Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement getMetadata for active JS scripts #442

Merged
merged 1 commit into from
May 9, 2024

Conversation

ricekot
Copy link
Member

@ricekot ricekot commented Apr 14, 2024

Part of #440.

Also add relevant alert tags and assign categories. The scan rule IDs for these scripts were taken from the scanners.md file.

The status of these scripts has been set to alpha since community-scripts is an alpha add-on.

@kingthorin
Copy link
Member

FYI I haven't forgotten this. I did go through a number and they seemed fine. I'll try to finish a review in the next few days.

@psiinon
Copy link
Member

psiinon commented Apr 29, 2024

image

Looks pretty good 😁
Can we add meta data so we can link to the script source code? This might require code changes of course.
If it does then maybe also change to be able to report the alert type?
It would be better if it was "Alert Script" in this case

@kingthorin
Copy link
Member

kingthorin commented Apr 29, 2024

Can't we use getHelpLink like the other ascan rules? (I mean it'd have to be implemented but I don't see why it can't be similar)

Also should we have write-ups of these in the add-on help like we do for ascan/pascan java rules? (I have mixed feelings: Part of me says yes for consistency, part of me says no because that's just one more thing to maintain.)

@kingthorin
Copy link
Member

I finally got to read through all of them, seems fine to me. Are there further changes/tweaks coming or shall I go ahead and approve?

Copy link
Member

@kingthorin kingthorin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

active/Cross Site WebSocket Hijacking.js Outdated Show resolved Hide resolved
active/JWT None Exploit.js Outdated Show resolved Hide resolved
active/JWT None Exploit.js Outdated Show resolved Hide resolved
active/gof_lite.js Outdated Show resolved Hide resolved
@ricekot ricekot force-pushed the active-scripts-metadata branch from ca7ac93 to 0b19eaa Compare May 7, 2024 10:36
@thc202
Copy link
Member

thc202 commented May 8, 2024

Thank you!

@thc202
Copy link
Member

thc202 commented May 8, 2024

@psiinon do you want to check this again?

@psiinon psiinon merged commit b360c52 into zaproxy:main May 9, 2024
8 checks passed
@ricekot ricekot deleted the active-scripts-metadata branch May 10, 2024 05:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants