Unable to apply alert filter on alerts created in zap

1
votes

I integrated ZAP scans (by proxying e2e tests) in our CI pipelines. I'm checking alert filter plugin to flag false positives. Due to organisational requirements we are supposed to generate two zap html reports

  1. Report without suppressing false positives
  2. Report after suppressing false positives

When I use http://zap/JSON/alertFilter/action/addAlertFilter/... api to mark false positives before active or passive scans, alerts marked as false positives are not reported in HTML (This is expected). After generating report by suppressing false positives, I removed the false positive alert filter using http://zap/JSON/alertFilter/action/removeAlertFilter/... and tried generating report to get all alerts, but Im not getting report with all alerts.

Using ZAP in UI mode I learnt, creating alert filter after alters are generated doesnt change generated alert confidence. We need to apply the alert filter by clicking the button "Apply" in create alter filter dialog. This will change the confidence of alert already generated and now report contains the alerts. Apply alert filter button in create alter filter dialog

Now I'm unable to find out how to do this via zap api! api for alert filter has create, view and remove alter filter but no apply. how to "apply" the alert filter from zap api? Thank you.

1
owaspzap

1 Answers

0
votes

The "Apply Filter" option is really just for manual testing. Filters are applied when the alerts are raised - once they are applied you can 'un-apply' them. You added the filter, ran the active scan and the false positives were removed during the scan. Removing the filter after that will only affect scans you perform after you have removed it. You can still access all of the 'false positive' alerts via the ZAP API. It you still really want to be able to apply a filter dynamically via the API then raise an enhancement request: https://github.com/zaproxy/zaproxy/issues/new?labels=enhancement&template=Feature_request.md