forked from k4n5ha0/grapeSQLI
-
Notifications
You must be signed in to change notification settings - Fork 0
/
XSSParser_test.go
72 lines (64 loc) · 1.58 KB
/
XSSParser_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package GSQLI
import (
"fmt"
"testing"
"github.com/stretchr/testify/assert"
)
var (
xssToken = []string{
"<a href=\" javascript:alert(1);\" >",
"<a href=\"JAVASCRIPT:alert(1);\" >",
"<a href=javascript:alert(1)>",
"<a href=\"javascript:alert(1)\">",
"<a href='javascript:alert(1)'>",
"<a href = javascript:alert(1); >",
"red;</style><script>alert(1);</script>",
"red;}</style><script>alert(1);</script>",
"red;\"/><script>alert(1);</script>",
"<script>alert(1);</script>",
"><script>alert(1);</script>",
"x ><script>alert(1);</script>",
"' ><script>alert(1);</script>",
"\"><script>alert(1);</script>",
"');}</style><script>alert(1);</script>",
"onerror=alert(1)>",
"x onerror=alert(1);>",
"x' onerror=alert(1);>",
"x\" onerror=alert(1);>",
}
xssWhites = []string{
"123 LIKE -1234.5678E+2;",
"APPLE 19.123 'FOO' \"BAR\"",
"/* BAR */ UNION ALL SELECT (2,3,4)",
"1 || COS(+0X04) --FOOBAR",
"dog apple @cat banana bar",
`dog apple cat \"banana \'bar`,
"102 TABLE CLOTH",
"(1001-'1') union select 1,2,3,4 from credit_cards",
"<img src=\"\">",
}
)
func Test_XSSParser(t *testing.T) {
for _, tv := range xssToken {
fmt.Println(tv)
assert.Equal(t, XSSParser(tv), true)
}
}
func Test_XSSParserWhite(t *testing.T) {
for _, tv := range xssWhites {
fmt.Println(tv)
assert.Equal(t, XSSParser(tv), false)
}
}
func Benchmark_XSSParser(b *testing.B) {
for i := 0; i < b.N; i++ {
XSSParser(xssToken[0])
}
}
func Benchmark_XSSParserParallel(b *testing.B) {
b.RunParallel(func(pb *testing.PB) {
for pb.Next() {
XSSParser(xssToken[0])
}
})
}