diff --git a/addOns/accessControl/CHANGELOG.md b/addOns/accessControl/CHANGELOG.md index 8166d2b037f..9fb95bd3166 100644 --- a/addOns/accessControl/CHANGELOG.md +++ b/addOns/accessControl/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [10] - 2024-03-25 diff --git a/addOns/addOns.gradle.kts b/addOns/addOns.gradle.kts index 80bfc7757cb..fa1e07fb19f 100644 --- a/addOns/addOns.gradle.kts +++ b/addOns/addOns.gradle.kts @@ -161,7 +161,7 @@ subprojects { } } - val zapGav = "org.zaproxy:zap:2.15.0" + val zapGav = "org.zaproxy:zap:2.16.0-SNAPSHOT" dependencies { "zap"(zapGav) } @@ -174,7 +174,7 @@ subprojects { ) manifest { - zapVersion.set("2.15.0") + zapVersion.set("2.16.0") changesFile.set(tasks.named("generateManifestChanges").flatMap { it.html }) repo.set("https://github.com/zaproxy/zap-extensions/") diff --git a/addOns/alertFilters/CHANGELOG.md b/addOns/alertFilters/CHANGELOG.md index fa8ec99868d..e1733e71403 100644 --- a/addOns/alertFilters/CHANGELOG.md +++ b/addOns/alertFilters/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Fields with default or missing values are omitted for the `alertFilter` job in saved Automation Framework plans. - Depend on Passive Scanner add-on (Issue 7959). diff --git a/addOns/allinonenotes/CHANGELOG.md b/addOns/allinonenotes/CHANGELOG.md index d00ce5d8b42..46fe78f9efa 100644 --- a/addOns/allinonenotes/CHANGELOG.md +++ b/addOns/allinonenotes/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ### Fixed diff --git a/addOns/ascanrules/CHANGELOG.md b/addOns/ascanrules/CHANGELOG.md index 5a5d73abb56..1a1650932d0 100644 --- a/addOns/ascanrules/CHANGELOG.md +++ b/addOns/ascanrules/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Updated help with specific Category identifiers for use with the Custom Payloads add-on for rules: - Hidden File Finder - User Agent Fuzzer diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/RemoteCodeExecutionCve20121823ScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/RemoteCodeExecutionCve20121823ScanRule.java index 9ad0fd2e24a..e3ba7fb1fa1 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/RemoteCodeExecutionCve20121823ScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/RemoteCodeExecutionCve20121823ScanRule.java @@ -62,7 +62,7 @@ public class RemoteCodeExecutionCve20121823ScanRule extends AbstractAppPlugin /** a random string (which remains constant across multiple runs, as long as Zap is not */ static final String RANDOM_STRING = - RandomStringUtils.random(20, "abcdefghijklmnopqrstuvwxyz0123456789"); + RandomStringUtils.secure().next(20, "abcdefghijklmnopqrstuvwxyz0123456789"); private static final String ATTACK_PARAM = "?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input"; diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionSqLiteScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionSqLiteScanRule.java index 100a21f52c3..1f0fa2f9648 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionSqLiteScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionSqLiteScanRule.java @@ -498,9 +498,10 @@ public void scan(HttpMessage originalMessage, String paramName, String originalP // a potential SQL injection causing payload. HttpMessage msgParseDelay = getNewMsg(); String parseDelayCheckParameter = - RandomStringUtils.random( - newTimeBasedInjectionValue.length(), - RANDOM_PARAMETER_CHARS); + RandomStringUtils.secure() + .next( + newTimeBasedInjectionValue.length(), + RANDOM_PARAMETER_CHARS); setParameter(msgParseDelay, paramName, parseDelayCheckParameter); sendAndReceive(msgParseDelay); countTimeBasedRequests++; diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SstiScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SstiScanRule.java index a635bc6068d..afe768f6591 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SstiScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SstiScanRule.java @@ -215,7 +215,8 @@ private void efficientScan(HttpMessage msg, String paramName, String value) { alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; } - String referenceValue = RandomStringUtils.random(errorPolyglots[0].length(), alphabet); + String referenceValue = + RandomStringUtils.secure().next(errorPolyglots[0].length(), alphabet); HttpMessage refMsg = getNewMsg(); setParameter(refMsg, paramName, referenceValue); try { diff --git a/addOns/ascanrulesAlpha/CHANGELOG.md b/addOns/ascanrulesAlpha/CHANGELOG.md index 30d6692889f..31a55ab0562 100644 --- a/addOns/ascanrulesAlpha/CHANGELOG.md +++ b/addOns/ascanrulesAlpha/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [48] - 2024-09-02 diff --git a/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/LdapInjectionScanRule.java b/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/LdapInjectionScanRule.java index 0f9cd203d23..81b72bf835f 100644 --- a/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/LdapInjectionScanRule.java +++ b/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/LdapInjectionScanRule.java @@ -242,7 +242,8 @@ public void scan(HttpMessage originalmsg, String paramname, String paramvalue) { // to see if a placebo attack has the same effect // the parameter will be the same length as the actual attack, but will contain purely // alphanumeric characters - String placeboAttack = RandomStringUtils.randomAlphanumeric(errorAttack.length()); + String placeboAttack = + RandomStringUtils.secure().nextAlphanumeric(errorAttack.length()); HttpMessage placeboAttackMsg = getNewMsg(); this.setParameter(placeboAttackMsg, paramname, placeboAttack); sendAndReceive(placeboAttackMsg); @@ -286,7 +287,7 @@ public void scan(HttpMessage originalmsg, String paramname, String paramvalue) { // in output substantially DIFFERENT to the original // get a random parameter value the same length as the original! String randomparameterAttack = - RandomStringUtils.random(paramvalue.length(), RANDOM_PARAMETER_CHARS); + RandomStringUtils.secure().next(paramvalue.length(), RANDOM_PARAMETER_CHARS); LOGGER.debug("The random parameter chosen was [{}]", randomparameterAttack); HttpMessage randomParamMsg1 = getNewMsg(); diff --git a/addOns/ascanrulesBeta/CHANGELOG.md b/addOns/ascanrulesBeta/CHANGELOG.md index c2d2061359e..f7d20083303 100644 --- a/addOns/ascanrulesBeta/CHANGELOG.md +++ b/addOns/ascanrulesBeta/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - The following scan rules now use more specific CWE IDs: - Proxy Disclosure (Issue 8713) - Possible Username Enumeration (Issue 8715) diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java index 169c8e7e0fa..367632db64e 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/BackupFileDisclosureScanRule.java @@ -461,9 +461,7 @@ private void findBackupFile(HttpMessage originalMessage) throws Exception { } String filename = originalMessage.getRequestHeader().getURI().getName(); - String randomfilename = - RandomStringUtils.random( - filename.length(), "abcdefghijklmnopqrstuvwxyz0123456789"); + String randomfilename = random(filename.length()); String randomfilepath = temppath.substring(0, slashposition) + "/" + randomfilename; LOGGER.debug("Trying non-existent file: {}", randomfilepath); @@ -506,10 +504,7 @@ private void findBackupFile(HttpMessage originalMessage) throws Exception { // If the parent