Add TAGs for yaml, xml, extended json #8423
Conversation
kingthorin
force-pushed
the
new-tags
branch
2 times, most recently
from
4026090
to
2ba0655
Compare
|
Will add some functionality like this to Constant to handle the upgrade. |
|
Ok I lied, it makes sense to me when it's something being updated or replaced. When it's something new I don't see how this would work out. How do I access the packaged config.xml in the installer vs the one in the installation home on the destination? (I assume the destination one is |
thc202
changed the title
|
See e.g. |
|
Re-jigged the YAML and XML rules/tags. |
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
|
Fixed |
I still need to work on this part. |
|
I'd like to get this into 2.15 which will help cover the Constant changes. I'll prioritize working on it over the weekend and next week. |
I've added it to #8456 😁 |
|
I decided working with the "new" config and trying to compare is too convoluted. I'm just going to use literals and add them when upgrading. Will update PR later today. |
kingthorin
force-pushed
the
new-tags
branch
2 times, most recently
from
06e7420
to
cd80f37
Compare
|
Ready for review. |
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
kingthorin
force-pushed
the
new-tags
branch
4 times, most recently
from
2b345b1
to
c9de075
Compare
kingthorin
force-pushed
the
new-tags
branch
2 times, most recently
from
4f2629c
to
62f5a14
Compare
kingthorin
force-pushed
the
new-tags
branch
2 times, most recently
from
3173fef
to
34f9874
Compare
|
Added the condition and hard coded the TYPE names. |
|
Okay hopefully that covers the last bits. |
kingthorin
force-pushed
the
new-tags
branch
3 times, most recently
from
131caea
to
8c30507
Compare
- config.xml > Add new patterns. Disabled by default. - Constant > Update version info, add upgrade method. - ConstantUnitTest > Add test to ensure new patterns are added on upgrade. - DefaultRegexAutoTagScannerTest > Added tests for the new patterns and modulized initial test(s). Character length restrictions in the patterns are based on http://www.iana.org/assignments/media-types/media-types.xhtml plus extra. Mainly to prevent any possible ReDOS or just stupid processing on an invalid input. Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
|
Thank you! |
Character length restrictions in the patterns are based on http://www.iana.org/assignments/media-types/media-types.xhtml plus extra. Mainly to prevent any possible ReDOS or just stupid processing on an invalid input.
Related to #8399 and #8456