Skip to content

ascanrules: Tidy up External Redirect Scan Rule #6458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 29, 2025
Merged

ascanrules: Tidy up External Redirect Scan Rule #6458

merged 1 commit into from
Jul 29, 2025

Conversation

@kingthorin
Copy link
Member

@kingthorin kingthorin commented May 21, 2025
edited
Loading

Overview

  • CHANGELOG > Add re-ordering note.
  • ExternalRedirectScanRule > Use an enum for payloads & types. Move some logic to be within the payloads enum for simplicity. Move alert reference logic within the types enum. Move payload counts per Strength logic to init method and use a simplified case structure. Remove unnecessary comments.
  • ExternalRedirectScanRuleUnitTest > Remove unnecessary assignments. Use isEmpty vs length greater than zero.

Related Issues

Checklist

  • Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

@psiinon
Copy link
Member

psiinon commented May 21, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details21de6ed5-ff3e-418e-89a8-7946be6cf307

Great job! No new security vulnerabilities introduced in this pull request

@kingthorin
Copy link
Member Author

kingthorin commented May 21, 2025
edited
Loading

Is there any good reason for the type ints to be instantiated in the 0x## format?

L85-92

@thc202 thc202 changed the title ascanrules: Tiddy up ExternalRedirectScanRule ascanrules: Tidy up ExternalRedirectScanRule May 26, 2025
@thc202
Copy link
Member

thc202 commented May 26, 2025

#6458 (comment)

No, and it would be better to use an enum to avoid duplication like in getExampleAlerts().

@kingthorin kingthorin force-pushed the ext-redir-enum branch 4 times, most recently from 743e1f4 to 71fc43e Compare May 26, 2025 16:43
@kingthorin
Copy link
Member Author

kingthorin commented May 26, 2025

Done (I think)

@thc202
Copy link
Member

thc202 commented May 28, 2025
edited
Loading

The point of changing to enum was to also get rid of getAlertReference() and getRedirectionReason().

@kingthorin kingthorin force-pushed the ext-redir-enum branch 3 times, most recently from 7268c09 to 7fe4a10 Compare May 28, 2025 14:32
@kingthorin
Copy link
Member Author

kingthorin commented May 28, 2025

Got all those.

@kingthorin kingthorin force-pushed the ext-redir-enum branch 2 times, most recently from 9eee5d9 to 8949b5f Compare June 20, 2025 11:24
@kingthorin kingthorin requested a review from Copilot June 27, 2025 10:36
Copilot AI reviewed Jun 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR tidies up the ExternalRedirectScanRule functionality by refactoring the payload and redirect type handling into enums and cleaning up test code.

  • Replace integer constants with enums for redirect types and payloads.
  • Refactor payload injection and payload count logic with switch expressions.
  • Update unit tests to use .isEmpty() instead of length checks and remove redundant assignments.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRuleUnitTest.java Refactored empty string checks and cleaned up some redundant assignments.
addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRule.java Replaced integer-based redirect types with enums and refactored payload injection and alert-building logic.
addOns/ascanrules/CHANGELOG.md Added a maintenance note reflecting the code improvements.

...les/src/test/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRuleUnitTest.java Outdated
NEITHER,
ALLOW_LIST,
CONCAT_PARAM,
CONCAT_PATH

This comment was marked as resolved.

Sign in to view

@kingthorin kingthorin force-pushed the ext-redir-enum branch 4 times, most recently from d9e6907 to affee0e Compare July 28, 2025 16:47
kingthorin
kingthorin commented Jul 28, 2025
View reviewed changes
@kingthorin kingthorin force-pushed the ext-redir-enum branch 2 times, most recently from 7853896 to 5a1d500 Compare July 28, 2025 18:01
@kingthorin kingthorin force-pushed the ext-redir-enum branch 2 times, most recently from d1e42de to ca2ff06 Compare July 28, 2025 20:02
kingthorin
kingthorin commented Jul 28, 2025
View reviewed changes
addOns/ascanrules/CHANGELOG.md
- SQL Injection - PostgreSQL
- The Remote OS Command Injection scan rule has been broken into two rules; one feedback based, and one time based (Issue 7341). This includes assigning the time based rule ID 90037.
- For Alerts raised by the SQL Injection scan rules the Attack field values are now simply the payload, not an assembled description.
- Maintenance changes.
Copy link
Member Author

@kingthorin kingthorin Jul 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's at the top of the list.

@kingthorin kingthorin changed the title ascanrules: Tidy up ExternalRedirectScanRule ascanrules: Tidy up External Redirect Scan Rule Jul 28, 2025
@kingthorin
ascanrules: Tiddy up ExternalRedirectScanRule
07531d6 
- CHANGELOG > Add re-ordering note.
- ExternalRedirectScanRule > Use an enum for payloads & types. Move some
logic to be within the payloads enum for simplicity. Move alert
reference logic within the types enum. Move payload counts
per Strength logic to init method and use a simplified case structure.
Remove unnecessary comments.
- ExternalRedirectScanRuleUnitTest > Remove unnecessary assignments. Use
isEmpty vs length greater than zero.

Signed-off-by: kingthorin <[email protected]>
@thc202
Copy link
Member

thc202 commented Jul 29, 2025

Thank you!

@psiinon psiinon merged commit 864d479 into zaproxy:main Jul 29, 2025
9 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Jul 29, 2025
@kingthorin kingthorin deleted the ext-redir-enum branch July 29, 2025 09:46
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@psiinon psiinon psiinon approved these changes

@thc202 thc202 thc202 approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kingthorin @psiinon @thc202