search

SasanLabs / owasp-zap-fileupload-addon

OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
Apache License 2.0
22 stars 6 forks source link

Skip Scan Rule when configuration missing #8

Closed preetkaran20 closed 3 years ago

preetkaran20 commented 3 years ago

Describe the bug Currently, we skip the scan rule if any of the configurations for file upload are not set. But we are not indicating the reason for skipping the scan rule. Look at: https://github.com/SasanLabs/owasp-zap-fileupload-addon/pull/7#discussion_r692341701 for more information.

thc202 commented 3 years ago

The rule is not being skipped yet, it's running for all messages (just not attacking them).

preetkaran20 commented 3 years ago

oh ok, but that should not be an issue as it is not firing any extra requests.

thc202 commented 3 years ago

It's an issue in that it still does unnecessary work (e.g. checking/parsing all messages).

The issue title should be tweaked to something like "Skip Scan Rule when configuration missing".

preetkaran20 commented 3 years ago

oh ok sure.

thanks

preetkaran20 commented 3 years ago

Following PR https://github.com/SasanLabs/owasp-zap-fileupload-addon/pull/10 will address this issue.

preetkaran20 commented 3 years ago

handled in https://github.com/SasanLabs/owasp-zap-fileupload-addon/releases/tag/1.1.0