how to solve this Information Disclosure - Suspicious Comments?

[chirag suthar]

Hello 

How to solve this error? Information Disclosure - Suspicious Comments

Thanks,

[kingthorin+owaspzap]

First note that it's an informational finding.

If you want/need to fix it then you'd have to contact the third party, or make local copies and edit them.

If you look at the comments and are find with them then you could add an Alert Filter https://www.zaproxy.org/docs/desktop/addons/alert-filters/

[Chirag Suthar]

how to fix it any idea?

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/5c5f5009-c0a0-42d3-a290-4b8ccee0bc3fn%40googlegroups.com.

[kingthorin+owaspzap]

Yup as I stated in the previous message.

[ZHEN XIAN LIM]

how you determine the word is suspicious or not? Do you have a list? Because I realised mine also got it. Some in comment, some even in variable. 

[kingthorin+owaspzap]

Here's the documentation on this finding:

- https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/#information-disclosure-suspicious-comments

- https://www.zaproxy.org/docs/alerts/10027/

Note it currently looks at full JavaScript files/blocks as we don't currently have a way to extract JS comments. (That's coming.)

As for the key words you can find them here: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/zapHomeFiles/xml/suspicious-comments.txt