Retire.js regex get version from URI path

28 views
Skip to first unread message

Rob.L

unread,
Nov 22, 2021, 6:44:02 AM11/22/21
to OWASP ZAP User Group
HI all
during some test I found some false positive during scan of some js library
It seems that release version of my jquery and others libraries was extracted only from uri and not from js library
There are any configurations on zap or somewhere that can I use to calculate the real JS library version?
This is an sampleScreenshot at Nov 22 12-39-59.png
Thanks



Simon Bennetts

unread,
Nov 22, 2021, 8:59:22 AM11/22/21
to OWASP ZAP User Group
Hiya,

Does the Retire.js browser extension (chrome or firefox) report an issue or not?
If it does then it will be a bug in that project, if it does not then it will be a bug in our integration.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages