Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Pass the Build in Jenkins even Burp_scan shows vulnerabilities for Burp Enterprise

Rishi T Nov 14, 2019 06:15AM UTC

Team,

Could you please let me know how to pass the build in Jenkins despite vulnerabilities being identified using the burp enterprise edition? The BURP_SCAN_STATUS is succeeded in Jenkins but Build is marked as Failure since scanning found vulnerabilities.

Running as SYSTEM
Building in workspace C:\Program Files (x86)\Jenkins\workspace\AltoroMutual
[AltoroMutual] $ cmd /c call C:\Windows\TEMP\jenkins121971880925141374.bat

C:\Program Files (x86)\Jenkins\workspace\AltoroMutual>echo BURP_SCAN_URL=https://demo.testfire.net/
BURP_SCAN_URL=https://demo.testfire.net/

C:\Program Files (x86)\Jenkins\workspace\AltoroMutual>echo BURP_SCAN_IGNORE_EXACT="SSL certificate @ https://demo.testfire.net/"
BURP_SCAN_IGNORE_EXACT="SSL certificate @ https://demo.testfire.net/"

C:\Program Files (x86)\Jenkins\workspace\AltoroMutual>exit 0
BURP_SCAN_STATUS: initializing
BURP_SCAN_STATUS: crawling
BURP_SCAN_STATUS: auditing
BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (DOM-based) @ https://demo.testfire.net/high_yield_investments.htm
BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (DOM-based) @ https://demo.testfire.net/index.jsp
BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (reflected) @ https://demo.testfire.net/index.jsp [content parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - File path manipulation @ https://demo.testfire.net/index.jsp [content parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - Cross-site scripting (reflected) @ https://demo.testfire.net/sendFeedback [name parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - Cross-site scripting (reflected) @ https://demo.testfire.net/sendFeedback [email_addr parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - Cross-site scripting (reflected) @ https://demo.testfire.net/search.jsp [query parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - SQL injection @ https://demo.testfire.net/doLogin [uid parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Firm) - SQL injection @ https://demo.testfire.net/doLogin [passw parameter]
BURP_SCAN_ISSUE_EVENT: issue_found (High, Certain) - Cross-site scripting (reflected) @ https://demo.testfire.net/survey_questions.jsp [txtEmail parameter]
BURP_SCAN_STATUS: succeeded
BURP_SCAN_SUMMARY: requests made: 82013, network errors: 25
Build step 'Burp scan' marked build as failure
Archiving artifacts
Finished: FAILURE


Ben Wright Nov 14, 2019 10:38AM UTC Support Center agent

Hi,

Thank you for your message.

Can you send us a screenshot of your Jenkin’s Build configuration screen? If you could send it to support@portswigger.net then we will take a look for you.


Rishi T Nov 14, 2019 12:35PM UTC
Hi,
I have sent the screenshot of Jenkin's Build configuration screen on mentioned email. Please let me know if you need any more information.

Post Your public answer

Your name
Your email address
Answer