add content-type support for application/taxii+json

br01805 commented 1 week ago

Is your feature request related to a problem? Please describe.

Currently when running scans against TAXII servers we are receiving content-type unexpected error. I'm largely assuming this is due to ZAP not supporting content type application/taxii+json

Describe the solution you'd like

If possible could you all add "application/taxii+json" to the content-type expected list

Describe alternatives you've considered

There are no alternatives

Screenshots

No response

Additional context

No response

Would you like to help fix this issue?

[ ] Yes

kingthorin commented 1 week ago

For my two cents this is as expected. The number of ZAP users scanning a TAXII or STIX service is VERY low (IMO).

The proper way to handle this not being applicable for you is:

Using Alert filters.
Using a scan hook (if you're using packaged scans).
Roll your own docker image that doesn't include the script in question.

thc202 commented 1 week ago

We have talked in the past about making the check more lenient for JSON content-types e.g. https://github.com/zaproxy/zaproxy/pull/7721#pullrequestreview-1284843600

kingthorin commented 1 week ago

Okay; I could look at doing that.

zaproxy / zaproxy