Process triggers and notifications also on exception during ActiveScans sendAndReceive. #7005
Conversation
denniskniep
force-pushed
the
feature/active-scan-process-notification-on-error
branch
from
2adde5a
to
8808e34
Compare
|
To be discussed:
|
|
I'd be good with the exceptions being made into the response body (that's done elsewhere IIRC). I wonder if this should be tied to an option though and default off (to maintain closest to current behavior)? |
|
Discussion from IRC:
|
denniskniep
changed the title
|
@thc202 can you provide more Context regarding
Is it only separating for API (/ascan/view/messagesIds/) |
|
For the code and the ZAP API, in the |
| } | ||
| } finally { | ||
| // ZAP: Notify parent | ||
| parent.notifyNewMessage(this, message); |
There was a problem hiding this comment.
Might be better just notify on IOExceptions.
| parent.performScannerHookAfterScan(message, this); | ||
| // ZAP: Set the history reference back and run the "afterScan" methods of any | ||
| // ScannerHooks | ||
| parent.performScannerHookAfterScan(message, this); |
There was a problem hiding this comment.
Since we didn't have a request for this I'd keep the previous behaviour.
denniskniep
force-pushed
the
feature/active-scan-process-notification-on-error
branch
from
8808e34
to
0d4ba97
Compare
| parent.getHttpSender().sendAndReceive(message, false); | ||
| } | ||
| } catch (IOException e) { | ||
| // TODO: How to update HistoryRef with error Response? |
There was a problem hiding this comment.
@thc202 can you give me any hint here?
How can I update the HistoryRef with error Response? In case HttpMessage has already a HistoryRef and is attached to the Alert
There was a problem hiding this comment.
Discussed in IRC: No workarounds here. Problem is releated to oast
I guess the way how histRef ist set to HttpMessage is like the following:
.alertFound(alert, null) is triggered by oast here before exception is catched:
And then a HistRef is created
Which sets automatically the histref member on the Httpmessage
Resulting in that the Histref is set to the message not including the error message which is later set
we should change oast to allow to manipulate the alert/message before caching it
denniskniep
force-pushed
the
feature/active-scan-process-notification-on-error
branch
2 times, most recently
from
b2f6be5
to
7f82c53
Compare
…ns sendAndReceive. Fixes zaproxy#7004 Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
denniskniep
force-pushed
the
feature/active-scan-process-notification-on-error
branch
from
7f82c53
to
e965de5
Compare
denniskniep
changed the title
|
Anything else to do here before merge ? |
| @@ -19,7 +19,7 @@ | |||
| */ | |||
| package org.zaproxy.zap.extension.callback.ui; | |||
|
|
|||
| /** @deprecated (2.11.0) Superseded by the OAST add-on. */ | |||
| /** @deprecated (2.11.0) {@link org.zaproxy.zap.view.table.CustomColumn}. */ | |||
There was a problem hiding this comment.
Is this intensional? If so why?
There was a problem hiding this comment.
This was deprecated once due to moving Oast addon from ZAP to ZAP-Extension.
But I used the original class again. Therefore its there again but within an other package. I thought this info could be useful to know if someone stumbles upon that deprecation
| @@ -25,7 +25,10 @@ | |||
| import org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry; | |||
| import org.zaproxy.zap.view.table.DefaultHistoryReferencesTableModel; | |||
|
|
|||
| /** @deprecated (2.11.0) Superseded by the OAST add-on. */ | |||
The results in the Active Scan panel will look like this:
Signed-off-by: Dennis Kniep kniepdennis@gmail.com
Fixes #7004