Update data

From:
zaproxy/zap-admin@44bb5d7

Signed-off-by: zapbot <[email protected]>

site/content/docs/desktop/addons/alert-filters/_index.md

@@ -6,14 +6,16 @@ weight: 1
 cascade:
   addon:
     id: alertFilters
-    version: 22.0.0
+    version: 23.0.0
 ---
 
 # Alert Filters
 
+
 Alert Filters allow you to automatically override the risk levels
 of any alerts raised by the active and passive scan.
 
+
 There are 2 different types of Alert Filter:
 
 * [Context Alert Filters](/docs/desktop/addons/alert-filters/contextalertfilter/)
@@ -22,8 +24,10 @@ There are 2 different types of Alert Filter:
 Alert Filters can also be defined in the [Automation Framework](/docs/desktop/addons/alert-filters/automation/).
 
 
+
 The easiest way to create Alert Filters is to right click an alert and select
 the 'Create Alert Filter...' option. This will display the
 [Alert Filter Dialog](/docs/desktop/addons/alert-filters/alertfilterdialog/).  
+
 You can also create Alert Filter manually.
 By default Alert Filters only apply to new alerts, but you can both test and apply the Alert Filters to existing alerts.

site/content/docs/desktop/addons/alert-filters/alertfilterdialog.md

@@ -6,10 +6,12 @@ type: userguide
 
 # Alert Filter Dialog
 
+
 This dialog is shown when you add or modify a
 [Context Alert Filter](/docs/desktop/addons/alert-filters/contextalertfilter/)
 or a [Global Alert Filter](/docs/desktop/addons/alert-filters/globalalertfilter/)
 
+
 It has the following fields:
 
 ### Scope

site/content/docs/desktop/addons/alert-filters/automation.md

@@ -13,6 +13,7 @@ This add-on supports the Automation Framework.
 
 The alertFilter job allows you to define global and context specific alert filters.
 
+
 It is covered in the video: [ZAP Chat 08 Automation Framework Part 2 - Environment](https://youtu.be/1fcpU54N-mA).
 
 ```

site/content/docs/desktop/addons/alert-filters/contextalertfilter.md

@@ -7,12 +7,15 @@ weight: 1
 
 # Context Alert Filters
 
+
 Context [Alert Filters](/docs/desktop/addons/alert-filters/) allow you to automatically override the risk levels
 of any alerts raised by the active and passive scan rules within a context.
 The Alert Filters will be exported and imported with the context -
 they will not persist over ZAP sessions unless the context is imported again.
 
+
 This add-on adds an 'Alert Filters' panel to the contexts dialog.  
+
 The panel shows a list of all of the Alert Filters along with buttons for
 adding, removing, and deleting them.
 Adding or modifying an Alert Filter will display the [Alert Filter Dialog](/docs/desktop/addons/alert-filters/alertfilterdialog/).

site/content/docs/desktop/addons/alert-filters/globalalertfilter.md

@@ -7,13 +7,17 @@ weight: 2
 
 # Options Global Alert Filters
 
+
 This Options screen allows you to configure Global [Alert Filters](/docs/desktop/addons/alert-filters/) which allow you to
 automatically override the risk levels of any alerts raised by the active and passive scan rules.
 Unlike [Context Alert Filters](/docs/desktop/addons/alert-filters/contextalertfilter/) they apply to all alerts raised,
 not just those raised in a specific context.  
+
 They will also be persisted across ZAP sessions.
 
+
 The screen shows a list of all of the Global Alert Filters along with buttons for
 adding, removing, and deleting them.
 
+
 Adding or modifying an Alert Filter will display the [Alert Filter Dialog](/docs/desktop/addons/alert-filters/alertfilterdialog/).

site/content/docs/desktop/addons/authentication-helper/_index.md

@@ -6,13 +6,14 @@ weight: 1
 cascade:
   addon:
     id: authhelper
-    version: 0.16.0
+    version: 0.17.0
 ---
 
 # Authentication Helper
 
 This add-on helps identify and set up authentication handling in ZAP.  
 
+
 The add-on can be used in 2 ways:
 
 * To passively detect authentication features.
@@ -30,13 +31,16 @@ The features currently supported are:
 * [Header Based Session Management](/docs/desktop/addons/authentication-helper/session-header/)
 * [Verification Identification](/docs/desktop/addons/authentication-helper/verification-id/)
 
+
 This add-on does not currently perform any exploring on its own - it relies upon requests being proxied through ZAP
 (e.g. via a browser being manually controlled, or integration tests) or requests being generated by ZAP
 (e.g. via the traditional or AJAX spiders).
 
+
 You can use the [Authentication Tester](/docs/desktop/addons/authentication-helper/auth-tester/) dialog to
 see if ZAP can automatically configure authentication handling for you target application(s).
 
+
 You can also configure ZAP to handle authentication automatically via the Automation Framework
 by supplying just the login URL and the user credentials in the environment:
 

site/content/docs/desktop/addons/authentication-helper/auth-req-id.md

@@ -10,15 +10,20 @@ weight: 1
 This [add-on](/docs/desktop/addons/authentication-helper/) includes a passive scan rule which attempts to identify authentication requests.  
 It identifies authentication requests by the presence of commonly used username and password field names. It also uses commonly used URL segments to identify more likely authentication requests, and uses commonly used registration URL segments to ignore registration requests.
 
+
 The rule will not attempt to identify very unusual authentication requests - automation is one of the end goals so false negatives
 (missing unusual authentication requests) are more desirable than false positives (incorrectly identifying an authentication request).
 
+
 If this rule identifies an authentication request that is part of the context that you have set to use the
 [Auto-Detect Authentication Method](/docs/desktop/addons/authentication-helper/autodetect-auth/) then this rule will update the context to use the authentication method identified.
 
+
 If an authentication request is not identified then check to make sure it is made to a site which is included in the context.  
+
 If it is not then add the site to the context and authenticate again via your browser.
 
+
 The 'Other Info' field is used to report a set of key-value pairs which can be easily parsed. The current keys supported are:
 
 * userParam
@@ -28,11 +33,13 @@ The 'Other Info' field is used to report a set of key-value pairs which can be e
 
 There can potentially be multiple csrfTokens.
 
+
 The rule will currently identify:
 
 * Form-based authentication requests
 * JSON-based authentication requests
 
 If this rule fails to identify one of the above types of authentication requests then you can raise an [issue](https://github.com/zaproxy/zaproxy/issues) with the complete request and response details (having obfuscated any sensitive information) and we will investigate it.
 
+
 Latest code: [AuthenticationDetectionScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDetectionScanRule.java)

site/content/docs/desktop/addons/authentication-helper/auth-tester.md

@@ -49,12 +49,15 @@ The results panel show the progress and what has been identified. All elements n
 
 The Diagnostics tab will contain a summary of the requests and responses sent and received as part of the authentication testing. It is recommended that you do not perform any other operations in ZAP while testing the authentication otherwise that may result in unrelated messages being recorded.
 
+
 Only the absolute minimum information is recorded, and host name and parameter values are replaced by safe tokens.
 You can copy all of the data and review it to make sure it does not include any sensitive data
 before you share it with us.
 
+
 Is ZAP fails to detect either the Username or Password field then we will need more details about the login page.
 If you can share that with us then it will it much easier to debug.
 
+
 If ZAP detects both of the required fields then please share the data from the diagnostic tab with us -
 we will hopefully be able to diagnose what's going wrong with just that information.

site/content/docs/desktop/addons/authentication-helper/browser-auth.md

@@ -9,11 +9,13 @@ weight: 3
 
 This [add-on](/docs/desktop/addons/authentication-helper/) adds a new authentication type which uses a browser to login to the target website.
 
+
 It uses the first field with a type of "text" or "email" for the user name and the first field with a type
 of "password" for the password.
 It does support login pages where the password field is only made visible when the username has been entered.
 It does not support login pages which do not submit when `Return` is used in the password field.
 
+
 The response containing the session token is identified by choosing the first response following a login which contains any of:
 
 * An `Authorization` header
@@ -38,13 +40,15 @@ Browser Based Authentication can be configured in the environment section of an
 
 The AJAX Spider with automatically login if a user is specified which is in a context that uses Browser Based Authentication.
 
+
 Note that this uses the Selenium integration detailed below, so any browsers launched manually will also be logged in if the
 AJAX spider is performing an authenticated scan using Browser Based Authentication.
 
 ## Selenium Integration
 
 Any browsers launched by ZAP can be configured to always first login using the details configured in a context. This is disabled by default.
 
+
 This feature can be controlled by the following static methods, which are used by the AJAX Spider and can also be called from scripts.
 
 ```
@@ -65,11 +69,13 @@ org.zaproxy.addon.authhelper.AuthUtils.disableBrowserAuthentication()
 
 This method will disable browser authentication when browser is launched.
 
