From 90eb89818f43ebb92059be42d46db700f08db2d0 Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 07:17:12 -0600 Subject: [PATCH 01/19] kotlin scripting support --- addOns/kotlin/CHANGELOG.md | 8 ++ addOns/kotlin/kotlin.gradle.kts | 27 +++++++ .../zap/extension/kotlin/ExtensionKotlin.kt | 76 ++++++++++++++++++ .../extension/kotlin/KotlinEngineWrapper.kt | 64 +++++++++++++++ .../kotlin/KotlinScriptEngineFactory.kt | 55 +++++++++++++ .../kotlin/resources/Messages.properties | 3 + .../zap/extension/kotlin/resources/kotlin.png | Bin 0 -> 484 bytes .../Authentication default template.kts | 43 ++++++++++ .../Standalone default template.kts | 5 ++ .../zap/extension/kotlin/KotlinScriptTest.kt | 50 ++++++++++++ settings.gradle.kts | 1 + 11 files changed, 332 insertions(+) create mode 100644 addOns/kotlin/CHANGELOG.md create mode 100644 addOns/kotlin/kotlin.gradle.kts create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt create mode 100644 addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties create mode 100644 addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png create mode 100644 addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts create mode 100644 addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts create mode 100644 addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md new file mode 100644 index 00000000000..27e2f3386dc --- /dev/null +++ b/addOns/kotlin/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog +All notable changes to this add-on will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + +## Alpha + +- Kotlin scripting for the JVM \ No newline at end of file diff --git a/addOns/kotlin/kotlin.gradle.kts b/addOns/kotlin/kotlin.gradle.kts new file mode 100644 index 00000000000..0ec92e6a741 --- /dev/null +++ b/addOns/kotlin/kotlin.gradle.kts @@ -0,0 +1,27 @@ +import org.zaproxy.gradle.addon.AddOnStatus + +plugins { + kotlin("jvm") version "1.3.50" +} + +version = "1" +description = "Allows Kotlin to be used for ZAP scripting - templates included" + +zapAddOn { + addOnName.set("Kotlin Scripting") + addOnStatus.set(AddOnStatus.ALPHA) + zapVersion.set("2.9.0") + + manifest { + author.set("StackHawk Engineering") + } +} + +dependencies { + implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8") + implementation("org.jetbrains.kotlin:kotlin-compiler-embeddable") + implementation("org.jetbrains.kotlin:kotlin-scripting-compiler-embeddable") + implementation("org.jetbrains.kotlin:kotlin-script-util") + + testImplementation(project(":testutils")) +} diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt new file mode 100644 index 00000000000..5b00f505614 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt @@ -0,0 +1,76 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.apache.log4j.Logger +import org.parosproxy.paros.control.Control +import org.parosproxy.paros.extension.Extension +import org.parosproxy.paros.extension.ExtensionAdaptor +import org.parosproxy.paros.extension.ExtensionHook +import org.parosproxy.paros.view.View +import org.zaproxy.zap.ZAP +import org.zaproxy.zap.control.ExtensionFactory +import org.zaproxy.zap.extension.script.ExtensionScript +import javax.swing.ImageIcon + +class ExtensionKotlin : ExtensionAdaptor(NAME) { + + + companion object { + val NAME = "ExtensionKotlin" + val TEAM_NAME = "StackHawk Engineering" + val KOTLIN_ICON: ImageIcon? = if (View.isInitialised()) ImageIcon( + ExtensionKotlin::class.java.getResource( + "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) else null + + val EXTENSION_DEPENDENCIES: List> = listOf(ExtensionScript::class.java) + private val LOGGER: Logger = Logger.getLogger(ExtensionKotlin::class.java) + } + + init { + order = 9999 + + } + + override fun hook(extensionHook: ExtensionHook?) { + super.hook(extensionHook) + + LOGGER.info("Hooking Kotlin Scripting Extension") + + val zapJar = ZAP::class.java.protectionDomain.codeSource.location.file + + LOGGER.info("Loading Kotlin engine...") + val cl = ExtensionFactory.getAddOnLoader() + cl.urLs.forEach { LOGGER.info(it) } + extScript + .registerScriptEngineWrapper( + KotlinEngineWrapper(KotlinScriptEngineFactory(cl, zapJar.toString()))) + LOGGER.info("Kotlin engine loaded.") + + } + + private val extScript: ExtensionScript by lazy { + Control.getSingleton() + .extensionLoader + .getExtension(ExtensionScript.NAME) as ExtensionScript + } + +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt new file mode 100644 index 00000000000..d1128e7eed9 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt @@ -0,0 +1,64 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.fife.ui.rsyntaxtextarea.SyntaxConstants +import org.parosproxy.paros.Constant +import org.parosproxy.paros.extension.Extension +import org.zaproxy.zap.extension.script.DefaultEngineWrapper +import javax.script.ScriptEngine +import javax.script.ScriptEngineFactory +import javax.swing.ImageIcon + +class KotlinEngineWrapper(scriptEngineFactory: ScriptEngineFactory): DefaultEngineWrapper(scriptEngineFactory) { + + override fun getExtensions(): MutableList { + return mutableListOf("kts") + } + + override fun getIcon(): ImageIcon? { + return ExtensionKotlin.KOTLIN_ICON + } + + override fun getEngine(): ScriptEngine { + return super.getEngine() + } + + override fun getSyntaxStyle(): String { + return SyntaxConstants.SYNTAX_STYLE_NONE + } + + fun getAuthor(): String { + return ExtensionKotlin.TEAM_NAME + } + + fun getDescription(): String { + return Constant.messages.getString("kotlin.desc") + } + + fun getDependencies(): List> { + return ExtensionKotlin.EXTENSION_DEPENDENCIES + } + + override fun isRawEngine(): Boolean { + return false + } +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt new file mode 100644 index 00000000000..e5ee130d713 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt @@ -0,0 +1,55 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase +import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes +import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine +import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate +import java.io.File +import javax.script.Bindings +import javax.script.ScriptContext +import javax.script.ScriptEngine +import kotlin.script.experimental.jvm.util.scriptCompilationClasspathFromContextOrStdlib + +class KotlinScriptEngineFactory(private val classLoader: ClassLoader, + private val zapJar: String? = null) : KotlinJsr223JvmScriptEngineFactoryBase() { + override fun getScriptEngine(): ScriptEngine { + val clJars = scriptCompilationClasspathFromContextOrStdlib("kotlin-stdlib", + wholeClasspath = true, + classLoader = classLoader) + val jars = if (zapJar != null) { + clJars + File(zapJar) + } else { + clJars + } + return KotlinJsr223JvmLocalScriptEngine( + this, + jars, + KotlinStandardJsr223ScriptTemplate::class.qualifiedName!!, + { ctx, types -> + ScriptArgsWithTypes(arrayOf(ctx.getBindings(ScriptContext.ENGINE_SCOPE)), types ?: emptyArray()) + }, + arrayOf(Bindings::class) + ) + } + +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties new file mode 100644 index 00000000000..bc4aa83d580 --- /dev/null +++ b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties @@ -0,0 +1,3 @@ + +kotlin.desc = Allows Kotlin to be used for ZAP scripting +kotlin.options.title = Kotlin diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png new file mode 100644 index 0000000000000000000000000000000000000000..ad3db01f81710a414604cc724fe197ba99af5217 GIT binary patch literal 484 zcmVAxC)(xlDzX>1)Z(UolX($QZyJEbFbeXaC4^C?E*0;d$?on2)A!w+g+9`Gr_K`_@CUAeW7tAPiu3Xl|umlC5t>fe>eDO zPx_ImDJp}{2gu`5NDf%NxYuer6FwMpN|MObSVtg3VEt0u-Z(Qo^~;fjrUDI}vFupL a$, + credentials: GenericAuthenticationCredentials): HttpMessage { + + println("Kotlin auth template") + println("creds: $credentials") + println("PARAM: ${paramsValues["exampleParam1"]}") + val msg = helper.prepareMessage() + msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI("http://localhost:3000", true), HttpHeader.HTTP11) + println("msg: $msg ${msg.requestHeader.headers.size}") + msg.requestHeader.headers.forEach { println(it) } + helper.sendAndReceive(msg) + return msg +} + +fun getRequiredParamsNames(): Array { + return arrayOf("exampleParam1") +} + +fun getOptionalParamsNames(): Array { + return arrayOf() +} + +fun getCredentialsParamsNames(): Array { + return arrayOf("username", "password") +} + +fun getLoggedInIndicator(): String { + return "Sign Out" +} + +fun getLoggedOutIndicator(): String { + return "Sign In" +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts new file mode 100644 index 00000000000..780d3284500 --- /dev/null +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -0,0 +1,5 @@ +import org.parosproxy.paros.network.HttpMessage + +val msg = HttpMessage() +println(msg) +println("freedom") diff --git a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt new file mode 100644 index 00000000000..0530affd2d4 --- /dev/null +++ b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt @@ -0,0 +1,50 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.junit.jupiter.api.BeforeAll +import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates +import java.nio.charset.StandardCharsets +import java.nio.file.Files +import java.nio.file.Path +import javax.script.Compilable + +class KotlinScriptTest : AbstractVerifyScriptTemplates() { + + companion object { + lateinit var se: Compilable + @BeforeAll + @JvmStatic + fun setUp() { + se = KotlinScriptEngineFactory(Thread.currentThread().contextClassLoader).scriptEngine as Compilable + } + } + + override fun getScriptExtension(): String? { + return ".kts" + } + + override fun parseTemplate(template: Path?) { + val reader = Files.newBufferedReader(template, StandardCharsets.UTF_8) + val s = se.compile(reader) + s.eval() + } +} \ No newline at end of file diff --git a/settings.gradle.kts b/settings.gradle.kts index 9879c2fe0e8..77bfd81d3b8 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -51,6 +51,7 @@ var addOns = listOf( "jruby", "jsonview", "jython", + "kotlin", "onlineMenu", "openapi", "plugnhack", From 911eca6d5603079c9fb122b55c7ba66a5b001b7e Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 10:55:13 -0600 Subject: [PATCH 02/19] script template updates --- .../Authentication default template.kts | 11 +++++++---- .../standalone/Standalone default template.kts | 5 +---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts index fbf04a909f1..06683ab8fd0 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts @@ -6,16 +6,19 @@ import org.parosproxy.paros.network.HttpRequestHeader import org.zaproxy.zap.authentication.AuthenticationHelper import org.zaproxy.zap.authentication.GenericAuthenticationCredentials +val PARAM_TARGET_URL = "targetUrl" + fun authenticate( helper: AuthenticationHelper, paramsValues: Map, credentials: GenericAuthenticationCredentials): HttpMessage { println("Kotlin auth template") - println("creds: $credentials") - println("PARAM: ${paramsValues["exampleParam1"]}") + + println("TARGET_URL: ${paramsValues[PARAM_TARGET_URL]}") val msg = helper.prepareMessage() - msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI("http://localhost:3000", true), HttpHeader.HTTP11) + msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI(paramsValues[PARAM_TARGET_URL], true), + HttpHeader.HTTP11) println("msg: $msg ${msg.requestHeader.headers.size}") msg.requestHeader.headers.forEach { println(it) } helper.sendAndReceive(msg) @@ -23,7 +26,7 @@ fun authenticate( } fun getRequiredParamsNames(): Array { - return arrayOf("exampleParam1") + return arrayOf(PARAM_TARGET_URL) } fun getOptionalParamsNames(): Array { diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts index 780d3284500..dc1f17b031b 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -1,5 +1,2 @@ -import org.parosproxy.paros.network.HttpMessage -val msg = HttpMessage() -println(msg) -println("freedom") +println("KaaKaawwtlin!!") From 6b1bbeb42c793b27761c05f24e355dc45f9159ce Mon Sep 17 00:00:00 2001 From: kingthorin Date: Wed, 10 Jun 2020 15:19:19 -0400 Subject: [PATCH 03/19] Fix IndexOutOfBounds Exception when showing tabs - In wappalyzer (postInstall) and websocket (onHandshakeResponse) when extension panels/tabs are shown ensure it's done in EDT thus preventing the exception that was manifesting. - Add a Fix entry to the CHANGELOGs. Signed-off-by: kingthorin Signed-off-by: kberg --- addOns/wappalyzer/CHANGELOG.md | 3 +++ .../extension/wappalyzer/ExtensionWappalyzer.java | 15 +++++++++------ addOns/websocket/CHANGELOG.md | 1 + .../extension/websocket/ExtensionWebSocket.java | 8 ++++++-- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index 02eed51323e..3fa78fbb26c 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -7,6 +7,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Update RE2/J library to latest version (1.4). +### Fixed +- Fixed an exception which was occurring when the tab was shown during install. + ## [19] - 2020-06-09 ### Changed - Updated with upstream Wappalyzer icon and pattern changes. diff --git a/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java b/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java index 3266287dc4b..97bc827381e 100644 --- a/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java +++ b/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java @@ -379,12 +379,15 @@ public void sessionScopeChanged(Session arg0) { public void postInstall() { super.postInstall(); if (getView() != null) { - getTechPanel().setTabFocus(); - // Un-comment to test icon rendering - /* - * getApplications() .forEach( app -> addApplicationsToSite( "http://localhost", new - * ApplicationMatch(app))); - */ + EventQueue.invokeLater( + () -> { + getTechPanel().setTabFocus(); + // Un-comment to test icon rendering + /* + * getApplications() .forEach( app -> addApplicationsToSite( "http://localhost", + * new ApplicationMatch(app))); + */ + }); } } } diff --git a/addOns/websocket/CHANGELOG.md b/addOns/websocket/CHANGELOG.md index 3a4ef31d335..795008d7fb3 100644 --- a/addOns/websocket/CHANGELOG.md +++ b/addOns/websocket/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Correctly handle API request without parameters. +- Fixed an exception which was occurring when the tab was shown when a handshake response was first encountered during a ZAP session. ## [21] - 2020-01-17 ### Added diff --git a/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java b/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java index fb0528df3fd..c575fbc9064 100644 --- a/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java +++ b/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java @@ -19,6 +19,7 @@ */ package org.zaproxy.zap.extension.websocket; +import java.awt.EventQueue; import java.io.File; import java.io.IOException; import java.io.InputStream; @@ -741,10 +742,13 @@ public boolean onHandshakeResponse( logger.debug( "Got WebSockets upgrade request. Handle socket connection over to WebSockets extension."); if (focusWebSocketsTabOnHandshake) { - // Show the tab in case its been closed - this.getWebSocketPanel().setTabFocus(); // Don't constantly request focus on the tab, once is enough. focusWebSocketsTabOnHandshake = false; + EventQueue.invokeLater( + () -> { + // Show the tab in case its been closed + this.getWebSocketPanel().setTabFocus(); + }); } if (method != null) { From c013cdd5a46c16fd671e4045b84f17587229231f Mon Sep 17 00:00:00 2001 From: "Anders K. Madsen" Date: Thu, 11 Jun 2020 17:26:57 +0200 Subject: [PATCH 04/19] Make Ruby passive template work again (#2439) ZAP complained about `appliesToHistoryType()` missing. Signed-off-by: Anders K. Madsen Signed-off-by: kberg --- addOns/jruby/CHANGELOG.md | 1 + .../scripts/templates/passive/Passive default template.rb | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/addOns/jruby/CHANGELOG.md b/addOns/jruby/CHANGELOG.md index 1180d12e648..fb4a3fb9f10 100644 --- a/addOns/jruby/CHANGELOG.md +++ b/addOns/jruby/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Fix link in a script template. - Fix exception while uninstalling the add-on with newer Java versions. +- Fix passive template. ## 6 - 2017-11-27 diff --git a/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb b/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb index 042e4c9e046..181d76f30a6 100644 --- a/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb +++ b/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb @@ -6,6 +6,7 @@ require 'java' java_package 'org.zaproxy.zap.extension.pscan' java_import 'org.zaproxy.zap.extension.pscan.PassiveScript' +java_import 'org.zaproxy.zap.extension.pscan.PluginPassiveScanner' java_import 'org.zaproxy.zap.extension.pscan.scanner.ScriptsPassiveScanner' java_import 'org.parosproxy.paros.network.HttpMessage' java_import 'net.htmlparser.jericho.Source' @@ -35,5 +36,10 @@ def scan(ps, msg, src) end end +# Tells whether or not the scanner applies to the given history type. +def appliesToHistoryType(historyType) + PluginPassiveScanner.getDefaultHistoryTypes().include?(historyType); +end + # This is required - dont delete it or you'll break the script -JRubyPassiveScript.new \ No newline at end of file +JRubyPassiveScript.new From e18c5a8400ec31c9216c24255e391f30c00674d2 Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 07:17:12 -0600 Subject: [PATCH 05/19] kotlin scripting support Signed-off-by: kberg --- addOns/kotlin/CHANGELOG.md | 8 ++ addOns/kotlin/kotlin.gradle.kts | 27 +++++++ .../zap/extension/kotlin/ExtensionKotlin.kt | 76 ++++++++++++++++++ .../extension/kotlin/KotlinEngineWrapper.kt | 64 +++++++++++++++ .../kotlin/KotlinScriptEngineFactory.kt | 55 +++++++++++++ .../kotlin/resources/Messages.properties | 3 + .../zap/extension/kotlin/resources/kotlin.png | Bin 0 -> 484 bytes .../Authentication default template.kts | 43 ++++++++++ .../Standalone default template.kts | 5 ++ .../zap/extension/kotlin/KotlinScriptTest.kt | 50 ++++++++++++ settings.gradle.kts | 1 + 11 files changed, 332 insertions(+) create mode 100644 addOns/kotlin/CHANGELOG.md create mode 100644 addOns/kotlin/kotlin.gradle.kts create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt create mode 100644 addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties create mode 100644 addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png create mode 100644 addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts create mode 100644 addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts create mode 100644 addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md new file mode 100644 index 00000000000..27e2f3386dc --- /dev/null +++ b/addOns/kotlin/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog +All notable changes to this add-on will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + +## Alpha + +- Kotlin scripting for the JVM \ No newline at end of file diff --git a/addOns/kotlin/kotlin.gradle.kts b/addOns/kotlin/kotlin.gradle.kts new file mode 100644 index 00000000000..0ec92e6a741 --- /dev/null +++ b/addOns/kotlin/kotlin.gradle.kts @@ -0,0 +1,27 @@ +import org.zaproxy.gradle.addon.AddOnStatus + +plugins { + kotlin("jvm") version "1.3.50" +} + +version = "1" +description = "Allows Kotlin to be used for ZAP scripting - templates included" + +zapAddOn { + addOnName.set("Kotlin Scripting") + addOnStatus.set(AddOnStatus.ALPHA) + zapVersion.set("2.9.0") + + manifest { + author.set("StackHawk Engineering") + } +} + +dependencies { + implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8") + implementation("org.jetbrains.kotlin:kotlin-compiler-embeddable") + implementation("org.jetbrains.kotlin:kotlin-scripting-compiler-embeddable") + implementation("org.jetbrains.kotlin:kotlin-script-util") + + testImplementation(project(":testutils")) +} diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt new file mode 100644 index 00000000000..5b00f505614 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt @@ -0,0 +1,76 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.apache.log4j.Logger +import org.parosproxy.paros.control.Control +import org.parosproxy.paros.extension.Extension +import org.parosproxy.paros.extension.ExtensionAdaptor +import org.parosproxy.paros.extension.ExtensionHook +import org.parosproxy.paros.view.View +import org.zaproxy.zap.ZAP +import org.zaproxy.zap.control.ExtensionFactory +import org.zaproxy.zap.extension.script.ExtensionScript +import javax.swing.ImageIcon + +class ExtensionKotlin : ExtensionAdaptor(NAME) { + + + companion object { + val NAME = "ExtensionKotlin" + val TEAM_NAME = "StackHawk Engineering" + val KOTLIN_ICON: ImageIcon? = if (View.isInitialised()) ImageIcon( + ExtensionKotlin::class.java.getResource( + "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) else null + + val EXTENSION_DEPENDENCIES: List> = listOf(ExtensionScript::class.java) + private val LOGGER: Logger = Logger.getLogger(ExtensionKotlin::class.java) + } + + init { + order = 9999 + + } + + override fun hook(extensionHook: ExtensionHook?) { + super.hook(extensionHook) + + LOGGER.info("Hooking Kotlin Scripting Extension") + + val zapJar = ZAP::class.java.protectionDomain.codeSource.location.file + + LOGGER.info("Loading Kotlin engine...") + val cl = ExtensionFactory.getAddOnLoader() + cl.urLs.forEach { LOGGER.info(it) } + extScript + .registerScriptEngineWrapper( + KotlinEngineWrapper(KotlinScriptEngineFactory(cl, zapJar.toString()))) + LOGGER.info("Kotlin engine loaded.") + + } + + private val extScript: ExtensionScript by lazy { + Control.getSingleton() + .extensionLoader + .getExtension(ExtensionScript.NAME) as ExtensionScript + } + +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt new file mode 100644 index 00000000000..d1128e7eed9 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt @@ -0,0 +1,64 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.fife.ui.rsyntaxtextarea.SyntaxConstants +import org.parosproxy.paros.Constant +import org.parosproxy.paros.extension.Extension +import org.zaproxy.zap.extension.script.DefaultEngineWrapper +import javax.script.ScriptEngine +import javax.script.ScriptEngineFactory +import javax.swing.ImageIcon + +class KotlinEngineWrapper(scriptEngineFactory: ScriptEngineFactory): DefaultEngineWrapper(scriptEngineFactory) { + + override fun getExtensions(): MutableList { + return mutableListOf("kts") + } + + override fun getIcon(): ImageIcon? { + return ExtensionKotlin.KOTLIN_ICON + } + + override fun getEngine(): ScriptEngine { + return super.getEngine() + } + + override fun getSyntaxStyle(): String { + return SyntaxConstants.SYNTAX_STYLE_NONE + } + + fun getAuthor(): String { + return ExtensionKotlin.TEAM_NAME + } + + fun getDescription(): String { + return Constant.messages.getString("kotlin.desc") + } + + fun getDependencies(): List> { + return ExtensionKotlin.EXTENSION_DEPENDENCIES + } + + override fun isRawEngine(): Boolean { + return false + } +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt new file mode 100644 index 00000000000..e5ee130d713 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt @@ -0,0 +1,55 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase +import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes +import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine +import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate +import java.io.File +import javax.script.Bindings +import javax.script.ScriptContext +import javax.script.ScriptEngine +import kotlin.script.experimental.jvm.util.scriptCompilationClasspathFromContextOrStdlib + +class KotlinScriptEngineFactory(private val classLoader: ClassLoader, + private val zapJar: String? = null) : KotlinJsr223JvmScriptEngineFactoryBase() { + override fun getScriptEngine(): ScriptEngine { + val clJars = scriptCompilationClasspathFromContextOrStdlib("kotlin-stdlib", + wholeClasspath = true, + classLoader = classLoader) + val jars = if (zapJar != null) { + clJars + File(zapJar) + } else { + clJars + } + return KotlinJsr223JvmLocalScriptEngine( + this, + jars, + KotlinStandardJsr223ScriptTemplate::class.qualifiedName!!, + { ctx, types -> + ScriptArgsWithTypes(arrayOf(ctx.getBindings(ScriptContext.ENGINE_SCOPE)), types ?: emptyArray()) + }, + arrayOf(Bindings::class) + ) + } + +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties new file mode 100644 index 00000000000..bc4aa83d580 --- /dev/null +++ b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties @@ -0,0 +1,3 @@ + +kotlin.desc = Allows Kotlin to be used for ZAP scripting +kotlin.options.title = Kotlin diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png new file mode 100644 index 0000000000000000000000000000000000000000..ad3db01f81710a414604cc724fe197ba99af5217 GIT binary patch literal 484 zcmVAxC)(xlDzX>1)Z(UolX($QZyJEbFbeXaC4^C?E*0;d$?on2)A!w+g+9`Gr_K`_@CUAeW7tAPiu3Xl|umlC5t>fe>eDO zPx_ImDJp}{2gu`5NDf%NxYuer6FwMpN|MObSVtg3VEt0u-Z(Qo^~;fjrUDI}vFupL a$, + credentials: GenericAuthenticationCredentials): HttpMessage { + + println("Kotlin auth template") + println("creds: $credentials") + println("PARAM: ${paramsValues["exampleParam1"]}") + val msg = helper.prepareMessage() + msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI("http://localhost:3000", true), HttpHeader.HTTP11) + println("msg: $msg ${msg.requestHeader.headers.size}") + msg.requestHeader.headers.forEach { println(it) } + helper.sendAndReceive(msg) + return msg +} + +fun getRequiredParamsNames(): Array { + return arrayOf("exampleParam1") +} + +fun getOptionalParamsNames(): Array { + return arrayOf() +} + +fun getCredentialsParamsNames(): Array { + return arrayOf("username", "password") +} + +fun getLoggedInIndicator(): String { + return "Sign Out" +} + +fun getLoggedOutIndicator(): String { + return "Sign In" +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts new file mode 100644 index 00000000000..780d3284500 --- /dev/null +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -0,0 +1,5 @@ +import org.parosproxy.paros.network.HttpMessage + +val msg = HttpMessage() +println(msg) +println("freedom") diff --git a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt new file mode 100644 index 00000000000..0530affd2d4 --- /dev/null +++ b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt @@ -0,0 +1,50 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.junit.jupiter.api.BeforeAll +import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates +import java.nio.charset.StandardCharsets +import java.nio.file.Files +import java.nio.file.Path +import javax.script.Compilable + +class KotlinScriptTest : AbstractVerifyScriptTemplates() { + + companion object { + lateinit var se: Compilable + @BeforeAll + @JvmStatic + fun setUp() { + se = KotlinScriptEngineFactory(Thread.currentThread().contextClassLoader).scriptEngine as Compilable + } + } + + override fun getScriptExtension(): String? { + return ".kts" + } + + override fun parseTemplate(template: Path?) { + val reader = Files.newBufferedReader(template, StandardCharsets.UTF_8) + val s = se.compile(reader) + s.eval() + } +} \ No newline at end of file diff --git a/settings.gradle.kts b/settings.gradle.kts index 9879c2fe0e8..77bfd81d3b8 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -51,6 +51,7 @@ var addOns = listOf( "jruby", "jsonview", "jython", + "kotlin", "onlineMenu", "openapi", "plugnhack", From 4c99d2d20c8d4af7907e8bc1a5fa6f88eaf7a40f Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 10:55:13 -0600 Subject: [PATCH 06/19] script template updates Signed-off-by: kberg --- .../Authentication default template.kts | 11 +++++++---- .../standalone/Standalone default template.kts | 5 +---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts index fbf04a909f1..06683ab8fd0 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts @@ -6,16 +6,19 @@ import org.parosproxy.paros.network.HttpRequestHeader import org.zaproxy.zap.authentication.AuthenticationHelper import org.zaproxy.zap.authentication.GenericAuthenticationCredentials +val PARAM_TARGET_URL = "targetUrl" + fun authenticate( helper: AuthenticationHelper, paramsValues: Map, credentials: GenericAuthenticationCredentials): HttpMessage { println("Kotlin auth template") - println("creds: $credentials") - println("PARAM: ${paramsValues["exampleParam1"]}") + + println("TARGET_URL: ${paramsValues[PARAM_TARGET_URL]}") val msg = helper.prepareMessage() - msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI("http://localhost:3000", true), HttpHeader.HTTP11) + msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI(paramsValues[PARAM_TARGET_URL], true), + HttpHeader.HTTP11) println("msg: $msg ${msg.requestHeader.headers.size}") msg.requestHeader.headers.forEach { println(it) } helper.sendAndReceive(msg) @@ -23,7 +26,7 @@ fun authenticate( } fun getRequiredParamsNames(): Array { - return arrayOf("exampleParam1") + return arrayOf(PARAM_TARGET_URL) } fun getOptionalParamsNames(): Array { diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts index 780d3284500..dc1f17b031b 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -1,5 +1,2 @@ -import org.parosproxy.paros.network.HttpMessage -val msg = HttpMessage() -println(msg) -println("freedom") +println("KaaKaawwtlin!!") From 49db2b7068d2f41528987c4363dc9c73d476ed33 Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 19:38:49 -0600 Subject: [PATCH 07/19] kotlin addon in java Signed-off-by: kberg --- addOns/kotlin/CHANGELOG.md | 2 +- addOns/kotlin/kotlin.gradle.kts | 6 +- .../zap/extension/kotlin/ExtensionKotlin.java | 86 +++++++++++++++++++ .../extension/kotlin/KotlinEngineWrapper.java | 54 ++++++++++++ .../kotlin/KotlinScriptEngineFactory.java | 61 +++++++++++++ .../zap/extension/kotlin/ExtensionKotlin.kt | 76 ---------------- .../extension/kotlin/KotlinEngineWrapper.kt | 64 -------------- .../kotlin/KotlinScriptEngineFactory.kt | 55 ------------ .../kotlin/resources/Messages.properties | 5 +- .../Authentication default template.kts | 1 - .../Standalone default template.kts | 3 +- .../kotlin/VerifyScriptTemplates.java | 57 ++++++++++++ .../zap/extension/kotlin/KotlinScriptTest.kt | 50 ----------- 13 files changed, 266 insertions(+), 254 deletions(-) create mode 100644 addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java create mode 100644 addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java create mode 100644 addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt create mode 100644 addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java delete mode 100644 addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md index 27e2f3386dc..71106474244 100644 --- a/addOns/kotlin/CHANGELOG.md +++ b/addOns/kotlin/CHANGELOG.md @@ -3,6 +3,6 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## Alpha +## Unreleased - Kotlin scripting for the JVM \ No newline at end of file diff --git a/addOns/kotlin/kotlin.gradle.kts b/addOns/kotlin/kotlin.gradle.kts index 0ec92e6a741..7174dc4dd89 100644 --- a/addOns/kotlin/kotlin.gradle.kts +++ b/addOns/kotlin/kotlin.gradle.kts @@ -4,11 +4,11 @@ plugins { kotlin("jvm") version "1.3.50" } -version = "1" -description = "Allows Kotlin to be used for ZAP scripting - templates included" +version = "1.0.0" +description = "Allows Kotlin to be used for ZAP scripting - (some) templates included" zapAddOn { - addOnName.set("Kotlin Scripting") + addOnName.set("Kotlin Support") addOnStatus.set(AddOnStatus.ALPHA) zapVersion.set("2.9.0") diff --git a/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java new file mode 100644 index 00000000000..e7167958511 --- /dev/null +++ b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java @@ -0,0 +1,86 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import javax.swing.*; +import org.apache.log4j.Logger; +import org.parosproxy.paros.control.Control; +import org.parosproxy.paros.extension.Extension; +import org.parosproxy.paros.extension.ExtensionAdaptor; +import org.parosproxy.paros.extension.ExtensionHook; +import org.parosproxy.paros.view.View; +import org.zaproxy.zap.ZAP; +import org.zaproxy.zap.control.AddOnLoader; +import org.zaproxy.zap.control.ExtensionFactory; +import org.zaproxy.zap.extension.script.ExtensionScript; + +public class ExtensionKotlin extends ExtensionAdaptor { + + public static final String NAME = "ExtensionKotlin"; + public static final int EXTENSION_ORDER = 9999; + public static final ImageIcon KOTLIN_ICON; + private static final List> EXTENSION_DEPENDENCIES; + private static final Logger LOGGER = Logger.getLogger(ExtensionKotlin.class); + + static { + List> dependencies = new ArrayList<>(1); + dependencies.add(ExtensionScript.class); + EXTENSION_DEPENDENCIES = Collections.unmodifiableList(dependencies); + + KOTLIN_ICON = + View.isInitialised() + ? new ImageIcon( + ExtensionKotlin.class.getResource( + "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) + : null; + } + + public ExtensionKotlin() { + super(NAME); + setOrder(EXTENSION_ORDER); + } + + @Override + public void hook(ExtensionHook extensionHook) { + super.hook(extensionHook); + + LOGGER.debug("Hooking Kotlin Scripting Extension"); + String zapJar = ZAP.class.getProtectionDomain().getCodeSource().getLocation().getFile(); + + LOGGER.debug("Loading Kotlin engine..."); + AddOnLoader addonLoader = ExtensionFactory.getAddOnLoader(); + Arrays.stream(addonLoader.getURLs()).forEach(LOGGER::debug); + KotlinScriptEngineFactory factory = new KotlinScriptEngineFactory(addonLoader, zapJar); + getExtScript().registerScriptEngineWrapper(new KotlinEngineWrapper(factory)); + LOGGER.debug("Kotlin engine loaded."); + } + + public List> getDependencies() { + return EXTENSION_DEPENDENCIES; + } + + private ExtensionScript getExtScript() { + return Control.getSingleton().getExtensionLoader().getExtension(ExtensionScript.class); + } +} diff --git a/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java new file mode 100644 index 00000000000..8df0201ff26 --- /dev/null +++ b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java @@ -0,0 +1,54 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.util.Collections; +import java.util.List; +import javax.script.ScriptEngineFactory; +import javax.swing.