Address references issues

Resolve redirects.
Skip validating example refs, they are not real references and could
fail for several reasons (e.g. 404s, timeouts).

Signed-off-by: thc202 <[email protected]>

Author: thc202

addOns/ascanrulesAlpha/CHANGELOG.md

@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
-
+### Changed
+- Address redirections in references.
 
 ## [53] - 2025-11-04
 ### Added

addOns/ascanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/ascanrulesAlpha/resources/Messages.properties

@@ -33,5 +33,5 @@ ascanalpha.scripts.warn.couldNotAddScripts = Could not add alpha active scan rul
 ascanalpha.webCacheDeception.desc = Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.
 ascanalpha.webCacheDeception.name = Web Cache Deception
 ascanalpha.webCacheDeception.otherinfo = Cached Authorised Response and Unauthorised Response are similar.
-ascanalpha.webCacheDeception.refs = https://blog.cloudflare.com/understanding-our-cache-and-the-web-cache-deception-attack/\nhttps://www.invicti.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception/
+ascanalpha.webCacheDeception.refs = https://blog.cloudflare.com/understanding-our-cache-and-the-web-cache-deception-attack/\nhttps://www.invicti.com/web-vulnerability-scanner/vulnerabilities/web-cache-deception
 ascanalpha.webCacheDeception.soln = It is strongly advised to refrain from classifying file types, such as images or stylesheets solely by their URL and file extension. Instead you should make sure that files are cached based on their Content-Type header.

addOns/ascanrulesAlpha/src/main/zapHomeFiles/scripts/scripts/active/SuspiciousInputTransformation.js

@@ -52,7 +52,7 @@ alertRefOverrides:
   ${SCAN_RULE_ID}-6:
     name: Suspicious Input Transformation - Unicode Normalisation
     references:
-      - https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi
+      - https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
   ${SCAN_RULE_ID}-7:
     name: Suspicious Input Transformation - URL Decoding Error
     references:

addOns/graaljs/src/test/java/org/zaproxy/zap/extension/graaljs/ActiveDefaultTemplateGraalJsScriptTest.java

@@ -47,11 +47,8 @@ protected boolean isIgnoreAlertsRaisedInSendReasonableNumberOfMessages() {
     @Override
     public boolean isAllowedReferenceError(
             AlertReferenceError.Cause cause, String reference, Object detail) {
-        if (cause == AlertReferenceError.Cause.UNEXPECTED_STATUS_CODE && ((int) detail) == 404) {
-            // These are example.org references.
-            return true;
-        }
-        return false;
+        // These are example.org references.
+        return true;
     }
 
     @Test

addOns/graaljs/src/test/java/org/zaproxy/zap/extension/graaljs/PassiveDefaultTemplateGraalJsScriptTest.java

@@ -45,11 +45,8 @@ public Path getScriptPath() throws Exception {
     @Override
     public boolean isAllowedReferenceError(
             AlertReferenceError.Cause cause, String reference, Object detail) {
-        if (cause == AlertReferenceError.Cause.UNEXPECTED_STATUS_CODE && ((int) detail) == 404) {
-            // These are example.org references.
-            return true;
-        }
-        return false;
+        // These are example.org references.
+        return true;
     }
 
     @Test

addOns/pscanrules/CHANGELOG.md

@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
-
+### Changed
+- Address redirection in a reference.
 
 ## [69] - 2025-11-04
 ### Changed

addOns/pscanrules/src/main/resources/org/zaproxy/zap/extension/pscanrules/resources/Messages.properties

@@ -50,7 +50,7 @@ pscanrules.charsetmismatch.name = Charset Mismatch
 pscanrules.charsetmismatch.name.header_metacharset_mismatch = Charset Mismatch (Header Versus Meta Charset)
 pscanrules.charsetmismatch.name.header_metacontentype_mismatch = Charset Mismatch (Header Versus Meta Content-Type Charset)
 pscanrules.charsetmismatch.name.metacontenttype_metacharset_mismatch = Charset Mismatch (Meta Charset Versus Meta Content-Type Charset)
-pscanrules.charsetmismatch.refs = https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
+pscanrules.charsetmismatch.refs = https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Character_set_handling_and_detection
 pscanrules.charsetmismatch.soln = Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.
 
 pscanrules.contentsecuritypolicymissing.desc = Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.