Merge pull request #6389 from YashArote/fix-alert-page

websocket: link rules to help

Author: thc202

addOns/websocket/CHANGELOG.md

@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
-
+### Changed
+- Add website alert links to the help page (Issue 8189).
 
 ## [32] - 2025-01-10
 ### Changed

addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/pscan/scripts/WebSocketPassiveScript.java

@@ -58,6 +58,10 @@ default String getName() {
         return ScriptsWebSocketPassiveScanner.PLUGIN_NAME;
     }
 
+    default String getHelpLink() {
+        return "https://www.zaproxy.org/docs/desktop/addons/websockets/pscanrules/#id-" + getId();
+    }
+
     @Override
     default List<Alert> getExampleAlerts() {
         return Collections.emptyList();

addOns/websocket/src/main/javahelp/org/zaproxy/zap/extension/websocket/resources/help/contents/pscanrules.html

@@ -11,7 +11,7 @@ <H1>WebSocket Passive Scan Rules</H1>
         <h2 id="scripts">Scripts</h2>
         Scripts which are included by default in the add-on and they implement the following WebSocket passive scan rules:
 
-        <h3>Base64 Disclosure</h3>
+        <h3 id="id-110002">Base64 Disclosure</h3>
 
         This script analyzes incoming WebSocket message payload for Base64 strings. The encoded information may include sensitive data which may not specifically meant for end user consumption.<br>
 
@@ -32,9 +32,10 @@ <h3>Base64 Disclosure</h3>
         <table border="1"  width = "500">
             <tr><td><strong>Risk</strong></td><td>Info</td></tr>
             <tr><td><strong>Confidence</strong></td><td>Medium</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110002/">110002</a></td></tr>
         </table>
 
-        <h3>Information Disclosure: Application Errors</h3>
+        <h3 id="id-110001">Information Disclosure: Application Errors</h3>
 
         This passive scanner checks incoming WebSocket message payload for known Application Error messages. Access to such details may provide a malicious individual with means by which to further abuse the web site. They may also leak data not specifically meant for end user consumption.<br>
 
@@ -53,9 +54,10 @@ <h3>Information Disclosure: Application Errors</h3>
             <tr><td><strong>Confidence</strong></td><td>Medium</td></tr>
             <tr><td><strong>CWE ID</strong></td><td>209: Information Exposure Through an Error Message</td></tr>
             <tr><td><strong>WASC ID</strong></td><td>13: Information Leakage</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110001/">110001</a></td></tr>
         </table>
 
-        <h3>Information Disclosure: Credit Card Number</h3>
+        <h3 id="id-110005">Information Disclosure: Credit Card Number</h3>
 
         This script scans for the presence of Personally Information Identifiable in incoming WebSocket message payload.
         More specifically, it passively scans payload for credit card numbers. The available scans are for the following credit card types:
@@ -76,9 +78,10 @@ <h3>Information Disclosure: Credit Card Number</h3>
             <tr><td><strong>Confidence</strong></td><td>High</td></tr>
             <tr><td><strong>CWE ID</strong></td><td>359: Exposure of Private Information ('Privacy Violation')</td></tr>
             <tr><td><strong>WASC ID</strong></td><td>13: Information Leakage</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110005/">110005</a></td></tr>
         </table>
 
-        <h3>Information Disclosure: Debug Errors</h3>
+        <h3 id="id-110003">Information Disclosure: Debug Errors</h3>
 
         This script checks the incoming WebSocket message payload for known Debug Error message fragments. Access to such details may provide a malicious individual with means by which to further abuse the web site. They may also leak data not specifically meant for end user consumption.<br>
 
@@ -97,9 +100,10 @@ <h3>Information Disclosure: Debug Errors</h3>
             <tr><td><strong>Confidence</strong></td><td>Medium</td></tr>
             <tr><td><strong>CWE ID</strong></td><td>200: Information Exposure</td></tr>
             <tr><td><strong>WASC ID</strong></td><td>13: Info Leakage</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110003/">110003</a></td></tr>
         </table>
 
-        <h3>Information Disclosure: Email address</h3>
+        <h3 id="id-110004">Information Disclosure: Email address</h3>
 
         This script scans incoming WebSocket messages for email addresses. Email addresses may be not specifically meant for end user consumption.<br>
 
@@ -110,9 +114,10 @@ <h3>Information Disclosure: Email address</h3>
             <tr><td><strong>Confidence</strong></td><td>Info</td></tr>
             <tr><td><strong>CWE ID</strong></td><td>200: Information Exposure</td></tr>
             <tr><td><strong>WASC ID</strong></td><td>13: Information Leakage</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110004/">110004</a></td></tr>
         </table>
 
-        <h3>Information Disclosure: Suspicious XML Comments</h3>
+        <h3 id="id-110008">Information Disclosure: Suspicious XML Comments</h3>
 
         This script checks incoming WebSocket messages payloads, which are XML formatted, for suspicious comments. The comments it is searching for are relevant to components with which an attacker can extract useful information. Comments like FIXME, BUG, etc. might be helpful for further attacks targeting the weaknesses of the web application.<br>
 
@@ -137,9 +142,10 @@ <h3>Information Disclosure: Suspicious XML Comments</h3>
             <tr><td><strong>Confidence</strong></td><td>Medium</td></tr>
             <tr><td><strong>CWE ID</strong></td><td>200: Information Exposure</td></tr>
             <tr><td><strong>WASC ID</strong></td><td>13: Info Leakage</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110008/">110008</a></td></tr>
         </table>
 
-        <h3 id="ip_add_disc">Private Address Disclosure</h3>
+        <h3 id="id-110006">Private Address Disclosure</h3>
         Checks incoming WebSocket message payload for inclusion of RFC 1918 IPv4 addresses as well as Amazon EC2 private hostnames (for example, ip-10-0-56-78). This information can give an attacker useful information about the IP address scheme of the internal network, and might be helpful for further attacks targeting internal systems. <br>
 
         This passive scanner may generate false positives in the case of larger dotted numeric strings, such as vp09.02.51.10.01.09.16, where the latter 4 octets appear to be a RFC 1918 IPv4 address. After review an analyst can mark such alerts as False Positives in ZAP.<br>
@@ -155,9 +161,10 @@ <h3 id="ip_add_disc">Private Address Disclosure</h3>
         <table border="1"  width = "200">
             <tr><td><strong>Risk</strong></td><td>Low</td></tr>
             <tr><td><strong>Confidence</strong></td><td>Medium</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110006/">110006</a></td></tr>
         </table>
 
-        <h3>Username Disclosure</h3>
+        <h3 id="id-110007">Username Disclosure</h3>
 
         Checks incoming WebSocket message payload for usernames. This script can find usernames which are hashed with the following methods:
         {MD2, MD5, SHA256, SHA384, SHA512}. The usernames have to be defined in any context before. In order to a add user in a Context follow the steps below:
@@ -173,6 +180,7 @@ <h3>Username Disclosure</h3>
             <tr><td><strong>Confidence</strong></td><td>High</td></tr>
             <tr><td><strong>CWE ID</strong></td><td>284: Improper Access Control</td></tr>
             <tr><td><strong>WASC ID</strong></td><td>2: Insufficient Authorization</td></tr>
+            <tr><td><strong>Alert ID:</strong></td><td><a href="https://www.zaproxy.org/docs/alerts/110007/">110007</a></td></tr>
         </table>
 
     </BODY>