8000 Adding missing zap-advanced scripts again (closes #656) by rfelber · Pull Request #658 · secureCodeBox/secureCodeBox · GitHub
[go: up one dir, main page]
Skip to content

Adding missing zap-advanced scripts again (closes #656) #658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rfelber merged 1 commit into from
Sep 20, 2021
Merged

Adding missing zap-advanced scripts again (closes #656) #658

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion scanners/zap-advanced/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,13 @@ Dockerfile
.dockerignore
*.tar
parser/*
scanner/*
# this doesn't look too good but is required so that the scanners/scripts folder is included
scanner/*.*
scanner/zapclient/
scanner/tests/
scanner/venv/
scanner/.pytest_cache/
scanner/.idea/
integration-tests/*
examples/*
docs/*
Expand Do E880 wn
4 changes: 2 additions & 2 deletions scanners/zap-advanced/scanner/scripts/authentication/scb-oidc-password-grand-type.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ var HttpRequestHeader = Java.type("org.parosproxy.paros.network.HttpRequestHeade
*
* - Authentication method: ScriptBased Authentication
* - Login FORM target URL: https://$keycloak-url/auth/realms/$app/protocol/openid-connect/token
* - Username Parameter: your-username-to-get-tokens
* - Password Parameter: your-password-to-get-tokens
* - username parameter: your-username-to-get-tokens
* - password parameter: your-password-to-get-tokens
* - Logged out regex: ".*Credentials are required to access this resource.*"
*
* NOTE: Any message sent in the function should be obtained using the 'helper.prepareMessage()'
Expand Down
18 changes: 5 additions & 13 deletions scanners/zap-advanced/scanner/zapclient/context/zap_context.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,19 +179,11 @@ def _configure_context_create_user(self, user: collections.OrderedDict, auth_typ
userid=user_id,
name=user_name)

# TODO: Open a new issue at ZAP GitHub: Why (or) is this difference (camelCase vs. pascalCase) here really necessary?
if auth_type == "script-based":
self.get_zap.users.set_authentication_credentials(
contextid=context_id,
userid=user_id,
authcredentialsconfigparams='Username=' + user_name + '&Password=' + user_password)
self.get_zap.users.set_user_enabled(contextid=context_id, userid=user_id, enabled=True)
else:
self.get_zap.users.set_authentication_credentials(
contextid=context_id,
userid=user_id,
authcredentialsconfigparams='username=' + user_name + '&password=' + user_password)
self.get_zap.users.set_user_enabled(contextid=context_id, userid=user_id, enabled=True)
self.get_zap.users.set_authentication_credentials(
contextid=context_id,
userid=user_id,
authcredentialsconfigparams='username=' + user_name + '&password=' + user_password)
self.get_zap.users.set_user_enabled(contextid=context_id, userid=user_id, enabled=True)

if ("forced" in user and user["forced"]):
logging.debug("Configuring a forced user '%s' with id, for context(%s)'", user_id, context_id)
Expand Down
0