diff --git a/addOns/accessControl/CHANGELOG.md b/addOns/accessControl/CHANGELOG.md index 709ae98291d..d56b99ad1e8 100644 --- a/addOns/accessControl/CHANGELOG.md +++ b/addOns/accessControl/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [10] - 2024-03-25 ### Changed diff --git a/addOns/accessControl/src/test/java/org/zaproxy/zap/extension/accessControl/AccessControlAlertsProcessorUnitTest.java b/addOns/accessControl/src/test/java/org/zaproxy/zap/extension/accessControl/AccessControlAlertsProcessorUnitTest.java index 2862a1cedea..7fdcbc8ef52 100644 --- a/addOns/accessControl/src/test/java/org/zaproxy/zap/extension/accessControl/AccessControlAlertsProcessorUnitTest.java +++ b/addOns/accessControl/src/test/java/org/zaproxy/zap/extension/accessControl/AccessControlAlertsProcessorUnitTest.java @@ -69,10 +69,12 @@ private static void assertAlert( assertThat(alert.getCweId(), is(equalTo(cweId))); assertThat(alert.getWascId(), is(equalTo(wascId))); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(2))); assertThat( tags, allOf( + hasEntry( + "CWE-" + cweId, + "https://cwe.mitre.org/data/definitions/" + cweId + ".html"), hasEntry( CommonAlertTag.OWASP_2021_A01_BROKEN_AC.getTag(), CommonAlertTag.OWASP_2021_A01_BROKEN_AC.getValue()), diff --git a/addOns/addOns.gradle.kts b/addOns/addOns.gradle.kts index 2a4c3ac3ad7..3fea50a80e2 100644 --- a/addOns/addOns.gradle.kts +++ b/addOns/addOns.gradle.kts @@ -148,7 +148,7 @@ subprojects { } } - val zapGav = "org.zaproxy:zap:2.14.0" + val zapGav = "org.zaproxy:zap:2.15.0-SNAPSHOT" dependencies { "zap"(zapGav) } @@ -159,7 +159,7 @@ subprojects { releaseLink.set(project.provider { "https://github.com/zaproxy/zap-extensions/releases/${zapAddOn.addOnId.get()}-v@CURRENT_VERSION@" }) manifest { - zapVersion.set("2.14.0") + zapVersion.set("2.15.0") changesFile.set(tasks.named("generateManifestChanges").flatMap { it.html }) repo.set("https://github.com/zaproxy/zap-extensions/") diff --git a/addOns/alertFilters/CHANGELOG.md b/addOns/alertFilters/CHANGELOG.md index 4585ceea8be..974c5027a07 100644 --- a/addOns/alertFilters/CHANGELOG.md +++ b/addOns/alertFilters/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [20] - 2024-04-02 ### Added diff --git a/addOns/allinonenotes/CHANGELOG.md b/addOns/allinonenotes/CHANGELOG.md index bc9580df910..d00ce5d8b42 100644 --- a/addOns/allinonenotes/CHANGELOG.md +++ b/addOns/allinonenotes/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ### Fixed diff --git a/addOns/ascanrules/CHANGELOG.md b/addOns/ascanrules/CHANGELOG.md index 7bf4733f200..79add7931d4 100644 --- a/addOns/ascanrules/CHANGELOG.md +++ b/addOns/ascanrules/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [65] - 2024-03-28 ### Changed diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CloudMetadataScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CloudMetadataScanRule.java index 7b6847d3c60..c1eb9fcaddc 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CloudMetadataScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CloudMetadataScanRule.java @@ -30,10 +30,7 @@ import org.parosproxy.paros.core.scanner.Alert; import org.parosproxy.paros.core.scanner.Category; import org.parosproxy.paros.network.HttpMessage; -import org.parosproxy.paros.network.HttpStatusCode; import org.zaproxy.addon.commonlib.CommonAlertTag; -import org.zaproxy.zap.extension.custompages.CustomPage; -import org.zaproxy.zap.model.Context; /** * Attempts to retrieve cloud metadata by forging the host header and requesting a specific URL. See @@ -104,22 +101,6 @@ public AlertBuilder createAlert(HttpMessage newRequest, String host) { .setMessage(newRequest); } - /** FIXME Remove this call after 2.15.0 to call the fixed version in the parent. */ - @Override - public boolean isSuccess(HttpMessage msg) { - Context context = getParent().getContext(); - if (context != null) { - if (context.isCustomPage(msg, CustomPage.Type.NOTFOUND_404) - || context.isCustomPage(msg, CustomPage.Type.ERROR_500)) { - return false; - } - if (context.isCustomPage(msg, CustomPage.Type.OK_200)) { - return true; - } - } - return HttpStatusCode.isSuccess(msg.getResponseHeader().getStatusCode()); - } - @Override public void scan() { HttpMessage newRequest = getNewMsg(); diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRule.java index fa265c06997..ed3014b2173 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRule.java @@ -47,8 +47,6 @@ import org.parosproxy.paros.network.HttpStatusCode; import org.zaproxy.addon.commonlib.CommonAlertTag; import org.zaproxy.addon.commonlib.http.HttpFieldsNames; -import org.zaproxy.zap.extension.custompages.CustomPage; -import org.zaproxy.zap.model.Context; /** * Active scan rule which checks whether various URL paths are exposed. @@ -143,22 +141,6 @@ && doesMatch(responseBody, file.getContent()) } } - /** FIXME Remove this call after 2.15.0 to call the fixed version in the parent. */ - @Override - protected boolean isPage200(HttpMessage msg) { - Context context = getParent().getContext(); - if (context != null) { - if (context.isCustomPage(msg, CustomPage.Type.NOTFOUND_404) - || context.isCustomPage(msg, CustomPage.Type.ERROR_500)) { - return false; - } - if (context.isCustomPage(msg, CustomPage.Type.OK_200)) { - return true; - } - } - return HttpStatusCode.isSuccess(msg.getResponseHeader().getStatusCode()); - } - private static String generatePath(String baseUriPath, String hiddenFile) { String newPath = ""; if (baseUriPath == null) { diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRuleUnitTest.java index 2c4d1cda6d8..4caab38bdb8 100644 --- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRuleUnitTest.java +++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/DirectoryBrowsingScanRuleUnitTest.java @@ -76,7 +76,8 @@ void shouldReturnExpectedExampleAlert() { assertThat(alerts.size(), is(equalTo(1))); Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(2))); + assertThat(tags.size(), is(equalTo(3))); + assertThat(tags, hasKey("CWE-548")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A01_BROKEN_AC.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A05_BROKEN_AC.getTag())); assertThat(alert.getRisk(), is(equalTo(Alert.RISK_MEDIUM))); diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/FormatStringScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/FormatStringScanRuleUnitTest.java index f99eef41730..575c4a39d0a 100644 --- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/FormatStringScanRuleUnitTest.java +++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/FormatStringScanRuleUnitTest.java @@ -91,7 +91,8 @@ void shouldReturnExpectedExampleAlert() { assertThat(alerts.size(), is(equalTo(1))); Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(2))); + assertThat(tags.size(), is(equalTo(3))); + assertThat(tags, hasKey("CWE-134")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A01_INJECTION.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A03_INJECTION.getTag())); assertThat(alert.getRisk(), is(equalTo(Alert.RISK_MEDIUM))); diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRuleUnitTest.java index 5a853e1515a..7757fc3ade8 100644 --- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRuleUnitTest.java +++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/HiddenFilesScanRuleUnitTest.java @@ -742,7 +742,8 @@ void shouldReturnExpectedExampleAlert() { Map tags = alert.getTags(); // Then assertThat(alerts.size(), is(equalTo(1))); - assertThat(tags.size(), is(equalTo(4))); + assertThat(tags.size(), is(equalTo(5))); + assertThat(tags, hasKey("CWE-538")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.WSTG_V42_CONF_05_ENUMERATE_INFRASTRUCTURE.getTag())); diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/Log4ShellScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/Log4ShellScanRuleUnitTest.java index 3b48e3c9790..1ef5caa233d 100644 --- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/Log4ShellScanRuleUnitTest.java +++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/Log4ShellScanRuleUnitTest.java @@ -22,6 +22,7 @@ import static fi.iki.elonen.NanoHTTPD.newFixedLengthResponse; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasKey; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; import static org.mockito.ArgumentMatchers.any; @@ -133,12 +134,14 @@ void shouldReturnExpectedExampleAlerts() { // Then assertThat(alerts.size(), is(equalTo(2))); assertThat(alert1.getAlertRef(), is(equalTo("40043-1"))); - assertThat(alert1.getTags().size(), is(equalTo(5))); + assertThat(alert1.getTags().size(), is(equalTo(6))); + assertThat(alert1.getTags(), hasKey("CWE-117")); assertThat(alert1.getTags().containsKey("CVE-2021-44228"), is(equalTo(true))); assertThat(alert1.getName(), is(equalTo("Log4Shell (CVE-2021-44228)"))); assertThat(alert2.getAlertRef(), is(equalTo("40043-2"))); assertThat(alert2.getTags().containsKey("CVE-2021-45046"), is(equalTo(true))); - assertThat(alert2.getTags().size(), is(equalTo(5))); + assertThat(alert2.getTags().size(), is(equalTo(6))); + assertThat(alert2.getTags(), hasKey("CWE-117")); assertThat(alert2.getName(), is(equalTo("Log4Shell (CVE-2021-45046)"))); } diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRuleUnitTest.java index 40bb6530dd3..e6f9e226a1b 100644 --- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRuleUnitTest.java +++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/ParameterTamperScanRuleUnitTest.java @@ -23,6 +23,7 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThan; +import static org.hamcrest.Matchers.hasKey; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; @@ -259,8 +260,9 @@ void shouldReturnExpectedExampleAlert() { Alert alert = alerts.get(0); Map tags1 = alert.getTags(); - assertThat(tags1.size(), is(equalTo(2))); + assertThat(tags1.size(), is(equalTo(3))); assertThat(alert.getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM))); + assertThat(tags1, hasKey("CWE-472")); assertThat( tags1.containsKey(CommonAlertTag.OWASP_2017_A01_INJECTION.getTag()), is(equalTo(true))); diff --git a/addOns/ascanrulesAlpha/CHANGELOG.md b/addOns/ascanrulesAlpha/CHANGELOG.md index 691c62fb370..bf447534869 100644 --- a/addOns/ascanrulesAlpha/CHANGELOG.md +++ b/addOns/ascanrulesAlpha/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [47] - 2024-03-28 ### Changed diff --git a/addOns/ascanrulesBeta/CHANGELOG.md b/addOns/ascanrulesBeta/CHANGELOG.md index fb71782e411..af49f48cd4e 100644 --- a/addOns/ascanrulesBeta/CHANGELOG.md +++ b/addOns/ascanrulesBeta/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [53] - 2024-03-28 diff --git a/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/HttpOnlySiteScanRuleUnitTest.java b/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/HttpOnlySiteScanRuleUnitTest.java index 82ba995f5bd..e73a2036639 100644 --- a/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/HttpOnlySiteScanRuleUnitTest.java +++ b/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/HttpOnlySiteScanRuleUnitTest.java @@ -160,7 +160,8 @@ void shouldReturnExpectedExampleAlert() { Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(3))); + assertThat(tags.size(), is(equalTo(4))); + assertThat(tags, hasKey("CWE-311")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.WSTG_V42_SESS_02_COOKIE_ATTRS.getTag())); diff --git a/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRuleUnitTest.java b/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRuleUnitTest.java index 22b924ce55f..9a404b26746 100644 --- a/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRuleUnitTest.java +++ b/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRuleUnitTest.java @@ -75,7 +75,8 @@ void shouldReturnExpectedExampleAlert() { Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(2))); + assertThat(tags.size(), is(equalTo(3))); + assertThat(tags, hasKey("CWE-541")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getTag())); diff --git a/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureGitScanRuleUnitTest.java b/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureGitScanRuleUnitTest.java index 7f694d3d8bc..da130ac1fee 100644 --- a/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureGitScanRuleUnitTest.java +++ b/addOns/ascanrulesBeta/src/test/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureGitScanRuleUnitTest.java @@ -70,7 +70,8 @@ void shouldReturnExpectedExampleAlert() { assertThat(alerts.size(), is(equalTo(1))); Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(2))); + assertThat(tags.size(), is(equalTo(3))); + assertThat(tags, hasKey("CWE-541")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getTag())); assertThat(alert.getRisk(), is(equalTo(Alert.RISK_HIGH))); diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md index 77fd04106a8..c1faa190574 100644 --- a/addOns/authhelper/CHANGELOG.md +++ b/addOns/authhelper/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [0.12.0] - 2024-02-06 diff --git a/addOns/authstats/CHANGELOG.md b/addOns/authstats/CHANGELOG.md index d3c05589f3c..b9395753a61 100644 --- a/addOns/authstats/CHANGELOG.md +++ b/addOns/authstats/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [2] - 2021-10-07 diff --git a/addOns/automation/CHANGELOG.md b/addOns/automation/CHANGELOG.md index f32a4ca6485..72ab405e760 100644 --- a/addOns/automation/CHANGELOG.md +++ b/addOns/automation/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [0.39.0] - 2024-04-23 ### Added diff --git a/addOns/automation/src/test/java/org/parosproxy/paros/core/scanner/PluginFactoryTestHelper.java b/addOns/automation/src/test/java/org/parosproxy/paros/core/scanner/PluginFactoryTestHelper.java new file mode 100644 index 00000000000..d2aad2ffc54 --- /dev/null +++ b/addOns/automation/src/test/java/org/parosproxy/paros/core/scanner/PluginFactoryTestHelper.java @@ -0,0 +1,29 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2024 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.parosproxy.paros.core.scanner; + +public