Skip to content

pscanrules: Charset Mismatch add example alerts #6544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 29, 2025
Merged

pscanrules: Charset Mismatch add example alerts #6544

merged 1 commit into from
Oct 29, 2025

Conversation

@kingthorin
Copy link
Member

@kingthorin kingthorin commented Jun 30, 2025

Overview

  • CHANGELOG > Add note.
  • CharsetMismatchScanRule > Add example alerts, adjust handling, some minor related clean code changes.
  • CharsetMismatchScanRuleUnitTest > Add test to assert the example details, use parameterized case where practical.
  • Messages.properties > Clarify one of the descriptions.

Related Issues

@psiinon
Copy link
Member

psiinon commented Jun 30, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details39a9afb5-3ea9-4e27-99f2-75db151a2d31

Fixed Issues (3)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM Use_Of_Hardcoded_Password /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java: 169
LOW Heap_Inspection /addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthUtilsUnitTest.java: 1297
LOW Heap_Inspection /addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthUtilsUnitTest.java: 1318

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@kingthorin kingthorin force-pushed the charset-examples branch 3 times, most recently from f78f727 to 74a1df3 Compare June 30, 2025 12:33
@kingthorin kingthorin requested a review from Copilot July 21, 2025 00:42
Copilot AI reviewed Jul 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the Charset Mismatch scan rule by adding example alert functionality for documentation generation and improving alert handling. The changes include adding example alerts for all mismatch types, implementing alert references, and removing a previously flagged variant about META content-type missing that affected older clients.

Key changes:

  • Added example alert functionality and alert references to the scan rule
  • Removed the "META Content-Type Charset Missing" alert variant and related functionality
  • Refactored test structure to use parameterized tests and simplified test setup

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
CharsetMismatchScanRule.java Added example alerts, alert references, refactored MismatchType enum, and removed deprecated alert variant
CharsetMismatchScanRuleUnitTest.java Updated tests to verify example alerts, converted to parameterized tests, and removed tests for deprecated functionality
Messages.properties Removed message keys for deprecated META content-type missing alert variant
pscanrules.html Removed documentation for deprecated META content-type missing alert
CHANGELOG.md Added changelog entries documenting the additions and removals
Comments suppressed due to low confidence (1)

addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java:56

  • The string literal is missing the closing '\n' character. It should be 'Content-Type: text/html;charset=UTF-8\r\n'.
        Map<String, String> alertTags = new HashMap<>();

@kingthorin kingthorin mentioned this pull request Jun 29, 2025
Open
3 tasks
@kingthorin
Copy link
Member Author

kingthorin commented Sep 17, 2025

Deconflicted

thc202
thc202 reviewed Oct 28, 2025
View reviewed changes
@thc202
Copy link
Member

thc202 commented Oct 28, 2025

The commit message has conflict leftovers.

@kingthorin kingthorin force-pushed the charset-examples branch 2 times, most recently from 1e62f81 to eab8204 Compare October 29, 2025 01:24
@kingthorin
Copy link
Member Author

kingthorin commented Oct 29, 2025

Got all those (I think)

@kingthorin
Copy link
Member Author

kingthorin commented Oct 29, 2025

The Windows CI failure is unrelated

@kingthorin kingthorin force-pushed the charset-examples branch 2 times, most recently from 1cb590a to 5e91ffa Compare October 29, 2025 12:21
@kingthorin
Copy link
Member Author

kingthorin commented Oct 29, 2025

Done & done

@kingthorin
pscanrules: Charset Mismatch add example alerts
4b6cfd8 
- CHANGELOG > Add note.
- CharsetMismatchScanRule > Add example alerts, adjust handling, some
minor related clean code changes. Drop alert related to "older clients".
- CharsetMismatchScanRuleUnitTest > Add test to assert the example
details, use parameterized case where practical.
- Messages.properties > Clarify one of the descriptions.
- Help > Drop details related to "older clients" alert.

Signed-off-by: kingthorin <[email protected]>
@thc202
Copy link
Member

thc202 commented Oct 29, 2025

Thank you!

@thc202 thc202 enabled auto-merge October 29, 2025 15:05
@thc202 thc202 merged commit 447877a into zaproxy:main Oct 29, 2025
17 of 22 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Oct 29, 2025
@kingthorin kingthorin deleted the charset-examples branch October 29, 2025 16:21
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@psiinon psiinon psiinon approved these changes

@thc202 thc202 thc202 approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kingthorin @psiinon @thc202