folder name is really short a collision is likely // Default to a reasonable length, which may have the inverse effect but we'll // chance it - String randomparentfoldername = - RandomStringUtils.random( - Math.max(parentfoldername.length(), 4), - "abcdefghijklmnopqrstuvwxyz0123456789"); + String randomparentfoldername = random(Math.max(parentfoldername.length(), 4)); // replace the parent folder name with the random one, and build it back into a // string @@ -808,6 +803,10 @@ private void findBackupFile(HttpMessage originalMessage) throws Exception { } } + private static String random(int count) { + return RandomStringUtils.secure().next(count, "abcdefghijklmnopqrstuvwxyz0123456789"); + } + private static void setMessageCookies(HttpMessage newMsg, HttpMessage originalMsg) { try { newMsg.setCookieParams(originalMsg.getCookieParams()); diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CorsScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CorsScanRule.java index 0805d7e31dd..93a441b9168 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CorsScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/CorsScanRule.java @@ -49,7 +49,7 @@ */ public class CorsScanRule extends AbstractAppPlugin implements CommonActiveScanRuleInfo { private static final Logger LOGGER = LogManager.getLogger(CorsScanRule.class); - private static final String RANDOM_NAME = RandomStringUtils.random(8, true, true); + private static final String RANDOM_NAME = RandomStringUtils.secure().next(8, true, true); private static final Map ALERT_TAGS; static { diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java index b003cefa862..223af6d4623 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java @@ -364,8 +364,8 @@ private void testTraceOrTrack(String method) throws Exception { // TRACE is supported in 1.0. TRACK is presumably the same, since it is // a alias for TRACE. Typical Microsoft. msg.getRequestHeader().setVersion(HttpRequestHeader.HTTP10); - String randomcookiename = RandomStringUtils.randomAlphanumeric(15); - String randomcookievalue = RandomStringUtils.randomAlphanumeric(40); + String randomcookiename = randomAlphanumeric(15); + String randomcookievalue = randomAlphanumeric(40); TreeSet cookies = msg.getCookieParams(); cookies.add( new HtmlParameter(HtmlParameter.Type.cookie, randomcookiename, randomcookievalue)); @@ -539,10 +539,10 @@ private void testHttpMethod(String httpMethod) throws Exception { if (httpMethod.equals(HttpRequestHeader.PUT) || httpMethod.equals(HttpRequestHeader.PATCH)) { - String randomKey = RandomStringUtils.randomAlphanumeric(15); - String randomValue = RandomStringUtils.randomAlphanumeric(15); + String randomKey = randomAlphanumeric(15); + String randomValue = randomAlphanumeric(15); String randomResource = - RandomStringUtils.random(10, "abcdefghijklmnopqrstuvwxyz0123456789"); + RandomStringUtils.secure().next(10, "abcdefghijklmnopqrstuvwxyz0123456789"); String requestBody = '"' + randomKey + "\":\"" + randomValue + '"'; String newURI = msg.getRequestHeader().getURI().toString(); if (newURI.endsWith("/")) { @@ -637,4 +637,8 @@ private void testHttpMethod(String httpMethod) throws Exception { } catch (Exception e) { } } + + private static String randomAlphanumeric(int count) { + return RandomStringUtils.secure().nextAlphanumeric(count); + } } diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/ProxyDisclosureScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/ProxyDisclosureScanRule.java index 32f9d89f573..7843d200d2a 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/ProxyDisclosureScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/ProxyDisclosureScanRule.java @@ -256,8 +256,8 @@ public void scan() { tracemsg.setRequestHeader(traceRequestHeader); // create a random cookie, and set it up, so we can detect if the TRACE is enabled (in // which case, it should echo it back in the response) - String randomcookiename = RandomStringUtils.randomAlphanumeric(15); - String randomcookievalue = RandomStringUtils.randomAlphanumeric(40); + String randomcookiename = randomAlphanumeric(15); + String randomcookievalue = randomAlphanumeric(40); TreeSet cookies = tracemsg.getCookieParams(); cookies.add( new HtmlParameter( @@ -391,7 +391,7 @@ public void scan() { int step2numberOfNodesForMethod = 0; String[] nodeServersForMethod = new String[MAX_FORWARDS_MAXIMUM + 2]; String previousServerDetails = - RandomStringUtils.random(15, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); + RandomStringUtils.secure().next(15, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); int previousResponseStatusCode = 0; int responseStatusCode = 0; boolean httpHandled = @@ -454,8 +454,8 @@ public void scan() { // create a random cookie, and set it up, so we can detect if the TRACE is // enabled (in which case, it should echo it back in the response) - String randomcookiename2 = RandomStringUtils.randomAlphanumeric(15); - String randomcookievalue2 = RandomStringUtils.randomAlphanumeric(40); + String randomcookiename2 = randomAlphanumeric(15); + String randomcookievalue2 = randomAlphanumeric(40); TreeSet cookies2 = mfMethodMsg.getCookieParams(); cookies2.add( new HtmlParameter( @@ -579,7 +579,7 @@ public void scan() { // yes, I know TRACK requests should *not* be cached, but not all servers are // compliant. String randompiece = - RandomStringUtils.random(5, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); + RandomStringUtils.secure().next(5, "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"); trackRequestHeader.setURI( new URI( trackURI.getScheme() @@ -765,6 +765,10 @@ public void scan() { } } + private static String randomAlphanumeric(int count) { + return RandomStringUtils.secure().nextAlphanumeric(count); + } + private static String getPath(URI uri) { String path = uri.getEscapedPath(); if (path != null) { diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/RelativePathConfusionScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/RelativePathConfusionScanRule.java index 8d8ee5ebe69..a700ad65e0c 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/RelativePathConfusionScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/RelativePathConfusionScanRule.java @@ -164,11 +164,11 @@ public class RelativePathConfusionScanRule extends AbstractAppPlugin * same URL (in Attack mode, for instance) yielding new vulnerabilities via different random * file paths. */ - private static final String RANDOM_ATTACK_PATH = - "/" - + RandomStringUtils.random(5, RANDOM_PARAMETER_CHARS) - + "/" - + RandomStringUtils.random(5, RANDOM_PARAMETER_CHARS); + private static final String RANDOM_ATTACK_PATH = "/" + random(5) + "/" + random(5); + + private static String random(int count) { + return RandomStringUtils.secure().next(count, RANDOM_PARAMETER_CHARS); + } private static final Map ALERT_TAGS; diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRule.java index 28d0133d539..cb63ddb6551 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureFileInclusionScanRule.java @@ -51,7 +51,7 @@ public class SourceCodeDisclosureFileInclusionScanRule extends AbstractAppParamP // use a random file name which is very unlikely to exist private static final String NON_EXISTANT_FILENAME = - RandomStringUtils.random(38, "abcdefghijklmnopqrstuvwxyz"); + RandomStringUtils.secure().next(38, "abcdefghijklmnopqrstuvwxyz"); // the prefixes to try for source file inclusion private String[] LOCAL_SOURCE_FILE_TARGET_PREFIXES = { diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/UsernameEnumerationScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/UsernameEnumerationScanRule.java index 0a02fe0fc8b..4a27ce17d36 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/UsernameEnumerationScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/UsernameEnumerationScanRule.java @@ -395,7 +395,8 @@ public void scan() { // get a random user name the same length as the original! String invalidUsername = - RandomStringUtils.randomAlphabetic(currentHtmlParameter.getValue().length()) + RandomStringUtils.secure() + .nextAlphabetic(currentHtmlParameter.getValue().length()) .toLowerCase(Locale.ROOT); LOGGER.debug("The invalid username chosen was [{}]", invalidUsername); diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md index f2e8107430d..7ecdf000d4d 100644 --- a/addOns/authhelper/CHANGELOG.md +++ b/addOns/authhelper/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on Passive Scanner add-on (Issue 7959). - Address deprecation warnings with newer Selenium version (4.27). diff --git a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/SessionDetectionScanRuleUnitTest.java b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/SessionDetectionScanRuleUnitTest.java index 31a0d0e2a47..a3a20f1ee0b 100644 --- a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/SessionDetectionScanRuleUnitTest.java +++ b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/SessionDetectionScanRuleUnitTest.java @@ -46,8 +46,8 @@ import org.zaproxy.addon.authhelper.HeaderBasedSessionManagementMethodType.HeaderBasedSessionManagementMethod; import org.zaproxy.zap.authentication.AuthenticationMethod; import org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy; +import org.zaproxy.zap.extension.pscan.PassiveScanActions; import org.zaproxy.zap.extension.pscan.PassiveScanData; -import org.zaproxy.zap.extension.pscan.PassiveScanTaskHelper; import org.zaproxy.zap.model.Context; import org.zaproxy.zap.network.HttpRequestBody; import org.zaproxy.zap.network.HttpResponseBody; @@ -113,10 +113,9 @@ void shouldSetHeaderBasedSessionManagment() throws Exception { AuthUtils.recordSessionToken( new SessionToken(SessionToken.HEADER_SOURCE, "Authorization", token)); PassiveScanData helper = mock(PassiveScanData.class); - PassiveScanTaskHelper taskHelper = mock(PassiveScanTaskHelper.class); SessionDetectionScanRule rule = this.createScanner(); rule.setHelper(helper); - rule.setTaskHelper(taskHelper); + rule.setPassiveScanActions(mock(PassiveScanActions.class)); // When rule.scanHttpResponseReceive(msg, 1, null); @@ -168,10 +167,9 @@ void shouldCacheSessionToken() throws Exception { AuthUtils.recordSessionToken( new SessionToken(SessionToken.HEADER_SOURCE, "Authorization", token)); PassiveScanData helper = mock(PassiveScanData.class); - PassiveScanTaskHelper taskHelper = mock(PassiveScanTaskHelper.class); SessionDetectionScanRule rule = this.createScanner(); rule.setHelper(helper); - rule.setTaskHelper(taskHelper); + rule.setPassiveScanActions(mock(PassiveScanActions.class)); // When rule.scanHttpResponseReceive(msg, 1, null); diff --git a/addOns/authstats/CHANGELOG.md b/addOns/authstats/CHANGELOG.md index b9395753a61..7ba7cefe53b 100644 --- a/addOns/authstats/CHANGELOG.md +++ b/addOns/authstats/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [2] - 2021-10-07 diff --git a/addOns/automation/CHANGELOG.md b/addOns/automation/CHANGELOG.md index 03878799e0c..07c86c44734 100644 --- a/addOns/automation/CHANGELOG.md +++ b/addOns/automation/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Add exitStatus job (Issue #6928) ### Changed +- Update minimum ZAP version to 2.16.0. - Maintenance changes. - Updated automation framework documentation and templates for `activeScan` job to reflect changes to the default value of threadPerHost parameter - Update help for the "requestor" job. diff --git a/addOns/automation/src/test/java/org/zaproxy/addon/automation/ExtentionAutomationUnitTest.java b/addOns/automation/src/test/java/org/zaproxy/addon/automation/ExtentionAutomationUnitTest.java index 1c14a86e905..6f80f05f6b5 100644 --- a/addOns/automation/src/test/java/org/zaproxy/addon/automation/ExtentionAutomationUnitTest.java +++ b/addOns/automation/src/test/java/org/zaproxy/addon/automation/ExtentionAutomationUnitTest.java @@ -1159,7 +1159,7 @@ protected void addTests(Object testsObj, AutomationProgress progress) { @Override public void logTestsToProgress(AutomationProgress progress) { if (testsAdded && testsLogError) { - testsLoggedString = RandomStringUtils.randomAlphanumeric(20); + testsLoggedString = RandomStringUtils.secure().nextAlphanumeric(20); progress.error(testsLoggedString); } } diff --git a/addOns/beanshell/CHANGELOG.md b/addOns/beanshell/CHANGELOG.md index 3e035a2e1ac..34f86c43c84 100644 --- a/addOns/beanshell/CHANGELOG.md +++ b/addOns/beanshell/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Dependency updates. ## [7] - 2021-10-07 diff --git a/addOns/browserView/CHANGELOG.md b/addOns/browserView/CHANGELOG.md index 7c4492224ca..481844940d4 100644 --- a/addOns/browserView/CHANGELOG.md +++ b/addOns/browserView/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [6] - 2023-03-13 ### Added diff --git a/addOns/bruteforce/CHANGELOG.md b/addOns/bruteforce/CHANGELOG.md index 1538a4648a2..28e25f52bc9 100644 --- a/addOns/bruteforce/CHANGELOG.md +++ b/addOns/bruteforce/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [16] - 2024-05-07 ### Added diff --git a/addOns/bugtracker/CHANGELOG.md b/addOns/bugtracker/CHANGELOG.md index c23b7cbdfdd..109fcf2a966 100644 --- a/addOns/bugtracker/CHANGELOG.md +++ b/addOns/bugtracker/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ### Fixed diff --git a/addOns/callgraph/CHANGELOG.md b/addOns/callgraph/CHANGELOG.md index a3b37dc2e47..6040e797522 100644 --- a/addOns/callgraph/CHANGELOG.md +++ b/addOns/callgraph/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [5] - 2021-10-07 ### Added diff --git a/addOns/callhome/CHANGELOG.md b/addOns/callhome/CHANGELOG.md index ed94ce4dc3b..6d1be63ea35 100644 --- a/addOns/callhome/CHANGELOG.md +++ b/addOns/callhome/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.16.0. + ### Added - Network stats to telemetry. - Sequence stats to telemetry. diff --git a/addOns/client/CHANGELOG.md b/addOns/client/CHANGELOG.md index b782e22b9cf..03c9515af8f 100644 --- a/addOns/client/CHANGELOG.md +++ b/addOns/client/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.9.0] - 2024-11-29 ### Changed diff --git a/addOns/commonlib/CHANGELOG.md b/addOns/commonlib/CHANGELOG.md index aec22c5e3a4..b3464d77c1f 100644 --- a/addOns/commonlib/CHANGELOG.md +++ b/addOns/commonlib/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Dependency updates. - Let the Value Generator add-on provide the custom values through this add-on (Issue 8016). diff --git a/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java index d6f1ce905b3..652fdbb5f06 100644 --- a/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java +++ b/addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ExtensionCommonlib.java @@ -30,15 +30,16 @@ import org.parosproxy.paros.model.Session; import org.zaproxy.addon.commonlib.internal.vulns.LegacyVulnerabilities; import org.zaproxy.addon.commonlib.ui.ProgressPanel; -import org.zaproxy.zap.model.ValueGenerator; public class ExtensionCommonlib extends ExtensionAdaptor { private static final ValueProvider DEFAULT_VALUE_PROVIDER = new DefaultValueProvider(); - private ValueGenerator valueGeneratorImpl; + @SuppressWarnings("removal") + private org.zaproxy.zap.model.ValueGenerator valueGeneratorImpl; - private final ValueGenerator valueGeneratorWrapper = + @SuppressWarnings({"removal", "deprecation"}) + private final org.zaproxy.zap.model.ValueGenerator valueGeneratorWrapper = (URI uri, String url, String fieldId, @@ -151,8 +152,9 @@ public String getUIName() { * @since 1.17.0 * @deprecated (1.29.0) Use {@link #getValueProvider()} instead, to stop using core interface. */ + @SuppressWarnings("removal") @Deprecated(since = "1.29.0", forRemoval = true) - public ValueGenerator getValueGenerator() { + public org.zaproxy.zap.model.ValueGenerator getValueGenerator() { return valueGeneratorWrapper; } @@ -168,7 +170,8 @@ public ValueProvider getValueProvider() { /** Note: Not part of the public API. */ @Deprecated(forRemoval = true) - public void setCustomValueGenerator(ValueGenerator generator) { + @SuppressWarnings("removal") + public void setCustomValueGenerator(org.zaproxy.zap.model.ValueGenerator generator) { this.valueGeneratorImpl = generator; } diff --git a/addOns/coreLang/CHANGELOG.md b/addOns/coreLang/CHANGELOG.md index 62e059cbb72..6bcf5a5e69a 100644 --- a/addOns/coreLang/CHANGELOG.md +++ b/addOns/coreLang/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [15] - 2022-02-14 ### Changed diff --git a/addOns/custompayloads/CHANGELOG.md b/addOns/custompayloads/CHANGELOG.md index 641b3b72f06..785ccd35db4 100644 --- a/addOns/custompayloads/CHANGELOG.md +++ b/addOns/custompayloads/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [0.13.0] - 2023-11-10 diff --git a/addOns/database/CHANGELOG.md b/addOns/database/CHANGELOG.md index ff1f383f49c..9925c058c2a 100644 --- a/addOns/database/CHANGELOG.md +++ b/addOns/database/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.6.0] - 2024-09-17 ### Added diff --git a/addOns/dev/CHANGELOG.md b/addOns/dev/CHANGELOG.md index 76aea7da1e5..762404a462b 100644 --- a/addOns/dev/CHANGELOG.md +++ b/addOns/dev/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.8.0] - 2024-11-13 ### Changed diff --git a/addOns/dev/src/main/java/org/zaproxy/addon/dev/ExtensionDev.java b/addOns/dev/src/main/java/org/zaproxy/addon/dev/ExtensionDev.java index 1edfb5ceb4d..da6427971ea 100644 --- a/addOns/dev/src/main/java/org/zaproxy/addon/dev/ExtensionDev.java +++ b/addOns/dev/src/main/java/org/zaproxy/addon/dev/ExtensionDev.java @@ -65,10 +65,7 @@ public void hook(ExtensionHook extensionHook) { extensionHook.addApiImplementor(new DevApi()); } - if (hasView() - && org.zaproxy.zap.extension.log4j.ExtensionLog4j.class.getAnnotation( - Deprecated.class) - != null) { + if (hasView()) { ZapMenuItem menuGarbageCollect = new ZapMenuItem("dev.tools.menu.gc"); menuGarbageCollect.addActionListener(e -> Runtime.getRuntime().gc()); extensionHook.getHookMenu().addToolsMenuItem(menuGarbageCollect); diff --git a/addOns/dev/src/main/java/org/zaproxy/addon/dev/TestAuthDirectory.java b/addOns/dev/src/main/java/org/zaproxy/addon/dev/TestAuthDirectory.java index 1b6d92a78f9..53257278c14 100644 --- a/addOns/dev/src/main/java/org/zaproxy/addon/dev/TestAuthDirectory.java +++ b/addOns/dev/src/main/java/org/zaproxy/addon/dev/TestAuthDirectory.java @@ -44,7 +44,7 @@ public boolean isValid(String username, String password) { } public String getToken(String username) { - String token = RandomStringUtils.randomAlphanumeric(32); + String token = RandomStringUtils.secure().nextAlphanumeric(32); sessions.put(token, username); return token; } diff --git a/addOns/dev/src/main/java/org/zaproxy/addon/dev/auth/jsonMultipleCookies/JsonMultipleCookiesDir.java b/addOns/dev/src/main/java/org/zaproxy/addon/dev/auth/jsonMultipleCookies/JsonMultipleCookiesDir.java index aa28f545732..d376d866ff8 100644 --- a/addOns/dev/src/main/java/org/zaproxy/addon/dev/auth/jsonMultipleCookies/JsonMultipleCookiesDir.java +++ b/addOns/dev/src/main/java/org/zaproxy/addon/dev/auth/jsonMultipleCookies/JsonMultipleCookiesDir.java @@ -41,7 +41,7 @@ public JsonMultipleCookiesDir(TestProxyServer server, String name) { } public String getTempToken(String username) { - String token = RandomStringUtils.randomAlphanumeric(32); + String token = RandomStringUtils.secure().nextAlphanumeric(32); tempTokens.put(token, username); return token; } diff --git a/addOns/dev/src/main/java/org/zaproxy/addon/dev/error/LoggedErrorsHandler.java b/addOns/dev/src/main/java/org/zaproxy/addon/dev/error/LoggedErrorsHandler.java index dfc69dc585a..e29bedcdebe 100644 --- a/addOns/dev/src/main/java/org/zaproxy/addon/dev/error/LoggedErrorsHandler.java +++ b/addOns/dev/src/main/java/org/zaproxy/addon/dev/error/LoggedErrorsHandler.java @@ -46,11 +46,7 @@ public class LoggedErrorsHandler { private ScanStatus scanStatus; public LoggedErrorsHandler() { - loaded = - org.zaproxy.zap.extension.log4j.ExtensionLog4j.class.getAnnotation(Deprecated.class) - != null - && Constant.isDevMode() - && View.isInitialised(); + loaded = Constant.isDevMode() && View.isInitialised(); if (loaded) { scanStatus = diff --git a/addOns/dev/src/test/java/org/zaproxy/zap/extension/log4j/LoggedErrorsHandlerUnitTest.java b/addOns/dev/src/test/java/org/zaproxy/addon/dev/error/LoggedErrorsHandlerUnitTest.java similarity index 96% rename from addOns/dev/src/test/java/org/zaproxy/zap/extension/log4j/LoggedErrorsHandlerUnitTest.java rename to addOns/dev/src/test/java/org/zaproxy/addon/dev/error/LoggedErrorsHandlerUnitTest.java index 18a10e79fa7..76c32f600d5 100644 --- a/addOns/dev/src/test/java/org/zaproxy/zap/extension/log4j/LoggedErrorsHandlerUnitTest.java +++ b/addOns/dev/src/test/java/org/zaproxy/addon/dev/error/LoggedErrorsHandlerUnitTest.java @@ -17,7 +17,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.zaproxy.zap.extension.log4j; +package org.zaproxy.addon.dev.error; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.hasSize; @@ -36,7 +36,7 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ValueSource; -import org.zaproxy.zap.extension.log4j.ExtensionLog4j.ErrorAppender; +import org.zaproxy.addon.dev.error.LoggedErrorsHandler.ErrorAppender; /** Unit test for {@link LoggedErrorsHandler}. */ class LoggedErrorsHandlerUnitTest { diff --git a/addOns/diff/CHANGELOG.md b/addOns/diff/CHANGELOG.md index 2336b855481..6cf49851e0d 100644 --- a/addOns/diff/CHANGELOG.md +++ b/addOns/diff/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [16] - 2024-10-07 ### Updated diff --git a/addOns/directorylistv1/CHANGELOG.md b/addOns/directorylistv1/CHANGELOG.md index 5f20244ebbd..34280219386 100644 --- a/addOns/directorylistv1/CHANGELOG.md +++ b/addOns/directorylistv1/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [8] - 2024-05-07 ### Changed diff --git a/addOns/domxss/CHANGELOG.md b/addOns/domxss/CHANGELOG.md index 1c6bc162820..1a84353de62 100644 --- a/addOns/domxss/CHANGELOG.md +++ b/addOns/domxss/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Address deprecation warnings with newer Selenium version (4.27). - Include the whole HTTP message in the raised alerts. - Include the steps to reproduce the DOM XSS in the other info of the alert. diff --git a/addOns/encoder/CHANGELOG.md b/addOns/encoder/CHANGELOG.md index 3009a6b06f8..04e0900984b 100644 --- a/addOns/encoder/CHANGELOG.md +++ b/addOns/encoder/CHANGELOG.md @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Changed +- Update minimum ZAP version to 2.16.0. + ### Added - A predefined processor "ASCify" which converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters. diff --git a/addOns/evalvillain/CHANGELOG.md b/addOns/evalvillain/CHANGELOG.md index f46a5026344..b8db006d1a7 100644 --- a/addOns/evalvillain/CHANGELOG.md +++ b/addOns/evalvillain/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.4.0] - 2024-11-25 ### Changed diff --git a/addOns/exim/CHANGELOG.md b/addOns/exim/CHANGELOG.md index 266ba587ece..2613eced74c 100644 --- a/addOns/exim/CHANGELOG.md +++ b/addOns/exim/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support for Sites Tree export and prune. ### Changed +- Update minimum ZAP version to 2.16.0. - Update dependency. - Maintenance changes. diff --git a/addOns/formhandler/CHANGELOG.md b/addOns/formhandler/CHANGELOG.md index e8e17e13b63..58b500097b1 100644 --- a/addOns/formhandler/CHANGELOG.md +++ b/addOns/formhandler/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on Common Library add-on, to provide the default/custom values to the other add-ons (Issue 8016). ### Fixed diff --git a/addOns/formhandler/src/main/java/org/zaproxy/zap/extension/formhandler/ExtensionFormHandler.java b/addOns/formhandler/src/main/java/org/zaproxy/zap/extension/formhandler/ExtensionFormHandler.java index 7a6af462c79..a85ac2657b9 100644 --- a/addOns/formhandler/src/main/java/org/zaproxy/zap/extension/formhandler/ExtensionFormHandler.java +++ b/addOns/formhandler/src/main/java/org/zaproxy/zap/extension/formhandler/ExtensionFormHandler.java @@ -69,6 +69,7 @@ public List> getDependencies() { * @since 6.0.0 * @deprecated (6.7.0) Use {@link ExtensionCommonlib#getValueProvider()}. */ + @SuppressWarnings("removal") @Deprecated(since = "6.7.0", forRemoval = true) public ValueGenerator getValueGenerator() { return new DefaultValueGenerator(); diff --git a/addOns/fuzz/CHANGELOG.md b/addOns/fuzz/CHANGELOG.md index 5978d2731c8..423b94e18a1 100644 --- a/addOns/fuzz/CHANGELOG.md +++ b/addOns/fuzz/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [13.14.0] - 2024-10-07 ### Changed diff --git a/addOns/fuzzai/CHANGELOG.md b/addOns/fuzzai/CHANGELOG.md index 917dc55c344..b5168c61abb 100644 --- a/addOns/fuzzai/CHANGELOG.md +++ b/addOns/fuzzai/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.0.1] - 2024-09-24 ### Added diff --git a/addOns/fuzzdb/CHANGELOG.md b/addOns/fuzzdb/CHANGELOG.md index 6a74bb904a4..8265d1c0e21 100644 --- a/addOns/fuzzdb/CHANGELOG.md +++ b/addOns/fuzzdb/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [9] - 2022-09-23 ### Changed diff --git a/addOns/graaljs/CHANGELOG.md b/addOns/graaljs/CHANGELOG.md index 1886e23eb27..eedaa9df23d 100644 --- a/addOns/graaljs/CHANGELOG.md +++ b/addOns/graaljs/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.8.0] - 2024-09-24 ### Added diff --git a/addOns/graphql/CHANGELOG.md b/addOns/graphql/CHANGELOG.md index 901c00e7b65..61c64ec061e 100644 --- a/addOns/graphql/CHANGELOG.md +++ b/addOns/graphql/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on newer version of Common Library add-on (Issue 8016). - Maintenance changes. diff --git a/addOns/groovy/CHANGELOG.md b/addOns/groovy/CHANGELOG.md index 112d24a6d64..6cd38863c32 100644 --- a/addOns/groovy/CHANGELOG.md +++ b/addOns/groovy/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Document the engine name in the help page. ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Update script templates: - authentication/AuthenticationDefaultTemplate.groovy - remove outdated example code. - httpsender/HttpSenderDefaultTemplate.groovy - update documentation. diff --git a/addOns/grpc/CHANGELOG.md b/addOns/grpc/CHANGELOG.md index b623c947b26..c9cea3ed919 100644 --- a/addOns/grpc/CHANGELOG.md +++ b/addOns/grpc/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [0.2.0] - 2024-07-02 diff --git a/addOns/highlighter/CHANGELOG.md b/addOns/highlighter/CHANGELOG.md index 69e655013f9..b209a8613b0 100644 --- a/addOns/highlighter/CHANGELOG.md +++ b/addOns/highlighter/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [8] - 2021-10-07 ### Added diff --git a/addOns/imagelocationscanner/CHANGELOG.md b/addOns/imagelocationscanner/CHANGELOG.md index c4e3f3f157e..aed02d78b4f 100644 --- a/addOns/imagelocationscanner/CHANGELOG.md +++ b/addOns/imagelocationscanner/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [5] - 2024-04-11 ### Changed diff --git a/addOns/invoke/CHANGELOG.md b/addOns/invoke/CHANGELOG.md index 54ab52f9f2e..66d21ae1162 100644 --- a/addOns/invoke/CHANGELOG.md +++ b/addOns/invoke/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [15] - 2024-05-07 ### Changed diff --git a/addOns/jruby/CHANGELOG.md b/addOns/jruby/CHANGELOG.md index b105734008c..c1a19f43a19 100644 --- a/addOns/jruby/CHANGELOG.md +++ b/addOns/jruby/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Document the engine name in the help page. ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. - Update script template: - httpsender/HttpSender default template.rb - update documentation. diff --git a/addOns/jsonview/CHANGELOG.md b/addOns/jsonview/CHANGELOG.md index f517fc4bdfc..559a8ad63b2 100644 --- a/addOns/jsonview/CHANGELOG.md +++ b/addOns/jsonview/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [3] - 2023-09-07 ### Changed diff --git a/addOns/jython/CHANGELOG.md b/addOns/jython/CHANGELOG.md index 0139a6a750a..4cb21212fb7 100644 --- a/addOns/jython/CHANGELOG.md +++ b/addOns/jython/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Document the engine name in the help page. ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Update script template: - httpsender/HttpSender default template.py - update documentation. diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md index 8e78dabaccf..25235b50271 100644 --- a/addOns/kotlin/CHANGELOG.md +++ b/addOns/kotlin/CHANGELOG.md @@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ### Added diff --git a/addOns/network/CHANGELOG.md b/addOns/network/CHANGELOG.md index 086eafafd31..15435b54dd4 100644 --- a/addOns/network/CHANGELOG.md +++ b/addOns/network/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Configure the logging to prevent verbose log messages when using BC JSSE provider. - Improve error handling on client's unknown CA TLS alert. - Report available TLS providers when failed to query the TLS/SSL protocol versions. diff --git a/addOns/oast/CHANGELOG.md b/addOns/oast/CHANGELOG.md index dd687ea82fe..ab68c33148d 100644 --- a/addOns/oast/CHANGELOG.md +++ b/addOns/oast/CHANGELOG.md @@ -7,9 +7,9 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Maintenance changes. - ## [0.20.0] - 2024-09-17 ### Added - API support. diff --git a/addOns/oast/src/main/java/org/zaproxy/addon/oast/services/interactsh/InteractshService.java b/addOns/oast/src/main/java/org/zaproxy/addon/oast/services/interactsh/InteractshService.java index 499778becff..e072bbede8a 100644 --- a/addOns/oast/src/main/java/org/zaproxy/addon/oast/services/interactsh/InteractshService.java +++ b/addOns/oast/src/main/java/org/zaproxy/addon/oast/services/interactsh/InteractshService.java @@ -102,10 +102,14 @@ public InteractshService() { InteractshService(InteractshParam param) { httpSender = new HttpSender(HttpSender.OAST_INITIATOR); secretKey = UUID.randomUUID(); - correlationId = RandomStringUtils.randomAlphanumeric(20).toLowerCase(Locale.ROOT); + correlationId = randomAlphanumericLc(20); this.param = param; } + private static String randomAlphanumericLc(int count) { + return RandomStringUtils.secure().nextAlphanumeric(count).toLowerCase(Locale.ROOT); + } + @Override public String getName() { return "Interactsh"; @@ -303,10 +307,10 @@ public String getNewPayload() throws URIException, InteractshException { register(); } Stats.incCounter("stats.oast.interactsh.payloadsGenerated"); - return RandomStringUtils.randomAlphanumeric(1).toLowerCase(Locale.ROOT) + return randomAlphanumericLc(1) + '.' + correlationId - + RandomStringUtils.randomAlphanumeric(13).toLowerCase(Locale.ROOT) + + randomAlphanumericLc(13) + '.' + serverUrl.getHost(); } @@ -317,15 +321,9 @@ public OastPayload getNewOastPayload() throws URIException, InteractshException register(); } Stats.incCounter("stats.oast.interactsh.payloadsGenerated"); - String payloadId = - correlationId + RandomStringUtils.randomAlphanumeric(13).toLowerCase(Locale.ROOT); + String payloadId = correlationId + randomAlphanumericLc(13); String canary = StringUtils.reverse(payloadId); - String payload = - RandomStringUtils.randomAlphanumeric(1).toLowerCase(Locale.ROOT) - + '.' - + payloadId - + '.' - + serverUrl.getHost(); + String payload = randomAlphanumericLc(1) + '.' + payloadId + '.' + serverUrl.getHost(); return new OastPayload(payload, canary); } diff --git a/addOns/onlineMenu/CHANGELOG.md b/addOns/onlineMenu/CHANGELOG.md index 37f67f51971..08a302f63e0 100644 --- a/addOns/onlineMenu/CHANGELOG.md +++ b/addOns/onlineMenu/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [13] - 2024-05-07 ### Changed diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md index f1d94cebbe3..9ec55bf3d2b 100644 --- a/addOns/openapi/CHANGELOG.md +++ b/addOns/openapi/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on newer version of Common Library add-on (Issue 8016). - Fields with default or missing values are omitted for the `openapi` job in saved Automation Framework plans. diff --git a/addOns/packpentester/CHANGELOG.md b/addOns/packpentester/CHANGELOG.md index b72f8e3316f..33a52f49f3e 100644 --- a/addOns/packpentester/CHANGELOG.md +++ b/addOns/packpentester/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [0.1.0] - 2022-05-12 diff --git a/addOns/packscanrules/CHANGELOG.md b/addOns/packscanrules/CHANGELOG.md index 78d4fed550b..1c984336dfb 100644 --- a/addOns/packscanrules/CHANGELOG.md +++ b/addOns/packscanrules/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [0.0.1] - 2022-05-13 diff --git a/addOns/paramdigger/CHANGELOG.md b/addOns/paramdigger/CHANGELOG.md index dfe3102cfbf..44b321c84ae 100644 --- a/addOns/paramdigger/CHANGELOG.md +++ b/addOns/paramdigger/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.3.0] - 2024-07-15 ### Added diff --git a/addOns/plugnhack/CHANGELOG.md b/addOns/plugnhack/CHANGELOG.md index 163f1d21d7c..cd972360d7c 100644 --- a/addOns/plugnhack/CHANGELOG.md +++ b/addOns/plugnhack/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Prevent exception if no display (Issue 3978). ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [13] - 2022-10-27 diff --git a/addOns/portscan/CHANGELOG.md b/addOns/portscan/CHANGELOG.md index 536698f3073..a452caa40ba 100644 --- a/addOns/portscan/CHANGELOG.md +++ b/addOns/portscan/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Support for menu weights (Issue 8369) ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. - Default number of threads to 2 * processor count. diff --git a/addOns/postman/CHANGELOG.md b/addOns/postman/CHANGELOG.md index 442ea383e4e..088262665da 100644 --- a/addOns/postman/CHANGELOG.md +++ b/addOns/postman/CHANGELOG.md @@ -4,6 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.16.0. - Fields with default or missing values are omitted for the `postman` job in saved Automation Framework plans. ## [0.4.0] - 2024-05-07 diff --git a/addOns/pscan/CHANGELOG.md b/addOns/pscan/CHANGELOG.md index f7daab46482..d868fa3453d 100644 --- a/addOns/pscan/CHANGELOG.md +++ b/addOns/pscan/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add passive scanner (Issue 7959). ### Changed +- Update minimum ZAP version to 2.16.0. - Fields with default or missing values are omitted for the following automation jobs in saved Automation Framework plans: - `passiveScan-config` - `passiveScan-wait` diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java index 0d97813f2e3..7076933b448 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/ExtensionPassiveScan2.java @@ -19,9 +19,6 @@ */ package org.zaproxy.addon.pscan; -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; -import java.lang.reflect.Proxy; import java.util.List; import javax.swing.ImageIcon; import org.apache.logging.log4j.LogManager; @@ -51,6 +48,8 @@ import org.zaproxy.addon.pscan.internal.ui.PassiveScannerOptionsPanel; import org.zaproxy.addon.pscan.internal.ui.PolicyPassiveScanPanel; import org.zaproxy.zap.extension.alert.ExtensionAlert; +import org.zaproxy.zap.extension.pscan.PassiveController; +import org.zaproxy.zap.extension.pscan.PassiveScanRuleManager; import org.zaproxy.zap.extension.pscan.PassiveScanner; import org.zaproxy.zap.extension.pscan.PluginPassiveScanner; import org.zaproxy.zap.extension.script.ExtensionScript; @@ -77,120 +76,84 @@ public class ExtensionPassiveScan2 extends ExtensionAdaptor { ExtensionAlert.class, org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class); - private final boolean loadScanRules; private AddOnScanRulesLoader scanRulesLoader; - private boolean addScanStatus; private ScanStatus scanStatus; private StatsListener statsListener; - private final boolean addScriptType; private ScriptType scriptType; - private final boolean addOptions; - private OptionsPassiveScan optionsPassiveScan; private PolicyPassiveScanPanel policyPanel; private PassiveScannerOptions options; private PassiveScannerOptionsPanel passiveScannerOptionsPanel; - private Method setPassiveScanRuleManager; private PassiveScannersManagerImpl scannersManager; - private Object scanRuleManagerProxy; + private PassiveScanRuleManager scanRuleManagerProxy; + private PassiveController passiveControllerProxy; - private final boolean addScanner; private PassiveScanController psc; private boolean passiveScanEnabled; public ExtensionPassiveScan2() { super(NAME); - loadScanRules = - !hasField( - org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class, - "addOnScanRules"); + scannersManager = new