Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit e65e6d6

Browse files
J12934J12934
committed
Also truncate evidence in zap urls fields
1 parent 1dfc86b commit e65e6d6

File tree

2 files changed

+33
-1
lines changed

2 files changed

+33
-1
lines changed

scanners/zap/parser/__snapshots__/parser.test.js.snap

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,31 +133,37 @@ Array [
133133
"zap_cweid": "16",
134134
"zap_finding_urls": Array [
135135
Object {
136+
"evidence": undefined,
136137
"method": "GET",
137138
"param": "X-Content-Type-Options",
138139
"uri": "https://www.example.com/robots.txt",
139140
},
140141
Object {
142+
"evidence": undefined,
141143
"method": "GET",
142144
"param": "X-Content-Type-Options",
143145
"uri": "https://www.example.com/ui/favicon-68e1a9c89026b0efeddf718a48c282a5.png",
144146
},
145147
Object {
148+
"evidence": undefined,
146149
"method": "GET",
147150
"param": "X-Content-Type-Options",
148151
"uri": "https://www.example.com/ui/assets/vendor-80e5aa891cdede4b1c75dded09c689cd.css",
149152
},
150153
Object {
154+
"evidence": undefined,
151155
"method": "GET",
152156
"param": "X-Content-Type-Options",
153157
"uri": "https://www.example.com/ui/assets/vault-7752ef07d9318e76f557551f2abd741f.css",
154158
},
155159
Object {
160+
"evidence": undefined,
156161
"method": "GET",
157162
"param": "X-Content-Type-Options",
158163
"uri": "https://www.example.com/ui/assets/vendor-0237c49b8601dcbec2f0f06a8078e405.js",
159164
},
160165
Object {
166+
"evidence": undefined,
161167
"method": "GET",
162168
"param": "X-Content-Type-Options",
163169
"uri": "https://www.example.com/ui/",
@@ -334,6 +340,7 @@ Array [
334340
"zap_cweid": "200",
335341
"zap_finding_urls": Array [
336342
Object {
343+
"evidence": undefined,
337344
"method": "GET",
338345
"uri": "https://www.example.com/ui/assets/vendor-0237c49b8601dcbec2f0f06a8078e405.js",
339346
},
@@ -764,61 +771,73 @@ Array [
764771
"zap_cweid": "933",
765772
"zap_finding_urls": Array [
766773
Object {
774+
"evidence": undefined,
767775
"method": "GET",
768776
"param": "X-XSS-Protection",
769777
"uri": "http://192.168.1.14:3000/ftp/package.json.bak",
770778
},
771779
Object {
780+
"evidence": undefined,
772781
"method": "GET",
773782
"param": "X-XSS-Protection",
774783
"uri": "http://192.168.1.14:3000/sitemap.xml",
775784
},
776785
Object {
786+
"evidence": undefined,
777787
"method": "GET",
778788
"param": "X-XSS-Protection",
779789
"uri": "http://192.168.1.14:3000/ftp/suspicious_errors.yml",
780790
},
781791
Object {
792+
"evidence": undefined,
782793
"method": "GET",
783794
"param": "X-XSS-Protection",
784795
"uri": "http://192.168.1.14:3000/ftp/quarantine/juicy_malware_macos_64.url",
785796
},
786797
Object {
798+
"evidence": undefined,
787799
"method": "GET",
788800
"param": "X-XSS-Protection",
789801
"uri": "http://192.168.1.14:3000/ftp/coupons_2013.md.bak",
790802
},
791803
Object {
804+
"evidence": undefined,
792805
"method": "GET",
793806
"param": "X-XSS-Protection",
794807
"uri": "http://192.168.1.14:3000/ftp/eastere.gg",
795808
},
796809
Object {
810+
"evidence": undefined,
797811
"method": "GET",
798812
"param": "X-XSS-Protection",
799813
"uri": "http://192.168.1.14:3000",
800814
},
801815
Object {
816+
"evidence": undefined,
802817
"method": "GET",
803818
"param": "X-XSS-Protection",
804819
"uri": "http://192.168.1.14:3000/ftp",
805820
},
806821
Object {
822+
"evidence": undefined,
807823
"method": "GET",
808824
"param": "X-XSS-Protection",
809825
"uri": "http://192.168.1.14:3000/ftp/quarantine",
810826
},
811827
Object {
828+
"evidence": undefined,
812829
"method": "GET",
813830
"param": "X-XSS-Protection",
814831
"uri": "http://192.168.1.14:3000/",
815832
},
816833
Object {
834+
"evidence": undefined,
817835
"method": "GET",
818836
"param": "X-XSS-Protection",
819837
"uri": "http://192.168.1.14:3000/ftp/quarantine/juicy_malware_windows_64.exe.url",
820838
},
821839
Object {
840+
"evidence": undefined,
822841
"method": "GET",
823842
"param": "X-XSS-Protection",
824843
"uri": "http://192.168.1.14:3000/ftp/quarantine/juicy_malware_linux_64.url",
@@ -939,26 +958,32 @@ Array [
939958
"zap_cweid": "200",
940959
"zap_finding_urls": Array [
941960
Object {
961+
"evidence": undefined,
942962
"method": "GET",
943963
"uri": "http://192.168.1.14:3000/vendor-es5.js",
944964
},
945965
Object {
966+
"evidence": undefined,
946967
"method": "GET",
947968
"uri": "http://192.168.1.14:3000/vendor-es2015.js",
948969
},
949970
Object {
971+
"evidence": undefined,
950972
"method": "GET",
951973
"uri": "http://192.168.1.14:3000/polyfills-es2015.js",
952974
},
953975
Object {
976+
"evidence": undefined,
954977
"method": "GET",
955978
"uri": "http://192.168.1.14:3000/main-es2015.js",
956979
},
957980
Object {
981+
"evidence": undefined,
958982
"method": "GET",
959983
"uri": "http://192.168.1.14:3000/main-es5.js",
960984
},
961985
Object {
986+
"evidence": undefined,
962987
"method": "GET",
963988
"uri": "http://192.168.1.14:3000/polyfills-es5.js",
964989
},

scanners/zap/parser/parser.js

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,13 @@ async function parse(fileContent) {
3232
return fileContent.site.flatMap(
3333
({ "@name": location, "@host": host, alerts }) => {
3434
return alerts.map((alert) => {
35+
const findingUrls = (alert.instances || []).map((instance) => {
36+
return {
37+
...instance,
38+
evidence: truncate({ text: instance.evidence, maxLength: 256 }),
39+
};
40+
});
41+
3542
return {
3643
name: stripHtmlTags(alert.name),
3744
description: stripHtmlTags(alert.desc),
@@ -54,7 +61,7 @@ async function parse(fileContent) {
5461
zap_wascid: alert.wascid || null,
5562
zap_riskcode: alert.riskcode || null,
5663
zap_pluginid: alert.pluginid || null,
57-
zap_finding_urls: alert.instances || null,
64+
zap_finding_urls: findingUrls,
5865
},
5966
};
6067
});

0 commit comments

Comments
 (0)