Merge pull request #2706 from ricekot/scripts-alert-pages

Update alert pages for script scan rules

Author: kingthorin

site/content/docs/alerts/100002.md

@@ -0,0 +1,23 @@
+---
+title: "Server is running on Clacks - GNU Terry Pratchett"
+alertid: 100002
+alertindex: 10000200
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Informational
+solution: "Give the sysadmin a high five and rejoice in the disc world."
+references:
+   - https://xclacksoverhead.org/home/about
+other: ""
+cwe: 200
+wasc: 13
+alerttags: 
+  - CWE-200
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/clacks.js
+linktext: "passive/clacks.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+The web/application server is running over the Clacks network, some say it's turtles/IP,  some say it's turtles all the way down the layer stack.
+

site/content/docs/alerts/100003.md

@@ -0,0 +1,19 @@
+---
+title: "Cookie Set Without HttpOnly Flag"
+alertid: 100003
+alertindex: 10000300
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Low
+solution: "Ensure that the HttpOnly flag is set for all cookies."
+other: ""
+wasc: 13
+alerttags: 
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/CookieHTTPOnly.js
+linktext: "passive/CookieHTTPOnly.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
+

site/content/docs/alerts/100004.md

@@ -0,0 +1,22 @@
+---
+title: "Content Security Policy Violations Reporting Enabled"
+alertid: 100004
+alertindex: 10000400
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Informational
+solution: "Site owner will be notified at each policies violations, so, start by analyzing if a real monitoring of the notifications is in place before to use fuzzing or to be more aggressive. "
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_CSP_violation_reports
+other: ""
+cwe: 200
+wasc: 13
+alerttags: 
+  - CWE-200
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/detect_csp_notif_and_reportonly.js
+linktext: "passive/detect_csp_notif_and_reportonly.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+

site/content/docs/alerts/100005.md

@@ -0,0 +1,23 @@
+---
+title: "SameSite Cookie Attribute Protection Used"
+alertid: 100005
+alertindex: 10000500
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Informational
+solution: "CSRF possible vulnerabilities presents on the site will be mitigated depending on the browser used by the user (browser defines the support level for this cookie attribute). "
+references:
+   - https://tools.ietf.org/html/draft-west-first-party-cookies
+   - https://chloe.re/2016/04/13/goodbye-csrf-samesite-to-the-rescue
+other: ""
+cwe: 352
+wasc: 9
+alerttags: 
+  - CWE-352
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/detect_samesite_protection.js
+linktext: "passive/detect_samesite_protection.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+

site/content/docs/alerts/100006.md

@@ -0,0 +1,23 @@
+---
+title: "Information Disclosure - IP Exposed via F5 BIG-IP Persistence Cookie"
+alertid: 100006
+alertindex: 10000600
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Informational
+solution: "Configure BIG-IP cookie encryption."
+references:
+   - https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html
+other: ""
+cwe: 311
+wasc: 13
+alerttags: 
+  - CWE-311
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/f5_bigip_cookie_internal_ip.js
+linktext: "passive/f5_bigip_cookie_internal_ip.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+The F5 BIG-IP Persistence cookie set for this website can be decoded to a specific IP and port. An attacker may leverage this information to conduct Social Engineering attacks or other exploits.
+

site/content/docs/alerts/100007.md

@@ -0,0 +1,21 @@
+---
+title: "Information Disclosure - Base64-encoded String"
+alertid: 100007
+alertindex: 10000700
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Informational
+solution: "Base64-encoding should not be used to store or send sensitive information."
+other: ""
+cwe: 311
+wasc: 13
+alerttags: 
+  - CWE-311
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/find%20base64%20strings.js
+linktext: "passive/find base64 strings.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+A Base64-encoded string has been found in the HTTP response body. Base64-encoded data may contain sensitive information such as usernames, passwords or cookies which should be further inspected.
+

site/content/docs/alerts/100008.md

@@ -0,0 +1,20 @@
+---
+title: "Information Disclosure - Credit Card Number"
+alertid: 100008
+alertindex: 10000800
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: High
+solution: "Encrypt credit card numbers during transmission, use tokenization, and adhere to PCI DSS standards for secure handling and storage. "
+other: ""
+cwe: 311
+wasc: 13
+alerttags: 
+  - CWE-311
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/Find%20Credit%20Cards.js
+linktext: "passive/Find Credit Cards.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+A credit card number was found in the HTTP response body.

site/content/docs/alerts/100009.md

@@ -0,0 +1,21 @@
+---
+title: "Information Disclosure - Email Addresses"
+alertid: 100009
+alertindex: 10000900
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Low
+solution: "Mask email addresses during transmission and ensure proper access controls  to protect user privacy and prevent unauthorized access. "
+other: ""
+cwe: 311
+wasc: 13
+alerttags: 
+  - CWE-311
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/Find%20Emails.js
+linktext: "passive/Find Emails.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+An email address was found in the HTTP response body. Exposure of email addresses in HTTP messages can lead to privacy violations  and targeted phishing attacks.
+

site/content/docs/alerts/100010.md

@@ -0,0 +1,20 @@
+---
+title: "Information Disclosure - Hash"
+alertid: 100010
+alertindex: 10001000
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Low
+solution: "Ensure that hashes that are used to protect credentials or other resources are not leaked by the web server or database. There is typically no requirement for password hashes to be accessible to the web browser. "
+other: ""
+cwe: 327
+wasc: 13
+alerttags: 
+  - CWE-327
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/Find%20Hashes.js
+linktext: "passive/Find Hashes.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+A hash was discovered in the HTTP response body.

site/content/docs/alerts/100011.md

@@ -0,0 +1,21 @@
+---
+title: "Information Disclosure - HTML Comments"
+alertid: 100011
+alertindex: 10001100
+alerttype: "Script Passive"
+alertcount: 1
+status: alpha
+type: alert
+risk: Informational
+solution: "Remove comments which have sensitive information about the design/implementation of the application. Some of the comments may be exposed to the user and affect  the security posture of the application. "
+other: ""
+cwe: 615
+wasc: 13
+alerttags: 
+  - CWE-615
+code: https://github.com/zaproxy/community-scripts/blob/main/passive/Find%20HTML%20Comments.js
+linktext: "passive/Find HTML Comments.js"
+help: https://www.zaproxy.org/docs/desktop/addons/community-scripts/
+---
+While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.
+