From 94b33462550a48ab1252e8ed4bf5bb66c42763b1 Mon Sep 17 00:00:00 2001
From: Rashik Adhikari <128124382+rashik1144@users.noreply.github.com>
Date: Sun, 10 Dec 2023 20:09:51 +0545
Subject: [PATCH 1/4] Update BringBack.postman_collection.json

---
 .../BringBack.postman_collection.json         | 97 ++++++++++++++++++-
 1 file changed, 96 insertions(+), 1 deletion(-)

diff --git a/dotCMS/src/curl-test/BringBack.postman_collection.json b/dotCMS/src/curl-test/BringBack.postman_collection.json
index f9bdeb7f3141..5e4e16371ed2 100644
--- a/dotCMS/src/curl-test/BringBack.postman_collection.json
+++ b/dotCMS/src/curl-test/BringBack.postman_collection.json
@@ -31,6 +31,34 @@
 									"    pm.collectionVariables.set(\"identifier\", jsonData.entity.identifier);",
 									"    pm.collectionVariables.set(\"inode\", jsonData.entity.inode);",
 									"});",
+									"",
+									"// XSS detection test using regular expressions",
+									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
+									"    const responseBody = pm.response.text();",
+									"",
+									"    // Common XSS patterns in regular expressions",
+									"    const xssPatterns = [",
+									"        /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,",
+									"        /on\\w+=\"[^\"]*\"/gi,",
+									"        // Add more patterns as needed",
+									"    ];",
+									"",
+									"    xssPatterns.forEach(function (pattern) {",
+									"        pm.expect(responseBody).to.not.match(pattern);",
+									"    });",
+									"});",
+									"",
+									"",
+									"pm.test(\"Input validation is applied\", function () {",
+									"    pm.expect(pm.response.json().errors).to.not.be.empty; // Assuming errors array is present in case of validation issues",
+									"});",
+									"",
+									"pm.test(\"Security headers are present\", function () {",
+									"    pm.expect(pm.response.headers.has(\"Strict-Transport-Security\")).to.be.true;",
+									"    pm.expect(pm.response.headers.has(\"X-Content-Type-Options\")).to.be.true;",
+									"    // Add more security headers as needed",
+									"});",
+									"",
 									""
 								],
 								"type": "text/javascript"
@@ -386,6 +414,45 @@
 									"    pm.collectionVariables.set(\"identifier\", jsonData.entity.identifier);",
 									"    pm.collectionVariables.set(\"inode\", jsonData.entity.inode);    ",
 									"});",
+									"",
+									"// Check for sensitive data exposure",
+									"pm.test(\"No Sensitive Data Exposure\", function () {",
+									"    var sensitiveFields = [\"password\", \"token\", \"secret\"]; // Add fields to check for sensitivity",
+									"    var jsonData = pm.response.json();",
+									"",
+									"    sensitiveFields.forEach(function (field) {",
+									"        pm.expect(jsonData.entity[field]).to.not.be.ok;",
+									"    });",
+									"});",
+									"",
+									"// Check for proper authentication and authorization",
+									"pm.test(\"Proper Authentication and Authorization\", function () {",
+									"    var jsonData = pm.response.json();",
+									"",
+									"    // Add checks for authentication and authorization based on your API response structure",
+									"    pm.expect(jsonData.entity.canRead).to.be.true;",
+									"    pm.expect(jsonData.entity.canWrite).to.be.true;",
+									"    pm.expect(jsonData.entity.canPublish).to.be.true;",
+									"    // Add more checks as needed",
+									"});",
+									"",
+									"// XSS detection test using regular expressions",
+									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
+									"    const responseBody = pm.response.text();",
+									"",
+									"    // Common XSS patterns in regular expressions",
+									"    const xssPatterns = [",
+									"        /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,",
+									"        /on\\w+=\"[^\"]*\"/gi,",
+									"        // Add more patterns as needed",
+									"    ];",
+									"",
+									"    xssPatterns.forEach(function (pattern) {",
+									"        pm.expect(responseBody).to.not.match(pattern);",
+									"    });",
+									"});",
+									"",
+									"",
 									""
 								],
 								"type": "text/javascript"
@@ -709,6 +776,34 @@
 									"    pm.collectionVariables.set(\"identifier\", jsonData.entity.identifier);",
 									"    pm.collectionVariables.set(\"inode\", jsonData.entity.inode);",
 									"});",
+									"",
+									"// Check for sensitive data exposure",
+									"pm.test(\"No Sensitive Data Exposure\", function () {",
+									"    var sensitiveFields = [\"password\", \"token\", \"secret\"]; // Add fields to check for sensitivity",
+									"    var jsonData = pm.response.json();",
+									"",
+									"    sensitiveFields.forEach(function (field) {",
+									"        pm.expect(jsonData.entity[field]).to.not.be.ok;",
+									"    });",
+									"});",
+									"",
+									"// XSS detection test using regular expressions",
+									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
+									"    const responseBody = pm.response.text();",
+									"",
+									"    // Common XSS patterns in regular expressions",
+									"    const xssPatterns = [",
+									"        /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,",
+									"        /on\\w+=\"[^\"]*\"/gi,",
+									"        // Add more patterns as needed",
+									"    ];",
+									"",
+									"    xssPatterns.forEach(function (pattern) {",
+									"        pm.expect(responseBody).to.not.match(pattern);",
+									"    });",
+									"});",
+									"",
+									"",
 									""
 								],
 								"type": "text/javascript"
@@ -1062,4 +1157,4 @@
 			"value": ""
 		}
 	]
-}
\ No newline at end of file
+}

