediate file is deleted Co-authored-by: user <[email protected]> Co-authored-by: gituser <[email protected]> Co-authored-by: kaveti.l <[email protected]> Co-authored-by: Sascha Knoop <[email protected]> Co-authored-by: Dave Wichers <[email protected]> Co-authored-by: dandersonaspect <[email protected]> Co-authored-by: Arun Muthu <[email protected]> Co-authored-by: Arun Muthu <[email protected]> Co-authored-by: shivababuh <[email protected]>
10 people authoredDec 15, 2021
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.