Ignore Javascript Files while scanning for timestamps

[njmulsqb]

Passive scan rule identifies timestamps falsely in js files ending up in false positives. Timestamps in JS files can't happen so they should be ignored.

fixes zaproxy/zaproxy#8380

[psiinon]

Checkmarx One – Scan Summary & Details – 9282ca23-b003-4c65-b7eb-a113e0ad14c8

No New Or Fixed Issues Found

[kingthorin]

Timestamps can absolutely happen JS files, there are frameworks that generate JS based on user profiles etc with user specifications fix constants etc

Maybe excluding JS should be tied to threshold, if this is the proposed fix.

[kingthorin]

Should include a changelog entry, updated/new tests, and if tied to threshold a help update.

[njmulsqb]

Interesting, so by threshold you mean we should ignore it if there are more than N amount of findings in .js files? Given the fact you mentioned, if there can be timestamps in js files than all we need is a one valid finding among 499 others, right?

[kingthorin]

No I mean use the getAlertThreshold method.

https://www.zaproxy.org/docs/desktop/ui/dialogs/options/pscanrules/#threshold

At High it could skip JS to raise fewer potential issues.

If you search the passive scan rules you'll find other examples.

[njmulsqb]

That's sounds like a better implementation.

Let's wait for others (@psiinon @thc202 ) to agree on this solution before I work in that direction.