pethers
commented
3 years ago api-scan docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -a -f openapi -g api-scan.txt -t petstore.json (rules api-scan.txt)
Closed pethers closed 3 years ago
pethers
commented
3 years ago api-scan docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -a -f openapi -g api-scan.txt -t petstore.json (rules api-scan.txt)
pethers
commented
3 years ago 121 unique rules included in baseline-scan.txt and api-scan.txt(unique id:s, naming suffix different in some cases) . 140 rules currently at https://www.zaproxy.org/docs/alerts/ .
Currently 52 rules defined in this plugin, example https://www.hack23.com/sonar/profiles/show?language=zap&name=ZAP
pethers
commented
3 years ago Missing data at zap page, https://github.com/zaproxy/zaproxy-website/pull/279
Started to scrape meta data required at https://github.com/pethers/zap-sonar-plugin/blob/main/src/test/java/org/sonar/zaproxy/rule/ZapRuleMissingTest.java
pethers
commented
3 years ago Still missing
20012 (Anti-CSRF Tokens Check) 20014 (HTTP Parameter Pollution) 20015 (Heartbleed OpenSSL Vulnerability) 20016 (Cross-Domain Misconfiguration) 20017 (Source Code Disclosure - CVE-2012-1823) 20018 (Remote Code Execution - CVE-2012-1823)
30001 (Buffer Overflow) 30003 (Integer Overflow Error) 40013 (Session Fixation) 40019 (SQL Injection - MySQL) 40020 (SQL Injection - Hypersonic SQL) 40021 (SQL Injection - Oracle) 40022 (SQL Injection - PostgreSQL) 40023 (Possible Username Enumeration) 40024 (SQL Injection - SQLite)
40025 (Proxy Disclosure) 40026 (Cross Site Scripting (DOM Based)) 40027 (SQL Injection - MsSQL) 40028 (ELMAH Information Leak) 40032 (.htaccess Information Leak) 40034 (.env Information Leak) 40035 (Hidden File Finder)
90002 (Java Serialization Object) 90003 (Sub Resource Integrity Attribute Missing) 90004 (Insufficient Site Isolation Against Spectre Vulnerability) 90017 (XSLT Injection)
90021 (XPath Injection) 90023 (XML External Entity Attack) 90024 (Generic Padding Oracle) 90025 (Expression Language Injection) 90027 (Cookie Slack Detector) 90028 (Insecure HTTP Method) 90034 (Cloud Metadata Potentially Exposed)
pethers
commented
3 years ago Currently 125 rules implemented at https://www.hack23.com/sonar/profiles/show?language=zap&name=ZAP
Should contain all rules currently included in baseline scan
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-baseline.py -j -a -t TARGET_HOST (including alpha rules, add -g baseline-scan.txt to generate list of rules)
and api baseline scan
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -a -f openapi -t petstore.json (including alpha rules, add -g api-scan.txt to generate list of rules)
The current rules defined in https://github.com/OtherDevOpsGene/zap-sonar-plugin/blob/main/src/main/resources/org/sonar/zaproxy/rules.xml do not include all from https://www.zaproxy.org/docs/alerts/ .
Need to include at least the rules used by https://www.zaproxy.org/docs/docker/baseline-scan/ and https://www.zaproxy.org/docs/docker/api-scan/
Below command will generate a rules list used for baseline scan docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-baseline.py -j -a -g baseline-scan.txt -t TARGET_HOST (rules baseline-scan.txt