Pushing test for Persistent XSS in HTML

src/test/java/org/sasanlabs/service/vulnerability/xss/reflected/PersistentXSSInHTMLTagVulnerabilityTest.java

@@ -0,0 +1,126 @@
+package org.sasanlabs.service.vulnerability.xss.reflected;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import org.sasanlabs.service.vulnerability.xss.persistent.PersistentXSSInHTMLTagVulnerability;
+import org.sasanlabs.service.vulnerability.xss.persistent.PostRepository;
+import org.springframework.http.ResponseEntity;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.*;
+
+
+public class PersistentXSSInHTMLTagVulnerabilityTest {
+    @Mock
+    private PostRepository postRepository;
+
+    private PersistentXSSInHTMLTagVulnerability vulnerability;
+
+    @BeforeEach
+    public void setup() {
+        MockitoAnnotations.initMocks(this);
+        vulnerability = new PersistentXSSInHTMLTagVulnerability(postRepository);
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel1() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<script>alert('XSS')</script>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel1(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel1WithXSSInAttributeValue() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<a href='javascript:alert(1)'>Click me</a>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel1(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel2() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<img src='x' onerror='alert(1)'>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel2(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel3() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<script>alert('XSS')</script>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel3(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel4() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<img src='x' onerror='alert(1)'>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel4(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel5() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<script>alert('XSS')</script>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel5(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel6() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<img src='x' onerror='alert(1)'>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel6(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void testGetVulnerablePayloadLevel7() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("comment", "<script>alert('XSS')</script>");
+
+        ResponseEntity<String> response = vulnerability.getVulnerablePayloadLevel7(queryParams);
+
+        verify(postRepository, times(1)).save(any());
+
+        assertEquals(200, response.getStatusCodeValue());
+    }
+}