Add TEST_TIMING alert tag #6015
Conversation
| @@ -98,7 +98,8 @@ public class CommandInjectionScanRule extends AbstractAppParamPlugin | |||
| CommonAlertTag.toMap( | |||
| CommonAlertTag.OWASP_2021_A03_INJECTION, | |||
| CommonAlertTag.OWASP_2017_A01_INJECTION, | |||
| CommonAlertTag.WSTG_V42_INPV_12_COMMAND_INJ)); | |||
| CommonAlertTag.WSTG_V42_INPV_12_COMMAND_INJ, | |||
| CommonAlertTag.TEST_TIMING)); | |||
There was a problem hiding this comment.
This will be included in all alerts raised by the rule which IMHO is misleading.
There was a problem hiding this comment.
Well it looked like we had decided one example alert was sufficient
There was a problem hiding this comment.
I can look at adding it differently.
It kinda needs to be on the rule for docs/site stuff (maybe I can remove it when it isn't a timing alert). Also kinda why I'd asked about rule vs alert tags way back.
I think the same applies for the shell shock rule.
There was a problem hiding this comment.
It can be done similar to this: https://github.com/zaproxy/zap-extensions/pull/3798/files
There was a problem hiding this comment.
I'll have to tweak a few others but how's that look for CMDi now?
This comment was marked as resolved.
This comment was marked as resolved.
kingthorin
force-pushed
the
timing-tag
branch
2 times, most recently
from
e0f4158 to
58f25e1
Compare
|
Updated to be correct per rule, and correct per alert. |
|
Bump |
1 similar comment
|
Bump |
Update: CHANGELOGs, scan rules, unittests. Signed-off-by: kingthorin <[email protected]> # Conflicts: # addOns/ascanrules/CHANGELOG.md # addOns/ascanrulesBeta/CHANGELOG.md
kingthorin
force-pushed
the
timing-tag
branch
from
58f25e1 to
81a36b4
Compare
|
Deconflicted |
Overview
Update: CHANGELOGs, scan rules, unittests.
Related Issues
N/A
Checklist
./gradlew spotlessApplyfor code formatting