Browse Source

refactoring

master
rain0r 4 years ago
parent
commit
3a2a9d3eba
  1. 377
      src/main/java/com/mgm/zapapi/zapapiplayground/SimpleScanner.java
  2. 50
      src/main/java/com/mgm/zapapi/zapapiplayground/ZapConfig.java
  3. 3
      src/main/resources/zap.properties
  4. 382
      src/test/java/com/mgm/zapapi/zapapiplayground/ReportParserTest.java
  5. 1135937
      zapapiplayground-errors.log
  6. 1136015
      zapapiplayground.log

377
src/main/java/com/mgm/zapapi/zapapiplayground/SimpleScanner.java

@ -12,205 +12,190 @@ import org.zaproxy.clientapi.core.ClientApi;
import org.zaproxy.clientapi.core.ClientApiException;
/**
* A simple example showing how to use the API to spider and active scan a site
* and then retrieve and print out the alerts.
* A simple example showing how to use the API to spider and active scan a site and then retrieve and print out the alerts.
* <p>
* ZAP must be running on the specified host and port for this script to work
*/
public class SimpleScanner {
private String zapAddress = null;
private int zapPort;
private String zapApiKey = null;
private String zapTarget = null;
private final String defaultZapAddress = "localhost";
private final String defaultZapPort = "8090";
private final String defaultApiKey = null;
private final String defaultZapTarget = "http://localhost:33006/bodgeit/";
private ClientApi clientApi = null;
private ApiResponse apiResponse = null;
private String scanId = null;
private int progress = 0;
private static final Logger logger = LogManager.getLogger(SimpleScanner.class);
public SimpleScanner(String zapAddress, int zapPort, String zapApiKey, String zapTarget) throws IOException {
setZapAddress(zapAddress);
setZapPort(zapPort);
setZapApiKey(zapApiKey);
setZapAddress(zapTarget);
setClientApi(new ClientApi(zapAddress, zapPort));
}
public SimpleScanner() throws IOException {
try (InputStream inputStream = SimpleScanner.class.getResourceAsStream("/zap.properties")) {
final Properties props = new Properties();
props.load(inputStream);
setZapAddress(props.getProperty("zap.address", defaultZapAddress));
setZapPort(Integer.parseInt(props.getProperty("zap.port", defaultZapPort)));
setZapApiKey(props.getProperty("zap.apikey", defaultApiKey));
setZapTarget(props.getProperty("zap.target", defaultZapTarget));
setClientApi(new ClientApi(getZapAddress(), getZapPort()));
}
}
private final void spider() {
// Start spidering the target
logger.debug("Spider : " + getZapTarget());
// The scan now returns a scan id to support concurrent scanning
setScanId(((ApiResponseElement) getApiResponse()).getValue());
// Poll the status until it completes
while (true) {
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
logger.error(e.getMessage(), e);
}
try {
setProgress(
Integer.parseInt(((ApiResponseElement) getClientApi().spider.status(getScanId())).getValue()));
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
logger.debug("Spider progress : " + getProgress() + "%");
if (getProgress() >= 100) {
break;
}
}
logger.debug("Spider complete");
// Give the passive scanner a chance to complete
try {
Thread.sleep(2000);
} catch (InterruptedException e) {
logger.error(e.getMessage(), e);
}
}
private final void activeScan() {
logger.debug("Active scan : " + getZapTarget());
try {
setApiResponse(
getClientApi().ascan.scan(getZapApiKey(), getZapTarget(), "True", "False", null, null, null));
} catch (ClientApiException e1) {
logger.error("zap.address: " + getZapAddress());
logger.error("zap.port: " + getZapPort());
logger.error("zap.apikey: " + getZapApiKey());
logger.error("zap.target: " + getZapTarget());
logger.error(e1.getMessage(), e1);
}
// The scan now returns a scan id to support concurrent scanning
setScanId(((ApiResponseElement) getApiResponse()).getValue());
// Poll the status until it completes
while (true) {
try {
setProgress(
Integer.parseInt(((ApiResponseElement) getClientApi().ascan.status(getScanId())).getValue()));
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
if (getProgress() >= 100) {
break;
}
}
logger.debug("Active Scan complete");
}
private final byte[] alerts() {
try {
return getClientApi().core.xmlreport(getZapApiKey());
} catch (ClientApiException e) {
logger.error(e.getMessage(), e);
}
return null;
}
public final byte[] run() throws ClientApiException {
final String apiKey = getZapApiKey();
final String apiTarget = getZapTarget();
setApiResponse(getClientApi().spider.scan(apiKey, apiTarget, null, null, null, null));
spider();
activeScan();
final byte[] alerts = alerts();
return alerts;
}
public static void main(String[] args) {
try {
final SimpleScanner simpleExample = new SimpleScanner();
simpleExample.run();
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
public final String getZapAddress() {
return zapAddress;
}
public final void setZapAddress(String zapAddress) {
this.zapAddress = zapAddress;
}
public final int getZapPort() {
return zapPort;
}
public final void setZapPort(int zapPort) {
this.zapPort = zapPort;
}
public final String getZapApiKey() {
return zapApiKey;
}
public final void setZapApiKey(String zapApiKey) {
this.zapApiKey = zapApiKey;
}
public final String getZapTarget() {
return zapTarget;
}
public final void setZapTarget(String zapTarget) {
this.zapTarget = zapTarget;
}
public final ClientApi getClientApi() {
return clientApi;
}
public final void setClientApi(ClientApi clientApi) {
this.clientApi = clientApi;
}
public final ApiResponse getApiResponse() {
return apiResponse;
}
public final void setApiResponse(ApiResponse apiResponse) {
this.apiResponse = apiResponse;
}
public final String getScanId() {
return scanId;
}
public final void setScanId(String scanId) {
this.scanId = scanId;
}
public final int getProgress() {
return progress;
}
public final void setProgress(int progress) {
this.progress = progress;
}
private static final Logger logger = LogManager.getLogger(SimpleScanner.class);
private ZapConfig zapConfig = null;
private ClientApi clientApi = null;
private ApiResponse apiResponse = null;
private String scanId = null;
private int progress = 0;
public SimpleScanner(ZapConfig zapConfig) throws IOException {
setZapConfig(zapConfig);
setClientApi(new ClientApi(getZapConfig().getZapAddress(), getZapConfig().getZapPort()));
}
public SimpleScanner() throws IOException {
try (InputStream inputStream = SimpleScanner.class.getResourceAsStream("/zap.properties")) {
final Properties props = new Properties();
props.load(inputStream);
ZapConfig zapConfig = new ZapConfig();
zapConfig.setZapAddress(props.getProperty("zap.address"));
zapConfig.setZapPort(Integer.parseInt(props.getProperty("zap.port")));
zapConfig.setZapApiKey(props.getProperty("zap.apikey"));
zapConfig.setZapTarget(props.getProperty("zap.target"));
zapConfig.setZapPolicy(props.getProperty("zap.policy"));
setZapConfig(zapConfig);
setClientApi(new ClientApi(getZapConfig().getZapAddress(), getZapConfig().getZapPort()));
}
}
private final void spider() {
// Start spidering the target
logger.debug("Spider : " + getZapConfig().getZapTarget());
// The scan now returns a scan id to support concurrent scanning
setScanId(getScanIdFromApi());
// Poll the status until it completes
while (true) {
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
logger.error(e.getMessage(), e);
}
try {
setProgress(getProgressFromApi());
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
logger.debug("Spider progress : " + getProgress() + "%");
if (getProgress() >= 100) {
break;
}
}
logger.debug("Spider complete");
// Give the passive scanner a chance to complete
try {
Thread.sleep(2000);
} catch (InterruptedException e) {
logger.error(e.getMessage(), e);
}
}
private final void activeScan() {
logger.debug("Active scan : " + getZapConfig().getZapTarget());
try {
final String apiKey = getZapConfig().getZapApiKey();
final String apiTarget = getZapConfig().getZapTarget();
final ApiResponse apiResponse = getClientApi().ascan.scan(apiKey, apiTarget, "True", "True", null, null, null);
setApiResponse(apiResponse);
} catch (ClientApiException e1) {
logger.error("zap.address: " + getZapConfig().getZapAddress());
logger.error("zap.port: " + getZapConfig().getZapPort());
logger.error("zap.apikey: " + getZapConfig().getZapApiKey());
logger.error("zap.target: " + getZapConfig().getZapTarget());
logger.error(e1.getMessage(), e1);
}
// The scan now returns a scan id to support concurrent scanning
setScanId(getScanIdFromApi());
// Poll the status until it completes
while (true) {
try {
setProgress(getProgressFromApi());
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
if (getProgress() >= 100) {
break;
}
}
logger.debug("Active Scan complete");
}
private final byte[] exportAlertsFromXmlReport() {
try {
return getClientApi().core.xmlreport(getZapConfig().getZapApiKey());
} catch (ClientApiException e) {
logger.error(e.getMessage(), e);
}
return null;
}
public final byte[] run() throws ClientApiException {
final String apiKey = getZapConfig().getZapApiKey();
final String apiTarget = getZapConfig().getZapTarget();
final ApiResponse apiResponse = getClientApi().spider.scan(apiKey, apiTarget, null, "True", null, null);
setApiResponse(apiResponse);
spider();
activeScan();
final byte[] alerts = exportAlertsFromXmlReport();
return alerts;
}
private final String getScanIdFromApi() {
final ApiResponseElement apiResponseElement = (ApiResponseElement) getApiResponse();
final String scanId = apiResponseElement.getValue();
return scanId;
}
private final int getProgressFromApi() throws ClientApiException {
final ApiResponseElement xxx = (ApiResponseElement) getClientApi().spider.status(getScanId());
final String value = (xxx).getValue();
final int progress = Integer.parseInt(value);
return progress;
}
public static void main(String[] args) {
try {
final SimpleScanner simpleExample = new SimpleScanner();
simpleExample.run();
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
public final ZapConfig getZapConfig() {
return zapConfig;
}
public final void setZapConfig(ZapConfig zapConfig) {
this.zapConfig = zapConfig;
}
public final ClientApi getClientApi() {
return clientApi;
}
public final void setClientApi(ClientApi clientApi) {
this.clientApi = clientApi;
}
public final ApiResponse getApiResponse() {
return apiResponse;
}
public final void setApiResponse(ApiResponse apiResponse) {
this.apiResponse = apiResponse;
}
public final String getScanId() {
return scanId;
}
public final void setScanId(String scanId) {
this.scanId = scanId;
}
public final int getProgress() {
return progress;
}
public final void setProgress(int progress) {
this.progress = progress;
}
}

50
src/main/java/com/mgm/zapapi/zapapiplayground/ZapConfig.java

@ -0,0 +1,50 @@
package com.mgm.zapapi.zapapiplayground;
public class ZapConfig {
private String zapAddress = "localhost";
private int zapPort = 8090;
private String zapApiKey = null;
private String zapTarget = "http://localhost:33006/bodgeit/";
private String zapPolicy = null;
public final String getZapAddress() {
return zapAddress;
}
public final void setZapAddress(String zapAddress) {
this.zapAddress = zapAddress;
}
public final int getZapPort() {
return zapPort;
}
public final void setZapPort(int zapPort) {
this.zapPort = zapPort;
}
public final String getZapApiKey() {
return zapApiKey;
}
public final void setZapApiKey(String zapApiKey) {
this.zapApiKey = zapApiKey;
}
public final String getZapTarget() {
return zapTarget;
}
public final void setZapTarget(String zapTarget) {
this.zapTarget = zapTarget;
}
public final String getZapPolicy() {
return zapPolicy;
}
public final void setZapPolicy(String zapPolicy) {
this.zapPolicy = zapPolicy;
}
}

3
src/main/resources/zap.properties

@ -1,4 +1,5 @@
zap.address=localhost
zap.port=8080
zap.apikey=
zap.target=http://localhost:8000/
zap.target=http://localhost:33006/bodgeit-vanilla/
zap.policy=Performance-Test

