Merge pull request #5927 from thc202/sequence/import-har-gui

sequence: allow to import HAR from the GUI
zaproxy · Nov 26, 2024 · 0826ae8 · 0826ae8
2 parents e56eaab + ab1c921
commit 0826ae8
Show file tree

Hide file tree

Showing 7 changed files with 570 additions and 11 deletions.
diff --git a/addOns/sequence/CHANGELOG.md b/addOns/sequence/CHANGELOG.md
@@ -11,8 +11,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Data for reporting.
 - Stats for import automation and active scan.
 - Sequence active scan policy which will be used if neither a policy nor policyDefinition are set.
+- Add Import top level menu item to import HAR as sequence.
 
 ### Changed
+- Depend on Import/Export add-on to allow to import HARs as sequences.
 - Update minimum ZAP version to 2.15.0.
 - Maintenance changes.
 - To use new sequence scan from the desktop.

diff --git a/addOns/sequence/sequence.gradle.kts b/addOns/sequence/sequence.gradle.kts
@@ -10,6 +10,9 @@ zapAddOn {
         url.set("https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/")
         dependencies {
             addOns {
+                register("exim") {
+                    version.set(">= 0.13")
+                }
                 register("network")
                 register("zest") {
                     version.set("48.*")
@@ -26,9 +29,6 @@ zapAddOn {
                         register("automation") {
                             version.set(">= 0.44")
                         }
-                        register("exim") {
-                            version.set(">= 0.13")
-                        }
                     }
                 }
             }

diff --git a/addOns/sequence/src/main/java/org/zaproxy/zap/extension/sequence/ExtensionSequence.java b/addOns/sequence/src/main/java/org/zaproxy/zap/extension/sequence/ExtensionSequence.java
@@ -26,33 +26,44 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.parosproxy.paros.control.Control;
+import org.parosproxy.paros.control.Control.Mode;
 import org.parosproxy.paros.core.scanner.AbstractPlugin;
 import org.parosproxy.paros.core.scanner.Scanner;
 import org.parosproxy.paros.core.scanner.ScannerHook;
 import org.parosproxy.paros.extension.Extension;
 import org.parosproxy.paros.extension.ExtensionAdaptor;
 import org.parosproxy.paros.extension.ExtensionHook;
+import org.parosproxy.paros.extension.SessionChangedListener;
 import org.parosproxy.paros.extension.ViewDelegate;
+import org.parosproxy.paros.model.Session;
 import org.parosproxy.paros.network.HttpMessage;
+import org.zaproxy.addon.exim.ExtensionExim;
 import org.zaproxy.addon.network.ExtensionNetwork;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
 import org.zaproxy.zap.extension.ascan.ScanPolicy;
 import org.zaproxy.zap.extension.script.ExtensionScript;
 import org.zaproxy.zap.extension.script.ScriptType;
 import org.zaproxy.zap.extension.script.ScriptWrapper;
+import org.zaproxy.zap.extension.sequence.internal.ImportHarMenuItem;
 import org.zaproxy.zap.extension.zest.ExtensionZest;
 import org.zaproxy.zap.extension.zest.ZestScriptWrapper;
 
 public class ExtensionSequence extends ExtensionAdaptor implements ScannerHook {
 
     private static final List<Class<? extends Extension>> DEPENDENCIES =
-            List.of(ExtensionNetwork.class, ExtensionScript.class, ExtensionZest.class);
+            List.of(
+                    ExtensionExim.class,
+                    ExtensionNetwork.class,
+                    ExtensionScript.class,
+                    ExtensionZest.class);
 
     private ExtensionScript extScript;
     private ExtensionActiveScan extActiveScan;
     private static final Logger LOGGER = LogManager.getLogger(ExtensionSequence.class);
     public static final String TYPE_SEQUENCE = "sequence";
 
+    private ImportHarMenuItem importHarMenuItem;
+
     private List<ScriptWrapper> directScripts = null;
     private SequenceAscanPanel sequencePanel;
 