final class PluginFactoryTestHelper extends PluginFactory { + + private PluginFactoryTestHelper() {} + + public static void init() { + PluginFactory.init(false); + } +} diff --git a/addOns/automation/src/test/java/org/parosproxy/paros/core/scanner/PluginTestHelper.java b/addOns/automation/src/test/java/org/parosproxy/paros/core/scanner/PluginTestHelper.java new file mode 100644 index 00000000000..a9422d84694 --- /dev/null +++ b/addOns/automation/src/test/java/org/parosproxy/paros/core/scanner/PluginTestHelper.java @@ -0,0 +1,59 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2024 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.parosproxy.paros.core.scanner; + +public class PluginTestHelper extends AbstractPlugin { + + @Override + public int getId() { + return 50000; + } + + @Override + public String getName() { + return "PluginTestHelper"; + } + + @Override + public String getDescription() { + return ""; + } + + @Override + public void scan() {} + + @Override + public int getCategory() { + return 0; + } + + @Override + public String getSolution() { + return ""; + } + + @Override + public String getReference() { + return ""; + } + + @Override + public void notifyPluginCompleted(HostProcess parent) {} +} diff --git a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java index 18a4b270edf..ffeae217d8f 100644 --- a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java +++ b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java @@ -56,8 +56,12 @@ import org.parosproxy.paros.CommandLine; import org.parosproxy.paros.Constant; import org.parosproxy.paros.control.Control; +import org.parosproxy.paros.core.scanner.AbstractPlugin; import org.parosproxy.paros.core.scanner.Plugin.AlertThreshold; import org.parosproxy.paros.core.scanner.Plugin.AttackStrength; +import org.parosproxy.paros.core.scanner.PluginFactory; +import org.parosproxy.paros.core.scanner.PluginFactoryTestHelper; +import org.parosproxy.paros.core.scanner.PluginTestHelper; import org.parosproxy.paros.core.scanner.ScannerParam; import org.parosproxy.paros.extension.ExtensionLoader; import org.parosproxy.paros.model.Model; @@ -79,6 +83,7 @@ class ActiveScanJobUnitTest { private static MockedStatic mockedCmdLine; private ExtensionActiveScan extAScan; + private static AbstractPlugin plugin; @TempDir static Path tempDir; @@ -88,11 +93,19 @@ static void init() throws IOException { Constant.setZapHome( Files.createDirectory(tempDir.resolve("home")).toAbsolutePath().toString()); + + PluginFactoryTestHelper.init(); + plugin = new PluginTestHelper(); + PluginFactory.loadedPlugin(plugin); } @AfterAll static void close() { mockedCmdLine.close(); + + if (plugin != null) { + PluginFactory.unloadedPlugin(plugin); + } } @BeforeEach @@ -196,8 +209,9 @@ void shouldReturnConfigParams() throws MalformedURLException { job.getConfigParameters(new ScannerParamWrapper(), job.getParamMethodName()); // Then - assertThat(params.size(), is(equalTo(11))); + assertThat(params.size(), is(equalTo(12))); + assertThat(params.containsKey("encodeCookieValues"), is(equalTo(true))); assertThat(params.containsKey("addQueryParam"), is(equalTo(true))); assertThat(params.containsKey("defaultPolicy"), is(equalTo(true))); assertThat(params.containsKey("delayInMs"), is(equalTo(true))); @@ -477,8 +491,6 @@ void shouldSetScanPolicyDefaults() throws MalformedURLException { @Test void shouldDisableAllRulesWithString() throws MalformedURLException { - // There is one built in rule, and mocking more is tricky outside of the package :/ - // Given ActiveScanJob job = new ActiveScanJob(); AutomationProgress progress = new AutomationProgress(); @@ -505,8 +517,6 @@ void shouldDisableAllRulesWithString() throws MalformedURLException { @Test void shouldSetSpecifiedRuleConfigs() throws MalformedURLException { - // There is one built in rule, and mocking more is tricky outside of the package :/ - // Given ActiveScanJob job = new ActiveScanJob(); AutomationProgress progress = new AutomationProgress(); @@ -550,8 +560,6 @@ void shouldSetSpecifiedRuleConfigs() throws MalformedURLException { @Test void shouldTurnOffSpecifiedRule() throws MalformedURLException { - // There is one built in rule, and mocking more is tricky outside of the package :/ - // Given ActiveScanJob job = new ActiveScanJob(); AutomationProgress progress = new AutomationProgress(); diff --git a/addOns/beanshell/CHANGELOG.md b/addOns/beanshell/CHANGELOG.md index 261b1a053c5..3e035a2e1ac 100644 --- a/addOns/beanshell/CHANGELOG.md +++ b/addOns/beanshell/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Dependency updates. ## [7] - 2021-10-07 diff --git a/addOns/browserView/CHANGELOG.md b/addOns/browserView/CHANGELOG.md index 0e64a4bebc1..7c4492224ca 100644 --- a/addOns/browserView/CHANGELOG.md +++ b/addOns/browserView/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [6] - 2023-03-13 ### Added diff --git a/addOns/bruteforce/CHANGELOG.md b/addOns/bruteforce/CHANGELOG.md index f43aeb25d12..07cad3d5cfd 100644 --- a/addOns/bruteforce/CHANGELOG.md +++ b/addOns/bruteforce/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support for menu weights (Issue 8369). ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ### Fixed diff --git a/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/PopupMenuBruteForceSite.java b/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/PopupMenuBruteForceSite.java index 3a56ad20d91..1fc8f2903b3 100644 --- a/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/PopupMenuBruteForceSite.java +++ b/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/PopupMenuBruteForceSite.java @@ -54,10 +54,6 @@ public String getParentMenuName() { } @Override - public int getParentMenuIndex() { - return ATTACK_MENU_INDEX; - } - public int getParentWeight() { return MenuWeights.MENU_ATTACK_WEIGHT; } diff --git a/addOns/bugtracker/CHANGELOG.md b/addOns/bugtracker/CHANGELOG.md index 412f42f9740..c23b7cbdfdd 100644 --- a/addOns/bugtracker/CHANGELOG.md +++ b/addOns/bugtracker/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ### Fixed diff --git a/addOns/callgraph/CHANGELOG.md b/addOns/callgraph/CHANGELOG.md index afc733a0b36..a3b37dc2e47 100644 --- a/addOns/callgraph/CHANGELOG.md +++ b/addOns/callgraph/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [5] - 2021-10-07 ### Added diff --git a/addOns/callgraph/src/main/java/org/zaproxy/zap/extension/callgraph/PopupMenuCallGraph.java b/addOns/callgraph/src/main/java/org/zaproxy/zap/extension/callgraph/PopupMenuCallGraph.java index e7443aff05d..4b787d38a2b 100644 --- a/addOns/callgraph/src/main/java/org/zaproxy/zap/extension/callgraph/PopupMenuCallGraph.java +++ b/addOns/callgraph/src/main/java/org/zaproxy/zap/extension/callgraph/PopupMenuCallGraph.java @@ -74,11 +74,6 @@ public PopupMenuCallGraph() { } } - @Override - public boolean precedeWithSeparator() { - return true; - } - private static class CallGraphPopupMenuItem