Skip to content

ascanrulesBeta: Add getExampleAlerts to Username Enumeration rule#7249

Open
Karl-Seryani wants to merge 7 commits intozaproxy:mainfrom
Karl-Seryani:feat/6119-username-enum-example-alerts
Open

ascanrulesBeta: Add getExampleAlerts to Username Enumeration rule#7249
Karl-Seryani wants to merge 7 commits intozaproxy:mainfrom
Karl-Seryani:feat/6119-username-enum-example-alerts

Conversation

@Karl-Seryani
Copy link
Copy Markdown
Contributor

@Karl-Seryani Karl-Seryani commented Apr 1, 2026

Overview

Adds getExampleAlerts() to UsernameEnumerationScanRule for documentation generation purposes.

Changes

  • Extracted alert building into reusable buildAlert() helper method
  • Added getExampleAlerts() returning an example alert using existing i18n keys and HtmlParameter.Type.form constant
  • Added unit test shouldHaveExpectedExampleAlerts()
  • Updated CHANGELOG

Related Issues

Contributes to zaproxy/zaproxy#6119

Test Plan

  • ./gradlew :addOns:ascanrulesBeta:check passes
  • All existing tests pass
  • New shouldHaveExpectedExampleAlerts passes
  • Spotless formatting applied

@psiinon
Copy link
Copy Markdown
Member

psiinon commented Apr 1, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details633ca768-9b84-4b28-b85c-82f5b810c50d