@@ -116,6 +127,10 @@ public void unload() {
             getExtActiveScan().removeCustomScanPanel(sequencePanel);
         }
         getExtScript().removeScriptType(scriptType);
+
+        if (importHarMenuItem != null) {
+            importHarMenuItem.unload();
+        }
     }
 
     public ScanPolicy getDefaultScanPolicy() throws ConfigurationException {
@@ -164,9 +179,16 @@ public void hook(ExtensionHook extensionhook) {
         getExtScript().registerScriptType(scriptType);
 
         if (hasView()) {
+            importHarMenuItem =
+                    new ImportHarMenuItem(
+                            scriptType,
+                            getExtension(ExtensionExim.class),
+                            getExtension(ExtensionZest.class));
+            extensionhook.getHookMenu().addImportMenuItem(importHarMenuItem);
             extensionhook
                     .getHookMenu()
                     .addPopupMenuItem(new SequencePopupMenuItem(this, getExtScript()));
+            extensionhook.addSessionListener(new SessionChangedListenerImpl());
         }
 
         // Add class as a scannerhook (implements the scannerhook interface)
@@ -195,19 +217,46 @@ public void setDirectScanScript(ScriptWrapper script) {
 
     private ExtensionScript getExtScript() {
         if (extScript == null) {
-            extScript =
-                    Control.getSingleton().getExtensionLoader().getExtension(ExtensionScript.class);
+            extScript = getExtension(ExtensionScript.class);
         }
         return extScript;
     }
 
+    private <T extends Extension> T getExtension(Class<T> clazz) {
+        return Control.getSingleton().getExtensionLoader().getExtension(clazz);
+    }
+
     protected ExtensionActiveScan getExtActiveScan() {
         if (extActiveScan == null) {
-            extActiveScan =
-                    Control.getSingleton()
-                            .getExtensionLoader()
-                            .getExtension(ExtensionActiveScan.class);
+            extActiveScan = getExtension(ExtensionActiveScan.class);
         }
         return extActiveScan;
     }
+
+    private class SessionChangedListenerImpl implements SessionChangedListener {
+
+        @Override
+        public void sessionChanged(Session session) {
+            // Nothing to do.
+        }
+
+        @Override
+        public void sessionAboutToChange(Session session) {
+            if (importHarMenuItem != null) {
+                importHarMenuItem.clear();
+            }
+        }
+
+        @Override
+        public void sessionScopeChanged(Session session) {
+            // Nothing to do.
+
+        }
+
+        @Override
+        public void sessionModeChanged(Mode mode) {
+            // Nothing to do.
+
+        }
+    }
 }
diff --git a/...sequence/src/main/java/org/zaproxy/zap/extension/sequence/internal/ImportHarMenuItem.java b/...sequence/src/main/java/org/zaproxy/zap/extension/sequence/internal/ImportHarMenuItem.java
@@ -0,0 +1,61 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2024 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.zap.extension.sequence.internal;
+
+import org.parosproxy.paros.Constant;
+import org.zaproxy.addon.exim.ExtensionExim;
+import org.zaproxy.zap.extension.script.ScriptType;
+import org.zaproxy.zap.extension.zest.ExtensionZest;
+import org.zaproxy.zap.view.ZapMenuItem;
+
+public class ImportHarMenuItem extends ZapMenuItem {
+
+    private static final long serialVersionUID = 1L;
+
+    private SequenceImportDialog importDialog;
+
+    public ImportHarMenuItem(ScriptType scriptType, ExtensionExim exim, ExtensionZest zest) {
+        super("sequence.topmenu.importSequence");
+
+        setToolTipText(Constant.messages.getString("sequence.topmenu.importSequence.tooltip"));
+
+        addActionListener(
+                e -> {
+                    if (importDialog == null) {
+                        importDialog =
+                                new SequenceImportDialog(
+                                        exim.getView().getMainFrame(), scriptType, exim, zest);
+                    }
+                    importDialog.setVisible(true);
+                });
+    }
+
+    public void clear() {
+        if (importDialog != null) {
+            importDialog.clearFields();
+        }
+    }
+
+    public void unload() {
+        if (importDialog != null) {
+            importDialog.dispose();
+        }
+    }
+}