diff --git a/addOns/reports/CHANGELOG.md b/addOns/reports/CHANGELOG.md
index 20a4a152ac5..2c6b886112d 100644
--- a/addOns/reports/CHANGELOG.md
+++ b/addOns/reports/CHANGELOG.md
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## Unreleased
### Changed
- Update dependencies.
+- All relevant reports to support nodeName and systemic counts.
## [0.41.0] - 2025-09-04
### Changed
diff --git a/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java b/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java
index 49c97e9de4a..b16d1877be7 100644
--- a/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java
+++ b/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java
@@ -19,6 +19,7 @@
*/
package org.zaproxy.addon.reports;
+import java.lang.reflect.Method;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
@@ -302,4 +303,69 @@ public static HttpMessage getHttpMessage(int id) {
}
return null;
}
+
+ /**
+ * Returns the nodeName for the alert. This will return null for versions before ZAP 2.17.
+ *
+ * @since 0.42.0
+ */
+ public static String getNodeName(Alert alert) {
+ if (alert == null) {
+ return null;
+ }
+ try {
+ Method method = alert.getClass().getMethod("getNodeName");
+ Object ret = method.invoke(alert);
+ if (ret != null && ret instanceof String str) {
+ return str;
+ }
+ } catch (Exception e) {
+ // Ignore
+ }
+ return null;
+ }
+
+ /**
+ * Returns whether the alert node is systemic. This will return false for versions before ZAP
+ * 2.17.
+ *
+ * @since 0.42.0
+ */
+ public static boolean isSystemic(AlertNode node) {
+ if (node == null) {
+ return false;
+ }
+ try {
+ Method method = node.getClass().getMethod("isSystemic");
+ Object ret = method.invoke(node);
+ if (ret != null && ret instanceof Boolean bool) {
+ return bool;
+ }
+ } catch (Exception e) {
+ // Ignore
+ }
+ return false;
+ }
+
+ /**
+ * Returns whether the alert node is systemic. This will return false for versions before ZAP
+ * 2.17.
+ *
+ * @since 0.42.0
+ */
+ public static boolean isSystemic(Alert alert) {
+ if (alert == null) {
+ return false;
+ }
+ try {
+ Method method = alert.getClass().getMethod("isSystemic");
+ Object ret = method.invoke(alert);
+ if (ret != null && ret instanceof Boolean bool) {
+ return bool;
+ }
+ } catch (Exception e) {
+ // Ignore
+ }
+ return false;
+ }
}
diff --git a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html
index 1a61f61bc4e..3e294ba9ef4 100644
--- a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html
+++ b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json-plus.html
@@ -53,6 +53,7 @@ Sample
"instances":[
{
"uri": "http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E",
+ "nodeName": "http://localhost:8080/bodgeit/search.jsp (q)",
"method": "GET",
"param": "q",
"attack": "</font><scrIpt>alert(1);</scRipt><font>",
@@ -65,6 +66,7 @@ Sample
},
{
"uri": "http://localhost:8080/bodgeit/contact.jsp",
+ "nodeName": "http://localhost:8080/bodgeit/contact.jsp",
"method": "POST",
"param": "comments",
"attack": "</td><scrIpt>alert(1);</scRipt><td>",
@@ -77,6 +79,7 @@ Sample
}
],
"count": "2",
+ "systemic": false,
"solution": "<p>Phase: Architecture and Design</p><p>Use a vetted library or framework that does not ...</p>",
"otherinfo": "",
"reference": "<p>http://projects.webappsec.org/Cross-Site-Scripting</p><p>http://cwe.mitre.org/data/definitions/79.html</p>",
diff --git a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json.html b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json.html
index 16d35dd7256..dbaaf592842 100644
--- a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json.html
+++ b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-json.html
@@ -32,6 +32,7 @@ Sample
"instances":[
{
