-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TAGs for yaml, xml, extended json #8423
Conversation
4026090
to
2ba0655
Compare
Will add some functionality like this to Constant to handle the upgrade. |
Ok I lied, it makes sense to me when it's something being updated or replaced. When it's something new I don't see how this would work out. How do I access the packaged config.xml in the installer vs the one in the installation home on the destination? (I assume the destination one is |
See e.g. |
Re-jigged the YAML and XML rules/tags. |
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
Fixed |
I still need to work on this part. |
I'd like to get this into 2.15 which will help cover the Constant changes. I'll prioritize working on it over the weekend and next week. |
I've added it to #8456 😁 |
I decided working with the "new" config and trying to compare is too convoluted. I'm just going to use literals and add them when upgrading. Will update PR later today. |
06e7420
to
cd80f37
Compare
Ready for review. |
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
zap/src/test/java/org/zaproxy/zap/extension/pscan/scanner/DefaultRegexAutoTagScannerTest.java
Outdated
Show resolved
Hide resolved
2b345b1
to
c9de075
Compare
4f2629c
to
62f5a14
Compare
3173fef
to
34f9874
Compare
Added the condition and hard coded the TYPE names. |
Okay hopefully that covers the last bits. |
131caea
to
8c30507
Compare
- config.xml > Add new patterns. Disabled by default. - Constant > Update version info, add upgrade method. - ConstantUnitTest > Add test to ensure new patterns are added on upgrade. - DefaultRegexAutoTagScannerTest > Added tests for the new patterns and modulized initial test(s). Character length restrictions in the patterns are based on http://www.iana.org/assignments/media-types/media-types.xhtml plus extra. Mainly to prevent any possible ReDOS or just stupid processing on an invalid input. Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
Thank you! |
Character length restrictions in the patterns are based on http://www.iana.org/assignments/media-types/media-types.xhtml plus extra. Mainly to prevent any possible ReDOS or just stupid processing on an invalid input.
Related to #8399 and #8456