ascanrules: sqli heuristic to fix 3xx redirect false positives #5975
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Fix the sql injection false positive case described in zaproxy/zaproxy#8651. The short summary is that the expression based test sends 3 requests: normal, modified, and confirm. A sql injection is suspected if normal and modified return the same response, but confirm returns a different response. The response comparison logic looks only at the response body. In the case of 3xx redirects the bodies can be exactly the same when the location headers are different. This change adds a heuristic for checking the location headers and treating different 3xx redirects as different responses, even when the bodies are the same.
This change is built on top of #5974. Once that one is done I'll rebase, squash, and sign-off the resulting commit.
Related Issues
zaproxy/zaproxy#8651
Checklist
./gradlew spotlessApply
for code formattingFor more details, please refer to the developer rules and guidelines.