From 5e3ebae492cd52e0359fff88a606e59d83fe8129 Mon Sep 17 00:00:00 2001
From: ricekot <git@ricekot.com>
Date: Tue, 31 Dec 2024 22:53:31 +0530
Subject: [PATCH] Add missing variable declaration in active/SSTI.js

Signed-off-by: ricekot <git@ricekot.com>
---
 CHANGELOG.md   | 5 ++++-
 active/SSTI.js | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c908ead..181213a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,12 +8,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Standalone script 'PrivateMethodAccess.js'
 - Variant script 'AddUrlParams.js'
 - Extender script 'ScanMonitor.js'
+
 ### Changed
 - Add cautionary note to help and readme.
 - Maintenance and documentation changes.
 
 ### Fixed 
-- Bug in 'Mutliple Security Header Check.js'.
+- The following scripts were not being loaded as scan rules:
+  - active/SSTI.js
+  - passive/Mutliple Security Header Check.js
 
 ## [19] - 2024-07-01
 ### Added
diff --git a/active/SSTI.js b/active/SSTI.js
index 2d3d52a5..c701a3ed 100644
--- a/active/SSTI.js
+++ b/active/SSTI.js
@@ -14,6 +14,7 @@ var log = LoggerManager.getLogger("SSTI");
 var ScanRuleMetadata = Java.type(
   "org.zaproxy.addon.commonlib.scanrules.ScanRuleMetadata"
 );
+var CommonAlertTag = Java.type("org.zaproxy.addon.commonlib.CommonAlertTag");
 
 function getMetadata() {
   return ScanRuleMetadata.fromYaml(`