382
src/test/java/com/mgm/zapapi/zapapiplayground/ReportParserTest.java

@ -23,9 +23,11 @@ import static org.hamcrest.Matchers.equalTo;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.StringWriter;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.io.IOUtils;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ErrorCollector;
@ -36,191 +38,197 @@ import org.sonar.zaproxy.parser.element.ZapReport;
public class ReportParserTest {
@Rule
public final ErrorCollector collector = new ErrorCollector();
@Test
public void checkLiveSystem() throws Exception {
final SimpleScanner simpleExample = new SimpleScanner();
final byte[] rawAlerts = simpleExample.run();
final InputStream inputStream = new ByteArrayInputStream(rawAlerts);
parseReport(inputStream);
}
private void parseReport(InputStream inputStream) throws Exception {
final ReportParser parser = new ReportParser();
final ZapReport zapReport = parser.parse(inputStream);
collector.checkThat(zapReport.getVersionZAP(), equalTo("2.5.0"));
final Site site = zapReport.getSite();
final Collection<AlertItem> alerts = site.getAlerts();
collector.checkThat((alerts.size()), equalTo(13));
for (final Iterator<AlertItem> iter = alerts.iterator(); iter.hasNext();) {
final AlertItem element = iter.next();
switch (element.getPluginid()) {
case 10010:
cookieNoHttpOnlyFlag(element);
break;
case 10012:
passwordAutocompleteInBrowser(element);
break;
case 10016:
webBrowserXssProtectionNotEnabled(element);
break;
case 10020:
xFrameOptionsHeaderNotSet(element);
break;
case 10021:
xContentTypeOptionsHeaderMissing(element);
break;
case 10026:
httpParameterOverride(element);
break;
case 10202:
absenceOfAntiCsrfTokens(element);
break;
case 20012:
antiCsrfTokensScanner(element);
break;
case 30002:
formatStringError(element);
break;
case 30003:
integerOverflowError(element);
break;
case 30001:
bufferOverflow(element);
break;
case 40012:
crossSiteScriptingReflected(element);
break;
case 40018:
sqlInjection(element);
break;
case 40026:
crossSiteScriptingDomBased(element);
break;
default:
throw new Exception("Unexcpected alert");
}
}
}
private final void crossSiteScriptingDomBased(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(2));
collector.checkThat((element.getCweid()), equalTo(79));
collector.checkThat((element.getWascid()), equalTo(8));
}
private final void integerOverflowError(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(42));
collector.checkThat((element.getCweid()), equalTo(190));
collector.checkThat((element.getWascid()), equalTo(3));
}
private final void antiCsrfTokensScanner(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(6));
collector.checkThat((element.getCweid()), equalTo(352));
collector.checkThat((element.getWascid()), equalTo(9));
}
private final void absenceOfAntiCsrfTokens(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(73));
collector.checkThat((element.getCweid()), equalTo(352));
collector.checkThat((element.getWascid()), equalTo(9));
}
private final void httpParameterOverride(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(1));
collector.checkThat((element.getCount()), equalTo(5));
collector.checkThat((element.getCweid()), equalTo(20));
collector.checkThat((element.getWascid()), equalTo(20));
}
private final void webBrowserXssProtectionNotEnabled(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(53));
collector.checkThat((element.getCweid()), equalTo(933));
collector.checkThat((element.getWascid()), equalTo(14));
}
private final void xContentTypeOptionsHeaderMissing(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(52));
collector.checkThat((element.getCweid()), equalTo(16));
collector.checkThat((element.getWascid()), equalTo(15));
}
private final void xFrameOptionsHeaderNotSet(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(50));
collector.checkThat((element.getCweid()), equalTo(16));
collector.checkThat((element.getWascid()), equalTo(15));
}
private final void passwordAutocompleteInBrowser(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(3));
collector.checkThat((element.getCweid()), equalTo(525));
collector.checkThat((element.getWascid()), equalTo(15));
}
private final void cookieNoHttpOnlyFlag(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(1));
collector.checkThat((element.getCweid()), equalTo(16));
collector.checkThat((element.getWascid()), equalTo(13));
}
private final void crossSiteScriptingReflected(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(1));
collector.checkThat((element.getCweid()), equalTo(79));
collector.checkThat((element.getWascid()), equalTo(8));
}
private final void sqlInjection(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(1));
collector.checkThat((element.getCweid()), equalTo(89));
collector.checkThat((element.getWascid()), equalTo(19));
}
private final void bufferOverflow(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(42));
collector.checkThat((element.getCweid()), equalTo(120));
collector.checkThat((element.getWascid()), equalTo(7));
}
private final void formatStringError(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(33));
collector.checkThat((element.getCweid()), equalTo(134));
collector.checkThat((element.getWascid()), equalTo(6));
}
@Rule
public final ErrorCollector collector = new ErrorCollector();
@Test
