Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Scan Rule with empty name in the Scan Progress window and Scan Policy window
See original GitHub issueDescribe the bug
When viewing the Scan Progress window there is a mystery attack (blank title) between CORS Header and Spring Actuator Information Leak. Also under Miscellaneous in the Scan Policy window
Steps to reproduce the behavior
- Start an Active Scan
- Click on the Progress icon
–
- scroll to the bottom of the window listing the attacks
- observe an attack missing a title between CORS Header and Spring Actuator Information Leak
OR
- Open Analyse menu option
- Scan policy manager…
- Default Policy
- Miscellaneous
- Observe that the first attack is missing a title.
Expected behavior
Expect for all attacks to have a title so one knows what attack vector is used. Also for debugging if something goes wrong with this specific attack.
Software versions
OWASP ZAP
Version: D-2022-04-19
Installed Add-ons: [[id=accessControl, version=8.0.0],
[id=alertFilters, version=14.0.0], [id=amf, version=3.0.0],
[id=ascanrules, version=47.0.0], [id=ascanrulesAlpha,
version=38.0.0], [id=ascanrulesBeta, version=41.0.0],
[id=attacksurfacedetector, version=1.1.4], [id=authstats,
version=2.0.0], [id=automation, version=0.15.0],
[id=browserView, version=5.0.0], [id=bruteforce,
version=12.0.0], [id=callgraph, version=5.0.0],
[id=callhome, version=0.4.0], [id=commonlib,
version=1.10.0], [id=coreLang, version=16.0.0],
[id=custompayloads, version=0.11.0], [id=diff,
version=12.0.0], [id=directorylistv1, version=6.0.0],
[id=directorylistv2_3, version=4.0.0],
[id=directorylistv2_3_lc, version=4.0.0], [id=domxss,
version=13.0.0], [id=encoder, version=0.7.0], [id=exim,
version=0.2.0], [id=fileupload, version=1.1.0],
[id=formhandler, version=5.0.0], [id=fuzz, version=13.7.0],
[id=fuzzdb, version=8.0.0], [id=gettingStarted,
version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql,
version=0.10.0], [id=help, version=15.0.0], [id=hud,
version=0.14.0], [id=imagelocationscanner, version=3.0.0],
[id=importurls, version=9.0.0], [id=invoke, version=12.0.0],
[id=jsonview, version=2.0.0], [id=jwt, version=1.0.2],
[id=network, version=0.3.0], [id=oast, version=0.11.0],
[id=onlineMenu, version=10.0.0], [id=openapi,
version=28.0.0], [id=plugnhack, version=13.0.0],
[id=portscan, version=10.0.0], [id=pscanrules,
version=41.0.0], [id=pscanrulesAlpha, version=35.0.0],
[id=pscanrulesBeta, version=30.0.0], [id=quickstart,
version=34.0.0], [id=reflect, version=0.0.11],
[id=regextester, version=2.0.0], [id=replacer,
version=10.0.0], [id=reports, version=0.14.0],
[id=requester, version=5.0.0], [id=retest, version=0.3.0],
[id=retire, version=0.11.0], [id=reveal, version=5.0.0],
[id=revisit, version=4.0.0], [id=saml, version=9.0.0],
[id=scripts, version=31.0.0], [id=selenium, version=15.9.0],
[id=sequence, version=7.0.0], [id=soap, version=14.0.0],
[id=spiderAjax, version=23.8.0], [id=sqliplugin,
version=15.0.0], [id=tips, version=10.0.0], [id=tokengen,
version=15.0.0], [id=treetools, version=8.0.0],
[id=viewstate, version=3.0.0], [id=wappalyzer,
version=21.9.0], [id=webdriverlinux, version=38.0.0],
[id=webdrivermacos, version=39.0.0], [id=webdriverwindows,
version=38.0.0], [id=websocket, version=26.0.0], [id=zest,
version=36.0.0]]
Operating System: Windows 10
Java Version: Eclipse Adoptium 17.0.2
System's Locale: en_US
Display Locale: en_GB
Format Locale: en_US
ZAP Home Directory: C:\Users\$USER\OWASP ZAP_D\
ZAP Installation Directory: C:\Users\$USER\LocalPrograms\ZAPWeekly\ZAP_D-2022-04-19\.\
Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)
Screenshots
and
Errors from the zap.log file
none as it’s a GUI visual error (missing title)
Additional context
Checked the Marketplace and all items have titles.
Would you like to help fix this issue?
- Yes
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:21 (12 by maintainers)
Top Results From Across the Web
Hide the file scan progress window - ADMX Help
This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse novices.
Read more >Allowing users to pause or stop scans on Windows computers
If you allow the dialog box to appear on client computers, users are always allowed to pause or delay an administrator-defined scan.
Read more >Run Best Practices Analyzer Scans and Manage Scan Results
You can run Best Practices Analyzer (BPA) scans either from Server Manager, by using the BPA GUI, or by using cmdlets in Windows...
Read more >Scan result policies - GitLab Docs
You can use scan result policies to take action based on scan results. For example, one type of scan result policy is a...
Read more >Enforcing scan configurations - Tanium Documentation
For Windows endpoints, the available scanning techniques include the ... update metadata and detection rules directly from Microsoft.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yes, run as a standalone script using Graal JavaScript engine.
@thc202 Okay sounds good. Patience is a virtue and it’s only cosmetic. 😃 thanks for taking a few moments to revisit this issue today, I appreciate it.