zaproxy
pscanrules: improve suspicious comments context
Description
This PR improves the InformationDisclosureSuspiciousCommentsScanRule so that alerts include meaningful context instead of reporting only the matched keyword (for example, "from").
Previously, the rule extracted only the suspicious keyword, which made the alert evidence difficult to understand. This change updates the pattern used for detection to include up to 100 characters of surrounding comment text before the keyword, providing clearer and more useful evidence.
Changes
- Updated the payload matching pattern to capture contextual comment content
- Preserved existing detection logic and payload list
- Improved alert evidence readability without increasing false positives
Related Issue
Fixes the issue where suspicious comments report only the keyword instead of surrounding context.
I have read the CLA Document and I hereby sign the CLA
Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.
I have read the CLA Document and I hereby sign the CLA
Posted by the CLA Assistant Lite bot.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
You need to post a new comment for https://github.com/zaproxy/zap-extensions/pull/6989#issuecomment-3647862653 not edit the PR description.
Checkmarx One – Scan Summary & Details – 87f81eb2-1a4f-4149-b0b1-ce4b68dcd700
Great job! No new security vulnerabilities introduced in this pull request
Use @Checkmarx to reach out to us for assistance.
Just send a PR comment with @Checkmarx followed by a natural language request.
Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR
