diff --git a/addOns/pscanrulesBeta/CHANGELOG.md b/addOns/pscanrulesBeta/CHANGELOG.md
index 15a7a81590b..831a797e515 100644
--- a/addOns/pscanrulesBeta/CHANGELOG.md
+++ b/addOns/pscanrulesBeta/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## Unreleased
+### Added
+- Website alert links (Issue 8189).
## [36] - 2024-01-16
### Changed
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CacheableScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CacheableScanRule.java
index 0ce1f14b5e7..6ca45079f0d 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CacheableScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CacheableScanRule.java
@@ -75,7 +75,7 @@
*
* @author 70pointer@gmail.com
*/
-public class CacheableScanRule extends PluginPassiveScanner {
+public class CacheableScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
private static final String MESSAGE_PREFIX_STORABILITY_CACHEABILITY =
"pscanbeta.storabilitycacheability.";
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CommonPassiveScanRuleInfo.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CommonPassiveScanRuleInfo.java
new file mode 100644
index 00000000000..0df0b1f429b
--- /dev/null
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/CommonPassiveScanRuleInfo.java
@@ -0,0 +1,10 @@
+package org.zaproxy.zap.extension.pscanrulesBeta;
+
+public interface CommonPassiveScanRuleInfo {
+ public int getPluginId();
+
+ public default String getHelpLink() {
+ return "https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/#id-"
+ + getPluginId();
+ }
+}
\ No newline at end of file
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/InPageBannerInfoLeakScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/InPageBannerInfoLeakScanRule.java
index 6cd0845d464..a6e7a2565db 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/InPageBannerInfoLeakScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/InPageBannerInfoLeakScanRule.java
@@ -37,7 +37,7 @@
/**
* In Page Banner Information Leak passive scan rule https://github.com/zaproxy/zaproxy/issues/178
*/
-public class InPageBannerInfoLeakScanRule extends PluginPassiveScanner {
+public class InPageBannerInfoLeakScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
private static final Logger LOGGER = LogManager.getLogger(InPageBannerInfoLeakScanRule.class);
private static final int PLUGIN_ID = 10009;
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRule.java
index 4ef7019f1b8..1ee3c7d916d 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRule.java
@@ -43,7 +43,7 @@
import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
/** Passive Scan Rule for Dangerous JS Functions https://github.com/zaproxy/zaproxy/issues/5673 */
-public class JsFunctionScanRule extends PluginPassiveScanner {
+public class JsFunctionScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
/** Prefix for internationalized messages used by this rule */
private static final String MESSAGE_PREFIX = "pscanbeta.jsfunction.";
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsoScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsoScanRule.java
index 5db27fb0bdc..f37f0c45498 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsoScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/JsoScanRule.java
@@ -33,7 +33,7 @@
import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
/** Java Serialized Objects (JSO) scan rule. Detect the magic sequence and generate an alert */
-public class JsoScanRule extends PluginPassiveScanner {
+public class JsoScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
/** Prefix for internationalized messages used by this rule */
private static final String MESSAGE_PREFIX = "pscanbeta.jso.";
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PermissionsPolicyScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PermissionsPolicyScanRule.java
index c0a382cd7f3..11054cbf116 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PermissionsPolicyScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/PermissionsPolicyScanRule.java
@@ -38,7 +38,7 @@
* Permissions Policy Header Missing passive scan rule
* https://github.com/zaproxy/zaproxy/issues/4885
*/
-public class PermissionsPolicyScanRule extends PluginPassiveScanner {
+public class PermissionsPolicyScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
private static final String PERMISSIONS_POLICY_HEADER = "Permissions-Policy";
private static final String DEPRECATED_HEADER = "Feature-Policy";
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java
index 5e127cfcbd9..97549425775 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java
@@ -41,7 +41,7 @@
*
* @author psiinon
*/
-public class ServletParameterPollutionScanRule extends PluginPassiveScanner {
+public class ServletParameterPollutionScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
private static final String MESSAGE_PREFIX = "pscanbeta.servletparameterpollution.";
private static final int PLUGIN_ID = 10026;
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SiteIsolationScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SiteIsolationScanRule.java
index 19e2a5274fd..74c38d2f3b3 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SiteIsolationScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SiteIsolationScanRule.java
@@ -64,7 +64,7 @@
* @see COOP Specs
* @see COEP Specs
*/
-public class SiteIsolationScanRule extends PluginPassiveScanner {
+public class SiteIsolationScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
/** Prefix for internationalized messages used by this rule */
private static final String SITE_ISOLATION_MESSAGE_PREFIX = "pscanbeta.site-isolation.";
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java
