github.com/kubeshop/testkube@v1.17.23/contrib/executor/zap/examples/zap-tk-baseline.conf

github.com/kubeshop/testkube@v1.17.23/contrib/executor/zap/examples/zap-tk-baseline.conf (about)

     1  # zap-baseline rule configuration file
     2  # Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches
     3  # Only the rule identifiers are used - the names are just for info
     4  # You can add your own messages to each rule by appending them after a tab on each line.
     5  10010	WARN	(Cookie No HttpOnly Flag)
     6  10011	WARN	(Cookie Without Secure Flag)
     7  10012	WARN	(Password Autocomplete in Browser)
     8  10015	WARN	(Incomplete or No Cache-control and Pragma HTTP Header Set)
     9  10016	WARN	(Web Browser XSS Protection Not Enabled)
    10  10017	WARN	(Cross-Domain JavaScript Source File Inclusion)
    11  10019	WARN	(Content-Type Header Missing)
    12  10020	WARN	(X-Frame-Options Header Scanner)
    13  10021	WARN	(X-Content-Type-Options Header Missing)
    14  10023	WARN	(Information Disclosure - Debug Error Messages)
    15  10024	WARN	(Information Disclosure - Sensitive Informations in URL)
    16  10025	WARN	(Information Disclosure - Sensitive Information in HTTP Referrer Header)
    17  10026	WARN	(HTTP Parameter Override)
    18  10027	WARN	(Information Disclosure - Suspicious Comments)
    19  10032	WARN	(Viewstate Scanner)
    20  10040	WARN	(Secure Pages Include Mixed Content)
    21  10105	WARN	(Weak Authentication Method)
    22  10202	WARN	(Absence of Anti-CSRF Tokens)
    23  2	WARN	(Private IP Disclosure)
    24  3	WARN	(Session ID in URL Rewrite)
    25  50001	WARN	(Script Passive Scan Rules)
    26  90001	WARN	(Insecure JSF ViewState)
    27  90011	WARN	(Charset Mismatch)
    28  90022	WARN	(Application Error Disclosure)
    29  90030	WARN	(WSDL File Passive Scanner)
    30  90033	WARN	(Loosely Scoped Cookie)