Skip to content

Commit 24d9f9e

Browse files
aasthasahni9aasthasahni9
committed
Removed extra comments and added the correct codel ink and help link
Signed-off-by: Aastha Sahni <[email protected]>
1 parent 0de188d commit 24d9f9e

File tree

1 file changed

+3
-8
lines changed

1 file changed

+3
-8
lines changed

active/swagger-secret-detector .js

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,6 @@
22
// -------------------------------------------------------------------
33
// Swagger Secrets & Version Detector - ZAP Active Scan Rule Script
44
// -------------------------------------------------------------------
5-
// Modern ZAP registration using getMetadata() function
6-
// Import required ZAP Java types for modern registration
7-
85
var URI = Java.type("org.apache.commons.httpclient.URI");
96
var ScanRuleMetadata = Java.type(
107
"org.zaproxy.addon.commonlib.scanrules.ScanRuleMetadata"
@@ -29,8 +26,8 @@ alertTags:
2926
${CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getTag()}: ${CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getValue()}
3027
${CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag()}: ${CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getValue()}
3128
status: alpha
32-
codeLink: https://example.com/swagger-ui-detector.js
33-
helpLink: https://www.example.com/
29+
codeLink: https://github.com/zaproxy/community-scripts/blob/main/active/swagger-secret-detector.js
30+
helpLink: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
3431
`);
3532
}
3633

@@ -342,10 +339,8 @@ function detectSecrets(as, requestMsg, fullPath, body) {
342339
.setDescription(
343340
"Swagger UI endpoint exposes sensitive secrets such as client secrets, API keys, or OAuth tokens. These secrets may be accessible in the HTML source and should not be exposed publicly, as this can lead to compromise."
344341
)
345-
// .setEvidence(redactedEvidence.join("\n"))
346342
.setEvidence(redactedEvidence[0])
347343
.setOtherInfo("All secrets exposed:\n" + redactedEvidence.join("\n"))
348-
//.setOtherInfo("Discovered at: " + fullPath)
349344
.setSolution(
350345
"Remove hardcoded secrets from documentation and ensure the endpoint is protected with authentication."
351346
)
@@ -355,4 +350,4 @@ function detectSecrets(as, requestMsg, fullPath, body) {
355350
.setMessage(requestMsg)
356351
.raise();
357352
}
358-
}
353+
}

0 commit comments

Comments
 (0)