Added advanced XSS scanning features #765
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @ibrahmsql, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request introduces advanced XSS scanning features, including new CLI flags for detailed analysis, fast scanning, magic character testing, and context-aware payload selection. It enhances parameter discovery, adds WAF bypass payloads, and implements DOM XSS detection to improve penetration testing workflows.
Highlights
- New Flags: Added new CLI flags:
--detailed-analysis,--fast-scan,--magic-char-test, and--context-awareto enhance XSS scanning capabilities. - Enhanced Parameter Analysis: Implemented
--detailed-analysismode for deeper parameter analysis, addressing missed hidden parameters in modern SPAs (Issue #695). - Fast Scanning Mode: Introduced
--fast-scanmode for faster scanning, optimizing concurrency and reducing checks, useful for CI/CD pipelines (Issue #764). - Magic Character Testing: Added
--magic-char-testflag to generate magic character payloads for manual XSS analysis, including context-aware character generation. - WAF Bypass Payloads: Extended payload lists with WAF bypass techniques, modern HTML5 payloads, and CSP bypasses to improve XSS detection.
- DOM XSS Analysis: Implemented DOM XSS detection by analyzing JavaScript code for source-to-sink flows and dangerous patterns.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
The code changes introduce new flags for enhanced XSS scanning. I've identified a few areas for improvement, mainly concerning performance and a critical issue with random number generation. Addressing these will enhance the robustness and efficiency of these new features.
|
all suggested improvements have been applied ready for further review |
Codecov ReportAttention: Patch coverage is 📢 Thoughts on this report? Let us know! |
|
Hi @ibrahmsql Regarding the test code coverage, we can address that as a separate task later on. Thanks again for your work on this! |
|
Hi @hahwul thanks for the review you mentioned you left a few comments but i couldn't locate them in the PR files or conversations could you please point me to those comments or re-post them if needed? thanks 🙂 |
|
@ibrahmsql Oh, I'm so sorry. I didn't change the review status. |
|
|
@ibrahmsql |
|
super thanks for merging it nice to see it coming with v2.12 Let me know if I can help with anything else have a good day :) |
2 participants
New flags added:
--detailed-analysis: Performs deeper parameter analysis to uncover more XSS vectors--fast-scan: Enables faster scanning, useful in CI/CD pipelines--magic-char-test: Generates magic character payloads for manual analysis--context-aware: Selects payloads intelligently based on the response contextWhy these changes?
While testing large web applications recently, I noticed the existing parameter discovery wasn’t comprehensive enough. Especially in modern SPAs, some hidden parameters were being missed. The
--detailed-analysismode addresses this issue.Also, for CI/CD workflows, getting quick feedback is important. The
--fast-scanmode runs basic checks rapidly to support that need.Technical details
pkg/model/options.gocmd/directorypkg/scanning/Testing
✅ All existing tests are passing
✅ Tested on real-world targets
✅ Backward compatibility is preserved
✅ No memory leaks found
These features are particularly helpful for improving penetration testing workflows. Looking forward to your feedback!
Closes: #695, #764