-
Notifications
You must be signed in to change notification settings - Fork 147
/
Copy pathIast.StoredXss.AspNetCore5.IastEnabled.verified.txt
85 lines (85 loc) · 2.08 KB
/
Iast.StoredXss.AspNetCore5.IastEnabled.verified.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
[
{
TraceId: Id_1,
SpanId: Id_2,
Name: aspnet_core.request,
Resource: GET /iast/storedxss,
Service: Samples.Security.AspNetCore5,
Type: web,
Tags: {
aspnet_core.endpoint: Samples.Security.AspNetCore5.Controllers.IastController.StoredXss (Samples.Security.AspNetCore5),
aspnet_core.route: iast/storedxss,
component: aspnet_core,
env: integration_tests,
http.method: GET,
http.request.headers.host: localhost:00000,
http.route: iast/storedxss,
http.status_code: 200,
http.url: http://localhost:00000/Iast/StoredXss?param=%3Cb%3ERawValue%3C/b%3E&database=...,
http.useragent: Mistake Not...,
language: dotnet,
runtime-id: Guid_1,
span.kind: server,
_dd.iast.enabled: 1,
_dd.iast.json:
{
"vulnerabilities": [
{
"type": "XSS",
"hash": XXX,
"location": {
"spanId": XXX,
"path": "AspNetCore.Views_Iast_Xss+<<ExecuteAsync>b__8_1>d",
"method": "MoveNext"
},
"evidence": {
"valueParts": [
{
"value": "<script language='javascript' type='text/javascript'>alert('Stored XSS attack');</script>",
"source": 0
},
{
"value": "<b>More Text</b>"
}
]
}
}
],
"sources": [
{
"origin": "sql.row.value",
"name": "Details",
"value": "<script language='javascript' type='text/javascript'>alert('Stored XSS attack');</script>"
}
]
}
},
Metrics: {
process_id: 0,
_dd.top_level: 1.0,
_dd.tracer_kr: 1.0,
_sampling_priority_v1: 2.0
},
MetaStruct: {
iast:
}
},
{
TraceId: Id_1,
SpanId: Id_3,
Name: aspnet_core_mvc.request,
Resource: GET /iast/storedxss,
Service: Samples.Security.AspNetCore5,
Type: web,
ParentId: Id_2,
Tags: {
aspnet_core.action: storedxss,
aspnet_core.controller: iast,
aspnet_core.route: iast/storedxss,
component: aspnet_core,
env: integration_tests,
language: dotnet,
span.kind: server
}
}
]