Skip to content

Commit

Permalink
Merge pull request #9 from OWASP/dev
Browse files Browse the repository at this point in the history 
Sync
  • Loading branch information
@Snbig
Snbig authored Nov 30, 2024
2 parents 513a054 + cd270b5 commit 0bd5f02
Show file tree
Hide file tree
Showing 27 changed files with 29 additions and 51 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/template-sign.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: ☑️ Template Sign
on:
push:
branches:
- main
- dev
paths:
- '**.yaml'
workflow_dispatch:
Expand Down
2 changes: 1 addition & 1 deletion Vulnerable-Pages
Submodule Vulnerable-Pages updated 3 files
+120 −0 ASVS_5_2_5/index.html
+1 −1 README.md
+19 −0 app.py
3 changes: 1 addition & 2 deletions templates/12.6.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,5 +56,4 @@ http:
words:
- "http"
- "dns"

# digest: 4b0a00483046022100cfb30937dcee2b4ad9d0283d5ac976acd3214a668bc4192bc723357a040eeb1f0221008ee0614a0fac834b615a792c135cb7dba9d5f113212c25030acdc7a4771a7eca:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100c660a7e46a1f17eed707c5912df531e5f2938feba4be175f24f20b0ecb229fde022100a79f952331843fab8d0705fd10d56db51e59bdd935d65ad3a557357129527964:236a7c23afe836fbe231d6e037cff444

Check warning on line 59 in templates/12.6.1.yaml

View workflow job for this annotation

GitHub Actions / build 

59:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/13.2.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,5 +77,4 @@ http:
- 501
- 400
- 404

# digest: 4a0a0047304502201e2b6ef9d5fad256778bebf27037ad8304fcd1f611f5506a12d01728a66057f8022100eea5743362910e6fb66690f49da281eba1c5f90c2c47887d77656cee01f668bf:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022100aebefd25b0092abda9ce5fe883bd697840517596d0fa9ad3568df20aeb135b5b02204f37eadc973614cecf45e2148a382bd031442b88c71e43380977fc48d47d5dc3:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/13.2.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,5 +49,4 @@ http:
name: "JSON schema validation does not take place"
dsl:
- http_1_status_code == http_2_status_code

# digest: 4a0a0047304502205a43e4e3d911399b0279a0e36d20c6df789cbc05e893c72c91223bbd5628c558022100c2c4e68d2c524bfad2d6abf7e68e73b3e6f23f6e3576b1118eec73867be21413:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022100b73b39ccf048edda7c4aa9441eaf0c563ad5a5e228343a74202942ce50d52a7902203106b62045b194899fea77e2d622e95b95c1bca4a254426d72b21fecf4e54889:236a7c23afe836fbe231d6e037cff444

Check warning on line 52 in templates/13.2.2.yaml

View workflow job for this annotation

GitHub Actions / build 

52:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/13.3.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,4 @@ http:
name: "XSD schema validation does not take place"
dsl:
- http_1_status_code == http_2_status_code

# digest: 4a0a004730450220553d29d64c11f522860d4ef744b33933542b6159bcf9e3ac9f489e622744a1db022100e94b0bf6b38bf9a610c861d28720f4fb973dd0a832fc57b4872f6e0a81969ac9:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a0047304502207ca44e8d68be7cb710667f7328b52eac1f7fea7d001ae21a328f4a121d790b6d022100ec2dc95da4c3648dce3846c305175eb6ee72971a4a0320503d4701f270f456b6:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/14.4.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,5 +61,4 @@ http:
regex:
- (?i)<\?xml\s+version\s*=\s*["'][0-9.]*["']\s+encoding\s*=\s*["'](utf-?8|utf-?16|iso-?8859-?1)["']\s*\?>
part: body

# digest: 4a0a00473045022100b131ce94c26edbe11d5324b84d29f79662a53d29df6fbfe4cc9b9b5a915a95e602206e3c2bbe09245de1b800857b5f05e63a97d4bc0e406e2fe8220d0e864f9f9fa0:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a004730450220525fe4dc3fdd26317e31d019b0bd0181179308d3e939c0f04a6128a42f5ac67c02210085a14e170268627d72773f1386e4fa837baaf7ed986961fe8c015345a2446cf8:236a7c23afe836fbe231d6e037cff444

Check warning on line 64 in templates/14.4.1.yaml

View workflow job for this annotation

GitHub Actions / build 

64:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/14.4.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,4 @@ http:
name: '"Content-Disposition: attachment; filename=" header does not exist.'
dsl:
- '!contains(header, "Content-Disposition: attachment; filename=")'

