Hi @vishwaraj101,

Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.

Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.

Thanks!

Thanks

Hi @vishwaraj101,

Did you push your changes? I do not see a PR associated with this request.

~tooryx

Hi @tooryx I am new to this could you please guide me where to get started to start changing the files ?

Hi @tooryx you can point me toward appropriate resource and i will begin implementing this. Let me know

Hi @vishwaraj101,

Please see #134 (comment)

~tooryx

hi @tooryx checked 134 comment sorry to bother you again i am still not getting how to properly contribute to the tsunami plugin i mean what i read i understood partially but would appreciate something like step by step process to contribute to

I will try to provide more details when I have a bit more time

Hi @tooryx could you please help me unblock on this after this i will be on my own since this is my first time but i do feel tsunami contribution could have been made less complex!

Hi @vishwaraj101,

Here is an example of a fingerprint PR: https://github.com/google/tsunami-security-scanner-plugins/pull/326/files
The most important one if the update.sh that will pull the docker images for the application and generate the fingerprints for it. The .binproto file should be generated by the update.sh for every version in versions.txt

~tooryx

hi @tooryx the person has customised the update.sh file according to the drupal case it's not straight forward ctrl +c ctrl +v what if the project don't have the docker image then ?

In case you still have questions on the fingerprint development process, you can also refer to the documentation we have for it: https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/README.md