Skip to content

Implement getMetadata for remaining Passive scripts #455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 30, 2024
Merged

Implement getMetadata for remaining Passive scripts #455

merged 1 commit into from
Jun 30, 2024

Conversation

ricekot
Copy link
Member

@ricekot ricekot commented Jun 26, 2024

Update the following scripts to implement the getMetadata() function:

  • passive/Server Header Disclosure.js
  • passive/SQL injection detection.js
  • passive/Telerik Using Poor Crypto.js
  • passive/Upload form discovery.js
  • passive/X-Powered-By_header_checker.js

Also update evidence / otherInfo fields for:

  • passive/clacks.js
  • passive/CookieHTTPOnly.js

Part of #440.

kingthorin
kingthorin reviewed Jun 26, 2024
View reviewed changes
passive/SQL injection detection.js Outdated
Comment on lines 75 to 77
let comm;
while ((comm = sqlImpl.regex.exec(body))) {
found.push(comm[0]);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did this come from one of the comment scripts?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If so, think it's worth renaming more meaningfully?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I combined all the individual checks into a single loop. Do you mean renaming the found variable? Maybe foundSqlErrors?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I meant the “comm” array

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ugh I didn't realize how many times this had been copied. Anyway thanks for fixing this one. It seems that people have repeated use of comm[] all over the place 😉

thc202
thc202 reviewed Jun 28, 2024
View reviewed changes
@ricekot ricekot force-pushed the passive-scripts-metadata branch from a14a25f to 1718237 Compare June 29, 2024 11:50
@ricekot
Implement getMetadata for remaining Passive scripts
027f938 
Update the following scripts to implement the `getMetadata()` function:
- passive/Server Header Disclosure.js
- passive/SQL injection detection.js
- passive/Telerik Using Poor Crypto.js
- passive/Upload form discovery.js
- passive/X-Powered-By_header_checker.js

Update evidence / otherInfo fields for:
- passive/clacks.js
- passive/CookieHTTPOnly.js

Don't add "Other instances:" or "Other values:" to otherInfo if there
are none.

Signed-off-by: ricekot <[email protected]>
@ricekot ricekot force-pushed the passive-scripts-metadata branch from 1718237 to 027f938 Compare June 30, 2024 08:56
@thc202
Copy link
Member

thc202 commented Jun 30, 2024

Thank you!

@thc202 thc202 merged commit 6335473 into zaproxy:main Jun 30, 2024
9 checks passed
@ricekot ricekot deleted the passive-scripts-metadata branch July 1, 2024 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thc202 thc202 thc202 approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ricekot @thc202 @kingthorin