# digest: 4a0a00473045022100977f242960e9d12febd55a9381f673e03fba6321e03b8f2d52a027653a2f23d0022074d165d4d83e3f0e04dfedd8a226344c17ad9b60e0b38679b11ed4d84543d516:236a7c23afe836fbe231d6e037cff444
# digest: 490a00463044022018c331beaaeefb0bec865ba92676c61ce8fd4974a046cc0931ff5d3899339c0d022051a1a9a7cfe4021738f21627341c59f6b3ef6456c82e9a5e2d68eade14e61983:236a7c23afe836fbe231d6e037cff444

Check warning on line 30 in templates/14.4.2.yaml

View workflow job for this annotation

GitHub Actions / build 

30:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/14.4.3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,4 @@ http:
negative: true
regex:
- (?i)<meta\s+http-equiv\s*=\s*["'](Content-Security-Policy|Content-Security-Policy-Report-Only)["'].*\/?>

# digest: 4a0a0047304502204e5ca28713bcdaaeb06822a90b46edb4cb86b627a43c88eb732bce4ce949974e0221008c1140ca2bad383399703840bafb577e482984f8fb501578664395430a3b9717:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100c105e460953a1dce16aa5d32b46221be23e3694e93af23241e7c3315edbf82ee022100950f731a46bd4d07acf13a458411c9dd96c9cecf20277b0de22a4cdaf089a50e:236a7c23afe836fbe231d6e037cff444

Check warning on line 39 in templates/14.4.3.yaml

View workflow job for this annotation

GitHub Actions / build 

39:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/14.4.4.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,4 @@ http:
name: '"X-Content-Type-Options: nosniff" header does not exist.'
dsl:
- '!contains(header, "X-Content-Type-Options: nosniff")'

# digest: 4a0a00473045022021b7cc0154b0c7bd2b5ac0ee5deab034b12a3cf59a47bd6a28c39c6a4bd0c7c4022100a24955829e13964f260b1dc1b581c14dfc6eb68789581c68753c873aabe062e7:236a7c23afe836fbe231d6e037cff444
# digest: 490a004630440220108a2a070c5c3eea20f884b9e3f86ceb8081ff6050118c36819a3216bfe54d050220233581ec25a21be0cb700adffd8cb5f972f606af800364429b9ff294fee50125:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/14.4.5.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,4 @@ http:
regex:
- (?i)Strict-Transport-Security:\s*.*\bincludeSubdomains\b
part: header

# digest: 4a0a004730450220644eb8e8c378d2cfe98dbe293b3962740473a3a8e6d67069040ac127f19c3bcf022100f5a7e3ffaef6a581b01b7277334cd6190a6459551e8db7a7df1ca7af83171976:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022056dd997d69810da0abfd466eabf45a445fdc213cdf30c0c331f4277433cc6819022100a893a409a422d890edec4ee188a94632514661950241fc879532c9c88bc39eb0:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/14.4.6.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,4 @@ http:
regex:
- (?i)<meta\s+name="referrer"\s+content\s*=\s*["']strict-origin-when-cross-origin["']\s*\/?>
part: body

# digest: 4a0a00473045022100e70e0364f38ab74fea56856ce5d7a49002e63ffcfc5ad090e4dfd1bee11414ec02204832f0a14a3de7d0afd578e63024ba14eb70db8da4ba3f51b43611fdcc700d1e:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100927b22f0159edfb9ba87ca21a8731b65ee9b355b204cd2b24a72d471c28dbcf9022100f4e708bdc578ce23c21de666370169f4d84a364f1e9ce52785f3d488102ffe1d:236a7c23afe836fbe231d6e037cff444

Check warning on line 45 in templates/14.4.6.yaml

View workflow job for this annotation

GitHub Actions / build 

45:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/14.4.7.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,5 +54,4 @@ http:
regex:
- (?i)<meta\s+http-equiv=["']Content-Security-Policy["'][^>]*content=["'][^"']*frame-ancestors[^"']*["'][^>]*>
part: body

# digest: 4a0a00473045022100fdf3617a3b40b43af7b9ea187ae58fd334c6a2cdaa66dc291637fb668545743602206082e3c4fd4e10b8988e214e0384493449542e7ab8a9e61d5b895dfdda05e598:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022100e9f9c9c6ad4830bc797228f631dcd4dd7eb386581ea86f9fdb28dfe6f3ef3172022007e21fabe819d751c7c8324e287455f3a8636f02e8fbb314694a3f2ddb763a2c:236a7c23afe836fbe231d6e037cff444

Check warning on line 57 in templates/14.4.7.yaml

View workflow job for this annotation

GitHub Actions / build 

57:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/14.5.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,4 @@ http:
- 501
- 404
- 400

