httpsInfo: Reboot

[psiinon]

This PR:

• Adds back the httpsInfo add-on from the commit mentioned in Retire HTTPSInfo / TLS Debug zaproxy#6918
• Updates it to the latest version of DeepViolet
• Adds conditional compilation as it depends on Java 21+
• Adds a new active scan rule

I've left the original file copyright dates but can change them if thats better.

[psiinon]

Checkmarx One – Scan Summary & Details – 749e4729-8c30-405d-802b-3a45b942ce87

---

New Issues (8)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2024-12798	Maven-ch.qos.logback:logback-core-1.5.6	details Recommended version: 1.5.25 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
2		CVE-2024-12798	Maven-ch.qos.logback:logback-classic-1.5.6	details Recommended version: 1.5.24 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
3		CVE-2025-11226	Maven-ch.qos.logback:logback-core-1.5.6	details Recommended version: 1.5.25 Description: Arbitrary Code Execution (ACE) vulnerability in conditional configuration file processing by QOS.CH logback-core versions through 1.5.18 in Java ap... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
4		CVE-2024-12801	Maven-ch.qos.logback:logback-core-1.5.6	details Recommended version: 1.5.25 Description: Server-Side Request Forgery (SSRF) in "SaxEventRecorder" by QOS.CH logback on the Java platform, allows an attacker to forge requests by compromisi... Attack Vector: LOCAL Attack Complexity: LOW Exploitable Path: getTagName@.../domxss/DomXssScanRule.java - ... - getTagName@...event/SaxEventRecorder.java Vulnerable Package
5		CVE-2026-1225	Maven-ch.qos.logback:logback-core-1.5.6	details Recommended version: 1.5.25 Description: Arbitrary Code Execution (ACE) vulnerability in configuration file processing by QOS.CH logback-core through 1.5.24 in Java applications, allows a... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
6		CVE-2026-1225	Maven-ch.qos.logback:logback-classic-1.5.6	details Recommended version: 1.5.24 Description: Arbitrary Code Execution (ACE) vulnerability in configuration file processing by QOS.CH logback-core through 1.5.24 in Java applications, allows a... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
7		Heap_Inspection	/addOns/httpsInfo/src/main/java/org/zaproxy/zap/extension/httpsinfo/HttpsConfigScanRule.java: 219	details Method at line 219 of /addOns/httpsInfo/src/main/java/org/zaproxy/zap/extension/httpsinfo/HttpsConfigScanRule.java defines ciphers, which is desi... Attack Vector
8		Heap_Inspection	/addOns/httpsInfo/src/main/java/org/zaproxy/zap/extension/httpsinfo/HttpsInfoOutputPanel.java: 246	details Method at line 246 of /addOns/httpsInfo/src/main/java/org/zaproxy/zap/extension/httpsinfo/HttpsInfoOutputPanel.java defines cipherSuitesException... Attack Vector

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

[kingthorin]

2 when instantiating since we know there are two entries

Or actually can this all be inlined with List.of ?

[kingthorin]

Instead of all these doing appends wouldn't it be simpler if they just used substitution? (To insert the values into the resource messages)

[kingthorin]

I see now that this followed the original model of the panel output.

I still think substitution is probably the better choice but I understand if you want to keep it as-is for now.

[kingthorin]

Does this need a weight to be sorted/placed correctly?