From b05e13b3b7a2c4bfa1de9e96e2b576a67433675b Mon Sep 17 00:00:00 2001 From: Jan Winz Date: Tue, 26 Nov 2024 09:08:19 +0100 Subject: [PATCH] Remove not necessary call and add documentation #3622 --- sechub-wrapper-owasp-zap/README.adoc | 3 +++ .../zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sechub-wrapper-owasp-zap/README.adoc b/sechub-wrapper-owasp-zap/README.adoc index 15dbaf0ce..dd4908d2e 100644 --- a/sechub-wrapper-owasp-zap/README.adoc +++ b/sechub-wrapper-owasp-zap/README.adoc @@ -224,6 +224,9 @@ The script can also be created completely without using anything of the pre-defi The `TOTPGenerator` is an easy to use implementation of TOTP for two-factor-authentication if necessary. Using `totpGenerator.now()` returns the currently valid TOTP. To make use of the script authentication the wrapper application expects a SecHub configuration json for the scan, which contains a template data definition and optionally a TOTP configuration. See web scan example configurations for details. + +WARNING: **The script should always ensure that the target URL is loaded in the browser at the end after the authentication because the caller needs to access the session data.** + The following example contains all available bindings, even if they are unused in the script below: [source,groovy] diff --git a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java index 909cc6ca1..cd89f5071 100644 --- a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java +++ b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java @@ -65,9 +65,6 @@ public ScriptLoginResult executeScript(File scriptFile, ZapScanContext scanConte LOG.info("Execute groovy login script."); scriptEngine.eval(script, bindings); - // load target URL to ensure the correct page is loaded in the browser - firefox.get(scanContext.getTargetUrlAsString()); - LOG.info("Execution successful, perparing login result with session data."); loginResult.setSessionCookies(firefox.manage().getCookies()); loginResult.setSessionStorage(retrieveStorage(firefox, SESSION_STORAGE));