zaproxy · iagoscm · Jul 28, 2024 · Aug 13, 2024 · Aug 20, 2024 · thc202
diff --git a/addOns/ascanrules/CHANGELOG.md b/addOns/ascanrules/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
+### Changed
+- The Cross Site Scripting rule now includes example alert functionality for documentation generation purposes (Issue 6119)
 
 ## [67] - 2024-07-22
 

diff --git a/.../ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java b/.../ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java
@@ -680,6 +680,29 @@ public void scan(HttpMessage sourceMsg, String param, String value) {
         }
     }
 
+    @Override
+    public List<Alert> getExampleAlerts() {
+        return List.of(
+                buildAlert(
+                                "https://example.com/comments",
+                                "comment",
+                                "<script>alert('XSS');</script>",
+                                'P',
+                                "HTTP/1.1 500 Internal Server Error")
+                        .build());
+    }
+
+    private AlertBuilder buildAlert(
+            String url, String param, String attack, char type, String evidence) {
+        return newAlert()
+                .setConfidence(Alert.CONFIDENCE_HIGH)
+                .setUri(url)
+                .setParam(param)
+                .setAttack(attack)
+                .setOtherInfo(getError(type))
+                .setEvidence(evidence);
+    }
+
     @Override
     public int getRisk() {
         return Alert.RISK_HIGH;

diff --git a/...les/src/test/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRuleUnitTest.java b/...les/src/test/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRuleUnitTest.java
@@ -24,8 +24,10 @@
 import static org.hamcrest.Matchers.is;
 
 import java.util.Map;
+import java.util.List;
 import org.junit.jupiter.api.Test;
 import org.zaproxy.addon.commonlib.CommonAlertTag;
+import org.parosproxy.paros.core.scanner.Alert;
 
 /** Unit test for {@link PersistentXssScanRule}. */
 class PersistentXssScanRuleUnitTest extends ActiveScannerTest<PersistentXssScanRule> {
@@ -62,4 +64,16 @@ void shouldReturnExpectedMappings() {
                 tags.get(CommonAlertTag.WSTG_V42_INPV_02_STORED_XSS.getTag()),
                 is(equalTo(CommonAlertTag.WSTG_V42_INPV_02_STORED_XSS.getValue())));
     }
+
+    @Test
+    void shouldHaveExpectedExampleAlert() {
+        List<Alert> alerts = rule.getExampleAlerts();
+        assertThat(alerts.size(), is(equalTo(1)));
+    }
+
+    @Test
+    @Override
+    public void shouldHaveValidReferences() {
+        super.shouldHaveValidReferences();
+    }
 }