why i cant make Source Code Disclosure - File Inclusion to false positive
151 views
Skip to first unread message
thc202
Jun 17, 2025, 8:44:19 AM6/17/25
to zaprox...@googlegroups.com
Hi,
ZAP does not have database of IDs to names, it will only display a name
if the respective scan rule is present in ZAP.
Try installing the Active scanner rules (beta) add-on which has that rule.
Best regards.
ZAP does not have database of IDs to names, it will only display a name
if the respective scan rule is present in ZAP.
Try installing the Active scanner rules (beta) add-on which has that rule.
Best regards.
MPR GTR
Jun 20, 2025, 8:39:19 AM6/20/25
to ZAP User Group
I scan with the Docker and the fullscan.py in a pipeline so i need to change it with context file but it dont work with the ID 43 for Source Code Disclosure and then i try to find it in the zap software and there i also dont find the ID 43 and the Source Code Disclosure for Alert filter.
kingthorin+zap
Jun 20, 2025, 1:05:58 PM6/20/25
to ZAP User Group
Do you have all the rules installed?
MPR GTR
Jun 20, 2025, 6:02:18 PM6/20/25
to zaprox...@googlegroups.com
yes i think so, i Scan Witz zap stable docker Version and i get the high Alert
--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/YzhkzM3V12g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/92181900-9d10-4d79-9b52-c60761b38e80n%40googlegroups.com.
Simon Bennetts
Jun 23, 2025, 8:20:23 AM6/23/25
to ZAP User Group
The stable docker image only includes the release rules by default.
https://www.zaproxy.org/docs/alerts/43/ is beta, and so you will need to install the beta active scan rules in order to see it.
Note that the alert filters are not that easy to add to the packaged scans.
If you want that sort of flexibility then have a look at the Automation Framework: https://www.zaproxy.org/docs/automate/automation-framework/
Cheers,
Simon
MPR GTR
Jun 23, 2025, 5:06:24 PM6/23/25
to zaprox...@googlegroups.com
Yes but i Scan With Docker and there came the 43 Alert
I also use the flags -a vor alpha rules, maybe this add the beta rules?
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/1f262df0-5689-47c5-b8eb-a689d4141b91n%40googlegroups.com.
Simon Bennetts
Jun 25, 2025, 4:26:12 AM6/25/25
to ZAP User Group
That rule must be in the docker install, otherwise ZAP would not report it.
But the screenshot is of the ZAP decktop - are you running this in the same docker container or do you have it installed somewhere else?
If its a different install then its that installation which needs the beta scan rules.
Cheers,
Simon
MPR GTR
Jun 30, 2025, 2:38:03 AM6/30/25
to ZAP User Group
Hey Simon,
i use docker with this commands
Source Code Disclosure - File Inclusion
zap-full-scan.py
-t TARGET_URL
-r REPORT_NAME
-a
-n Context_site
-j
-U ZAP_USER
and i use a context file, below you see the alertfilters snippet, where i put the alert id 43 for
Source Code Disclosure - File Inclusion
but it dont work
so the zap is in docker and is the last stable zap version without any new plugins and i use it with commands
<alertFilters>
<filter>true;43;-1;aHR0cHM6Ly9kZW1vLmlxc3VpdGUuY29tLio=;true;;false;;false;;false;;</filter>
<filter>true;40018;-1;aHR0cHM6Ly9kZW1vLmlxc3VpdGUuY29tLio=;true;;false;;false;;false;;</filter>
<filter>true;40021;-1;aHR0cHM6Ly9uaWdodGx5Lmlxc3VpdGUuY29tLio=;true;;false;;false;;false;;</filter>
<filter>true;40024;-1;aHR0cHM6Ly9uaWdodGx5Lmlxc3VpdGUuY29tLio=;true;;false;;false;;false;;</filter>
<filter>true;40012;-1;aHR0cHM6Ly9kZW1vLmlxc3VpdGUuY29tLio=;true;;false;;false;;false;;</filter>
</alertFilters>
Simon Bennetts
Jul 1, 2025, 11:05:34 AM7/1/25
to ZAP User Group
As before, I recommend you use the Automation Framework https://www.zaproxy.org/docs/automate/automation-framework/
Cheers,
Simon
MPR GTR
Jul 3, 2025, 2:55:45 AM7/3/25
to ZAP User Group
Yes the Automation Framework would be better, but our Company want it in Docker so, i need a solution with Docker. like before i said i dont know why the alert filter dont get the alert.
Simon Bennetts
Jul 3, 2025, 3:57:42 AM7/3/25
to ZAP User Group
The AF works just fine in Docker :)
My guess is that its probably run in Docker much more often than not.
We also have a GitHub action for it (which also uses Docker) https://github.com/marketplace/actions/zap-automation-framework-scan
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages