Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix TOTP seed handling inside ZAP wrapper #3785

Open
winzj opened this issue Jan 13, 2025 · 0 comments · May be fixed by #3787
Open

Fix TOTP seed handling inside ZAP wrapper #3785

winzj opened this issue Jan 13, 2025 · 0 comments · May be fixed by #3787
Assignees
@winzj
Labels
bug Something isn't working zap wrapper
Milestone
ZAP Wrapper 1.8.0

Comments

@winzj
Copy link
Member

winzj commented Jan 13, 2025
edited
Loading

Situation

The TOTPGenerator used for webscans needs a seed that is provided as an hex, base32 or base64 encoded string most of the time.
Currently there can be issues based on the chosen charset, if the seed is decoded and saved as string or is encoded afterwards again. Information can be lost or changed during this process.

Solution

Use the encoded string and decode it only when it is required. Do not transform the datatypes if not necessary.
@winzj winzj added this to the ZAP Wrapper 1.8.0 milestone Jan 13, 2025
@winzj winzj self-assigned this Jan 13, 2025
@winzj winzj added the bug Something isn't working label Jan 13, 2025
@winzj winzj changed the title Use the encoded TOTP seed inside the TOTPGenerator instead of type conversions Fix TOTP generation by using the encoded TOTP seed inside the TOTPGenerator instead of previous type conversions Jan 13, 2025
winzj added a commit that referenced this issue Jan 13, 2025
@winzj
Fix TOTP seed handling #3785
1430dfc
@winzj winzj linked a pull request Jan 13, 2025 that will close this issue
Open
@winzj winzj changed the title Fix TOTP generation by using the encoded TOTP seed inside the TOTPGenerator instead of previous type conversions Fix TOTP seed handling inside ZAP wrapper Jan 13, 2025
winzj added a commit that referenced this issue Jan 14, 2025
@winzj
Small refactoring #3785
0976b6f
winzj added a commit that referenced this issue Jan 15, 2025
@winzj
Improve error handling options for groovy scripts #3785
c64f213
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winzj winzj

Labels
bug Something isn't working zap wrapper
Projects
None yet
Milestone
ZAP Wrapper 1.8.0
Development

Successfully merging a pull request may close this issue.

Fix TOTP seed handling #3785 mercedes-benz/sechub
1 participant
@winzj