Update rules to use alert refs

zaproxy / zaproxy

The ZAP core project

https://www.zaproxy.org

Apache License 2.0

12.32k stars 2.21k forks source link

Update rules to use alert refs #7100

Open psiinon opened 2 years ago

psiinon commented 2 years ago

Rules with multiple examples

[x] 10020/ https://github.com/zaproxy/zap-extensions/pull/3608
[x] 10032/ https://github.com/zaproxy/zap-extensions/pull/3608
[x] 40040/
[x] 90004/

Rules which should have multiple examples

[x] 10055/ https://github.com/zaproxy/zap-extensions/pull/3604
[ ] 40018/
[ ] 40022/
[ ] 90018/
[x] 90020/ https://github.com/zaproxy/zap-extensions/pull/5181
[ ] 90028/
[ ] tba - any more?

Additional tasks

[ ] Change script which generates the alert pages to use the alert refs

sgerlach commented 2 years ago

90018: in fact, this one needs a break, multiple alerts are raised from this rule in a run. 40022: This one I think has two tests (exception, timing) but raises one alert and for some reason has a dynamic name...

kingthorin commented 2 years ago

90018 I'm not sure about breaking, it could very well detect multiple SQLi. :shrug: 40022 only does time based but you're right the name handling doesn't respect i18n and statically appends :cry:

psiinon commented 2 years ago

Added to the list. Although I've assigned myself to this issue v happy to have more help if anyone fancies jumping in...

sgerlach commented 2 years ago

90028 Should be added here. Adds the method to the Title.