Disabled reportRequestHeaders option (#52)

Dockerfile

@@ -10,10 +10,11 @@ COPY ./model model/
 COPY ./scripts/httpsender /home/zap/.ZAP_D/scripts/scripts/httpsender/
 RUN chmod 777 /home/zap/.ZAP_D/scripts/scripts/httpsender/
 
-COPY ./reports/traditional-json /zap/reports/traditional-json
-COPY ./reports/traditional-json-headers /zap/reports/traditional-json-headers
-RUN chmod -R 444 /zap/reports/traditional-json
-RUN chmod -R 444 /zap/reports/traditional-json-headers
+# Needed for reportRequestHeaders option, disabled until functionality is pulled into stable zap release
+# COPY ./reports/traditional-json /zap/reports/traditional-json
+# COPY ./reports/traditional-json-headers /zap/reports/traditional-json-headers
+# RUN chmod -R 444 /zap/reports/traditional-json
+# RUN chmod -R 444 /zap/reports/traditional-json-headers
 
 RUN pip3 install -r requirements.txt && mkdir /zap/wrk && cd /opt \
 	&& wget -qO- -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz \

README.md

@@ -69,7 +69,7 @@ The basic command to run a baseline scan would look like:
 | --buildVersion | None | Version of application build artifacts |
 | --buildURI | None | URI to CI build info |
 | --operatingEnvironment | None | Set Operating environment for information purposes only |
-| --reportRequestHeaders | True | Include request/response headers data in report |
+| --reportRequestHeaders | False | Include request/response headers data in report |
 | --outputFormat | None | Output format for vulnerabilities: only the value SARIF is available at the moment |
 | --gpat | None | GitHub Personal Authorization Token |
 | --bearerToken | None | Bearer token to authenticate |

main.py

@@ -243,6 +243,7 @@ def parse_configuration(self, configuration: Dict, target_url: str):
             elif key == "reportRequestHeaders":
                 if str.lower(value) == "true":
                     self.report_request_headers = True
+                    log("Argument 'reportRequestHeaders' is temporarily disabled, parameter will be ignored.")
                 else:
                     self.report_request_headers = False
             elif key == "onFailure":
@@ -863,7 +864,7 @@ def parse_args(self) -> None:
             "--reportRequestHeaders",
             help="Include request/response headers data in report",
             type=str,
-            default="True",
+            default="False",
             required=False
         )
         parser.add_argument(
@@ -982,15 +983,15 @@ def run_analysis(self) -> None:
                 exit_app(f"The scan mode {self.scan_mode} is invalid.")
                 return None
 
-            log(f"Copying report templates. Include request headers: {self.report_request_headers}", log_level=LogLevel.DEBUG)
-            os.system("mkdir -p ~/.ZAP_D/reports")
-            os.system("mkdir -p /root/.ZAP_D/reports")
-            if self.report_request_headers is True:
-                os.system("cp -R /zap/reports/traditional-json-headers ~/.ZAP_D/reports/traditional-json")
-                os.system("cp -R /zap/reports/traditional-json-headers /root/.ZAP_D/reports/traditional-json")
-            else:
-                os.system("cp -R /zap/reports/traditional-json ~/.ZAP_D/reports/traditional-json")
-                os.system("cp -R /zap/reports/traditional-json /root/.ZAP_D/reports/traditional-json")
+            # log(f"Copying report templates. Include request headers: {self.report_request_headers}", log_level=LogLevel.DEBUG)
+            # os.system("mkdir -p ~/.ZAP_D/reports")
+            # os.system("mkdir -p /root/.ZAP_D/reports")
+            # if self.report_request_headers is True:
+            #    os.system("cp -R /zap/reports/traditional-json-headers ~/.ZAP_D/reports/traditional-json")
+            #    os.system("cp -R /zap/reports/traditional-json-headers /root/.ZAP_D/reports/traditional-json")
+            # else:
+            #    os.system("cp -R /zap/reports/traditional-json ~/.ZAP_D/reports/traditional-json")
+            #    os.system("cp -R /zap/reports/traditional-json /root/.ZAP_D/reports/traditional-json")
 
             command: str = scan_function()