Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixed bool param leftover and auth #78

Merged
merged 1 commit into from
Nov 10, 2023
Merged

fixed bool param leftover and auth #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ The basic command to run a baseline scan would look like:
| `--otherOptions` | None | Additional command line arguments for items not supported by the set of parameters above |
| `--outputFormat` | None | Output format for vulnerabilities: only the value SARIF is available at the moment |
| `--projectName` | None | Project Name - this is what will be displayed in the SOOS app |
| `--reportRequestHeaders` | True | Include request/response headers data in report |
| `--reportRequestHeaders` | None | Include request/response headers data in report |
| `--requestCookies` | None | Set Cookie values for the requests to the target URL |
| `--requestHeaders` | None | Set extra Header requests |
| `--scanMode` | baseline | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) |
Expand Down
2 changes: 1 addition & 1 deletion src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,7 @@ class SOOSDASTAnalysis {

parser.add_argument("--reportRequestHeaders", {
help: "Include request/response headers data in report.",
default: true,
action: "store_true",
required: false,
});

Expand Down
7 changes: 5 additions & 2 deletions src/zap_hooks/helpers/auth_context.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ def setup_webdriver() -> webdriver.Chrome:
return driver

def authenticate(zap, target, config):
clear_driver = False
try:
if zap is not None:
setup_context(zap, target, config)
Expand All @@ -87,6 +88,7 @@ def authenticate(zap, target, config):
driver_instance = setup_webdriver()
login(driver_instance, config)
set_authentication(zap, target, driver_instance, config)
clear_driver = True
elif config.auth_bearer_token:
add_authorization_header(
zap, f"Bearer {config.auth_bearer_token}")
Expand All @@ -99,8 +101,9 @@ def authenticate(zap, target, config):
log(f"error in authenticate: {print_exc()}", log_level=LogLevel.ERROR)
finally:
if config.auth_verification_url:
validate_authentication_url(driver_instance, config.auth_verification_url)
cleanup(driver_instance)
validate_authentication_url(driver_instance, config.auth_verification_url)
if (clear_driver):
cleanup(driver_instance)

def set_authentication(zap, target, driver, config):
log('Finding authentication cookies')
Expand Down
Loading