-
-
Notifications
You must be signed in to change notification settings - Fork 705
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pscanrules: Reduce Suspicious Comments rule JS FPs #5813
Open
kingthorin
wants to merge
1
commit into
zaproxy:main
Choose a base branch
from
kingthorin:sus-comm-fp
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kingthorin
force-pushed
the
sus-comm-fp
branch
2 times, most recently
from
October 13, 2024 02:50
93a5cfd
to
031dd13
Compare
thc202
reviewed
Oct 13, 2024
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Show resolved
Hide resolved
kingthorin
force-pushed
the
sus-comm-fp
branch
2 times, most recently
from
October 13, 2024 11:16
e40a6e1
to
a1483ab
Compare
Tweaked |
kingthorin
commented
Oct 17, 2024
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
kingthorin
force-pushed
the
sus-comm-fp
branch
3 times, most recently
from
October 17, 2024 10:40
abcb851
to
ae5659e
Compare
Fixed |
thc202
changed the title
pscanrules: Address Suspicious Comments rule JS FPs
pscanrules: Reduce Suspicious Comments rule JS FPs
Oct 25, 2024
thc202
reviewed
Oct 25, 2024
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
There's a typo in the commit/PR description |
kingthorin
force-pushed
the
sus-comm-fp
branch
from
October 25, 2024 13:01
ae5659e
to
c54de48
Compare
thc202
reviewed
Oct 25, 2024
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
kingthorin
force-pushed
the
sus-comm-fp
branch
2 times, most recently
from
October 31, 2024 10:54
0d17f9c
to
e7cb14e
Compare
As far as performance goes here's what I've been able to find: Live perf examples
I'm not sure how to add a test based on that? 🤷 |
kingthorin
force-pushed
the
sus-comm-fp
branch
3 times, most recently
from
October 31, 2024 11:28
243e6d1
to
0b69de5
Compare
How are you running the tests? |
That was just browsing with only the one rule enabled. Opening a new browser form ZAP after re-installing different versions of the add-on. |
kingthorin
force-pushed
the
sus-comm-fp
branch
from
November 17, 2024 12:44
0b69de5
to
36fe8f6
Compare
Deconflicted |
kingthorin
force-pushed
the
sus-comm-fp
branch
2 times, most recently
from
November 17, 2024 13:40
5991c88
to
b84f2a4
Compare
Now also skips font requests:
|
kingthorin
force-pushed
the
sus-comm-fp
branch
from
November 17, 2024 13:42
b84f2a4
to
75cd97b
Compare
kingthorin
force-pushed
the
sus-comm-fp
branch
4 times, most recently
from
November 17, 2024 13:46
0a3b163
to
1d75446
Compare
- CHANGELOG > Added fix note. - InformationDisclosureSuspiciousCommentsScanRule > Updated handling to target comments in JavaScript more specifically & skip font requests. - InformationDisclosureSuspiciousCommentsScanRuleUnitTest > Updated and added tests. - Messages.properties > Updated to detail/report the findings more specifically based on the new behavior. Signed-off-by: kingthorin <[email protected]>
kingthorin
force-pushed
the
sus-comm-fp
branch
from
November 17, 2024 13:47
1d75446
to
b8afc6a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Note: The regexes used for JS comments are based on https://github.com/antlr/grammars-v4/blob/c82c128d980f4ce46fb3536f87b06b45b9619922/javascript/javascript/JavaScriptLexer.g4#L49-L50
Related Issues
Checklist
./gradlew spotlessApply
for code formatting