Java tutorial
/* * Copyright 2015 Mariusz. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.watchrabbit.scanner.attacker.verify; import com.watchrabbit.scanner.attacker.model.Vulnerability; import org.apache.commons.lang.StringUtils; import org.openqa.selenium.TimeoutException; import org.openqa.selenium.WebDriver; import org.openqa.selenium.remote.RemoteWebDriver; import org.openqa.selenium.support.ui.WebDriverWait; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * * @author Mariusz */ public class BasicXSSVerificationStrategy implements VerificationStrategy { private static final Logger LOGGER = LoggerFactory.getLogger(BasicXSSVerificationStrategy.class); @Override public Vulnerability verify(RemoteWebDriver driver, long loadMilisec) { WebDriverWait wait = new WebDriverWait(driver, 1); try { wait.until((WebDriver predicatedDriver) -> false); } catch (TimeoutException ex) { LOGGER.info("Timed out on {}", driver.getCurrentUrl()); } String result = (String) driver.executeScript("return window.w$"); LOGGER.debug("XSS Attack result is {}", result); if (StringUtils.isNotBlank(result)) { return Vulnerability.EXISTS; } else { return Vulnerability.NONE; } } }