xssvalidator

package module
v0.0.0-...-0367319 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2022 License: MIT Imports: 6 Imported by: 1

README

XSS Validator

Go Report Card GoDoc License made-with-Go

XSS Validator on input fields. It covers all the payloads from the test/payloads.txt.

Usage
go get github.com/infiniteloopcloud/xss-validator

package main

import xssvalidator "github.com/infiniteloopcloud/xss-validator"

func main() {
	err := xssvalidator.Validate("input_data", xssvalidator.DefaultRules...)
	if err != nil {
		// rule triggered
	}

	// or use selected
	err = xssvalidator.Validate("input_data", []xssvalidator.Rule{
		xssvalidator.ForbiddenKeywords{},
		xssvalidator.ForbiddenHTMLUnescapeStringKeywords{},
	}...)
	if err != nil {
		// rule triggered
	}
}
Writing custom rules

Anything implements the xssvalidator.Rule can be a rule passed into the validator.

package ownrule

import (
	"errors"
	"strings"

	xssvalidator "github.com/infiniteloopcloud/xss-validator"
)

var _ xssvalidator.Rule = AlertRule{}

type AlertRule struct{}

func (a AlertRule) Check(v string) error {
	if strings.Contains(v, "alert") {
		return errors.New("contains alert")
	}

	return nil
}

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrBracketRule       = errors.New("bracket rule triggered, input contains one of the following characters: (){}[]")
	ErrForbiddenKeywords = errors.New("forbidden keywords triggered, input contains one of the following keywords in a vulnerable format: alert, prompt")
)
View Source 
var DefaultRules []Rule = []Rule{
	ForbiddenKeywords{},
	ForbiddenHTMLUnescapeStringKeywords{},
	ForbiddenURLQueryUnescapeKeywords{},
	ForbiddenUnicodeKeywords{},
	ForbiddenLowercaseKeywords{},
}

Functions

func Validate 

func Validate(input string, rules ...Rule) error

Types

type BracketRule 

type BracketRule struct{}

func (BracketRule) Check 

func (BracketRule) Check(input string) error

type ForbiddenHTMLUnescapeStringKeywords 

type ForbiddenHTMLUnescapeStringKeywords struct{}

func (ForbiddenHTMLUnescapeStringKeywords) Check 

func (f ForbiddenHTMLUnescapeStringKeywords) Check(input string) error

type ForbiddenKeywords 

type ForbiddenKeywords struct{}

func (ForbiddenKeywords) Check 

func (f ForbiddenKeywords) Check(input string) error

type ForbiddenLowercaseKeywords 

type ForbiddenLowercaseKeywords struct{}

func (ForbiddenLowercaseKeywords) Check 

func (f ForbiddenLowercaseKeywords) Check(input string) error

type ForbiddenURLQueryUnescapeKeywords 

type ForbiddenURLQueryUnescapeKeywords struct{}

func (ForbiddenURLQueryUnescapeKeywords) Check 

func (f ForbiddenURLQueryUnescapeKeywords) Check(input string) error

type ForbiddenUnicodeKeywords 

type ForbiddenUnicodeKeywords struct{}

func (ForbiddenUnicodeKeywords) Check 

func (f ForbiddenUnicodeKeywords) Check(input string) error

type Rule 

type Rule interface {
	Check(string) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.