zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

pscanrules: Address Suspicious Comments rule JS FPs

Open kingthorin opened this issue 4 months ago • 2 comments

Overview

  • CHANGELOG > Added fix note.
  • InformationDisclosureSuspiciousCommentsScanRule > Updated handling to target comments in JavaScript more specifically.
  • InformationDisclosureSuspiciousCommentsScanRuleUnitTest b> Updated and added tests.
  • Messages.properties > Updated to detail/report the findings more specifically based on the new behavior.
  • pscanrules.html > Correct occurrence of "add-on" (vs addon).

Note: The regexes used for JS comments are based on https://github.com/antlr/grammars-v4/blob/c82c128d980f4ce46fb3536f87b06b45b9619922/javascript/javascript/JavaScriptLexer.g4#L49-L50

Related Issues

  • Fixes zaproxy/zaproxy#6622
  • Fixes zaproxy/zaproxy#6736

Checklist

  • [x] Update help
  • [x] Update changelog
  • [x] Run ./gradlew spotlessApply for code formatting
  • [x] Write tests
  • [x] Check code coverage
  • [x] Sign-off commits
  • [x] Squash commits
  • [x] Use a descriptive title

kingthorin avatar Oct 13 '24 02:10 kingthorin