From 82803e113a192fc1424c3d5e5ceaa42189d67734 Mon Sep 17 00:00:00 2001 From: Simon Bennetts Date: Thu, 2 May 2024 17:30:53 +0100 Subject: [PATCH] Scripts: Support for code and help links for script scan rules Signed-off-by: Simon Bennetts --- addOns/commonlib/CHANGELOG.md | 2 ++ .../commonlib/scanrules/ScanRuleMetadata.java | 18 ++++++++++++++++++ .../scanrules/ScanRuleMetadataUnitTest.java | 6 +++++- addOns/scripts/CHANGELOG.md | 3 +++ .../scanrules/ActiveScriptScanRule.java | 8 ++++++++ .../scanrules/PassiveScriptScanRule.java | 8 ++++++++ 6 files changed, 44 insertions(+), 1 deletion(-) diff --git a/addOns/commonlib/CHANGELOG.md b/addOns/commonlib/CHANGELOG.md index 76fb29696a7..428cf66554c 100644 --- a/addOns/commonlib/CHANGELOG.md +++ b/addOns/commonlib/CHANGELOG.md @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Added +- Support for code and help links for script scan rules. ### Changed - Maintenance changes. diff --git a/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadata.java b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadata.java index f2aff47bb6b..f20fd6c71cf 100644 --- a/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadata.java +++ b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadata.java @@ -54,6 +54,8 @@ public class ScanRuleMetadata { private Map alertTags; private String otherInfo; private AddOn.Status status = AddOn.Status.unknown; + private String codeLink; + private String helpLink; // Required for Jackson YAML deserialization private ScanRuleMetadata() {} @@ -168,6 +170,22 @@ public void setStatus(AddOn.Status status) { this.status = status; } + public String getCodeLink() { + return codeLink; + } + + public void setCodeLink(String codeLink) { + this.codeLink = codeLink; + } + + public String getHelpLink() { + return helpLink; + } + + public void setHelpLink(String helpLink) { + this.helpLink = helpLink; + } + public static ScanRuleMetadata fromYaml(String yaml) { ScanRuleMetadata metadata; try { diff --git a/addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadataUnitTest.java b/addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadataUnitTest.java index 558798b2b93..6a7423a341d 100644 --- a/addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadataUnitTest.java +++ b/addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/scanrules/ScanRuleMetadataUnitTest.java @@ -60,7 +60,9 @@ void shouldParseMetadataYaml() { + " name1: value1\n" + " name2: value2\n" + "otherInfo: Any other Info\n" - + "status: alpha"; + + "status: alpha" + + "codeLink: https://www.example.com/codelink" + + "helpLink: https://www.example.com/helplink"; // When var metadata = ScanRuleMetadata.fromYaml(yaml); // Then @@ -78,6 +80,8 @@ void shouldParseMetadataYaml() { metadata.getAlertTags(), is(equalTo(Map.of("name1", "value1", "name2", "value2")))); assertThat(metadata.getOtherInfo(), is(equalTo("Any other Info"))); assertThat(metadata.getStatus(), is(equalTo(AddOn.Status.alpha))); + assertThat(metadata.getCodeLink(), is(equalTo("https://www.example.com/codelink"))); + assertThat(metadata.getHelpLink(), is(equalTo("https://www.example.com/helplink"))); } @Test diff --git a/addOns/scripts/CHANGELOG.md b/addOns/scripts/CHANGELOG.md index a1489e68509..2a1af771ff2 100644 --- a/addOns/scripts/CHANGELOG.md +++ b/addOns/scripts/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Added +- Support for code and help links for script scan rules. + ### Changed - Allow to set raw parameter values from Active Rules, by calling `as.setEscapedParam(HttpMessage msg, String param, String value)`. diff --git a/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/ActiveScriptScanRule.java b/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/ActiveScriptScanRule.java index d002f2a7ff4..83d21184185 100644 --- a/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/ActiveScriptScanRule.java +++ b/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/ActiveScriptScanRule.java @@ -237,6 +237,14 @@ public boolean isEnabled() { return script.isEnabled(); } + public String getCodeLink() { + return metadata.getCodeLink(); + } + + public String getHelpLink() { + return metadata.getHelpLink(); + } + private ExtensionScript getExtScript() { if (extScript == null) { extScript = diff --git a/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/PassiveScriptScanRule.java b/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/PassiveScriptScanRule.java index b05d0a678ce..84397544bba 100644 --- a/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/PassiveScriptScanRule.java +++ b/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/PassiveScriptScanRule.java @@ -120,6 +120,14 @@ public boolean isEnabled() { return script.isEnabled(); } + public String getCodeLink() { + return metadata.getCodeLink(); + } + + public String getHelpLink() { + return metadata.getHelpLink(); + } + @Override public List getExampleAlerts() { return List.of(newAlert().build());