# digest: 4a0a00473045022100e9008d3ed80049e226d14238f49ec8d94dc8affd52fa512eb337e6970b7985eb022008c1996d924f80cc431443db55b4d5e0a70a33d350f53ff3f18edb6d88d1896c:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022056efd4ffa79d457f8040b28f78c1c1c8dc607cbe837deff231cd64d5ce088052022100db36511d3cc0c05d90b04e67d5fa171ad962c19bc1eb4e0563620b53166d2ed8:236a7c23afe836fbe231d6e037cff444

Check warning on line 53 in templates/14.5.1.yaml

View workflow job for this annotation

GitHub Actions / build 

53:1 [comments-indentation] comment not indented like content
3 changes: 1 addition & 2 deletions templates/14.5.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,4 @@ http:
dsl:
- status_code < 210 && status_code >= 200
- to_number(forbidden_status_code) != status_code

# digest: 490a0046304402204a85e8500309dfa1f935ef7d5506ddf8c9f25ac26171769773c3d8ab8d510a07022065cc0dc83b5dfb52b8e6ebfd23e125442e7340b0b2c5fd41dffc21c1b76323c1:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100dee307ac580c08c30516144b38c8f4ea9d17d0406f1a6b2365fb23f7b5b3f476022100effd3e26b9477bf834811cc0d8d1d231f3a36adf25c6ae2a492d403649db76b0:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/14.5.3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,5 +48,4 @@ http:
part: access_control_allow_origin
words:
- "null"

# digest: 490a0046304402203dab3e5b26d174760a953d85392340cb58608cb60fdd6ed9393872db1d8234010220255ae97983eec7c21acff3dfbcf29d50182883570aa29c77d2ba91f07d07ace8:236a7c23afe836fbe231d6e037cff444
# digest: 490a00463044022047a17930c81bc23fd6c58f5b65c0fc9ce3aa40304596f1829e588afdaaaa4ae002206752b36dc03f1abd1a6e67883e5ec1ca6128bb54988c21dfb22be366dd428621:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/5.1.5.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,5 +139,4 @@ http:
- 304
- 307
- 308

# digest: 4a0a0047304502206ec6244c2752f17ab14c609aafd0d07a79b5a12eabf28b5e50517b4e3096f3ad022100ca2376250e180e34bde495bcb73a07d9dfe3ccee8e9e2e559a70aef2a255a81d:236a7c23afe836fbe231d6e037cff444
# digest: 490a0046304402203757d61b7f64321996efd926976e6eee3421d439522af6c37ba5cc677d01c8f202202b7981874ccec543f7556c585df38a8ad8416e22fa82d8df55aec5008cb47728:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/8.2.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,4 @@ http:
regex:
- '(?i)cache-control:.*no-store'
negative: true

# digest: 490a00463044022039bd2b86a4b691ac7599de720790ff8a27691d1ebe290d654276f55be597ba08022003c8395bde847d221c4372a9b858d6b5d0b77dc902724de8e175bb2b82400f3d:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022100ba87093015c4de86bb0efe735be654879ea942d00b925b9e308a6af45535cdac022051df20f72bba9359f5c660ce4d4a3357f526ee9bb431bf5eee930583b3793240:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/9.1.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,5 +423,4 @@ ssl:
- "TLS_KRB5_WITH_RC4_128_SHA"
- "TLS_RSA_WITH_NULL_SHA"
condition: or

# digest: 490a0046304402201974ed7754084528a7b752fa0f9306c1f8a02e444f3fefd222ff3da81d0a99b7022060e9f16508296e7e5b384550ff780c5a48fb67b2b2a49f5410153823293aca30:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a004830460221009ccee0391684e66f6f094b43f96b444e98ad303b916f17bb98119c9fb3b23124022100f0ac71c2f566f50bf5420705425e64ace27dcf3cfd8a84e080a991db7e4ad990:236a7c23afe836fbe231d6e037cff444
5 changes: 2 additions & 3 deletions templates/9.1.3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,5 @@ ssl:
extractors:
- type: json
json:
- " .tls_version"

# digest: 4a0a004730450220388a40c3cf9246743cc5b84c0789de363248c315b978b401c5db43ccfbcb27bb022100d85b44781554137e8896ef87b2138a6df6ab09d968685d78ac634878b3c94727:236a7c23afe836fbe231d6e037cff444
- " .tls_version"
# digest: 4a0a00473045022065282575a135691de3ce419d2ea546daa99ef87c3fa4742f597f5f081a4b2118022100fbae7e4a55c4493731649f3929a8e1fcd831156092c7e31e0cbc96a76c37d56a:236a7c23afe836fbe231d6e037cff444

