Skip to content

authhelper: Session Detection rule performance fixes #6944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 3, 2025
Merged

authhelper: Session Detection rule performance fixes #6944

merged 1 commit into from
Dec 3, 2025
+219 −81

Conversation

@kingthorin
Copy link
Member

@kingthorin kingthorin commented Nov 25, 2025
edited
Loading

Identify candidate Session token source messages via the DB directly.

The new code takes 20% of the time for the same site load. New: 13234ms vs Old: 65197ms (13sec vs 65sec).

@psiinon
Copy link
Member

psiinon commented Nov 25, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details14a4dc95-693a-4455-a54d-43bc7060b490

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java: 1891
detailsThe loads and parses XML using parse, at line 1760 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java. Th...
ID: WB%2BCugBBl4eVl6k1N1fguCMD4Is%3D
Attack Vector
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java: 1891
detailsThe loads and parses XML using parse, at line 1705 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java. Th...
ID: eOB3lH8q%2FsAWTopYABEfgzf1MZs%3D
Attack Vector
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java: 1891
detailsThe loads and parses XML using parse, at line 1727 of /addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java. Th...
ID: 2iTAZomIQokc9UnBPsyvkoVRVc4%3D
Attack Vector
LOW Log_Forging /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java: 1162
detailsMethod at line 1162 of /addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java gets user input from element getValue. This ...
ID: RQb3nWLzVswxHHXCHxcq8MacQeI%3D
Attack Vector
Fixed Issues (4)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236
HIGH Improper_Restriction_of_Stored_XXE_Ref /addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportTestUtils.java: 236

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@kingthorin kingthorin force-pushed the sess-mgmt branch 14 times, most recently from c95b2d9 to 25b4a05 Compare November 27, 2025 15:02
@kingthorin kingthorin force-pushed the sess-mgmt branch 5 times, most recently from 4d2b79e to 20b91c9 Compare December 1, 2025 16:40
@kingthorin kingthorin force-pushed the sess-mgmt branch 4 times, most recently from e0b2c00 to 0e3bf04 Compare December 1, 2025 17:41
@kingthorin kingthorin requested a review from Copilot December 2, 2025 00:34
@kingthorin kingthorin force-pushed the sess-mgmt branch 2 times, most recently from 976e307 to 9b18b17 Compare December 2, 2025 14:13
thc202
thc202 reviewed Dec 2, 2025
View reviewed changes
@kingthorin kingthorin force-pushed the sess-mgmt branch 2 times, most recently from a38997e to 13967bb Compare December 2, 2025 18:36
@kingthorin
Copy link
Member Author

kingthorin commented Dec 2, 2025

Got all those.

@kingthorin kingthorin force-pushed the sess-mgmt branch 3 times, most recently from 1323e75 to 97ea01c Compare December 2, 2025 19:59
thc202
thc202 reviewed Dec 2, 2025
View reviewed changes
@kingthorin kingthorin force-pushed the sess-mgmt branch 2 times, most recently from a519571 to c9b10de Compare December 2, 2025 20:53
thc202
thc202 reviewed Dec 3, 2025
View reviewed changes
@kingthorin kingthorin force-pushed the sess-mgmt branch 6 times, most recently from e81ee1c to 3ba04a9 Compare December 3, 2025 14:03
@thc202
Copy link
Member

thc202 commented Dec 3, 2025

Thank you!

@thc202 thc202 merged commit 8b3650b into zaproxy:main Dec 3, 2025
9 of 10 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Dec 3, 2025
@kingthorin
Copy link
Member Author

kingthorin commented Dec 3, 2025

Yay!

@kingthorin kingthorin deleted the sess-mgmt branch December 3, 2025 14:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@psiinon psiinon psiinon approved these changes

@thc202 thc202 thc202 approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kingthorin @psiinon @thc202