+
 Note that due to restrictions in the core:
 
 * Existing contexts are not updated in the GUI if you add or remove this add-on
 * Browser Based Authentication cannot be added to a context via the API
 
 These restrictions will be addressed in a future release.
 
+
 Latest code: [BrowserBasedAuthenticationMethodType.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java)

site/content/docs/desktop/addons/authentication-helper/session-header.md

@@ -9,9 +9,11 @@ weight: 6
 
 This [add-on](/docs/desktop/addons/authentication-helper/) adds a new session management type which supports an arbitrary number of headers.
 
+
 If used in conjunction with [Browser Based Authentication](/docs/desktop/addons/authentication-helper/browser-auth/) then it will also maintain all
 of the cookies set as part of authentication.
 
+
 The header values can include the following tokens:
 
 |   |                         |                                   |
@@ -35,11 +37,13 @@ Header Based Session Management can be configured in the environment section of
           Authorization: "Bearer: {%json:AuthenticationResult.AccessToken%}"
 ```
 
+
 Note that due to restrictions in the core:
 
 * Existing contexts are not updated in the GUI if you add or remove this add-on
 * Header Based Session Management cannot be added to a context via the API
 
 These restrictions will be addressed in a future release.
 
+
 Latest code: [HeaderBasedSessionManagementMethodType.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/HeaderBasedSessionManagementMethodType.java)

site/content/docs/desktop/addons/authentication-helper/session-mgmt-id.md

@@ -10,22 +10,29 @@ weight: 4
 This [add-on](/docs/desktop/addons/authentication-helper/) includes a passive scan rule which attempts to identify session management methods.  
 It identifies session management methods by the presence of commonly used session management identifiers and any values specified in Authorization request headers.
 
+
 The rule will not attempt to identify very unusual session management methods - automation is one of the end goals so false negatives
 (missing unusual session management methods) are more desirable than false positives (incorrectly identifying a session management method).
 
+
 If this rule identifies a session management method that is part of the context that you have set to use the
 [Auto-Detect Session Management Method](/docs/desktop/addons/authentication-helper/autodetect-session/) then this rule will update the context to use the session management method identified.
 
+
 If a session management method is not identified then check to make sure it is made to a site which is included in the context.  
+
 If it is not then add the site to the context and authenticate again via your browser.
 
+
 The 'Other Info' field is used to report the set of [Header Based Session Management](/docs/desktop/addons/authentication-helper/session-header/)
 tokens that need to be specified.
 
+
 The rule will currently identify:
 
 * Header-based session management methods
 
 If this rule fails to identify one of the above method then you can raise an [issue](https://github.com/zaproxy/zaproxy/issues) with the complete request and response details (having obfuscated any sensitive information) and we will investigate it.
 
+
 Latest code: [SessionDetectionScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/SessionDetectionScanRule.java)

site/content/docs/desktop/addons/authentication-helper/verification-id.md

@@ -10,6 +10,7 @@ weight: 7
 This [add-on](/docs/desktop/addons/authentication-helper/) includes a passive scan rule which attempts to identify Verification requests.  
 Verification requests are the requests that ZAP uses to tell if a session is still valid.
 
+
 Unlike the other identification scan rules in this add-on, this rule will only raise alerts if you have indicated that you want to use
 verification auto-detection for a specific context.
 Due to the way the ZAP 2.12 core works it is not currently possible to add a new Verification Method Type dynamically.
@@ -21,21 +22,27 @@ Instead you will need to:
 
 In 2.13+ (and the latest weeklies) it will be possible to set the verification strategy to "Auto-Detect".
 
+
 The rule works by identifying requests that behave differently when a valid session management token is supplied,
 but also behave consistently when a token is supplied and when one is not supplied.
 
+
 Responses which contain the user name are preferred - this can be the name given to the user in ZAP or the username
 specified in the credentials.
 
+
 Unusually for a passive scan rule, this rule actually makes requests rather than just observing them.
 It needs to do this in order to identify which requests act differently when performed with and without a valid session token.
 It will only do that if you have enabled it as above.
 
+
 If the rule identifies a Verification request for a context that does not have one,
 or a request that is determined to be 'better' that the currently identified request then the context will be updated.
 
+
 If this rule fails to identify a suitable request for your application then you can raise an
 [issue](https://github.com/zaproxy/zaproxy/issues) with the complete request and response details
 (having obfuscated any sensitive information) and we will investigate it.
 
+
 Latest code: [VerificationDetectionScanRule.java](https://github.com/zaproxy/zap-extensions/blob/main/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java)