-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Message tags might not always be reflected in the History tab #8399
Comments
The tagging mechanism works on requests and responses but the default tag is only for responses (as the name indicates |
@thc202 |
Tagging is based on passive scan which uses a queue, so they just may not have been processed/tagged yet. Also the current pattern seems to be case sensitive. |
Correction the patterns are all handled case insensitively in the end. |
Should the tag also cover other JSON'ish types? zaproxy/docker/scripts/scripts/httpsender/Alert_on_Unexpected_Content_Types.js Lines 12 to 25 in 02b5c4f
|
This was discussed via IRC. The decision was to not modify the existing pattern at this point. Others can be added, initially disabled. Without further evidence of something actually misbehaving this issue will be closed. |
Hi |
That's not evidence. Unless you can provide the details to back it up there's nothing we can do for you. |
As discussed above the existing pattern won't be updated in case anyone is depending on it in the current form. However there is already a PR in flight adding a json_extended pattern which would cover more circumstances. |
@kingthorin thanks for your response, |
The solution would be to update the regex in your options. |
Can I edit the regex currently?if yes,where? |
Ok, I checked this and configured my regex, and still, there is no automatic assignment of the relevant tag. |
It's not retro active, it'll only tag new traffic (proxy, spider, manual), and only if your regex actually matches. |
I created the tag regex and then generated the traffic . |
🤷♂️ There's a ton of variables here. Your regex could be wrong/poor, you might not be waiting for the passive scan queue, you might have "only in scope" on, etc. To name a few. Unless you can provide the tag/regex and a public example of it not working then we can't recreate/troubleshoot. |
The regex work perfect ,when I do the same request manually through zap the tag works properly |
Make sure it includes the rule config and passive scan settings. Plus the message details of what is tagged and what's not. |
The existing pattern is not a/the problem anyway, it already handles the case |
Screen.Recording.2024-04-11.at.10.19.06.movLet's see the video, |
That's a problem with the UI not the passive scanner/regex. |
Things you can try:
|
There's no need to try, it's a confirmed bug in the UI (or more accurately on how the |
@kingthorin I did 2 things you said, and still this is not tagged with JSON, also in "Manage History Tags". |
I haven't talked to @thc202 about the issue but he seems to have confirmed a UI issue, so no there will still be a piece outstanding it seems. |
Is your feature request related to a problem? Please describe.
Hi
I encourage some use cases that http request contains json requests, and there is no tag on the relevant message.
I think there are missing scenarios that I send content-type: application/json and there is no JSON tag on the message
Describe the solution you'd like
Cover all the http requests with json
Describe alternatives you've considered
Filter out by myself .
Screenshots
No response
Additional context
No response
Would you like to help fix this issue?
The text was updated successfully, but these errors were encountered: