/docs/desktop/addons/common-library/ Recent content in Common Library on ZAP Hugo en-us /docs/desktop/addons/common-library/output-panel/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/common-library/output-panel/ <h1 id="tabbed-output-panel">Tabbed Output Panel</h1> <p>The Common Library add-on provides a tabbed output panel that replaces the default output panel in ZAP. This allows other add-ons to optionally log messages under named tabs in the output panel. If a name is not provided, messages are shown under the &ldquo;General&rdquo; tab and exceptions are shown under the &ldquo;Errors&rdquo; tab by default.</p> /docs/desktop/addons/common-library/alerttags/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/common-library/alerttags/ <h1 id="alert-tags">Alert Tags</h1> <p>The Common Library add-on provides Alert Tags for use by scan rules.</p> <p>Of note the following tags/groups of tags are included:</p> <ul> <li>Custom Payloads - A tag which indicates the scan rules which support <a href="/docs/desktop/addons/custom-payloads/">Custom Payloads functionality</a>.</li> <li>HIPAA (Health Insurance Portability and Accountability Act) - A tag representing alerts/rules which we&rsquo;ve mapped to the HIPAA standard.</li> <li>OWASP Top 10 (2017) - Tags representing the risks/vulnerabilities from the 2017 OWASP Top 10 list.</li> <li>OWASP Top 10 (2021) - Tags representing the risks/vulnerabilities from the 2021 OWASP Top 10 list.</li> <li>PCI DSS (Payment Card Industry Data Security Standard) - A tag representing alerts/rules which we&rsquo;ve mapped to the PCI DSS standard.</li> <li>Test Timing - A tag which represent rules/alerts which are based on time (induced delay) payloads.</li> <li>OWASP Web Security Testing Guide (v4.2) - Tags which map rules/alerts to the relevant sections of the OWASP WSTG (version 4.2).</li> </ul> <h2 id="compliance">Compliance Tags <a class="header-link" href="#compliance"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h2> <p>Please note that the PCI DSS and HIPAA standards deal with specific types of data, while an identified vulnerability may expose such data ZAP has insufficient context with which to differentiate what is or might be exposed by leveraging a given vulnerability. If the system being tested does not hold any such data then the related compliance tag <strong>may</strong> not be relevant.</p> /docs/desktop/addons/common-library/generate-fix-prompt/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/common-library/generate-fix-prompt/ <h1 id="generate-fix-prompt">Generate Fix Prompt</h1> <p>The <strong>Generate Fix Prompt</strong> right-click menu option is available on alerts in the Alerts tab. It generates a prompt that you can paste into any Large Language Model (LLM) — such as ChatGPT, GitHub Copilot, or Claude — and ask it to fix the vulnerability in your codebase.</p>