Scripts: Support for code and help links for script scan rules

Signed-off-by: Simon Bennetts <[email protected]>

addOns/commonlib/CHANGELOG.md

@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Added
+- Support for code and help links for script scan rules.
 ### Changed
 - Maintenance changes.
 

addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadata.java

@@ -54,6 +54,8 @@ public class ScanRuleMetadata {
     private Map<String, String> alertTags;
     private String otherInfo;
     private AddOn.Status status = AddOn.Status.unknown;
+    private String codeLink;
+    private String helpLink;
 
     // Required for Jackson YAML deserialization
     private ScanRuleMetadata() {}
@@ -168,6 +170,22 @@ public void setStatus(AddOn.Status status) {
         this.status = status;
     }
 
+    public String getCodeLink() {
+        return codeLink;
+    }
+
+    public void setCodeLink(String codeLink) {
+        this.codeLink = codeLink;
+    }
+
+    public String getHelpLink() {
+        return helpLink;
+    }
+
+    public void setHelpLink(String helpLink) {
+        this.helpLink = helpLink;
+    }
+
     public static ScanRuleMetadata fromYaml(String yaml) {
         ScanRuleMetadata metadata;
         try {

addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadataUnitTest.java

@@ -60,7 +60,9 @@ void shouldParseMetadataYaml() {
                         + "  name1: value1\n"
                         + "  name2: value2\n"
                         + "otherInfo: Any other Info\n"
-                        + "status: alpha";
+                        + "status: alpha"
+                        + "codeLink: https://www.example.com/codelink"
+                        + "helpLink: https://www.example.com/helplink";
         // When
         var metadata = ScanRuleMetadata.fromYaml(yaml);
         // Then
@@ -78,6 +80,8 @@ void shouldParseMetadataYaml() {
                 metadata.getAlertTags(), is(equalTo(Map.of("name1", "value1", "name2", "value2"))));
         assertThat(metadata.getOtherInfo(), is(equalTo("Any other Info")));
         assertThat(metadata.getStatus(), is(equalTo(AddOn.Status.alpha)));
+        assertThat(metadata.getCodeLink(), is(equalTo("https://www.example.com/codelink")));
+        assertThat(metadata.getHelpLink(), is(equalTo("https://www.example.com/helplink")));
     }
 
     @Test

addOns/scripts/CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
+### Added
+- Support for code and help links for script scan rules.
+
 ### Changed
 - Allow to set raw parameter values from Active Rules, by calling `as.setEscapedParam(HttpMessage msg, String param, String value)`.
 

addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/ActiveScriptScanRule.java

@@ -237,6 +237,14 @@ public boolean isEnabled() {
         return script.isEnabled();
     }
 
+    public String getCodeLink() {
+        return metadata.getCodeLink();
+    }
+
+    public String getHelpLink() {
+        return metadata.getHelpLink();
+    }
+
     private ExtensionScript getExtScript() {
         if (extScript == null) {
             extScript =

addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/PassiveScriptScanRule.java

@@ -120,6 +120,14 @@ public boolean isEnabled() {
         return script.isEnabled();
     }
 
+    public String getCodeLink() {
+        return metadata.getCodeLink();
+    }
+
+    public String getHelpLink() {
+        return metadata.getHelpLink();
+    }
+
     @Override
     public List<Alert> getExampleAlerts() {
         return List.of(newAlert().build());