Josh Soref

SourceCodeDisclosureFileInclusionScanRule should not mix `4xx` responses with `200` responses when performing analysis

4

### Describe the bug: https://github.com/zaproxy/zap-extensions/blob/2e441bfb3d068fed7fd790f33b23e1b80aae6823/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRule.java#L240-L247 does some magic where it sends two requests, a baseline and an attack. Immediately after doing that, it **should** compare the HTTP response codes. If...

### Describe the bug: https://github.com/zaproxy/zap-extensions/blob/2e441bfb3d068fed7fd790f33b23e1b80aae6823/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java#L68-L85 includes `FROM` https://github.com/zaproxy/zap-extensions/blob/2e441bfb3d068fed7fd790f33b23e1b80aae6823/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java#L93 looks for `//` followed by any number of characters And then it looks for the combination of the `//`, **any** number of...

### Describe the bug: The https://www.zaproxy.org/docs/alerts/40040-3/ rule for https://github.com/zaproxy/zap-extensions/blob/2e441bfb3d068fed7fd790f33b23e1b80aae6823/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CorsScanRule.java#L121-L122 makes a strong claim: > Even if this misconfiguration doesn’t allow authenticated AJAX requests, unauthenticated sensitive content can still be accessed...

News about latest release might be misleading when latest released version already in use

3

### Is your feature request related to a problem? Please describe. I open ZAP rarely, when I did today, I saw: The `ZAP 2.16.1 is available now` bit reads to...

Pause button for Attack Mode Scanner is disabled

2

### Describe the bug: ### Steps to reproduce the behavior: 1. Create a new scan 2. Do whatever steps are necessary to trigger an attack mode scan (I don't really...

### Is your feature request related to a problem? Please describe. I'm watching the attack mode scanner run and it runs pretty fast, I'd like to see some of the...

https://github.com/check-spelling-sandbox/osf.io/actions/runs/18598217482 (based on https://github.com/check-spelling-sandbox/osf.io/commits/6565a49957be7026e44e80f8321246fc1eaddca0 which is 0ac8740d0eeededc8439e1084ff06abeaa53aa15 + a number of changes that will not impact this code): ``` tests.identifiers.test_datacite.TestDataCiteClient ❌ test_datacite_format_related_resources django.core.exceptions.ValidationError: {'article_doi': ['"publication" is not a valid DOI']}...

Make links accessible

5

# Description Replace `(click) here` links For more information, see: * https://www.w3.org/QA/Tips/noClickHere * https://webaim.org/techniques/hypertext/link_text * https://granicus.com/blog/why-click-here-links-are-bad/ * https://heyoka.medium.com/dont-use-click-here-f32f445d1021 ## Readiness checklist - [ ] I added/updated unit tests (and they...

Replace `apt-key`

1

# Description Replace `apt-key` (and fix `build/ferretdb-bw/Dockerfile` to build...) ## Readiness checklist - [ ] I added/updated unit tests (and they pass). - [ ] I added/updated integration/compatibility tests (and...

Fix spelling

4

# Description This PR corrects misspellings identified by the [check-spelling action](https://github.com/marketplace/actions/check-spelling) The misspellings have been reported at https://github.com/jsoref/FerretDB/actions/runs/17525203903/attempts/1#summary-49774654284 The action reports that the changes in this PR would make it...