Skip to content

Commit

Permalink
Merge pull request #2007 from zapbot/update-alerts
Browse files Browse the repository at this point in the history 
Update alert pages
  • Loading branch information
@thc202
thc202 authored Jul 21, 2023
2 parents dfc0e13 + 6af17db commit ba04e2f
Show file tree
Hide file tree
Showing 9 changed files with 195 additions and 0 deletions.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-1.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Site Header is Missing"
alertid: 90005-1
alertindex: 9000501
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-Site header is included in request headers."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies the relationship between request initiator's origin and target's origin.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-2.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Mode Header is Missing"
alertid: 90005-2
alertindex: 9000502
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-Mode header is included in request headers."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-3.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Dest Header is Missing"
alertid: 90005-3
alertindex: 9000503
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-Dest header is included in request headers."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-4.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-User Header is Missing"
alertid: 90005-4
alertindex: 9000504
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-User header is included in user initiated requests."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies if a navigation request was initiated by a user.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-5.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Site Header Has an Invalid Value"
alertid: 90005-5
alertindex: 9000505
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies the relationship between request initiator's origin and target's origin.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-6.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Mode Header Has an Invalid Value"
alertid: 90005-6
alertindex: 9000506
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-Mode header must have one of the following values: cors, no-cors, navigate, same-origin, or websocket."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-7.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Dest Header Has an Invalid Value"
alertid: 90005-7
alertindex: 9000507
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-8.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-User Header Has an Invalid Value"
alertid: 90005-8
alertindex: 9000508
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-User header must have the value set to ?1."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies if a navigation request was initiated by a user.
35 changes: 35 additions & 0 deletions site/content/docs/alerts/90005.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
title: "Fetch Metadata Request Headers"
alertid: 90005
alertindex: 9000500
alerttype: "Passive"
status: alpha
type: alertset
alerts:
90005-1:
alertid: 90005-1
name: "Sec-Fetch-Site Header is Missing"
90005-2:
alertid: 90005-2
name: "Sec-Fetch-Mode Header is Missing"
90005-3:
alertid: 90005-3
name: "Sec-Fetch-Dest Header is Missing"
90005-4:
alertid: 90005-4
name: "Sec-Fetch-User Header is Missing"
90005-5:
alertid: 90005-5
name: "Sec-Fetch-Site Header Has an Invalid Value"
90005-6:
alertid: 90005-6
name: "Sec-Fetch-Mode Header Has an Invalid Value"
90005-7:
alertid: 90005-7
name: "Sec-Fetch-Dest Header Has an Invalid Value"
90005-8:
alertid: 90005-8
name: "Sec-Fetch-User Header Has an Invalid Value"
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---

0 comments on commit ba04e2f

Please sign in to comment.