Skip to content

Commit

Permalink
Deploying to zap-scan from @ 1106932 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
@jasonchung1871
jasonchung1871 committed Jan 30, 2024
1 parent 394b0a0 commit 8448acb
Show file tree
Hide file tree
Showing 3 changed files with 214 additions and 34 deletions.
148 changes: 136 additions & 12 deletions report_html.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ <h2>
</h2>

<h3>
Generated on Mon, 29 Jan 2024 18:07:28
Generated on Tue, 30 Jan 2024 16:30:00
</h3>

<h3>
Expand Down Expand Up @@ -265,22 +265,22 @@ <h3>Alerts</h3>
<tr>
<td><a href="#90005">Sec-Fetch-Dest Header is Missing</a></td>
<td align="center" class="risk-0">Informational</td>
<td align="center">3</td>
<td align="center">4</td>
</tr>
<tr>
<td><a href="#90005">Sec-Fetch-Mode Header is Missing</a></td>
<td align="center" class="risk-0">Informational</td>
<td align="center">3</td>
<td align="center">4</td>
</tr>
<tr>
<td><a href="#90005">Sec-Fetch-Site Header is Missing</a></td>
<td align="center" class="risk-0">Informational</td>
<td align="center">3</td>
<td align="center">4</td>
</tr>
<tr>
<td><a href="#90005">Sec-Fetch-User Header is Missing</a></td>
<td align="center" class="risk-0">Informational</td>
<td align="center">3</td>
<td align="center">4</td>
</tr>
<tr>
<td><a href="#10112">Session Management Response Identified</a></td>
Expand Down Expand Up @@ -1656,7 +1656,7 @@ <h3>Alert Detail</h3>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%">&lt;script type=&quot;module&quot; crossorigin src=&quot;/pr-1176/assets/index-43130891.js&quot;&gt;&lt;/script&gt;</td>
<td width="80%">&lt;script type=&quot;module&quot; crossorigin src=&quot;/pr-1176/assets/index-761f7552.js&quot;&gt;&lt;/script&gt;</td>
</tr>
<tr>
<td width="20%"
Expand Down Expand Up @@ -2112,9 +2112,40 @@ <h3>Alert Detail</h3>
<td width="80%"></td>
</tr>

<tr>
<td width="20%"
class="indent1">URL</td>
<td width="80%"><a href="https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt">https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt</a></td>
</tr>
<tr>
<td width="20%"
class="indent2">Method</td>
<td width="80%">GET</td>
</tr>
<tr>
<td width="20%"
class="indent2">Parameter</td>
<td width="80%">Sec-Fetch-Dest</td>
</tr>
<tr>
<td width="20%"
class="indent2">Attack</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Other Info</td>
<td width="80%"></td>
</tr>

<tr>
<td width="20%">Instances</td>
<td width="80%">3</td>
<td width="80%">4</td>
</tr>
<tr>
<td width="20%">Solution</td>
Expand Down Expand Up @@ -2258,9 +2289,40 @@ <h3>Alert Detail</h3>
<td width="80%"></td>
</tr>

<tr>
<td width="20%"
class="indent1">URL</td>
<td width="80%"><a href="https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt">https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt</a></td>
</tr>
<tr>
<td width="20%"
class="indent2">Method</td>
<td width="80%">GET</td>
</tr>
<tr>
<td width="20%"
class="indent2">Parameter</td>
<td width="80%">Sec-Fetch-Mode</td>
</tr>
<tr>
<td width="20%"
class="indent2">Attack</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Other Info</td>
<td width="80%"></td>
</tr>

<tr>
<td width="20%">Instances</td>
<td width="80%">3</td>
<td width="80%">4</td>
</tr>
<tr>
<td width="20%">Solution</td>
Expand Down Expand Up @@ -2404,9 +2466,40 @@ <h3>Alert Detail</h3>
<td width="80%"></td>
</tr>

<tr>
<td width="20%"
class="indent1">URL</td>
<td width="80%"><a href="https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt">https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt</a></td>
</tr>
<tr>
<td width="20%"
class="indent2">Method</td>
<td width="80%">GET</td>
</tr>
<tr>
<td width="20%"
class="indent2">Parameter</td>
<td width="80%">Sec-Fetch-Site</td>
</tr>
<tr>
<td width="20%"
class="indent2">Attack</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Other Info</td>
<td width="80%"></td>
</tr>

<tr>
<td width="20%">Instances</td>
<td width="80%">3</td>
<td width="80%">4</td>
</tr>
<tr>
<td width="20%">Solution</td>
Expand Down Expand Up @@ -2550,9 +2643,40 @@ <h3>Alert Detail</h3>
<td width="80%"></td>
</tr>

<tr>
<td width="20%"
class="indent1">URL</td>
<td width="80%"><a href="https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt">https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt</a></td>
</tr>
<tr>
<td width="20%"
class="indent2">Method</td>
<td width="80%">GET</td>
</tr>
<tr>
<td width="20%"
class="indent2">Parameter</td>
<td width="80%">Sec-Fetch-User</td>
</tr>
<tr>
<td width="20%"
class="indent2">Attack</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%"></td>
</tr>
<tr>
<td width="20%"
class="indent2">Other Info</td>
<td width="80%"></td>
</tr>