extends PopupMenuItemHttpMessageContainer { private static final long serialVersionUID = -4108212857830575776L; diff --git a/addOns/callhome/CHANGELOG.md b/addOns/callhome/CHANGELOG.md index 4f2ea9dbeff..b43ac2a3964 100644 --- a/addOns/callhome/CHANGELOG.md +++ b/addOns/callhome/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [0.11.0] - 2024-03-13 ### Changed diff --git a/addOns/client/CHANGELOG.md b/addOns/client/CHANGELOG.md index 006a3dc0be4..2ce1649afec 100644 --- a/addOns/client/CHANGELOG.md +++ b/addOns/client/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.15.0. + ### Added - Support for menu weights (Issue 8369) diff --git a/addOns/client/src/main/java/org/zaproxy/addon/client/spider/PopupMenuSpider.java b/addOns/client/src/main/java/org/zaproxy/addon/client/spider/PopupMenuSpider.java index 7558a455087..6269f07ce42 100644 --- a/addOns/client/src/main/java/org/zaproxy/addon/client/spider/PopupMenuSpider.java +++ b/addOns/client/src/main/java/org/zaproxy/addon/client/spider/PopupMenuSpider.java @@ -49,14 +49,11 @@ public String getParentMenuName() { } @Override - public int getParentMenuIndex() { - return ATTACK_MENU_INDEX; - } - public int getParentWeight() { return MenuWeights.MENU_ATTACK_WEIGHT; } + @Override public int getWeight() { return MenuWeights.MENU_ATTACK_CLIENT_WEIGHT; } diff --git a/addOns/commonlib/CHANGELOG.md b/addOns/commonlib/CHANGELOG.md index 428cf66554c..82c84f72cc3 100644 --- a/addOns/commonlib/CHANGELOG.md +++ b/addOns/commonlib/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Support for code and help links for script scan rules. ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [1.24.0] - 2024-04-11 diff --git a/addOns/coreLang/CHANGELOG.md b/addOns/coreLang/CHANGELOG.md index 90a30c1cf51..62e059cbb72 100644 --- a/addOns/coreLang/CHANGELOG.md +++ b/addOns/coreLang/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [15] - 2022-02-14 ### Changed diff --git a/addOns/custompayloads/CHANGELOG.md b/addOns/custompayloads/CHANGELOG.md index 96b4aab9f28..641b3b72f06 100644 --- a/addOns/custompayloads/CHANGELOG.md +++ b/addOns/custompayloads/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [0.13.0] - 2023-11-10 diff --git a/addOns/database/CHANGELOG.md b/addOns/database/CHANGELOG.md index 346bed8bf8e..b4a76701127 100644 --- a/addOns/database/CHANGELOG.md +++ b/addOns/database/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [0.3.0] - 2023-10-12 ### Changed diff --git a/addOns/dev/CHANGELOG.md b/addOns/dev/CHANGELOG.md index 4dd9fe2acdd..e7be7c3d787 100644 --- a/addOns/dev/CHANGELOG.md +++ b/addOns/dev/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [0.5.0] - 2024-01-10 ### Added diff --git a/addOns/diff/CHANGELOG.md b/addOns/diff/CHANGELOG.md index 4b9ce552bdf..4d6576f7a9e 100644 --- a/addOns/diff/CHANGELOG.md +++ b/addOns/diff/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support for menu weights (Issue 8369). ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [14] - 2023-10-12 diff --git a/addOns/diff/src/main/java/org/zaproxy/zap/extension/diff/PopupMenuDiff.java b/addOns/diff/src/main/java/org/zaproxy/zap/extension/diff/PopupMenuDiff.java index cb9595f2371..67b20f372d9 100644 --- a/addOns/diff/src/main/java/org/zaproxy/zap/extension/diff/PopupMenuDiff.java +++ b/addOns/diff/src/main/java/org/zaproxy/zap/extension/diff/PopupMenuDiff.java @@ -86,10 +86,12 @@ public boolean isSafe() { return true; } + @Override public int getWeight() { return weight; } + @Override public void setWeight(int weight) { this.weight = weight; } diff --git a/addOns/directorylistv1/CHANGELOG.md b/addOns/directorylistv1/CHANGELOG.md index 2de0c52531e..bba6a031d35 100644 --- a/addOns/directorylistv1/CHANGELOG.md +++ b/addOns/directorylistv1/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [7] - 2023-10-12 ### Changed diff --git a/addOns/directorylistv2_3/CHANGELOG.md b/addOns/directorylistv2_3/CHANGELOG.md index 29f43fb413c..035df5ae61c 100644 --- a/addOns/directorylistv2_3/CHANGELOG.md +++ b/addOns/directorylistv2_3/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [4] - 2021-10-07 ### Added diff --git a/addOns/directorylistv2_3_lc/CHANGELOG.md b/addOns/directorylistv2_3_lc/CHANGELOG.md index 187c018139d..acc0e884327 100644 --- a/addOns/directorylistv2_3_lc/CHANGELOG.md +++ b/addOns/directorylistv2_3_lc/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [4] - 2021-10-07 ### Added diff --git a/addOns/domxss/CHANGELOG.md b/addOns/domxss/CHANGELOG.md index 79a9a401716..8cd4badf3ff 100644 --- a/addOns/domxss/CHANGELOG.md +++ b/addOns/domxss/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [18] - 2023-10-12 diff --git a/addOns/encoder/CHANGELOG.md b/addOns/encoder/CHANGELOG.md index e4c152c5a55..7506fbba791 100644 --- a/addOns/encoder/CHANGELOG.md +++ b/addOns/encoder/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Support for menu weights (Issue 8369) ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [1.4.0] - 2023-10-12 diff --git a/addOns/encoder/src/main/java/org/zaproxy/addon/encoder/PopupEncoderMenu.java b/addOns/encoder/src/main/java/org/zaproxy/addon/encoder/PopupEncoderMenu.java index 7e43669830d..84f5c33e958 100644 --- a/addOns/encoder/src/main/java/org/zaproxy/addon/encoder/PopupEncoderMenu.java +++ b/addOns/encoder/src/main/java/org/zaproxy/addon/encoder/PopupEncoderMenu.java @@ -73,6 +73,7 @@ private boolean isInvokerFromEncodeDecode(Component invoker) { || invoker.getName().equals(EncodeDecodeDialog.ENCODE_DECODE_RESULTFIELD); } + @Override public int getWeight() { return MenuWeights.MENU_ENCODE_WEIGHT; } diff --git a/addOns/evalvillain/CHANGELOG.md b/addOns/evalvillain/CHANGELOG.md index 02fe286aa62..45b171ae76b 100644 --- a/addOns/evalvillain/CHANGELOG.md +++ b/addOns/evalvillain/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [0.3.0] - 2023-09-26 ### Changed diff --git a/addOns/exim/CHANGELOG.md b/addOns/exim/CHANGELOG.md index 27cfb01b5d0..8660800cfd1 100644 --- a/addOns/exim/CHANGELOG.md +++ b/addOns/exim/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support for menu weights (Issue 8369) ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [0.8.0] - 2023-11-10 diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/AbstractPopupMenuSaveMessage.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/AbstractPopupMenuSaveMessage.java index 2abc6bd1c24..3046340ee6a 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/AbstractPopupMenuSaveMessage.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/AbstractPopupMenuSaveMessage.java @@ -94,11 +94,6 @@ protected AbstractPopupMenuSaveMessage( add(response); } - @Override - public boolean precedeWithSeparator() { - return true; - } - @Override public boolean isSafe() { return true; diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuCopyUrls.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuCopyUrls.java index cdeb23009b0..83cf59945ab 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuCopyUrls.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuCopyUrls.java @@ -73,6 +73,7 @@ public void lostOwnership(Clipboard clipboard, Transferable contents) { // Ignore } + @Override public int getWeight() { return MenuWeights.MENU_COPY_URLS_WEIGHT; } diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuExportUrls.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuExportUrls.java index 0b3cb1291dd..65050199bf0 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuExportUrls.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuExportUrls.java @@ -188,6 +188,7 @@ public void approveSelection() { return null; } + @Override public int getWeight() { return MenuWeights.MENU_SAVE_ALL_URLS_WEIGHT; } diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveRawMessage.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveRawMessage.java index 97270a561aa..32149ad6c08 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveRawMessage.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveRawMessage.java @@ -109,6 +109,7 @@ private static void writeToFile( } } + @Override public int getWeight() { return MenuWeights.MENU_SAVE_RAW_WEIGHT; } diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveXmlMessage.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveXmlMessage.java index 338965377df..a72a1ab02a9 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveXmlMessage.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/PopupMenuSaveXmlMessage.java @@ -139,6 +139,7 @@ private static void writeToFile( } } + @Override public int getWeight() { return MenuWeights.MENU_SAVE_XML_WEIGHT; } diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/PopupMenuItemSaveHarMessage.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/PopupMenuItemSaveHarMessage.java index 96433f18984..fce64619efe 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/PopupMenuItemSaveHarMessage.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/PopupMenuItemSaveHarMessage.java @@ -61,11 +61,6 @@ public PopupMenuItemSaveHarMessage() { super(POPUP_MENU_LABEL, true); } - @Override - public boolean precedeWithSeparator() { - return true; - } - @Override public boolean isSafe() { return true; @@ -123,6 +118,7 @@ private static File getOutputFile() { return null; } + @Override public int getWeight() { return MenuWeights.MENU_SAVE_HAR_WEIGHT; } diff --git a/addOns/formhandler/CHANGELOG.md b/addOns/formhandler/CHANGELOG.md index 4c0ac0aed63..d43369a622b 100644 --- a/addOns/formhandler/CHANGELOG.md +++ b/addOns/formhandler/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [6.5.0] - 2023-10-12 ### Changed diff --git a/addOns/fuzz/CHANGELOG.md b/addOns/fuzz/CHANGELOG.md index fa4769ef710..e7fde112699 100644 --- a/addOns/fuzz/CHANGELOG.md +++ b/addOns/fuzz/CHANGELOG.md @@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Added - Support for menu weights (Issue 8369) ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [13.12.0] - 2023-10-12 diff --git a/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzMessageWithLocationPopupMenuItem.java b/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzMessageWithLocationPopupMenuItem.java index 7ea007984f7..424db689fad 100644 --- a/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzMessageWithLocationPopupMenuItem.java +++ b/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzMessageWithLocationPopupMenuItem.java @@ -66,11 +66,6 @@ public boolean isEnableForMessageContainer(MessageContainer invoker) { return false; } - @Override - public int getMenuIndex() { - return 3; - } - private > boolean isEnableForMessageContainerHelper( SelectableContentMessageContainer invoker) { if (SwingUtilities.getAncestorOfClass(FuzzerDialog.class, invoker.getComponent()) != null diff --git a/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/ui/HttpFuzzAttackPopupMenuItem.java b/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/ui/HttpFuzzAttackPopupMenuItem.java index 0c5b55e2fa8..17de987a07c 100644 --- a/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/ui/HttpFuzzAttackPopupMenuItem.java +++ b/addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/ui/HttpFuzzAttackPopupMenuItem.java @@ -57,14 +57,11 @@ public String getParentMenuName() { } @Override - public int getParentMenuIndex() { - return ATTACK_MENU_INDEX; - } - public int getParentWeight() { return MenuWeights.MENU_ATTACK_WEIGHT; } + @Override public int getWeight() { return MenuWeights.MENU_ATTACK_FUZZ_WEIGHT; } diff --git a/addOns/fuzzdb/CHANGELOG.md b/addOns/fuzzdb/CHANGELOG.md index a388c102915..6a74bb904a4 100644 --- a/addOns/fuzzdb/CHANGELOG.md +++ b/addOns/fuzzdb/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [9] - 2022-09-23 ### Changed diff --git a/addOns/graaljs/CHANGELOG.md b/addOns/graaljs/CHANGELOG.md index c29c9e7f584..1ca27df61d6 100644 --- a/addOns/graaljs/CHANGELOG.md +++ b/addOns/graaljs/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Disable warns about the engine being executed in interpreter mode, that's the expected mode of execution. ## [0.6.0] - 2024-04-11 diff --git a/addOns/graphql/CHANGELOG.md b/addOns/graphql/CHANGELOG.md index 3b655012f4d..8027346c1ac 100644 --- a/addOns/graphql/CHANGELOG.md +++ b/addOns/graphql/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Dependency updates. ## [0.23.0] - 2024-02-22 diff --git a/addOns/groovy/CHANGELOG.md b/addOns/groovy/CHANGELOG.md index 6f6b771409f..e1b4c031de0 100644 --- a/addOns/groovy/CHANGELOG.md +++ b/addOns/groovy/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [3.2.0] - 2024-04-11 ### Changed diff --git a/addOns/highlighter/CHANGELOG.md b/addOns/highlighter/CHANGELOG.md index a414bfc17ac..69e655013f9 100644 --- a/addOns/highlighter/CHANGELOG.md +++ b/addOns/highlighter/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [8] - 2021-10-07 ### Added diff --git a/addOns/imagelocationscanner/CHANGELOG.md b/addOns/imagelocationscanner/CHANGELOG.md index 4b70bdb103b..c4e3f3f157e 100644 --- a/addOns/imagelocationscanner/CHANGELOG.md +++ b/addOns/imagelocationscanner/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [5] - 2024-04-11 ### Changed diff --git a/addOns/invoke/CHANGELOG.md b/addOns/invoke/CHANGELOG.md index 2abcb76ade2..f42bb99e453 100644 --- a/addOns/invoke/CHANGELOG.md +++ b/addOns/invoke/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.15.0. + ### Added - Support for menu weights (Issue 8369) diff --git a/addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/PopupMenuInvokers.java b/addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/PopupMenuInvokers.java index cfa5d00b658..5edba7ba5a0 100644 --- a/addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/PopupMenuInvokers.java +++ b/addOns/invoke/src/main/java/org/zaproxy/zap/extension/invoke/PopupMenuInvokers.java @@ -37,11 +37,6 @@ public PopupMenuInvokers() { setButtonStateOverriddenByChildren(false); } - @Override - public int getMenuIndex() { - return 