diff --git a/addOns/commonlib/CHANGELOG.md b/addOns/commonlib/CHANGELOG.md index 9c589e770d9..b50895ffe69 100644 --- a/addOns/commonlib/CHANGELOG.md +++ b/addOns/commonlib/CHANGELOG.md @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Added - Provide Jackson datatype library for other add-ons (Issue 7961). +- Provide the Value Generator for other add-ons (Issue 8016). ## [1.16.0] - 2023-08-14 ### Added diff --git a/addOns/commonlib/commonlib.gradle.kts b/addOns/commonlib/commonlib.gradle.kts index 3e9a90f100b..02c322de633 100644 --- a/addOns/commonlib/commonlib.gradle.kts +++ b/addOns/commonlib/commonlib.gradle.kts @@ -14,6 +14,21 @@ zapAddOn { baseName.set("help%LC%.helpset") localeToken.set("%LC%") } + + extensions { + register("org.zaproxy.addon.commonlib.formhandler.ExtensionCommonlibFormHandler") { + classnames { + allowed.set(listOf("org.zaproxy.addon.commonlib.formhandler")) + } + dependencies { + addOns { + register("formhandler") { + version.set(">=6.0.0 & < 7.0.0") + } + } + } + } + } } } @@ -25,6 +40,8 @@ crowdin { } dependencies { + zapAddOn("formhandler") + api(platform("com.fasterxml.jackson:jackson-bom:2.15.2")) api("com.fasterxml.jackson.core:jackson-databind") api("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml") diff --git a/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java index 64496629e89..2992ff9a56b 100644 --- a/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java +++ b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java @@ -19,6 +19,9 @@ */ package org.zaproxy.addon.commonlib; +import java.util.List; +import java.util.Map; +import org.apache.commons.httpclient.URI; import org.parosproxy.paros.Constant; import org.parosproxy.paros.control.Control.Mode; import org.parosproxy.paros.extension.ExtensionAdaptor; @@ -26,9 +29,44 @@ import org.parosproxy.paros.extension.SessionChangedListener; import org.parosproxy.paros.model.Session; import org.zaproxy.addon.commonlib.ui.ProgressPanel; +import org.zaproxy.zap.model.DefaultValueGenerator; +import org.zaproxy.zap.model.ValueGenerator; public class ExtensionCommonlib extends ExtensionAdaptor { + private static final ValueGenerator DEFAULT_VALUE_GENERATOR = new DefaultValueGenerator(); + + private ValueGenerator valueGeneratorImpl; + + private final ValueGenerator valueGeneratorWrapper = + (URI uri, + String url, + String fieldId, + String defaultValue, + List definedValues, + Map envAttributes, + Map fieldAttributes) -> { + var local = valueGeneratorImpl; + if (local != null) { + return local.getValue( + uri, + url, + fieldId, + defaultValue, + definedValues, + envAttributes, + fieldAttributes); + } + return DEFAULT_VALUE_GENERATOR.getValue( + uri, + url, + fieldId, + defaultValue, + definedValues, + envAttributes, + fieldAttributes); + }; + private ProgressPanel progressPanel; @Override @@ -66,6 +104,21 @@ public String getUIName() { return Constant.messages.getString("commonlib.name"); } + /** + * Gets the value generator. + * + * @return the value generator, never {@code null}. + * @since 2.17.0 + */ + public ValueGenerator getValueGenerator() { + return valueGeneratorWrapper; + } + + /** Note: Not part of the public API. */ + public void setCustomValueGenerator(ValueGenerator generator) { + this.valueGeneratorImpl = generator; + } + private class SessionChangedListenerImpl implements SessionChangedListener { @Override diff --git a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/formhandler/ExtensionSoapFormHandler.java b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/formhandler/ExtensionCommonlibFormHandler.java similarity index 77% rename from addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/formhandler/ExtensionSoapFormHandler.java rename to addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/formhandler/ExtensionCommonlibFormHandler.java index fec6bf237d3..8e39930dba6 100644 --- a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/formhandler/ExtensionSoapFormHandler.java +++ b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/formhandler/ExtensionCommonlibFormHandler.java @@ -17,7 +17,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.zaproxy.zap.extension.soap.formhandler; +package org.zaproxy.addon.commonlib.formhandler; import java.util.Arrays; import java.util.Collections; @@ -27,24 +27,24 @@ import org.parosproxy.paros.extension.Extension; import org.parosproxy.paros.extension.ExtensionAdaptor; import org.parosproxy.paros.extension.ExtensionHook; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.zap.extension.formhandler.ExtensionFormHandler; -import org.zaproxy.zap.extension.soap.ExtensionImportWSDL; import org.zaproxy.zap.model.ValueGenerator; -public class ExtensionSoapFormHandler extends ExtensionAdaptor { +public class ExtensionCommonlibFormHandler extends ExtensionAdaptor { private static final List> DEPENDENCIES = Collections.unmodifiableList( - Arrays.asList(ExtensionFormHandler.class, ExtensionImportWSDL.class)); + Arrays.asList(ExtensionFormHandler.class, ExtensionCommonlib.class)); @Override public String getUIName() { - return Constant.messages.getString("soap.formhandler.name"); + return Constant.messages.getString("commonlib.formhandler.name"); } @Override public String getDescription() { - return Constant.messages.getString("soap.formhandler.desc"); + return Constant.messages.getString("commonlib.formhandler.desc"); } @Override @@ -56,7 +56,11 @@ public List> getDependencies() { public void hook(ExtensionHook extensionHook) { ValueGenerator valueGenerator = getExtension(ExtensionFormHandler.class).getValueGenerator(); - getExtension(ExtensionImportWSDL.class).setValueGenerator(valueGenerator); + setCustomValueGenerator(valueGenerator); + } + + private static void setCustomValueGenerator(ValueGenerator valueGenerator) { + getExtension(ExtensionCommonlib.class).setCustomValueGenerator(valueGenerator); } private static T getExtension(Class clazz) { @@ -70,6 +74,6 @@ public boolean canUnload() { @Override public void unload() { - getExtension(ExtensionImportWSDL.class).setValueGenerator(null); + setCustomValueGenerator(null); } } diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/resources/Messages.properties b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/resources/Messages.properties index c0fe20f903c..7f4bebefa04 100644 --- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/resources/Messages.properties +++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/resources/Messages.properties @@ -1,5 +1,8 @@ commonlib.desc = A library of shared functionality +commonlib.formhandler.desc = Common Library Form Handler Integration +commonlib.formhandler.name = Common Library Form Handler + commonlib.name = Common Library commonlib.progress.pane.completed = Completed. diff --git a/addOns/spider/src/test/java/org/zaproxy/addon/spider/formhandler/ExtensionSpiderFormHandlerUnitTest.java b/addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/formhandler/ExtensionCommonlibFormHandlerUnitTest.java similarity index 73% rename from addOns/spider/src/test/java/org/zaproxy/addon/spider/formhandler/ExtensionSpiderFormHandlerUnitTest.java rename to addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/formhandler/ExtensionCommonlibFormHandlerUnitTest.java index 28b31bc47d2..68ddb7abd61 100644 --- a/addOns/spider/src/test/java/org/zaproxy/addon/spider/formhandler/ExtensionSpiderFormHandlerUnitTest.java +++ b/addOns/commonlib/src/test/java/org/zaproxy/addon/commonlib/formhandler/ExtensionCommonlibFormHandlerUnitTest.java @@ -17,7 +17,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.zaproxy.addon.spider.formhandler; +package org.zaproxy.addon.commonlib.formhandler; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsInAnyOrder; @@ -39,36 +39,37 @@ import org.parosproxy.paros.extension.ExtensionHook; import org.parosproxy.paros.extension.ExtensionLoader; import org.parosproxy.paros.model.Model; -import org.zaproxy.addon.spider.ExtensionSpider2; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.zap.extension.formhandler.ExtensionFormHandler; import org.zaproxy.zap.model.ValueGenerator; import org.zaproxy.zap.testutils.TestUtils; -/** Unit test for {@link ExtensionSpiderFormHandler}. */ -class ExtensionSpiderFormHandlerUnitTest extends TestUtils { +/** Unit test for {@link ExtensionCommonlibFormHandler}. */ +class ExtensionCommonlibFormHandlerUnitTest extends TestUtils { - private ExtensionSpider2 extensionSpider; + private ExtensionCommonlib extensionCommonlib; private ExtensionFormHandler extensionFormHandler; - private ExtensionLoader extensionLoader; - private ExtensionSpiderFormHandler extension; + private ExtensionCommonlibFormHandler extension; @BeforeEach void setUp() { - extension = new ExtensionSpiderFormHandler(); - mockMessages("org.zaproxy.addon.spider.resources." + Constant.MESSAGES_PREFIX, "spider"); + extension = new ExtensionCommonlibFormHandler(); + mockMessages( + "org.zaproxy.addon.commonlib.resources." + Constant.MESSAGES_PREFIX, "commonlib"); Model model = mock(Model.class, withSettings().strictness(Strictness.LENIENT)); Model.setSingletonForTesting(model); - extensionLoader = + ExtensionLoader extensionLoader = mock(ExtensionLoader.class, withSettings().strictness(Strictness.LENIENT)); Control.initSingletonForTesting(model, extensionLoader); - extensionSpider = mockLoadedExtension(ExtensionSpider2.class); - extensionFormHandler = mockLoadedExtension(ExtensionFormHandler.class); + extensionCommonlib = mockLoadedExtension(extensionLoader, ExtensionCommonlib.class); + extensionFormHandler = mockLoadedExtension(extensionLoader, ExtensionFormHandler.class); } - private T mockLoadedExtension(Class clazz) { + private static T mockLoadedExtension( + ExtensionLoader extensionLoader, Class clazz) { T extension = mock(clazz); given(extensionLoader.getExtension(clazz)).willReturn(extension); return extension; @@ -78,7 +79,9 @@ private T mockLoadedExtension(Class clazz) { void shouldHaveName() { assertThat( extension.getName(), - is(equalTo("org.zaproxy.addon.spider.formhandler.ExtensionSpiderFormHandler"))); + is( + equalTo( + "org.zaproxy.addon.commonlib.formhandler.ExtensionCommonlibFormHandler"))); } @Test @@ -95,7 +98,7 @@ void shouldHaveDescription() { void shouldHaveExpectedDependencies() { assertThat( extension.getDependencies(), - containsInAnyOrder(ExtensionFormHandler.class, ExtensionSpider2.class)); + containsInAnyOrder(ExtensionFormHandler.class, ExtensionCommonlib.class)); } @Test @@ -107,7 +110,7 @@ void shouldSetValueGeneratorOnHook() { // When extension.hook(extensionHook); // Then - verify(extensionSpider).setValueGenerator(valueGenerator); + verify(extensionCommonlib).setCustomValueGenerator(valueGenerator); } @Test @@ -120,6 +123,6 @@ void shouldUnload() { // Given / When extension.unload(); // Then - verify(extensionSpider).setValueGenerator(null); + verify(extensionCommonlib).setCustomValueGenerator(null); } } diff --git a/addOns/graphql/CHANGELOG.md b/addOns/graphql/CHANGELOG.md index e69eee9b8fd..d159c751a05 100644 --- a/addOns/graphql/CHANGELOG.md +++ b/addOns/graphql/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Dependency updates. - Maintenance changes. - Depend on newer versions of Automation Framework and Common Library add-ons (Related to Issue 7961). +- Use Common Library add-on to obtain the Value Generator (Issue 8016). ## [0.18.0] - 2023-07-11 ### Changed diff --git a/addOns/graphql/graphql.gradle.kts b/addOns/graphql/graphql.gradle.kts index 5509f74dd22..2a0ec521183 100644 --- a/addOns/graphql/graphql.gradle.kts +++ b/addOns/graphql/graphql.gradle.kts @@ -27,19 +27,6 @@ zapAddOn { } } - register("org.zaproxy.addon.graphql.formhandler.ExtensionGraphQlFormHandler") { - classnames { - allowed.set(listOf("org.zaproxy.addon.graphql.formhandler")) - } - dependencies { - addOns { - register("formhandler") { - version.set(">=6.0.0 & < 7.0.0") - } - } - } - } - register("org.zaproxy.addon.graphql.spider.ExtensionGraphQlSpider") { classnames { allowed.set(listOf("org.zaproxy.addon.graphql.spider")) @@ -73,7 +60,6 @@ crowdin { dependencies { zapAddOn("automation") zapAddOn("commonlib") - zapAddOn("formhandler") zapAddOn("spider") implementation("com.graphql-java:graphql-java:21.0") diff --git a/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/ExtensionGraphQl.java b/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/ExtensionGraphQl.java index 939a7c37612..a213d479428 100644 --- a/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/ExtensionGraphQl.java +++ b/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/ExtensionGraphQl.java @@ -33,13 +33,14 @@ import org.parosproxy.paros.control.Control.Mode; import org.parosproxy.paros.extension.CommandLineArgument; import org.parosproxy.paros.extension.CommandLineListener; +import org.parosproxy.paros.extension.Extension; import org.parosproxy.paros.extension.ExtensionAdaptor; import org.parosproxy.paros.extension.ExtensionHook; import org.parosproxy.paros.extension.SessionChangedListener; import org.parosproxy.paros.model.Session; import org.parosproxy.paros.network.HttpSender; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.zap.extension.script.ExtensionScript; -import org.zaproxy.zap.model.DefaultValueGenerator; import org.zaproxy.zap.model.ValueGenerator; import org.zaproxy.zap.view.ZapMenuItem; @@ -47,6 +48,10 @@ public class ExtensionGraphQl extends ExtensionAdaptor implements CommandLineListener, SessionChangedListener { public static final String NAME = "ExtensionGraphQl"; + + private static final List> DEPENDENCIES = + List.of(ExtensionCommonlib.class); + static final int TOOL_ALERT_ID = 50007; private static final Logger LOGGER = LogManager.getLogger(ExtensionGraphQl.class); @@ -60,20 +65,20 @@ public class ExtensionGraphQl extends ExtensionAdaptor private static final int ARG_IMPORT_URL_IDX = 1; private static final int ARG_END_URL_IDX = 2; - private ValueGenerator valueGenerator; - public ExtensionGraphQl() { super(NAME); - - setValueGenerator(null); } - public void setValueGenerator(ValueGenerator valueGenerator) { - this.valueGenerator = valueGenerator == null ? new DefaultValueGenerator() : valueGenerator; + @Override + public List> getDependencies() { + return DEPENDENCIES; } ValueGenerator getValueGenerator() { - return valueGenerator; + return Control.getSingleton() + .getExtensionLoader() + .getExtension(ExtensionCommonlib.class) + .getValueGenerator(); } @Override diff --git a/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/formhandler/ExtensionGraphQlFormHandler.java b/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/formhandler/ExtensionGraphQlFormHandler.java deleted file mode 100644 index 4a0634486a2..00000000000 --- a/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/formhandler/ExtensionGraphQlFormHandler.