ignore source code disclosure java as a false positive

2025-12-08 22:24:22 -05:00 · 2025-02-06 11:42:31 -08:00
parent afd3d94790
commit 208891a71a
2 changed files with 1 additions and 6 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -316,7 +316,6 @@ def init_app(application):
    application.before_request(load_organization_before_request)
    application.before_request(request_helper.check_proxy_header_before_request)
    application.before_request(make_session_permanent)
-    application.before_request(block_serving_node_files)
    application.after_request(save_service_or_org_after_request)

    start = len(asset_fingerprinter._filesystem_path)
@@ -405,11 +404,6 @@ def make_session_permanent():
    session.permanent = True


-def block_serving_node_files():
-    if "node_modules" in request.path:
-        abort(403)
-
-
 def create_beta_url(url):
    url_created = None
    try:
--- a/zap.conf
+++ b/zap.conf
@@ -53,6 +53,7 @@
 10096	WARN	(Timestamp Disclosure - Passive/release)
 10097	WARN	(Hash Disclosure - Passive/beta)
 10098	WARN	(Cross-Domain Misconfiguration - Passive/release)
+10099	IGNORE	(Source Code Disclosure - Java)
 10104	WARN	(User Agent Fuzzer - Active/beta)
 10105	WARN	(Weak Authentication Method - Passive/release)
 10106	IGNORE	(HTTP Only Site - Active/beta)