"uri": "http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E",
+ "nodeName": "http://localhost:8080/bodgeit/search.jsp (q)",
"method": "GET",
"param": "q",
"attack": "</font><scrIpt>alert(1);</scRipt><font>",
@@ -40,6 +41,7 @@ Sample
},
{
"uri": "http://localhost:8080/bodgeit/contact.jsp",
+ "nodeName": "http://localhost:8080/bodgeit/contact.jsp",
"method": "POST",
"param": "comments",
"attack": "</td><scrIpt>alert(1);</scRipt><td>",
@@ -48,6 +50,7 @@ Sample
}
],
"count": "2",
+ "systemic": false,
"solution": "<p>Phase: Architecture and Design</p><p>Use a vetted library or framework that does not ...</p>",
"otherinfo": "",
"reference": "<p>http://projects.webappsec.org/Cross-Site-Scripting</p><p>http://cwe.mitre.org/data/definitions/79.html</p>",
diff --git a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-markdown.html b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-markdown.html
index fdda7233033..4e42b9e970d 100644
--- a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-markdown.html
+++ b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-markdown.html
@@ -71,18 +71,21 @@
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
* URL: http://localhost:8080/bodgeit/advanced.jsp
+ * Node Name: http://localhost:8080/bodgeit/advanced.jsp
* Method: `GET`
* Parameter: ``
* Attack: ``
* Evidence: `<form id="advanced" name="advanced" method="POST" onsubmit="return validateForm(this);false;">`
* Other Info: ``
* URL: http://localhost:8080/bodgeit/advanced.jsp
+ * Node Name: http://localhost:8080/bodgeit/advanced.jsp
* Method: `GET`
* Parameter: ``
* Attack: ``
* Evidence: `<form id="query" name="advanced" method="POST">`
* Other Info: ``
* URL: http://localhost:8080/bodgeit/basket.jsp
+ * Node Name: http://localhost:8080/bodgeit/basket.jsp
* Method: `GET`
* Parameter: ``
* Attack: ``
diff --git a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml-plus.html b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml-plus.html
index 52163278985..46982cbe518 100644
--- a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml-plus.html
+++ b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml-plus.html
@@ -28,6 +28,7 @@ Sample
<instance>
<uri>http://localhost:8080/bodgeit/js</uri>
+ <nodeName>http://localhost:8080/bodgeit/js</nodeName>
<method>GET</method>
<param></param>
<attack></attack>
@@ -61,6 +62,7 @@ Sample
<instance>
<uri>http://localhost:8080/bodgeit/js/util.js</uri>
+ <nodeName>http://localhost:8080/bodgeit/js/util.js</nodeName>
<method>GET</method>
<param></param>
<attack></attack>
@@ -157,6 +159,7 @@ Sample
</instances>
<count>3</count>
+ <systemic>false</systemic>
<solution></solution>
<otherinfo>NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID]
Cookies that don't have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.
diff --git a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml.html b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml.html
index d49e753538c..4638b9ee733 100644
--- a/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml.html
+++ b/addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/report-traditional-xml.html
@@ -26,9 +26,9 @@ Sample
<confidencedesc>Medium</confidencedesc>
<desc><p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...</desc>
<instances>
-
<instance>
<uri>http://localhost:8080/bodgeit/advanced.jsp</uri>
+ <nodeName>http://localhost:8080/bodgeit/advanced.jsp</nodeName>
<method>GET</method>
<param></param>
<attack></attack>
@@ -38,6 +38,7 @@ Sample
<instance>
<uri>http://localhost:8080/bodgeit/advanced.jsp</uri>
+ <nodeName>http://localhost:8080/bodgeit/advanced.jsp</nodeName>
<method>GET</method>
<param></param>
<attack></attack>
@@ -47,13 +48,17 @@ Sample
<instance>
<uri>http://localhost:8080/bodgeit/basket.jsp</uri>
+ <nodeName>http://localhost:8080/bodgeit/basket.jsp</nodeName>
<method>GET</method>
<param></param>
<attack></attack>
<evidence><form action="basket.jsp" method="post"></evidence>
<otherinfo></otherinfo>
</instance>
-
+ <count>2</count>
+ <systemic>false</systemic>
+ <solution>The solution</solution>
+ <otherinfo>The other info</otherinfo>
diff --git a/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties b/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties
index 06ba6bb603f..af5aaac90da 100644
--- a/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties
+++ b/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties
@@ -95,6 +95,7 @@ reports.report.alerts.detail.description = Description
reports.report.alerts.detail.evidence = Evidence
reports.report.alerts.detail.instances = Instances
reports.report.alerts.detail.method = Method
+reports.report.alerts.detail.nodename = Node Name
reports.report.alerts.detail.otherinfo = Other Info
reports.report.alerts.detail.param = Parameter
reports.report.alerts.detail.pluginid = Plugin Id
@@ -113,6 +114,7 @@ reports.report.alerts.list = Alerts
reports.report.alerts.list.name = Name
reports.report.alerts.list.numinstances = Number of Instances
reports.report.alerts.list.risklevel = Risk Level
+reports.report.alerts.list.systemic = Systemic
reports.report.alerts.summary = Summary of Alerts
reports.report.alerts.summary.numalerts = Number of Alerts
reports.report.alerts.summary.risklevel = Risk Level
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/modern/report.html b/addOns/reports/src/main/zapHomeFiles/reports/modern/report.html
index f9fe1841c52..c9886869396 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/modern/report.html
+++ b/addOns/reports/src/main/zapHomeFiles/reports/modern/report.html
@@ -205,7 +205,12 @@ Alerts
Name
Risk |
- Count |
+
+ Systemic |
+
+
+ Count |
+
@@ -437,6 +442,15 @@ Alert Detail
URL |
+
+
+ | Node Name |
+ Node Name |
+
+
| Method |
@@ -543,7 +557,12 @@ Alert Detail
| Instances |
- Instances |
+
+ Systemic |
+
+
+ Instances |
+
| Solution |
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/report.html b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/report.html
index ac3fba6d1c8..a881b9bd416 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/report.html
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/report.html
@@ -199,7 +199,12 @@ Alerts
th:text="${alert.nodeName}" href="#plugin-pluginId">Alert Name
Risk |
+
+ Systemic |
+
+
Count |
+
@@ -410,6 +415,11 @@ Alert Detail
URL |
+
+ | Node Name |
+ Node Name |
+
| Method |
@@ -518,7 +528,12 @@ Alert Detail
| Instances |
+
+ Systemic |
+
+
Instances |
+
| Solution |
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html/report.html b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html/report.html
index 51ac197b71b..4cb9f5f1abb 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html/report.html
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html/report.html
@@ -324,7 +324,12 @@ Alerts
th:text="${alert.nodeName}" href="#oluginId">Alert Name
Risk |
+
+ Systemic |
+
+
Count |
+
@@ -359,6 +364,11 @@ Alert Detail
URL |
+
+ | Node Name |
+ Node Name |
+
| Method |
@@ -388,7 +398,12 @@ Alert Detail
| Instances |
+
+ Systemic |
+
+
Instances |
+
| Solution |
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-json-plus/report.json b/addOns/reports/src/main/zapHomeFiles/reports/traditional-json-plus/report.json
index d6b111daa76..cd8574e487a 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-json-plus/report.json
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-json-plus/report.json
@@ -23,6 +23,7 @@
{
"id": "[(${instance.alertId})]",
"uri": "[(${helper.legacyEscapeText(instance.uri, true)})]",
+ "nodeName": "[(${helper.legacyEscapeText(helper.getNodeName(instance))})]",
"method": "[(${helper.legacyEscapeText(instance.method, true)})]",
"param": "[(${helper.legacyEscapeTextAlertParam(instance, true)})]",
"attack": "[(${helper.legacyEscapeText(instance.attack, true)})]",
@@ -35,6 +36,7 @@
}[/th:block]
],
"count": "[(${instances.size})]",
+ "systemic": [(${helper.isSystemic(alert)})],
"solution": "[(${helper.legacyEscapeParagraph(alert.solution, true)})]",
"otherinfo": "[(${helper.legacyEscapeParagraph(alert.otherinfo, true)})]",
"reference": "[(${helper.legacyEscapeParagraph(alert.reference, true)})]",
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-json/report.json b/addOns/reports/src/main/zapHomeFiles/reports/traditional-json/report.json
index e58f5d00551..0d1eda0bae8 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-json/report.json
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-json/report.json
@@ -23,6 +23,7 @@
{
"id": "[(${instance.alertId})]",
"uri": "[(${helper.legacyEscapeText(instance.uri, true)})]",
+ "nodeName": "[(${helper.legacyEscapeText(helper.getNodeName(instance))})]",
"method": "[(${helper.legacyEscapeText(instance.method, true)})]",
"param": "[(${helper.legacyEscapeTextAlertParam(instance, true)})]",
"attack": "[(${helper.legacyEscapeText(instance.attack, true)})]",
@@ -31,6 +32,7 @@
}[/th:block]
],
"count": "[(${instances.size})]",
+ "systemic": [(${helper.isSystemic(alert)})],
"solution": "[(${helper.legacyEscapeParagraph(alert.solution, true)})]",
"otherinfo": "[(${helper.legacyEscapeParagraph(alert.otherinfo, true)})]",
"reference": "[(${helper.legacyEscapeParagraph(alert.reference, true)})]",
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-md/report.md b/addOns/reports/src/main/zapHomeFiles/reports/traditional-md/report.md
index 51447cc6d0d..bee9eee9111 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-md/report.md
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-md/report.md
@@ -16,7 +16,7 @@ ZAP by [Checkmarx](https://checkmarx.com/).
| [(#{report.alerts.list.name})] | [(#{report.alerts.list.risklevel})] | [(#{report.alerts.list.numinstances})] |
| --- | --- | --- |
-[#th:block th:each="alert: ${alertTree.children}"]| [(${alert.nodeName})] | [(${helper.getRiskString(alert.risk)})] | [(${alert.childCount})] |
+[#th:block th:each="alert: ${alertTree.children}"]| [(${alert.nodeName})] | [(${helper.getRiskString(alert.risk)})] | [#th:block th:if="${helper.isSystemic(alert)}"][(#{report.alerts.list.systemic})][/th:block][#th:block th:unless="${helper.isSystemic(alert)}"][(${alert.childCount})][/th:block] |
[/th:block]
[/th:block]
@@ -38,13 +38,15 @@ ZAP by [Checkmarx](https://checkmarx.com/).
[(${alert.userObject.description})]
[#th:block th:each="instance: ${alert.children}"]
* [(#{report.alerts.detail.url})]: [(${#strings.replace(#uris.escapePath(instance.userObject.uri), ')', '&29')})]
+[#th:block th:if="${helper.getNodeName(instance.userObject) != null}"] * [(#{report.alerts.detail.nodename})]: `[(${helper.getNodeName(instance.userObject)})]`[/th:block]
* [(#{report.alerts.detail.method})]: `[(${instance.userObject.method})]`
* [(#{report.alerts.detail.param})]: `[(${instance.userObject.param})]`
* [(#{report.alerts.detail.attack})]: `[(${instance.userObject.attack})]`
* [(#{report.alerts.detail.evidence})]: `[(${instance.userObject.evidence})]`
* [(#{report.alerts.detail.otherinfo})]: `[(${instance.userObject.otherinfo})]`
[/th:block]
-[(#{report.alerts.detail.instances})]: [(${alert.childCount})]
+[#th:block th:if="${helper.isSystemic(alert)}"][(#{report.alerts.detail.instances})]: [(#{report.alerts.list.systemic})][/th:block]
