3 New XSS Stored Secure Level Added

Author: Lyes

.classpath

@@ -1,9 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-	<classpathentry kind="src" output="bin/main" path="src/main/java">
+	<classpathentry kind="src" output="bin/test" path="src/test/java">
 		<attributes>
-			<attribute name="gradle_scope" value="main"/>
-			<attribute name="gradle_used_by_scope" value="main,test"/>
+			<attribute name="gradle_scope" value="test"/>
+			<attribute name="gradle_used_by_scope" value="test"/>
+			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="src" output="bin/main" path="src/main/resources">
@@ -12,11 +13,10 @@
 			<attribute name="gradle_used_by_scope" value="main,test"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" output="bin/test" path="src/test/java">
+	<classpathentry kind="src" output="bin/main" path="src/main/java">
 		<attributes>
-			<attribute name="gradle_scope" value="test"/>
-			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
+			<attribute name="gradle_scope" value="main"/>
+			<attribute name="gradle_used_by_scope" value="main,test"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>

.project

@@ -20,4 +20,15 @@
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.buildship.core.gradleprojectnature</nature>
 	</natures>
+	<filteredResources>
+		<filter>
+			<id>1738769978762</id>
+			<name></name>
+			<type>30</type>
+			<matcher>
+				<id>org.eclipse.core.resources.regexFilterMatcher</id>
+				<arguments>node_modules|\.git|__CREATED_BY_JAVA_LANGUAGE_SERVER__</arguments>
+			</matcher>
+		</filter>
+	</filteredResources>
 </projectDescription>

.settings/org.eclipse.jdt.core.prefs

@@ -1,4 +1,5 @@
 eclipse.preferences.version=1
+org.eclipse.jdt.core.classpath.outputOverlappingAnotherSource=ignore
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.source=1.8

src/main/java/org/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java

@@ -218,4 +218,54 @@ public ResponseEntity<String> getVulnerablePayloadLevel7(
                         post -> StringEscapeUtils.escapeHtml4(post)),
                 HttpStatus.OK);
     }
+    //escape html and delete all the script and img tags
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_8,
+            htmlTemplate = "LEVEL_1/PersistentXSS",
+            variant = Variant.SECURE)
+    public ResponseEntity<String> getSecurePayloadLevel8(
+            @RequestParam Map<String, String> queryParams) {
+        return new ResponseEntity<>(
+                this.getCommentsPayload(
+                        queryParams,
+                        LevelConstants.LEVEL_8,
+                        post -> StringEscapeUtils.escapeHtml4(
+                                post.replaceAll("(?i)<script.*?>.*?</script>", "")
+                                    .replaceAll("(?i)<img.*?>", ""))),
+                HttpStatus.OK);
+    }
+    //delete all the html tags
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_9,
+            htmlTemplate = "LEVEL_1/PersistentXSS",
+            variant = Variant.SECURE)
+    public ResponseEntity<String> getSecurePayloadLevel9(
+            @RequestParam Map<String, String> queryParams) {
+        Function<String, String> function =
+                (post) -> {
+                    String sanitizedPost = post.replaceAll("<.*?>", ""); // Delete all the html balises
+                    return StringEscapeUtils.escapeHtml4(sanitizedPost);
+                };
+        return new ResponseEntity<>(
+                this.getCommentsPayload(queryParams, LevelConstants.LEVEL_9, function),
+                HttpStatus.OK);
+    }
+    //delete all the js calls
+    @VulnerableAppRequestMapping(
+            value = LevelConstants.LEVEL_10,
+            htmlTemplate = "LEVEL_1/PersistentXSS",
+            variant = Variant.SECURE)
+    public ResponseEntity<String> getSecurePayloadLevel10(
+            @RequestParam Map<String, String> queryParams) {
+        Function<String, String> function =
+                (post) -> {
+                    String sanitizedPost = StringEscapeUtils.escapeHtml4(post);
+                    sanitizedPost = sanitizedPost.replaceAll("(?i)javascript:", ""); // Delete all the js calls
+                    return StringEscapeUtils.escapeHtml4(sanitizedPost);
+                };
+        return new ResponseEntity<>(
+                this.getCommentsPayload(queryParams, LevelConstants.LEVEL_10, function),
+                HttpStatus.OK);
+    }
+
 }