*; +import org.fife.ui.rsyntaxtextarea.SyntaxConstants; +import org.zaproxy.zap.extension.script.DefaultEngineWrapper; + +public class KotlinEngineWrapper extends DefaultEngineWrapper { + + @Override + public ImageIcon getIcon() { + return ExtensionKotlin.KOTLIN_ICON; + } + + @Override + public String getSyntaxStyle() { + return SyntaxConstants.SYNTAX_STYLE_NONE; + } + + @Override + public boolean isRawEngine() { + return false; + } + + @Override + public List getExtensions() { + return Collections.singletonList("kts"); + } + + public KotlinEngineWrapper(ScriptEngineFactory factory) { + super(factory); + } +} diff --git a/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java new file mode 100644 index 00000000000..1bab7f3f01c --- /dev/null +++ b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java @@ -0,0 +1,61 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.io.File; +import java.util.List; +import javax.script.Bindings; +import javax.script.ScriptContext; +import javax.script.ScriptEngine; +import kotlin.jvm.JvmClassMappingKt; +import kotlin.reflect.KClass; +import kotlin.script.experimental.jvm.util.JvmClasspathUtilKt; +import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase; +import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes; +import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine; +import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate; + +public class KotlinScriptEngineFactory extends KotlinJsr223JvmScriptEngineFactoryBase { + + private final List jars; + + public KotlinScriptEngineFactory(ClassLoader classLoader, String zapJar) { + List clJars = + JvmClasspathUtilKt.scriptCompilationClasspathFromContextOrStdlib( + new String[] {"kotlin-stdlib"}, classLoader, true); + if (zapJar != null) { + clJars.add(new File(zapJar)); + } + jars = clJars; + } + + @Override + public ScriptEngine getScriptEngine() { + return new KotlinJsr223JvmLocalScriptEngine( + this, + jars, + KotlinStandardJsr223ScriptTemplate.class.getName(), + (ctx, types) -> + new ScriptArgsWithTypes( + new Bindings[] {ctx.getBindings(ScriptContext.ENGINE_SCOPE)}, + types), + new KClass[] {JvmClassMappingKt.getKotlinClass(Bindings.class)}); + } +} diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt deleted file mode 100644 index 5b00f505614..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.apache.log4j.Logger -import org.parosproxy.paros.control.Control -import org.parosproxy.paros.extension.Extension -import org.parosproxy.paros.extension.ExtensionAdaptor -import org.parosproxy.paros.extension.ExtensionHook -import org.parosproxy.paros.view.View -import org.zaproxy.zap.ZAP -import org.zaproxy.zap.control.ExtensionFactory -import org.zaproxy.zap.extension.script.ExtensionScript -import javax.swing.ImageIcon - -class ExtensionKotlin : ExtensionAdaptor(NAME) { - - - companion object { - val NAME = "ExtensionKotlin" - val TEAM_NAME = "StackHawk Engineering" - val KOTLIN_ICON: ImageIcon? = if (View.isInitialised()) ImageIcon( - ExtensionKotlin::class.java.getResource( - "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) else null - - val EXTENSION_DEPENDENCIES: List> = listOf(ExtensionScript::class.java) - private val LOGGER: Logger = Logger.getLogger(ExtensionKotlin::class.java) - } - - init { - order = 9999 - - } - - override fun hook(extensionHook: ExtensionHook?) { - super.hook(extensionHook) - - LOGGER.info("Hooking Kotlin Scripting Extension") - - val zapJar = ZAP::class.java.protectionDomain.codeSource.location.file - - LOGGER.info("Loading Kotlin engine...") - val cl = ExtensionFactory.getAddOnLoader() - cl.urLs.forEach { LOGGER.info(it) } - extScript - .registerScriptEngineWrapper( - KotlinEngineWrapper(KotlinScriptEngineFactory(cl, zapJar.toString()))) - LOGGER.info("Kotlin engine loaded.") - - } - - private val extScript: ExtensionScript by lazy { - Control.getSingleton() - .extensionLoader - .getExtension(ExtensionScript.NAME) as ExtensionScript - } - -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt deleted file mode 100644 index d1128e7eed9..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.fife.ui.rsyntaxtextarea.SyntaxConstants -import org.parosproxy.paros.Constant -import org.parosproxy.paros.extension.Extension -import org.zaproxy.zap.extension.script.DefaultEngineWrapper -import javax.script.ScriptEngine -import javax.script.ScriptEngineFactory -import javax.swing.ImageIcon - -class KotlinEngineWrapper(scriptEngineFactory: ScriptEngineFactory): DefaultEngineWrapper(scriptEngineFactory) { - - override fun getExtensions(): MutableList { - return mutableListOf("kts") - } - - override fun getIcon(): ImageIcon? { - return ExtensionKotlin.KOTLIN_ICON - } - - override fun getEngine(): ScriptEngine { - return super.getEngine() - } - - override fun getSyntaxStyle(): String { - return SyntaxConstants.SYNTAX_STYLE_NONE - } - - fun getAuthor(): String { - return ExtensionKotlin.TEAM_NAME - } - - fun getDescription(): String { - return Constant.messages.getString("kotlin.desc") - } - - fun getDependencies(): List> { - return ExtensionKotlin.EXTENSION_DEPENDENCIES - } - - override fun isRawEngine(): Boolean { - return false - } -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt deleted file mode 100644 index e5ee130d713..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase -import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes -import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine -import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate -import java.io.File -import javax.script.Bindings -import javax.script.ScriptContext -import javax.script.ScriptEngine -import kotlin.script.experimental.jvm.util.scriptCompilationClasspathFromContextOrStdlib - -class KotlinScriptEngineFactory(private val classLoader: ClassLoader, - private val zapJar: String? = null) : KotlinJsr223JvmScriptEngineFactoryBase() { - override fun getScriptEngine(): ScriptEngine { - val clJars = scriptCompilationClasspathFromContextOrStdlib("kotlin-stdlib", - wholeClasspath = true, - classLoader = classLoader) - val jars = if (zapJar != null) { - clJars + File(zapJar) - } else { - clJars - } - return KotlinJsr223JvmLocalScriptEngine( - this, - jars, - KotlinStandardJsr223ScriptTemplate::class.qualifiedName!!, - { ctx, types -> - ScriptArgsWithTypes(arrayOf(ctx.getBindings(ScriptContext.ENGINE_SCOPE)), types ?: emptyArray()) - }, - arrayOf(Bindings::class) - ) - } - -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties index bc4aa83d580..a8e29939945 100644 --- a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties +++ b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties @@ -1,3 +1,2 @@ - -kotlin.desc = Allows Kotlin to be used for ZAP scripting -kotlin.options.title = Kotlin +kotlin.desc=Allows Kotlin to be used for ZAP scripting +kotlin.options.title=Kotlin diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts index 06683ab8fd0..c477d00d648 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts @@ -1,4 +1,3 @@ - import org.apache.commons.httpclient.URI import org.parosproxy.paros.network.HttpHeader import org.parosproxy.paros.network.HttpMessage diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts index dc1f17b031b..2763b05d35b 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -1,2 +1,3 @@ - println("KaaKaawwtlin!!") + + diff --git a/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java b/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java new file mode 100644 index 00000000000..e4a2bc25fb5 --- /dev/null +++ b/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java @@ -0,0 +1,57 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.io.Reader; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import javax.script.Compilable; +import javax.script.CompiledScript; +import org.junit.jupiter.api.BeforeAll; +import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates; + +/** Verifies that the Jython script templates are parsed without errors. */ +public class VerifyScriptTemplates extends AbstractVerifyScriptTemplates { + + private static Compilable se; + + @BeforeAll + public static void setUp() { + se = + (Compilable) + new KotlinScriptEngineFactory( + Thread.currentThread().getContextClassLoader(), null) + .getScriptEngine(); + } + + @Override + protected String getScriptExtension() { + return ".kts"; + } + + @Override + protected void parseTemplate(Path template) throws Exception { + try (Reader reader = Files.newBufferedReader(template, StandardCharsets.UTF_8)) { + CompiledScript cs = se.compile(reader); + cs.eval(); + } + } +} diff --git a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt deleted file mode 100644 index 0530affd2d4..00000000000 --- a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.junit.jupiter.api.BeforeAll -import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates -import java.nio.charset.StandardCharsets -import java.nio.file.Files -import java.nio.file.Path -import javax.script.Compilable - -class KotlinScriptTest : AbstractVerifyScriptTemplates() { - - companion object { - lateinit var se: Compilable - @BeforeAll - @JvmStatic - fun setUp() { - se = KotlinScriptEngineFactory(Thread.currentThread().contextClassLoader).scriptEngine as Compilable - } - } - - override fun getScriptExtension(): String? { - return ".kts" - } - - override fun parseTemplate(template: Path?) { - val reader = Files.newBufferedReader(template, StandardCharsets.UTF_8) - val s = se.compile(reader) - s.eval() - } -} \ No newline at end of file From 8f26fe7bb61a446f522cf88539e786b6675bdd75 Mon Sep 17 00:00:00 2001 From: kingthorin Date: Tue, 9 Jun 2020 11:59:53 -0400 Subject: [PATCH 08/19] wappalyzer: Prepare release v19 Update changelog with release date and link to tag Signed-off-by: kberg --- addOns/wappalyzer/CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index 3e18009f65e..0d9bbde95f6 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## Unreleased +## [19] - 2020-06-09 ### Changed - Updated with upstream Wappalyzer icon and pattern changes. - Wappalyzer's enabled state is now persisted between ZAP sessions. @@ -116,6 +116,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - First version +[19]: https://github.com/zaproxy/zap-extensions/releases/wappalyzer-v19 [18]: https://github.com/zaproxy/zap-extensions/releases/wappalyzer-v18 [17]: https://github.com/zaproxy/zap-extensions/releases/wappalyzer-v17 [16]: https://github.com/zaproxy/zap-extensions/releases/wappalyzer-v16 From 50441c974a2c2eccbf80ca6449dda583c92daf30 Mon Sep 17 00:00:00 2001 From: thc202 Date: Tue, 9 Jun 2020 17:49:49 +0100 Subject: [PATCH 09/19] openapi: prepare next dev iteration Update version and changelog. Signed-off-by: thc202 Signed-off-by: kberg --- addOns/openapi/CHANGELOG.md | 3 +++ addOns/openapi/openapi.gradle.kts | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md index b480fd143c0..29889c0117e 100644 --- a/addOns/openapi/CHANGELOG.md +++ b/addOns/openapi/CHANGELOG.md @@ -3,6 +3,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## Unreleased + + ## [16] - 2020-06-09 ### Added - Map Structure support for OpenAPI v3.0 (Issue 5863). diff --git a/addOns/openapi/openapi.gradle.kts b/addOns/openapi/openapi.gradle.kts index 4959c03fed2..d8f03567ba3 100644 --- a/addOns/openapi/openapi.gradle.kts +++ b/addOns/openapi/openapi.gradle.kts @@ -1,6 +1,6 @@ import org.zaproxy.gradle.addon.AddOnStatus -version = "16" +version = "17" description = "Imports and spiders OpenAPI definitions." zapAddOn { From 8d495d19425afc3c3e31207aec3ff7fecfdaf7da Mon Sep 17 00:00:00 2001 From: kingthorin Date: Wed, 10 Jun 2020 08:26:16 -0400 Subject: [PATCH 10/19] wappalyzer: Prepare next dev iteration - Update version and changelog. - Switch to semver ahead of BETA promotion. Signed-off-by: kingthorin Signed-off-by: kberg --- addOns/wappalyzer/CHANGELOG.md | 3 +++ addOns/wappalyzer/wappalyzer.gradle.kts | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index 0d9bbde95f6..b0f0c8a5ce9 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -3,6 +3,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## Unreleased + + ## [19] - 2020-06-09 ### Changed - Updated with upstream Wappalyzer icon and pattern changes. diff --git a/addOns/wappalyzer/wappalyzer.gradle.kts b/addOns/wappalyzer/wappalyzer.gradle.kts index 791e82d355e..4bb4410d8c7 100644 --- a/addOns/wappalyzer/wappalyzer.gradle.kts +++ b/addOns/wappalyzer/wappalyzer.gradle.kts @@ -1,4 +1,4 @@ -version = "19" +version = "20.0.0" description = "Technology detection using Wappalyzer: wappalyzer.com" zapAddOn { From cfa72be9ea53c6d6b21cf0f129bfd341b70e6b2c Mon Sep 17 00:00:00 2001 From: thc202 Date: Wed, 10 Jun 2020 16:16:13 +0100 Subject: [PATCH 11/19] Update RE2/J library Update to latest version, 1.4, to pick the latest features and fixes. Signed-off-by: thc202 Signed-off-by: kberg --- addOns/pscanrulesBeta/CHANGELOG.md | 3 ++- addOns/pscanrulesBeta/pscanrulesBeta.gradle.kts | 2 +- addOns/wappalyzer/CHANGELOG.md | 3 ++- addOns/wappalyzer/wappalyzer.gradle.kts | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/addOns/pscanrulesBeta/CHANGELOG.md b/addOns/pscanrulesBeta/CHANGELOG.md index 936d3a585c2..9693cd4f2ad 100644 --- a/addOns/pscanrulesBeta/CHANGELOG.md +++ b/addOns/pscanrulesBeta/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update RE2/J library to latest version (1.4). ## [22] - 2020-06-01 ### Added diff --git a/addOns/pscanrulesBeta/pscanrulesBeta.gradle.kts b/addOns/pscanrulesBeta/pscanrulesBeta.gradle.kts index af2247ef8aa..0694f51baa6 100644 --- a/addOns/pscanrulesBeta/pscanrulesBeta.gradle.kts +++ b/addOns/pscanrulesBeta/pscanrulesBeta.gradle.kts @@ -21,7 +21,7 @@ zapAddOn { } dependencies { - implementation("com.google.re2j:re2j:1.3") + implementation("com.google.re2j:re2j:1.4") compileOnly(parent!!.childProjects.get("commonlib")!!) diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index b0f0c8a5ce9..02eed51323e 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update RE2/J library to latest version (1.4). ## [19] - 2020-06-09 ### Changed diff --git a/addOns/wappalyzer/wappalyzer.gradle.kts b/addOns/wappalyzer/wappalyzer.gradle.kts index 4bb4410d8c7..c6176dfdb03 100644 --- a/addOns/wappalyzer/wappalyzer.gradle.kts +++ b/addOns/wappalyzer/wappalyzer.gradle.kts @@ -17,7 +17,7 @@ zapAddOn { } dependencies { - implementation("com.google.re2j:re2j:1.3") + implementation("com.google.re2j:re2j:1.4") val batikVersion = "1.12" implementation("org.apache.xmlgraphics:batik-anim:$batikVersion") From 3a0ca842eef769c435962f875c84bb70b1f9e52a Mon Sep 17 00:00:00 2001 From: thc202 Date: Wed, 10 Jun 2020 16:16:53 +0100 Subject: [PATCH 12/19] commonlib: check binary compatibility Ensure the binary compatibility is not broken accidentally. Signed-off-by: thc202 Signed-off-by: kberg --- addOns/commonlib/commonlib.gradle.kts | 35 +++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/addOns/commonlib/commonlib.gradle.kts b/addOns/commonlib/commonlib.gradle.kts index 9f949b9b370..daa789b421c 100644 --- a/addOns/commonlib/commonlib.gradle.kts +++ b/addOns/commonlib/commonlib.gradle.kts @@ -1,13 +1,16 @@ +import me.champeau.gradle.japicmp.JapicmpTask import org.zaproxy.gradle.addon.AddOnStatus plugins { `maven-publish` signing + id("me.champeau.gradle.japicmp") version "0.2.9" } group = "org.zaproxy.addon" version = "1.1.0" +val versionBC = "1.0.0" description = "A common library, for use by other add-ons." zapAddOn { @@ -33,6 +36,38 @@ dependencies { testImplementation(project(":testutils")) } +val japicmp by tasks.registering(JapicmpTask::class) { + group = LifecycleBasePlugin.VERIFICATION_GROUP + description = "Checks ${project.name}.jar binary compatibility with latest version ($versionBC)." + + oldClasspath = files(addOnJar(versionBC)) + newClasspath = files(tasks.named(JavaPlugin.JAR_TASK_NAME).map { it.archivePath }) + setIgnoreMissingClasses(true) + + richReport { + destinationDir = file("$buildDir/reports/japicmp/") + reportName = "japi.html" + isAddDefaultRules = true + } +} + +fun addOnJar(version: String): File { + val oldGroup = group + try { + // https://discuss.gradle.org/t/is-the-default-configuration-leaking-into-independent-configurations/2088/6 + group = "virtual_group_for_japicmp" + val conf = configurations.detachedConfiguration(dependencies.create("$oldGroup:$name:$version")) + conf.isTransitive = false + return conf.singleFile + } finally { + group = oldGroup + } +} + +tasks.named(LifecycleBasePlugin.CHECK_TASK_NAME) { + dependsOn(japicmp) +} + val sourceSets = extensions.getByName("sourceSets") as SourceSetContainer tasks.register("javadocJar") { From a197ab313e74e72554c354a88ee11ca256c8ef6d Mon Sep 17 00:00:00 2001 From: kingthorin Date: Wed, 10 Jun 2020 15:19:19 -0400 Subject: [PATCH 13/19] Fix IndexOutOfBounds Exception when showing tabs - In wappalyzer (postInstall) and websocket (onHandshakeResponse) when extension panels/tabs are shown ensure it's done in EDT thus preventing the exception that was manifesting. - Add a Fix entry to the CHANGELOGs. Signed-off-by: kingthorin Signed-off-by: kberg --- addOns/wappalyzer/CHANGELOG.md | 3 +++ .../extension/wappalyzer/ExtensionWappalyzer.java | 15 +++++++++------ addOns/websocket/CHANGELOG.md | 1 + .../extension/websocket/ExtensionWebSocket.java | 8 ++++++-- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index 02eed51323e..3fa78fbb26c 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -7,6 +7,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Update RE2/J library to latest version (1.4). +### Fixed +- Fixed an exception which was occurring when the tab was shown during install. + ## [19] - 2020-06-09 ### Changed - Updated with upstream Wappalyzer icon and pattern changes. diff --git a/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java b/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java index 3266287dc4b..97bc827381e 100644 --- a/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java +++ b/addOns/wappalyzer/src/main/java/org/zaproxy/zap/extension/wappalyzer/ExtensionWappalyzer.java @@ -379,12 +379,15 @@ public void sessionScopeChanged(Session arg0) { public void postInstall() { super.postInstall(); if (getView() != null) { - getTechPanel().setTabFocus(); - // Un-comment to test icon rendering - /* - * getApplications() .forEach( app -> addApplicationsToSite( "http://localhost", new - * ApplicationMatch(app))); - */ + EventQueue.invokeLater( + () -> { + getTechPanel().setTabFocus(); + // Un-comment to test icon rendering + /* + * getApplications() .forEach( app -> addApplicationsToSite( "http://localhost", + * new ApplicationMatch(app))); + */ + }); } } } diff --git a/addOns/websocket/CHANGELOG.md b/addOns/websocket/CHANGELOG.md index 3a4ef31d335..795008d7fb3 100644 --- a/addOns/websocket/CHANGELOG.md +++ b/addOns/websocket/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Correctly handle API request without parameters. +- Fixed an exception which was occurring when the tab was shown when a handshake response was first encountered during a ZAP session. ## [21] - 2020-01-17 ### Added diff --git a/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java b/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java index fb0528df3fd..c575fbc9064 100644 --- a/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java +++ b/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java @@ -19,6 +19,7 @@ */ package org.zaproxy.zap.extension.websocket; +import java.awt.EventQueue; import java.io.File; import java.io.IOException; import java.io.InputStream; @@ -741,10 +742,13 @@ public boolean onHandshakeResponse( logger.debug( "Got WebSockets upgrade request. Handle socket connection over to WebSockets extension."); if (focusWebSocketsTabOnHandshake) { - // Show the tab in case its been closed - this.getWebSocketPanel().setTabFocus(); // Don't constantly request focus on the tab, once is enough. focusWebSocketsTabOnHandshake = false; + EventQueue.invokeLater( + () -> { + // Show the tab in case its been closed + this.getWebSocketPanel().setTabFocus(); + }); } if (method != null) { From 4bf785f2ec4a3b3e55118e40be8d07d57c85ee00 Mon Sep 17 00:00:00 2001 From: "Anders K. Madsen" Date: Thu, 11 Jun 2020 17:26:57 +0200 Subject: [PATCH 14/19] Make Ruby passive template work again (#2439) ZAP complained about `appliesToHistoryType()` missing. Signed-off-by: Anders K. Madsen Signed-off-by: kberg --- addOns/jruby/CHANGELOG.md | 1 + .../scripts/templates/passive/Passive default template.rb | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/addOns/jruby/CHANGELOG.md b/addOns/jruby/CHANGELOG.md index 1180d12e648..fb4a3fb9f10 100644 --- a/addOns/jruby/CHANGELOG.md +++ b/addOns/jruby/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Fix link in a script template. - Fix exception while uninstalling the add-on with newer Java versions. +- Fix passive template. ## 6 - 2017-11-27 diff --git a/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb b/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb index 042e4c9e046..181d76f30a6 100644 --- a/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb +++ b/addOns/jruby/src/main/zapHomeFiles/scripts/templates/passive/Passive default template.rb @@ -6,6 +6,7 @@ require 'java' java_package 'org.zaproxy.zap.extension.pscan' java_import 'org.zaproxy.zap.extension.pscan.PassiveScript' +java_import 'org.zaproxy.zap.extension.pscan.PluginPassiveScanner' java_import 'org.zaproxy.zap.extension.pscan.scanner.ScriptsPassiveScanner' java_import 'org.parosproxy.paros.network.HttpMessage' java_import 'net.htmlparser.jericho.Source' @@ -35,5 +36,10 @@ def scan(ps, msg, src) end end +# Tells whether or not the scanner applies to the given history type. +def appliesToHistoryType(historyType) + PluginPassiveScanner.getDefaultHistoryTypes().include?(historyType); +end + # This is required - dont delete it or you'll break the script -JRubyPassiveScript.new \ No newline at end of file +JRubyPassiveScript.new From 07cd6602de54098204d34477df221b0ecda9c7f2 Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 07:17:12 -0600 Subject: [PATCH 15/19] kotlin scripting support Signed-off-by: kberg --- addOns/kotlin/CHANGELOG.md | 8 ++ addOns/kotlin/kotlin.gradle.kts | 27 +++++++ .../zap/extension/kotlin/ExtensionKotlin.kt | 76 ++++++++++++++++++ .../extension/kotlin/KotlinEngineWrapper.kt | 64 +++++++++++++++ .../kotlin/KotlinScriptEngineFactory.kt | 55 +++++++++++++ .../kotlin/resources/Messages.properties | 3 + .../zap/extension/kotlin/resources/kotlin.png | Bin 0 -> 484 bytes .../Authentication default template.kts | 43 ++++++++++ .../Standalone default template.kts | 5 ++ .../zap/extension/kotlin/KotlinScriptTest.kt | 50 ++++++++++++ settings.gradle.kts | 1 + 11 files changed, 332 insertions(+) create mode 100644 addOns/kotlin/CHANGELOG.md create mode 100644 addOns/kotlin/kotlin.gradle.kts create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt create mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt create mode 100644 addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties create mode 100644 addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png create mode 100644 addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts create mode 100644 addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts create mode 100644 addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md new file mode 100644 index 00000000000..27e2f3386dc --- /dev/null +++ b/addOns/kotlin/CHANGELOG.md @@ -0,0 +1,8 @@ +# Changelog +All notable changes to this add-on will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + +## Alpha + +- Kotlin scripting for the JVM \ No newline at end of file diff --git a/addOns/kotlin/kotlin.gradle.kts b/addOns/kotlin/kotlin.gradle.kts new file mode 100644 index 00000000000..0ec92e6a741 --- /dev/null +++ b/addOns/kotlin/kotlin.gradle.kts @@ -0,0 +1,27 @@ +import org.zaproxy.gradle.addon.AddOnStatus + +plugins { + kotlin("jvm") version "1.3.50" +} + +version = "1" +description = "Allows Kotlin to be used for ZAP scripting - templates included" + +zapAddOn { + addOnName.set("Kotlin Scripting") + addOnStatus.set(AddOnStatus.ALPHA) + zapVersion.set("2.9.0") + + manifest { + author.set("StackHawk Engineering") + } +} + +dependencies { + implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8") + implementation("org.jetbrains.kotlin:kotlin-compiler-embeddable") + implementation("org.jetbrains.kotlin:kotlin-scripting-compiler-embeddable") + implementation("org.jetbrains.kotlin:kotlin-script-util") + + testImplementation(project(":testutils")) +} diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt new file mode 100644 index 00000000000..5b00f505614 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt @@ -0,0 +1,76 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.apache.log4j.Logger +import org.parosproxy.paros.control.Control +import org.parosproxy.paros.extension.Extension +import org.parosproxy.paros.extension.ExtensionAdaptor +import org.parosproxy.paros.extension.ExtensionHook +import org.parosproxy.paros.view.View +import org.zaproxy.zap.ZAP +import org.zaproxy.zap.control.ExtensionFactory +import org.zaproxy.zap.extension.script.ExtensionScript +import javax.swing.ImageIcon + +class ExtensionKotlin : ExtensionAdaptor(NAME) { + + + companion object { + val NAME = "ExtensionKotlin" + val TEAM_NAME = "StackHawk Engineering" + val KOTLIN_ICON: ImageIcon? = if (View.isInitialised()) ImageIcon( + ExtensionKotlin::class.java.getResource( + "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) else null + + val EXTENSION_DEPENDENCIES: List> = listOf(ExtensionScript::class.java) + private val LOGGER: Logger = Logger.getLogger(ExtensionKotlin::class.java) + } + + init { + order = 9999 + + } + + override fun hook(extensionHook: ExtensionHook?) { + super.hook(extensionHook) + + LOGGER.info("Hooking Kotlin Scripting Extension") + + val zapJar = ZAP::class.java.protectionDomain.codeSource.location.file + + LOGGER.info("Loading Kotlin engine...") + val cl = ExtensionFactory.getAddOnLoader() + cl.urLs.forEach { LOGGER.info(it) } + extScript + .registerScriptEngineWrapper( + KotlinEngineWrapper(KotlinScriptEngineFactory(cl, zapJar.toString()))) + LOGGER.info("Kotlin engine loaded.") + + } + + private val extScript: ExtensionScript by lazy { + Control.getSingleton() + .extensionLoader + .getExtension(ExtensionScript.NAME) as ExtensionScript + } + +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt new file mode 100644 index 00000000000..d1128e7eed9 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt @@ -0,0 +1,64 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.fife.ui.rsyntaxtextarea.SyntaxConstants +import org.parosproxy.paros.Constant +import org.parosproxy.paros.extension.Extension +import org.zaproxy.zap.extension.script.DefaultEngineWrapper +import javax.script.ScriptEngine +import javax.script.ScriptEngineFactory +import javax.swing.ImageIcon + +class KotlinEngineWrapper(scriptEngineFactory: ScriptEngineFactory): DefaultEngineWrapper(scriptEngineFactory) { + + override fun getExtensions(): MutableList { + return mutableListOf("kts") + } + + override fun getIcon(): ImageIcon? { + return ExtensionKotlin.KOTLIN_ICON + } + + override fun getEngine(): ScriptEngine { + return super.getEngine() + } + + override fun getSyntaxStyle(): String { + return SyntaxConstants.SYNTAX_STYLE_NONE + } + + fun getAuthor(): String { + return ExtensionKotlin.TEAM_NAME + } + + fun getDescription(): String { + return Constant.messages.getString("kotlin.desc") + } + + fun getDependencies(): List> { + return ExtensionKotlin.EXTENSION_DEPENDENCIES + } + + override fun isRawEngine(): Boolean { + return false + } +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt new file mode 100644 index 00000000000..e5ee130d713 --- /dev/null +++ b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt @@ -0,0 +1,55 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase +import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes +import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine +import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate +import java.io.File +import javax.script.Bindings +import javax.script.ScriptContext +import javax.script.ScriptEngine +import kotlin.script.experimental.jvm.util.scriptCompilationClasspathFromContextOrStdlib + +class KotlinScriptEngineFactory(private val classLoader: ClassLoader, + private val zapJar: String? = null) : KotlinJsr223JvmScriptEngineFactoryBase() { + override fun getScriptEngine(): ScriptEngine { + val clJars = scriptCompilationClasspathFromContextOrStdlib("kotlin-stdlib", + wholeClasspath = true, + classLoader = classLoader) + val jars = if (zapJar != null) { + clJars + File(zapJar) + } else { + clJars + } + return KotlinJsr223JvmLocalScriptEngine( + this, + jars, + KotlinStandardJsr223ScriptTemplate::class.qualifiedName!!, + { ctx, types -> + ScriptArgsWithTypes(arrayOf(ctx.getBindings(ScriptContext.ENGINE_SCOPE)), types ?: emptyArray()) + }, + arrayOf(Bindings::class) + ) + } + +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties new file mode 100644 index 00000000000..bc4aa83d580 --- /dev/null +++ b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties @@ -0,0 +1,3 @@ + +kotlin.desc = Allows Kotlin to be used for ZAP scripting +kotlin.options.title = Kotlin diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/kotlin.png new file mode 100644 index 0000000000000000000000000000000000000000..ad3db01f81710a414604cc724fe197ba99af5217 GIT binary patch literal 484 zcmVAxC)(xlDzX>1)Z(UolX($QZyJEbFbeXaC4^C?E*0;d$?on2)A!w+g+9`Gr_K`_@CUAeW7tAPiu3Xl|umlC5t>fe>eDO zPx_ImDJp}{2gu`5NDf%NxYuer6FwMpN|MObSVtg3VEt0u-Z(Qo^~;fjrUDI}vFupL a$, + credentials: GenericAuthenticationCredentials): HttpMessage { + + println("Kotlin auth template") + println("creds: $credentials") + println("PARAM: ${paramsValues["exampleParam1"]}") + val msg = helper.prepareMessage() + msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI("http://localhost:3000", true), HttpHeader.HTTP11) + println("msg: $msg ${msg.requestHeader.headers.size}") + msg.requestHeader.headers.forEach { println(it) } + helper.sendAndReceive(msg) + return msg +} + +fun getRequiredParamsNames(): Array { + return arrayOf("exampleParam1") +} + +fun getOptionalParamsNames(): Array { + return arrayOf() +} + +fun getCredentialsParamsNames(): Array { + return arrayOf("username", "password") +} + +fun getLoggedInIndicator(): String { + return "Sign Out" +} + +fun getLoggedOutIndicator(): String { + return "Sign In" +} \ No newline at end of file diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts new file mode 100644 index 00000000000..780d3284500 --- /dev/null +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -0,0 +1,5 @@ +import org.parosproxy.paros.network.HttpMessage + +val msg = HttpMessage() +println(msg) +println("freedom") diff --git a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt new file mode 100644 index 00000000000..0530affd2d4 --- /dev/null +++ b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt @@ -0,0 +1,50 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.zaproxy.zap.extension.kotlin + +import org.junit.jupiter.api.BeforeAll +import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates +import java.nio.charset.StandardCharsets +import java.nio.file.Files +import java.nio.file.Path +import javax.script.Compilable + +class KotlinScriptTest : AbstractVerifyScriptTemplates() { + + companion object { + lateinit var se: Compilable + @BeforeAll + @JvmStatic + fun setUp() { + se = KotlinScriptEngineFactory(Thread.currentThread().contextClassLoader).scriptEngine as Compilable + } + } + + override fun getScriptExtension(): String? { + return ".kts" + } + + override fun parseTemplate(template: Path?) { + val reader = Files.newBufferedReader(template, StandardCharsets.UTF_8) + val s = se.compile(reader) + s.eval() + } +} \ No newline at end of file diff --git a/settings.gradle.kts b/settings.gradle.kts index 9879c2fe0e8..77bfd81d3b8 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -51,6 +51,7 @@ var addOns = listOf( "jruby", "jsonview", "jython", + "kotlin", "onlineMenu", "openapi", "plugnhack", From 99ceb1df04d078be7f9312602d6b8424660b1d4e Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 10:55:13 -0600 Subject: [PATCH 16/19] script template updates Signed-off-by: kberg --- .../Authentication default template.kts | 11 +++++++---- .../standalone/Standalone default template.kts | 5 +---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts index fbf04a909f1..06683ab8fd0 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts @@ -6,16 +6,19 @@ import org.parosproxy.paros.network.HttpRequestHeader import org.zaproxy.zap.authentication.AuthenticationHelper import org.zaproxy.zap.authentication.GenericAuthenticationCredentials +val PARAM_TARGET_URL = "targetUrl" + fun authenticate( helper: AuthenticationHelper, paramsValues: Map, credentials: GenericAuthenticationCredentials): HttpMessage { println("Kotlin auth template") - println("creds: $credentials") - println("PARAM: ${paramsValues["exampleParam1"]}") + + println("TARGET_URL: ${paramsValues[PARAM_TARGET_URL]}") val msg = helper.prepareMessage() - msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI("http://localhost:3000", true), HttpHeader.HTTP11) + msg.requestHeader = HttpRequestHeader(HttpRequestHeader.GET, URI(paramsValues[PARAM_TARGET_URL], true), + HttpHeader.HTTP11) println("msg: $msg ${msg.requestHeader.headers.size}") msg.requestHeader.headers.forEach { println(it) } helper.sendAndReceive(msg) @@ -23,7 +26,7 @@ fun authenticate( } fun getRequiredParamsNames(): Array { - return arrayOf("exampleParam1") + return arrayOf(PARAM_TARGET_URL) } fun getOptionalParamsNames(): Array { diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts index 780d3284500..dc1f17b031b 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -1,5 +1,2 @@ -import org.parosproxy.paros.network.HttpMessage -val msg = HttpMessage() -println(msg) -println("freedom") +println("KaaKaawwtlin!!") From 675086144990a6af03ec76a5f0fbdd1136b6d4be Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 19:38:49 -0600 Subject: [PATCH 17/19] kotlin addon in java Signed-off-by: kberg --- addOns/kotlin/CHANGELOG.md | 2 +- addOns/kotlin/kotlin.gradle.kts | 6 +- .../zap/extension/kotlin/ExtensionKotlin.java | 86 +++++++++++++++++++ .../extension/kotlin/KotlinEngineWrapper.java | 54 ++++++++++++ .../kotlin/KotlinScriptEngineFactory.java | 61 +++++++++++++ .../zap/extension/kotlin/ExtensionKotlin.kt | 76 ---------------- .../extension/kotlin/KotlinEngineWrapper.kt | 64 -------------- .../kotlin/KotlinScriptEngineFactory.kt | 55 ------------ .../kotlin/resources/Messages.properties | 5 +- .../Authentication default template.kts | 1 - .../Standalone default template.kts | 3 +- .../kotlin/VerifyScriptTemplates.java | 57 ++++++++++++ .../zap/extension/kotlin/KotlinScriptTest.kt | 50 ----------- 13 files changed, 266 insertions(+), 254 deletions(-) create mode 100644 addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java create mode 100644 addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java create mode 100644 addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt create mode 100644 addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java delete mode 100644 addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md index 27e2f3386dc..71106474244 100644 --- a/addOns/kotlin/CHANGELOG.md +++ b/addOns/kotlin/CHANGELOG.md @@ -3,6 +3,6 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). -## Alpha +## Unreleased - Kotlin scripting for the JVM \ No newline at end of file diff --git a/addOns/kotlin/kotlin.gradle.kts b/addOns/kotlin/kotlin.gradle.kts index 0ec92e6a741..7174dc4dd89 100644 --- a/addOns/kotlin/kotlin.gradle.kts +++ b/addOns/kotlin/kotlin.gradle.kts @@ -4,11 +4,11 @@ plugins { kotlin("jvm") version "1.3.50" } -version = "1" -description = "Allows Kotlin to be used for ZAP scripting - templates included" +version = "1.0.0" +description = "Allows Kotlin to be used for ZAP scripting - (some) templates included" zapAddOn { - addOnName.set("Kotlin Scripting") + addOnName.set("Kotlin Support") addOnStatus.set(AddOnStatus.ALPHA) zapVersion.set("2.9.0") diff --git a/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java new file mode 100644 index 00000000000..e7167958511 --- /dev/null +++ b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.java @@ -0,0 +1,86 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import javax.swing.*; +import org.apache.log4j.Logger; +import org.parosproxy.paros.control.Control; +import org.parosproxy.paros.extension.Extension; +import org.parosproxy.paros.extension.ExtensionAdaptor; +import org.parosproxy.paros.extension.ExtensionHook; +import org.parosproxy.paros.view.View; +import org.zaproxy.zap.ZAP; +import org.zaproxy.zap.control.AddOnLoader; +import org.zaproxy.zap.control.ExtensionFactory; +import org.zaproxy.zap.extension.script.ExtensionScript; + +public class ExtensionKotlin extends ExtensionAdaptor { + + public static final String NAME = "ExtensionKotlin"; + public static final int EXTENSION_ORDER = 9999; + public static final ImageIcon KOTLIN_ICON; + private static final List> EXTENSION_DEPENDENCIES; + private static final Logger LOGGER = Logger.getLogger(ExtensionKotlin.class); + + static { + List> dependencies = new ArrayList<>(1); + dependencies.add(ExtensionScript.class); + EXTENSION_DEPENDENCIES = Collections.unmodifiableList(dependencies); + + KOTLIN_ICON = + View.isInitialised() + ? new ImageIcon( + ExtensionKotlin.class.getResource( + "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) + : null; + } + + public ExtensionKotlin() { + super(NAME); + setOrder(EXTENSION_ORDER); + } + + @Override + public void hook(ExtensionHook extensionHook) { + super.hook(extensionHook); + + LOGGER.debug("Hooking Kotlin Scripting Extension"); + String zapJar = ZAP.class.getProtectionDomain().getCodeSource().getLocation().getFile(); + + LOGGER.debug("Loading Kotlin engine..."); + AddOnLoader addonLoader = ExtensionFactory.getAddOnLoader(); + Arrays.stream(addonLoader.getURLs()).forEach(LOGGER::debug); + KotlinScriptEngineFactory factory = new KotlinScriptEngineFactory(addonLoader, zapJar); + getExtScript().registerScriptEngineWrapper(new KotlinEngineWrapper(factory)); + LOGGER.debug("Kotlin engine loaded."); + } + + public List> getDependencies() { + return EXTENSION_DEPENDENCIES; + } + + private ExtensionScript getExtScript() { + return Control.getSingleton().getExtensionLoader().getExtension(ExtensionScript.class); + } +} diff --git a/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java new file mode 100644 index 00000000000..8df0201ff26 --- /dev/null +++ b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.java @@ -0,0 +1,54 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.util.Collections; +import java.util.List; +import javax.script.ScriptEngineFactory; +import javax.swing.*; +import org.fife.ui.rsyntaxtextarea.SyntaxConstants; +import org.zaproxy.zap.extension.script.DefaultEngineWrapper; + +public class KotlinEngineWrapper extends DefaultEngineWrapper { + + @Override + public ImageIcon getIcon() { + return ExtensionKotlin.KOTLIN_ICON; + } + + @Override + public String getSyntaxStyle() { + return SyntaxConstants.SYNTAX_STYLE_NONE; + } + + @Override + public boolean isRawEngine() { + return false; + } + + @Override + public List getExtensions() { + return Collections.singletonList("kts"); + } + + public KotlinEngineWrapper(ScriptEngineFactory factory) { + super(factory); + } +} diff --git a/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java new file mode 100644 index 00000000000..1bab7f3f01c --- /dev/null +++ b/addOns/kotlin/src/main/java/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.java @@ -0,0 +1,61 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.io.File; +import java.util.List; +import javax.script.Bindings; +import javax.script.ScriptContext; +import javax.script.ScriptEngine; +import kotlin.jvm.JvmClassMappingKt; +import kotlin.reflect.KClass; +import kotlin.script.experimental.jvm.util.JvmClasspathUtilKt; +import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase; +import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes; +import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine; +import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate; + +public class KotlinScriptEngineFactory extends KotlinJsr223JvmScriptEngineFactoryBase { + + private final List jars; + + public KotlinScriptEngineFactory(ClassLoader classLoader, String zapJar) { + List clJars = + JvmClasspathUtilKt.scriptCompilationClasspathFromContextOrStdlib( + new String[] {"kotlin-stdlib"}, classLoader, true); + if (zapJar != null) { + clJars.add(new File(zapJar)); + } + jars = clJars; + } + + @Override + public ScriptEngine getScriptEngine() { + return new KotlinJsr223JvmLocalScriptEngine( + this, + jars, + KotlinStandardJsr223ScriptTemplate.class.getName(), + (ctx, types) -> + new ScriptArgsWithTypes( + new Bindings[] {ctx.getBindings(ScriptContext.ENGINE_SCOPE)}, + types), + new KClass[] {JvmClassMappingKt.getKotlinClass(Bindings.class)}); + } +} diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt deleted file mode 100644 index 5b00f505614..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.apache.log4j.Logger -import org.parosproxy.paros.control.Control -import org.parosproxy.paros.extension.Extension -import org.parosproxy.paros.extension.ExtensionAdaptor -import org.parosproxy.paros.extension.ExtensionHook -import org.parosproxy.paros.view.View -import org.zaproxy.zap.ZAP -import org.zaproxy.zap.control.ExtensionFactory -import org.zaproxy.zap.extension.script.ExtensionScript -import javax.swing.ImageIcon - -class ExtensionKotlin : ExtensionAdaptor(NAME) { - - - companion object { - val NAME = "ExtensionKotlin" - val TEAM_NAME = "StackHawk Engineering" - val KOTLIN_ICON: ImageIcon? = if (View.isInitialised()) ImageIcon( - ExtensionKotlin::class.java.getResource( - "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) else null - - val EXTENSION_DEPENDENCIES: List> = listOf(ExtensionScript::class.java) - private val LOGGER: Logger = Logger.getLogger(ExtensionKotlin::class.java) - } - - init { - order = 9999 - - } - - override fun hook(extensionHook: ExtensionHook?) { - super.hook(extensionHook) - - LOGGER.info("Hooking Kotlin Scripting Extension") - - val zapJar = ZAP::class.java.protectionDomain.codeSource.location.file - - LOGGER.info("Loading Kotlin engine...") - val cl = ExtensionFactory.getAddOnLoader() - cl.urLs.forEach { LOGGER.info(it) } - extScript - .registerScriptEngineWrapper( - KotlinEngineWrapper(KotlinScriptEngineFactory(cl, zapJar.toString()))) - LOGGER.info("Kotlin engine loaded.") - - } - - private val extScript: ExtensionScript by lazy { - Control.getSingleton() - .extensionLoader - .getExtension(ExtensionScript.NAME) as ExtensionScript - } - -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt deleted file mode 100644 index d1128e7eed9..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.fife.ui.rsyntaxtextarea.SyntaxConstants -import org.parosproxy.paros.Constant -import org.parosproxy.paros.extension.Extension -import org.zaproxy.zap.extension.script.DefaultEngineWrapper -import javax.script.ScriptEngine -import javax.script.ScriptEngineFactory -import javax.swing.ImageIcon - -class KotlinEngineWrapper(scriptEngineFactory: ScriptEngineFactory): DefaultEngineWrapper(scriptEngineFactory) { - - override fun getExtensions(): MutableList { - return mutableListOf("kts") - } - - override fun getIcon(): ImageIcon? { - return ExtensionKotlin.KOTLIN_ICON - } - - override fun getEngine(): ScriptEngine { - return super.getEngine() - } - - override fun getSyntaxStyle(): String { - return SyntaxConstants.SYNTAX_STYLE_NONE - } - - fun getAuthor(): String { - return ExtensionKotlin.TEAM_NAME - } - - fun getDescription(): String { - return Constant.messages.getString("kotlin.desc") - } - - fun getDependencies(): List> { - return ExtensionKotlin.EXTENSION_DEPENDENCIES - } - - override fun isRawEngine(): Boolean { - return false - } -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt deleted file mode 100644 index e5ee130d713..