Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update alert pages #2007

Merged
merged 1 commit into from
Jul 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-1.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Site Header is Missing"
alertid: 90005-1
alertindex: 9000501
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-Site header is included in request headers."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies the relationship between request initiator's origin and target's origin.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Mode Header is Missing"
alertid: 90005-2
alertindex: 9000502
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-Mode header is included in request headers."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Dest Header is Missing"
alertid: 90005-3
alertindex: 9000503
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-Dest header is included in request headers."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-4.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-User Header is Missing"
alertid: 90005-4
alertindex: 9000504
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Ensure that Sec-Fetch-User header is included in user initiated requests."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies if a navigation request was initiated by a user.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Site Header Has an Invalid Value"
alertid: 90005-5
alertindex: 9000505
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies the relationship between request initiator's origin and target's origin.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-6.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Mode Header Has an Invalid Value"
alertid: 90005-6
alertindex: 9000506
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-Mode header must have one of the following values: cors, no-cors, navigate, same-origin, or websocket."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-7.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-Dest Header Has an Invalid Value"
alertid: 90005-7
alertindex: 9000507
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.
20 changes: 20 additions & 0 deletions site/content/docs/alerts/90005-8.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
title: "Sec-Fetch-User Header Has an Invalid Value"
alertid: 90005-8
alertindex: 9000508
alerttype: "Passive"
alertcount: 8
status: alpha
type: alert
risk: Informational
solution: "Sec-Fetch-User header must have the value set to ?1."
references:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
cwe: 352
wasc: 9
alerttags:
- WSTG-v42-SESS-05
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---
Specifies if a navigation request was initiated by a user.
35 changes: 35 additions & 0 deletions site/content/docs/alerts/90005.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
title: "Fetch Metadata Request Headers"
alertid: 90005
alertindex: 9000500
alerttype: "Passive"
status: alpha
type: alertset
alerts:
90005-1:
alertid: 90005-1
name: "Sec-Fetch-Site Header is Missing"
90005-2:
alertid: 90005-2
name: "Sec-Fetch-Mode Header is Missing"
90005-3:
alertid: 90005-3
name: "Sec-Fetch-Dest Header is Missing"
90005-4:
alertid: 90005-4
name: "Sec-Fetch-User Header is Missing"
90005-5:
alertid: 90005-5
name: "Sec-Fetch-Site Header Has an Invalid Value"
90005-6:
alertid: 90005-6
name: "Sec-Fetch-Mode Header Has an Invalid Value"
90005-7:
alertid: 90005-7
name: "Sec-Fetch-Dest Header Has an Invalid Value"
90005-8:
alertid: 90005-8
name: "Sec-Fetch-User Header Has an Invalid Value"
code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
---