3; - } - @Override protected boolean isButtonEnabledForNumberOfSelectedMessages(int numberOfSelectedMessages) { return true; @@ -64,6 +59,7 @@ public void setApps(List apps) { add(confPopup); } + @Override public int getWeight() { return MenuWeights.MENU_RUN_APP_WEIGHT; } diff --git a/addOns/jruby/CHANGELOG.md b/addOns/jruby/CHANGELOG.md index a132ef381e6..3b3e63ccd25 100644 --- a/addOns/jruby/CHANGELOG.md +++ b/addOns/jruby/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. - This add-on now depends on the Scripts add-on for providing scanning related functionality. - The active and passive scan rule templates were updated to import classes from the scripts add-on. diff --git a/addOns/jsonview/CHANGELOG.md b/addOns/jsonview/CHANGELOG.md index 54d44d529be..f517fc4bdfc 100644 --- a/addOns/jsonview/CHANGELOG.md +++ b/addOns/jsonview/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [3] - 2023-09-07 ### Changed diff --git a/addOns/jython/CHANGELOG.md b/addOns/jython/CHANGELOG.md index ee6b4948fae..c3c928d7bfd 100644 --- a/addOns/jython/CHANGELOG.md +++ b/addOns/jython/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [15] - 2024-04-11 ### Changed diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md index cbb753c862d..9e496cd6a22 100644 --- a/addOns/kotlin/CHANGELOG.md +++ b/addOns/kotlin/CHANGELOG.md @@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ### Added diff --git a/addOns/network/CHANGELOG.md b/addOns/network/CHANGELOG.md index f35217b37eb..358ecd6cedd 100644 --- a/addOns/network/CHANGELOG.md +++ b/addOns/network/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Update default user-agents. ### Fixed diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/internal/ContentEncodingsHandler.java b/addOns/network/src/main/java/org/zaproxy/addon/network/internal/ContentEncodingsHandler.java index 272b15fca47..1845382ca17 100644 --- a/addOns/network/src/main/java/org/zaproxy/addon/network/internal/ContentEncodingsHandler.java +++ b/addOns/network/src/main/java/org/zaproxy/addon/network/internal/ContentEncodingsHandler.java @@ -22,12 +22,14 @@ import java.util.List; import org.parosproxy.paros.network.HttpBody; import org.parosproxy.paros.network.HttpHeader; +import org.parosproxy.paros.network.HttpMessage.HttpEncodingsHandler; import org.zaproxy.zap.network.HttpEncoding; import org.zaproxy.zap.network.HttpEncodingDeflate; import org.zaproxy.zap.network.HttpEncodingGzip; -public class ContentEncodingsHandler /* TODO implements HttpEncodingsHandler */ { +public class ContentEncodingsHandler implements HttpEncodingsHandler { + @Override public void handle(HttpHeader header, HttpBody body) { String encoding = header.getHeader(HttpHeader.CONTENT_ENCODING); if (encoding == null || encoding.isEmpty()) { diff --git a/addOns/oast/CHANGELOG.md b/addOns/oast/CHANGELOG.md index 8cc372dbc8d..bdcfd3ff2ab 100644 --- a/addOns/oast/CHANGELOG.md +++ b/addOns/oast/CHANGELOG.md @@ -7,6 +7,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [0.17.0] - 2023-10-12 diff --git a/addOns/onlineMenu/CHANGELOG.md b/addOns/onlineMenu/CHANGELOG.md index 254cf0162a4..09bc95acfb2 100644 --- a/addOns/onlineMenu/CHANGELOG.md +++ b/addOns/onlineMenu/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [12] - 2023-10-12 ### Changed diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md index ad352113966..ae9b954597f 100644 --- a/addOns/openapi/CHANGELOG.md +++ b/addOns/openapi/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - Maintenance changes. - Dependency updates. diff --git a/addOns/packpentester/CHANGELOG.md b/addOns/packpentester/CHANGELOG.md index 7a9517be338..b72f8e3316f 100644 --- a/addOns/packpentester/CHANGELOG.md +++ b/addOns/packpentester/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [0.1.0] - 2022-05-12 diff --git a/addOns/packscanrules/CHANGELOG.md b/addOns/packscanrules/CHANGELOG.md index 43022ec27fe..78d4fed550b 100644 --- a/addOns/packscanrules/CHANGELOG.md +++ b/addOns/packscanrules/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [0.0.1] - 2022-05-13 diff --git a/addOns/paramdigger/CHANGELOG.md b/addOns/paramdigger/CHANGELOG.md index 9f75e0970fc..42fe6109b60 100644 --- a/addOns/paramdigger/CHANGELOG.md +++ b/addOns/paramdigger/CHANGELOG.md @@ -9,7 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. ## [0.2.0] - 2023-06-06 ### Fixed diff --git a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/PopupMenuParamDigger.java b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/PopupMenuParamDigger.java index 85da86c98e3..3e65e578092 100644 --- a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/PopupMenuParamDigger.java +++ b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/PopupMenuParamDigger.java @@ -48,14 +48,11 @@ public String getParentMenuName() { } @Override - public int getParentMenuIndex() { - return ATTACK_MENU_INDEX; - } - public int getParentWeight() { return MenuWeights.MENU_ATTACK_WEIGHT; } + @Override public int getWeight() { return MenuWeights.MENU_ATTACK_DIGGER_WEIGHT; } diff --git a/addOns/plugnhack/CHANGELOG.md b/addOns/plugnhack/CHANGELOG.md index 17d77cde944..163f1d21d7c 100644 --- a/addOns/plugnhack/CHANGELOG.md +++ b/addOns/plugnhack/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Prevent exception if no display (Issue 3978). ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. ## [13] - 2022-10-27 diff --git a/addOns/portscan/CHANGELOG.md b/addOns/portscan/CHANGELOG.md index 9dd4303361d..536698f3073 100644 --- a/addOns/portscan/CHANGELOG.md +++ b/addOns/portscan/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support for menu weights (Issue 8369) ### Changed -- Update minimum ZAP version to 2.14.0. +- Update minimum ZAP version to 2.15.0. - Maintenance changes. - Default number of threads to 2 * processor count. diff --git a/addOns/portscan/src/main/java/org/zaproxy/zap/extension/portscan/PopupMenuPortScan.java b/addOns/portscan/src/main/java/org/zaproxy/zap/extension/portscan/PopupMenuPortScan.java index befca0fe9b6..07bc634a8c6 100644 --- a/addOns/portscan/src/main/java/org/zaproxy/zap/extension/portscan/PopupMenuPortScan.java +++ b/addOns/portscan/src/main/java/org/zaproxy/zap/extension/portscan/PopupMenuPortScan.java @@ -52,10 +52,6 @@ public String getParentMenuName() { } @Override - public int getParentMenuIndex() { - return ATTACK_MENU_INDEX; - } - public int getParentWeight() { return MenuWeights.MENU_ATTACK_WEIGHT; } diff --git a/addOns/postman/CHANGELOG.md b/addOns/postman/CHANGELOG.md index 9aa55e2f0e6..422d6eea054 100644 --- a/addOns/postman/CHANGELOG.md +++ b/addOns/postman/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [0.3.0] - 2024-04-02 ### Added diff --git a/addOns/pscanrules/CHANGELOG.md b/addOns/pscanrules/CHANGELOG.md index 85d06884385..b1dc7863ef4 100644 --- a/addOns/pscanrules/CHANGELOG.md +++ b/addOns/pscanrules/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.15.0. - The library (htmlunit-csp) used by the Content Security Policy scan rule was updated to v4.0.0, which includes support for the wasm-unsafe-eval source expression. ### Fixed diff --git a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRule.java b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRule.java index 4418e6d436d..4e89306f279 100644 --- a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRule.java +++ b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRule.java @@ -24,7 +24,6 @@ import java.util.Map; import java.util.SortedSet; import java.util.TreeSet; -import java.util.function.BiPredicate; import net.htmlparser.jericho.Attribute; import net.htmlparser.jericho.Element; import net.htmlparser.jericho.HTMLElementName; @@ -41,7 +40,6 @@ import org.zaproxy.addon.commonlib.CommonAlertTag; import org.zaproxy.addon.commonlib.vulnerabilities.Vulnerabilities; import org.zaproxy.addon.commonlib.vulnerabilities.Vulnerability; -import org.zaproxy.zap.extension.anticsrf.AntiCsrfParam; import org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF; import org.zaproxy.zap.extension.pscan.PluginPassiveScanner; import org.zaproxy.zap.extension.ruleconfig.RuleConfigParam; @@ -106,9 +104,6 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) { } List formElements = source.getAllElements(HTMLElementName.FORM); - List tokenNames = extAntiCSRF.getAntiCsrfTokenNames(); - // TODO: Update to use extensionAntiCSRF.isAntiCsrfToken(String) after 2.15 - BiPredicate matcher = getMatcher(); if (formElements != null && !formElements.isEmpty()) { boolean hasSecurityAnnotation = false; @@ -171,12 +166,7 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) { String attId = inputElement.getAttributeValue("ID"); if (attId != null) { elementNames.add(attId); - for (String tokenName : tokenNames) { - if (matcher.test(attId, tokenName)) { - foundCsrfToken = true; - break; - } - } + foundCsrfToken |= extAntiCSRF.isAntiCsrfToken(attId); } String name = inputElement.getAttributeValue("NAME"); if (name != null) { @@ -184,12 +174,7 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) { // Dont bother recording both elementNames.add(name); } - for (String tokenName : tokenNames) { - if (matcher.test(name, tokenName)) { - foundCsrfToken = true; - break; - } - } + foundCsrfToken |= extAntiCSRF.isAntiCsrfToken(name); } } } @@ -205,7 +190,7 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) { sbForm.append("\" ]"); String formDetails = sbForm.toString(); - String tokenNamesFlattened = tokenNames.toString(); + String tokenNamesFlattened = extAntiCSRF.getAntiCsrfTokenNames().toString(); int risk = Alert.RISK_MEDIUM; String desc = Constant.messages.getString("pscanrules.noanticsrftokens.desc"); @@ -243,16 +228,6 @@ private boolean formOnIgnoreList(Element formElement, List ignoreList) { return false; } - private static BiPredicate getMatcher() { - if (Model.getSingleton() - .getOptionsParam() - .getParamSet(AntiCsrfParam.class) - .isPartialMatchingEnabled()) { - return StringUtils::containsIgnoreCase; - } - return String::equalsIgnoreCase; - } - @Override public String getName() { // do not use the name of the related vulnerability diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/ApplicationErrorScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/ApplicationErrorScanRuleUnitTest.java index bbb23cabc2a..ecffa8470ff 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/ApplicationErrorScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/ApplicationErrorScanRuleUnitTest.java @@ -120,7 +120,8 @@ void shouldReturnExpectedExampleAlert() { Map tags = alert.getTags(); // Then assertThat(alerts.size(), is(equalTo(1))); - assertThat(alert.getTags().size(), is(equalTo(5))); + assertThat(tags.size(), is(equalTo(6))); + assertThat(tags, hasKey("CWE-200")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A05_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A06_SEC_MISCONFIG.getTag())); assertThat(tags, hasKey(CommonAlertTag.WSTG_V42_ERRH_01_ERR.getTag())); diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CrossDomainScriptInclusionScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CrossDomainScriptInclusionScanRuleUnitTest.java index bd27f78477d..1093593f673 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CrossDomainScriptInclusionScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CrossDomainScriptInclusionScanRuleUnitTest.java @@ -429,7 +429,7 @@ void shouldReturnExpectedExampleAlert() { assertThat(alerts.size(), is(equalTo(1))); Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(1))); + assertThat(tags.size(), is(equalTo(2))); assertThat(alert.getRisk(), is(equalTo(Alert.RISK_LOW))); assertThat(alert.getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM))); } diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRuleUnitTest.java index 9cbd036bf25..90e9e5462c7 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRuleUnitTest.java @@ -24,7 +24,10 @@ import static org.hamcrest.Matchers.is; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.withSettings; import java.util.ArrayList; import java.util.List; @@ -33,9 +36,7 @@ import org.apache.commons.httpclient.URIException; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.CsvSource; -import org.mockito.Mockito; +import org.mockito.quality.Strictness; import org.parosproxy.paros.core.scanner.Alert; import org.parosproxy.paros.core.scanner.Plugin.AlertThreshold; import org.parosproxy.paros.model.Model; @@ -45,7 +46,6 @@ import org.parosproxy.paros.network.HttpRequestHeader; import org.parosproxy.paros.network.HttpResponseHeader; import org.zaproxy.addon.commonlib.CommonAlertTag; -import org.zaproxy.zap.extension.anticsrf.AntiCsrfParam; import org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF; import org.zaproxy.zap.utils.ZapXmlConfiguration; @@ -53,7 +53,6 @@ class CsrfCountermeasuresScanRuleUnitTest extends PassiveScannerTest antiCsrfTokenNames; - private AntiCsrfParam antiCsrfParam; private HttpMessage msg; @BeforeEach @@ -63,15 +62,17 @@ void before() throws URIException { antiCsrfTokenNames.add("csrfToken"); antiCsrfTokenNames.add("csrf-token"); - extensionAntiCSRFMock = mock(ExtensionAntiCSRF.class); - Mockito.lenient() - .when(extensionAntiCSRFMock.getAntiCsrfTokenNames()) - .thenReturn(antiCsrfTokenNames); + extensionAntiCSRFMock = + mock(ExtensionAntiCSRF.class, withSettings().strictness(Strictness.LENIENT)); + given(extensionAntiCSRFMock.getAntiCsrfTokenNames()).willReturn(antiCsrfTokenNames); + given(extensionAntiCSRFMock.isAntiCsrfToken(any())) + .willAnswer( + invocation -> { + return antiCsrfTokenNames.contains( + invocation.getArgument(0, String.class)); + }); OptionsParam options = Model.getSingleton().getOptionsParam(); options.load(new ZapXmlConfiguration()); - antiCsrfParam = new AntiCsrfParam(); - options.addParamSet(antiCsrfParam); - antiCsrfParam.setPartialMatchingEnabled(false); rule.setExtensionAntiCSRF(extensionAntiCSRFMock); rule.setCsrfIgnoreList(""); rule.setCSRFIgnoreAttName(""); @@ -253,35 +254,6 @@ void shouldNotRaiseAlertWhenThereIsOnlyOneFormWithFirstKnownCSRFTokenUsingName() assertEquals(0, alertsRaised.size()); } - @ParameterizedTest - @CsvSource({"0, true", "1, false"}) - void shouldRaiseAlertOrNotBasedOnPartialMatchWhenThereIsOnlyOneFormWithKnownCsrfTokenUsingName( - int expectedAlerts, boolean partialMatchingEnabled) { - // Given - antiCsrfParam.setPartialMatchingEnabled(partialMatchingEnabled); - msg.setResponseBody( - "
"); - // When - scanHttpResponseReceive(msg); - // Then - assertEquals(expectedAlerts, alertsRaised.size()); - } - - @ParameterizedTest - @CsvSource({"0, true", "1, false"}) - void - shouldRaiseAlertOrNotBasedOnPartialMatchWhenThereIsOnlyOneFormWithKnownCsrfTokenUsingAttribute( - int expectedAlerts, boolean partialMatchingEnabled) { - // Given - antiCsrfParam.setPartialMatchingEnabled(partialMatchingEnabled); - msg.setResponseBody( - "
"); - // When - scanHttpResponseReceive(msg); - // Then - assertEquals(expectedAlerts, alertsRaised.size()); - } - @Test void shouldNotRaiseAlertWhenThereIsOnlyOneFormWithAKnownCSRFTokenUsingId() { // Given diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InfoPrivateAddressDisclosureScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InfoPrivateAddressDisclosureScanRuleUnitTest.java index e0bfa4f9f62..a336b10c23d 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InfoPrivateAddressDisclosureScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InfoPrivateAddressDisclosureScanRuleUnitTest.java @@ -80,7 +80,7 @@ void shouldReturnExpectedExampleAlert() { assertThat(alerts.size(), is(equalTo(1))); Alert alert = alerts.get(0); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(2))); + assertThat(tags.size(), is(equalTo(3))); assertThat(alert.getRisk(), is(equalTo(Alert.RISK_LOW))); assertThat(alert.getConfidence(), is(equalTo(Alert.CONFIDENCE_MEDIUM))); } diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRuleUnitTest.java index b09367e7ac7..0173c809c4a 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRuleUnitTest.java @@ -355,7 +355,8 @@ void shouldHaveExpectedExample() { "")))); assertThat(alert.getEvidence(), is(equalTo("FixMe"))); Map tags = alert.getTags(); - assertThat(tags.size(), is(equalTo(4))); + assertThat(tags.size(), is(equalTo(5))); + assertThat(tags, hasKey("CWE-200")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A01_BROKEN_AC.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A03_DATA_EXPOSED.getTag())); assertThat(tags, hasKey(CommonAlertTag.WSTG_V42_INFO_05_CONTENT_LEAK.getTag())); diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/UsernameIdorScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/UsernameIdorScanRuleUnitTest.java index ace6950ac5d..feb04c92351 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/UsernameIdorScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/UsernameIdorScanRuleUnitTest.java @@ -106,7 +106,8 @@ void shouldReturnExpectedExampleAlert() { Alert alert = alerts.get(0); Map tags = alert.getTags(); // Then - assertThat(tags.size(), is(equalTo(4))); + assertThat(tags.size(), is(equalTo(5))); + assertThat(tags, hasKey("CWE-284")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A01_BROKEN_AC.getTag())); assertThat(tags, hasKey(CommonAlertTag.OWASP_2017_A05_BROKEN_AC.getTag())); assertThat(tags, hasKey(CommonAlertTag.WSTG_V42_ATHZ_04_IDOR.getTag())); diff --git a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/XChromeLoggerDataInfoLeakScanRuleUnitTest.java b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/XChromeLoggerDataInfoLeakScanRuleUnitTest.java index 035f9a27b05..ed80098e9ec 100644 --- a/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/XChromeLoggerDataInfoLeakScanRuleUnitTest.java +++ b/addOns/pscanrules/src/test/java/org/zaproxy/zap/extension/pscanrules/XChromeLoggerDataInfoLeakScanRuleUnitTest.java @@ -21,6 +21,7 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasKey; import static org.hamcrest.Matchers.is; import java.io.IOException; @@ -163,8 +164,9 @@ void shouldReturnExpectedExampleAlert() { Alert alert = alerts.get(0); Map tags1 = alert.getTags(); - assertThat(tags1.size(), is(equalTo(3))); + assertThat(tags1.size(), is(equalTo(4))); assertThat(alert.getConfidence(), is(equalTo(Alert.CONFIDENCE_HIGH))); + assertThat(tags1, hasKey("CWE-200")); assertThat( tags1.containsKey(CommonAlertTag.OWASP_2017_A03_DATA_EXPOSED.getTag()), is(equalTo(true))); diff --git a/addOns/pscanrulesAlpha/CHANGELOG.md b/addOns/pscanrulesAlpha/CHANGELOG.md index b5c27cb73ff..17574489abb 100644 --- a/addOns/pscanrulesAlpha/CHANGELOG.md +++ b/addOns/pscanrulesAlpha/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [42] - 2024-01-16 ### Changed diff --git a/addOns/pscanrulesBeta/CHANGELOG.md b/addOns/pscanrulesBeta/CHANGELOG.md index 23c234a9ec9..13736d88069 100644 --- a/addOns/pscanrulesBeta/CHANGELOG.md +++ b/addOns/pscanrulesBeta/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.15.0. ## [37] - 2024-02-12 diff --git a/addOns/pscanrulesBeta/src/test/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRuleUnitTest.java b/addOns/pscanrulesBeta/src/test/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRuleUnitTest.java index 06db6d78555..225dbc15bff 100644 --- a/addOns/pscanrulesBeta/src/test/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRuleUnitTest.java +++ b/addOns/pscanrulesBeta/src/test/java/org/zaproxy/zap/extension/pscanrulesBeta/JsFunctionScanRuleUnitTest.java @@ -245,7 +245,8 @@ void shouldReturnExpectedExampleAlert() { Map tags = alert.getTags(); // Then assertThat(alerts.size(), is(equalTo(1))); - assertThat(tags.size(), is(equalTo(3))); + assertThat(tags.size(), is(equalTo(4))); + assertThat(tags, hasKey("CWE-749")); assertThat(tags, hasKey(CommonAlertTag.OWASP_2021_A04_INSECURE_DESIGN.getTag())); assertThat(tags, hasKey(CommonAlertTag.WSTG_V42_CLNT_02_JS_EXEC.getTag())); assertThat(tags, hasKey(CommonAlertTag.CUSTOM_PAYLOADS.getTag())); diff --git a/addOns/quickstart/CHANGELOG.md b/addOns/quickstart/CHANGELOG.md index a94da6c3c6d..8324810fa44 100644 --- a/addOns/quickstart/CHANGELOG.md +++ b/addOns/quickstart/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.15.0. + ### Fixed - Sub panel names. diff --git a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ajaxspider/AjaxSpiderExplorer.java b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ajaxspider/AjaxSpiderExplorer.java index a6ece703588..431f591c432 100644 --- a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ajaxspider/AjaxSpiderExplorer.java +++ b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ajaxspider/AjaxSpiderExplorer.java @@ -74,14 +74,12 @@ public String toString() { } private static final String MODERN_APP_PLUGIN_ID = "10109"; - private static final String MODERN_APP_I18N_KEY = "pscanrules.modernapp.name"; private ExtensionQuickStartAjaxSpider extension; private JComboBox browserComboBox; private JComboBox