Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ascanrules: address FPs in scan rule 20017 #5730

Merged
merged 1 commit into from
Sep 17, 2024
Merged

ascanrules: address FPs in scan rule 20017 #5730

merged 1 commit into from
Sep 17, 2024
+48 −1

Conversation

thc202
Copy link
Member

@thc202 thc202 commented Sep 17, 2024

Do not scan binary responses and responses that already contain PHP source.

Fix zaproxy/zaproxy#8638.

@thc202
ascanrules: address FPs in scan rule 20017
e90863c 
Do not scan binary responses and responses that already contain PHP
source.

Fix zaproxy/zaproxy#8638.

Signed-off-by: thc202 <thc202@gmail.com>
kingthorin
kingthorin reviewed Sep 17, 2024
View reviewed changes
Copy link
Member

@kingthorin kingthorin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a note the to the help entry?

@thc202
Copy link
Member Author

thc202 commented Sep 17, 2024

The help already said:

Only analyzes responses that are text based (HTML, JSON, XML, etc.), in order to avoid false positives which may occur with image or other binary content.

@kingthorin
Copy link
Member

Ok

@kingthorin kingthorin merged commit 9d6a710 into zaproxy:main Sep 17, 2024
10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Sep 17, 2024
@thc202 thc202 deleted the ascanrules/fp-20017 branch September 17, 2024 10:58
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@psiinon psiinon psiinon approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Source Code Disclosure - CVE-2012-1823 - False Positive
3 participants
@thc202 @kingthorin @psiinon