New Issues (158) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL Stored_Code_Injection /addOns/graaljs/src/main/java/org/zaproxy/zap/extension/graaljs/PacScript.java: 107
detailsThe application's  method receives and dynamically executes user-controlled code using eval, at line 143 of /addOns/graaljs/src/main/java/org/zapr...
Attack Vector
2 CRITICAL Stored_XSS /addOns/plugnhack/src/main/java/org/zaproxy/zap/extension/plugnhack/PlugNHackAPI.java: 300
detailsThe method embeds untrusted data in generated output with append, at line 301 of /addOns/plugnhack/src/main/java/org/zaproxy/zap/extension/plugnha...
Attack Vector
3 HIGH Absolute_Path_Traversal /addOns/selenium/src/main/java/org/zaproxy/zap/extension/selenium/internal/DialogCustomBrowser.java: 363
detailsMethod at line 363 of /addOns/selenium/src/main/java/org/zaproxy/zap/extension/selenium/internal/DialogCustomBrowser.java gets dynamic data from ...
Attack Vector
4 HIGH Absolute_Path_Traversal /addOns/selenium/src/main/java/org/zaproxy/zap/extension/selenium/internal/DialogCustomBrowser.java: 331
detailsMethod at line 331 of /addOns/selenium/src/main/java/org/zaproxy/zap/extension/selenium/internal/DialogCustomBrowser.java gets dynamic data from ...
Attack Vector
5 HIGH Absolute_Path_Traversal /addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/DialogAddApp.java: 223
detailsMethod at line 223 of /addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/DialogAddApp.java gets dynamic data from the getText element...
Attack Vector
6 HIGH Absolute_Path_Traversal /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 400
detailsMethod at line 400 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java gets dy...
Attack Vector
7 HIGH Absolute_Path_Traversal /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 432
detailsMethod at line 432 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java gets dy...
Attack Vector
8 HIGH Absolute_Path_Traversal /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 441
detailsMethod at line 441 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java gets dy...
Attack Vector
9 HIGH Absolute_Path_Traversal /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 612
detailsMethod at line 612 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java gets dy...
Attack Vector
10 HIGH Absolute_Path_Traversal /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 663
detailsMethod at line 663 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java gets dy...
Attack Vector
11 HIGH Absolute_Path_Traversal /addOns/jython/src/main/java/org/zaproxy/zap/extension/jython/JythonOptionsPanel.java: 111
detailsMethod at line 111 of /addOns/jython/src/main/java/org/zaproxy/zap/extension/jython/JythonOptionsPanel.java gets dynamic data from the getText el...
Attack Vector
12 HIGH Absolute_Path_Traversal /addOns/network/src/main/java/org/zaproxy/addon/network/ClientCertificatesOptionsPanel.java: 206
detailsMethod at line 206 of /addOns/network/src/main/java/org/zaproxy/addon/network/ClientCertificatesOptionsPanel.java gets dynamic data from the getT...
Attack Vector
13 HIGH Absolute_Path_Traversal /addOns/network/src/main/java/org/zaproxy/addon/network/internal/ui/AddPkcs11DriverDialog.java: 96
detailsMethod at line 96 of /addOns/network/src/main/java/org/zaproxy/addon/network/internal/ui/AddPkcs11DriverDialog.java gets dynamic data from the ge...
Attack Vector
14 HIGH Absolute_Path_Traversal /addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/DialogAddApp.java: 297
detailsMethod at line 297 of /addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/DialogAddApp.java gets dynamic data from the getText element...
Attack Vector
15 HIGH Absolute_Path_Traversal /addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportDialog.java: 153
detailsMethod at line 153 of /addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportDialog.java gets dynamic data from the getText element. This...
Attack Vector
16 HIGH Absolute_Path_Traversal /addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/DialogAddApp.java: 335
detailsMethod at line 335 of /addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/DialogAddApp.java gets dynamic data from the getText element...
Attack Vector
17 HIGH Cleartext_Submission_of_Sensitive_Information /addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/apachev5/HttpSenderApache.java: 446
detailsPotentially sensitive personal information credentialsProvider, at line 446 of /addOns/network/src/main/java/org/zaproxy/addon/network/internal/cli...
Attack Vector
18 HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
detailsThe loads and parses XML using parse, at line 452 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsXmlUnitTest.java. ...
Attack Vector
19 HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
detailsThe loads and parses XML using parse, at line 419 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsXmlUnitTest.java. ...
Attack Vector
20 HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
detailsThe loads and parses XML using parse, at line 386 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsXmlUnitTest.java. ...
Attack Vector
21 HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
detailsThe loads and parses XML using parse, at line 364 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsXmlUnitTest.java. ...
Attack Vector
22 HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/todo/src/main/java/org/zaproxy/zap/extension/todo/TodoList.java: 131
detailsThe loads and parses XML using parse, at line 133 of /addOns/todo/src/main/java/org/zaproxy/zap/extension/todo/TodoList.java. This XML was rece...
