ascanrulesAlpha: Add Suspicious Input Transformation Script #6768
Conversation
ricekot
force-pushed
the
ascanrulesAlpha/add-sus-input-transform-rule
branch
2 times, most recently
from
57e3ac5 to
04acace
Compare
|
Great job! No new security vulnerabilities introduced in this pull requestUse @Checkmarx to reach out to us for assistance. Just send a PR comment with Examples: |
| ); | ||
| const CommonAlertTag = Java.type("org.zaproxy.addon.commonlib.CommonAlertTag"); | ||
| const RandomStringUtils = Java.type( | ||
| "org.apache.commons.lang3.RandomStringUtils", |
There was a problem hiding this comment.
I used prettier to format the script, that added the comma...
There was a problem hiding this comment.
Okay, just seemed out of place 🤷
| id: 100044 | ||
| name: Suspicious Input Transformation | ||
| description: > | ||
| The application performed suspicious input transformation that may indicate a security vulnerability. |
There was a problem hiding this comment.
...a suspicious...
or
....transformations...
| HttpMessage msg = getHttpMessage(path + "?param=value"); | ||
|
|
||
| // When | ||
| rule.init(msg, parent); |
There was a problem hiding this comment.
Kinda nit picky but I think most of the Java rule tests have the init as part of the // Given block
There was a problem hiding this comment.
Yeah I was thinking that too, will tweak
ricekot
force-pushed
the
ascanrulesAlpha/add-sus-input-transform-rule
branch
3 times, most recently
from
0483978 to
452ff8b
Compare
Signed-off-by: ricekot <[email protected]>
ricekot
force-pushed
the
ascanrulesAlpha/add-sus-input-transform-rule
branch
from
452ff8b to
efc9845
Compare
No description provided.