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2022 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.zaproxy.addon.graphql.formhandler; - -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import org.parosproxy.paros.Constant; -import org.parosproxy.paros.control.Control; -import org.parosproxy.paros.extension.Extension; -import org.parosproxy.paros.extension.ExtensionAdaptor; -import org.parosproxy.paros.extension.ExtensionHook; -import org.zaproxy.addon.graphql.ExtensionGraphQl; -import org.zaproxy.zap.extension.formhandler.ExtensionFormHandler; -import org.zaproxy.zap.model.ValueGenerator; - -public class ExtensionGraphQlFormHandler extends ExtensionAdaptor { - - private static final List> DEPENDENCIES = - Collections.unmodifiableList( - Arrays.asList(ExtensionFormHandler.class, ExtensionGraphQl.class)); - - @Override - public String getUIName() { - return Constant.messages.getString("graphql.formhandler.name"); - } - - @Override - public String getDescription() { - return Constant.messages.getString("graphql.formhandler.desc"); - } - - @Override - public List> getDependencies() { - return DEPENDENCIES; - } - - @Override - public void hook(ExtensionHook extensionHook) { - ValueGenerator valueGenerator = - getExtension(ExtensionFormHandler.class).getValueGenerator(); - getExtension(ExtensionGraphQl.class).setValueGenerator(valueGenerator); - } - - private static T getExtension(Class clazz) { - return Control.getSingleton().getExtensionLoader().getExtension(clazz); - } - - @Override - public boolean canUnload() { - return true; - } - - @Override - public void unload() { - getExtension(ExtensionGraphQl.class).setValueGenerator(null); - } -} diff --git a/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages.properties b/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages.properties index cf9869c6c5a..5d81cafe024 100644 --- a/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages.properties +++ b/addOns/graphql/src/main/resources/org/zaproxy/addon/graphql/resources/Messages.properties @@ -187,9 +187,6 @@ graphql.error.invalidurl = Please enter a valid URL.\n{0} graphql.fingerprinting.alert.desc = The server is using "{0}", which is a GraphQL implementation for {1}. graphql.fingerprinting.alert.name = GraphQL Server Implementation Identified -graphql.formhandler.desc = GraphQL Form Handler Integration -graphql.formhandler.name = GraphQL Form Handler - graphql.importDialog.chooseFileButton = Choose File graphql.importDialog.importButton = Import graphql.importDialog.labelEndpoint = Endpoint URL diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md index 6a0f54ca19d..19721d0f959 100644 --- a/addOns/openapi/CHANGELOG.md +++ b/addOns/openapi/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - The "Import an OpenAPI definition from the local file system" and "Import an OpenAPI definition from a URL" menu items were merged into one, "Import an OpenAPI Definition". - Depend on newer versions of Automation Framework and Common Library add-ons (Related to Issue 7961). +- Use Common Library add-on to obtain the Value Generator (Issue 8016). ### Fixed - Importing empty or invalid OpenAPI definitions failed silently in some cases (Issue 7949). diff --git a/addOns/openapi/openapi.gradle.kts b/addOns/openapi/openapi.gradle.kts index f49fb7a9de8..d34f2512776 100644 --- a/addOns/openapi/openapi.gradle.kts +++ b/addOns/openapi/openapi.gradle.kts @@ -34,18 +34,6 @@ zapAddOn { } } } - register("org.zaproxy.zap.extension.openapi.formhandler.ExtensionOpenApiFormHandler") { - classnames { - allowed.set(listOf("org.zaproxy.zap.extension.openapi.formhandler")) - } - dependencies { - addOns { - register("formhandler") { - version.set(">=6.0.0 & < 7.0.0") - } - } - } - } } dependencies { addOns { @@ -73,7 +61,6 @@ configurations { dependencies { zapAddOn("automation") zapAddOn("commonlib") - zapAddOn("formhandler") zapAddOn("spider") implementation("io.swagger.parser.v3:swagger-parser:2.1.16") diff --git a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java index 2e4f191345c..48934779c11 100644 --- a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java +++ b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApi.java @@ -69,7 +69,6 @@ import org.zaproxy.zap.extension.openapi.network.RequestModel; import org.zaproxy.zap.extension.openapi.network.Requestor; import org.zaproxy.zap.model.Context; -import org.zaproxy.zap.model.DefaultValueGenerator; import org.zaproxy.zap.model.SessionStructure; import org.zaproxy.zap.model.ValueGenerator; import org.zaproxy.zap.utils.ThreadUtils; @@ -89,7 +88,6 @@ public class ExtensionOpenApi extends ExtensionAdaptor implements CommandLineLis private ZapMenuItem menuImportOpenApi; private ImportDialog importDialog; private int threadId = 1; - private ValueGenerator valueGenerator; private final Map variantChecksMap = new HashMap<>(); private TableOpenApi table = new TableOpenApi(); @@ -102,15 +100,13 @@ public class ExtensionOpenApi extends ExtensionAdaptor implements CommandLineLis public ExtensionOpenApi() { super(NAME); - setValueGenerator(null); - } - - public void setValueGenerator(ValueGenerator valueGenerator) { - this.valueGenerator = valueGenerator == null ? new DefaultValueGenerator() : valueGenerator; } public ValueGenerator getValueGenerator() { - return valueGenerator; + return Control.getSingleton() + .getExtensionLoader() + .getExtension(ExtensionCommonlib.class) + .getValueGenerator(); } @Override diff --git a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/formhandler/ExtensionOpenApiFormHandler.java b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/formhandler/ExtensionOpenApiFormHandler.java deleted file mode 100644 index 62d7a5af96c..00000000000 --- a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/formhandler/ExtensionOpenApiFormHandler.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2022 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.zaproxy.zap.extension.openapi.formhandler; - -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import org.parosproxy.paros.Constant; -import org.parosproxy.paros.control.Control; -import org.parosproxy.paros.extension.Extension; -import org.parosproxy.paros.extension.ExtensionAdaptor; -import org.parosproxy.paros.extension.ExtensionHook; -import org.zaproxy.zap.extension.formhandler.ExtensionFormHandler; -import org.zaproxy.zap.extension.openapi.ExtensionOpenApi; -import org.zaproxy.zap.model.ValueGenerator; - -public class ExtensionOpenApiFormHandler extends ExtensionAdaptor { - - private static final List> DEPENDENCIES = - Collections.unmodifiableList( - Arrays.asList(ExtensionFormHandler.class, ExtensionOpenApi.class)); - - @Override - public String getUIName() { - return Constant.messages.getString("openapi.formhandler.name"); - } - - @Override - public String getDescription() { - return Constant.messages.getString("openapi.formhandler.desc"); - } - - @Override - public List> getDependencies() { - return DEPENDENCIES; - } - - @Override - public void hook(ExtensionHook extensionHook) { - ValueGenerator valueGenerator = - getExtension(ExtensionFormHandler.class).getValueGenerator(); - getExtension(ExtensionOpenApi.class).setValueGenerator(valueGenerator); - } - - private static T getExtension(Class clazz) { - return Control.getSingleton().getExtensionLoader().getExtension(clazz); - } - - @Override - public boolean canUnload() { - return true; - } - - @Override - public void unload() { - getExtension(ExtensionOpenApi.class).setValueGenerator(null); - } -} diff --git a/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages.properties b/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages.properties index 1c4ea113cf8..9cfcb1630db 100644 --- a/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages.properties +++ b/addOns/openapi/src/main/resources/org/zaproxy/zap/extension/openapi/resources/Messages.properties @@ -27,9 +27,6 @@ openapi.cmdline.url.help = Imports an OpenAPI definition from the specified URL openapi.desc = Allows you to spider and import OpenAPI (Swagger) definitions -openapi.formhandler.desc = OpenAPI Form Handler Integration -openapi.formhandler.name = OpenAPI Form Handler - openapi.import.error = Failed to access URL: {0} : {1} : {2} openapi.import.error.emptyDefn = The OpenAPI definition was empty. openapi.import.error.fileNotFound = Cannot find the specified file at:\n{0} diff --git a/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApiTest.java b/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApiTest.java index 1078a67be2f..3601470de90 100644 --- a/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApiTest.java +++ b/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/ExtensionOpenApiTest.java @@ -58,9 +58,11 @@ import org.parosproxy.paros.extension.ExtensionLoader; import org.parosproxy.paros.model.HistoryReference; import org.parosproxy.paros.model.Model; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.zap.extension.ascan.VariantFactory; import org.zaproxy.zap.extension.openapi.OpenApiExceptions.InvalidDefinitionException; import org.zaproxy.zap.model.Context; +import org.zaproxy.zap.model.DefaultValueGenerator; import org.zaproxy.zap.testutils.NanoServerHandler; import org.zaproxy.zap.utils.I18N; import org.zaproxy.zap.utils.ZapXmlConfiguration; @@ -86,6 +88,11 @@ void setupExtension() throws Exception { Control.initSingletonForTesting(Model.getSingleton(), extensionLoader); Model.getSingleton().getOptionsParam().load(new ZapXmlConfiguration()); + ExtensionCommonlib extCommonlib = + mock(ExtensionCommonlib.class, withSettings().strictness(Strictness.LENIENT)); + given(extensionLoader.getExtension(ExtensionCommonlib.class)).willReturn(extCommonlib); + given(extCommonlib.getValueGenerator()).willReturn(new DefaultValueGenerator()); + tableHistory = mock(TableHistory.class); HistoryReference.setTableHistory(tableHistory); HistoryReference.setTableAlert(mock(TableAlert.class)); diff --git a/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/VariantOpenApiUnitTest.java b/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/VariantOpenApiUnitTest.java index ffdd06df334..ed427835353 100644 --- a/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/VariantOpenApiUnitTest.java +++ b/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/VariantOpenApiUnitTest.java @@ -22,6 +22,9 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.nullValue; +import static org.mockito.BDDMockito.given; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.withSettings; import java.io.File; import java.io.IOException; @@ -31,9 +34,14 @@ import java.util.List; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.mockito.quality.Strictness; +import org.parosproxy.paros.control.Control; +import org.parosproxy.paros.extension.ExtensionLoader; import org.parosproxy.paros.model.Model; import org.parosproxy.paros.network.HttpMessage; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.zap.model.Context; +import org.zaproxy.zap.model.DefaultValueGenerator; class VariantOpenApiUnitTest extends AbstractServerTest { @@ -43,6 +51,13 @@ class VariantOpenApiUnitTest extends AbstractServerTest { @BeforeEach void setUp() { + ExtensionLoader extensionLoader = + mock(ExtensionLoader.class, withSettings().strictness(Strictness.LENIENT)); + Control.initSingletonForTesting(Model.getSingleton(), extensionLoader); + ExtensionCommonlib extCommonlib = + mock(ExtensionCommonlib.class, withSettings().strictness(Strictness.LENIENT)); + given(extensionLoader.getExtension(ExtensionCommonlib.class)).willReturn(extCommonlib); + given(extCommonlib.getValueGenerator()).willReturn(new DefaultValueGenerator()); extensionOpenApi = new ExtensionOpenApi(); extensionOpenApi.initModel(Model.getSingleton()); Model.getSingleton().closeSession(); diff --git a/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/formhandler/ExtensionOpenApiFormHandlerUnitTest.java b/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/formhandler/ExtensionOpenApiFormHandlerUnitTest.java deleted file mode 100644 index ffe7baab2bd..00000000000 --- a/addOns/openapi/src/test/java/org/zaproxy/zap/extension/openapi/formhandler/ExtensionOpenApiFormHandlerUnitTest.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2022 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.zaproxy.zap.extension.openapi.formhandler; - -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.is; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.withSettings; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.mockito.quality.Strictness; -import org.parosproxy.paros.control.Control; -import org.parosproxy.paros.extension.ExtensionLoader; -import org.parosproxy.paros.model.Model; -import org.zaproxy.zap.testutils.TestUtils; - -class ExtensionOpenApiFormHandlerUnitTest extends TestUtils { - - private ExtensionLoader extensionLoader; - private ExtensionOpenApiFormHandler extension; - - @BeforeEach - void setUp() { - extension = new ExtensionOpenApiFormHandler(); - extensionLoader = - mock(ExtensionLoader.class, withSettings().strictness(Strictness.LENIENT)); - Control.initSingletonForTesting(Model.getSingleton(), extensionLoader); - } - - @Test - void shouldBeUnloadable() { - assertThat(extension.canUnload(), is(true)); - } -} diff --git a/addOns/soap/CHANGELOG.md b/addOns/soap/CHANGELOG.md index 2d0387bb1a7..475dfb1d229 100644 --- a/addOns/soap/CHANGELOG.md +++ b/addOns/soap/CHANGELOG.md @@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - The Import dialog shows the values used in the previous import when reopened. - Maintenance changes. - Depend on newer versions of Automation Framework and Common Library add-ons (Related to Issue 7961). +- Use Common Library add-on to obtain the Value Generator (Issue 8016). ## [18] - 2023-07-11 ### Changed diff --git a/addOns/soap/soap.gradle.kts b/addOns/soap/soap.gradle.kts index 06936d92f74..20fae57fde1 100644 --- a/addOns/soap/soap.gradle.kts +++ b/addOns/soap/soap.gradle.kts @@ -44,19 +44,6 @@ zapAddOn { } } } - - register("org.zaproxy.zap.extension.soap.formhandler.ExtensionSoapFormHandler") { - classnames { - allowed.set(listOf("org.zaproxy.zap.extension.soap.formhandler")) - } - dependencies { - addOns { - register("formhandler") { - version.set(">=6.0.0 & < 7.0.0") - } - } - } - } } } @@ -69,7 +56,6 @@ zapAddOn { dependencies { zapAddOn("automation") zapAddOn("commonlib") - zapAddOn("formhandler") zapAddOn("spider") implementation("com.predic8:soa-model-core:2.0.1") diff --git a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ExtensionImportWSDL.java b/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ExtensionImportWSDL.java index 40b59973403..d513872d80c 100644 --- a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ExtensionImportWSDL.java +++ b/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ExtensionImportWSDL.java @@ -24,6 +24,7 @@ import java.io.IOException; import java.nio.file.Paths; import java.security.InvalidParameterException; +import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.parosproxy.paros.Constant; @@ -31,16 +32,17 @@ import org.parosproxy.paros.db.Database; import org.parosproxy.paros.db.DatabaseException; import org.parosproxy.paros.db.DatabaseUnsupportedException; +import org.parosproxy.paros.extension.Extension; import org.parosproxy.paros.extension.ExtensionAdaptor; import org.parosproxy.paros.extension.ExtensionHook; import org.parosproxy.paros.extension.SessionChangedListener; import org.parosproxy.paros.model.Session; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.zap.extension.ascan.ExtensionActiveScan; import org.zaproxy.zap.extension.script.ExtensionScript; import org.zaproxy.zap.extension.script.ScriptEngineWrapper; import org.zaproxy.zap.extension.script.ScriptType; import org.zaproxy.zap.extension.script.ScriptWrapper; -import org.zaproxy.zap.model.DefaultValueGenerator; import org.zaproxy.zap.model.ValueGenerator; import org.zaproxy.zap.view.ZapMenuItem; @@ -49,6 +51,9 @@ public class ExtensionImportWSDL extends ExtensionAdaptor { public static final String NAME = "ExtensionImportWSDL"; public static final String STATS_ADDED_URLS = "soap.urls.added"; + private static final List> DEPENDENCIES = + List.of(ExtensionCommonlib.class); + private static final Logger LOGGER = LogManager.getLogger(ExtensionImportWSDL.class); private static final String THREAD_PREFIX = "ZAP-Import-WSDL-"; private static final String SCRIPT_NAME = "SOAP Support.js"; @@ -59,21 +64,22 @@ public class ExtensionImportWSDL extends ExtensionAdaptor { private final TableWsdl table = new TableWsdl(); private final WSDLCustomParser parser = new WSDLCustomParser(this::getValueGenerator, table); - private ValueGenerator valueGenerator; public ExtensionImportWSDL() { super(NAME); this.setOrder(158); - - setValueGenerator(null); } - public void setValueGenerator(ValueGenerator valueGenerator) { - this.valueGenerator = valueGenerator == null ? new DefaultValueGenerator() : valueGenerator; + @Override + public List> getDependencies() { + return DEPENDENCIES; } private ValueGenerator getValueGenerator() { - return valueGenerator; + return Control.getSingleton() + .getExtensionLoader() + .getExtension(ExtensionCommonlib.class) + .getValueGenerator(); } public WSDLCustomParser getParser() { diff --git a/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages.properties b/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages.properties index b9e58a85aee..081680a9b5d 100644 --- a/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages.properties +++ b/addOns/soap/src/main/resources/org/zaproxy/zap/extension/soap/resources/Messages.properties @@ -13,9 +13,6 @@ soap.automation.name = SOAP Automation soap.desc = Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree. -soap.formhandler.desc = SOAP Form Handler Integration -soap.formhandler.name = SOAP Form Handler - soap.importDialog.chooseFileButton = Choose File soap.importDialog.error.fileNotFound = Cannot access the specified file at:\n{0} soap.importDialog.error.missingWsdl = A WSDL file or URL must be specified. diff --git a/addOns/spider/CHANGELOG.md b/addOns/spider/CHANGELOG.md index 905646deac9..162d9358f1f 100644 --- a/addOns/spider/CHANGELOG.md +++ b/addOns/spider/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Maintenance changes. - Depend on newer versions of Automation Framework and Common Library add-ons (Related to Issue 7961). +- Use Common Library add-on to obtain the Value Generator (Issue 8016). ## [0.5.0] - 2023-07-11 ### Changed diff --git a/addOns/spider/spider.gradle.kts b/addOns/spider/spider.gradle.kts index c4584d49b09..0e0ea394990 100644 --- a/addOns/spider/spider.gradle.kts +++ b/addOns/spider/spider.gradle.kts @@ -35,19 +35,6 @@ zapAddOn { } } } - - register("org.zaproxy.addon.spider.formhandler.ExtensionSpiderFormHandler") { - classnames { - allowed.set(listOf("org.zaproxy.addon.spider.formhandler")) - } - dependencies { - addOns { - register("formhandler") { - version.set(">=6.0.0 & < 7.0.0") - } - } - } - } } } @@ -69,7 +56,6 @@ dependencies { zapAddOn("automation") zapAddOn("commonlib") zapAddOn("database") - zapAddOn("formhandler") zapAddOn("network") implementation("io.kaitai:kaitai-struct-runtime:0.10") diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/ExtensionSpider2.