pscanrules: Charset Mismatch add example alerts #6544
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Great job! No new security vulnerabilities introduced in this pull requestUse @Checkmarx to reach out to us for assistance. Just send a PR comment with Examples: |
kingthorin
commented
Jun 30, 2025
| pscanrules.charsetmismatch.extrainfo.html.header_metacontentype_mismatch = There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [{0}] and [{1}] do not match. | ||
| pscanrules.charsetmismatch.extrainfo.html.metacontenttype_metacharset_mismatch = There was a charset mismatch between the META charset and the META content-type encoding declaration: [{0}] and [{1}] do not match. | ||
| pscanrules.charsetmismatch.extrainfo.html.no_mismatch_metacontenttype_missing = Charset is defined only by META charset, older clients that expect character set to be defined by META content-type may not correctly display this content. | ||
| pscanrules.charsetmismatch.extrainfo.html.no_mismatch_metacontenttype_missing = Charset is defined only by META charset, older clients that do not expect character set to be defined by META content-type may not correctly display this content. |
There was a problem hiding this comment.
It's 2025 should we actually just drop this alert variant?
There was a problem hiding this comment.
Executive decision: Dropping 😀
kingthorin
force-pushed
the
charset-examples
branch
3 times, most recently
from
f78f727 to
74a1df3
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the Charset Mismatch scan rule by adding example alert functionality for documentation generation and improving alert handling. The changes include adding example alerts for all mismatch types, implementing alert references, and removing a previously flagged variant about META content-type missing that affected older clients.
Key changes:
- Added example alert functionality and alert references to the scan rule
- Removed the "META Content-Type Charset Missing" alert variant and related functionality
- Refactored test structure to use parameterized tests and simplified test setup
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| CharsetMismatchScanRule.java | Added example alerts, alert references, refactored MismatchType enum, and removed deprecated alert variant |
| CharsetMismatchScanRuleUnitTest.java | Updated tests to verify example alerts, converted to parameterized tests, and removed tests for deprecated functionality |
| Messages.properties | Removed message keys for deprecated META content-type missing alert variant |
| pscanrules.html | Removed documentation for deprecated META content-type missing alert |
| CHANGELOG.md | Added changelog entries documenting the additions and removals |
Comments suppressed due to low confidence (1)
addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java:56
- The string literal is missing the closing '\n' character. It should be 'Content-Type: text/html;charset=UTF-8\r\n'.
Map<String, String> alertTags = new HashMap<>();
3 tasks
kingthorin
force-pushed
the
charset-examples
branch
from
74a1df3 to
0208fb4
Compare
|
Deconflicted |
- CHANGELOG > Add note. - CharsetMismatchScanRule > Add example alerts, adjust handling, some minor related clean code changes. Drop alert related to "older clients". - CharsetMismatchScanRuleUnitTest > Add test to assert the example details, use parameterized case where practical. - Messages.properties > Clarify one of the descriptions. - Help > Drop details related to "older clients" alert. Signed-off-by: kingthorin <[email protected]>
kingthorin
force-pushed
the
charset-examples
branch
from
0208fb4 to
06bff07
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Related Issues