New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ascanrulesAlpha: Improve rule performance by not calculating Levenshtein distance above the threshold #3329
ascanrulesAlpha: Improve rule performance by not calculating Levenshtein distance above the threshold #3329
Conversation
Tweaked the pull request description to not actually fix the issue if this is merged. |
The CHANGELOG.md should be updated. The LGTM failure can be addressed by rebasing current. Thanks for tackling this. |
@@ -138,6 +146,20 @@ void shouldReturnExpectedMappings() { | |||
is(equalTo(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getValue()))); | |||
} | |||
|
|||
@Test | |||
@Timeout(value=3, unit=TimeUnit.SECONDS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, I didn't know this was a thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, just needs a change note.
The LGTM failure is caused by use of Java 11 APIs. |
Oh oops, I just noticed the branch was behind 😉 |
Ok, there was no |
That's defined in zap-extensions/addOns/addOns.gradle.kts Lines 99 to 109 in c87edce
|
Thanks, there is indeed. Now I wonder why it has built successfully locally in my environment, and did not complain about it :) |
How did you build? Command line or IDE? |
Fixed Java API and formatting issues. |
...c/test/java/org/zaproxy/zap/extension/ascanrulesAlpha/WebCacheDeceptionScanRuleUnitTest.java
Show resolved
Hide resolved
I can squash this or it can be squashed at merge if it’s good to go. |
IMO we should fix the issue rather than add workarounds (e.g. #2892). I might take a look at that the following days. |
Okay. |
…e the threshold Signed-off-by: pf-msi <piotr.furman@motorolasolutions.com>
412c445
to
75e1597
Compare
Rebased to move the changelog entry to unreleased version. |
Thank you both! |
While longer term it would be better to replace the algorithm having this change is still better than keep hanging the scan rule. |
I think a number of these can probably use ComparableResponse once it's ready. |
Fixes partially zaproxy/zaproxy#6655.
Issue zaproxy/zaproxy#6655 describes three problems. This PR should fix first of them, regarding performance of WebCacheDeceptionScanRule. As suggested in the issue comments, there's no point in calculating exact Levenshtein distance after reaching specified threshold.
Signed-off-by: pf-msi piotr.furman@motorolasolutions.com