Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client: Change spider to access unvisited URLs #5996

Merged
merged 1 commit into from
Dec 10, 2024
Merged

Client: Change spider to access unvisited URLs #5996

merged 1 commit into from
Dec 10, 2024

Conversation

psiinon
Copy link
Member

@psiinon psiinon commented Dec 6, 2024
edited by kingthorin
Loading

Overview

In ZAP with the client add-on installed open the browser and point at a running version of bodgeit.
Then run the client spider against bodgeit - it will not find anything.
This is because its listenning for "new node" events, but no new nodes are added because they were already there, just unvisited.
This PR fixes that by adding those nodes to the task list.

No changelog entry as this is still unpublished functionality 😁

Checklist

  • Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

@psiinon psiinon force-pushed the client/spider-unvisited branch from 5d16968 to 7279804 Compare December 6, 2024 16:29
@psiinon
Copy link
Member Author

psiinon commented Dec 6, 2024

Interesting - the unit tests pass in Eclipse.
But they fail in the same way as here from the command line, so will look into that..

@psiinon
Copy link
Member Author

psiinon commented Dec 6, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailscc0e5823-255c-43d2-a40f-2bed306926e1

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Log_Forging /addOns/client/src/main/java/org/zaproxy/addon/client/spider/ClientSpiderDialog.java: 281 Attack Vector

@psiinon
Client: Change spider to access unvisited URLs
0188cfe 
Signed-off-by: Simon Bennetts <psiinon@gmail.com>
@psiinon psiinon force-pushed the client/spider-unvisited branch from 7279804 to 0188cfe Compare December 6, 2024 17:25
@psiinon
Copy link
Member Author

psiinon commented Dec 6, 2024

Tests fixed

@kingthorin kingthorin enabled auto-merge December 6, 2024 17:42
@kingthorin kingthorin merged commit b6f72f2 into zaproxy:main Dec 10, 2024
10 checks passed
@thc202
Copy link
Member

thc202 commented Dec 10, 2024

Thank you!

@github-actions github-actions bot locked and limited conversation to collaborators Dec 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kingthorin kingthorin kingthorin approved these changes

@thc202 thc202 thc202 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@psiinon @thc202 @kingthorin