MadhuMadhavanSridhar
commented
3 years ago Hey preetkaran20 Good day! Can I work on this?
Open preetkaran20 opened 3 years ago
MadhuMadhavanSridhar
commented
3 years ago Hey preetkaran20 Good day! Can I work on this?
preetkaran20
commented
3 years ago Hi @MadhuMadhavanSridhar ,
Yeah sure you can pick this enhancement. However it requires the the framework change. Please go through it and if you have a good idea then it will be great.
thanks, Karan
preetkaran20
commented
3 years ago @MadhuMadhavanSridhar Please go through following links:
Also once you setup the VulnerableApp in your local dev environment then you need to navigate to XSS vulnerability , fill some details and then do the action, you will see that information is sent in query param and then same information can be sent in path param too, right ? so this issue is to send that information in path param.
Above i had mentioned that it requires framework changes, that is because the way we build the URL it is something like /<VulnerabilityType>/<Level> and this is how we understand the exact controller method but this entire url is build out of the box using our custom annotations like VulnerableRestController etc and hence Path params are not easy to handle.
Please let me know in case you require more information.
thanks, Karan
Is your feature request related to a problem? Please describe. There is one usecase we got from the https://github.com/zaproxy/zap-extensions/pull/2443 where untrusted input is part of Path Param so we need to add such usecase too as such usecases are tricky to handle for scanners and can be a important for them.
Describe the solution you'd like Go to https://github.com/SasanLabs/VulnerableApp/tree/master/src/main/java/org/sasanlabs/service/vulnerability/xss/persistent and add a new method which depends on the path param instead of query param for comments.