Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False Positive - Timestamp Disclosure #8380

Open
njmulsqb opened this issue Mar 4, 2024 · 2 comments · May be fixed by zaproxy/zap-extensions#6037
Open

False Positive - Timestamp Disclosure #8380

njmulsqb opened this issue Mar 4, 2024 · 2 comments · May be fixed by zaproxy/zap-extensions#6037

Comments

@njmulsqb
Copy link
Contributor

njmulsqb commented Mar 4, 2024

I have been facing this timestamp disclosure to be false positive in 99% of the cases.
image

Following strings (and more) have been marked as timestamps in one of the apps I scanned:

image image image image image
@psiinon
Copy link
Member

psiinon commented Mar 4, 2024

It looks like the highlighting might be out.
For example, 1732584193 is a valid timestamp.
However .. is timestamp disclosure really likely via a JavaScript file?
I'd be happy to ignore JS files, and things like images.
Maybe just check HTML and structured data like JSON and XML?

@njmulsqb
Copy link
Contributor Author

njmulsqb commented Mar 4, 2024

In my case all the 1002 findings are from JS files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

3 participants