Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ascanrules: sqli heuristic to fix 3xx redirect false positives #5975

Open
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

FiveOFive
Copy link
Contributor

Overview

Fix the sql injection false positive case described in zaproxy/zaproxy#8651. The short summary is that the expression based test sends 3 requests: normal, modified, and confirm. A sql injection is suspected if normal and modified return the same response, but confirm returns a different response. The response comparison logic looks only at the response body. In the case of 3xx redirects the bodies can be exactly the same when the location headers are different. This change adds a heuristic for checking the location headers and treating different 3xx redirects as different responses, even when the bodies are the same.

This change is built on top of #5974. Once that one is done I'll rebase, squash, and sign-off the resulting commit.

Related Issues

zaproxy/zaproxy#8651

Checklist

  • Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

For more details, please refer to the developer rules and guidelines.

@psiinon

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants