Skip to content

Lock scan policies #6921

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Lock scan policies #6921

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/scripts/generateScanPolicies.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,9 @@ PolicyTag.values().forEach((currentTag) => {
);
pw.println(INDENT + "<statsId>std-" + currentTag.name().toLowerCase().replace('_', '-') + "</statsId>");
pw.println(INDENT + "<readonly>true</readonly>");
pw.println(INDENT + "<locked>true</locked>");
pw.println(INDENT + "<scanner>");
pw.println(INDENT.repeat(2) + "<level>OFF</level>");
pw.println(INDENT.repeat(2) + "<level>MEDIUM</level>");
pw.println(INDENT.repeat(2) + "<strength>MEDIUM</strength>");
pw.println(INDENT + "</scanner>");
pw.println(INDENT + "<plugins>");
Expand All @@ -66,7 +67,6 @@ PolicyTag.values().forEach((currentTag) => {
"</name>"
);
pw.println(INDENT.repeat(3) + "<enabled>true</enabled>");
pw.println(INDENT.repeat(3) + "<level>MEDIUM</level>");
pw.println(INDENT.repeat(2) + "</p" + plugin.getId() + ">");
}
} catch (e) {
Expand Down
1 change: 1 addition & 0 deletions addOns/scanpolicies/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## Unreleased
### Changed
- Allow to override the default alert threshold of the bundled policies.
- Updated based on Rules' Policy Tag assignments.

## [0.6.0] - 2025-11-04
Expand Down
28 changes: 2 additions & 26 deletions addOns/scanpolicies/src/main/zapHomeFiles/policies/API.policy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,135 +3,111 @@
<policy>API</policy>
<statsId>std-api</statsId>
<readonly>true</readonly>
<locked>true</locked>
<scanner>
<level>OFF</level>
<level>MEDIUM</level>
<strength>MEDIUM</strength>
</scanner>
<plugins>
<p0>
<name>Directory Browsing</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p0>
<p7>
<name>Remote File Inclusion</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p7>
<p20019>
<name>External Redirect</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p20019>
<p30001>
<name>Buffer Overflow</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p30001>
<p30002>
<name>Format String Error</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p30002>
<p30003>
<name>Integer Overflow Error</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p30003>
<p40003>
<name>CRLF Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40003>
<p40008>
<name>Parameter Tampering</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40008>
<p40009>
<name>Server Side Include</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40009>
<p40018>
<name>SQL Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40018>
<p40042>
<name>Spring Actuator Information Leak</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40042>
<p40044>
<name>Exponential Entity Expansion (Billion Laughs Attack)</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40044>
<p50000>
<name>Script Active Scan Rules</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p50000>
<p90017>
<name>XSLT Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90017>
<p90019>
<name>Server Side Code Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90019>
<p90020>
<name>Remote OS Command Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90020>
<p90021>
<name>XPath Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90021>
<p90023>
<name>XML External Entity Attack</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90023>
<p90025>
<name>Expression Language Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90025>
<p90026>
<name>SOAP Action Spoofing</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90026>
<p90029>
<name>SOAP XML Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90029>
<p90034>
<name>Cloud Metadata Potentially Exposed</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90034>
<p90035>
<name>Server Side Template Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90035>
<p90036>
<name>Server Side Template Injection (Blind)</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90036>
<p90037>
<name>Remote OS Command Injection (Time Based)</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90037>
</plugins>
</configuration>
15 changes: 2 additions & 13 deletions addOns/scanpolicies/src/main/zapHomeFiles/policies/Dev CICD.policy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,70 +3,59 @@
<policy>Developer CI/CD</policy>
<statsId>std-dev-cicd</statsId>
<readonly>true</readonly>
<locked>true</locked>
<scanner>
<level>OFF</level>
<level>MEDIUM</level>
<strength>MEDIUM</strength>
</scanner>
<plugins>
<p20019>
<name>External Redirect</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p20019>
<p40012>
<name>Cross Site Scripting (Reflected)</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40012>
<p40018>
<name>SQL Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p40018>
<p50000>
<name>Script Active Scan Rules</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p50000>
<p90017>
<name>XSLT Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90017>
<p90020>
<name>Remote OS Command Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90020>
<p90021>
<name>XPath Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90021>
<p90023>
<name>XML External Entity Attack</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90023>
<p90026>
<name>SOAP Action Spoofing</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90026>
<p90029>
<name>SOAP XML Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90029>
<p90035>
<name>Server Side Template Injection</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90035>
<p90037>
<name>Remote OS Command Injection (Time Based)</name>
<enabled>true</enabled>
<level>MEDIUM</level>
</p90037>
</plugins>
</configuration>
Loading