From a4ddc521b2434bf7a04c9e4b8ab41920b69cf7f7 Mon Sep 17 00:00:00 2001 From: thc202 Date: Mon, 25 Nov 2024 06:10:22 +0000 Subject: [PATCH] pscan: move core help and add API help page Move core help with slightly adjustments for the add-on. Add help page for the API. Update help keys in the code. Part of zaproxy/zaproxy#7959. Signed-off-by: thc202 --- .../pscan/internal/ui/OptionsPassiveScan.java | 2 +- .../ui/PassiveScannerOptionsPanel.java | 2 +- .../internal/ui/PolicyPassiveScanPanel.java | 2 +- .../org/zaproxy/addon/pscan/common/map.jhm | 5 ++ .../addon/pscan/help/contents/api.html | 86 +++++++++++++++++++ .../pscan/help/contents/options/options.html | 39 +++++++++ .../pscan/help/contents/options/rules.html | 32 +++++++ .../pscan/help/contents/options/scanner.html | 73 ++++++++++++++++ .../pscan/help/contents/options/tags.html | 48 +++++++++++ .../addon/pscan/help/contents/pscan.html | 44 ++++++++++ .../org/zaproxy/addon/pscan/help/index.xml | 2 + .../org/zaproxy/addon/pscan/help/toc.xml | 6 ++ 12 files changed, 338 insertions(+), 3 deletions(-) create mode 100644 addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html create mode 100644 addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html create mode 100644 addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html create mode 100644 addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html create mode 100644 addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java index d9cb7b45bec..17348d6a55a 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/OptionsPassiveScan.java @@ -87,7 +87,7 @@ public void saveParam(Object obj) throws Exception { @Override public String getHelpIndex() { - return "ui.dialogs.options.pscan"; + return "addon.pscan.options.tags"; } private static class ScannersMultipleOptionsPanel diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java index 107888eff60..9bfa3c5c165 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PassiveScannerOptionsPanel.java @@ -114,6 +114,6 @@ public void saveParam(Object obj) throws Exception { @Override public String getHelpIndex() { - return "ui.dialogs.options.pscan.main"; + return "addon.pscan.options.scanner"; } } diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java index 753f4d5ce5a..dcfb89e7bf2 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/ui/PolicyPassiveScanPanel.java @@ -247,6 +247,6 @@ public void setPassiveScanTableModel(PolicyPassiveScanTableModel categoryTableMo @Override public String getHelpIndex() { - return "ui.dialogs.options.pscanrules"; + return "addon.pscan.options.rules"; } } diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm index c49382c778d..25436824b28 100644 --- a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/common/map.jhm @@ -6,7 +6,12 @@ + + + + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html new file mode 100644 index 00000000000..e538a0b2da4 --- /dev/null +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/api.html @@ -0,0 +1,86 @@ + + + + +Passive Scanner API + + +

Passive Scanner API

+ The following operations are added to the API: + +

Actions

+ + +

Views

+ + +

See also

+ + + + + + +
    Passive Scannerthe introduction to Passive Scanner add-on
+ + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html new file mode 100644 index 00000000000..7910b15ecc5 --- /dev/null +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/options.html @@ -0,0 +1,39 @@ + + + + +Options + + +

Options

+ + The Passive Scanner add-on provides the following options screens: + + + + + + + + + + + + + + + + +
    Passive ScannerAllows to configure the passive scanner.
    Passive Scan RulesAllows to configure the passive scan rules.
    Passive Scan TagsAllows to configure the tags that are added by the passive scanner.
+ +

See also

+ + + + + + +
    Passive Scannerthe introduction to Passive Scanner add-on
+ + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html new file mode 100644 index 00000000000..31f0a463514 --- /dev/null +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/rules.html @@ -0,0 +1,32 @@ + + + + + +Passive Scan Rules + + + +

Passive Scan Rules

+

+This screen allows you to configure the passive scan rules.
+

+

Threshold

+This controls how likely ZAP is to report potential vulnerabilities.
+ + +

See also

+ + + + + + +
    Passive Scannerthe introduction to Passive Scanner add-on
+ + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html new file mode 100644 index 00000000000..8ca158489b5 --- /dev/null +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/scanner.html @@ -0,0 +1,73 @@ + + + + +Passive Scanner + + +

