zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

ascanrules: fix false positive in cloud metadata

Open alessiodallapiazza opened this issue 1 year ago • 3 comments
trafficstars

Overview

This pull request fixes the issue of false positives in the CloudMetadataScanRule plugin. The condition for raising an alert has been improved by adding a method to specifically check for both "ami-id" and "ami-launch-index" in the response body.

Fixes zaproxy/zaproxy#8514

alessiodallapiazza avatar Sep 17 '24 07:09 alessiodallapiazza

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

github-actions[bot] avatar Sep 17 '24 07:09 github-actions[bot]

I have read the CLA Document and I hereby sign the CLA

alessiodallapiazza avatar Sep 17 '24 07:09 alessiodallapiazza

Changelog should be updated and tests added.

thc202 avatar Sep 17 '24 07:09 thc202

Rebased to address the conflicts and adjust the changelog (move fix entry to latest version).

thc202 avatar Dec 24 '24 14:12 thc202

Thank you!

thc202 avatar Dec 24 '24 14:12 thc202

Logo Checkmarx One – Scan Summary & Detailsfb09240f-e0b0-40f5-9dc5-3b9ce8409363

No New Or Fixed Issues Found

psiinon avatar Dec 24 '24 15:12 psiinon