public void checkLiveSystem() throws Exception {
final SimpleScanner simpleExample = new SimpleScanner();
final byte[] rawAlerts = simpleExample.run();
final InputStream inputStream = new ByteArrayInputStream(rawAlerts);
StringWriter writer = new StringWriter();
IOUtils.copy(inputStream, writer, "UTF-8");
String theString = writer.toString();
// parseReport(inputStream);
}
private void parseReport(InputStream inputStream) throws Exception {
final ReportParser parser = new ReportParser();
final ZapReport zapReport = parser.parse(inputStream);
collector.checkThat(zapReport.getVersionZAP(), equalTo("2.5.0"));
final Site site = zapReport.getSite();
final Collection<AlertItem> alerts = site.getAlerts();
collector.checkThat((alerts.size()), equalTo(13));
for (final Iterator<AlertItem> iter = alerts.iterator(); iter.hasNext();) {
final AlertItem element = iter.next();
switch (element.getPluginid()) {
case 10010:
cookieNoHttpOnlyFlag(element);
break;
case 10012:
passwordAutocompleteInBrowser(element);
break;
case 10016:
webBrowserXssProtectionNotEnabled(element);
break;
case 10020:
xFrameOptionsHeaderNotSet(element);
break;
case 10021:
xContentTypeOptionsHeaderMissing(element);
break;
case 10026:
httpParameterOverride(element);
break;
case 10202:
absenceOfAntiCsrfTokens(element);
break;
case 20012:
antiCsrfTokensScanner(element);
break;
case 30002:
formatStringError(element);
break;
case 30003:
integerOverflowError(element);
break;
case 30001:
bufferOverflow(element);
break;
case 40012:
crossSiteScriptingReflected(element);
break;
case 40018:
sqlInjection(element);
break;
case 40026:
crossSiteScriptingDomBased(element);
break;
default:
throw new Exception("Unexcpected alert");
}
}
}
private final void crossSiteScriptingDomBased(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(2));
collector.checkThat((element.getCweid()), equalTo(79));
collector.checkThat((element.getWascid()), equalTo(8));
}
private final void integerOverflowError(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(42));
collector.checkThat((element.getCweid()), equalTo(190));
collector.checkThat((element.getWascid()), equalTo(3));
}
private final void antiCsrfTokensScanner(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(6));
collector.checkThat((element.getCweid()), equalTo(352));
collector.checkThat((element.getWascid()), equalTo(9));
}
private final void absenceOfAntiCsrfTokens(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(73));
collector.checkThat((element.getCweid()), equalTo(352));
collector.checkThat((element.getWascid()), equalTo(9));
}
private final void httpParameterOverride(AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(1));
collector.checkThat((element.getCount()), equalTo(5));
collector.checkThat((element.getCweid()), equalTo(20));
collector.checkThat((element.getWascid()), equalTo(20));
}
private final void webBrowserXssProtectionNotEnabled(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(53));
collector.checkThat((element.getCweid()), equalTo(933));
collector.checkThat((element.getWascid()), equalTo(14));
}
private final void xContentTypeOptionsHeaderMissing(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(52));
collector.checkThat((element.getCweid()), equalTo(16));
collector.checkThat((element.getWascid()), equalTo(15));
}
private final void xFrameOptionsHeaderNotSet(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(50));
collector.checkThat((element.getCweid()), equalTo(16));
collector.checkThat((element.getWascid()), equalTo(15));
}
private final void passwordAutocompleteInBrowser(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(3));
collector.checkThat((element.getCweid()), equalTo(525));
collector.checkThat((element.getWascid()), equalTo(15));
}
private final void cookieNoHttpOnlyFlag(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(1));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(1));
collector.checkThat((element.getCweid()), equalTo(16));
collector.checkThat((element.getWascid()), equalTo(13));
}
private final void crossSiteScriptingReflected(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(1));
collector.checkThat((element.getCweid()), equalTo(79));
collector.checkThat((element.getWascid()), equalTo(8));
}
private final void sqlInjection(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(3));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(1));
collector.checkThat((element.getCweid()), equalTo(89));
collector.checkThat((element.getWascid()), equalTo(19));
}
private final void bufferOverflow(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(42));
collector.checkThat((element.getCweid()), equalTo(120));
collector.checkThat((element.getWascid()), equalTo(7));
}
private final void formatStringError(final AlertItem element) {
collector.checkThat((element.getRiskcode()), equalTo(2));
collector.checkThat((element.getConfidence()), equalTo(2));
collector.checkThat((element.getCount()), equalTo(33));
collector.checkThat((element.getCweid()), equalTo(134));
collector.checkThat((element.getWascid()), equalTo(6));
}
}

1135937
zapapiplayground-errors.log
File diff suppressed because it is too large
View File

1136015
zapapiplayground.log
File diff suppressed because it is too large
View File

Loading…
Cancel
Save