zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard
verified publisher icon zaproxy

ascanrules: XPath Injection add Custom Payloads support

Open kingthorin opened this issue 10 months ago • 3 comments

Overview

ascanrules

  • CHANGELOG > Add change note.
  • ExtensionPayloader > Add appropriate hooks etc.
  • ExtensionPayloaderUnitTest > Assert hook/unload behavior, add functional tests.
  • ascanrules.html > Update help entry.
  • XpathInjectionScanRule > Update functionality to support Custom Payloads.

custompayloads:

  • CHANGELOG > Add note.
  • PayloadCategory > Add support for adding payloads which are initially disabled.

Related Issues

  • Fixes zaproxy/zaproxy#8958 - Confirmed working given the PoC in the ticket.
  • Related to zaproxy/zaproxy#5708

Checklist

  • [x] Update help
  • [x] Update changelog
  • [x] Run ./gradlew spotlessApply for code formatting
  • [x] Write tests
  • [x] Check code coverage
  • [x] Sign-off commits
  • [x] Squash commits
  • [x] Use a descriptive title

kingthorin avatar May 25 '25 23:05 kingthorin

Logo Checkmarx One – Scan Summary & Details7136a8b1-645a-43b8-b127-fa0574004ce7

Great job! No new security vulnerabilities introduced in this pull request

psiinon avatar May 26 '25 00:05 psiinon

Fixed two items, still needs tests.

kingthorin avatar Jun 03 '25 10:06 kingthorin

Added tests, and custom payloads alert tag.

kingthorin avatar Jun 04 '25 15:06 kingthorin

Done and done, rebased, and deconflicted.

kingthorin avatar Jul 29 '25 10:07 kingthorin

This is still pending https://github.com/zaproxy/zap-extensions/pull/6465#discussion_r2238802710

thc202 avatar Jul 29 '25 11:07 thc202

Okay, changelog re-fixed, and other/earlier comment addressed.

kingthorin avatar Jul 29 '25 11:07 kingthorin

Thank you!

thc202 avatar Jul 29 '25 12:07 thc202

Yay, thanks!

kingthorin avatar Jul 29 '25 13:07 kingthorin