+[#th:block th:unless="${helper.isSystemic(alert)}"][(#{report.alerts.detail.instances})]: [(${alert.childCount})][/th:block]
### [(#{report.alerts.detail.solution})]
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-pdf/report.html b/addOns/reports/src/main/zapHomeFiles/reports/traditional-pdf/report.html
index 8a5c56097fd..c476c42b545 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-pdf/report.html
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-pdf/report.html
@@ -186,7 +186,12 @@ Alerts
Name
Risk |
- Count |
+
+ Systemic |
+
+
+ Count |
+
@@ -223,6 +228,15 @@ Alert Detail
th:text="${helper.escapeXml(instance.userObject.uri)}"
href="url.html">URL
+
+
+ | Node Name |
+ Node Name |
+
+
| Method |
@@ -249,7 +263,12 @@ Alert Detail
| Instances |
- Instances |
+
+ Systemic |
+
+
+ Instances |
+
| Solution |
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml-plus/report.xml b/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml-plus/report.xml
index 2eb9fbd3844..57790d475cc 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml-plus/report.xml
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml-plus/report.xml
@@ -24,6 +24,7 @@
+
@@ -41,6 +42,7 @@
+
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml/report.xml b/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml/report.xml
index b8079a2f308..769c4ab1a61 100644
--- a/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml/report.xml
+++ b/addOns/reports/src/main/zapHomeFiles/reports/traditional-xml/report.xml
@@ -25,6 +25,7 @@
+
@@ -34,6 +35,7 @@
+
XSS Description")));
assertThat(alerts.getJSONObject(0).getString("count"), is(equalTo("2")));
+ assertThat(alerts.getJSONObject(0).getBoolean("systemic"), is(equalTo(false)));
assertThat(
alerts.getJSONObject(0).getString("solution"), is(equalTo("Test Solution
")));
@@ -1488,7 +1497,7 @@ private static void checkXmlAlert(Document doc, boolean isXmlPlus) {
assertThat(alerts.getLength(), is(equalTo(1)));
assertThat(alertItems.getLength(), is(equalTo(1)));
NodeList alertItemNodes = alertItems.item(0).getChildNodes();
- int alertItemCount = isXmlPlus ? 37 : 35;
+ int alertItemCount = isXmlPlus ? 39 : 37;
assertThat(alertItemNodes.getLength(), is(equalTo(alertItemCount)));
int i = 0;
assertThat(alertItemNodes.item(i).getNodeName(), is(equalTo("#text"))); // Filler
@@ -1558,6 +1567,11 @@ private static void checkXmlAlert(Document doc, boolean isXmlPlus) {
i++;
assertThat(alertItemNodes.item(i).getNodeName(), is(equalTo("#text"))); // Filler
i++;
+ assertThat(alertItemNodes.item(i).getNodeName(), is(equalTo("systemic")));
+ assertThat(alertItemNodes.item(i).getTextContent(), is(equalTo("false")));
+ i++;
+ assertThat(alertItemNodes.item(i).getNodeName(), is(equalTo("#text"))); // Filler
+ i++;
assertThat(alertItemNodes.item(i).getNodeName(), is(equalTo("solution")));
String solutionString = isXmlPlus ? "Test Solution" : "Test Solution
";
assertThat(alertItemNodes.item(i).getTextContent(), is(equalTo(solutionString)));
@@ -1604,7 +1618,7 @@ private static void checkXmlAlertInstance(
NodeList instanceChildNodes = instancesChildNodes.item(i).getChildNodes();
// Check the instance details
- int instanceItemCount = isXmlPlus ? 21 : 13;
+ int instanceItemCount = isXmlPlus ? 23 : 15;
assertThat(instanceChildNodes.getLength(), is(equalTo(instanceItemCount)));
int y = 0;
assertThat(instanceChildNodes.item(y).getNodeName(), is(equalTo("#text"))); // Filler
@@ -1616,6 +1630,11 @@ private static void checkXmlAlertInstance(
y++;
assertThat(instanceChildNodes.item(y).getNodeName(), is(equalTo("#text"))); // Filler
y++;
+ assertThat(instanceChildNodes.item(y).getNodeName(), is(equalTo("nodeName")));
+ assertThat(instanceChildNodes.item(y).getTextContent(), is(equalTo("")));
+ y++;
