Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit 1dfc86b

Browse files
J12934J12934
committed
Truncate overly long "otherinfo" fields from ZAP
These can otherwise mess up elasticsearch indexes as the fields can contain complete js / css files up to a couple of megs in size
1 parent 4ce96cc commit 1dfc86b

File tree

2 files changed

+28
-17
lines changed

2 files changed

+28
-17
lines changed

scanners/zap/parser/__snapshots__/parser.test.js.snap

Lines changed: 2 additions & 2 deletions
Large diffs are not rendered by default.

scanners/zap/parser/parser.js

Lines changed: 26 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,43 +1,54 @@
11
function riskToSeverity(risk) {
22
switch (parseInt(risk, 10)) {
33
case 0:
4-
return 'INFORMATIONAL';
4+
return "INFORMATIONAL";
55
case 1:
6-
return 'LOW';
6+
return "LOW";
77
case 2:
8-
return 'MEDIUM';
8+
return "MEDIUM";
99
default:
10-
return 'HIGH';
10+
return "HIGH";
1111
}
1212
}
1313

14-
function stripHtmlTags(str)
15-
{
16-
if ((!str) || ( str === null ) || ( str === '' ))
17-
return false;
18-
else
19-
str = str.toString();
20-
return str.replace(/<[^>]*>/g, '');
14+
function stripHtmlTags(str) {
15+
if (!str || str === null || str === "") {
16+
return false;
17+
} else {
18+
str = str.toString();
19+
}
20+
return str.replace(/<[^>]*>/g, "");
21+
}
22+
23+
function truncate({ text, maxLength = 2048 }) {
24+
if (!text || text.length < maxLength) {
25+
return text;
26+
}
27+
28+
return `${text.slice(0, maxLength)}...`;
2129
}
2230

2331
async function parse(fileContent) {
2432
return fileContent.site.flatMap(
25-
({ '@name': location, '@host': host, alerts }) => {
26-
return alerts.map(alert => {
33+
({ "@name": location, "@host": host, alerts }) => {
34+
return alerts.map((alert) => {
2735
return {
2836
name: stripHtmlTags(alert.name),
2937
description: stripHtmlTags(alert.desc),
3038
hint: alert.hint,
3139
category: alert.alert || stripHtmlTags(alert.name),
3240
location,
33-
osi_layer: 'APPLICATION',
41+
osi_layer: "APPLICATION",
3442
severity: riskToSeverity(alert.riskcode),
3543
attributes: {
3644
host: host,
3745
zap_confidence: alert.confidence || null,
3846
zap_count: alert.count || null,
3947
zap_solution: stripHtmlTags(alert.solution) || null,
40-
zap_otherinfo: stripHtmlTags(alert.otherinfo) || null,
48+
zap_otherinfo: truncate({
49+
text: stripHtmlTags(alert.otherinfo) || null,
50+
maxLength: 2048,
51+
}),
4152
zap_reference: stripHtmlTags(alert.reference) || null,
4253
zap_cweid: alert.cweid || null,
4354
zap_wascid: alert.wascid || null,

0 commit comments

Comments
 (0)