From 185a196e85e320d1a118953c1061d815b613eeee Mon Sep 17 00:00:00 2001 From: thc202 Date: Fri, 29 Nov 2024 13:39:39 +0000 Subject: [PATCH] pscan: use scan rule manager in the API Start to remove the dependency on the core extension for accessing the scan rules, in the API. Signed-off-by: thc202 --- .../addon/pscan/ExtensionPassiveScan2.java | 2 +- .../zaproxy/addon/pscan/PassiveScanApi.java | 31 ++++++++++++++----- .../addon/pscan/PassiveScanApiUnitTest.java | 8 +++-- 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java index c26bc954648..b6323c4b70e 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java @@ -274,7 +274,7 @@ public void hook(ExtensionHook extensionHook) { if (org.zaproxy.zap.extension.pscan.PassiveScanAPI.class.getAnnotation(Deprecated.class) != null) { - extensionHook.addApiImplementor(new PassiveScanApi(getExtPscan())); + extensionHook.addApiImplementor(new PassiveScanApi(getExtPscan(), scanRuleManager)); } if (loadScanRules) { diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/PassiveScanApi.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/PassiveScanApi.java index 6b7a6d16053..aff9ed60a20 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/PassiveScanApi.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/PassiveScanApi.java @@ -28,6 +28,7 @@ import org.apache.logging.log4j.Logger; import org.parosproxy.paros.Constant; import org.parosproxy.paros.core.scanner.Plugin; +import org.zaproxy.addon.pscan.internal.ScanRuleManager; import org.zaproxy.zap.extension.api.ApiAction; import org.zaproxy.zap.extension.api.ApiException; import org.zaproxy.zap.extension.api.ApiImplementor; @@ -76,14 +77,16 @@ public class PassiveScanApi extends ApiImplementor { private static final String PARAM_MAX_ALERTS = "maxAlerts"; private ExtensionPassiveScan extension; + private final ScanRuleManager scanRuleManager; private Method setPassiveScanEnabledMethod; public PassiveScanApi() { - this(null); + this(null, null); } - public PassiveScanApi(ExtensionPassiveScan extension) { + public PassiveScanApi(ExtensionPassiveScan extension, ScanRuleManager scanRuleManager) { this.extension = extension; + this.scanRuleManager = scanRuleManager; this.addApiAction(new ApiAction(ACTION_SET_ENABLED, new String[] {PARAM_ENABLED})); this.addApiAction( @@ -226,7 +229,14 @@ private void setPluginPassiveScannersEnabled(JSONObject params, boolean enabled) * @return {@code true} if the scanner exist, {@code false} otherwise. */ private boolean hasPluginPassiveScanner(int pluginId) { - return extension.getPluginPassiveScanner(pluginId) != null; + return getScanRule(pluginId) != null; + } + + private PluginPassiveScanner getScanRule(int pluginId) { + if (scanRuleManager != null) { + return (PluginPassiveScanner) scanRuleManager.getScanRule(pluginId); + } + return extension.getPluginPassiveScanner(pluginId); } /** @@ -235,12 +245,19 @@ private boolean hasPluginPassiveScanner(int pluginId) { * @param enabled {@code true} if the scanners should be enabled, {@code false} otherwise */ private void setAllPluginPassiveScannersEnabled(boolean enabled) { - for (PluginPassiveScanner scanner : extension.getPluginPassiveScanners()) { + for (PluginPassiveScanner scanner : getPluginScanRules()) { scanner.setEnabled(enabled); scanner.save(); } } + private List getPluginScanRules() { + if (scanRuleManager != null) { + return scanRuleManager.getPluginScanRules(); + } + return extension.getPluginPassiveScanners(); + } + /** * Sets whether or not the plug-in passive scanner with the given {@code pluginId} is {@code * enabled}. @@ -249,7 +266,7 @@ private void setAllPluginPassiveScannersEnabled(boolean enabled) { * @param enabled {@code true} if the scanner should be enabled, {@code false} otherwise */ private void setPluginPassiveScannerEnabled(int pluginId, boolean enabled) { - PluginPassiveScanner scanner = extension.getPluginPassiveScanner(pluginId); + PluginPassiveScanner scanner = getScanRule(pluginId); if (scanner != null) { scanner.setEnabled(enabled); scanner.save(); @@ -280,7 +297,7 @@ private static Plugin.AlertThreshold getAlertThresholdFromParamAlertThreshold(JS */ private void setPluginPassiveScannerAlertThreshold( int pluginId, Plugin.AlertThreshold alertThreshold) { - PluginPassiveScanner scanner = extension.getPluginPassiveScanner(pluginId); + PluginPassiveScanner scanner = getScanRule(pluginId); if (scanner != null) { scanner.setAlertThreshold(alertThreshold); scanner.setEnabled(!Plugin.AlertThreshold.OFF.equals(alertThreshold)); @@ -302,7 +319,7 @@ public ApiResponse handleApiView(String name, JSONObject params) throws ApiExcep result = new ApiResponseElement(name, String.valueOf(extension.getRecordsToScan())); break; case VIEW_SCANNERS: - List scanners = extension.getPluginPassiveScanners(); + List scanners = getPluginScanRules(); ApiResponseList resultList = new ApiResponseList(name); for (PluginPassiveScanner scanner : scanners) { diff --git a/addOns/pscan/src/test/java/org/zaproxy/addon/pscan/PassiveScanApiUnitTest.java b/addOns/pscan/src/test/java/org/zaproxy/addon/pscan/PassiveScanApiUnitTest.java index abf934f4f12..287b88b3b10 100644 --- a/addOns/pscan/src/test/java/org/zaproxy/addon/pscan/PassiveScanApiUnitTest.java +++ b/addOns/pscan/src/test/java/org/zaproxy/addon/pscan/PassiveScanApiUnitTest.java @@ -40,6 +40,7 @@ import org.junit.jupiter.params.provider.ValueSource; import org.parosproxy.paros.Constant; import org.parosproxy.paros.network.HttpMessage; +import org.zaproxy.addon.pscan.internal.ScanRuleManager; import org.zaproxy.zap.extension.api.API; import org.zaproxy.zap.extension.api.API.RequestType; import org.zaproxy.zap.extension.api.ApiElement; @@ -53,12 +54,13 @@ class PassiveScanApiUnitTest extends TestUtils { private PassiveScanApi pscanApi; + private ScanRuleManager scanRuleManager; private ExtensionPassiveScan extension; @BeforeEach void setUp() { mockMessages(new ExtensionPassiveScan2()); - pscanApi = new PassiveScanApi(extension); + pscanApi = new PassiveScanApi(extension, scanRuleManager); } @AfterAll @@ -77,7 +79,7 @@ void shouldHavePrefix() throws Exception { @Test void shouldAddApiElements() { // Given / When - pscanApi = new PassiveScanApi(extension); + pscanApi = new PassiveScanApi(extension, scanRuleManager); // Then assertThat(pscanApi.getApiActions(), hasSize(11)); assertThat(pscanApi.getApiViews(), hasSize(6)); @@ -140,7 +142,7 @@ void shouldThrowApiExceptionForUnknownView(String name) throws Exception { @Test void shouldHaveDescriptionsForAllApiElements() { - pscanApi = new PassiveScanApi(extension); + pscanApi = new PassiveScanApi(extension, scanRuleManager); List issues = new ArrayList<>(); checkKey(pscanApi.getDescriptionKey(), issues); checkApiElements(pscanApi, pscanApi.getApiActions(), API.RequestType.action, issues);