Merge pull request #1338 from zapbot/update-site-content

Update site content
zaproxy · Jan 26, 2024 · 01d564c · 01d564c
2 parents 9045adf + fcc8c91
commit 01d564c
Show file tree

Hide file tree

Showing 20 changed files with 238 additions and 254 deletions.
diff --git a/addons/index.html b/addons/index.html
@@ -196,7 +196,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v61/ascanrules-release-61.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v62/ascanrules-release-62.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -209,7 +209,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ascanrules
         </td>
         <td align="center">
-            61
+            62
         </td>
         <td >
             release
@@ -218,7 +218,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2024-01-24
+            2024-01-26
         </td>
     </tr>
 
@@ -231,7 +231,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v45/ascanrulesAlpha-alpha-45.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v46/ascanrulesAlpha-alpha-46.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -244,7 +244,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ascanrulesAlpha
         </td>
         <td align="center">
-            45
+            46
         </td>
         <td >
             alpha
@@ -253,7 +253,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2024-01-16
+            2024-01-26
         </td>
     </tr>
 
@@ -266,7 +266,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v49/ascanrulesBeta-beta-49.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v50/ascanrulesBeta-beta-50.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -279,7 +279,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ascanrulesBeta
         </td>
         <td align="center">
-            49
+            50
         </td>
         <td >
             beta
@@ -288,7 +288,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2024-01-16
+            2024-01-26
         </td>
     </tr>
 
@@ -874,7 +874,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.21.0/commonlib-release-1.21.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.22.0/commonlib-release-1.22.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -887,7 +887,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             commonlib
         </td>
         <td align="center">
-            1.21.0
+            1.22.0
         </td>
         <td >
             release
@@ -896,7 +896,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2024-01-16
+            2024-01-26
         </td>
     </tr>
 
@@ -2595,7 +2595,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/openapi-v38/openapi-beta-38.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/openapi-v39/openapi-beta-39.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -2608,7 +2608,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             openapi
         </td>
         <td align="center">
-            38
+            39
         </td>
         <td >
             beta
@@ -2617,7 +2617,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions
         </td>
         <td align="center">
-            2023-10-23
+            2024-01-26
         </td>
     </tr>
 
@@ -2663,7 +2663,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v54/pscanrules-release-54.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v55/pscanrules-release-55.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -2676,7 +2676,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             pscanrules
         </td>
         <td align="center">
-            54
+            55
         </td>
         <td >
             release
@@ -2685,7 +2685,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2024-01-16
+            2024-01-26
         </td>
     </tr>
 
@@ -3349,7 +3349,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.17.0/selenium-release-15.17.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.18.0/selenium-release-15.18.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -3362,7 +3362,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             selenium
         </td>
         <td align="center">
-            15.17.0
+            15.18.0
         </td>
         <td >
             release
@@ -3371,7 +3371,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2024-01-18
+            2024-01-26
         </td>
     </tr>
 
@@ -3487,7 +3487,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
 
 
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/spider-v0.8.0/spider-release-0.8.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/spider-v0.9.0/spider-release-0.9.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
 
 
 
@@ -3500,7 +3500,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             spider
         </td>
         <td align="center">
-            0.8.0
+            0.9.0
         </td>
         <td >
             release
@@ -3509,7 +3509,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2023-12-19
+            2024-01-26
         </td>
     </tr>
 

diff --git a/docs/desktop/addons/active-scan-rules-alpha/index.html b/docs/desktop/addons/active-scan-rules-alpha/index.html
@@ -1624,10 +1624,15 @@ <h2 id="id-40015">LDAP Injection <a class="header-link" href="#id-40015"><svg cl
 <p>Alert ID: <a href="/docs/alerts/40015/">40015</a>.</p>
 
 <h2 id="id-40033">NoSQL Injection - MongoDB <a class="header-link" href="#id-40033"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
-<p>This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities. It attempts various types of attacks including: boolean based, error based, time based, and authentication bypass. It will also attempt JSON parameter specific payloads if the scan is configured to include JSON parameter variants.</p>
+<p>This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities. It attempts various types of attacks including: boolean based, error based, time based, and authentication bypass. It does not include time based attacks. It will also attempt JSON parameter specific payloads if the scan is configured to include JSON parameter variants.</p>
 <p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/MongoDbInjectionScanRule.java">MongoDbInjectionScanRule.java</a></p>
 <p>Alert ID: <a href="/docs/alerts/40033/">40033</a>.</p>
 
