From e52b06f9818626a2f27d3559639e65db8c1806eb Mon Sep 17 00:00:00 2001 From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> Date: Wed, 3 Sep 2025 03:08:00 +0330 Subject: [PATCH 1/7] Create 3.3.5.yaml Signed-off-by: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> --- templates/code/3.3.5.yaml | 52 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 templates/code/3.3.5.yaml diff --git a/templates/code/3.3.5.yaml b/templates/code/3.3.5.yaml new file mode 100644 index 0000000..fa5c89a --- /dev/null +++ b/templates/code/3.3.5.yaml @@ -0,0 +1,52 @@ +id: ASVS-5-0-0-V3-3-5 + +info: + name: ASVS 3.3.5 Check + author: AmirHossein Raeisi + severity: info + classification: + cwe-id: CWE-613 + reference: + - https://en.wikipedia.org/wiki/HTTP_cookie + tags: asvs,3.3.5 + description: | + Verify that when the application writes a cookie, the cookie name and value length combined are not over 4096 bytes. Overly large cookies will not be stored by the browser and therefore not sent with requests, preventing the user from using application functionality which relies on that cookie. + +flow: | + http() + javascript() + +http: + - method: GET + path: + - "{{BaseURL}}" + host-redirects: true + max-redirects: 2 + +javascript: + - code: | + content = template.http_all_headers; + const setCookieLines = content + .split(/\r\n/) + .filter(line => line.trim().toLowerCase().startsWith('set-cookie:')); + + const cookieDetails = setCookieLines + .map(line => { + const match = line.match(/set-cookie:\s*([^=]+)=([^;]+)/i); + if (match) { + const cookieName = match[1]; + const cookieValue = match[2]; + const cookieString = `${cookieName}=${cookieValue}`; + if (cookieString.length > 4096) { + return cookieName; + } + } + }) + .filter(Boolean); + + cookieDetails; + + extractors: + - type: regex + regex: + - '[a-zA-Z0-9_-]+' From ac129673b578c22ad4e4cfdef6a081a0a05c4e39 Mon Sep 17 00:00:00 2001 From: Signing Bot Date: Tue, 2 Sep 2025 23:38:12 +0000 Subject: [PATCH 2/7] Update README table --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index afc5aa8..b57ce51 100644 --- a/README.md +++ b/README.md @@ -37,25 +37,25 @@ The project current core team are: - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + -
Template NameVulnerable PageTemplate NameVulnerable Page
2.1.11✔️3.1.1
3.4.13.4.2
5.1.5✔️5.1.2
5.1.15.2.5.1
5.2.15.2.6
5.3.45.3.3.2
5.3.9✔️5.3.3.1
5.5.28.2.1
9.1.29.1.3
12.1.1✔️12.1.1.2
12.3.3✔️12.6.1✔️
13.1.313.2.2✔️
13.2.313.2.1
13.3.1✔️14.2.3
14.3.214.4.7
14.4.214.4.5
14.4.114.4.4
14.4.614.4.3
3.3.53.4.1
3.4.25.1.1
5.1.25.1.5✔️
5.2.15.2.5.1
5.2.65.3.9✔️
5.3.3.25.3.4
5.3.3.15.5.2
8.2.19.1.3
9.1.212.1.1✔️
12.1.1.212.3.3✔️
12.6.1✔️13.1.3
13.2.2✔️13.2.1
13.2.313.3.1✔️
14.2.314.3.2
14.4.314.4.2
14.4.414.4.5
14.4.714.4.6
14.4.114.5.1
14.5.2✔️14.5.3✔️
14.5.1
From 48de44b73dd35a493df5a5ab42ef14a8297b8313 Mon Sep 17 00:00:00 2001 From: ghost Date: Tue, 2 Sep 2025 23:38:16 +0000 Subject: [PATCH 3/7] =?UTF-8?q?chore:=20sign=20templates=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/9.1.3.yaml | 2 +- templates/code/3.3.5.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index 045e9f8..aa11543 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 4b0a004830460221008abed7c5325a8518c05263575c8c5e574b1884952b2e75974d2be504961a7b9102210089b15b5102cc68184167d1a5270d4ff06a018de0eed03289ea71ba7fad0a50e8:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4a0a00473045022100bbfeec9a8062c487cdcea044eeeb1709f0713b6b72bfbd00e351878d78ba7ffe0220216f6613770d2538719a4a59326b610d951d7915541ef3d2212d9f7b62d65ae9:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/code/3.3.5.yaml b/templates/code/3.3.5.yaml index fa5c89a..f0facb7 100644 --- a/templates/code/3.3.5.yaml +++ b/templates/code/3.3.5.yaml @@ -50,3 +50,4 @@ javascript: - type: regex regex: - '[a-zA-Z0-9_-]+' +# digest: 4b0a00483046022100fa6efaea2954e3add80bac06f735b9a222c4a90fecbff5f126dae708d8b7004f022100ef38b45c4c2a4cf8e55f525ef3510c08d2856e4d45f452997737a80e6c3295fd:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file From 2d3f61fdcd368a50a9b5576c909911dcc2818ee1 Mon Sep 17 00:00:00 2001 From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> Date: Wed, 3 Sep 2025 03:16:27 +0330 Subject: [PATCH 4/7] Update 5.3.3.2.yaml Signed-off-by: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> --- templates/dast/5.3.3.2.