zap-extensions icon indicating copy to clipboard operation
zap-extensions copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

authhelper: auth tester recorded script support

Open psiinon opened this issue 5 months ago • 3 comments

Overview

As per title

Related Issues

Checklist

  • [x] Update help
  • [x] Update changelog
  • [x] Run ./gradlew spotlessApply for code formatting
  • [ ] Write tests
  • [ ] Check code coverage
  • [x] Sign-off commits
  • [x] Squash commits
  • [x] Use a descriptive title

For more details, please refer to the developer rules and guidelines.

psiinon avatar Jun 20 '25 13:06 psiinon

1st item on checklist - Update Help opps 😛 Will add that soon..

psiinon avatar Jun 20 '25 13:06 psiinon

Help added

psiinon avatar Jun 20 '25 14:06 psiinon

Logo Checkmarx One – Scan Summary & Details97dcb7d8-4b5a-4b72-80cf-f8b90a6cb491

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Use_Of_Hardcoded_Password /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestAuthenticationRunner.java: 64
detailsThe application uses the hard-coded password PASSWORD for authentication purposes, either using it to verify users' identities, or to access anoth...
ID: atCyvEBdIHIXTFZfXUh2F6WGL5g%3D
Attack Vector
Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM ~~Use_Of_Hardcoded_Password~~ /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/AuthenticationBrowserHook.java: 45
MEDIUM ~~Use_Of_Hardcoded_Password~~ /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestAuthenticationRunner.java: 64

psiinon avatar Jun 20 '25 15:06 psiinon

Thank you!

thc202 avatar Jul 02 '25 11:07 thc202

@kingthorin look ok now?

psiinon avatar Jul 02 '25 11:07 psiinon