From d89bda1d65af571c64dc3c0fc257270325b72d2a Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Mon, 29 Aug 2022 14:40:50 +0530 Subject: [PATCH] misc fixes to headless template (#5239) --- headless/extract-urls.yaml | 3 +++ headless/postmessage-outgoing-tracker.yaml | 8 +++++++- headless/postmessage-tracker.yaml | 8 +++++++- headless/prototype-pollution-check.yaml | 6 +++++- headless/window-name-domxss.yaml | 8 +++++++- 5 files changed, 29 insertions(+), 4 deletions(-) diff --git a/headless/extract-urls.yaml b/headless/extract-urls.yaml index decbfdd9ac..2d7a1060d9 100644 --- a/headless/extract-urls.yaml +++ b/headless/extract-urls.yaml @@ -11,7 +11,9 @@ headless: - args: url: "{{BaseURL}}" action: navigate + - action: waitload + - action: script name: extract args: @@ -19,6 +21,7 @@ headless: () => { return '\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n' } + extractors: - type: kval part: extract diff --git a/headless/postmessage-outgoing-tracker.yaml b/headless/postmessage-outgoing-tracker.yaml index 8eb3834c59..d1259b7c54 100644 --- a/headless/postmessage-outgoing-tracker.yaml +++ b/headless/postmessage-outgoing-tracker.yaml @@ -15,6 +15,7 @@ headless: part: response key: Content-Security-Policy value: "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;" + - action: script args: hook: true @@ -45,19 +46,24 @@ headless: } }; } + - args: url: "{{BaseURL}}" action: navigate - action: waitload + - action: script name: alerts args: - code: window.alerts + code: | + () => { window.alerts } + matchers: - type: word part: alerts words: - "at window.postMessage" + extractors: - type: kval part: alerts diff --git a/headless/postmessage-tracker.yaml b/headless/postmessage-tracker.yaml index d02c8b34d9..c38d7b601f 100644 --- a/headless/postmessage-tracker.yaml +++ b/headless/postmessage-tracker.yaml @@ -15,6 +15,7 @@ headless: part: response key: Content-Security-Policy value: "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;" + - action: script args: hook: true @@ -45,19 +46,24 @@ headless: return oldListener.apply(this, arguments); }; } + - args: url: "{{BaseURL}}" action: navigate - action: waitload + - action: script name: alerts args: - code: window.alerts + code: | + () => { window.alerts } + matchers: - type: word part: alerts words: - "at Window.addEventListener" + extractors: - type: kval part: alerts diff --git a/headless/prototype-pollution-check.yaml b/headless/prototype-pollution-check.yaml index 927969426c..94645993f4 100644 --- a/headless/prototype-pollution-check.yaml +++ b/headless/prototype-pollution-check.yaml @@ -81,15 +81,19 @@ headless: url: "{{BaseURL}}" action: navigate - action: waitload + - action: script name: alerts args: - code: window.alerts + code: | + () => { window.alerts } + matchers: - type: word part: alerts words: - "__proto__" + extractors: - type: kval part: alerts diff --git a/headless/window-name-domxss.yaml b/headless/window-name-domxss.yaml index 3db2a58466..0e54b61520 100644 --- a/headless/window-name-domxss.yaml +++ b/headless/window-name-domxss.yaml @@ -15,6 +15,7 @@ headless: part: response key: Content-Security-Policy value: "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;" + - action: script args: hook: true @@ -63,19 +64,24 @@ headless: return oldEval.apply(this, arguments); }; } + - args: url: "{{BaseURL}}" action: navigate - action: waitload + - action: script name: alerts args: - code: window.alerts + code: | + () => { window.alerts } + matchers: - type: word part: alerts words: - "sink:" + extractors: - type: kval part: alerts