Owasp ZAPのFull ScanでGlobal Filterを当てる方法 #1252

github-actions · 2023-01-15T12:53:53Z

Automated changes by create_article_md GitHub action

github-actions · 2023-01-15T13:03:43Z

src/content/2023-01-15-Owasp-ZAPのFull-ScanでGlobal-Filterを当てる方法.md

+templateKey: blog-post
+---
+
+Owasp ZAPでGlobal Filterを使い、より正確な脆弱性診断をおこないます。


🚫 [textlint] <eslint.rules.smarthr/prh-rules> _{reported by reviewdog 🐶}
おこな => 行な
「行なう」と表現し、「行う」の使用は控える https://smarthr.design/products/contents/idiomatic-usage/usage/ (smarthr/prh-rules)

coveralls · 2023-01-15T13:04:03Z

Pull Request Test Coverage Report for Build 3923611027

0 of 0 changed or added relevant lines in 0 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage remained the same at 85.602%

Totals
Change from base Build 3922616399:	0.0%
Covered Lines:	250
Relevant Lines:	280

💛 - Coveralls

github-actions · 2023-01-15T13:05:40Z

Memlab leaks report

page-load [7.1MB] (baseline) [s1] > action-on-page [8.5MB] (target) [s2] > revert [8.5MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 697--
--Retained size of leaked objects: 110.4KB--
[<synthetic>] (synthetic) @1 [9.1MB]
  --4 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [59.5KB]
  --requestAnimationFrame (property)--->  [<closure>] (closure) @56239 [156 bytes]
  --context (internal)--->  [<function scope>] (object) @263189 [68 bytes]
  --previous (internal)--->  [<function scope>] (object) @146175 [14KB]
  --n (variable)--->  [t] (closure) @182575 [1.2KB]
  --context (internal)--->  [<function scope>] (object) @90773 [42.2KB]
  --n (variable)--->  [Object] (object) @263639 [42.1KB]
  --449 (element)--->  [Object] (object) @269743 [24 bytes]
  --exports (property)--->  [r] (closure) @280463 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @194415 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @170349 [1.3KB]
  --e (variable)--->  [Object] (object) @170329 [1KB]
  --1 (element)--->  [Object] (object) @170331 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @225317 [348 bytes]
  --$node (property)--->  [F] (object) @224949 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @38319 [376 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @39679 [196 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @39655 [196 bytes]
  --5 (element)--->  [Detached HTMLElement] (native) @39649 [196 bytes]
  --6 (element)--->  [Detached HTMLElement] (native) @39651 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @39585 [196 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @39587 [196 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @39589 [196 bytes]
  --7 (element)--->  [Detached HTMLDivElement] (native) @39591 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @39871 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @39843 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @39755 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @39749 [196 bytes]
  --4 (element)--->  [Detached HTMLAnchorElement] (native) @39721 [1.8KB]
  --11 (element)--->  [Detached InternalNode] (native) @346518432 [120 bytes]
  --1 (element)--->  [Detached ElementIntersectionObserverData] (native) @308930976 [64 bytes]

--Similar leaks in this run: 147--
--Retained size of leaked objects: 28.8KB--
[<synthetic>] (synthetic) @1 [9.1MB]
  --4 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [59.5KB]
  --___replace (property)--->  [<closure>] (closure) @56745 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @127619 [496 bytes]
  --i (variable)--->  [Module] (object) @158379 [5.8KB]
  --get version (property)--->  [version] (closure) @93281 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @93285 [16.4KB]
  --Qn (variable)--->  [y] (object) @431817 [376 bytes]
  --props (property)--->  [Object] (object) @455939 [28 bytes]
  --children (property)--->  [Object] (object) @455941 [296 bytes]
  --props (property)--->  [Object] (object) @460823 [56 bytes]
  --children (property)--->  [Object] (object) @460839 [1.2KB]
  --__ (property)--->  [Object] (object) @466419 [1.1KB]
  --__ (property)--->  [Object] (object) @466431 [940 bytes]
  --__ (property)--->  [Object] (object) @466449 [736 bytes]
  --__d (property)--->  [Detached HTMLDivElement] (native) @322423 [272 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @322421 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @322417 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @322039 [8.5KB]
  --6 (element)--->  [Detached HTMLElement] (native) @322057 [15KB]
  --3 (element)--->  [Detached HTMLDivElement] (native) @322055 [13.4KB]
  --4 (element)--->  [Detached Text] (native) @45828384 [96 bytes]
  --2 (element)--->  [Detached HTMLImageElement] (native) @65450496 [272 bytes]
  --3 (element)--->  [Detached Text] (native) @65438176 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @65456416 [1.2KB]
  --4 (element)--->  [Detached Text] (native) @65447136 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @65443776 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @65443936 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @65469856 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @65447936 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @65455136 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @65459296 [96 bytes]
  --2 (element)--->  [Detached HTMLImageElement] (native) @65455616 [272 bytes]
  --3 (element)--->  [Detached Text] (native) @65460736 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @65460576 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @65449056 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @65441216 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @65441376 [96 bytes]
  --2 (element)--->  [Detached HTMLDivElement] (native) @65441536 [2.4KB]
  --2 (element)--->  [Detached Text] (native) @346776576 [96 bytes]
  --2 (element)--->  [Detached HTMLUListElement] (native) @65640064 [1.5KB]
  --2 (element)--->  [Detached Text] (native) @346777056 [96 bytes]
  --2 (element)--->  [Detached HTMLLIElement] (native) @346777696 [548 bytes]
  --1 (element)--->  [Detached HTMLAnchorElement] (native) @321417 [380 bytes]
  --3 (element)--->  [Detached DOMTokenList] (native) @64955136 [56 bytes]

--Similar leaks in this run: 7--
--Retained size of leaked objects: 392 bytes--
[<synthetic>] (synthetic) @1 [9.1MB]
  --4 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [59.5KB]
  --__twttrll (property)--->  [Array] (object) @56271 [184 bytes]
  --push (property)--->  [e] (closure) @263241 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @75197 [248 bytes]
  --n (variable)--->  [Object] (object) @263233 [13KB]
  --102 (element)--->  [Object] (object) @300411 [24 bytes]
  --exports (property)--->  [Object] (object) @177371 [3.5KB]
  --init (property)--->  [init] (closure) @301065 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @301095 [3.1KB]
  --r (variable)--->  [Detached HTMLFormElement] (native) @37707 [1.8KB]
  --5 (element)--->  [Detached HTMLInputElement] (native) @37715 [684 bytes]
  --8 (element)--->  [Detached InternalNode] (native) @309711968 [328 bytes]
  --1 (element)--->  [Detached ShadowRoot] (native) @309651552 [328 bytes]
  --4 (element)--->  [Detached V8ObservableArrayCSSStyleSheet] (native) @309651712 [120 bytes]
  --2 (element)--->  [Detached ObservableArrayExoticObject] (native) @346406848 [32 bytes]

github-actions · 2023-01-15T13:20:48Z

src/content/2023-01-15-Owasp-ZAPのFull-ScanでGlobal-Filterを当てる方法.md

+templateKey: blog-post
+---
+
+Owasp ZAPでGlobal Filtersを使い、Alert Filtersを適用することでより正確な脆弱性診断をおこないます。


🚫 [textlint] <eslint.rules.smarthr/prh-rules> _{reported by reviewdog 🐶}
おこな => 行な
「行なう」と表現し、「行う」の使用は控える https://smarthr.design/products/contents/idiomatic-usage/usage/ (smarthr/prh-rules)

github-actions · 2023-01-15T13:20:49Z

src/content/2023-01-15-Owasp-ZAPのFull-ScanでGlobal-Filterを当てる方法.md

+
+![false positive](https://i.imgur.com/FnGbBym.png)
+
+例えば上記のレポートではInformation Disclosure - Debug Error Messagesや Private IP Disclosureが出てますが、こちらはブログ記事やロゴのSVGに含まれる文字列を引っ張って検知してしまった誤検知です。


🚫 [textlint] <eslint.rules.smarthr/ja-space-between-half-and-full-width> _{reported by reviewdog 🐶}
原則として、全角文字と半角文字の間にスペースを入れません。 (smarthr/ja-space-between-half-and-full-width)

github-actions · 2023-01-15T13:22:02Z

Memlab leaks report

page-load [7MB] (baseline) [s1] > action-on-page [8.5MB] (target) [s2] > revert [8.6MB] (final) [s3]  
------3 clusters------

