Create 5.2.1.yaml

Ahsraeisi · web-flow · commit c53b21697662 · 2025-04-10T04:05:27.000+03:30
Signed-off-by: AmirHossein Raeisi &lt;96957814+Ahsraeisi@users.noreply.github.com&gt;
diff --git a/templates/dast/assets/5.2.1.yaml b/templates/dast/assets/5.2.1.yaml
@@ -0,0 +1,68 @@
+id: ASVS-4-0-3-V5-2-1
+
+info:
+  name: ASVS 5.2.1 Check
+  author: Masoud Abdaal,AmirHossein Raeisi
+  severity: high
+  classification:
+    cwe-id: CWE-116
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
+    - https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v52-sanitization-and-sandboxing
+  tags: asvs,5.2.1
+  description: |
+    Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature.
+
+variables:
+  first: "{{rand_int(10000, 99999)}}"
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - method == POST
+          - len(body) > 0
+
+    payloads:
+      reflection:
+        - "'\"><{{first}}>"
+        - "'><{{first}}>"
+        - "\"><{{first}}>"
+
+    fuzzing:
+      - part: body
+        type: postfix
+        mode: multiple
+        keys:
+          - "ops"
+          - "insert"
+          - "ops"
+          - "insert"
+          - "attributes"
+          - "bold"
+          - "italic"
+          - "link"
+          - "time"
+          - "blocks"
+          - "type"
+          - "data"
+          - "text"
+          - "level"
+          - "style"
+          - "items"
+          - "version"
+        fuzz:
+          - "{{reflection}}"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{reflection}}"
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