From d1dc10e6ebaa4966897c9e780a99a971ae217c93 Mon Sep 17 00:00:00 2001
From: Rashik Adhikari <128124382+rashik1144@users.noreply.github.com>
Date: Tue, 12 Dec 2023 10:34:36 +0545
Subject: [PATCH 2/4] Update BringBack.postman_collection.json

---
 .../BringBack.postman_collection.json         | 47 -------------------
 1 file changed, 47 deletions(-)

diff --git a/dotCMS/src/curl-test/BringBack.postman_collection.json b/dotCMS/src/curl-test/BringBack.postman_collection.json
index 5e4e16371ed2..30f5fe63ca79 100644
--- a/dotCMS/src/curl-test/BringBack.postman_collection.json
+++ b/dotCMS/src/curl-test/BringBack.postman_collection.json
@@ -32,23 +32,6 @@
 									"    pm.collectionVariables.set(\"inode\", jsonData.entity.inode);",
 									"});",
 									"",
-									"// XSS detection test using regular expressions",
-									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
-									"    const responseBody = pm.response.text();",
-									"",
-									"    // Common XSS patterns in regular expressions",
-									"    const xssPatterns = [",
-									"        /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,",
-									"        /on\\w+=\"[^\"]*\"/gi,",
-									"        // Add more patterns as needed",
-									"    ];",
-									"",
-									"    xssPatterns.forEach(function (pattern) {",
-									"        pm.expect(responseBody).to.not.match(pattern);",
-									"    });",
-									"});",
-									"",
-									"",
 									"pm.test(\"Input validation is applied\", function () {",
 									"    pm.expect(pm.response.json().errors).to.not.be.empty; // Assuming errors array is present in case of validation issues",
 									"});",
@@ -440,19 +423,6 @@
 									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
 									"    const responseBody = pm.response.text();",
 									"",
-									"    // Common XSS patterns in regular expressions",
-									"    const xssPatterns = [",
-									"        /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,",
-									"        /on\\w+=\"[^\"]*\"/gi,",
-									"        // Add more patterns as needed",
-									"    ];",
-									"",
-									"    xssPatterns.forEach(function (pattern) {",
-									"        pm.expect(responseBody).to.not.match(pattern);",
-									"    });",
-									"});",
-									"",
-									"",
 									""
 								],
 								"type": "text/javascript"
@@ -787,23 +757,6 @@
 									"    });",
 									"});",
 									"",
-									"// XSS detection test using regular expressions",
-									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
-									"    const responseBody = pm.response.text();",
-									"",
-									"    // Common XSS patterns in regular expressions",
-									"    const xssPatterns = [",
-									"        /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,",
-									"        /on\\w+=\"[^\"]*\"/gi,",
-									"        // Add more patterns as needed",
-									"    ];",
-									"",
-									"    xssPatterns.forEach(function (pattern) {",
-									"        pm.expect(responseBody).to.not.match(pattern);",
-									"    });",
-									"});",
-									"",
-									"",
 									""
 								],
 								"type": "text/javascript"

From cde9c9a2030071178fc8cec1f7162d4f733dcc8d Mon Sep 17 00:00:00 2001
From: Rashik Adhikari <128124382+rashik1144@users.noreply.github.com>
Date: Tue, 12 Dec 2023 21:09:24 +0545
Subject: [PATCH 3/4] Update BringBack.postman_collection.json

---
 dotCMS/src/curl-test/BringBack.postman_collection.json | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/dotCMS/src/curl-test/BringBack.postman_collection.json b/dotCMS/src/curl-test/BringBack.postman_collection.json
index 30f5fe63ca79..fc583b057d8a 100644
--- a/dotCMS/src/curl-test/BringBack.postman_collection.json
+++ b/dotCMS/src/curl-test/BringBack.postman_collection.json
@@ -416,13 +416,8 @@
 									"    pm.expect(jsonData.entity.canRead).to.be.true;",
 									"    pm.expect(jsonData.entity.canWrite).to.be.true;",
 									"    pm.expect(jsonData.entity.canPublish).to.be.true;",
-									"    // Add more checks as needed",
 									"});",
 									"",
-									"// XSS detection test using regular expressions",
-									"pm.test(\"Body does not contain potential XSS patterns\", function () {",
-									"    const responseBody = pm.response.text();",
-									"",
 									""
 								],
 								"type": "text/javascript"

From ac0a52a98dfa45839f3e32efb084d6795c052c94 Mon Sep 17 00:00:00 2001
From: Rashik Adhikari <128124382+rashik1144@users.noreply.github.com>
Date: Thu, 8 Feb 2024 20:07:06 +0545
Subject: [PATCH 4/4] Update BringBack.postman_collection.json

---
 dotCMS/src/curl-test/BringBack.postman_collection.json | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/dotCMS/src/curl-test/BringBack.postman_collection.json b/dotCMS/src/curl-test/BringBack.postman_collection.json
index fc583b057d8a..3d88182e4f4d 100644
--- a/dotCMS/src/curl-test/BringBack.postman_collection.json
+++ b/dotCMS/src/curl-test/BringBack.postman_collection.json
@@ -33,14 +33,9 @@
 									"});",
 									"",
 									"pm.test(\"Input validation is applied\", function () {",
-									"    pm.expect(pm.response.json().errors).to.not.be.empty; // Assuming errors array is present in case of validation issues",
+									"    pm.expect(pm.response.json().errors).to.be.empty; ",
 									"});",
 									"",
-									"pm.test(\"Security headers are present\", function () {",
-									"    pm.expect(pm.response.headers.has(\"Strict-Transport-Security\")).to.be.true;",
-									"    pm.expect(pm.response.headers.has(\"X-Content-Type-Options\")).to.be.true;",
-									"    // Add more security headers as needed",
-									"});",
 									"",
 									""
 								],