-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Process triggers and notifications also on exception during ActiveScans sendAndReceive. #7005
base: main
Are you sure you want to change the base?
Process triggers and notifications also on exception during ActiveScans sendAndReceive. #7005
Conversation
2adde5a
to
8808e34
Compare
To be discussed:
|
I'd be good with the exceptions being made into the response body (that's done elsewhere IIRC). I wonder if this should be tied to an option though and default off (to maintain closest to current behavior)? |
@thc202 can you provide more Context regarding
Is it only separating for API (/ascan/view/messagesIds/) |
For the code and the ZAP API, in the |
} | ||
} finally { | ||
// ZAP: Notify parent | ||
parent.notifyNewMessage(this, message); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be better just notify on IOException
s.
parent.performScannerHookAfterScan(message, this); | ||
// ZAP: Set the history reference back and run the "afterScan" methods of any | ||
// ScannerHooks | ||
parent.performScannerHookAfterScan(message, this); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we didn't have a request for this I'd keep the previous behaviour.
8808e34
to
0d4ba97
Compare
parent.getHttpSender().sendAndReceive(message, false); | ||
} | ||
} catch (IOException e) { | ||
// TODO: How to update HistoryRef with error Response? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@thc202 can you give me any hint here?
How can I update the HistoryRef with error Response? In case HttpMessage has already a HistoryRef and is attached to the Alert
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Discussed in IRC: No workarounds here. Problem is releated to oast
I guess the way how histRef ist set to HttpMessage is like the following:
.alertFound(alert, null) is triggered by oast here before exception is catched:
And then a HistRef is created
new HistoryReference( |
Which sets automatically the histref member on the Httpmessage
Resulting in that the Histref is set to the message not including the error message which is later set
we should change oast to allow to manipulate the alert/message before caching it
b2f6be5
to
7f82c53
Compare
…ns sendAndReceive. Fixes zaproxy#7004 Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
7f82c53
to
e965de5
Compare
Anything else to do here before merge ? |
@@ -19,7 +19,7 @@ | |||
*/ | |||
package org.zaproxy.zap.extension.callback.ui; | |||
|
|||
/** @deprecated (2.11.0) Superseded by the OAST add-on. */ | |||
/** @deprecated (2.11.0) {@link org.zaproxy.zap.view.table.CustomColumn}. */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this intensional? If so why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was deprecated once due to moving Oast addon from ZAP to ZAP-Extension.
But I used the original class again. Therefore its there again but within an other package. I thought this info could be useful to know if someone stumbles upon that deprecation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, find by me :)
@@ -25,7 +25,10 @@ | |||
import org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry; | |||
import org.zaproxy.zap.view.table.DefaultHistoryReferencesTableModel; | |||
|
|||
/** @deprecated (2.11.0) Superseded by the OAST add-on. */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ditto
The results in the Active Scan panel will look like this:
Signed-off-by: Dennis Kniep kniepdennis@gmail.com
Fixes #7004