+<h2 id="id-90039">NoSQL Injection - MongoDB (Time Based) <a class="header-link" href="#id-90039"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
+<p>This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities using only time based attacks.</p>
+<p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/MongoDbInjectionTimingScanRule.java">MongoDbInjectionTimingScanRule.java</a></p>
+<p>Alert ID: <a href="/docs/alerts/90039/">90039</a>.</p>
+
 <h2 id="id-40039">Web Cache Deception <a class="header-link" href="#id-40039"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
 <p>This rule attempts to identify Web Cache Deception vulnerabilities. It checks whether a static path appended to original URIs can be used to leak sensitive user information or not.</p>
 <ul>

diff --git a/docs/desktop/addons/active-scan-rules/index.html b/docs/desktop/addons/active-scan-rules/index.html
@@ -1784,7 +1784,7 @@ <h2 id="id-20017">Source Code Disclosure - CVE-2012-1823 <a class="header-link"
 <p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SourceCodeDisclosureCve20121823ScanRule.java">SourceCodeDisclosureCve20121823ScanRule.java</a></p>
 <p>Alert ID: <a href="/docs/alerts/20017/">20017</a>.</p>
 
-<h2 id="id-10045">Source Code Disclosure - /WEB-INF <a class="header-link" href="#id-10045"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
+<h2 id="id-10045">Source Code Disclosure - /WEB-INF Folder <a class="header-link" href="#id-10045"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
 <p>Exploit the presence of an unprotected /WEB-INF folder to download and decompile Java classes, to disclose Java source code.</p>
 <p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SourceCodeDisclosureWebInfScanRule.java">SourceCodeDisclosureWebInfScanRule.java</a></p>
 <p>Alert ID: <a href="/docs/alerts/10045/">10045</a>.</p>

diff --git a/docs/desktop/addons/openapi-support/automation/index.html b/docs/desktop/addons/openapi-support/automation/index.html
@@ -1615,6 +1615,7 @@ <h1 id="openapi-automation-framework-support">OpenAPI Automation Framework Suppo
 
 <h2 id="job-openapi">Job: openapi <a class="header-link" href="#job-openapi"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
 <p>The openapi job allows you to import OpenAPI definitions via a URL or file.</p>
+<p>It is covered in the video: <a href="https://youtu.be/xuP00Ri460k">ZAP Chat 11 Automation Framework Part 5 - APIs</a>.</p>
 <pre tabindex="0"><code>  - type: openapi                      # OpenAPI definition import
     parameters:
       apiFile:                         # String: Local file containing the OpenAPI definition, default: null, no definition will be imported

diff --git a/docs/desktop/addons/passive-scan-rules/index.html b/docs/desktop/addons/passive-scan-rules/index.html
@@ -1732,7 +1732,7 @@ <h2 id="cross-domain-misconfiguration">Cross Domain Misconfiguration <a class="h
 <p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CrossDomainMisconfigurationScanRule.java">CrossDomainMisconfigurationScanRule.java</a></p>
 
 <h2 id="csp-content-security-policy">CSP (Content Security Policy) <a class="header-link" href="#csp-content-security-policy"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
-<p>The Content Security Policy (CSP) passive scan rule parses and analyzes CSP headers and META definitions for potential misconfiguration or weakness. This rule leverages Shape Security&rsquo;s <a href="https://github.com/shapesecurity/salvation">Salvation</a> library to perform it&rsquo;s parsing and assessment of CSPs.</p>
+<p>The Content Security Policy (CSP) passive scan rule parses and analyzes CSP headers and META definitions for potential misconfiguration or weakness. This rule leverages HtmlUnit&rsquo;s <a href="https://github.com/HtmlUnit/htmlunit-csp">htmlunit-csp</a> library to perform it&rsquo;s parsing and assessment of CSPs.</p>
 <p>If a response has multiple CSPs they are analyzed individually, as there is no sure way to intersect/merge the policies and further different browsers have varying levels of CSP support and enforcement.</p>
 <p>Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/ContentSecurityPolicyScanRule.java">ContentSecurityPolicyScanRule.java</a></p>
 

diff --git a/docs/desktop/addons/spider/automation/index.html b/docs/desktop/addons/spider/automation/index.html
@@ -1613,6 +1613,7 @@ <h1 id="spider-automation-framework-support">Spider Automation Framework Support
 
 <h2 id="job-spider">Job: spider <a class="header-link" href="#job-spider"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2>
 <p>The Spider job runs the Traditional Spider. This is fast but does not handle modern applications as effectively.</p>
+<p>It is covered in the video: <a href="https://youtu.be/WivoyVerBCo">ZAP Chat 10 Automation Framework Part 4 - Spidering</a>.</p>
 <p>By default this job will spider the first context defined in the environment and so none of the parameters are mandatory.</p>
 <p>This job supports monitor tests.</p>