Merge pull request #5960 from kingthorin/add-tags-50k

scripts: Add Policy Tags to ScriptsActiveScanner

addOns/scripts/CHANGELOG.md

@@ -6,9 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## Unreleased
 ### Added
 - Report indirect script errors while the Automation Framework plans are running (Issue 8586).
+- Standardized Policy Tags to the base Scripts Active Scanner.
 
 ### Changed
 - Fields with default or missing values are omitted for the `script` job in saved Automation Framework plans.
+- Depends on an updated version of the Common Library add-on.
 
 ## [45.7.0] - 2024-10-07
 ### Fixed

addOns/scripts/scripts.gradle.kts

@@ -30,7 +30,7 @@ zapAddOn {
         dependencies {
             addOns {
                 register("commonlib") {
-                    version.set(">=1.25.0")
+                    version.set(">=1.29.0")
                 }
             }
         }

addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/scanrules/ScriptsActiveScanner.java

@@ -22,14 +22,18 @@
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.control.Control;
 import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.core.scanner.Category;
 import org.parosproxy.paros.network.HttpMessage;
+import org.zaproxy.addon.commonlib.PolicyTag;
 import org.zaproxy.addon.commonlib.scanrules.ScanRuleMetadataProvider;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
 import org.zaproxy.zap.extension.script.ExtensionScript;
@@ -45,6 +49,9 @@ public class ScriptsActiveScanner extends ActiveScriptHelper {
     private ScriptsCache<ActiveScript> cachedScripts;
 
     private static final Logger LOGGER = LogManager.getLogger(ScriptsActiveScanner.class);
+    private static final Map<String, String> POLICY_ALERT_TAGS =
+            Stream.of(PolicyTag.values())
+                    .collect(Collectors.toUnmodifiableMap(k -> k.getTag(), v -> ""));
 
     /**
      * A {@code Set} containing the scripts that do not implement {@code ActiveScript2}, to show an
@@ -252,4 +259,9 @@ public int getCweId() {
     public int getWascId() {
         return 0;
     }
+
+    @Override
+    public Map<String, String> getAlertTags() {
+        return POLICY_ALERT_TAGS;
+    }
 }

addOns/scripts/src/test/java/org/zaproxy/zap/extension/scripts/scanrules/ScriptsActiveScannerUnitTest.java

@@ -49,6 +49,7 @@
 import org.parosproxy.paros.model.Model;
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.network.HttpRequestHeader;
+import org.zaproxy.addon.commonlib.PolicyTag;
 import org.zaproxy.addon.commonlib.scanrules.ScanRuleMetadataProvider;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
 import org.zaproxy.zap.extension.ascan.VariantFactory;
@@ -431,6 +432,16 @@ void shouldHandleExceptionsThrownByActiveScript() throws Exception {
         verify(script2, times(1)).scan(scriptsActiveScanner, message, name2, value2);
     }
 
+    @Test
+    void shouldHaveExpectedNumberOfAlertTags() {
+        // Given
+        ScriptsActiveScanner scriptsActiveScanner = new ScriptsActiveScanner();
+        // When
+        int tagCount = scriptsActiveScanner.getAlertTags().size();
+        // Then
+        assertThat(tagCount, is(equalTo(PolicyTag.values().length)));
+    }
+
     private <T> ScriptWrapper createScriptWrapper(T script, Class<T> scriptClass) throws Exception {
         ScriptWrapper scriptWrapper = mock(ScriptWrapper.class);
         given(scriptWrapper.isEnabled()).willReturn(true);