{ | |
"info": { | |
"name": "Gruyere Collection", | |
"_postman_id": "9efdd931-ac99-5996-8bcd-07c07652dcfa", | |
"description": "", | |
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" | |
}, | |
"item": [ | |
{ | |
"name": "Login Request", | |
"event": [ | |
{ | |
"listen": "test", | |
"script": { | |
"id": "1ffd2f0e-7e41-47ed-9d7e-70b2a42d4613", | |
"type": "text/javascript", | |
"exec": [ | |
"pm.test(\"Login is no longer done via GET request\", function () {", | |
" pm.response.to.have.status(405);", | |
"});", | |
"", | |
"const cookie = postman.getResponseHeader(\"Set-Cookie\");", | |
"pm.environment.set(\"cookie\", cookie);" | |
] | |
} | |
} | |
], | |
"request": { | |
"method": "GET", | |
"header": [], | |
"body": {}, | |
"url": { | |
"raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/login?uid={username}&pw={password}", | |
"protocol": "https", | |
"host": [ | |
"google-gruyere", | |
"appspot", | |
"com" | |
], | |
"path": [ | |
"574774670130385288196824622060987712038", | |
"login" | |
], | |
"query": [ | |
{ | |
"key": "uid", | |
"value": "{username}", | |
"equals": true | |
}, | |
{ | |
"key": "pw", | |
"value": "{password}", | |
"equals": true | |
} | |
] | |
}, | |
"description": "" | |
}, | |
"response": [] | |
}, | |
{ | |
"name": "XSS Submission", | |
"event": [ | |
{ | |
"listen": "test", | |
"script": { | |
"id": "73ce03de-0aa0-4191-863b-68f757fe9c5f", | |
"type": "text/javascript", | |
"exec": [ | |
"pm.test(\"Input validation flaw leading to XSS has been fixed\", function () {", | |
" pm.response.to.have.status(400);", | |
"});" | |
] | |
} | |
} | |
], | |
"request": { | |
"method": "GET", | |
"header": [ | |
{ | |
"key": "Cookie", | |
"value": "{{cookie}}" | |
} | |
], | |
"body": {}, | |
"url": { | |
"raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/newsnippet2?snippet=<a+href=\"javascript:alert(document.cookie);\">test</a>", | |
"protocol": "https", | |
"host": [ | |
"google-gruyere", | |
"appspot", | |
"com" | |
], | |
"path": [ | |
"574774670130385288196824622060987712038", | |
"newsnippet2" | |
], | |
"query": [ | |
{ | |
"key": "snippet", | |
"value": "<a+href=\"javascript:alert(document.cookie);\">test</a>", | |
"equals": true | |
} | |
] | |
}, | |
"description": "" | |
}, | |
"response": [] | |
}, | |
{ | |
"name": "XSS Payload Execution", | |
"event": [ | |
{ | |
"listen": "test", | |
"script": { | |
"id": "4d8b1fa7-bbba-4825-80fc-766e82c112ff", | |
"type": "text/javascript", | |
"exec": [ | |
"pm.test(\"User input is properly escaped when displayed.\", function () {", | |
" pm.expect(pm.response.text()).not.to.include('<a href=\"javascript:');", | |
"});" | |
] | |
} | |
} | |
], | |
"request": { | |
"method": "GET", | |
"header": [ | |
{ | |
"key": "Cookie", | |
"value": "{{cookie}}" | |
} | |
], | |
"body": {}, | |
"url": { | |
"raw": "https://google-gruyere.appspot.com/574774670130385288196824622060987712038/snippets.gtl", | |
"protocol": "https", | |
"host": [ | |
"google-gruyere", | |
"appspot", | |
"com" | |
], | |
"path": [ | |
"574774670130385288196824622060987712038", | |
"snippets.gtl" | |
] | |
}, | |
"description": "" | |
}, | |
"response": [] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment