From e9f321a205ce3de307333d7e9ff66d042b2da7e4 Mon Sep 17 00:00:00 2001 From: SOOS-JAlvarez <92373106+SOOS-JAlvarez@users.noreply.github.com> Date: Thu, 25 Jan 2024 11:49:11 -0300 Subject: [PATCH] PA-12438 V2.14 Update - Addons (#96) * PA-12438 V2.14 Update - Addons * add debug to test --- .github/workflows/soos-dast-test.yml | 2 +- Dockerfile | 15 +++++++------ package-lock.json | 4 ++-- package.json | 2 +- .../traditional-json-headers/report.json | 22 +++++++++++++------ 5 files changed, 27 insertions(+), 18 deletions(-) diff --git a/.github/workflows/soos-dast-test.yml b/.github/workflows/soos-dast-test.yml index 874bf1a..9288be2 100644 --- a/.github/workflows/soos-dast-test.yml +++ b/.github/workflows/soos-dast-test.yml @@ -17,4 +17,4 @@ jobs: tags: soosio/dast:${{ github.sha }} - name: Run Tests run: | - docker run soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io \ No newline at end of file + docker run soosio/dast:${{ github.sha }} --clientId=${{secrets.SOOS_CLIENT_ID}} --apiKey=${{secrets.SOOS_API_KEY}} --apiURL="https://dev-api.soos.io/api/" --projectName="soos-dast" https://soos.io --debug \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index cabeb51..8f1034f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,13 +26,14 @@ RUN mkdir /zap/wrk && cd /opt \ && export PATH=$PATH:/usr/bin/geckodriver RUN cd /zap/plugin && \ - rm -rf ascanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v49/ascanrules-release-49.zap && \ - rm -rf ascanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v44/ascanrulesBeta-beta-44.zap && \ - rm -rf commonlib-* && wget https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.12.0/commonlib-release-1.12.0.zap && \ - rm -rf network-* && wget https://github.com/zaproxy/zap-extensions/releases/download/network-v0.6.0/network-beta-0.6.0.zap && \ - rm -rf oast-* && wget https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.14.0/oast-beta-0.14.0.zap && \ - rm -rf pscanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v44/pscanrules-release-44.zap && \ - rm -rf pscanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v31/pscanrulesBeta-beta-31.zap && \ + rm -rf ascanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v58/ascanrules-release-58.zap && \ + rm -rf ascanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v48/ascanrulesBeta-beta-48.zap && \ + rm -rf commonlib-* && wget https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.18.0/commonlib-release-1.18.0.zap && \ + rm -rf reports* && wget https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.26.0/reports-release-0.26.0.zap && \ + rm -rf network-* && wget https://github.com/zaproxy/zap-extensions/releases/download/network-v0.12.0/network-beta-0.12.0.zap && \ + rm -rf oast-* && wget https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.17.0/oast-beta-0.17.0.zap && \ + rm -rf pscanrules-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v52/pscanrules-release-52.zap && \ + rm -rf pscanrulesBeta-* && wget https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v35/pscanrulesBeta-beta-35.zap && \ chown -R zap:zap /zap # Set up Chrome version to be used diff --git a/package-lock.json b/package-lock.json index 624da89..07f5e82 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "soos-dast", - "version": "2.0.19", + "version": "2.0.20", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "soos-dast", - "version": "2.0.19", + "version": "2.0.20", "license": "MIT", "dependencies": { "@soos-io/api-client": "0.2.35", diff --git a/package.json b/package.json index 4dd83ad..13a27a5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "soos-dast", - "version": "2.0.19", + "version": "2.0.20", "description": "SOOS DAST - The affordable no limit web vulnerability scanner", "main": "index.js", "scripts": { diff --git a/src/reports/traditional-json-headers/report.json b/src/reports/traditional-json-headers/report.json index ab951e0..fc05fba 100644 --- a/src/reports/traditional-json-headers/report.json +++ b/src/reports/traditional-json-headers/report.json @@ -1,4 +1,5 @@ { + "@programName": [[${programName}]], "@version": [[${zapVersion}]], "@generated": [[${generatedString}]], "site":[ [#th:block th:each="site, siteState: ${reportData.sites}"][#th:block th:if="${! siteState.first}"],[/th:block] @@ -7,7 +8,7 @@ "@host": "[(${helper.legacyEscapeText(helper.getHostForSite(site), true)})]", "@port": "[(${helper.getPortForSite(site)})]", "@ssl": "[(${helper.isSslSite(site)})]", - "alerts": [ [#th:block th:each="alert, alertState: ${helper.getAlertsForSite(alertTree, site)}" th:with="instances=${helper.getAlertInstancesForSite(alertTree, site, alert.name, alert.risk)}"] + "alerts": [ [#th:block th:each="alert, alertState: ${helper.getAlertsForSite(alertTree, site)}" th:with="instances=${helper.getAlertInstancesForSite(alertTree, site, alert.pluginId)}"] { "pluginid": "[(${alert.pluginId})]", "alertRef": "[(${alert.alertRef})]", @@ -18,12 +19,12 @@ "riskdesc": "[(${helper.legacyEscapeText(helper.getRiskString(alert.risk) + ' (' + helper.getConfidenceString(alert.confidence) + ')', true)})]", "desc": "[(${helper.legacyEscapeParagraph(alert.description, true)})]", "instances":[ [#th:block th:each="instance, instState: ${instances}" th:unless="${ instState.index > 500}"] - [#th:block th:if="${! instState.first}"],[/th:block] + [#th:block th:if="${! instState.first}"],[/th:block] { "uri": "[(${helper.legacyEscapeText(instance.uri, true)})]", "method": "[(${helper.legacyEscapeText(instance.method, true)})]", "status-code": [(${instance.message.responseHeader.statusCode})], - "param": "[(${helper.legacyEscapeText(instance.param, true)})]", + "param": "[(${helper.legacyEscapeTextAlertParam(instance, true)})]", "attack": "[(${helper.legacyEscapeText(instance.attack, true)})]", "evidence": "[(${helper.legacyEscapeText(instance.evidence, true)})]", "request-header": "[(${helper.legacyEscapeText(instance.message.requestHeader, true)})]", @@ -37,9 +38,16 @@ "reference": "[(${helper.legacyEscapeParagraph(alert.reference, true)})]", "cweid": "[(${alert.cweid})]", "wascid": "[(${alert.wascid})]", - "sourceid": "[(${alert.sourceHistoryId})]" - }[#th:block th:if="${! alertState.last}"],[/th:block][/th:block] - ] - }[/th:block] + "sourceid": "[(${alert.sourceHistoryId})]", + "tags":[ [#th:block th:each="tag, tagState: ${alert.tags}"][#th:block th:if="${! tagState.first}"],[/th:block] + { + "tag": [[${tag.key}]], + "link": [[${tag.value}]] + } + [/th:block] + ] + }[#th:block th:if="${! alertState.last}"],[/th:block][/th:block] + ] + }[/th:block] ] }