diff --git a/addOns/ascanrulesAlpha/CHANGELOG.md b/addOns/ascanrulesAlpha/CHANGELOG.md index fa1fc33d258..30d6692889f 100644 --- a/addOns/ascanrulesAlpha/CHANGELOG.md +++ b/addOns/ascanrulesAlpha/CHANGELOG.md @@ -6,7 +6,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- The Example scan rules now include example alerts in order to be more representative of what's expected (Issue 6119). ## [48] - 2024-09-02 ### Changed diff --git a/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/ExampleFileActiveScanRule.java b/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/ExampleFileActiveScanRule.java index c5fd5c174c5..66b168905a0 100644 --- a/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/ExampleFileActiveScanRule.java +++ b/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/ExampleFileActiveScanRule.java @@ -43,7 +43,8 @@ * * @author psiinon */ -public class ExampleFileActiveScanRule extends AbstractAppParamPlugin { +public class ExampleFileActiveScanRule extends AbstractAppParamPlugin + implements CommonActiveScanRuleInfo { /** Prefix for internationalized messages used by this rule */ private static final String MESSAGE_PREFIX = "ascanalpha.examplefile."; @@ -155,14 +156,7 @@ public void scan(HttpMessage msg, String param, String value) { String evidence; if ((evidence = doesResponseContainString(msg.getResponseBody(), attack)) != null) { // Raise an alert - newAlert() - .setConfidence(Alert.CONFIDENCE_MEDIUM) - .setParam(param) - .setAttack(attack) - .setOtherInfo(getOtherInfo()) - .setEvidence(evidence) - .setMessage(testMsg) - .raise(); + createAlert(param, attack, evidence).setMessage(testMsg).raise(); return; } } @@ -194,6 +188,15 @@ private String doesResponseContainString(HttpBody body, String str) { return null; } + private AlertBuilder createAlert(String param, String attack, String evidence) { + return newAlert() + .setConfidence(Alert.CONFIDENCE_MEDIUM) + .setParam(param) + .setAttack(attack) + .setOtherInfo(getOtherInfo()) + .setEvidence(evidence); + } + private static List loadFile(String file) { /* * ZAP will have already extracted the file from the add-on and put it underneath the 'ZAP home' directory @@ -244,4 +247,9 @@ public int getWascId() { // The WASC ID return 0; } + + @Override + public List getExampleAlerts() { + return List.of(createAlert("foo", "