Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use TOTP from credentials #6289

Merged
merged 1 commit into from
Mar 24, 2025
Merged

Use TOTP from credentials #6289

merged 1 commit into from
Mar 24, 2025

Conversation

thc202
Copy link
Member

@thc202 thc202 commented Mar 20, 2025
edited
Loading

eUse the core credentials to get the TOTP code.

Requires zaproxy/zaproxy#8892 but should work without it (as in not break anything).

@psiinon
Copy link
Member

psiinon commented Mar 20, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsa2522802-d1ae-4f64-8eed-9e6af4721cb2

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
LOW Heap_Inspection /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java: 466
detailsMethod at line 466 of /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java defines password, which is designated to contai...
Attack Vector
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
LOW Heap_Inspection /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java: 401

@thc202 thc202 force-pushed the totp-core branch 2 times, most recently from 4814bdd to 3f7084f Compare March 21, 2025 14:56
@thc202 thc202 changed the title [WIP] Use TOTP from credentials Use TOTP from credentials Mar 21, 2025
kingthorin
kingthorin approved these changes Mar 21, 2025
View reviewed changes
Copy link
Member

@kingthorin kingthorin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me

@thc202 thc202 changed the title Use TOTP from credentials [WIP] Use TOTP from credentials Mar 21, 2025
@thc202 thc202 force-pushed the totp-core branch 3 times, most recently from 812d40d to c69617b Compare March 21, 2025 17:31
@thc202
Use TOTP from credentials
dc543d5 
Use the core credentials to get the TOTP code.

Signed-off-by: thc202 <[email protected]>
@thc202 thc202 changed the title [WIP] Use TOTP from credentials Use TOTP from credentials Mar 24, 2025
@psiinon psiinon merged commit 1b228d6 into zaproxy:main Mar 24, 2025
10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 24, 2025
@thc202 thc202 deleted the totp-core branch March 24, 2025 12:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@psiinon psiinon psiinon approved these changes

@kingthorin kingthorin kingthorin approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thc202 @psiinon @kingthorin