Attack Vector
23 HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/saml/src/main/java/org/zaproxy/zap/extension/saml/SAMLConfiguration.java: 78
detailsThe loads and parses XML using unmarshal, at line 248 of /addOns/saml/src/main/java/org/zaproxy/zap/extension/saml/SAMLConfiguration.java. This...
Attack Vector
24 HIGH SSRF /addOns/network/src/main/java/org/apache/hc/client5/http/impl/classic/ZapInternalHttpClient.java: 188
detailsThe application sends a request to a remote server, for some resource, using execute in /addOns/network/src/main/java/org/apache/hc/client5/http/im...
Attack Vector
25 HIGH SSRF /addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/LegacyUtils.java: 47
detailsThe application sends a request to a remote server, for some resource, using execute in /addOns/network/src/main/java/org/zaproxy/addon/network/int...
Attack Vector
26 HIGH SSRF /addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/LegacyUtils.java: 53
detailsThe application sends a request to a remote server, for some resource, using execute in /addOns/network/src/main/java/org/zaproxy/addon/network/int...
Attack Vector
27 HIGH SSRF /addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/LegacyUtils.java: 56
detailsThe application sends a request to a remote server, for some resource, using execute in /addOns/network/src/main/java/org/zaproxy/addon/network/int...
Attack Vector
28 HIGH SSRF /addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/LegacyUtils.java: 46
detailsThe application sends a request to a remote server, for some resource, using execute in /addOns/network/src/main/java/org/zaproxy/addon/network/int...
Attack Vector
29 MEDIUM Missing_HSTS_Header /addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HeartBleedActiveScanRule.java: 986
detailsThe web-application does not define an HSTS header, leaving it vulnerable to attack.
Attack Vector
30 MEDIUM Privacy_Violation /addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/LlmAppendHttpMessageMenu.java: 53
detailsMethod at line 53 of /addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/LlmAppendHttpMessageMenu.java sends user information outside the applicat...
Attack Vector
31 MEDIUM Privacy_Violation /addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java: 201
detailsMethod at line 201 of /addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java sends user information outside the ap...
Attack Vector
32 MEDIUM Privacy_Violation /addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/LlmChatPanel.java: 240
detailsMethod at line 240 of /addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/LlmChatPanel.java sends user information outside the application. This ...
Attack Vector
33 MEDIUM Privacy_Violation /addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java: 206
detailsMethod at line 206 of /addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java sends user information outside the ap...
Attack Vector
34 MEDIUM Privacy_Violation /addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRule.java: 119
detailsMethod at line 119 of /addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRule.java sends user inform...
Attack Vector
35 MEDIUM Privacy_Violation /addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRule.java: 120
detailsMethod at line 120 of /addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRule.java sends user inform...
Attack Vector
36 MEDIUM SSL_Verification_Bypass /addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/apachev5/h2/ZapClientTlsStrategy.java: 197
details/addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/apachev5/h2/ZapClientTlsStrategy.java relies HTTPS requests, in . The x50...
Attack Vector
37 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java: 696
detailsMethod at line 696 of /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java obtains user input from getVariableName - the ...
Attack Vector
38 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java: 697
detailsMethod at line 697 of /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java obtains user input from getCookieName - the ra...
Attack Vector
39 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java: 695
detailsMethod at line 695 of /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java obtains user input from getWindowHandle - the ...
Attack Vector
40 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/DefaultStringPayloadGeneratorUIHandler.java: 257
detailsMethod at line 257 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/DefaultStringPayloadGeneratorUIHandler.java obta...
Attack Vector
41 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/RegexPayloadGeneratorUIHandler.java: 381
detailsMethod at line 381 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/RegexPayloadGeneratorUIHandler.java obtains user...
Attack Vector
42 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/RegexPayloadGeneratorUIHandler.java: 381
detailsMethod at line 381 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/RegexPayloadGeneratorUIHandler.java obtains user...
Attack Vector
43 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 441
detailsMethod at line 441 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java obtains...
Attack Vector
44 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 444
detailsMethod at line 444 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java obtains...
Attack Vector
45 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 612
detailsMethod at line 612 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java obtains...
Attack Vector
