pscanrules: add example alerts to DirectoryBrowsingScanRule (#4537)

Giothysham · web-flow · commit b08198fec94a · 2023-04-10T07:50:55.000+01:00
Add example alerts to DirectoryBrowsingScanRule.

Signed-off-by: giothysham &lt;edmond.tsampanis@student.uhasselt.be&gt;
diff --git a/addOns/pscanrules/CHANGELOG.md b/addOns/pscanrules/CHANGELOG.md
@@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 ### Added
+- Added alert examples to Directory Browsing (Issue 6119).
 - Added Trusted Domains in Cross-Domain JavaScript Source File Inclusion (Issue 7775).
 
 ### Changed
diff --git a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/DirectoryBrowsingScanRule.java b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/DirectoryBrowsingScanRule.java
@@ -21,6 +21,7 @@
 
 import java.util.Iterator;
 import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -105,21 +106,32 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) {
         }
         if (evidence != null && evidence.length() > 0) {
             // we found something
-            newAlert()
-                    .setName(getName() + " - " + server)
-                    .setRisk(Alert.RISK_MEDIUM)
-                    .setConfidence(Alert.CONFIDENCE_MEDIUM)
-                    .setDescription(getDescription() + " - " + server)
-                    .setOtherInfo(getExtraInfo(msg, evidence))
-                    .setSolution(getSolution())
-                    .setReference(getReference())
-                    .setEvidence(evidence)
-                    .setCweId(548) // Information Exposure Through Directory Listing
-                    .setWascId(16) // Directory Indexing
-                    .raise();
+            buildAlert(server, evidence).raise();
         }
     }
 
+    private AlertBuilder buildAlert(String server, String evidence) {
+        return newAlert()
+                .setName(getName() + " - " + server)
+                .setRisk(Alert.RISK_MEDIUM)
+                .setConfidence(Alert.CONFIDENCE_MEDIUM)
+                .setDescription(getDescription() + " - " + server)
+                .setOtherInfo(getExtraInfo(evidence))
+                .setSolution(getSolution())
+                .setReference(getReference())
+                .setEvidence(evidence)
+                .setCweId(548) // Information Exposure Through Directory Listing
+                .setWascId(16); // Directory Indexing
+    }
+
+    @Override
+    public List<Alert> getExampleAlerts() {
+        return List.of(
+                buildAlert("Apache 2", "<html><title>Index of /htdocs</title></html>").build(),
+                buildAlert("Microsoft IIS", "<pre><A HREF=\"/\">[To Parent Directory]</A><br><br>")
+                        .build());
+    }
+
     /**
      * get the id of the scanner
      *
@@ -160,11 +172,10 @@ private String getReference() {
     /**
      * gets extra information associated with the alert
      *
-     * @param msg
      * @param arg0
      * @return
      */
-    private String getExtraInfo(HttpMessage msg, String arg0) {
+    private String getExtraInfo(String arg0) {
         return Constant.messages.getString(MESSAGE_PREFIX + "extrainfo", arg0);
     }
 
diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/DirectoryBrowsingScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/DirectoryBrowsingScanRuleUnitTest.java
@@ -23,10 +23,12 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 
+import java.util.List;
 import java.util.Map;
 import org.apache.commons.httpclient.URI;
 import org.apache.commons.httpclient.URIException;
 import org.junit.jupiter.api.Test;
+import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.network.HttpRequestHeader;
 import org.parosproxy.paros.network.HttpResponseHeader;
@@ -114,4 +116,26 @@ void shouldReturnExpectedMappings() {
                 tags.get(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag()),
                 is(equalTo(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getValue())));
     }
+
+    @Test
+    void shouldReturnExpectedExampleAlert() {
+        // Given / When
+        List<Alert> alerts = rule.getExampleAlerts();
+        // Then
+        assertThat(alerts.size(), is(equalTo(2)));
+        Alert alertApache = alerts.get(0);
+        assertThat(alertApache.getRisk(), is(equalTo(Alert.RISK_MEDIUM)));
+        assertThat(alertApache.getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM)));
+        assertThat(alertApache.getName(), is(equalTo("Directory Browsing - Apache 2")));
+        assertThat(
+                alertApache.getEvidence(),
+                is(equalTo("<html><title>Index of /htdocs</title></html>")));
+        Alert alertMicrosoft = alerts.get(1);
+        assertThat(alertMicrosoft.getRisk(), is(equalTo(Alert.RISK_MEDIUM)));
+        assertThat(alertMicrosoft.getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM)));
+        assertThat(
+                alertMicrosoft.getEvidence(),
+                is(equalTo("<pre><A HREF=\"/\">[To Parent Directory]</A><br><br>")));
+        assertThat(alertMicrosoft.getName(), is(equalTo("Directory Browsing - Microsoft IIS")));
+    }
 }
