From 7b718e2bf40fccf8c18ae603f84ddf5039d0e8da Mon Sep 17 00:00:00 2001
From: mmalony <mmalony@soos.io>
Date: Tue, 8 Nov 2022 07:15:03 -0800
Subject: [PATCH 1/5] Disabled reportRequestHeaders option

---
 Dockerfile |  9 +++++----
 main.py    | 32 ++++++++++++++++----------------
 2 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 29587ec..a534659 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,10 +10,11 @@ COPY ./model model/
 COPY ./scripts/httpsender /home/zap/.ZAP_D/scripts/scripts/httpsender/
 RUN chmod 777 /home/zap/.ZAP_D/scripts/scripts/httpsender/
 
-COPY ./reports/traditional-json /zap/reports/traditional-json
-COPY ./reports/traditional-json-headers /zap/reports/traditional-json-headers
-RUN chmod -R 444 /zap/reports/traditional-json
-RUN chmod -R 444 /zap/reports/traditional-json-headers
+# Needed for reportRequestHeaders option, disabled until functionality is pulled into stable zap release
+# COPY ./reports/traditional-json /zap/reports/traditional-json
+# COPY ./reports/traditional-json-headers /zap/reports/traditional-json-headers
+# RUN chmod -R 444 /zap/reports/traditional-json
+# RUN chmod -R 444 /zap/reports/traditional-json-headers
 
 RUN pip3 install -r requirements.txt && mkdir /zap/wrk && cd /opt \
 	&& wget -qO- -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/v0.30.0/geckodriver-v0.30.0-linux64.tar.gz \
diff --git a/main.py b/main.py
index 32e5936..c33110c 100644
--- a/main.py
+++ b/main.py
@@ -859,13 +859,13 @@ def parse_args(self) -> None:
             nargs="*",
             required=False,
         )
-        parser.add_argument(
-            "--reportRequestHeaders",
-            help="Include request/response headers data in report",
-            type=str,
-            default="True",
-            required=False
-        )
+        # parser.add_argument(
+        #    "--reportRequestHeaders",
+        #    help="Include request/response headers data in report",
+        #    type=str,
+        #    default="True",
+        #    required=False
+        # )
         parser.add_argument(
             "--outputFormat",
             help="Output format for vulnerabilities: only the value SARIF is available at the moment",
@@ -982,15 +982,15 @@ def run_analysis(self) -> None:
                 exit_app(f"The scan mode {self.scan_mode} is invalid.")
                 return None
 
-            log(f"Copying report templates. Include request headers: {self.report_request_headers}", log_level=LogLevel.DEBUG)
-            os.system("mkdir -p ~/.ZAP_D/reports")
-            os.system("mkdir -p /root/.ZAP_D/reports")
-            if self.report_request_headers is True:
-                os.system("cp -R /zap/reports/traditional-json-headers ~/.ZAP_D/reports/traditional-json")
-                os.system("cp -R /zap/reports/traditional-json-headers /root/.ZAP_D/reports/traditional-json")
-            else:
-                os.system("cp -R /zap/reports/traditional-json ~/.ZAP_D/reports/traditional-json")
-                os.system("cp -R /zap/reports/traditional-json /root/.ZAP_D/reports/traditional-json")
+            # log(f"Copying report templates. Include request headers: {self.report_request_headers}", log_level=LogLevel.DEBUG)
+            # os.system("mkdir -p ~/.ZAP_D/reports")
+            # os.system("mkdir -p /root/.ZAP_D/reports")
+            # if self.report_request_headers is True:
+            #    os.system("cp -R /zap/reports/traditional-json-headers ~/.ZAP_D/reports/traditional-json")
+            #    os.system("cp -R /zap/reports/traditional-json-headers /root/.ZAP_D/reports/traditional-json")
+            # else:
+            #    os.system("cp -R /zap/reports/traditional-json ~/.ZAP_D/reports/traditional-json")
+            #    os.system("cp -R /zap/reports/traditional-json /root/.ZAP_D/reports/traditional-json")
 
             command: str = scan_function()
 

From 46313903d39d31aeab0b690d4b440bbec049b68c Mon Sep 17 00:00:00 2001
From: mmalony <mmalony@soos.io>
Date: Tue, 8 Nov 2022 07:23:44 -0800
Subject: [PATCH 2/5] Keeping param.

---
 main.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.py b/main.py
index c33110c..7bded10 100644
--- a/main.py
+++ b/main.py
@@ -859,13 +859,13 @@ def parse_args(self) -> None:
             nargs="*",
             required=False,
         )
-        # parser.add_argument(
-        #    "--reportRequestHeaders",
-        #    help="Include request/response headers data in report",
-        #    type=str,
-        #    default="True",
-        #    required=False
-        # )
+        parser.add_argument(
+            "--reportRequestHeaders",
+            help="Include request/response headers data in report",
+            type=str,
+            default="True",
+            required=False
+        )
         parser.add_argument(
             "--outputFormat",
             help="Output format for vulnerabilities: only the value SARIF is available at the moment",

From 561b45050e0e502596ecde177db40082326204fc Mon Sep 17 00:00:00 2001
From: mmalony <mmalony@soos.io>
Date: Tue, 8 Nov 2022 07:44:43 -0800
Subject: [PATCH 3/5] Log message for reportRequestHeaders param.

---
 main.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/main.py b/main.py
index 7bded10..15ef495 100644
--- a/main.py
+++ b/main.py
@@ -243,6 +243,7 @@ def parse_configuration(self, configuration: Dict, target_url: str):
             elif key == "reportRequestHeaders":
                 if str.lower(value) == "true":
                     self.report_request_headers = True
+                    log("Argument 'reportRequestHeaders' is temporarily disabled, parameter will be ignored.")
                 else:
                     self.report_request_headers = False
             elif key == "onFailure":

From d00bff16715328294b01ef2175c11411c4c86385 Mon Sep 17 00:00:00 2001
From: mmalony <mmalony@soos.io>
Date: Tue, 8 Nov 2022 07:45:46 -0800
Subject: [PATCH 4/5] reportRequestHeaders default = false.

---
 main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.py b/main.py
index 15ef495..ed31983 100644
--- a/main.py
+++ b/main.py
@@ -864,7 +864,7 @@ def parse_args(self) -> None:
             "--reportRequestHeaders",
             help="Include request/response headers data in report",
             type=str,
-            default="True",
+            default="False",
             required=False
         )
         parser.add_argument(

From 98c14152d7c26209ddf1d1a8bd8dc0437bbadf65 Mon Sep 17 00:00:00 2001
From: mmalony <mmalony@soos.io>
Date: Tue, 8 Nov 2022 07:54:15 -0800
Subject: [PATCH 5/5] reportRequestHeaders default = false.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f477cd0..c82183d 100644
--- a/README.md
+++ b/README.md
@@ -69,7 +69,7 @@ The basic command to run a baseline scan would look like:
 | --buildVersion | None | Version of application build artifacts |
 | --buildURI | None | URI to CI build info |
 | --operatingEnvironment | None | Set Operating environment for information purposes only |
-| --reportRequestHeaders | True | Include request/response headers data in report |
+| --reportRequestHeaders | False | Include request/response headers data in report |
 | --outputFormat | None | Output format for vulnerabilities: only the value SARIF is available at the moment |
 | --gpat | None | GitHub Personal Authorization Token |
 | --bearerToken | None | Bearer token to authenticate |