From 0267be595e54b089ef96e24d8c110b5d19170a3d Mon Sep 17 00:00:00 2001
From: thc202 <thc202@gmail.com>
Date: Mon, 24 Jun 2024 06:40:19 +0100
Subject: [PATCH] Sync HTTP Sender API Scan script

Sync the HTTP Sender script `Alert on Unexpected Content Types` to match
the content-type checks done in Docker API Scan.

Ref zaproxy/zaproxy#8524.

Signed-off-by: thc202 <thc202@gmail.com>
---
 CHANGELOG.md                                  |  1 +
 .../Alert on Unexpected Content Types.js      | 22 ++++++-------------
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 15f27b13..1893213c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   - passive/Report non static sites.js
   - passive/RPO.js
   - passive/s3.js
+- httpsender/Alert on Unexpected Content Types.js now checks for common content-types (`json`, `xml`, and `yaml`) more consistently.
 
 ## [18] - 2024-01-29
 ### Added
diff --git a/httpsender/Alert on Unexpected Content Types.js b/httpsender/Alert on Unexpected Content Types.js
index 3d500a4b..a1229b9f 100644
--- a/httpsender/Alert on Unexpected Content Types.js	
+++ b/httpsender/Alert on Unexpected Content Types.js	
@@ -10,20 +10,9 @@ var extensionAlert = control
   .getExtensionLoader()
   .getExtension(org.zaproxy.zap.extension.alert.ExtensionAlert.NAME);
 
-var expectedTypes = [
-  "application/health+json",
-  "application/json",
-  "application/octet-stream",
-  "application/problem+json",
-  "application/problem+xml",
-  "application/soap+xml",
-  "application/vnd.api+json",
-  "application/xml",
-  "application/x-yaml",
-  "text/x-json",
-  "text/json",
-  "text/yaml",
-];
+var expectedTypes = ["application/octet-stream", "text/plain"];
+
+var expectedTypeGroups = ["json", "yaml", "xml"];
 
 function sendingRequest(msg, initiator, helper) {
   // Nothing to do
@@ -40,7 +29,10 @@ function responseReceived(msg, initiator, helper) {
       if (ctype.indexOf(";") > 0) {
         ctype = ctype.substring(0, ctype.indexOf(";"));
       }
-      if (expectedTypes.indexOf(ctype) < 0) {
+      if (
+        !msg.getResponseHeader().hasContentType(expectedTypeGroups) &&
+        expectedTypes.indexOf(ctype) < 0
+      ) {
         // Another rule will complain if theres no type
 
         var risk = 1; // Low