admin管理员组

文章数量:1392007

As titled

Does anyone know the proper way of doing Fortify SSC scan for NextJS project? I see their guide for scanning ReactJs app but im sure that was meant for React CRA.

I need to know what needs to be included and excluded during scan setup, since i believe NextJs has ways of communicating between client and server pages, which something that i am wholly unsure whether SSC will scan it rightly.

The reason im asking the above is because the initial scan of the NextJs project that i was involved it returned me with the following mind boggling error, which obviously and definitely not coming from developer codes.

Cross-Site Scripting vulnerability found in Url parameter . The following attack uses plain encoding: 43735

URL : https://<BASE_URL_HERE>:443/_next/static/chunks/1508-c6175468555446d8.js/%34%33%37%33%35
Method : GET
Vulnerable Parameter : —
Attack Payload : https://<BASE_URL_HERE>:443/_next/static/chunks/1508-c6175468555446d8.js/%34%33%37%33%35

I may not be fully sure on the error above, but i think the scan captures how NextJs handles rendering and throws false positive on it. Correct me if im wrong here.

本文标签: xssHow to do proper configuration and setup of Fortify SSC scan on NextJs appStack Overflow

版权声明:本文标题:xss - How to do proper configuration and setup of Fortify SSC scan on NextJs app - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744657495a2618054.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。