From d27da27e143257194e4a0b3557a9e9cd474e25bb Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
Date: Thu, 23 Mar 2023 14:42:51 -0500
Subject: [PATCH] Fix OWASP Zap error

---
 src/zap.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/zap.conf b/src/zap.conf
index 09d309cfe..ba0ef6a89 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -48,7 +48,9 @@
 10038	OUTOFSCOPE	http://app:8080/public/img/.*
 10038	OUTOFSCOPE	http://app:8080/public/css/.*
 10038	OUTOFSCOPE	http://app:8080/public/js/.*
-10038	OUTOFSCOPE	http://app:8080/(robots.txt|sitemap.xml|TODO|edit|users/)
+10038	OUTOFSCOPE	http://app:8080/(robots.txt|sitemap.xml|TODO|edit/)
+10038	OUTOFSCOPE	http://app:8080/users
+10038	OUTOFSCOPE	http://app:8080/users/add
 # This URL always returns 404, so include it as well.
 10038	OUTOFSCOPE	http://app:8080/todo
 # OIDC isn't configured in the test environment and DEBUG=True so this gives a 500 without CSP headers