zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

ascanrules: Reflected XSS introduce param object

Open kingthorin opened this issue 6 months ago • 2 comments

Overview

To facilitate further modifications and refactoring.

  • CHANGELOG > Added maintenance note.
  • CrossSiteScriptingScanRule > Introduce and leverage new param object.
  • HtmlContextAnalyser > Throw an exception if the target param is empty as that leads to an infinite loop.

Related Issues

  • https://github.com/zaproxy/zap-extensions/pull/3838

Checklist

  • [ ] Update help
  • [x] Update changelog
  • [x] Run ./gradlew spotlessApply for code formatting
  • [ ] Write tests
  • [x] Check code coverage
  • [x] Sign-off commits
  • [x] Squash commits
  • [x] Use a descriptive title

kingthorin avatar Jun 02 '25 13:06 kingthorin

Logo Checkmarx One – Scan Summary & Detailsba1b1224-6458-4a38-93f2-dd8e3ff46a31

Great job! No new security vulnerabilities introduced in this pull request

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

psiinon avatar Jun 02 '25 14:06 psiinon

Added "clean code" commit. It removes an unused param in two methods in the rule, and returns an object directly skipping an intermediate store in the unit tests.

kingthorin avatar Jun 05 '25 12:06 kingthorin

Verified that the additional tests in zaproxy/zap-extensions#6638 also work here. I know this still requires attention, just making note.

kingthorin avatar Aug 07 '25 14:08 kingthorin