-
-
Notifications
You must be signed in to change notification settings - Fork 151
Tool Alerts
thc202 edited this page Jan 19, 2021
·
4 revisions
The Alert tools are unusual in that there are multiple related tools. This is to allow you to be able to choose to show whichever level of alerts you are interested in.
The commonAlerts.js tools underlies all of the other alert tools and is hidden from view.
This tool:
- Registers for ZAP events generated by AlertEventPublisher.java - this raises events whenever alerts are added or changed
- Listens these events and then:
- Filters out any not on the target domain
- Adds new alerts to a sharedData.alerts data structure
- Raises a new event with an event name based on the risk of the alert and including a count of the number of alerts with that risk type (ie the counts shown by the other site alert tools)
The sharedData.alerts object is structured:
-
target domain
-
risk
-
alert name
- url = { event details }
-
alert name
-
risk
The site based alert tools:
all listen for 'commonAlerts.risk' events raised by commonAlerts.js and then just update the count they display with the one in the event.
The page based alert tools:
all listen for 'commonAlerts.risk' events raised by commonAlerts.js but then they need to count the number of the relevant alerts that apply to the current URL by accessing the sharedData.alerts object directly.