From 2ebcd72b5f64ad59c8a0fcba46afc121095eaf52 Mon Sep 17 00:00:00 2001 From: Jorge <46056498+jorgectf@users.noreply.github.com> Date: Tue, 8 Nov 2022 20:27:44 +0100 Subject: [PATCH 1/7] Add CodeQL workflow --- .github/workflows/codeql.yml | 69 ++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..ca872924 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,69 @@ +name: "CodeQL" + +on: + push: + branches: [ 'master' ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ 'master' ] + schedule: + - cron: '30 11 * * 2' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'java' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Java + uses: actions/setup-java@v2 + with: + distribution: adopt + java-version: '15' + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: +security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From 641b38ac80a103922483e3505da98b0aa079259b Mon Sep 17 00:00:00 2001 From: Louis Dion-Marcil Date: Fri, 18 Nov 2022 20:25:58 -0500 Subject: [PATCH 2/7] Increment CURRENT_COLUMN_VERSION to account for PathQuery --- src/main/java/com/nccgroup/loggerplusplus/util/Globals.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java b/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java index 6b23b0c2..0bdd997c 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java +++ b/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java @@ -81,7 +81,7 @@ public enum Protocol {HTTP, HTTPS} "\"filter\":{\"filter\":\"Request.Complete == False\"},\"filterString\":\"Request.Complete == False\",\"backgroundColor\":{\"value\":-16777216,\"falpha\":0.0}," + "\"foregroundColor\":{\"value\":-65536,\"falpha\":0.0},\"enabled\":true,\"modified\":false,\"shouldRetest\":true,\"priority\":1}}"; - public static final int CURRENT_COLUMN_VERSION = 7; + public static final int CURRENT_COLUMN_VERSION = 8; private static int colOrder = 0; public static final String DEFAULT_LOG_TABLE_COLUMNS_JSON = new StringBuilder().append("[") .append("{'id':" + NUMBER + ",'name':'Number','defaultVisibleName':'#','visibleName':'#','preferredWidth':65,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(NUMBER.getDescription()) + "'},") From 5711889b9963d1e18ba2c6dbd3c6c424968e8165 Mon Sep 17 00:00:00 2001 From: Louis Dion-Marcil Date: Fri, 18 Nov 2022 20:27:30 -0500 Subject: [PATCH 3/7] Add new PathQuery column representing /path?query --- .../java/com/nccgroup/loggerplusplus/logentry/LogEntry.java | 2 ++ .../com/nccgroup/loggerplusplus/logentry/LogEntryField.java | 1 + src/main/java/com/nccgroup/loggerplusplus/util/Globals.java | 1 + 3 files changed, 4 insertions(+) diff --git a/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java b/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java index 2f39de78..dc673a77 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java +++ b/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java @@ -543,6 +543,8 @@ public Object getValueByKey(LogEntryField columnName) { return this.url.getPath(); case QUERY: return this.url.getQuery(); + case PATHQUERY: + return this.url.getFile(); case STATUS: return this.responseStatus; case STATUS_TEXT: diff --git a/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntryField.java b/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntryField.java index 37673931..57f020cd 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntryField.java +++ b/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntryField.java @@ -28,6 +28,7 @@ public enum LogEntryField { METHOD(FieldGroup.REQUEST, String.class, "The request method used.", "Method"), PATH(FieldGroup.REQUEST, String.class, "The path component of the requested URL.", "Path"), QUERY(FieldGroup.REQUEST, String.class, "The query parameters of the requested URL.", "Query", "GetParams", "QueryParams"), + PATHQUERY(FieldGroup.REQUEST, String.class, "The path and query components of the requested URL.", "PathQuery"), PROTOCOL(FieldGroup.REQUEST, String.class, "The protocol component of the requested URL.", "Protocol"), ISSSL(FieldGroup.REQUEST, Boolean.class, "Did the request use SSL?", "IsSSL", "ssl"), USES_COOKIE_JAR(FieldGroup.REQUEST, String.class, "Compares the cookies with the cookie jar to see if any of them are in use.", "UsesCookieJar", "CookieJar"), diff --git a/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java b/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java index 0bdd997c..97f0a1b6 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java +++ b/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java @@ -97,6 +97,7 @@ public enum Protocol {HTTP, HTTPS} .append("{'id':" + PATH + ",'name':'Path','defaultVisibleName':'Path','visibleName':'Path','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(PATH.getDescription()) + "'},") .append("{'id':" + EXTENSION + ",'name':'UrlExtension','defaultVisibleName':'Extension','visibleName':'Extension','preferredWidth':70,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(EXTENSION.getDescription()) + "'},") .append("{'id':" + QUERY + ",'name':'Query','defaultVisibleName':'Query','visibleName':'Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(QUERY.getDescription()) + "'},") + .append("{'id':" + PATHQUERY + ",'name':'Path Query','defaultVisibleName':'Path Query','visibleName':'Path Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(PATHQUERY.getDescription()) + "'},") .append("{'id':" + URL + ",'name':'Url','defaultVisibleName':'URL','visibleName':'URL','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(URL.getDescription()) + "'},") .append("{'id':" + HASPARAMS + ",'name':'Has Params','defaultVisibleName':'Has Params','visibleName':'Has Params','preferredWidth':75,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(HASPARAMS.getDescription()) + "'},") .append("{'id':" + STATUS + ",'name':'Status','defaultVisibleName':'Status','visibleName':'Status','preferredWidth':55,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(STATUS.getDescription()) + "'},") From 8cc7e6002e9914fb55fd132726f1f4c4c516ac73 Mon Sep 17 00:00:00 2001 From: Alex Wardle Date: Tue, 29 Nov 2022 17:29:45 -0700 Subject: [PATCH 4/7] fix JMenu bug caused by failed JFrame retrieval --- .../loggerplusplus/LoggerPlusPlus.java | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java b/src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java index 3702d89f..b8a666f3 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java +++ b/src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java @@ -23,6 +23,7 @@ import java.net.URL; import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; import static com.nccgroup.loggerplusplus.util.Globals.PREF_RESTRICT_TO_SCOPE; @@ -53,6 +54,21 @@ public LoggerPlusPlus(){ this.gsonProvider = new DefaultGsonProvider(); } + private JFrame getBurpFrame() throws Exception { + // Get all frames + Frame[] allFrames = JFrame.getFrames(); + // Filter the stream find the main burp window frame, and convert to a list + List filteredFrames = Arrays.stream(allFrames).filter(f -> + f.getTitle().startsWith("Burp Suite") && f.isVisible() + ).collect(Collectors.toList()); + // If size is 1, we have the main burp frame. Otherwise fails + if (filteredFrames.size() == 1) { + return (JFrame) filteredFrames.get(0); + } else { + throw new Exception("Expected one burp pane, but found " + filteredFrames.size()); + } + } + @Override public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { @@ -98,7 +114,13 @@ public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) LoggerPlusPlus.callbacks.addSuiteTab(mainViewController); //Add menu item to Burp's frame menu. - JFrame rootFrame = (JFrame) SwingUtilities.getWindowAncestor(mainViewController.getUiComponent()); + JFrame rootFrame = null; + try { + rootFrame = getBurpFrame(); + } catch (Exception e) { + callbacks.printError("Could not find root frame. Window JMenu will not be added"); + throw new RuntimeException(e); + } try{ JMenuBar menuBar = rootFrame.getJMenuBar(); loggerMenu = new LoggerMenu(LoggerPlusPlus.this); From 3c98d2c9cba2ad9a32c9f2525f999866e183e669 Mon Sep 17 00:00:00 2001 From: Alex Wardle Date: Tue, 29 Nov 2022 17:52:01 -0700 Subject: [PATCH 5/7] avoid unnecessary updates to the message editor fixes issue #164 --- .../logview/entryviewer/RequestViewerController.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/com/nccgroup/loggerplusplus/logview/entryviewer/RequestViewerController.java b/src/main/java/com/nccgroup/loggerplusplus/logview/entryviewer/RequestViewerController.java index e4d8fc7d..a6d59ba5 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/logview/entryviewer/RequestViewerController.java +++ b/src/main/java/com/nccgroup/loggerplusplus/logview/entryviewer/RequestViewerController.java @@ -24,6 +24,9 @@ public RequestViewerController(Preferences preferences, boolean requestEditable, } public void setDisplayedEntity(LogEntry logEntry) { + // Only update message if it's new. This fixes issue #164 and improves performance during heavy scanning. + if (this.currentEntry == logEntry) { return; } + this.currentEntry = logEntry; if (logEntry.getRequest() != null) { From 885cf6fabcc6c41a51523e4c4ffac9756ff7158d Mon Sep 17 00:00:00 2001 From: Corey <1339555+CoreyD97@users.noreply.github.com> Date: Fri, 2 Dec 2022 09:11:37 +0000 Subject: [PATCH 6/7] Update dependencies. Add test class. --- build.gradle | 19 ++++++++++++------- src/test/java/Test.java | 5 +++++ 2 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 src/test/java/Test.java diff --git a/build.gradle b/build.gradle index 9ca949e6..7a71a6a5 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,10 @@ -apply plugin: 'java' +plugins { + id 'java' + id "io.freefair.lombok" version "6.5.1" +} -sourceCompatibility = 15 -targetCompatibility = 15 +sourceCompatibility = JavaVersion.VERSION_17 +targetCompatibility = JavaVersion.VERSION_17 repositories { mavenCentral() @@ -18,11 +21,13 @@ dependencies { implementation 'org.swinglabs:swingx:1.6.1' implementation 'com.github.CoreyD97:BurpExtenderUtilities:e800fd2d' - implementation 'com.google.code.gson:gson:2.8.2' + implementation 'com.google.code.gson:gson:2.10' implementation 'org.elasticsearch.client:elasticsearch-rest-high-level-client:7.5.2' - implementation 'org.apache.httpcomponents:httpclient:4.5.6' - implementation 'org.apache.commons:commons-text:1.7' - implementation 'org.apache.logging.log4j:log4j-core:2.17.1' + implementation 'org.apache.httpcomponents:httpclient:4.5.13' + implementation 'org.apache.commons:commons-text:1.10.0' + implementation 'org.apache.logging.log4j:log4j-core:2.19.0' + + testCompileOnly files("${System.properties['user.home']}/BurpSuitePro/burpsuite_pro.jar") } jar { diff --git a/src/test/java/Test.java b/src/test/java/Test.java new file mode 100644 index 00000000..998ff084 --- /dev/null +++ b/src/test/java/Test.java @@ -0,0 +1,5 @@ +public class Test { + public static void main(String[] args) { + burp.StartBurp.main(args); + } +} From 33e20c844e2904c8df243d818ca94d7ef25b49d4 Mon Sep 17 00:00:00 2001 From: Corey Arthur <1339555+CoreyD97@users.noreply.github.com> Date: Fri, 2 Dec 2022 09:17:34 +0000 Subject: [PATCH 7/7] Make PathQuery column hidden by default --- src/main/java/com/nccgroup/loggerplusplus/util/Globals.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java b/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java index 97f0a1b6..ea0f0a66 100644 --- a/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java +++ b/src/main/java/com/nccgroup/loggerplusplus/util/Globals.java @@ -97,7 +97,7 @@ public enum Protocol {HTTP, HTTPS} .append("{'id':" + PATH + ",'name':'Path','defaultVisibleName':'Path','visibleName':'Path','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(PATH.getDescription()) + "'},") .append("{'id':" + EXTENSION + ",'name':'UrlExtension','defaultVisibleName':'Extension','visibleName':'Extension','preferredWidth':70,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(EXTENSION.getDescription()) + "'},") .append("{'id':" + QUERY + ",'name':'Query','defaultVisibleName':'Query','visibleName':'Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(QUERY.getDescription()) + "'},") - .append("{'id':" + PATHQUERY + ",'name':'Path Query','defaultVisibleName':'Path Query','visibleName':'Path Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(PATHQUERY.getDescription()) + "'},") + .append("{'id':" + PATHQUERY + ",'name':'Path Query','defaultVisibleName':'Path Query','visibleName':'Path Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(PATHQUERY.getDescription()) + "'},") .append("{'id':" + URL + ",'name':'Url','defaultVisibleName':'URL','visibleName':'URL','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(URL.getDescription()) + "'},") .append("{'id':" + HASPARAMS + ",'name':'Has Params','defaultVisibleName':'Has Params','visibleName':'Has Params','preferredWidth':75,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(HASPARAMS.getDescription()) + "'},") .append("{'id':" + STATUS + ",'name':'Status','defaultVisibleName':'Status','visibleName':'Status','preferredWidth':55,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(STATUS.getDescription()) + "'},")