Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authhelper: add diag post data + initial auto-detect unit tests #6256

Merged
merged 1 commit into from
Mar 7, 2025
Merged

authhelper: add diag post data + initial auto-detect unit tests #6256

merged 1 commit into from
Mar 7, 2025

Conversation

psiinon
Copy link
Member

@psiinon psiinon commented Mar 7, 2025
edited
Loading

Overview

Add sanitized post data to the auth diagnostic data, correctly sanitize set-cookies and added the very start of a framework for testing auto-detection.

Related Issues

Checklist

  • Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

For more details, please refer to the developer rules and guidelines.

@psiinon psiinon force-pushed the authhelper/auto-unittest1 branch from 978dfe8 to f6ad249 Compare March 7, 2025 16:23
@psiinon
authhelper: add diag post data + initial auto-detect unit tests
c1a1f09 
Signed-off-by: Simon Bennetts <psiinon@gmail.com>
@psiinon psiinon force-pushed the authhelper/auto-unittest1 branch from f6ad249 to c1a1f09 Compare March 7, 2025 16:31
@thc202
Copy link
Member

thc202 commented Mar 7, 2025

Thank you!

@psiinon
Copy link
Member Author

psiinon commented Mar 7, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsb0a96c0b-3d33-4846-bce1-7902eea4e0ae

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
LOW Heap_Inspection /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java: 260
detailsMethod at line 260 of /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java defines password, which is designated to c...
Attack Vector
LOW Use_Of_Hardcoded_Password /addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthDiagnosticCollectorUnitTest.java: 205
detailsThe application uses the hard-coded password ""mySuperSecretPassword"" for authentication purposes, either using it to verify users' identities, or...
Attack Vector

kingthorin
kingthorin reviewed Mar 7, 2025
View reviewed changes
...s/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthDiagnosticCollectorUnitTest.java
@@ -132,15 +161,15 @@ void shouldAppendCookies() throws Exception {
void shouldAppendStructuredData() throws Exception {
Copy link
Member

@kingthorin kingthorin Mar 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldAppendPostData

to match the new method name.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or "Expected" to not clash with the test below.

kingthorin
kingthorin approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@kingthorin kingthorin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm approving, my one comment shouldn't be a blocker.

I'll leave this for someone else to merge.

@psiinon psiinon merged commit c5dce26 into zaproxy:main Mar 7, 2025
8 of 10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 7, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thc202 thc202 thc202 approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@psiinon @thc202 @kingthorin