ascanrulesBeta: Add more example alerts

- CHANGELOG > Add notes.
- Scan rules > Add example alert functionality (6119).
- Unit tests > Assert the new example alerts.
- Messages.properties > Updated some http references (8262).

Signed-off-by: kingthorin <[email protected]>

Author: kingthorin

addOns/ascanrulesBeta/CHANGELOG.md

@@ -8,6 +8,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Updated reference for scan rule: Possible Username Enumeration (Issue 8262)
 - Cookie Slack Detector scan rule now has a more specific CWE.
 - Possible Username Enumeration scan rule now includes CWE-204 as a reference link.
+- The following scan rules now include example alert functionality for documentation generation purposes (Issue 6119):
+    - Relative Path Confusion
+    - Integer Overflow Error
+
+### Removed 
+- Removed HTTP only reference for scan rule: Integer Overflow Error (Issue 8262)
 
 ## [51] - 2024-02-16
 ### Changed

addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/IntegerOverflowScanRule.java

@@ -23,6 +23,7 @@
 package org.zaproxy.zap.extension.ascanrulesBeta;
 
 import java.io.IOException;
+import java.util.List;
 import java.util.Map;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -205,13 +206,12 @@ private boolean attackVector(String param, char type, String returnAttack) {
             sendAndReceive(msg);
             if (isPage500(msg)) {
                 LOGGER.debug("Found Header");
-                newAlert()
-                        .setConfidence(Alert.CONFIDENCE_MEDIUM)
-                        .setUri(this.getBaseMsg().getRequestHeader().getURI().toString())
-                        .setParam(param)
-                        .setAttack(returnAttack)
-                        .setOtherInfo(this.getError(type))
-                        .setEvidence(msg.getResponseHeader().getPrimeHeader())
+                buildAlert(
+                                getBaseMsg().getRequestHeader().getURI().toString(),
+                                param,
+                                returnAttack,
+                                type,
+                                msg.getResponseHeader().getPrimeHeader())
                         .setMessage(msg)
                         .raise();
                 return true;
@@ -221,4 +221,27 @@ private boolean attackVector(String param, char type, String returnAttack) {
         }
         return false;
     }
+
+    @Override
+    public List<Alert> getExampleAlerts() {
+        return List.of(
+                buildAlert(
+                                "https://example.com/?years=1",
+                                "years",
+                                "95697568703220167658153205694899573480013738",
+                                '1',
+                                "HTTP/1.1 500 Internal Server Error")
+                        .build());
+    }
+
+    private AlertBuilder buildAlert(
+            String url, String param, String attack, char type, String evidence) {
+        return newAlert()
+                .setConfidence(Alert.CONFIDENCE_MEDIUM)
+                .setUri(url)
+                .setParam(param)
+                .setAttack(attack)
+                .setOtherInfo(this.getError(type))
+                .setEvidence(evidence);
+    }
 }

addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/RelativePathConfusionScanRule.java

@@ -617,13 +617,8 @@ public void scan() {
                                                 MESSAGE_PREFIX + "extrainfo.nocontenttype");
                 }
 
-                // alert it..
-                newAlert()
-                        .setConfidence(Alert.CONFIDENCE_MEDIUM)
+                buildAlert(hackedUri.toString(), extraInfo, relativeReferenceEvidence)
                         .setUri(getBaseMsg().getRequestHeader().getURI().toString())
-                        .setAttack(hackedUri.toString())
-                        .setOtherInfo(extraInfo)
-                        .setEvidence(relativeReferenceEvidence)
                         .setMessage(hackedMessage)
                         .raise();
 
