Merge pull request #5963 from thc202/pscan/mngr-api

pscan: use scan rule manager in the API
zaproxy · Nov 29, 2024 · 05af5da · 05af5da
2 parents 0f34317 + 185a196
commit 05af5da
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 11 deletions.
diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java
@@ -274,7 +274,7 @@ public void hook(ExtensionHook extensionHook) {
 
         if (org.zaproxy.zap.extension.pscan.PassiveScanAPI.class.getAnnotation(Deprecated.class)
                 != null) {
-            extensionHook.addApiImplementor(new PassiveScanApi(getExtPscan()));
+            extensionHook.addApiImplementor(new PassiveScanApi(getExtPscan(), scanRuleManager));
         }
 
         if (loadScanRules) {

diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/PassiveScanApi.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/PassiveScanApi.java
@@ -28,6 +28,7 @@
 import org.apache.logging.log4j.Logger;
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.core.scanner.Plugin;
+import org.zaproxy.addon.pscan.internal.ScanRuleManager;
 import org.zaproxy.zap.extension.api.ApiAction;
 import org.zaproxy.zap.extension.api.ApiException;
 import org.zaproxy.zap.extension.api.ApiImplementor;
@@ -76,14 +77,16 @@ public class PassiveScanApi extends ApiImplementor {
     private static final String PARAM_MAX_ALERTS = "maxAlerts";
 
     private ExtensionPassiveScan extension;
+    private final ScanRuleManager scanRuleManager;
     private Method setPassiveScanEnabledMethod;
 
     public PassiveScanApi() {
-        this(null);
+        this(null, null);
     }
 
-    public PassiveScanApi(ExtensionPassiveScan extension) {
+    public PassiveScanApi(ExtensionPassiveScan extension, ScanRuleManager scanRuleManager) {
         this.extension = extension;
+        this.scanRuleManager = scanRuleManager;
 
         this.addApiAction(new ApiAction(ACTION_SET_ENABLED, new String[] {PARAM_ENABLED}));
         this.addApiAction(
@@ -226,7 +229,14 @@ private void setPluginPassiveScannersEnabled(JSONObject params, boolean enabled)
      * @return {@code true} if the scanner exist, {@code false} otherwise.
      */
     private boolean hasPluginPassiveScanner(int pluginId) {
-        return extension.getPluginPassiveScanner(pluginId) != null;
+        return getScanRule(pluginId) != null;
+    }
+
+    private PluginPassiveScanner getScanRule(int pluginId) {
+        if (scanRuleManager != null) {
+            return (PluginPassiveScanner) scanRuleManager.getScanRule(pluginId);
+        }
+        return extension.getPluginPassiveScanner(pluginId);
     }
 
     /**
@@ -235,12 +245,19 @@ private boolean hasPluginPassiveScanner(int pluginId) {
      * @param enabled {@code true} if the scanners should be enabled, {@code false} otherwise
      */
     private void setAllPluginPassiveScannersEnabled(boolean enabled) {
-        for (PluginPassiveScanner scanner : extension.getPluginPassiveScanners()) {
+        for (PluginPassiveScanner scanner : getPluginScanRules()) {
             scanner.setEnabled(enabled);
             scanner.save();
         }
     }
 
+    private List<PluginPassiveScanner> getPluginScanRules() {
+        if (scanRuleManager != null) {
+            return scanRuleManager.getPluginScanRules();
+        }
+        return extension.getPluginPassiveScanners();
+    }
+
     /**
      * Sets whether or not the plug-in passive scanner with the given {@code pluginId} is {@code
      * enabled}.
@@ -249,7 +266,7 @@ private void setAllPluginPassiveScannersEnabled(boolean enabled) {
      * @param enabled {@code true} if the scanner should be enabled, {@code false} otherwise
      */
     private void setPluginPassiveScannerEnabled(int pluginId, boolean enabled) {
-        PluginPassiveScanner scanner = extension.getPluginPassiveScanner(pluginId);
+        PluginPassiveScanner scanner = getScanRule(pluginId);
         if (scanner != null) {
             scanner.setEnabled(enabled);
             scanner.save();
@@ -280,7 +297,7 @@ private static Plugin.AlertThreshold getAlertThresholdFromParamAlertThreshold(JS
      */
     private void setPluginPassiveScannerAlertThreshold(
             int pluginId, Plugin.AlertThreshold alertThreshold) {
-        PluginPassiveScanner scanner = extension.getPluginPassiveScanner(pluginId);
+        PluginPassiveScanner scanner = getScanRule(pluginId);
         if (scanner != null) {
             scanner.setAlertThreshold(alertThreshold);
             scanner.setEnabled(!Plugin.AlertThreshold.OFF.equals(alertThreshold));
@@ -302,7 +319,7 @@ public ApiResponse handleApiView(String name, JSONObject params) throws ApiExcep
                 result = new ApiResponseElement(name, String.valueOf(extension.getRecordsToScan()));
                 break;
             case VIEW_SCANNERS:
-                List<PluginPassiveScanner> scanners = extension.getPluginPassiveScanners();
+                List<PluginPassiveScanner> scanners = getPluginScanRules();
 
                 ApiResponseList resultList = new ApiResponseList(name);
                 for (PluginPassiveScanner scanner : scanners) {

diff --git a/addOns/pscan/src/test/java/org/zaproxy/addon/pscan/PassiveScanApiUnitTest.java b/addOns/pscan/src/test/java/org/zaproxy/addon/pscan/PassiveScanApiUnitTest.java
@@ -40,6 +40,7 @@
 import org.junit.jupiter.params.provider.ValueSource;
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.network.HttpMessage;
+import org.zaproxy.addon.pscan.internal.ScanRuleManager;
 import org.zaproxy.zap.extension.api.API;
 import org.zaproxy.zap.extension.api.API.RequestType;
 import org.zaproxy.zap.extension.api.ApiElement;
@@ -53,12 +54,13 @@
 class PassiveScanApiUnitTest extends TestUtils {
 
     private PassiveScanApi pscanApi;
+    private ScanRuleManager scanRuleManager;
     private ExtensionPassiveScan extension;
 
     @BeforeEach
     void setUp() {
         mockMessages(new ExtensionPassiveScan2());
-        pscanApi = new PassiveScanApi(extension);
+        pscanApi = new PassiveScanApi(extension, scanRuleManager);
     }
 
     @AfterAll
@@ -77,7 +79,7 @@ void shouldHavePrefix() throws Exception {
     @Test
     void shouldAddApiElements() {
         // Given / When
-        pscanApi = new PassiveScanApi(extension);
+        pscanApi = new PassiveScanApi(extension, scanRuleManager);
         // Then
         assertThat(pscanApi.getApiActions(), hasSize(11));
         assertThat(pscanApi.getApiViews(), hasSize(6));
@@ -140,7 +142,7 @@ void shouldThrowApiExceptionForUnknownView(String name) throws Exception {
 
     @Test
     void shouldHaveDescriptionsForAllApiElements() {
-        pscanApi = new PassiveScanApi(extension);
+        pscanApi = new PassiveScanApi(extension, scanRuleManager);
         List<String> issues = new ArrayList<>();
         checkKey(pscanApi.getDescriptionKey(), issues);
         checkApiElements(pscanApi, pscanApi.getApiActions(), API.RequestType.action, issues);