46 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java: 617
detailsMethod at line 617 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java obtains...
Attack Vector
47 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/JsonPayloadGeneratorAdapterUIHandler.java: 169
detailsMethod at line 169 of /addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/JsonPayloadGeneratorAdapterUIHandler.java obtain...
Attack Vector
48 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java: 466
detailsMethod at line 466 of /addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java obtains user ...
Attack Vector
49 MEDIUM Unchecked_Input_for_Loop_Condition /addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HeartBleedActiveScanRule.java: 971
detailsMethod at line 971 of /addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HeartBleedActiveScanRule.java obtains user input from...
Attack Vector
50 MEDIUM Use_Of_Hardcoded_Password /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java: 178
detailsThe application uses the hard-coded password PASSWORD for authentication purposes, either using it to verify users' identities, or to access anoth...
Attack Vector
51 MEDIUM Use_Of_Hardcoded_Password /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestAuthenticationRunner.java: 68
detailsThe application uses the hard-coded password PASSWORD for authentication purposes, either using it to verify users' identities, or to access anoth...
Attack Vector
52 MEDIUM Use_Of_Hardcoded_Password /addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestAuthenticationRunner.java: 65
detailsThe application uses the hard-coded password OLD_PASSWORD for authentication purposes, either using it to verify users' identities, or to access ...
Attack Vector
53 MEDIUM Use_Of_Hardcoded_Password /addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/internal/ClientSideHandlerUnitTest.java: 64
detailsThe application uses the hard-coded password TEST_PASSWORD for authentication purposes, either using it to verify users' identities, or to access...
Attack Vector
54 MEDIUM Use_Of_Hardcoded_Password /addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthDiagnosticCollectorUnitTest.java: 236
detailsThe application uses the hard-coded password ""mySuperSecretPassword"" for authentication purposes, either using it to verify users' identities, o...
Attack Vector
55 MEDIUM Use_Of_Hardcoded_Password /addOns/automation/src/main/java/org/zaproxy/addon/automation/ContextWrapper.java: 518
detailsThe application uses the hard-coded password PASSWORD_CREDENTIAL for authentication purposes, either using it to verify users' identities, or to ...
Attack Vector
56 MEDIUM Use_Of_Hardcoded_Password /addOns/bugtracker/src/main/java/org/zaproxy/zap/extension/bugtracker/BugTrackerBugzillaParam.java: 41
detailsThe application uses the hard-coded password CONFIG_PASSWORD_KEY for authentication purposes, either using it to verify users' identities, or to...
Attack Vector
57 MEDIUM Use_Of_Hardcoded_Password /addOns/network/src/main/java/org/zaproxy/addon/network/NetworkApi.java: 141
detailsThe application uses the hard-coded password PARAM_PASSWORD for authentication purposes, either using it to verify users' identities, or to acces...
Attack Vector
58 MEDIUM Use_Of_Hardcoded_Password /addOns/network/src/test/java/org/zaproxy/addon/network/LegacyConnectionParamUnitTest.java: 57
detailsThe application uses the hard-coded password PASSWORD for authentication purposes, either using it to verify users' identities, or to access anoth...
Attack Vector
59 MEDIUM Use_Of_Hardcoded_Password /addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InsecureAuthenticationScanRuleUnitTest.java: 53
detailsThe application uses the hard-coded password pass for authentication purposes, either using it to verify users' identities, or to access another r...
Attack Vector
60 MEDIUM Use_Of_Hardcoded_Password /addOns/network/src/test/java/org/zaproxy/addon/network/internal/client/KeyStoreEntryUnitTest.java: 66
detailsThe application uses the hard-coded password ""password"" for authentication purposes, either using it to verify users' identities, or to access a...
Attack Vector
61 MEDIUM Use_Of_Hardcoded_Password /addOns/network/src/test/java/org/zaproxy/addon/network/internal/client/CertificateEntryUnitTest.java: 55
detailsThe application uses the hard-coded password ""password"" for authentication purposes, either using it to verify users' identities, or to access a...
Attack Vector
62 MEDIUM Use_Of_Hardcoded_Password_In_Config /addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_tr_TR.properties: 12
detailsThe configuration file /addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_tr_TR.properties contains a har...
Attack Vector
63 MEDIUM Use_Of_Hardcoded_Password_In_Config /addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_bs_BA.properties: 12
detailsThe configuration file /addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_bs_BA.properties contains a har...
Attack Vector
64 MEDIUM Use_Of_Hardcoded_Password_In_Config /addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_fr_FR.properties: 12
detailsThe configuration file /addOns/tokengen/src/main/resources/org/zaproxy/zap/extension/tokengen/resources/Messages_fr_FR.properties contains a har...
Attack Vector
65 MEDIUM Use_Of_Hardcoded_Password_In_Config /addOns/bugtracker/src/main/resources/org/zaproxy/zap/extension/bugtracker/resources/Messages_vi_VN.properties: 107
detailsThe configuration file /addOns/bugtracker/src/main/resources/org/zaproxy/zap/extension/bugtracker/resources/Messages_vi_VN.properties contains a...
Attack Vector

More results are available on the CxOne platform

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

@thc202 thc202 mentioned this pull request Apr 1, 2026
Open
3 tasks
@Karl-Seryani
Copy link
Copy Markdown
Contributor Author

Karl-Seryani commented Apr 1, 2026

Done, moved the i18n calls into buildAlert() so the keys only exist in one place now.

kingthorin
kingthorin reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@kingthorin kingthorin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you run the tests?
Didn't your IDE complain about a method signature mismatch when you were working on this?

Karl-Seryani
Karl-Seryani commented Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@Karl-Seryani Karl-Seryani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, ran the full test suite and check for ascanrulesBeta, everything passes. No compile issues or signature mismatches.

thc202
thc202 reviewed Apr 6, 2026
View reviewed changes
@thc202
Copy link
Copy Markdown
Member

thc202 commented Apr 7, 2026

There's a conflict in the changelog.

@Karl-Seryani
ascanrulesBeta: Add getExampleAlerts to Username Enumeration rule
4ee46dd 
Add getExampleAlerts() to UsernameEnumerationScanRule for
documentation generation (Issue 6119). Extracts alert building
into a reusable helper method using existing i18n keys.

Signed-off-by: Karl Seryani <karlseryani@gmail.com>
@Karl-Seryani
Fix spotless formatting
7345b94 
Signed-off-by: Karl Seryani <karlseryani@gmail.com>
@Karl-Seryani
Address review: move i18n calls into buildAlert to remove duplication
9a5a4d2 
Signed-off-by: Karl Seryani <karlseryani@gmail.com>
@Karl-Seryani
Address review: pass HtmlParameter directly to buildAlert
c36a50f 
Signed-off-by: Karl Seryani <karlseryani@gmail.com>
@Karl-Seryani
Address review: pass enum directly, remove default setters, add examp…
dcb7cc3 
…le delta

Signed-off-by: Karl Seryani <karlseryani@gmail.com>
@Karl-Seryani
Address review: pass deltas to buildAlert, share formatting logic
42b8d7b 
Signed-off-by: Karl Seryani <karlseryani@gmail.com>
@Karl-Seryani Karl-Seryani force-pushed the feat/6119-username-enum-example-alerts branch from 621a247 to 42b8d7b Compare April 7, 2026 21:03
kingthorin
kingthorin reviewed Apr 7, 2026
View reviewed changes
...Beta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/UsernameEnumerationScanRule.java Outdated
Comment on lines +730 to +734
if (delta.getType() == Delta.TYPE.CHANGE) changeType = "Changed Text";
else if (delta.getType() == Delta.TYPE.DELETE) changeType = "Deleted Text";
else if (delta.getType() == Delta.TYPE.INSERT) changeType = "Inserted text";
else changeType = "Unknown change type [" + delta.getType() + "]";

Copy link
Copy Markdown
Member

@kingthorin kingthorin Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is syntactically correct but using braces for consistency/readability would be best.

This whole loop and the text it's building should all be internationalized (ex: Use the message.properties key/values/substitution)

Copy link
Copy Markdown
Contributor Author

@Karl-Seryani Karl-Seryani Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, added braces and moved all the diff text into Messages.properties keys.

Copy link
Copy Markdown
Member

@thc202 thc202 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the record this was existing code.

Copy link
Copy Markdown
Member

@kingthorin kingthorin Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, that's on me.

@thc202 are you okay with it going forward this way?

@Karl-Seryani
Address review: add braces, internationalize diff text
b6a5aa4 
Signed-off-by: Karl Seryani <karlseryani@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thc202 thc202 thc202 left review comments

@kingthorin kingthorin kingthorin approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Karl-Seryani @psiinon @thc202 @kingthorin