@@ -642,6 +637,14 @@ public void scan() {
         }
     }
 
+    private AlertBuilder buildAlert(String attack, String otherInfo, String evidence) {
+        return newAlert()
+                .setConfidence(Alert.CONFIDENCE_MEDIUM)
+                .setAttack(attack)
+                .setOtherInfo(otherInfo)
+                .setEvidence(evidence);
+    }
+
     @Override
     public int getRisk() {
         return Alert.RISK_MEDIUM; // Medium or High? We'll see what the community consensus is..
@@ -661,4 +664,15 @@ public int getWascId() {
     public Map<String, String> getAlertTags() {
         return ALERT_TAGS;
     }
+
+    @Override
+    public List<Alert> getExampleAlerts() {
+        return List.of(
+                buildAlert(
+                                "https://example.com/profile/ybpsv/bqmmn/?foo=bar",
+                                Constant.messages.getString(
+                                        MESSAGE_PREFIX + "extrainfo.nocontenttype"),
+                                "background: url(image.png)")
+                        .build());
+    }
 }

addOns/ascanrulesBeta/src/main/resources/org/zaproxy/zap/extension/ascanrulesBeta/resources/Messages.properties

@@ -114,7 +114,7 @@ ascanbeta.integeroverflow.error2 = Potential Integer Overflow.  Status code chan
 ascanbeta.integeroverflow.error3 = Potential Integer Overflow.  Status code changed on the input of a long string of ones.
 ascanbeta.integeroverflow.error4 = Potential Integer Overflow.  Status code changed on the input of a long string of nines.
 ascanbeta.integeroverflow.name = Integer Overflow Error
-ascanbeta.integeroverflow.refs = https://en.wikipedia.org/wiki/Integer_overflow\nhttps://cwe.mitre.org/data/definitions/190.html\nhttp://projects.webappsec.org/w/page/13246946/Integer%20Overflows
+ascanbeta.integeroverflow.refs = https://en.wikipedia.org/wiki/Integer_overflow\nhttps://cwe.mitre.org/data/definitions/190.html
 ascanbeta.integeroverflow.soln = In order to prevent overflows and divide by 0 (zero) errors in the application, please rewrite the backend program, checking if the values of integers being processed are within the application's allowed range. This will require a recompilation of the backend executable.
 
 ascanbeta.name = Active Scan Rules - beta

addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/IntegerOverflowScanRuleUnitTest.java

@@ -27,8 +27,10 @@
 import static org.hamcrest.Matchers.not;
 
 import fi.iki.elonen.NanoHTTPD;
+import java.util.List;
 import java.util.Map;
 import org.junit.jupiter.api.Test;
+import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.network.HttpMessage;
 import org.zaproxy.addon.commonlib.CommonAlertTag;
 import org.zaproxy.zap.model.Tech;
@@ -157,4 +159,18 @@ void shouldReturnExpectedMappings() {
                 tags.get(CommonAlertTag.OWASP_2017_A01_INJECTION.getTag()),
                 is(equalTo(CommonAlertTag.OWASP_2017_A01_INJECTION.getValue())));
     }
+
+    @Test
+    void shouldHaveExpectedExampleAlert() {
+        // Given / When
+        List<Alert> alerts = rule.getExampleAlerts();
+        // Then
+        assertThat(alerts.size(), is(equalTo(1)));
+    }
+
+    @Test
+    @Override
+    public void shouldHaveValidReferences() {
+        super.shouldHaveValidReferences();
+    }
 }

addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/RelativePathConfusionScanRuleUnitTest.java

@@ -23,8 +23,10 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 
+import java.util.List;
 import java.util.Map;
 import org.junit.jupiter.api.Test;
+import org.parosproxy.paros.core.scanner.Alert;
 import org.zaproxy.addon.commonlib.CommonAlertTag;
 
 class RelativePathConfusionScanRuleUnitTest
@@ -58,4 +60,18 @@ void shouldReturnExpectedMappings() {
                 tags.get(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag()),
                 is(equalTo(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getValue())));
     }
+
+    @Test
+    void shouldHaveExpectedExampleAlert() {
+        // Given / When
+        List<Alert> alerts = rule.getExampleAlerts();
+        // Then
+        assertThat(alerts.size(), is(equalTo(1)));
+    }
+
+    @Test
+    @Override
+    public void shouldHaveValidReferences() {
+        super.shouldHaveValidReferences();
+    }
 }