ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

Incorrect Mandatory Parameters for actions setScannerAlertThreshold and setPolicyAlertThreshold #1559

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Access http://zap/UI/ascan/ thru browser and navigate to Actions section.
2. Look for the actions "setPolicyAlertThreshold" and "setPolicyAlertThreshold".
3. Both these actions should have mandatory parameter "alertThreshold" instead 
of "attackStrength".

What is the expected output? What do you see instead?
Expected:
Mandatory parameters for actions "setPolicyAlertThreshold" and 
"setPolicyAlertThreshold" should be:
id
alertThreshold

Actual:
Mandatory parameters for actions "setPolicyAlertThreshold" and 
"setPolicyAlertThreshold" are:
id
attackStrength

What version of the product are you using? On what operating system?
Version: Latest Weekly build ZAP_WEEKLY_D-2015-03-09
OS: Linux

Please provide any additional information below.
Looking at source code in SVN trunk branch, this bug was introduced on 
11/20/14, as part of the fix for Issue 1412 in the class 
org.zaproxy.zap.extension.ascan.ActiveScanAPI.

Following lines from the constructor in the fore mentioned class should be 
changed to use PARAM_ALERT_THRESHOLD instead of PARAM_ATTACK_STRENGTH.

this.addApiAction(new ApiAction(ACTION_SET_POLICY_ALERT_THRESHOLD, 
                new String[] { PARAM_ID, PARAM_ATTACK_STRENGTH }, new String[] {PARAM_SCAN_POLICY_NAME}));

this.addApiAction(new ApiAction(ACTION_SET_SCANNER_ALERT_THRESHOLD, 
                new String[] { PARAM_ID, PARAM_ATTACK_STRENGTH }, new String[] {PARAM_SCAN_POLICY_NAME}));

Note: I just started using ZAProxy and have downloaded the source code today to 
find out the issue I'm seeing. I would be happy to fix this issue, however, I 
don't want to jump right away into it without going thru the process mentioned 
in https://code.google.com/p/zaproxy/wiki/Development.

Original issue reported on code.google.com by dmet...@gmail.com on 11 Mar 2015 at 1:07

GoogleCodeExporter commented 9 years ago
You are right - my bad!
I'd be very happy for you to fix this, in both the trunk and 2.4 branch.
Can you email me your Google Account address (psiinon at gmail.com) - for some 
reason the Google captcha which should allow me to see it keeps failing for me 
:/
Many thanks!

Original comment by psii...@gmail.com on 11 Mar 2015 at 10:33

GoogleCodeExporter commented 9 years ago
Ah, got it :)
You should have commit access now?

Original comment by psii...@gmail.com on 11 Mar 2015 at 10:51

GoogleCodeExporter commented 9 years ago
I can see the commit access. Thank you!

Looking forward for the fix.

Original comment by dmet...@gmail.com on 11 Mar 2015 at 5:00

GoogleCodeExporter commented 9 years ago
Sent the changes for code review.

Original comment by dmet...@gmail.com on 12 Mar 2015 at 12:53

Attachments:

GoogleCodeExporter commented 9 years ago
The changes were already committed, marking as "Fixed" since it didn't affect 
main releases.

Original comment by THC...@gmail.com on 14 Apr 2015 at 9:44