+ assertThat(instanceChildNodes.item(y).getNodeName(), is(equalTo("#text"))); // Filler
+ y++;
assertThat(instanceChildNodes.item(y).getNodeName(), is(equalTo("method")));
assertThat(instanceChildNodes.item(y).getTextContent(), is(equalTo("GET")));
y++;
diff --git a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json-plus.json b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json-plus.json
index c5151eb230e..fce7830bc8b 100644
--- a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json-plus.json
+++ b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json-plus.json
@@ -1,8 +1,8 @@
{
"@programName": "ZAP",
"@version": "Dev Build",
- "@generated": "Thu, 5 Jun 2025 16:12:29",
- "created": "2025-06-05T16:12:29.236211400Z",
+ "@generated": "Mon, 27 Oct 2025 14:46:12",
+ "created": "2025-10-27T14:46:12.641719Z",
"site":[
{
"@name": "http://example.com",
@@ -23,6 +23,7 @@
{
"id": "-1",
"uri": "http://example.com/example_3",
+ "nodeName": "",
"method": "GET",
"param": "Test Param",
"attack": "Test \"Attack\\\"",
@@ -36,6 +37,7 @@
{
"id": "-1",
"uri": "http://example.com/example_3",
+ "nodeName": "",
"method": "GET",
"param": "Test Param",
"attack": "Test \"Attack\\\"",
@@ -48,6 +50,7 @@
}
],
"count": "2",
+ "systemic": false,
"solution": "Test Solution
",
"otherinfo": "Test 'Other\\
",
"reference": "Test Reference
",
diff --git a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json.json b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json.json
index fc923ce2cdf..2d0a271c164 100644
--- a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json.json
+++ b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-json.json
@@ -1,8 +1,8 @@
{
"@programName": "ZAP",
"@version": "Dev Build",
- "@generated": "Thu, 17 Jun 2021 16:04:28",
- "created": "2021-06-17T16:04:28.236211400Z",
+ "@generated": "Mon, 27 Oct 2025 14:46:12",
+ "created": "2025-10-27T14:46:12.613843Z",
"site":[
{
"@name": "http://example.com",
@@ -23,6 +23,7 @@
{
"id": "-1",
"uri": "http://example.com/example_3",
+ "nodeName": "",
"method": "GET",
"param": "Test Param",
"attack": "Test \"Attack\\\"",
@@ -32,6 +33,7 @@
{
"id": "-1",
"uri": "http://example.com/example_3",
+ "nodeName": "",
"method": "GET",
"param": "Test Param",
"attack": "Test \"Attack\\\"",
@@ -40,6 +42,7 @@
}
],
"count": "2",
+ "systemic": false,
"solution": "Test Solution
",
"otherinfo": "Test 'Other\\
",
"reference": "Test Reference
",
@@ -50,4 +53,5 @@
]
}
]
+
}
diff --git a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml-plus.xml b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml-plus.xml
index fbc0327947f..f2c2040b823 100644
--- a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml-plus.xml
+++ b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml-plus.xml
@@ -1,5 +1,5 @@
-
+
@@ -18,6 +18,7 @@
http://example.com/example_3
+
GET
Test Param
Test "Attack\"
@@ -40,6 +41,7 @@ cache-control: no-cache
http://example.com/example_3
+
GET
Test Param
Test "Attack\"
@@ -61,6 +63,7 @@ cache-control: no-cache
2
+ false
Test Solution
Test 'Other\
Test Reference
@@ -78,16 +81,12 @@ cache-control: no-cache
-
-
-
-
-
+
+
+
-
-
-
-
-
+
+
+
\ No newline at end of file
diff --git a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml.xml b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml.xml
index 6459ff9751f..c59d3b5f821 100644
--- a/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml.xml
+++ b/addOns/reports/src/test/resources/org/zaproxy/addon/reports/resources/basic-traditional-xml.xml
@@ -1,5 +1,5 @@
-
+
@@ -18,6 +18,7 @@
http://example.com/example_3
+
GET
Test Param
Test "Attack\"
@@ -28,6 +29,7 @@
http://example.com/example_3
+
GET
Test Param
Test "Attack\"
@@ -37,6 +39,7 @@
2
+ false
<p>Test Solution</p>
<p>Test 'Other\</p>
<p>Test Reference</p>