Skip to content

Add "policy" related tags to passive scan rules #6325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 3, 2025
Merged

Add "policy" related tags to passive scan rules #6325

merged 1 commit into from
Apr 3, 2025

Conversation

kingthorin
Copy link
Member

Overview

  • CHANGELOGs > Added notes.
  • Rules > Added/Updated Alert Tags.
  • UnitTests > Added/updated tests asserting the tag set.
  • Build files > Updated commonlib dependency version.

Related Issues

N/A

Checklist

  • Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

@thc202 thc202 changed the title various release add-ons: Add "policy" related tags Add "policy" related tags to passive scan rules Apr 1, 2025
@psiinon
Copy link
Member

psiinon commented Apr 1, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsc8c9d6c0-2577-4f37-8dd0-c159a45e87b4

Great job, no security vulnerabilities found in this Pull Request

@kingthorin kingthorin force-pushed the pscan-tags branch 2 times, most recently from b5b2fb6 to d681e8f Compare April 2, 2025 13:26
@kingthorin
Copy link
Member Author

Deconflicted.

Double checked using the shared sheet and:

Stand Alone Script 
extPscan = control
  .getExtensionLoader()
  .getExtension(org.zaproxy.addon.pscan.ExtensionPassiveScan2.NAME);

plugins = extPscan.getPassiveScannersManager().getScanRules();

for (var i = 0; i < plugins.length; i++) {
  try {
    var tags;
        if (plugins[i].getAlertTags() == null) {
            tags = "[]";
        } else {
             tags = plugins[i].getAlertTags().keySet();
        }
    print(
      plugins[i].getPluginId() +
        "\t" +
        plugins[i].getName() +
        "\t" +
        plugins[i].getStatus() +
        "\t" +
        plugins[i].getClass().getSimpleName() +
        "\t" + tags
    );
  } catch (e) {
    print(e);
  }
}

Regex removal in Notepad++:
WSTG-v\d\d-\w\w\w\w-\d\d,? ?
OWASP_20\d\d_A\d\d,? ?

This was referenced Apr 2, 2025
Merged
Merged
@kingthorin kingthorin force-pushed the pscan-tags branch 2 times, most recently from 6157268 to 4ce1f5b Compare April 2, 2025 15:34
@kingthorin kingthorin force-pushed the pscan-tags branch 3 times, most recently from c151c44 to f89555c Compare April 3, 2025 11:47
thc202
thc202 reviewed Apr 3, 2025
View reviewed changes
@kingthorin
Add "policy" related tags to passive scan rules
aefbc06 
- CHANGELOGs > Added notes.
- Rules > Added/Updated Alert Tags.
- UnitTests > Added/updated tests asserting the tag set.
- Build files > Updated commonlib dependency version.

Signed-off-by: kingthorin <[email protected]>
@kingthorin
Copy link
Member Author

Got all those.

@thc202
Copy link
Member

thc202 commented Apr 3, 2025

Thank you!

@kingthorin kingthorin requested a review from psiinon April 3, 2025 17:04
@psiinon psiinon enabled auto-merge April 3, 2025 17:06
@psiinon psiinon merged commit f3c3334 into zaproxy:main Apr 3, 2025
8 of 9 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Apr 3, 2025
@kingthorin kingthorin deleted the pscan-tags branch April 3, 2025 17:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@psiinon psiinon psiinon approved these changes

@thc202 thc202 thc202 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kingthorin @psiinon @thc202