Fixed and updated

Signed-off-by: Aditya Parihar <97739299+PariharAditya@users.noreply.github.com>

addOns/pscanrulesBeta/CHANGELOG.md

@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
+### Added
+- Website alert links (Issue 8189).
 
 ## [36] - 2024-01-16
 ### Changed

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CacheableScanRule.java

@@ -75,7 +75,7 @@
  *
  * @author 70pointer@gmail.com
  */
-public class CacheableScanRule extends PluginPassiveScanner {
+public class CacheableScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     private static final String MESSAGE_PREFIX_STORABILITY_CACHEABILITY =
             "pscanbeta.storabilitycacheability.";

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CommonPassiveScanRuleInfo.java

@@ -0,0 +1,10 @@
+package org.zaproxy.zap.extension.pscanrulesBeta;
+
+public interface CommonPassiveScanRuleInfo {
+    public int getPluginId();
+
+    public default String getHelpLink() {
+        return "https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/#id-"
+                + getPluginId();
+    }
+}

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/InPageBannerInfoLeakScanRule.java

@@ -37,7 +37,7 @@
 /**
  * In Page Banner Information Leak passive scan rule https://github.com/zaproxy/zaproxy/issues/178
  */
-public class InPageBannerInfoLeakScanRule extends PluginPassiveScanner {
+public class InPageBannerInfoLeakScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     private static final Logger LOGGER = LogManager.getLogger(InPageBannerInfoLeakScanRule.class);
     private static final int PLUGIN_ID = 10009;

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRule.java

@@ -43,7 +43,7 @@
 import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
 
 /** Passive Scan Rule for Dangerous JS Functions https://github.com/zaproxy/zaproxy/issues/5673 */
-public class JsFunctionScanRule extends PluginPassiveScanner {
+public class JsFunctionScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     /** Prefix for internationalized messages used by this rule */
     private static final String MESSAGE_PREFIX = "pscanbeta.jsfunction.";

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsoScanRule.java

@@ -33,7 +33,7 @@
 import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
 
 /** Java Serialized Objects (JSO) scan rule. Detect the magic sequence and generate an alert */
-public class JsoScanRule extends PluginPassiveScanner {
+public class JsoScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     /** Prefix for internationalized messages used by this rule */
     private static final String MESSAGE_PREFIX = "pscanbeta.jso.";

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PermissionsPolicyScanRule.java

@@ -38,7 +38,7 @@
  * Permissions Policy Header Missing passive scan rule
  * https://github.com/zaproxy/zaproxy/issues/4885
  */
-public class PermissionsPolicyScanRule extends PluginPassiveScanner {
+public class PermissionsPolicyScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     private static final String PERMISSIONS_POLICY_HEADER = "Permissions-Policy";
     private static final String DEPRECATED_HEADER = "Feature-Policy";

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java

@@ -41,7 +41,7 @@
  *
  * @author psiinon
  */
-public class ServletParameterPollutionScanRule extends PluginPassiveScanner {
+public class ServletParameterPollutionScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     private static final String MESSAGE_PREFIX = "pscanbeta.servletparameterpollution.";
     private static final int PLUGIN_ID = 10026;

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SiteIsolationScanRule.java

@@ -64,7 +64,7 @@
  * @see <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">COOP Specs</a>
  * @see <a href="https://html.spec.whatwg.org/multipage/origin.html#coep">COEP Specs</a>
  */
-public class SiteIsolationScanRule extends PluginPassiveScanner {
+public class SiteIsolationScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
     /** Prefix for internationalized messages used by this rule */
     private static final String SITE_ISOLATION_MESSAGE_PREFIX = "pscanbeta.site-isolation.";
 

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java

@@ -40,7 +40,7 @@
  *
  * @author 70pointer@gmail.com
  */
-public class SourceCodeDisclosureScanRule extends PluginPassiveScanner {
+public class SourceCodeDisclosureScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     private static final Logger LOGGER = LogManager.getLogger(SourceCodeDisclosureScanRule.class);
 

addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SubResourceIntegrityAttributeScanRule.java

@@ -48,7 +48,7 @@
 import org.zaproxy.zap.extension.ruleconfig.RuleConfigParam;
 
 /** Detect missing attribute integrity in supported elements */
-public class SubResourceIntegrityAttributeScanRule extends PluginPassiveScanner {
+public class SubResourceIntegrityAttributeScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
 
     private static final Logger LOGGER =
             LogManager.getLogger(SubResourceIntegrityAttributeScanRule.class);

addOns/pscanrulesBeta/src/main/javahelp/org/zaproxy/zap/extension/pscanrulesBeta/resources/help/contents/pscanbeta.html

@@ -23,7 +23,7 @@ <H3>Trusted Domains</H3>
 
 The following beta status passive scan rules are included in this add-on:
 
-<H2>Content Cacheability</H2>
+<H2 id="id-10049">Content Cacheability</H2>
 This scan rule analyzes the cache control and pragma headers in HTTP traffic and reports on the cacheability of the requests from a RFC7234 point of view.
 <p>
 Alerts generated:
@@ -35,7 +35,7 @@ <H2>Content Cacheability</H2>
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CacheableScanRule.java">CacheableScanRule.java</a>
 
-<H2>Dangerous JS Functions</H2>
+<H2 id="id-10110">Dangerous JS Functions</H2>
 This scan rule checks for any dangerous JS functions present in a site response.<br>
 <strong>Note:</strong> If the Custom Payloads addon is installed you can add your own function names (payloads) in the Custom Payloads options panel.
 They will also be searched for in responses as they're passively scanned. Keep in mind that the greater the number of payloads the greater the amount of time needed to passively scan.
@@ -44,14 +44,14 @@ <H2>Dangerous JS Functions</H2>
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRule.java">JsFunctionScanRule.java</a>
 
-<H2>In Page Banner Information Leak</H2>
+<H2 id="id-10009">In Page Banner Information Leak</H2>
 Analyzes response body content for the presence of web or application server banners (when the responses have error status codes).<br>
 If the Threshold is Low then status 200 - Ok responses are analyzed as well.<br>
 The presence of such banners may facilitate more targeted attacks against known vulnerabilities.
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/InPageBannerInfoLeakScanRule.java">InPageBannerInfoLeakScanRule.java</a>
 
-<H2>Java Serialization Object</H2>
+<H2 id="id-90002">Java Serialization Object</H2>
 Java Serialization Object (JSO) is a way to save and exchange objects between Java applications.<br>
 Different problems are associated with JSO. Sensitive data can leak to the stream of bytes.<br>
 An attacker can also modify the data and exploit JSO to do a Remote Code Execution on the server.<br>
@@ -60,14 +60,14 @@ <H2>Java Serialization Object</H2>
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsoScanRule.java">JsoScanRule.java</a>
 
-<H2>Permissions Policy Header Not Set</H2>
+<H2 id="id-10063">Permissions Policy Header Not Set</H2>
 This rule checks the HTTP response headers (on HTML and JavaScript responses) for inclusion of a "Permissions-Policy" header, 
 and alerts if one is not found. It also alerts if the deprecated header "Feature-Policy" is found.<br>
 Redirects are ignored except at the Low threshold.
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PermissionsPolicyScanRule.java">PermissionsPolicyScanRule.java</a>
 
-<H2>Site Isolation Scan Rule</H2>
+<H2 id="id-90004">Site Isolation Scan Rule</H2>
 Spectre is a side-channel attack allowing an attacker to read data
 from memory. One of the counter-measures is to prevent sensitive data
 from entering the memory and to separate trusted and untrusted documents in
@@ -108,21 +108,21 @@ <H2>Site Isolation Scan Rule</H2>
 <p>
  Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SiteIsolationScanRule.java">SiteIsolationScanRule.java</a>
 
-<H2>Servlet Parameter Pollution</H2>
+<H2 id="id-10026">Servlet Parameter Pollution</H2>
 Searches response content for HTML forms which fail to specify an action element. Version 3 of the 
 Java Servlet spec calls for aggregation of query string and post data elements which may result in 
 unintended handling of user controlled data. This may impact other frameworks and technologies as well.
 <strong>Note:</strong> This scan rule will only analyze responses on LOW Threshold, and in Context URLs for which the Tech JSP/Servlet is applicable.
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java">ServletParameterPollutionScanRule.java</a>
 
-<H2>Source Code Disclosure</H2>
+<H2 id="id-10099">Source Code Disclosure</H2>
 Application Source Code was disclosed by the web server.<br>
 NOTE: Ignores CSS, JavaScript, images, font files, and responses that contain ISO control characters (those which are likely binary files).
 <p>
 Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java">SourceCodeDisclosureScanRule.java</a>
 
-<H2>Sub Resource Integrity Attribute Missing</H2>
+<H2 id="id-90003">Sub Resource Integrity Attribute Missing</H2>
 This rule checks whether the integrity attribute in the script or the link element served by an external resource (for example: CDN) is missing.<br>
 It helps mitigate an attack where the CDN has been compromised and content has been replaced by malicious content.<br>
 Note: A suggested integrity hash value will be present in the relevant Alert's Other Info details if it can be resolved to a script in the Sites Tree.