insights: identify triggering insight on stop#7366
Conversation
|
New Issues (1)Checkmarx found the following issues in this Pull Request
Use @Checkmarx to interact with Checkmarx PR Assistant. |
| The message reported on stop identifies the triggering insight (key, reason, site, value), and when a report is generated it includes | ||
| <code>stoppedByInsights</code> and <code>stoppingInsight</code> so headless pipelines can detect Insights-driven stops without log scraping. |
There was a problem hiding this comment.
when a report is generated it includes
No it doesn't, the reports need to be updated to expose the new data (there's no "data dump" as mentioned in the PR description). The report part better under the Reports section in the main help page.
without log scraping.
It was already possible without log scraping, this is incorrect and not relevant for the help.
There was a problem hiding this comment.
Good catches, fixed in the latest push. Reports now actually expose the data
|
|
||
| ## Unreleased | ||
| ### Added | ||
| - Report data now exposes `stoppedByInsights` and `stoppingInsight` so pipelines can detect Insights-driven stops from the report alone. |
There was a problem hiding this comment.
That was already possible as mentioned elsewhere, we can say that it's now easier/explicit though. In any case the reports are not yet exposing that data.
msrivas-7
force-pushed
the
insights-abort-reason
branch
from
260fbdd to
6992437
Compare
kingthorin
force-pushed
the
insights-abort-reason
branch
from
6992437 to
8da5b85
Compare
The AF progress warning and daemon exit reason now include the insight key, reason, site, and statistic. Report data also exposes stoppedByInsights and stoppingInsight so pipelines can detect Insights-driven stops without log scraping. See zaproxy/zaproxy#9340. Signed-off-by: Mehul Srivastava <msrivas4017@gmail.com>
Signed-off-by: Mehul Srivastava <msrivas4017@gmail.com>
msrivas-7
force-pushed
the
insights-abort-reason
branch
from
8da5b85 to
2c1bd99
Compare
|
Rebased to resolve conflicts |
4 participants
What
When the Insights add-on stops a scan via
exitAutoOnHigh, identify the triggering insight in every headless artefact (AF progress, daemon exit reason, report data, rendered reports).Fixes zaproxy/zaproxy#9340.
Changes
insightsadd-onInsightsJob.recordInsight):insights.automation.stopplannow takes the insight's key, reason, site, and statistic.Insights stopping plan due to High Level InsightInsights stopping plan due to High Level Insight: insight.auth.failure (Exceeded High) on https://example.com = 75 %<global>label viainsights.automation.stopplan.site.global.ExtensionInsights.recordInsight):setExitStatus(2, …)now appends the insight identifiers (LEVEL : REASON : SITE : KEY : STATISTIC). Stays non-localized — good for log scraping. Exit code unchanged.Shutting down ZAP due to High Level Insight: HIGH : EXCEEDED_HIGH : https://example.com : insight.auth.failure : 75ExtensionInsightsReport): new keystoppingInsight(the triggeringInsight). Backed by a newstoppingInsightfield onExtensionInsights, set from both AF and daemon paths and reset onInsightsJob.runJobso re-runs don't see stale data.>=0.39.0→>=0.46.0(version that ships the templates which renderstoppingInsight).reportsadd-ontraditional-html,traditional-html-plus,traditional-pdf,modern,high-level-report,risk-confidence-html,traditional-json,traditional-json-plus,traditional-xml,traditional-xml-plus,traditional-md. HTML/PDF/MD use a localized message (report.insights.stoppedby); JSON/XML add astoppingInsightsibling to the existing insights data.stoppingInsightis null — existing baseline outputs unchanged.Naming uses "stop" rather than "abort" per maintainer feedback.
Tests
insightsadd-onInsightsJobUnitTest— stop path sets the trigger, callsstopPlan(false), warns with insight details; covers<global>fallback,exitAutoOnHigh=false, and non-HIGH levels.ExtensionInsightsReportUnitTest— verifiesstoppingInsightis exposed/omitted in the report data appropriately.reportsadd-onExtensionReports{Json,Xml,Md}UnitTest— parse the rendered output and assert the stopping insight appears.ExtensionReportsUnitTest(matches existingshouldGenerateReportstyle — covers render-time errors in the Thymeleaf snippet).ReportTestUtils.generateReportWithInsightsoverloaded to optionally accept a stopping insight../gradlew :addOns:insights:check :addOns:reports:check :spotlessApply— all green.Notes
Insightmodel change — trigger tracked onExtensionInsightsto keep@AllArgsConstructorand existing test fixtures stable.2— out of scope; the enriched reason string is the differentiator.insights-options.htmlto the Reports section ininsights.html(per review feedback). English-only.CHANGELOG.mdupdated for both add-ons.