index b1518b4a48a..cfade89d997 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SourceCodeDisclosureScanRule.java
@@ -40,7 +40,7 @@
*
* @author 70pointer@gmail.com
*/
-public class SourceCodeDisclosureScanRule extends PluginPassiveScanner {
+public class SourceCodeDisclosureScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
private static final Logger LOGGER = LogManager.getLogger(SourceCodeDisclosureScanRule.class);
diff --git a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SubResourceIntegrityAttributeScanRule.java b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SubResourceIntegrityAttributeScanRule.java
index 24b3c85e489..a9d335dc76a 100644
--- a/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SubResourceIntegrityAttributeScanRule.java
+++ b/addOns/pscanrulesBeta/src/main/java/org/zaproxy/zap/extension/pscanrulesBeta/SubResourceIntegrityAttributeScanRule.java
@@ -48,7 +48,7 @@
import org.zaproxy.zap.extension.ruleconfig.RuleConfigParam;
/** Detect missing attribute integrity in supported elements */
-public class SubResourceIntegrityAttributeScanRule extends PluginPassiveScanner {
+public class SubResourceIntegrityAttributeScanRule extends PluginPassiveScanner implements CommonPassiveScanRuleInfo {
private static final Logger LOGGER =
LogManager.getLogger(SubResourceIntegrityAttributeScanRule.class);
diff --git a/addOns/pscanrulesBeta/src/main/javahelp/org/zaproxy/zap/extension/pscanrulesBeta/resources/help/contents/pscanbeta.html b/addOns/pscanrulesBeta/src/main/javahelp/org/zaproxy/zap/extension/pscanrulesBeta/resources/help/contents/pscanbeta.html
index 0a6194c8041..261e68efa3f 100644
--- a/addOns/pscanrulesBeta/src/main/javahelp/org/zaproxy/zap/extension/pscanrulesBeta/resources/help/contents/pscanbeta.html
+++ b/addOns/pscanrulesBeta/src/main/javahelp/org/zaproxy/zap/extension/pscanrulesBeta/resources/help/contents/pscanbeta.html
@@ -23,7 +23,7 @@ Trusted Domains
The following beta status passive scan rules are included in this add-on:
-Content Cacheability
+Content Cacheability
This scan rule analyzes the cache control and pragma headers in HTTP traffic and reports on the cacheability of the requests from a RFC7234 point of view.
Alerts generated:
@@ -35,7 +35,7 @@
Content Cacheability
Latest code: CacheableScanRule.java
-
Dangerous JS Functions
+Dangerous JS Functions
This scan rule checks for any dangerous JS functions present in a site response.
Note: If the Custom Payloads addon is installed you can add your own function names (payloads) in the Custom Payloads options panel.
They will also be searched for in responses as they're passively scanned. Keep in mind that the greater the number of payloads the greater the amount of time needed to passively scan.
@@ -44,14 +44,14 @@ Dangerous JS Functions
Latest code: JsFunctionScanRule.java
-
In Page Banner Information Leak
+In Page Banner Information Leak
Analyzes response body content for the presence of web or application server banners (when the responses have error status codes).
If the Threshold is Low then status 200 - Ok responses are analyzed as well.
The presence of such banners may facilitate more targeted attacks against known vulnerabilities.
Latest code: InPageBannerInfoLeakScanRule.java
-
Java Serialization Object
+Java Serialization Object
Java Serialization Object (JSO) is a way to save and exchange objects between Java applications.
Different problems are associated with JSO. Sensitive data can leak to the stream of bytes.
An attacker can also modify the data and exploit JSO to do a Remote Code Execution on the server.
@@ -60,14 +60,14 @@ Java Serialization Object
Latest code: JsoScanRule.java
-
Permissions Policy Header Not Set
+Permissions Policy Header Not Set
This rule checks the HTTP response headers (on HTML and JavaScript responses) for inclusion of a "Permissions-Policy" header,
and alerts if one is not found. It also alerts if the deprecated header "Feature-Policy" is found.
Redirects are ignored except at the Low threshold.
Latest code: PermissionsPolicyScanRule.java
-
Site Isolation Scan Rule
+Site Isolation Scan Rule
Spectre is a side-channel attack allowing an attacker to read data
from memory. One of the counter-measures is to prevent sensitive data
from entering the memory and to separate trusted and untrusted documents in
@@ -108,7 +108,7 @@ Site Isolation Scan Rule
Latest code: SiteIsolationScanRule.java
-
Servlet Parameter Pollution
+Servlet Parameter Pollution
Searches response content for HTML forms which fail to specify an action element. Version 3 of the
Java Servlet spec calls for aggregation of query string and post data elements which may result in
unintended handling of user controlled data. This may impact other frameworks and technologies as well.
@@ -116,13 +116,13 @@ Servlet Parameter Pollution
Latest code: ServletParameterPollutionScanRule.java
-
Source Code Disclosure
+Source Code Disclosure
Application Source Code was disclosed by the web server.
NOTE: Ignores CSS, JavaScript, images, font files, and responses that contain ISO control characters (those which are likely binary files).
Latest code: SourceCodeDisclosureScanRule.java
-
Sub Resource Integrity Attribute Missing
+Sub Resource Integrity Attribute Missing
This rule checks whether the integrity attribute in the script or the link element served by an external resource (for example: CDN) is missing.
It helps mitigate an attack where the CDN has been compromised and content has been replaced by malicious content.
Note: A suggested integrity hash value will be present in the relevant Alert's Other Info details if it can be resolved to a script in the Sites Tree.