-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
alert: Add CWE Alert Tag when building and CWE ID has been set #8190
Conversation
257ee53
to
24a4eb5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The function Alert#setCweId
should be updated too?
public void setCweId(int cweId) { |
I dunno we didn't update the old alert functionality when we implemented addTag/removeTag. I'm happy to do either, but was trying to stay consistent. |
Whatever we do we should document these side effects to avoid surprises (e.g. I can see this breaking our unit tests as there will be more tags now). |
Okay how about this?
|
Or, we could go a totally different way. Implement convenience methods in Common Lib for it and then make sure that it gets used in all scan rules. We could even add generic tests for it 🤷♂️ In guess that'd be more maintenance friendly as far as the URL goes. |
Crew I need some feedback on this so that it can be moved ahead. |
Anyone out there? |
I like the original approach of adding the tags in the builder (i.e. in |
I'm also happy with the builder way, my only concern is the URL (though that one should stay stable…). |
Thank you both! I'll get this reworked. |
0f4303f
to
7359e0a
Compare
Tweaked. |
zap/src/test/java/org/parosproxy/paros/core/scanner/AlertUnitTest.java
Outdated
Show resolved
Hide resolved
8b12b87
to
66d6887
Compare
Tweaked |
3da75c2
to
53ccfcc
Compare
Okay think I got this into a more expected state. |
3bfda0a
to
ac4486f
Compare
Tweaked again. |
b620652
to
34d38b6
Compare
Okay hopefully this is finally good to go. |
ef1dd73
to
7ab557f
Compare
I had to re-work it a bit more because I was getting NPE and unmodifiable map exceptions while working on something else this evening. Hopefully it's in a good state now. |
758f337
to
0c59091
Compare
Thank you! |
For the record this will mean that we need to update "expected mappings" type unit tests when zap-extensions migrates to 2.15. |
Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
0c59091
to
f616abe
Compare
This PR has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I also looked at doing this for WASC IDs but they don't have a handy URL, we'd have to add a pre-populated map which isn't impossible, but did seem like too much work for this morning 😀