Clean Code

kingthorin · kingthorin · commit 408f1c2da3cb · 2025-06-20T07:25:58.000-04:00
Signed-off-by: kingthorin &lt;kingthorin@users.noreply.github.com&gt;
diff --git a/addOns/ascanrules/CHANGELOG.md b/addOns/ascanrules/CHANGELOG.md
@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
-
+### Changed
+- Maintenance changes.
 
 ## [72] - 2025-06-20
 ### Added
diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java
@@ -294,7 +294,7 @@ private void raiseAlert(int confidence, String param, HtmlContext ctx, String ot
                 .raise();
     }
 
-    private boolean performDirectAttack(HttpMessage msg, String param, String value) {
+    private boolean performDirectAttack(HttpMessage msg, String param) {
         for (String scriptAlert : GENERIC_SCRIPT_ALERT_LIST) {
             List<HtmlContext> contexts2 =
                     performAttack(
@@ -322,8 +322,7 @@ private boolean performDirectAttack(HttpMessage msg, String param, String value)
         return false;
     }
 
-    private boolean performTagAttack(
-            HtmlContext context, HttpMessage msg, String param, String value) {
+    private boolean performTagAttack(HtmlContext context, HttpMessage msg, String param) {
 
         if (context.isInScriptAttribute()) {
             // Good chance this will be vulnerable
@@ -955,7 +954,7 @@ public void scan(HttpMessage msg, String param, String value) {
                 contexts = hca.getHtmlContexts(value + Constant.getEyeCatcher(), null, 0);
             }
             if (contexts.isEmpty()) {
-                attackWorked = performDirectAttack(msg, param, value);
+                attackWorked = performDirectAttack(msg, param);
             }
 
             for (HtmlContext context : contexts) {
@@ -966,7 +965,7 @@ public void scan(HttpMessage msg, String param, String value) {
                 }
                 if (context.getTagAttribute() != null) {
                     // its in a tag attribute - lots of attack vectors possible
-                    attackWorked = performTagAttack(context, msg, param, value);
+                    attackWorked = performTagAttack(context, msg, param);
 
                 } else if (context.isInAttributeName()) {
 
diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRuleUnitTest.java
@@ -2152,8 +2152,7 @@ protected Response serve(IHTTPSession session) {
                         } else {
                             response = getHtml("NoInput.html");
                         }
-                        Response resp = newFixedLengthResponse(response);
-                        return resp;
+                        return newFixedLengthResponse(response);
                     }
                 });
 

Original file line number	Diff line number	Diff line change
`@@ -294,7 +294,7 @@ private void raiseAlert(int confidence, String param, HtmlContext ctx, String ot`
`294`	`294`	`.raise();`
`295`	`295`	`}`
`296`	`296`
`297`		`- private boolean performDirectAttack(HttpMessage msg, String param, String value) {`
	`297`	`+ private boolean performDirectAttack(HttpMessage msg, String param) {`
`298`	`298`	`for (String scriptAlert : GENERIC_SCRIPT_ALERT_LIST) {`
`299`	`299`	`List<HtmlContext> contexts2 =`
`300`	`300`	`performAttack(`
`@@ -322,8 +322,7 @@ private boolean performDirectAttack(HttpMessage msg, String param, String value)`
`322`	`322`	`return false;`
`323`	`323`	`}`
`324`	`324`
`325`		`- private boolean performTagAttack(`
`326`		`- HtmlContext context, HttpMessage msg, String param, String value) {`
	`325`	`+ private boolean performTagAttack(HtmlContext context, HttpMessage msg, String param) {`
`327`	`326`
`328`	`327`	`if (context.isInScriptAttribute()) {`
`329`	`328`	`// Good chance this will be vulnerable`
`@@ -955,7 +954,7 @@ public void scan(HttpMessage msg, String param, String value) {`
`955`	`954`	`contexts = hca.getHtmlContexts(value + Constant.getEyeCatcher(), null, 0);`
`956`	`955`	`}`
`957`	`956`	`if (contexts.isEmpty()) {`
`958`		`- attackWorked = performDirectAttack(msg, param, value);`
	`957`	`+ attackWorked = performDirectAttack(msg, param);`
`959`	`958`	`}`
`960`	`959`
`961`	`960`	`for (HtmlContext context : contexts) {`
`@@ -966,7 +965,7 @@ public void scan(HttpMessage msg, String param, String value) {`
`966`	`965`	`}`
`967`	`966`	`if (context.getTagAttribute() != null) {`
`968`	`967`	`// its in a tag attribute - lots of attack vectors possible`
`969`		`- attackWorked = performTagAttack(context, msg, param, value);`
	`968`	`+ attackWorked = performTagAttack(context, msg, param);`
`970`	`969`
`971`	`970`	`} else if (context.isInAttributeName()) {`
`972`	`971`
Original file line number	Diff line number	Diff line change
`@@ -2152,8 +2152,7 @@ protected Response serve(IHTTPSession session) {`
`2152`	`2152`	`} else {`
`2153`	`2153`	`response = getHtml("NoInput.html");`
`2154`	`2154`	`}`
`2155`		`- Response resp = newFixedLengthResponse(response);`
`2156`		`- return resp;`
	`2155`	`+ return newFixedLengthResponse(response);`
`2157`	`2156`	`}`
`2158`	`2157`	`});`
`2159`	`2158`