zaproxy icon indicating copy to clipboard operation
zaproxy copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

Incomplete report for template Risk and Confidence HTML

Open GunoH opened this issue 4 months ago • 14 comments

Describe the bug

When generating a report using the template Risk and Confidence HTML, with all Sections enabled, the generated report does not show any details of the alerts found:

image image

The generated report files are a lot smaller than they used to be (with earlier versions, when the details were included).

Using ZAP 2.14.0, Report Generation plugin 0.31.0.

Reverting to plugin versions bundled with 2.14.0 (by removing the ~/.ZAP/plugin; this reverts Report Generation to 0.26.0) resolves the issue, but as soon as I upgrade plugins to the latest versions, the issue is back.

Steps to reproduce the behavior

  1. Update to Report Generation 0.31.0
  2. Perform active scan
  3. Generate report (Risk and Confidence HTML) with all sections enabled.

Expected behavior

The generated report contains alert details, such as http requests and responses.

Software versions

ZAP Version: 2.14.0

Installed Add-ons: [[id=alertFilters, version=20.0.0], [id=ascanrules, version=65.0.0], [id=authhelper, version=0.12.0], [id=automation, version=0.39.0], [id=bruteforce, version=15.0.0], [id=callhome, version=0.11.0], [id=commonlib, version=1.24.0], [id=database, version=0.3.0], [id=diff, version=14.0.0], [id=directorylistv1, version=7.0.0], [id=domxss, version=18.0.0], [id=encoder, version=1.4.0], [id=exim, version=0.8.0], [id=formhandler, version=6.5.0], [id=fuzz, version=13.12.0], [id=gettingStarted, version=16.0.0], [id=graaljs, version=0.6.0], [id=graphql, version=0.23.0], [id=help, version=17.0.0], [id=hud, version=0.18.0], [id=invoke, version=14.0.0], [id=network, version=0.15.0], [id=oast, version=0.17.0], [id=onlineMenu, version=12.0.0], [id=openapi, version=39.0.0], [id=postman, version=0.3.0], [id=pscanrules, version=57.0.0], [id=quickstart, version=46.0.0], [id=replacer, version=16.0.0], [id=reports, version=0.31.0], [id=requester, version=7.5.0], [id=retest, version=0.8.0], [id=retire, version=0.34.0], [id=reveal, version=7.0.0], [id=scripts, version=45.2.0], [id=selenium, version=15.22.0], [id=soap, version=22.0.0], [id=spider, version=0.10.0], [id=spiderAjax, version=23.18.0], [id=tips, version=12.0.0], [id=webdriverlinux, version=81.0.0], [id=websocket, version=30.0.0], [id=zest, version=44.0.0]]

Operating System: Linux Architecture: amd64 Java Version: Debian 21.0.2 System's Locale: en_US Display Locale: en_GB Format Locale: en_US Default Charset: UTF-8 ZAP Home Directory: /home/username/.ZAP/ ZAP Installation Directory: /usr/share/zaproxy/./ Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

  • [ ] Yes

GunoH avatar Apr 29 '24 08:04 GunoH