<tr>
<td width="20%">Instances</td>
<td width="80%">3</td>
<td width="80%">4</td>
</tr>
<tr>
<td width="20%">Solution</td>
Expand Down Expand Up @@ -2626,7 +2750,7 @@ <h3>Alert Detail</h3>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%">0a1a136085e367857244ff6ee5736ec7</td>
<td width="80%">a5f9f75cff657d3bb736be9d49731b1a</td>
</tr>
<tr>
<td width="20%"
Expand Down Expand Up @@ -2658,7 +2782,7 @@ <h3>Alert Detail</h3>
<tr>
<td width="20%"
class="indent2">Evidence</td>
<td width="80%">0a1a136085e367857244ff6ee5736ec7</td>
<td width="80%">a5f9f75cff657d3bb736be9d49731b1a</td>
</tr>
<tr>
<td width="20%"
Expand Down
54 changes: 43 additions & 11 deletions report_json.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"@programName": "ZAP",
"@version": "2.14.0",
"@generated": "Mon, 29 Jan 2024 18:07:28",
"@generated": "Tue, 30 Jan 2024 16:30:00",
"site":[
{
"@name": "https://chefs-dev.apps.silver.devops.gov.bc.ca",
Expand Down Expand Up @@ -147,7 +147,7 @@
"reference": "<p>https://tools.ietf.org/html/rfc7231#section-5.1.2</p>",
"cweid": "200",
"wascid": "45",
"sourceid": "460"
"sourceid": "456"
},
{
"pluginid": "10054",
Expand Down Expand Up @@ -373,7 +373,7 @@
"reference": "<p>https://cwe.mitre.org/data/definitions/205.html</p>",
"cweid": "200",
"wascid": "45",
"sourceid": "559"
"sourceid": "554"
},
{
"pluginid": "10109",
Expand All @@ -390,7 +390,7 @@
"method": "GET",
"param": "",
"attack": "",
"evidence": "<script type=\"module\" crossorigin src=\"/pr-1176/assets/index-43130891.js\"></script>",
"evidence": "<script type=\"module\" crossorigin src=\"/pr-1176/assets/index-761f7552.js\"></script>",
"otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application."
}
],
Expand Down Expand Up @@ -513,9 +513,17 @@
"attack": "",
"evidence": "",
"otherinfo": ""
},
{
"uri": "https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt",
"method": "GET",
"param": "Sec-Fetch-Dest",
"attack": "",
"evidence": "",
"otherinfo": ""
}
],
"count": "3",
"count": "4",
"solution": "<p>Ensure that Sec-Fetch-Dest header is included in request headers.</p>",
"otherinfo": "",
"reference": "<p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest</p>",
Expand Down Expand Up @@ -556,9 +564,17 @@
"attack": "",
"evidence": "",
"otherinfo": ""
},
{
"uri": "https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt",
"method": "GET",
"param": "Sec-Fetch-Mode",
"attack": "",
"evidence": "",
"otherinfo": ""
}
],
"count": "3",
"count": "4",
"solution": "<p>Ensure that Sec-Fetch-Mode header is included in request headers.</p>",
"otherinfo": "",
"reference": "<p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode</p>",
Expand Down Expand Up @@ -599,9 +615,17 @@
"attack": "",
"evidence": "",
"otherinfo": ""
},
{
"uri": "https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt",
"method": "GET",
"param": "Sec-Fetch-Site",
"attack": "",
"evidence": "",
"otherinfo": ""
}
],
"count": "3",
"count": "4",
"solution": "<p>Ensure that Sec-Fetch-Site header is included in request headers.</p>",
"otherinfo": "",
"reference": "<p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site</p>",
Expand Down Expand Up @@ -642,9 +666,17 @@
"attack": "",
"evidence": "",
"otherinfo": ""
},
{
"uri": "https://chefs-dev.apps.silver.devops.gov.bc.ca/robots.txt",
"method": "GET",
"param": "Sec-Fetch-User",
"attack": "",
"evidence": "",
"otherinfo": ""
}
],
"count": "3",
"count": "4",
"solution": "<p>Ensure that Sec-Fetch-User header is included in user initiated requests.</p>",
"otherinfo": "",
"reference": "<p>https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User</p>",
Expand All @@ -667,15 +699,15 @@
"method": "GET",
"param": "a97f95a2ab74ec0cf3ba8a0cd9d46d27",
"attack": "",
"evidence": "0a1a136085e367857244ff6ee5736ec7",
"evidence": "a5f9f75cff657d3bb736be9d49731b1a",
"otherinfo": "\ncookie:a97f95a2ab74ec0cf3ba8a0cd9d46d27"
},
{
"uri": "https://chefs-dev.apps.silver.devops.gov.bc.ca/pr-1176",
"method": "GET",
"param": "a97f95a2ab74ec0cf3ba8a0cd9d46d27",
"attack": "",
"evidence": "0a1a136085e367857244ff6ee5736ec7",
"evidence": "a5f9f75cff657d3bb736be9d49731b1a",
"otherinfo": "\ncookie:a97f95a2ab74ec0cf3ba8a0cd9d46d27"
}
],
Expand Down Expand Up @@ -827,7 +859,7 @@
"reference": "<p>https://owasp.org/wstg</p>",
"cweid": "0",
"wascid": "0",
"sourceid": "223"
"sourceid": "219"
}
]
}
Expand Down
Loading

0 comments on commit 8448acb

Please sign in to comment.