--Similar leaks in this run: 562--
--Retained size of leaked objects: 96.2KB--
[<synthetic>] (synthetic) @1 [9.2MB]
  --4 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [60.9KB]
  --webpackChunkblog (property)--->  [Array] (object) @206085 [8.7KB]
  --push (property)--->  [native_bind] (closure) @206087 [128 bytes]
  --bound_function (internal)--->  [r] (closure) @292443 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @206111 [312 bytes]
  --previous (internal)--->  [<function scope>] (object) @119033 [41.7KB]
  --n (variable)--->  [Object] (object) @206109 [41.6KB]
  --449 (element)--->  [Object] (object) @132173 [24 bytes]
  --exports (property)--->  [r] (closure) @132179 [2.1KB]
  --hasData (property)--->  [<closure>] (closure) @136837 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @136919 [1.3KB]
  --e (variable)--->  [Object] (object) @136893 [1KB]
  --2 (element)--->  [Object] (object) @331725 [76 bytes]
  --aaAutocomplete (property)--->  [f] (object) @397533 [348 bytes]
  --$node (property)--->  [F] (object) @407765 [188 bytes]
  --0 (element)--->  [Detached HTMLSpanElement] (native) @323401 [348 bytes]
  --5 (element)--->  [Detached HTMLDivElement] (native) @322953 [196 bytes]
  --6 (element)--->  [Detached HTMLDivElement] (native) @323229 [196 bytes]
  --4 (element)--->  [Detached HTMLHRElement] (native) @322955 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @322979 [196 bytes]
  --6 (element)--->  [Detached HTMLHRElement] (native) @322981 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @323149 [196 bytes]
  --4 (element)--->  [Detached HTMLAnchorElement] (native) @322991 [1.4KB]
  --11 (element)--->  [Detached InternalNode] (native) @347094336 [120 bytes]
  --1 (element)--->  [Detached ElementIntersectionObserverData] (native) @346198880 [64 bytes]

--Similar leaks in this run: 113--
--Retained size of leaked objects: 28.8KB--
[<synthetic>] (synthetic) @1 [9.2MB]
  --4 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [60.9KB]
  --___navigate (property)--->  [<closure>] (closure) @63227 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @62405 [496 bytes]
  --i (variable)--->  [Module] (object) @116237 [5.8KB]
  --get version (property)--->  [version] (closure) @102817 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @102821 [16.4KB]
  --Qn (variable)--->  [y] (object) @422427 [368 bytes]
  --props (property)--->  [Object] (object) @422429 [28 bytes]
  --children (property)--->  [Object] (object) @465027 [296 bytes]
  --props (property)--->  [Object] (object) @465029 [56 bytes]
  --children (property)--->  [Object] (object) @437181 [1.7KB]
  --__ (property)--->  [Object] (object) @437195 [1.7KB]
  --__ (property)--->  [Object] (object) @437211 [1.4KB]
  --__ (property)--->  [Object] (object) @437225 [1.2KB]
  --__d (property)--->  [Detached HTMLDivElement] (native) @323419 [272 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @323417 [196 bytes]
  --3 (element)--->  [Detached HTMLDivElement] (native) @323415 [196 bytes]
  --4 (element)--->  [Detached HTMLDivElement] (native) @322689 [8.5KB]
  --6 (element)--->  [Detached HTMLElement] (native) @322707 [15KB]
  --3 (element)--->  [Detached HTMLDivElement] (native) @322705 [13.4KB]
  --4 (element)--->  [Detached Text] (native) @47178432 [96 bytes]
  --2 (element)--->  [Detached HTMLImageElement] (native) @47178752 [272 bytes]
  --3 (element)--->  [Detached Text] (native) @47178912 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @47179072 [1.2KB]
  --4 (element)--->  [Detached Text] (native) @47180032 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @47180352 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @47180672 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @47181152 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @47181952 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @47184992 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @47174752 [96 bytes]
  --2 (element)--->  [Detached HTMLImageElement] (native) @47174912 [272 bytes]
  --3 (element)--->  [Detached Text] (native) @47159552 [96 bytes]
  --2 (element)--->  [Detached HTMLParagraphElement] (native) @47175072 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @47158272 [96 bytes]
  --2 (element)--->  [Detached HTMLHeadingElement] (native) @47160672 [264 bytes]
  --4 (element)--->  [Detached Text] (native) @47162272 [96 bytes]
  --2 (element)--->  [Detached HTMLDivElement] (native) @47169152 [2.4KB]
  --4 (element)--->  [Detached Text] (native) @47157472 [96 bytes]
  --2 (element)--->  [Detached HTMLBRElement] (native) @346305504 [168 bytes]

