'includeInContext' Regexp does not works as expected.
169 views
Skip to first unread message
JWeb Dev
Jul 2, 2023, 5:11:58 AM7/2/23
to OWASP ZAP User Group
Hello, I'm setting up the context for the active scan.
I do it as in the documentation, but either I'm missing something or includeInContext Regexp somehow doesn't work as expected.
More documentation would be great, especially with examples, the documentation seems to be quite a lot, but at the same time, I should to ask here.
My problem is very simple. I start the scanner with the context.
In order for everything to work, I need to add a regexp to the context, which I do.
I do it as in the documentation, but either I'm missing something or includeInContext Regexp somehow doesn't work as expected.
More documentation would be great, especially with examples, the documentation seems to be quite a lot, but at the same time, I should to ask here.
My problem is very simple. I start the scanner with the context.
In order for everything to work, I need to add a regexp to the context, which I do.
api.core.accessUrl("https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3", "true");
api.context.includeInContext(contextName, "https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3.*");
resp = api.ascan.scan("https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3", null, null, "Default Policy", null, null, Integer.valueOf(contextId));
api.context.includeInContext(contextName, "https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3.*");
resp = api.ascan.scan("https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3", null, null, "Default Policy", null, null, Integer.valueOf(contextId));
API: /core/urls()
"https://www.looper.com"
"https://www.looper.com/913032"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/._darcs"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/.bzr"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/.hg"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/BitKeeper"
"https://www.looper.com"
"https://www.looper.com/913032"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/._darcs"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/.bzr"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/.hg"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/?utm_source=zergnet.com&utm_medium=referral&utm_campaign=zergnet_7288437&utm_content=3"
"https://www.looper.com/913032/ridiculous-mad-max-ripoffs-that-actually-existed/BitKeeper"
I am getting url_not_in_context error
I change includeInContext to api.context.includeInContext(contextName, "https://www.looper.com/.*"); Everything starts to work.
My question: why if I specify the url 1 in 1 plus ".*" at the end, then I get the error url_not_in_context?
I change includeInContext to api.context.includeInContext(contextName, "https://www.looper.com/.*"); Everything starts to work.
My question: why if I specify the url 1 in 1 plus ".*" at the end, then I get the error url_not_in_context?
After all, the regular expression is correct and should match occurs with such a condition.
Thanks for the help.
Regards.
thc...@gmail.com
Jul 2, 2023, 5:21:49 AM7/2/23
to zaprox...@googlegroups.com
Hi.
The query component of the URL is not taken into account when checking
if the URL is in context:
https://github.com/zaproxy/zaproxy/issues/3121
Best regards.
On 02/07/2023 10:11, JWeb Dev wrote:
> Hello, I'm setting up the context for the active scan.
> I do it as in the documentation, but either I'm missing something or
> *includeInContext* Regexp somehow doesn't work as expected.
The query component of the URL is not taken into account when checking
if the URL is in context:
https://github.com/zaproxy/zaproxy/issues/3121
Best regards.
On 02/07/2023 10:11, JWeb Dev wrote:
> Hello, I'm setting up the context for the active scan.
> I do it as in the documentation, but either I'm missing something or
JWeb Dev
Jul 2, 2023, 5:26:25 AM7/2/23
to OWASP ZAP User Group
Hi @thc202,
Thanks for the answer.
Ah, that's it. Then the best solution would be. Just include the top-level domain in the context?
Or I can just write ".*" since I'm only crawling 1 url.
Or I can just write ".*" since I'm only crawling 1 url.
Regards
thc...@gmail.com
Jul 2, 2023, 5:39:11 AM7/2/23
to zaprox...@googlegroups.com
Including the top-level domain is safer than include everything, just in
case, to not accidentality scan other sites.
Best regards.
case, to not accidentality scan other sites.
Best regards.
JWeb Dev
Jul 2, 2023, 5:41:45 AM7/2/23
to OWASP ZAP User Group
@thc202 - good point. Thanks!
Reply all
Reply to author
Forward
0 new messages