Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ZAP, ZAP-Advanced, Nikto, and Screenshooter cascading rules to support non-standard HTTP(S) ports #922

Merged
merged 5 commits into from
Jan 10, 2022
Merged

Update ZAP, ZAP-Advanced, Nikto, and Screenshooter cascading rules to support non-standard HTTP(S) ports #922

merged 5 commits into from
Jan 10, 2022

Conversation

malexmave
Copy link
Member

@malexmave malexmave commented Jan 10, 2022
edited

Analogous to #920, this commit splits the cascading rule for ZAP, ZAP-advanced, and Screenshooter into two: one for HTTP and one for HTTPS. This allows it to cover HTTP(S) services on nonstandard ports. This also requires adding the port as an extra parameter, which is also done in this change. Nikto already supported this, but now also matches on alternative HTTP ports that are called "http-*"

Also updates the integration test to work with the current version of ZAP plugins (started failing without any changes on our end).

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure npm test runs for the whole project.
  • Make codeclimate checks happy

@malexmave
Split ZAP cascadingrule into two rules
fab0023 
Analogous to #920, this commit splits the cascading rule for ZAP into
two: one for HTTP and one for HTTPS. This allows it to cover HTTP(S)
services on nonstandard ports. This also requires adding the port as
an extra parameter.

Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Update test cases to pass with current ZAP plugins
fd9fa92 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave malexmave added enhancement New feature or request scanner Implement or update a security scanner labels Jan 10, 2022
@malexmave malexmave requested a review from J12934 January 10, 2022 15:35
@malexmave malexmave self-assigned this Jan 10, 2022
@malexmave malexmave added this to In progress in secureCodeBox v3 via automation Jan 10, 2022
@malexmave malexmave moved this from In progress to To Review in secureCodeBox v3 Jan 10, 2022
@malexmave malexmave changed the title Update ZAP cascading rule to support non-standard http(s) ports Update ZAP and ZAP-Advanced cascading rules to support non-standard HTTP(S) ports Jan 10, 2022
@malexmave
Split cascading rule for ZAP-advanced as well
83eda93 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Split cascading rules for screenshooter
9931202 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave
Support alternative HTTP(s) ports for nikto
3c3d873 
Signed-off-by: Max Maass <max.maass@iteratec.com>
@malexmave malexmave changed the title Update ZAP and ZAP-Advanced cascading rules to support non-standard HTTP(S) ports Update ZAP, ZAP-Advanced, Nikto, and Screenshooter cascading rules to support non-standard HTTP(S) ports Jan 10, 2022
secureCodeBox v3 automation moved this from To Review to Reviewer approved Jan 10, 2022
@malexmave malexmave merged commit cd884e5 into main Jan 10, 2022
secureCodeBox v3 automation moved this from Reviewer approved to Done Jan 10, 2022
@malexmave malexmave deleted the fix/zap-cascading-scan-protocols branch January 10, 2022 16:07
@malexmave malexmave moved this from Done to counter in secureCodeBox v3 Jan 14, 2022
This was referenced Jan 6, 2023
Merged
Merged
@rseedorff rseedorff mentioned this pull request Jan 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

@malexmave malexmave

Labels
enhancement New feature or request scanner Implement or update a security scanner
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@malexmave @J12934