Skip to content

Commit

Permalink
frontendscanner: correct API parameter name
Browse files Browse the repository at this point in the history 
Use the correct case, `fileName` instead of `filename`, otherwise it
will fail with a 400 when loading the injected script.

Signed-off-by: drighty <107853737+drighty@users.noreply.github.com>
  • Loading branch information
@drighty @thc202
drighty authored and thc202 committed Oct 19, 2023
1 parent 4ef8f17 commit d20e78e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion ...src/main/java/org/zaproxy/zap/extension/frontendscanner/FrontEndScannerProxyListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ private static String getScriptToInject(String frontEndApiUrl, int historyRefere
.append("<script src='")
.append(frontEndApiUrl)
.append("?action=getFile")
.append("&filename=front-end-scanner.js")
.append("&fileName=front-end-scanner.js")
.append("&historyReferenceId=")
.append(historyReferenceId)
.append("'></script>");
Expand Down
14 changes: 7 additions & 7 deletions .../java/org/zaproxy/zap/extension/frontendscanner/FrontEndScannerProxyListenerUnitTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ void testInjectTheFrontEndTrackerBeforeOtherScriptsInHeadTag() {
String expectedHtmlFormat =
"<!doctype html><html lang='en'><head><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><script><\\/script><\\/head><body><\\/body></html>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><script><\\/script><\\/head><body><\\/body></html>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand All @@ -118,7 +118,7 @@ void testInjectAfterMetaTagInHeadTag() {
String expectedHtmlFormat =
"<!doctype html><html lang='en'><head><meta><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></html>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></html>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand All @@ -139,7 +139,7 @@ void testInjectAfterAllMetaTagsInHeadTag() {
String expectedHtmlFormat =
"<!doctype html><html lang='en'><head><meta><meta><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></html>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></html>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand All @@ -159,7 +159,7 @@ void testInjectionShouldBeSuccessfulWithoutHead() {
String expectedHtmlFormat =
"<!doctype html><html lang='en'><head><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></head></html>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></head></html>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand All @@ -179,7 +179,7 @@ void testInjectionShouldBeSuccessfulWithEmptyHead() {
String expectedHtmlFormat =
"<!doctype html><html lang='en'><head><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></html>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body></html>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand All @@ -199,7 +199,7 @@ void testInjectionShouldBeSuccessfulWithoutHtmlTag() {
String expectedHtmlFormat =
"<head><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand All @@ -219,7 +219,7 @@ void testInjectionShouldBeSuccessfulWithoutHtmlNorHeadTag() {
String expectedHtmlFormat =
"<head><script src='https:\\/\\/"
+ HOSTNAME
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&filename=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body>";
+ "\\/zapCallBackUrl\\/-?[0-9]+\\?action=getFile&fileName=front-end-scanner.js&historyReferenceId=42'><\\/script><\\/head><body><\\/body>";
String result = msg.getResponseBody().toString();

assertTrue(result.matches(expectedHtmlFormat));
Expand Down

0 comments on commit d20e78e

Please sign in to comment.