ZAP False Positive for 40018 SQL Injection

[MPR GTR]

Hey,

I have a SQL Injection High Risk but it is false positive so i wanted to know if this works

-z "-alertfilter.addFilter=true -alertfilter.ruleId=40018 -alertfilter.newLevel=FalsePositive -alertfilter.url=.*"

 if this right

[psiinon]

No its not.

Did you get that from an LLM? If so you should be aware that LLMs are bad at technical detail :D

See https://www.zaproxy.org/faq/how-do-you-find-out-what-key-to-use-to-set-a-config-value-on-the-command-line/

But also be aware that for non trivial automation we recommend using the Automation Framework: https://www.zaproxy.org/docs/automate/automation-framework/

This has an alertFilter job: https://www.zaproxy.org/docs/desktop/addons/alert-filters/automation/

Oh, and this group is really for discussions relating to developing ZAP.

For questions about using ZAP please use the User Group next time: https://groups.google.com/group/zaproxy-users

Cheers,

Simon