What is the translation of "Confidence" integer values?
304 views
Skip to first unread message
Ohav
Jul 25, 2022, 5:45:50 AM7/25/22
to OWASP ZAP User Group
Hey. I am using the Automation Framework of ZAP, and using the JSON report format.
In the JSON, I see values like "2" and "3" for the "confidence" attribute. My assumption is that the values translate in the following way:
1: LOW
2: MEDIUM
3: HIGH
2: MEDIUM
3: HIGH
Tough, I didn't find any official documentation about that. I would love to know if I am correct, and where could I have found that.
Thanks.
Simon Bennetts
Jul 25, 2022, 5:51:35 AM7/25/22
to OWASP ZAP User Group
Hiya,
Those are defined in the code here: https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/parosproxy/paros/core/scanner/Alert.java#L173-L179
We should probably have those in the docs as well, or links to where the values are defined in the code...
Cheers,
Simon
Ohav
Jul 25, 2022, 6:13:41 AM7/25/22
to OWASP ZAP User Group
Thank you Simon. I appreciate the quick answer.
Adam Gardner
Sep 3, 2022, 11:26:28 PM9/3/22
to OWASP ZAP User Group
To confirm, a Risk description of "Low (Medium)" means a low risk issue detected with Medium confidence level?
thc...@gmail.com
Sep 5, 2022, 1:07:58 PM9/5/22
to zaprox...@googlegroups.com
Yes, the first is the risk and the second the confidence.
Best regards.
On 04/09/2022 04:26, 'Adam Gardner' via OWASP ZAP User Group wrote:
> To confirm, a Risk description of "Low (Medium)" means a low risk issue
> detected with Medium confidence level?
>
> On Monday, July 25, 2022 at 8:13:41 PM UTC+10 Ohav wrote:
>
>> Thank you Simon. I appreciate the quick answer.
>>
>> On Monday, July 25, 2022 at 12:51:35 PM UTC+3 psi...@gmail.com wrote:
>>
>>> Hiya,
>>>
>>> Those are defined in the code here:
>>> https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/parosproxy/paros/core/scanner/Alert.java#L173-L179
>>>
>>> We should probably have those in the docs as well, or links to where the
>>> values are defined in the code...
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> On Monday, 25 July 2022 at 11:45:50 UTC+2 Ohav wrote:
>>>
>>>> Hey. I am using the Automation Framework of ZAP, and using the JSON
>>>> report format.
>>>>
>>>> In the JSON, I see values like "2" and "3" for the "confidence"
>>>> attribute. My assumption is that the values translate in the following way:
>>>>
>>>>
>>>>
>>>> *1: LOW2: MEDIUM3: HIGH*
>>>>
>>>> Tough, I didn't find any official documentation about that. *I would
>>>> love to know if I am correct, and where could I have found that.*
>>>>
>>>> Thanks.
>>>>
>>>>
>
Best regards.
On 04/09/2022 04:26, 'Adam Gardner' via OWASP ZAP User Group wrote:
> To confirm, a Risk description of "Low (Medium)" means a low risk issue
> detected with Medium confidence level?
>
> On Monday, July 25, 2022 at 8:13:41 PM UTC+10 Ohav wrote:
>
>> Thank you Simon. I appreciate the quick answer.
>>
>> On Monday, July 25, 2022 at 12:51:35 PM UTC+3 psi...@gmail.com wrote:
>>
>>> Hiya,
>>>
>>> Those are defined in the code here:
>>> https://github.com/zaproxy/zaproxy/blob/main/zap/src/main/java/org/parosproxy/paros/core/scanner/Alert.java#L173-L179
>>>
>>> We should probably have those in the docs as well, or links to where the
>>> values are defined in the code...
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> On Monday, 25 July 2022 at 11:45:50 UTC+2 Ohav wrote:
>>>
>>>> Hey. I am using the Automation Framework of ZAP, and using the JSON
>>>> report format.
>>>>
>>>> In the JSON, I see values like "2" and "3" for the "confidence"
>>>> attribute. My assumption is that the values translate in the following way:
>>>>
>>>>
>>>>
>>>>
>>>> Tough, I didn't find any official documentation about that. *I would
>>>> love to know if I am correct, and where could I have found that.*
>>>>
>>>> Thanks.
>>>>
>>>>
>
Arkaprabha Chakraborty
Sep 5, 2022, 1:28:44 PM9/5/22
to zaprox...@googlegroups.com
Can this docs issue be opened as a good first issue? Maybe someone can start their contribution journey to OSS with this issue? :)
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/6f64de30-0285-472d-3a06-789814aecced%40gmail.com.
Adam Gardner
Sep 5, 2022, 8:48:16 PM9/5/22
to OWASP ZAP User Group
Reply all
Reply to author
Forward
0 new messages