From 208891a71a8822f2005e9174db1cdbc0c62de746 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 6 Feb 2025 11:42:31 -0800
Subject: [PATCH] ignore source code disclosure java as a false positive

---
 app/__init__.py | 6 ------
 zap.conf        | 1 +
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index c0ba47f7b..54248bda0 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -316,7 +316,6 @@ def init_app(application):
     application.before_request(load_organization_before_request)
     application.before_request(request_helper.check_proxy_header_before_request)
     application.before_request(make_session_permanent)
-    application.before_request(block_serving_node_files)
     application.after_request(save_service_or_org_after_request)
 
     start = len(asset_fingerprinter._filesystem_path)
@@ -405,11 +404,6 @@ def make_session_permanent():
     session.permanent = True
 
 
-def block_serving_node_files():
-    if "node_modules" in request.path:
-        abort(403)
-
-
 def create_beta_url(url):
     url_created = None
     try:
diff --git a/zap.conf b/zap.conf
index 48e70c91b..5b1168634 100644
--- a/zap.conf
+++ b/zap.conf
@@ -53,6 +53,7 @@
 10096	WARN	(Timestamp Disclosure - Passive/release)
 10097	WARN	(Hash Disclosure - Passive/beta)
 10098	WARN	(Cross-Domain Misconfiguration - Passive/release)
+10099	IGNORE	(Source Code Disclosure - Java)
 10104	WARN	(User Agent Fuzzer - Active/beta)
 10105	WARN	(Weak Authentication Method - Passive/release)
 10106	IGNORE	(HTTP Only Site - Active/beta)