Jeremy Bonghwan Choi
Jeremy Bonghwan Choi
While this was closed and there was the other project, I've created https://github.com/jeremychoi/owasp-asvs-wstg-checklist which would be relevant to this issue.
@ThunderSon I see. Thanks. If the files could be added to this repo, that would be great. One thing I am not sure about is if there is something to...
Thanks for the comment. I'll create a csv one soon.
> Better to have some tests. maybe I could add a test like 1. spiderController.addSeed(uri, ...) 2. assert if the uri does not exist in foundURIs. Does that makes sense?...
> maybe we should not include them if they are 404s and requested by the spider? +1 from a user perspective :)
> The changelog should be updated. Could you let me know where the changelog is? Maybe it'd be better if the information could be found in https://github.com/zaproxy/zaproxy/blob/main/CONTRIBUTING.md#guidelines-for-pull-request-pr-submission-and-processing
> maybe I could add a test like > > 1. spiderController.addSeed(uri, ...) > 2. assert if the uri does not exist in foundURIs. > > Does that makes sense?...
@kingthorin will try to find time to finish this week.
@kingthorin @thc202 please review. @thc202 `we should still notify about the seeds used` => In that case, IMO it should be implemented in a separate way, instead of calling notifyListenersFoundURI()...
> Won't this mean that none of the seeds are marked found, though we only want to skip the "artificial" seeds (robots, sitemap, ds_store)? @kingthorin you're right. would this work...