Check warning on line 48 in templates/9.1.3.yaml

View workflow job for this annotation

GitHub Actions / build 

48:1 [comments-indentation] comment not indented like content
2 changes: 2 additions & 0 deletions templates/code/12.1.1.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,5 @@ http:
status:
- 500
- 503

# digest: 4b0a00483046022100a1a000f9e17a6e0742509f92e5bfc0bff3e4593e92006c1df43768dd84f93a56022100ee377b3ab8e4140a4b89335af54301c3603f629fdb11d7b2bca8f1d93f58342a:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/dast/12.3.3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,5 +45,4 @@ http:
words:
- "http"
- "dns"

# digest: 4a0a00473045022100f368aa244774591af8882b0c7558e7485ad5e80a2b19d50188c9f93bde0f41a8022054eeb86288f988a190ba7eb40f538583653238ff2c07bc6118b4e7414fd11d40:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100e9049e13075ecd5bbc8127b9f96d1a53760d33467da662895cb19e61dd707cbe02210083d94e0c052abf24a0fad0ef9c48830fac642abaacc5acc42aa239e00b313237:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/dast/5.2.5.1.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,5 +56,4 @@ http:
part: body
words:
- "{{result}}"

# digest: 4a0a00473045022029fb655e06763dedf9fc3f7e20519cf4509815ec382b3fc2d57dd86fa52e7cc0022100b40611297a0154436b6b424d0a66c886087063dd32b860bd921a1d6861f75a28:236a7c23afe836fbe231d6e037cff444
# digest: 4b0a00483046022100da80ad516d90009b5df97b143c317e456166d8a530807d1a22a4bdf33e2e02d6022100c598250971a7b612e13e728cd65c5949c799ee671c1f448fa4610e1e281904aa:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/dast/5.2.6.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,5 +104,4 @@ http:
part: body
regex:
- 'id[\s\S]+interfaces\/'

# digest: 4a0a0047304502206db35451526c61ae1137857401104fd6fa9ee4991fade362ca16604b56afad20022100e374582eca20f469b35f0a7c915f89b21b9bca7e60a941e3303bd867e7c626d1:236a7c23afe836fbe231d6e037cff444
# digest: 490a0046304402200dc0a16d082776432820c031e604322ec12beb30626ca43956a7fa555617f091022016ce718c00a0eb10abf3ea9ea4b938e675b03a9adf81f9c0df9108e2d6b60d23:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/dast/5.3.3.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,5 +54,4 @@ http:
part: header
words:
- "text/html"

# digest: 4a0a00473045022100dfac5ffdf63003cee159b45ec392c444099dae34f644c2d2b36a8d48542dcb3402203eff2789a448f595c7914604f3b07c377e62dfe21a8061a9220c831a81c16c7d:236a7c23afe836fbe231d6e037cff444
# digest: 490a0046304402203745616e4eed1a379291f198ff1bceca4026f35ab31ae6fc57a103bfa0b35b1002202ebcca2385d281aaaaa9cea4d7ff92f9d0b77ae3d6bfeb376ea073ae986126b4:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/dast/5.5.2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,4 @@ http:
part: interactsh_protocol
words:
- "http"

# digest: 490a0046304402201e80e06dcff15f20d237fabdd7d41a14a5c92d9a8fce39ace9258fabbc0842dc022012dd0137fc6531475d08aea9e2cd60b35791c1c5465b70272185914f925d8347:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a00473045022020ac26142768a5448a5d75239daff14033fcefdf91bc8be2b16af5b418fcb3e1022100dd6f8f2b753927a5ccc26ad2aac277578ce173cea95b7bf8cc2f31cc00ea5946:236a7c23afe836fbe231d6e037cff444
3 changes: 1 addition & 2 deletions templates/headless/14.2.3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,5 +49,4 @@ headless:
- type: dsl
dsl:
- len(trim(split(assets_with_external_fqdn, '|'), '[]')) > 0

# digest: 490a00463044022030bba129d709e98d69e14df93e8a8f77cbb7e3d605a26e284d7824bd29b2fcac02204f55d5a72ebb2d880e95eff630c941f07d0ced9bee8e0313dbe2e9b06d4ac496:236a7c23afe836fbe231d6e037cff444
# digest: 4a0a004730450220535c0d0769b2c5d9fa32504f8dc1dea344e5b80383801e58079d5542a48d4841022100f38b8f42d40c2c3afb90b531918d965cec76ff5b4912ef1a028c0bb1437bd543:236a7c23afe836fbe231d6e037cff444

0 comments on commit 0bd5f02

Please sign in to comment.