From 6af17db0e4ec724043da7f1f69033149ee89bc7f Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Fri, 21 Jul 2023 01:38:27 +0000
Subject: [PATCH] Update alert pages

Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
 site/content/docs/alerts/90005-1.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-2.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-3.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-4.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-5.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-6.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-7.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005-8.md | 20 +++++++++++++++++
 site/content/docs/alerts/90005.md   | 35 +++++++++++++++++++++++++++++
 9 files changed, 195 insertions(+)
 create mode 100644 site/content/docs/alerts/90005-1.md
 create mode 100644 site/content/docs/alerts/90005-2.md
 create mode 100644 site/content/docs/alerts/90005-3.md
 create mode 100644 site/content/docs/alerts/90005-4.md
 create mode 100644 site/content/docs/alerts/90005-5.md
 create mode 100644 site/content/docs/alerts/90005-6.md
 create mode 100644 site/content/docs/alerts/90005-7.md
 create mode 100644 site/content/docs/alerts/90005-8.md
 create mode 100644 site/content/docs/alerts/90005.md

diff --git a/site/content/docs/alerts/90005-1.md b/site/content/docs/alerts/90005-1.md
new file mode 100644
index 000000000..c5219704b
--- /dev/null
+++ b/site/content/docs/alerts/90005-1.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Site Header is Missing"
+alertid: 90005-1
+alertindex: 9000501
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-Site header is included in request headers."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies the relationship between request initiator's origin and target's origin.
diff --git a/site/content/docs/alerts/90005-2.md b/site/content/docs/alerts/90005-2.md
new file mode 100644
index 000000000..f5f117b4c
--- /dev/null
+++ b/site/content/docs/alerts/90005-2.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Mode Header is Missing"
+alertid: 90005-2
+alertindex: 9000502
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-Mode header is included in request headers."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.
diff --git a/site/content/docs/alerts/90005-3.md b/site/content/docs/alerts/90005-3.md
new file mode 100644
index 000000000..ec2e7bdd2
--- /dev/null
+++ b/site/content/docs/alerts/90005-3.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Dest Header is Missing"
+alertid: 90005-3
+alertindex: 9000503
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-Dest header is included in request headers."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.
diff --git a/site/content/docs/alerts/90005-4.md b/site/content/docs/alerts/90005-4.md
new file mode 100644
index 000000000..195c71ec5
--- /dev/null
+++ b/site/content/docs/alerts/90005-4.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-User Header is Missing"
+alertid: 90005-4
+alertindex: 9000504
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-User header is included in user initiated requests."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies if a navigation request was initiated by a user.
diff --git a/site/content/docs/alerts/90005-5.md b/site/content/docs/alerts/90005-5.md
new file mode 100644
index 000000000..eaad6e021
--- /dev/null
+++ b/site/content/docs/alerts/90005-5.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Site Header Has an Invalid Value"
+alertid: 90005-5
+alertindex: 9000505
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies the relationship between request initiator's origin and target's origin.
diff --git a/site/content/docs/alerts/90005-6.md b/site/content/docs/alerts/90005-6.md
new file mode 100644
index 000000000..dde83539e
--- /dev/null
+++ b/site/content/docs/alerts/90005-6.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Mode Header Has an Invalid Value"
+alertid: 90005-6
+alertindex: 9000506
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-Mode header must have one of the following values: cors, no-cors, navigate, same-origin, or websocket."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.
diff --git a/site/content/docs/alerts/90005-7.md b/site/content/docs/alerts/90005-7.md
new file mode 100644
index 000000000..e35ee0a9c
--- /dev/null
+++ b/site/content/docs/alerts/90005-7.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Dest Header Has an Invalid Value"
+alertid: 90005-7
+alertindex: 9000507
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.
diff --git a/site/content/docs/alerts/90005-8.md b/site/content/docs/alerts/90005-8.md
new file mode 100644
index 000000000..f07c8df0f
--- /dev/null
+++ b/site/content/docs/alerts/90005-8.md
@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-User Header Has an Invalid Value"
+alertid: 90005-8
+alertindex: 9000508
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-User header must have the value set to ?1."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies if a navigation request was initiated by a user.
diff --git a/site/content/docs/alerts/90005.md b/site/content/docs/alerts/90005.md
new file mode 100644
index 000000000..1e6e8e0b6
--- /dev/null
+++ b/site/content/docs/alerts/90005.md
@@ -0,0 +1,35 @@
+---
+title: "Fetch Metadata Request Headers"
+alertid: 90005
+alertindex: 9000500
+alerttype: "Passive"
+status: alpha
+type: alertset
+alerts:
+   90005-1:
+      alertid: 90005-1
+      name: "Sec-Fetch-Site Header is Missing"
+   90005-2:
+      alertid: 90005-2
+      name: "Sec-Fetch-Mode Header is Missing"
+   90005-3:
+      alertid: 90005-3
+      name: "Sec-Fetch-Dest Header is Missing"
+   90005-4:
+      alertid: 90005-4
+      name: "Sec-Fetch-User Header is Missing"
+   90005-5:
+      alertid: 90005-5
+      name: "Sec-Fetch-Site Header Has an Invalid Value"
+   90005-6:
+      alertid: 90005-6
+      name: "Sec-Fetch-Mode Header Has an Invalid Value"
+   90005-7:
+      alertid: 90005-7
+      name: "Sec-Fetch-Dest Header Has an Invalid Value"
+   90005-8:
+      alertid: 90005-8
+      name: "Sec-Fetch-User Header Has an Invalid Value"
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---