Tweaks for the ZAP Extension

kingthorin commented 6 years ago

RetireJsScannerPlugin > Reduced logging. Previous implementation was really "chatty".
ZapIssueCreator > Aligned with https://github.com/h3xstream/burp-retire-js/pull/35 producing alert names like "Vulnerable version of the library 'jquery' found". (Fixes h3xstream/burp-retire-js#30). Also addressed some deprecation.

I have other changes in mind (like leveraging the Messages.properties file), and populating the evidence field (I can see how to get the regex from lib, but couldn't figure out how to get the match without re-analyzing the response. Any hints?)

kingthorin commented 6 years ago

@h3xstream look ok?

kingthorin commented 6 years ago

@h3xstream anything I can do to help move this?

h3xstream commented 6 years ago

@kingthorin Everything looks good! (I just have too many Github notifications.)

kingthorin commented 6 years ago

Thanks!

kingthorin commented 6 years ago

@h3xstream I know you're a busy guy, but if you have any input on this:

I have other changes in mind (like leveraging the Messages.properties file), and populating the evidence field (I can see how to get the regex from lib, but couldn't figure out how to get the match without re-analyzing the response. Any hints?)

I'd be glad to make a few more contributions.

h3xstream / burp-retire-js

Tweaks for the ZAP Extension #40