--Similar leaks in this run: 5--
--Retained size of leaked objects: 440 bytes--
[<synthetic>] (synthetic) @1 [9.2MB]
  --4 (shortcut)--->  [Window / https://blog.tubone-project24.xyz] (object) @9835 [60.9KB]
  --__twttrll (property)--->  [Array] (object) @88969 [184 bytes]
  --push (property)--->  [e] (closure) @124717 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @88951 [248 bytes]
  --n (variable)--->  [Object] (object) @124391 [13KB]
  --102 (element)--->  [Object] (object) @125233 [24 bytes]
  --exports (property)--->  [Object] (object) @126619 [3.5KB]
  --init (property)--->  [init] (closure) @127055 [68 bytes]
  --context (internal)--->  [<function scope>] (object) @127093 [3.1KB]
  --r (variable)--->  [Detached HTMLFormElement] (native) @37929 [1.8KB]
  --5 (element)--->  [Detached HTMLInputElement] (native) @37921 [684 bytes]
  --8 (element)--->  [Detached InternalNode] (native) @347170112 [328 bytes]
  --1 (element)--->  [Detached ShadowRoot] (native) @346820992 [328 bytes]
  --4 (element)--->  [Detached V8ObservableArrayCSSStyleSheet] (native) @346821152 [120 bytes]
  --2 (element)--->  [Detached ObservableArrayExoticObject] (native) @346820832 [32 bytes]

[create-pull-request] automated change

121126e

github-actions bot added the netlify-cms/draft label Jan 15, 2023

github-actions bot assigned tubone24 Jan 15, 2023

[skip netlify]wip

f58488c

github-actions bot added content src labels Jan 15, 2023

github-actions bot requested a deployment to development-storybook January 15, 2023 13:01 Pending

github-actions bot requested a deployment to development January 15, 2023 13:01 Pending

github-actions bot commented Jan 15, 2023

View reviewed changes

github-actions bot pushed a commit that referenced this pull request Jan 15, 2023

[file upload] Added file for PR #1252

f00353b

[skip netlify]wip

cdea6f0

github-actions bot requested a deployment to development-storybook January 15, 2023 13:17 Pending

github-actions bot requested a deployment to development January 15, 2023 13:17 Pending

github-actions bot commented Jan 15, 2023

View reviewed changes

github-actions bot pushed a commit that referenced this pull request Jan 15, 2023

[file upload] Delete file for PR #1252

268bdf8

github-actions bot pushed a commit that referenced this pull request Jan 15, 2023

[file upload] Added file for PR #1252

31df619

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Owasp ZAPのFull ScanでGlobal Filterを当てる方法 #1252

Owasp ZAPのFull ScanでGlobal Filterを当てる方法 #1252

github-actions bot commented Jan 15, 2023

github-actions bot Jan 15, 2023

coveralls commented Jan 15, 2023 •

edited

Loading

github-actions bot commented Jan 15, 2023

github-actions bot Jan 15, 2023

github-actions bot Jan 15, 2023

github-actions bot commented Jan 15, 2023


		![false positive](https://i.imgur.com/FnGbBym.png)

		例えば上記のレポートではInformation Disclosure - Debug Error Messagesや Private IP Disclosureが出てますが、こちらはブログ記事やロゴのSVGに含まれる文字列を引っ張って検知してしまった誤検知です。

Owasp ZAPのFull ScanでGlobal Filterを当てる方法 #1252

Are you sure you want to change the base?

Owasp ZAPのFull ScanでGlobal Filterを当てる方法 #1252

Conversation

github-actions bot commented Jan 15, 2023

github-actions bot Jan 15, 2023

Choose a reason for hiding this comment

coveralls commented Jan 15, 2023 • edited Loading

Pull Request Test Coverage Report for Build 3923611027

💛 - Coveralls

github-actions bot commented Jan 15, 2023

Memlab leaks report

github-actions bot Jan 15, 2023

Choose a reason for hiding this comment

github-actions bot Jan 15, 2023

Choose a reason for hiding this comment

github-actions bot commented Jan 15, 2023

Memlab leaks report

coveralls commented Jan 15, 2023 •

edited

Loading