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase -import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes -import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine -import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate -import java.io.File -import javax.script.Bindings -import javax.script.ScriptContext -import javax.script.ScriptEngine -import kotlin.script.experimental.jvm.util.scriptCompilationClasspathFromContextOrStdlib - -class KotlinScriptEngineFactory(private val classLoader: ClassLoader, - private val zapJar: String? = null) : KotlinJsr223JvmScriptEngineFactoryBase() { - override fun getScriptEngine(): ScriptEngine { - val clJars = scriptCompilationClasspathFromContextOrStdlib("kotlin-stdlib", - wholeClasspath = true, - classLoader = classLoader) - val jars = if (zapJar != null) { - clJars + File(zapJar) - } else { - clJars - } - return KotlinJsr223JvmLocalScriptEngine( - this, - jars, - KotlinStandardJsr223ScriptTemplate::class.qualifiedName!!, - { ctx, types -> - ScriptArgsWithTypes(arrayOf(ctx.getBindings(ScriptContext.ENGINE_SCOPE)), types ?: emptyArray()) - }, - arrayOf(Bindings::class) - ) - } - -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties index bc4aa83d580..a8e29939945 100644 --- a/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties +++ b/addOns/kotlin/src/main/resources/org/zaproxy/zap/extension/kotlin/resources/Messages.properties @@ -1,3 +1,2 @@ - -kotlin.desc = Allows Kotlin to be used for ZAP scripting -kotlin.options.title = Kotlin +kotlin.desc=Allows Kotlin to be used for ZAP scripting +kotlin.options.title=Kotlin diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts index 06683ab8fd0..c477d00d648 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/authentication/Authentication default template.kts @@ -1,4 +1,3 @@ - import org.apache.commons.httpclient.URI import org.parosproxy.paros.network.HttpHeader import org.parosproxy.paros.network.HttpMessage diff --git a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts index dc1f17b031b..2763b05d35b 100644 --- a/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts +++ b/addOns/kotlin/src/main/zapHomeFiles/scripts/templates/standalone/Standalone default template.kts @@ -1,2 +1,3 @@ - println("KaaKaawwtlin!!") + + diff --git a/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java b/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java new file mode 100644 index 00000000000..e4a2bc25fb5 --- /dev/null +++ b/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java @@ -0,0 +1,57 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2020 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.zap.extension.kotlin; + +import java.io.Reader; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import javax.script.Compilable; +import javax.script.CompiledScript; +import org.junit.jupiter.api.BeforeAll; +import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates; + +/** Verifies that the Jython script templates are parsed without errors. */ +public class VerifyScriptTemplates extends AbstractVerifyScriptTemplates { + + private static Compilable se; + + @BeforeAll + public static void setUp() { + se = + (Compilable) + new KotlinScriptEngineFactory( + Thread.currentThread().getContextClassLoader(), null) + .getScriptEngine(); + } + + @Override + protected String getScriptExtension() { + return ".kts"; + } + + @Override + protected void parseTemplate(Path template) throws Exception { + try (Reader reader = Files.newBufferedReader(template, StandardCharsets.UTF_8)) { + CompiledScript cs = se.compile(reader); + cs.eval(); + } + } +} diff --git a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt deleted file mode 100644 index 0530affd2d4..00000000000 --- a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.junit.jupiter.api.BeforeAll -import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates -import java.nio.charset.StandardCharsets -import java.nio.file.Files -import java.nio.file.Path -import javax.script.Compilable - -class KotlinScriptTest : AbstractVerifyScriptTemplates() { - - companion object { - lateinit var se: Compilable - @BeforeAll - @JvmStatic - fun setUp() { - se = KotlinScriptEngineFactory(Thread.currentThread().contextClassLoader).scriptEngine as Compilable - } - } - - override fun getScriptExtension(): String? { - return ".kts" - } - - override fun parseTemplate(template: Path?) { - val reader = Files.newBufferedReader(template, StandardCharsets.UTF_8) - val s = se.compile(reader) - s.eval() - } -} \ No newline at end of file From 2088aa923cc927a533c4c699079603e627752e68 Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 19:58:36 -0600 Subject: [PATCH 18/19] remove the kotlin file Signed-off-by: kberg --- .../zap/extension/kotlin/ExtensionKotlin.kt | 76 ------------------- .../extension/kotlin/KotlinEngineWrapper.kt | 64 ---------------- .../kotlin/KotlinScriptEngineFactory.kt | 55 -------------- .../zap/extension/kotlin/KotlinScriptTest.kt | 50 ------------ 4 files changed, 245 deletions(-) delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt delete mode 100644 addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt delete mode 100644 addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt deleted file mode 100644 index 5b00f505614..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/ExtensionKotlin.kt +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.apache.log4j.Logger -import org.parosproxy.paros.control.Control -import org.parosproxy.paros.extension.Extension -import org.parosproxy.paros.extension.ExtensionAdaptor -import org.parosproxy.paros.extension.ExtensionHook -import org.parosproxy.paros.view.View -import org.zaproxy.zap.ZAP -import org.zaproxy.zap.control.ExtensionFactory -import org.zaproxy.zap.extension.script.ExtensionScript -import javax.swing.ImageIcon - -class ExtensionKotlin : ExtensionAdaptor(NAME) { - - - companion object { - val NAME = "ExtensionKotlin" - val TEAM_NAME = "StackHawk Engineering" - val KOTLIN_ICON: ImageIcon? = if (View.isInitialised()) ImageIcon( - ExtensionKotlin::class.java.getResource( - "/org/zaproxy/zap/extension/kotlin/resources/kotlin.png")) else null - - val EXTENSION_DEPENDENCIES: List> = listOf(ExtensionScript::class.java) - private val LOGGER: Logger = Logger.getLogger(ExtensionKotlin::class.java) - } - - init { - order = 9999 - - } - - override fun hook(extensionHook: ExtensionHook?) { - super.hook(extensionHook) - - LOGGER.info("Hooking Kotlin Scripting Extension") - - val zapJar = ZAP::class.java.protectionDomain.codeSource.location.file - - LOGGER.info("Loading Kotlin engine...") - val cl = ExtensionFactory.getAddOnLoader() - cl.urLs.forEach { LOGGER.info(it) } - extScript - .registerScriptEngineWrapper( - KotlinEngineWrapper(KotlinScriptEngineFactory(cl, zapJar.toString()))) - LOGGER.info("Kotlin engine loaded.") - - } - - private val extScript: ExtensionScript by lazy { - Control.getSingleton() - .extensionLoader - .getExtension(ExtensionScript.NAME) as ExtensionScript - } - -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt deleted file mode 100644 index d1128e7eed9..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinEngineWrapper.kt +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.fife.ui.rsyntaxtextarea.SyntaxConstants -import org.parosproxy.paros.Constant -import org.parosproxy.paros.extension.Extension -import org.zaproxy.zap.extension.script.DefaultEngineWrapper -import javax.script.ScriptEngine -import javax.script.ScriptEngineFactory -import javax.swing.ImageIcon - -class KotlinEngineWrapper(scriptEngineFactory: ScriptEngineFactory): DefaultEngineWrapper(scriptEngineFactory) { - - override fun getExtensions(): MutableList { - return mutableListOf("kts") - } - - override fun getIcon(): ImageIcon? { - return ExtensionKotlin.KOTLIN_ICON - } - - override fun getEngine(): ScriptEngine { - return super.getEngine() - } - - override fun getSyntaxStyle(): String { - return SyntaxConstants.SYNTAX_STYLE_NONE - } - - fun getAuthor(): String { - return ExtensionKotlin.TEAM_NAME - } - - fun getDescription(): String { - return Constant.messages.getString("kotlin.desc") - } - - fun getDependencies(): List> { - return ExtensionKotlin.EXTENSION_DEPENDENCIES - } - - override fun isRawEngine(): Boolean { - return false - } -} \ No newline at end of file diff --git a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt b/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt deleted file mode 100644 index e5ee130d713..00000000000 --- a/addOns/kotlin/src/main/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptEngineFactory.kt +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.jetbrains.kotlin.cli.common.repl.KotlinJsr223JvmScriptEngineFactoryBase -import org.jetbrains.kotlin.cli.common.repl.ScriptArgsWithTypes -import org.jetbrains.kotlin.script.jsr223.KotlinJsr223JvmLocalScriptEngine -import org.jetbrains.kotlin.script.jsr223.KotlinStandardJsr223ScriptTemplate -import java.io.File -import javax.script.Bindings -import javax.script.ScriptContext -import javax.script.ScriptEngine -import kotlin.script.experimental.jvm.util.scriptCompilationClasspathFromContextOrStdlib - -class KotlinScriptEngineFactory(private val classLoader: ClassLoader, - private val zapJar: String? = null) : KotlinJsr223JvmScriptEngineFactoryBase() { - override fun getScriptEngine(): ScriptEngine { - val clJars = scriptCompilationClasspathFromContextOrStdlib("kotlin-stdlib", - wholeClasspath = true, - classLoader = classLoader) - val jars = if (zapJar != null) { - clJars + File(zapJar) - } else { - clJars - } - return KotlinJsr223JvmLocalScriptEngine( - this, - jars, - KotlinStandardJsr223ScriptTemplate::class.qualifiedName!!, - { ctx, types -> - ScriptArgsWithTypes(arrayOf(ctx.getBindings(ScriptContext.ENGINE_SCOPE)), types ?: emptyArray()) - }, - arrayOf(Bindings::class) - ) - } - -} \ No newline at end of file diff --git a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt b/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt deleted file mode 100644 index 0530affd2d4..00000000000 --- a/addOns/kotlin/src/test/kotlin/org/zaproxy/zap/extension/kotlin/KotlinScriptTest.kt +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Zed Attack Proxy (ZAP) and its related class files. - * - * ZAP is an HTTP/HTTPS proxy for assessing web application security. - * - * Copyright 2020 The ZAP Development Team - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.zaproxy.zap.extension.kotlin - -import org.junit.jupiter.api.BeforeAll -import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates -import java.nio.charset.StandardCharsets -import java.nio.file.Files -import java.nio.file.Path -import javax.script.Compilable - -class KotlinScriptTest : AbstractVerifyScriptTemplates() { - - companion object { - lateinit var se: Compilable - @BeforeAll - @JvmStatic - fun setUp() { - se = KotlinScriptEngineFactory(Thread.currentThread().contextClassLoader).scriptEngine as Compilable - } - } - - override fun getScriptExtension(): String? { - return ".kts" - } - - override fun parseTemplate(template: Path?) { - val reader = Files.newBufferedReader(template, StandardCharsets.UTF_8) - val s = se.compile(reader) - s.eval() - } -} \ No newline at end of file From d53e3de59dcfcf5ee63d1c3ddb48b09484af499e Mon Sep 17 00:00:00 2001 From: kberg Date: Fri, 12 Jun 2020 20:12:42 -0600 Subject: [PATCH 19/19] typo Signed-off-by: kberg --- .../org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java b/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java index e4a2bc25fb5..6ac5a66abeb 100644 --- a/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java +++ b/addOns/kotlin/src/test/java/org/zaproxy/zap/extension/kotlin/VerifyScriptTemplates.java @@ -28,7 +28,7 @@ import org.junit.jupiter.api.BeforeAll; import org.zaproxy.zap.testutils.AbstractVerifyScriptTemplates; -/** Verifies that the Jython script templates are parsed without errors. */ +/** Verifies that the Kotlin script templates are parsed without errors. */ public class VerifyScriptTemplates extends AbstractVerifyScriptTemplates { private static Compilable se;