PA-12438 V2.14 Update - Addons (#96)

* PA-12438 V2.14 Update - Addons

* add debug to test

.github/workflows/soos-dast-test.yml

@@ -17,4 +17,4 @@ jobs:
           tags: soosio/dast:${{ github.sha }}
       - name: Run Tests
         run: |
-          docker run soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io
+          docker run soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io --debug

Dockerfile

@@ -26,13 +26,14 @@ RUN mkdir /zap/wrk && cd /opt \
     && export PATH=$PATH:/usr/bin/geckodriver
 
 RUN cd /zap/plugin && \
-	rm -rf ascanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v49/ascanrules-release-49.zap && \
-    rm -rf ascanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v44/ascanrulesBeta-beta-44.zap && \
-	rm -rf commonlib-* && wget https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.12.0/commonlib-release-1.12.0.zap && \
-	rm -rf network-* && wget https://github.com/zaproxy/zap-extensions/releases/download/network-v0.6.0/network-beta-0.6.0.zap && \
-	rm -rf oast-* && wget https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.14.0/oast-beta-0.14.0.zap && \
-	rm -rf pscanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v44/pscanrules-release-44.zap && \
-    rm -rf pscanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v31/pscanrulesBeta-beta-31.zap && \
+	rm -rf ascanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v58/ascanrules-release-58.zap && \
+    rm -rf ascanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v48/ascanrulesBeta-beta-48.zap && \
+	rm -rf commonlib-* && wget https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.18.0/commonlib-release-1.18.0.zap && \
+    rm -rf reports* && wget https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.26.0/reports-release-0.26.0.zap && \
+	rm -rf network-* && wget https://github.com/zaproxy/zap-extensions/releases/download/network-v0.12.0/network-beta-0.12.0.zap && \
+	rm -rf oast-* && wget https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.17.0/oast-beta-0.17.0.zap && \
+	rm -rf pscanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v52/pscanrules-release-52.zap && \
+    rm -rf pscanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v35/pscanrulesBeta-beta-35.zap && \
 	chown -R zap:zap /zap
 
 # Set up Chrome version to be used

package.json

@@ -1,6 +1,6 @@
 {
   "name": "soos-dast",
-  "version": "2.0.19",
+  "version": "2.0.20",
   "description": "SOOS DAST - The affordable no limit web vulnerability scanner",
   "main": "index.js",
   "scripts": {

src/reports/traditional-json-headers/report.json

@@ -1,4 +1,5 @@
 {
+	"@programName": [[${programName}]],
 	"@version": [[${zapVersion}]],
 	"@generated": [[${generatedString}]],
 	"site":[ [#th:block th:each="site, siteState: ${reportData.sites}"][#th:block th:if="${! siteState.first}"],[/th:block]
@@ -7,7 +8,7 @@
 			"@host": "[(${helper.legacyEscapeText(helper.getHostForSite(site), true)})]",
 			"@port": "[(${helper.getPortForSite(site)})]",
 			"@ssl": "[(${helper.isSslSite(site)})]",
-			"alerts": [ [#th:block th:each="alert, alertState: ${helper.getAlertsForSite(alertTree, site)}" th:with="instances=${helper.getAlertInstancesForSite(alertTree, site, alert.name, alert.risk)}"]
+			"alerts": [ [#th:block th:each="alert, alertState: ${helper.getAlertsForSite(alertTree, site)}" th:with="instances=${helper.getAlertInstancesForSite(alertTree, site, alert.pluginId)}"]
 				{
 					"pluginid": "[(${alert.pluginId})]",
 					"alertRef": "[(${alert.alertRef})]",
@@ -18,12 +19,12 @@
 					"riskdesc": "[(${helper.legacyEscapeText(helper.getRiskString(alert.risk) + ' (' + helper.getConfidenceString(alert.confidence) + ')', true)})]",
 					"desc": "[(${helper.legacyEscapeParagraph(alert.description, true)})]",
 					"instances":[ [#th:block th:each="instance, instState: ${instances}" th:unless="${ instState.index > 500}"]
-						[#th:block th:if="${! instState.first}"],[/th:block]
+					[#th:block th:if="${! instState.first}"],[/th:block]
 						{
 							"uri": "[(${helper.legacyEscapeText(instance.uri, true)})]",
 							"method": "[(${helper.legacyEscapeText(instance.method, true)})]",
 							"status-code": [(${instance.message.responseHeader.statusCode})],
-							"param": "[(${helper.legacyEscapeText(instance.param, true)})]",
+							"param": "[(${helper.legacyEscapeTextAlertParam(instance, true)})]",
 							"attack": "[(${helper.legacyEscapeText(instance.attack, true)})]",
 							"evidence": "[(${helper.legacyEscapeText(instance.evidence, true)})]",
 							"request-header": "[(${helper.legacyEscapeText(instance.message.requestHeader, true)})]",
@@ -37,9 +38,16 @@
 					"reference": "[(${helper.legacyEscapeParagraph(alert.reference, true)})]",
 					"cweid": "[(${alert.cweid})]",
 					"wascid": "[(${alert.wascid})]",
-					"sourceid": "[(${alert.sourceHistoryId})]"
-				}[#th:block th:if="${! alertState.last}"],[/th:block][/th:block]
-			]
-		}[/th:block]
+					"sourceid": "[(${alert.sourceHistoryId})]",
+					"tags":[ [#th:block th:each="tag, tagState: ${alert.tags}"][#th:block th:if="${! tagState.first}"],[/th:block]
+										{
+											"tag": [[${tag.key}]],
+										 	"link": [[${tag.value}]]
+										}
+										[/th:block]
+									]
+							}[#th:block th:if="${! alertState.last}"],[/th:block][/th:block]
+					]
+			}[/th:block]
 	]
 }