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/dast/5.3.3.2.yaml b/templates/dast/5.3.3.2.yaml index 39e0678..553b962 100644 --- a/templates/dast/5.3.3.2.yaml +++ b/templates/dast/5.3.3.2.yaml @@ -10,8 +10,8 @@ info: - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting - https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_3/ - https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/xss/reflected-xss.yaml -tags: asvs,5.3.3 -description: | + tags: asvs,5.3.3 + description: | Verify that context-aware, preferably automated - or at worst, manual - output escaping protects against reflected, stored, and DOM based XSS. ([C4](https://owasp.org/www-project-proactive-controls/#div-numbering)) variables: @@ -54,4 +54,4 @@ http: part: header words: - "text/html" -# digest: 490a0046304402203745616e4eed1a379291f198ff1bceca4026f35ab31ae6fc57a103bfa0b35b1002202ebcca2385d281aaaaa9cea4d7ff92f9d0b77ae3d6bfeb376ea073ae986126b4:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 490a0046304402203745616e4eed1a379291f198ff1bceca4026f35ab31ae6fc57a103bfa0b35b1002202ebcca2385d281aaaaa9cea4d7ff92f9d0b77ae3d6bfeb376ea073ae986126b4:236a7c23afe836fbe231d6e037cff444 From 5b87fba60356cd76f0fadaeb2bbe7b9efd9c2314 Mon Sep 17 00:00:00 2001 From: ghost Date: Tue, 2 Sep 2025 23:46:43 +0000 Subject: [PATCH 5/7] =?UTF-8?q?chore:=20sign=20templates=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/9.1.3.yaml | 2 +- templates/dast/5.3.3.2.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index aa11543..3054f93 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 4a0a00473045022100bbfeec9a8062c487cdcea044eeeb1709f0713b6b72bfbd00e351878d78ba7ffe0220216f6613770d2538719a4a59326b610d951d7915541ef3d2212d9f7b62d65ae9:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4a0a00473045022100eec03f5d2bc239a77d790ceab295cdecfd02b6b0fd3ea2798dd560b732357a8b022005673e9abed1cebb05a2b78a387eecddf3ade13af17b6c081709502297d98000:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/dast/5.3.3.2.yaml b/templates/dast/5.3.3.2.yaml index 553b962..4c23e27 100644 --- a/templates/dast/5.3.3.2.yaml +++ b/templates/dast/5.3.3.2.yaml @@ -54,4 +54,4 @@ http: part: header words: - "text/html" -# digest: 490a0046304402203745616e4eed1a379291f198ff1bceca4026f35ab31ae6fc57a103bfa0b35b1002202ebcca2385d281aaaaa9cea4d7ff92f9d0b77ae3d6bfeb376ea073ae986126b4:236a7c23afe836fbe231d6e037cff444 +# digest: 4a0a0047304502206281af73bc04909d242b46e09f81b425b103b91c26f26b38ad852428b16edfc7022100a82032a6b6432d5c19aa9f92a8ad4c82fd96d6d706a45362cddbd76c2344f6cf:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file From bd0046d25921bce1b26b1468efcc2249785c9890 Mon Sep 17 00:00:00 2001 From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> Date: Wed, 3 Sep 2025 03:17:57 +0330 Subject: [PATCH 6/7] Update 3.3.5.yaml Signed-off-by: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com> --- templates/code/3.3.5.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/code/3.3.5.yaml b/templates/code/3.3.5.yaml index f0facb7..4b1fdb9 100644 --- a/templates/code/3.3.5.yaml +++ b/templates/code/3.3.5.yaml @@ -45,9 +45,8 @@ javascript: .filter(Boolean); cookieDetails; - + extractors: - type: regex regex: - '[a-zA-Z0-9_-]+' -# digest: 4b0a00483046022100fa6efaea2954e3add80bac06f735b9a222c4a90fecbff5f126dae708d8b7004f022100ef38b45c4c2a4cf8e55f525ef3510c08d2856e4d45f452997737a80e6c3295fd:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file From 2b9a9b0833ecf358fe93aad913d76fdb6d001a7e Mon Sep 17 00:00:00 2001 From: ghost Date: Tue, 2 Sep 2025 23:48:10 +0000 Subject: [PATCH 7/7] =?UTF-8?q?chore:=20sign=20templates=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/9.1.3.yaml | 2 +- templates/code/3.3.5.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/9.1.3.yaml b/templates/9.1.3.yaml index 3054f93..ba9e95d 100644 --- a/templates/9.1.3.yaml +++ b/templates/9.1.3.yaml @@ -45,4 +45,4 @@ ssl: - type: json json: - " .tls_version" -# digest: 4a0a00473045022100eec03f5d2bc239a77d790ceab295cdecfd02b6b0fd3ea2798dd560b732357a8b022005673e9abed1cebb05a2b78a387eecddf3ade13af17b6c081709502297d98000:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file +# digest: 4a0a00473045022100fcf5a7563848e40a5e74c8f5a8406a7da1800c0de1fb85fd93009f3065ffc4ba02206fb604dd21c03a7cf39d9a08dc90d10c8f73743f0b245432eb2e9e3850ec5577:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file diff --git a/templates/code/3.3.5.yaml b/templates/code/3.3.5.yaml index 4b1fdb9..98c826c 100644 --- a/templates/code/3.3.5.yaml +++ b/templates/code/3.3.5.yaml @@ -50,3 +50,4 @@ javascript: - type: regex regex: - '[a-zA-Z0-9_-]+' +# digest: 4a0a0047304502207dc33efbda702dccc6ff9845a2d0cae55e4cc74b68b36daa4c61e02ba76ada0c0221009156ea8ebb572937653c9d52bca4e3fd695f84380341d0272a5312cf79250894:236a7c23afe836fbe231d6e037cff444 \ No newline at end of file