Skip to content

Commit b49256b

Browse files
kdudkakdudka
committed
parser-cov: recognize alert as key event for OWASP_ZAP_WARNING
1 parent 5733c09 commit b49256b

File tree

2 files changed

+12
-9
lines changed

2 files changed

+12
-9
lines changed

src/lib/parser-cov.cc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -279,6 +279,9 @@ KeyEventDigger::KeyEventDigger():
279279
d->hMap["GCC_ANALYZER_WARNING"] .insert("warning");
280280
d->hMap["GCC_ANALYZER_WARNING"] .insert("fatal error");
281281

282+
// OWASP ZAP uses "alert" as the key event
283+
d->hMap["OWASP_ZAP_WARNING"] .insert("alert");
284+
282285
// events that should never be used as key events (excluding trace events)
283286
d->denyList.insert("another_instance");
284287
d->denyList.insert("comparison_remediation");

tests/csgrep/0104-cov-parser-zap-stdout.txt

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
"checker": "OWASP_ZAP_WARNING",
88
"cwe": 200,
99
"tool": "owasp-zap",
10-
"key_event_idx": 5,
10+
"key_event_idx": 1,
1111
"events": [
1212
{
1313
"file_name": "http://rhos-fedora-devel.usersys.redhat.com:5000",
@@ -21,7 +21,7 @@
2121
"line": 0,
2222
"event": "alert[90022]",
2323
"message": "Application Error Disclosure",
24-
"verbosity_level": 1
24+
"verbosity_level": 0
2525
},
2626
{
2727
"file_name": "http://rhos-fedora-devel.usersys.redhat.com:5000/pets/id/pet_id",
@@ -49,15 +49,15 @@
4949
"line": 0,
5050
"event": "evidence",
5151
"message": "HTTP/1.1 500 INTERNAL SERVER ERROR",
52-
"verbosity_level": 0
52+
"verbosity_level": 1
5353
}
5454
]
5555
},
5656
{
5757
"checker": "OWASP_ZAP_WARNING",
5858
"cwe": 200,
5959
"tool": "owasp-zap",
60-
"key_event_idx": 5,
60+
"key_event_idx": 1,
6161
"events": [
6262
{
6363
"file_name": "http://rhos-fedora-devel.usersys.redhat.com:5000",
@@ -71,7 +71,7 @@
7171
"line": 0,
7272
"event": "alert[10023]",
7373
"message": "Information Disclosure - Debug Error Messages",
74-
"verbosity_level": 1
74+
"verbosity_level": 0
7575
},
7676
{
7777
"file_name": "http://rhos-fedora-devel.usersys.redhat.com:5000/pets/id/pet_id",
@@ -99,15 +99,15 @@
9999
"line": 0,
100100
"event": "evidence",
101101
"message": "Internal Server Error",
102-
"verbosity_level": 0
102+
"verbosity_level": 1
103103
}
104104
]
105105
},
106106
{
107107
"checker": "OWASP_ZAP_WARNING",
108108
"cwe": 693,
109109
"tool": "owasp-zap",
110-
"key_event_idx": 11,
110+
"key_event_idx": 1,
111111
"events": [
112112
{
113113
"file_name": "http://rhos-fedora-devel.usersys.redhat.com:5000",
@@ -121,7 +121,7 @@
121121
"line": 0,
122122
"event": "alert[10021]",
123123
"message": "X-Content-Type-Options Header Missing",
124-
"verbosity_level": 1
124+
"verbosity_level": 0
125125
},
126126
{
127127
"file_name": "http://rhos-fedora-devel.usersys.redhat.com:5000/docs/openapi.json",
@@ -191,7 +191,7 @@
191191
"line": 0,
192192
"event": "param",
193193
"message": "X-Content-Type-Options",
194-
"verbosity_level": 0
194+
"verbosity_level": 1
195195
}
196196
]
197197
}

0 commit comments

Comments
 (0)