From 2ac01b8b0c1802059d3c4b57ba05620cde1222da Mon Sep 17 00:00:00 2001
From: SOOS-GSteen <gsteen@soos.io>
Date: Tue, 24 Sep 2024 14:13:27 -0400
Subject: [PATCH] Remove updatePlugins check - it's not enough

---
 README.md                              | 1 -
 package-lock.json                      | 4 ++--
 package.json                           | 2 +-
 src/index.ts                           | 7 -------
 src/utilities/ZAPCommandGenerator.ts   | 2 --
 src/zap_hooks/helpers/configuration.py | 6 ------
 6 files changed, 3 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index a9113d5..75ec1a5 100644
--- a/README.md
+++ b/README.md
@@ -66,7 +66,6 @@ The basic command to run a baseline scan would look like:
 | `--projectName` |  | Project Name - this is what will be displayed in the SOOS app |
 | `--requestHeaders` |  | Set extra Header requests |
 | `--scanMode` | `baseline` | Scan Mode - Available modes: baseline, fullscan, and apiscan (for more information about scan modes visit https://github.com/soos-io/soos-dast#scan-modes) |
-| `--updatePlugins` |  | Update ZAP plugins before running. |
 
 ## Scan Modes
 
diff --git a/package-lock.json b/package-lock.json
index fbdc822..3397686 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "soos-dast",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "soos-dast",
-      "version": "3.0.3",
+      "version": "3.0.4",
       "license": "MIT",
       "dependencies": {
         "@soos-io/api-client": "1.0.5",
diff --git a/package.json b/package.json
index 5a2eb71..6940e45 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "soos-dast",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "description": "SOOS DAST - The affordable no limit web vulnerability scanner",
   "main": "index.js",
   "scripts": {
diff --git a/src/index.ts b/src/index.ts
index db1cd9f..b299334 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -56,7 +56,6 @@ export interface SOOSDASTAnalysisArgs extends IBaseScanArguments {
   requestCookies: string;
   requestHeaders: string;
   scanMode: ScanMode;
-  updatePlugins: boolean;
   targetURL: string;
 }
 
@@ -241,12 +240,6 @@ class SOOSDASTAnalysis {
       },
     );
 
-    analysisArgumentParser.argumentParser.add_argument("--updatePlugins", {
-      help: "Set to true to update the ZAP plugins before running.",
-      action: "store_true",
-      required: false,
-    });
-
     analysisArgumentParser.argumentParser.add_argument("targetURL", {
       help: "Target URL - URL of the site or api to scan. The URL should include the protocol. Ex: https://www.example.com",
     });
diff --git a/src/utilities/ZAPCommandGenerator.ts b/src/utilities/ZAPCommandGenerator.ts
index b82e6a2..5885013 100644
--- a/src/utilities/ZAPCommandGenerator.ts
+++ b/src/utilities/ZAPCommandGenerator.ts
@@ -57,8 +57,6 @@ export class ZAPCommandGenerator {
     this.addEnvironmentVariable("EXCLUDE_URLS_FILE", this.config.excludeUrlsFile);
     this.addEnvironmentVariable("OAUTH_PARAMETERS", this.config.oauthParameters);
     this.addEnvironmentVariable("OAUTH_TOKEN_URL", this.config.oauthTokenUrl);
-    if (this.config.updatePlugins)
-      this.addEnvironmentVariable("UPDATE_PLUGINS", this.config.updatePlugins);
   }
 
   private generateCommand(args: string[]): string {
diff --git a/src/zap_hooks/helpers/configuration.py b/src/zap_hooks/helpers/configuration.py
index 78d87d9..8ff641b 100644
--- a/src/zap_hooks/helpers/configuration.py
+++ b/src/zap_hooks/helpers/configuration.py
@@ -36,7 +36,6 @@ class DASTConfig:
     header: Optional[str] = None
     oauth_token_url: Optional[str] = None
     oauth_parameters: Optional[str] = None
-    update_plugins: Optional[bool] = False
     xss_collector: Optional[str] = None
 
     def __init__(self):
@@ -68,14 +67,9 @@ def load_config(self, extra_zap_params):
             self.header = os.environ.get('CUSTOM_HEADER') or EMPTY_STRING
             self.oauth_token_url = os.environ.get('OAUTH_TOKEN_URL') or EMPTY_STRING
             self.oauth_parameters = self._get_hook_param_list(os.environ.get('OAUTH_PARAMETERS')) or EMPTY_STRING
-            self.update_plugins = os.environ.get('UPDATE_PLUGINS') or False
             self.xss_collector = os.environ.get('XSS_COLLECTOR') or EMPTY_STRING
 
             self.extra_zap_params = extra_zap_params
-            # NOTE: by default, we skip the addon update in case there are breaking changes and our image hasn't been updated yet.
-            if self.update_plugins is False and "-addonupdate" in self.extra_zap_params:
-                self.extra_zap_params.remove("-addonupdate")
-                log(f"Removing plugin update argument.")
             log(f"Extra params passed by ZAP: {self.extra_zap_params}")
 
         except Exception as error: