automation: Handle FP alerts in Exit Status

- CHANGELOG > Add fix note.
- ExitStatusJob > Exclude FP alerts when looping to establish exit code.
- ExitStatusJobUnitTest > Add test to assert the behavior.

Signed-off-by: kingthorin <[email protected]>

Author: kingthorin

addOns/automation/CHANGELOG.md

@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Allow to use variables for the TOTP data.
 - Allow to enable diagnostics for Client Script and Browser Based Authentication methods.
 
+### Fixed
+- Ensure that the Exit Status job accounts for False Positive alerts (Issue 8875).
+
 ## [0.47.0] - 2025-02-12
 ### Added
 - Method to get the YAML representation of a plan.

addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ExitStatusJob.java

@@ -80,7 +80,10 @@ public void runJob(AutomationEnvironment env, AutomationProgress progress) {
 
         try {
             for (JobResultData data : progress.getAllJobResultData()) {
-                for (Alert alert : data.getAllAlertData()) {
+                for (Alert alert :
+                        data.getAllAlertData().stream()
+                                .filter(a -> a.getConfidence() != Alert.CONFIDENCE_FALSE_POSITIVE)
+                                .toList()) {
                     if (errorRisk != null && errorRisk <= alert.getRisk()) {
                         progress.error(
                                 Constant.messages.getString(

addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ExitStatusJobUnitTest.java

@@ -24,6 +24,7 @@
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.nullValue;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.LinkedHashMap;
@@ -348,22 +349,64 @@ void shouldSetExitCode(String alertrisk, String exitcode) {
         assertThat(ExtensionAutomation.getExitOverride(), is(equalTo(Integer.parseInt(exitcode))));
     }
 
-    private JobResultData getTestData(String alertLevel) {
-        Alert alert = new Alert(-1, JobUtils.parseAlertRisk(alertLevel), 2, "test");
+    @ParameterizedTest
+    @CsvSource({
+        "HIGH,MEDIUM,4",
+        "medium,medium,3",
+        "low,medium,2",
+        "High,False Positive,0",
+        "Medium,False Positive,0",
+        "Low,False Positive,0"
+    })
+    void shouldSetExitCodeExcludingFalsePositive(
+            String alertrisk, String confidence, String exitcode) {
+        // Given
+        ExitStatusJob job = new ExitStatusJob();
+        AutomationProgress progress = new AutomationProgress();
+        progress.addJobResultData(getTestData(alertrisk, confidence));
+
+        // When
+        job.getParameters().setOkExitValue(Integer.parseInt(exitcode) > 0 ? 2 : 0);
+        job.getParameters().setWarnExitValue(3);
+        job.getParameters().setErrorExitValue(4);
+        job.getParameters().setErrorLevel("high");
+        job.getParameters().setWarnLevel("medium");
+        job.verifyParameters(progress);
+        job.runJob(new AutomationEnvironment(progress), progress);
 
-        JobResultData data =
-                new JobResultData("test") {
+        // Then
+        Collection<JobResultData> data = progress.getAllJobResultData();
+        Collection<Alert> alerts = new ArrayList<>();
+        data.forEach(e -> alerts.addAll(e.getAllAlertData()));
+        assertThat(alerts.size(), is(equalTo(1)));
+        Alert alert = (Alert) ((ArrayList<?>) alerts).get(0);
+        assertThat(alert.getConfidence(), is(equalTo(JobUtils.parseAlertConfidence(confidence))));
+        assertThat(ExtensionAutomation.getExitOverride(), is(equalTo(Integer.parseInt(exitcode))));
+    }
 
-                    @Override
-                    public String getKey() {
-                        return "test";
-                    }
+    private static JobResultData getTestData(String alertLevel) {
+        return getTestData(alertLevel, "2");
+    }
 
-                    @Override
-                    public Collection<Alert> getAllAlertData() {
-                        return Arrays.asList(alert);
-                    }
-                };
-        return data;
+    private static JobResultData getTestData(String alertLevel, String confidence) {
+        Alert alert =
+                new Alert(
+                        -1,
+                        JobUtils.parseAlertRisk(alertLevel),
+                        JobUtils.parseAlertConfidence(confidence),
+                        "test");
+
+        return new JobResultData("test") {
+
+            @Override
+            public String getKey() {
+                return "test";
+            }
+
+            @Override
+            public Collection<Alert> getAllAlertData() {
+                return Arrays.asList(alert);
+            }
+        };
     }
 }