wstg
wstg copied to clipboard
OWASP
Added Test for XXE
This PR covers issue #8
- [x] This PR handles the issue and requires no additional PRs. Refer TODOs
- [x] You have validated the need for this change.
What did this PR accomplish?
- Added test case for XXE
TODO
- Edit top level page to link to test case.
- This test case has overlap with WSTG-INPV-07 , XML injection. WSTG-INPV-07 is to be modified to eliminate duplication.
- Need to re-order test case, XXE makes more sense to be after XML injection
Thank you for your contribution!
The following issues were identified: document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md:15:78 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md:74:1 MD010/no-hard-tabs Hard tabs [Column: 1] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md:96:188 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1]
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
The following mistakes were identified:
/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md 117:98 ✖ Incorrect usage of the term: “an URL”, use “a URL” instead terminology
The following mistakes were identified:
/home/runner/work/wstg/wstg/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md 117:98 ✖ Incorrect usage of the term: “an URL”, use “a URL” instead terminology
Following links are broken: FILE:document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/20-Testing_for_XXE_Injection.md [✖] https://www.securityfocus.com/archive/1/297714 → Status: 0
TODO
Edit top level page to link to test case. This test case has overlap with WSTG-INPV-07 , XML injection. WSTG-INPV-07 is to be modified to eliminate duplication. Need to re-order test case, XXE makes more sense to be after XML injection
@kingthorin : Can I go ahead with these ?
I'm good with you addressing duplicate content. However re-ordering things should wait until we are headed to 5.x. Currently we are still planning further 4.x releases, so maybe just create an issue and we can assign it to the 5.0 milestone.
Please comment if you are still working on this PR, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it for new contributors to take over.
Please comment if you are still working on this PR, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it for new contributors to take over.
@RiieCco might you have some time to give this a look?
@kingthorin what is still needed for this? I'll be giving this a look as well.
Alright. Let's re-review that comment, as that seems to be creating an issue, and is not a blocker right now. Let's try to recall the exact concern and then move this. This is a good addition, I'll try to review this ASAP.
It was this discussion:
TODO Edit top level page to link to test case. This test case has overlap with WSTG-INPV-07 , XML injection. WSTG-INPV-07 is to be modified to eliminate duplication. Need to re-order test case, XXE makes more sense to be after XML injection
I'm good with you addressing duplicate content. However re-ordering things should wait until we are headed to 5.x. Currently we are still planning further 4.x releases, so maybe just create an issue and we can assign it to the 5.0 milestone.