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/ExtensionSpider2.java index f936ed51a0a..d656c00325a 100644 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/ExtensionSpider2.java +++ b/addOns/spider/src/main/java/org/zaproxy/addon/spider/ExtensionSpider2.java @@ -34,11 +34,13 @@ import org.parosproxy.paros.Constant; import org.parosproxy.paros.control.Control; import org.parosproxy.paros.control.Control.Mode; +import org.parosproxy.paros.extension.Extension; import org.parosproxy.paros.extension.ExtensionAdaptor; import org.parosproxy.paros.extension.ExtensionHook; import org.parosproxy.paros.extension.SessionChangedListener; import org.parosproxy.paros.model.Session; import org.parosproxy.paros.model.SiteNode; +import org.zaproxy.addon.commonlib.ExtensionCommonlib; import org.zaproxy.addon.spider.filters.FetchFilter; import org.zaproxy.addon.spider.filters.HttpPrefixFetchFilter; import org.zaproxy.addon.spider.filters.ParseFilter; @@ -46,7 +48,6 @@ import org.zaproxy.addon.spider.parser.SvgHrefParser; import org.zaproxy.zap.extension.help.ExtensionHelp; import org.zaproxy.zap.model.Context; -import org.zaproxy.zap.model.DefaultValueGenerator; import org.zaproxy.zap.model.ScanController; import org.zaproxy.zap.model.StructuralNode; import org.zaproxy.zap.model.StructuralSiteNode; @@ -57,9 +58,11 @@ import org.zaproxy.zap.view.ZapMenuItem; public class ExtensionSpider2 extends ExtensionAdaptor implements ScanController { - public static final String NAME = "ExtensionSpider2"; - private ValueGenerator generator = new DefaultValueGenerator(); + private static final List> DEPENDENCIES = + List.of(ExtensionCommonlib.class); + + public static final String NAME = "ExtensionSpider2"; /** The spider panel. */ private SpiderPanel spiderPanel; @@ -106,16 +109,20 @@ public ExtensionSpider2() { } @Override - public void init() { - SpiderEventPublisher.getPublisher(); + public List> getDependencies() { + return DEPENDENCIES; } - public void setValueGenerator(ValueGenerator generator) { - this.generator = generator == null ? new DefaultValueGenerator() : generator; + @Override + public void init() { + SpiderEventPublisher.getPublisher(); } ValueGenerator getValueGenerator() { - return generator; + return Control.getSingleton() + .getExtensionLoader() + .getExtension(ExtensionCommonlib.class) + .getValueGenerator(); } @Override diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/formhandler/ExtensionSpiderFormHandler.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/formhandler/ExtensionSpiderFormHandler.java deleted file mode 100644 index 6eb4eeb3cce..00000000000 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/formhandler/ExtensionSpiderFormHandler.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2022 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.zaproxy.addon.spider.formhandler; - -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import org.parosproxy.paros.Constant; -import org.parosproxy.paros.control.Control; -import org.parosproxy.paros.extension.Extension; -import org.parosproxy.paros.extension.ExtensionAdaptor; -import org.parosproxy.paros.extension.ExtensionHook; -import org.zaproxy.addon.spider.ExtensionSpider2; -import org.zaproxy.zap.extension.formhandler.ExtensionFormHandler; -import org.zaproxy.zap.model.ValueGenerator; - -public class ExtensionSpiderFormHandler extends ExtensionAdaptor { - - private static final List> DEPENDENCIES = - Collections.unmodifiableList( - Arrays.asList(ExtensionFormHandler.class, ExtensionSpider2.class)); - - @Override - public String getUIName() { - return Constant.messages.getString("spider.formhandler.name"); - } - - @Override - public String getDescription() { - return Constant.messages.getString("spider.formhandler.desc"); - } - - @Override - public List> getDependencies() { - return DEPENDENCIES; - } - - @Override - public void hook(ExtensionHook extensionHook) { - ValueGenerator valueGenerator = - getExtension(ExtensionFormHandler.class).getValueGenerator(); - getExtension(ExtensionSpider2.class).setValueGenerator(valueGenerator); - } - - private static T getExtension(Class clazz) { - return Control.getSingleton().getExtensionLoader().getExtension(clazz); - } - - @Override - public boolean canUnload() { - return true; - } - - @Override - public void unload() { - getExtension(ExtensionSpider2.class).setValueGenerator(null); - } -} diff --git a/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages.properties b/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages.properties index b9b71c12c35..925195b8d1a 100644 --- a/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages.properties +++ b/addOns/spider/src/main/resources/org/zaproxy/addon/spider/resources/Messages.properties @@ -198,9 +198,6 @@ spider.custom.tab.scope = Scope spider.custom.targetNotInScope.error = The following target is not allowed in 'Protected' mode:\n{0} spider.custom.title = Spider -spider.formhandler.desc = Spider Form Handler Integration -spider.formhandler.name = Spider Form Handler - spider.label.inScope = URI found during crawl: spider.label.outOfScope = URI found but out of crawl scope: