Details
Alert ID 90003
Alert Type Passive
Status beta
Risk Medium
CWE 345
WASC 15
Technologies Targeted All
Tags CWE-345
OWASP_2017_A06
OWASP_2021_A05
POLICY_DEV_STD
POLICY_PENTEST
POLICY_QA_STD
SYSTEMIC
More Info Scan Rule Help

Summary

The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.

Solution

Provide a valid integrity attribute to the tag.

Other Info

The following hash was calculated (using base64 encoding of the output of the hash algorithm: SHA-384) for the script in question sha384-PJww2fZl501RXIQpYNSkUcg6ASX9Pec5LXs3IxrxDHLqWK7fzfiaV2W/kCr5Ps8G

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/SubResourceIntegrityAttributeScanRule.java