Passive Scanner

+

+ This screen allows you to configure the passive scanner. + +

Configuration Options

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDetailsDefaultConfig File
Only scan messages in scopeSets whether or not the passive scan should be performed only on messages that + are in scope. + DeselectedKey: pscans.scanOnlyInScope
Values: true or false
Include traffic from the Fuzzer when passive scanningSets whether or not the passive scanning should be performed on messages generated by the Fuzzer.DeselectedKey: pscans.scanFuzzerMessages
Values: true or false
Max alerts any rule can raiseSets the maximum number of alerts a passive scan rule should raise. This may be slightly exceeded due to threading. + This setting is typically only useful for automated scanning. Scan rules that exceed this value will be disabled + and will need to be manually enabled if a new session is started. + 0 (unset)Key: pscans.maxAlertsPerRule
Values: 0: unset or the maximum number of alerts
Max body size in bytes to scanSets the maximum size request or response body size in bytes that the passive scanner will scan. + This can be used if passive scan rules take too long scanning very large requests or responses. + If set the number of ignored requests and responses are recorded in the stats using the keys + stats.pscan.reqBodyTooBig and stats.pscan.respBodyTooBig respectively. + 0 (unset)Key: pscans.maxBodySizeInBytes
Values: 0: unset or the maximum body size in bytes
Clear QueueEmpties the passive scan queue without passively scanning the messages. + Currently running rules will run to completion but new rules will only be run when new messages are added to the queue. +
+ +

See also

+ + + + + + +
    Passive Scannerthe introduction to Passive Scanner add-on
+ + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html new file mode 100644 index 00000000000..f9cc500f93c --- /dev/null +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/options/tags.html @@ -0,0 +1,48 @@ + + + + + +Passive Scan Tags + + + +

Passive Scan Tags

+

+This screen allows you to configure the tags that are added by the passive scanner. +

+You can add, modify and remove the tags via the appropriate buttons. + +

Tag Interpolation

+In order to allow some flexibility in Tag creation and content it is possible for the user to specify a regular expression with capturing groups +which will be used to replace the group identifiers (ex: $1) in the resulting tag. +

+For example, a tag could be defined as follows: + + + + + + + + + + + + + +
FieldValueNote
Name:Test 
Tag:$1-SOMETAG 
Response Body Regex:(\d{3})Find strings of 3 numbers, using a capturing group (round brackets).
+Result: When 3 digit strings are passively identified in response body content (the regex matches) the messages will be +tagged such as "123-SOMETAG", "345-SOMETAG", etc. + +

See also

+ + + + + + +
    Passive Scannerthe introduction to Passive Scanner add-on
+ + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html index 99cdf66f053..a872e383c46 100644 --- a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/contents/pscan.html @@ -14,5 +14,49 @@

Passive Scanner Add-on

This add-on supports the Automation Framework.

+

Passive Scan

+

+ZAP by default passively scans all messages (e.g. HTTP, WebSocket) sent to the web application being tested.
+Passive scanning does not change the messages in any way and is therefore safe to use.
+Scanning is performed in the background to ensure that it does not slow down the exploration of an application. +

+

+The (main) behaviour of the passive scanner can be configured using the Options Passive Scanner Screen. +

+

+Passive scanning can also be used for automatically adding tags +and raising alerts for potential issues.
+A set of rules for automatic tagging are provided by default. These can be changed, deleted or +added to via the Options Passive Scan Tags screen. +

+ +

+The alerts raised by passive scan rules can be configured using the Options Passive Scan Rules screen. +

+ +

Official Videos

+ + + + + + + +
    ZAP In Ten: Passive Scanning (10:27)
    ZAP In Ten: Passive Scan Scripts (11:53)
    Deep Dive: Passive Scanning (27:35)
+ +

See also

+ + + + + + + + + + + +
    Passive Scanner APIfor more details about the Passive Scanner API
    Optionsfor the provided options screens
+ diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/index.xml b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/index.xml index 9e3075174e1..4912b9b66ec 100644 --- a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/index.xml +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/index.xml @@ -5,7 +5,9 @@ + + diff --git a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/toc.xml b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/toc.xml index 2e9da0daddc..62dbf054ca3 100644 --- a/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/toc.xml +++ b/addOns/pscan/src/main/javahelp/org/zaproxy/addon/pscan/help/toc.xml @@ -7,10 +7,16 @@ + + + + + +