DAST scan -  Investigate & fix if required results of the ZAP scan


A ZAP baseline scan demonstrates several issues. Investigate each of these issues and create a fix if required, or leave on ignore if not relevant. Full ZAP report can be found in GitHub Actions.

Issues:
- [ ] Information Disclosure - Suspicious Comments [10027]
- [ ] User Controllable HTML Element Attribute (Potential XSS) [10031]
- [ ] Non-Storable Content [10049]
- [ ] Cookie without SameSite Attribute [10054]
- [ ] CSP: Wildcard Directive [10055]
- [ ] Permissions Policy Header Not Set [10063]
- [ ] Modern Web Application [10109]
- [ ] Dangerous JS Functions [10110]
- [ ] Loosely Scoped Cookie [90033]

### Please provide relevant logs

```
IGNORE: Information Disclosure - Suspicious Comments [10027] x 14 
	http://localhost:8080/webjars/bootstrap/5.2.3/js/bootstrap.bundle.min.js (200 OK)
	http://localhost:8080/webjars/datatables/1.13.2/js/dataTables.bootstrap5.min.js (200 OK)
	http://localhost:8080/webjars/datatables/1.13.2/js/jquery.dataTables.min.js (200 OK)
	http://localhost:8080/webjars/github-buttons/2.14.1/dist/buttons.js (200 OK)
	http://localhost:8080/webjars/jquery/3.6.3/jquery.js (200 OK)
IGNORE: User Controllable HTML Element Attribute (Potential XSS) [10031] x 6 
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/challenge/2 (200 OK)
	http://localhost:8080/challenge/2 (200 OK)
IGNORE: Non-Storable Content [10049] x 11 
	http://localhost:8080 (200 OK)
	http://localhost:8080/ (200 OK)
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/challenge/1 (200 OK)
	http://localhost:8080/challenge/2 (200 OK)
IGNORE: Cookie without SameSite Attribute [10054] x 1 
	http://localhost:8080/challenge/0 (200 OK)
IGNORE: CSP: Wildcard Directive [10055] x 12 
	http://localhost:8080 (200 OK)
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/robots.txt (404 Not Found)
	http://localhost:8080/sitemap.xml (404 Not Found)
	http://localhost:8080 (200 OK)
IGNORE: Permissions Policy Header Not Set [10063] x 11 
	http://localhost:8080 (200 OK)
	http://localhost:8080/ (200 OK)
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/challenge/1 (200 OK)
	http://localhost:8080/challenge/2 (200 OK)
IGNORE: Modern Web Application [10109] x 11 
	http://localhost:8080 (200 OK)
	http://localhost:8080/ (200 OK)
	http://localhost:8080/challenge/0 (200 OK)
	http://localhost:8080/challenge/1 (200 OK)
	http://localhost:8080/challenge/2 (200 OK)
IGNORE: Dangerous JS Functions [10110] x 1 
	http://localhost:8080/webjars/jquery/3.6.3/jquery.js (200 OK)
IGNORE: Loosely Scoped Cookie [90033] x 1 
	http://localhost:8080/challenge/0 (200 OK)
```

### Any possible solutions?

Needs further investigation per issue.

### If the bug is confirmed, would you be willing to submit a PR?

Yes


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

DAST scan - Investigate & fix if required results of the ZAP scan #709

Please provide relevant logs

Any possible solutions?

If the bug is confirmed, would you be willing to submit a PR?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

DAST scan - Investigate & fix if required results of the ZAP scan #709

Description

Please provide relevant logs

Any possible solutions?

If the bug is confirmed, would you be willing to submit a PR?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions