Skip to content

Add unexpected_responses.js script #240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thc202 merged 4 commits into from
Sep 7, 2021
Merged

Add unexpected_responses.js script #240

thc202 merged 4 commits into from
Sep 7, 2021

Conversation

@rbailey-godaddy
Copy link
Contributor

@rbailey-godaddy rbailey-godaddy commented Aug 18, 2021

This is another variation on the "do something if we see a surprising response" theme, but is intended to be more flexible:

  • The script uses parameters rather than hard-coded values
  • Response codes are tested against a regular expression rather than a literal value
  • A sense code is used to indicate if matching the regex is "good" or "bad", so you can either whitelist or blacklist depending on your particular use case
  • Failures (unexpected responses) generate alerts. The formatting here was tailored for mechanical consumption, but there are suggestions in the comments if you value "pretty" output

@lgtm-com

This comment has been minimized.

Sign in to view
@rscottbailey
Add unexpected_responses.js script
2f4565c 
This is another variation on the "do something if we see a surprising
response" theme, but is intended to be more flexible:

* Response codes are tested against a regular expression rather than
  a literal value
* A sense code is used to indicate if matching the regex is "good" or
  "bad", so you can either whitelist or blacklist depending on your
  particular use case
* Failures (unexpected responses) generate alerts. The formatting here
  was tailored for mechanical consumption, but there are suggestions in
  the comments if you value "pretty" output

Signed-off-by: Scott Bailey <scott.bailey@godaddy.com>
@rbailey-godaddy rbailey-godaddy force-pushed the unexpected_responses.js branch from c11b8b4 to 2f4565c Compare August 18, 2021 14:52
@lgtm-com

This comment has been minimized.

Sign in to view
@rscottbailey
Add missing declaration
43a1a2b 
Signed-off-by: Scott Bailey <scott.bailey@godaddy.com>
@kingthorin
Copy link
Member

kingthorin commented Aug 18, 2021

Could you update https://github.com/zaproxy/community-scripts/blob/main/CHANGELOG.md with an added note in the unreleased section?

Also you seem to have committed with two different accounts, if that's something that matters to you, feel free to tweak it and force push.

@rscottbailey
Add new script to CHANGELOG
c8ee40a 
Signed-off-by: Scott Bailey <scott.bailey@godaddy.com>
@rbailey-godaddy
Copy link
Contributor Author

rbailey-godaddy commented Aug 19, 2021

Could you update https://github.com/zaproxy/community-scripts/blob/main/CHANGELOG.md with an added note in the unreleased section?

Done.

Also you seem to have committed with two different accounts, if that's something that matters to you, feel free to tweak it and force push.

I don't care that much -- they're both me. ;-)

thc202
thc202 reviewed Sep 7, 2021
View reviewed changes
@rscottbailey
Doc updates from PR reviews
809a6d5 
Signed-off-by: Scott Bailey <scott.bailey@godaddy.com>
@thc202 thc202 merged commit 481660a into zaproxy:main Sep 7, 2021
@thc202
Copy link
Member

thc202 commented Sep 7, 2021

Thank you!

@rbailey-godaddy rbailey-godaddy deleted the unexpected_responses.js branch September 7, 2021 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thc202 thc202 thc202 approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rbailey-godaddy @kingthorin @thc202 @rscottbailey