Skip to content
This repository was archived by the owner on Mar 20, 2020. It is now read-only.
/ test-bench-content Public archive

Shared views to use in Contrast's web framework test apps.

0 stars 0 forks Branches Tags Activity
Star

Contrast-Security-OSS/test-bench-content

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits
partials
partials
 
 
views
views
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

@contrast/test-bench-content

Shared views to use in Contrast's web framework test apps.

Adding a shared view to multiple apps

Once you have configured a sink within @contrast/test-bench-utils, you're ready to add a shared view here. Shared view templates are rendered with the following locals provided:

  • name: the name of the vulnerability being tested
  • link: a link to OWASP or another reference describing the vulnerability
  • sinkData: an array of objects describing the sinks exercising a rule, containing (at least) the following keys:
    • method: the HTTP method being used to submit the attack
    • name: the name of the particular sink being exercised
    • url: the api endpoint url to hit
  • _csrf for Kraken apps, we provide the csrf token to be included as a hidden field within a form

An endpoint may also be configured to provide additional locals to the template to render additional context for a rule. For example, we provide an XML string to the xxe endpoint as a potential attack value.

About

Shared views to use in Contrast's web framework test apps.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

10 watching

Forks

0 forks
Report repository

Releases

18 tags

Packages

No packages published

Contributors 6

Languages