PassiveScannersManagerImpl(); + scanRuleManagerProxy = + new PassiveScanRuleManager() { - addScriptType = - isFieldDeprecated( - org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class, - "SCRIPT_TYPE_PASSIVE"); + @Override + public boolean add(PassiveScanner scanRule) { + return scannersManager.add(scanRule); + } - addOptions = - hasField( - org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class, - "scanRuleManager"); + @Override + public PassiveScanner getScanRule(int id) { + return scannersManager.getScanRule(id); + } - if (addOptions) { - try { - scannersManager = new PassiveScannersManagerImpl(); - InvocationHandler invocationHandler = - (o, method, args) -> { - switch (method.getName()) { - case "add": - return scannersManager.add((PassiveScanner) args[0]); - case "getScanRule": - return scannersManager.getScanRule((int) args[0]); - - case "getScanRules": - return scannersManager.getScanners(); - - case "getPluginScanRules": - return scannersManager.getScanRules(); - - case "remove": - return scannersManager.removeImpl(args[0]); - - default: - return null; - } - }; - - Class clazz = - org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class - .getClassLoader() - .loadClass( - "org.zaproxy.zap.extension.pscan.PassiveScanRuleManager"); - setPassiveScanRuleManager = - org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class - .getDeclaredMethod("setPassiveScanRuleManager", clazz); - scanRuleManagerProxy = - Proxy.newProxyInstance( - clazz.getClassLoader(), new Class[] {clazz}, invocationHandler); + @Override + public List getScanRules() { + return scannersManager.getScanners(); + } - } catch (Exception e) { - LOGGER.error("Failed to create ScanRuleManager:", e); - } - } + @Override + public List getPluginScanRules() { + return scannersManager.getScanRules(); + } - addScanner = - hasField(org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class, "controller"); - } + @Override + public boolean remove(String className) { + return scannersManager.removeImpl(className); + } - private void setScanRuleManager(Object object) { - try { - setPassiveScanRuleManager.invoke(getExtPscan(), object); - } catch (Exception e) { - LOGGER.error("Failed to set ScanRuleManager:", e); - } + @Override + public boolean remove(PassiveScanner scanRule) { + return scannersManager.removeImpl(scanRule); + } + }; + + passiveControllerProxy = + new PassiveController() { + + @Override + public int getRecordsToScan() { + return ExtensionPassiveScan2.this.getRecordsToScan(); + } + + @Override + public void clearQueue() { + ExtensionPassiveScan2.this.clearQueue(); + } + }; } - private static boolean isFieldDeprecated(Class clazz, String name) { - try { - return clazz.getField(name).getAnnotation(Deprecated.class) != null; - } catch (NoSuchFieldException e) { - // Nothing to do. - } - return true; + private void setScanRuleManager(PassiveScanRuleManager manager) { + getExtPscan().setPassiveScanRuleManager(manager); } - private static boolean hasField(Class clazz, String name) { - try { - clazz.getDeclaredField(name); - return true; - } catch (NoSuchFieldException e) { - // Nothing to do. - } - return false; + private void setPassiveController(PassiveController controller) { + getExtPscan().setPassiveController(controller); } @Override @@ -210,39 +173,25 @@ public String getDescription() { @Override public void init() { - if (scannersManager != null) { - setScanRuleManager(scanRuleManagerProxy); - } - - if (loadScanRules) { - scanRulesLoader = new AddOnScanRulesLoader(this); - } + setScanRuleManager(scanRuleManagerProxy); + setPassiveController(passiveControllerProxy); - addScanStatus = - hasView() - && !hasField( - org.zaproxy.zap.extension.pscan.ExtensionPassiveScan.class, - "scanStatus"); + scanRulesLoader = new AddOnScanRulesLoader(this); } @Override public void postInit() { - if (loadScanRules) { - scanRulesLoader.load(); - } - StatsPassiveScanner.load(getExtPscan()); + scanRulesLoader.load(); + + StatsPassiveScanner.load(this); } @Override public void optionsLoaded() { - if (scannersManager != null) { - scannersManager.getManager().setAutoTagScanners(options.getAutoTagScanners()); - } + scannersManager.getManager().setAutoTagScanners(options.getAutoTagScanners()); - if (addScanner) { - passiveScanEnabled = true; - getPassiveScanController(); - } + passiveScanEnabled = true; + getPassiveScanController(); } /** @@ -262,9 +211,6 @@ public PassiveScannersManager getPassiveScannersManager() { * @since 0.1.0 */ public int getRecordsToScan() { - if (!addScanner) { - return getExtPscan().getRecordsToScan(); - } if (passiveScanEnabled && psc != null) { return psc.getRecordsToScan(); } @@ -280,10 +226,6 @@ public int getRecordsToScan() { * @since 0.1.0 */ public void clearQueue() { - if (!addScanner) { - getExtPscan().clearQueue(); - return; - } if (psc != null) { psc.clearQueue(); } @@ -291,7 +233,7 @@ public void clearQueue() { private PassiveScanController getPassiveScanController() { if (passiveScanEnabled && psc == null) { - final ExtensionLoader extensionLoader = Control.getSingleton().getExtensionLoader(); + ExtensionLoader extensionLoader = Control.getSingleton().getExtensionLoader(); psc = new PassiveScanController( this, @@ -305,29 +247,20 @@ private PassiveScanController getPassiveScanController() { @Override public void hook(ExtensionHook extensionHook) { - if (scannersManager != null) { - if (addScanner) { - options = new PassiveScannerOptions(); - extensionHook.addOptionsParamSet(options); - } + options = new PassiveScannerOptions(); + extensionHook.addOptionsParamSet(options); - if (hasView()) { - extensionHook.getHookView().addOptionPanel(getPassiveScannerOptionsPanel()); - extensionHook.getHookView().addOptionPanel(getOptionsPassiveScan()); - extensionHook.getHookView().addOptionPanel(getPolicyPanel()); - } + if (hasView()) { + extensionHook.getHookView().addOptionPanel(getPassiveScannerOptionsPanel()); + extensionHook.getHookView().addOptionPanel(getOptionsPassiveScan()); + extensionHook.getHookView().addOptionPanel(getPolicyPanel()); } - if (org.zaproxy.zap.extension.pscan.PassiveScanAPI.class.getAnnotation(Deprecated.class) - != null) { - extensionHook.addApiImplementor(new PassiveScanApi(this, scannersManager)); - } + extensionHook.addApiImplementor(new PassiveScanApi(this, scannersManager)); - if (loadScanRules) { - extensionHook.addAddOnInstallationStatusListener(scanRulesLoader); - } + extensionHook.addAddOnInstallationStatusListener(scanRulesLoader); - if (addScanStatus) { + if (hasView()) { scanStatus = new ScanStatus( DisplayUtils.getScaledIcon(getClass().getResource("icons/pscan.png")), @@ -350,23 +283,19 @@ public void highwaterMarkSet(String key, long value) { .addFooterToolbarRightLabel(scanStatus.getCountLabel()); } - if (addScriptType) { - ExtensionScript extScript = getExtension(ExtensionScript.class); - if (extScript != null) { - scriptType = - new ScriptType( - SCRIPT_TYPE_PASSIVE, - "pscan.scripts.type.passive", - createScriptIcon(), - true); - extScript.registerScriptType(scriptType); - } + ExtensionScript extScript = getExtension(ExtensionScript.class); + if (extScript != null) { + scriptType = + new ScriptType( + SCRIPT_TYPE_PASSIVE, + "pscan.scripts.type.passive", + createScriptIcon(), + true); + extScript.registerScriptType(scriptType); } - if (addScanner) { - extensionHook.addProxyListener(new ProxyListenerImpl()); - extensionHook.addSessionListener(new SessionListenerImpl()); - } + extensionHook.addProxyListener(new ProxyListenerImpl()); + extensionHook.addSessionListener(new SessionListenerImpl()); } private PolicyPassiveScanPanel getPolicyPanel() { @@ -413,12 +342,9 @@ public boolean canUnload() { @Override public void unload() { - if (loadScanRules) { - scanRulesLoader.unload(); - } - StatsPassiveScanner.unload(getExtPscan()); + scanRulesLoader.unload(); - if (addScanStatus) { + if (hasView()) { getView() .getMainFrame() .getMainFooterPanel() @@ -431,9 +357,8 @@ public void unload() { getExtension(ExtensionScript.class).removeScriptType(scriptType); } - if (addOptions) { - setScanRuleManager(null); - } + setScanRuleManager(null); + setPassiveController(null); } @Override @@ -451,10 +376,6 @@ private void stopPassiveScanController() { } void setPassiveScanEnabled(boolean enabled) { - if (!addScanner) { - return; - } - if (passiveScanEnabled != enabled) { passiveScanEnabled = enabled; if (enabled) { @@ -466,9 +387,6 @@ void setPassiveScanEnabled(boolean enabled) { } PassiveScanTask getOldestRunningTask() { - if (!addScanner) { - return null; - } if (passiveScanEnabled) { return getPassiveScanController().getOldestRunningTask(); } @@ -476,9 +394,6 @@ PassiveScanTask getOldestRunningTask() { } List getRunningTasks() { - if (!addScanner) { - return List.of(); - } if (passiveScanEnabled) { return getPassiveScanController().getRunningTasks(); } diff --git a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/StatsPassiveScanner.java b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/StatsPassiveScanner.java index 4806085445c..065652b8e94 100644 --- a/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/StatsPassiveScanner.java +++ b/addOns/pscan/src/main/java/org/zaproxy/addon/pscan/internal/StatsPassiveScanner.java @@ -28,6 +28,7 @@ import org.parosproxy.paros.Constant; import org.parosproxy.paros.network.HttpHeader; import org.parosproxy.paros.network.HttpMessage; +import org.zaproxy.addon.pscan.ExtensionPassiveScan2; import org.zaproxy.zap.control.AddOn; import org.zaproxy.zap.extension.pscan.PluginPassiveScanner; import org.zaproxy.zap.model.SessionStructure; @@ -39,14 +40,10 @@ public class StatsPassiveScanner extends PluginPassiveScanner { public static final String CONTENT_TYPE_STATS_PREFIX = "stats.contentType."; public static final String RESPONSE_TIME_STATS_PREFIX = "stats.responseTime."; - private static final boolean LOAD_RULE = - org.zaproxy.zap.extension.pscan.scanner.StatsPassiveScanner.class.getAnnotation( - Deprecated.class) - != null; private static StatsPassiveScanner instance; - // Package to prevent the scan rule from being picked automatically for the manifest, while the - // code is being migrated from core. + // Package to prevent the scan rule from being picked automatically for the manifest to keep the + // expected status. StatsPassiveScanner() { // Keep same status as when in core. setStatus(AddOn.Status.release); @@ -104,17 +101,8 @@ public boolean appliesToHistoryType(int historyType) { return true; } - public static void load(org.zaproxy.zap.extension.pscan.ExtensionPassiveScan extension) { - if (LOAD_RULE) { - instance = new StatsPassiveScanner(); - extension.addPluginPassiveScanner(instance); - } - } - - public static void unload(org.zaproxy.zap.extension.pscan.ExtensionPassiveScan extension) { - if (LOAD_RULE) { - extension.removePluginPassiveScanner(instance); - instance = null; - } + public static void load(ExtensionPassiveScan2 extension) { + instance = new StatsPassiveScanner(); + extension.getPassiveScannersManager().add(instance); } } diff --git a/addOns/pscanrules/CHANGELOG.md b/addOns/pscanrules/CHANGELOG.md index 413f018e186..b8e6de292d6 100644 --- a/addOns/pscanrules/CHANGELOG.md +++ b/addOns/pscanrules/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Updated help with specific Category identifiers for use with the Custom Payloads add-on for rules: - Application Error Disclosure - Information Disclosure - Suspicious Comments diff --git a/addOns/pscanrulesAlpha/CHANGELOG.md b/addOns/pscanrulesAlpha/CHANGELOG.md index 0884e63149b..f211bca7cb1 100644 --- a/addOns/pscanrulesAlpha/CHANGELOG.md +++ b/addOns/pscanrulesAlpha/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [43] - 2024-09-02 diff --git a/addOns/pscanrulesBeta/CHANGELOG.md b/addOns/pscanrulesBeta/CHANGELOG.md index 065847c464d..b9f15734d0f 100644 --- a/addOns/pscanrulesBeta/CHANGELOG.md +++ b/addOns/pscanrulesBeta/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Updated help with specific Category identifier for use with the Custom Payloads add-on for the "Dangerous JS Functions" rule. ### Fixed diff --git a/addOns/quickstart/CHANGELOG.md b/addOns/quickstart/CHANGELOG.md index f2c750084f7..3f7806b41e4 100644 --- a/addOns/quickstart/CHANGELOG.md +++ b/addOns/quickstart/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Stats counter to the main toolbar button (Issue 8375). ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on Passive Scanner add-on (Issue 7959). ### Fixed diff --git a/addOns/regextester/CHANGELOG.md b/addOns/regextester/CHANGELOG.md index 3039d973d79..800f584a325 100644 --- a/addOns/regextester/CHANGELOG.md +++ b/addOns/regextester/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [2] - 2021-10-07 ### Added diff --git a/addOns/replacer/CHANGELOG.md b/addOns/replacer/CHANGELOG.md index be4902800db..686c0448032 100644 --- a/addOns/replacer/CHANGELOG.md +++ b/addOns/replacer/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Typo in automation job help. ### Changed +- Update minimum ZAP version to 2.16.0. - Fields with default or missing values are omitted for the `replacer` job in saved Automation Framework plans. ## [19] - 2024-10-07 diff --git a/addOns/reports/CHANGELOG.md b/addOns/reports/CHANGELOG.md index 58e293c5713..99a549dfc39 100644 --- a/addOns/reports/CHANGELOG.md +++ b/addOns/reports/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Sequence data to JSON & HTML reports. ### Changed +- Update minimum ZAP version to 2.16.0. - Update automation job help. - Fields with default or missing values are omitted for the `report` job in saved Automation Framework plans. diff --git a/addOns/requester/CHANGELOG.md b/addOns/requester/CHANGELOG.md index 777e39791cc..c616e1e5bda 100644 --- a/addOns/requester/CHANGELOG.md +++ b/addOns/requester/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [7.7.0] - 2024-06-28 ### Added diff --git a/addOns/retest/CHANGELOG.md b/addOns/retest/CHANGELOG.md index eb3f4523af5..8677a0a393a 100644 --- a/addOns/retest/CHANGELOG.md +++ b/addOns/retest/CHANGELOG.md @@ -6,6 +6,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - To handle automation class changes. - Depend on newer version of Passive Scanner add-on (Issue 7959). diff --git a/addOns/retire/CHANGELOG.md b/addOns/retire/CHANGELOG.md index 2c50e41e43b..358aa8f7e9d 100644 --- a/addOns/retire/CHANGELOG.md +++ b/addOns/retire/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [0.42.0] - 2024-11-25 ### Changed diff --git a/addOns/reveal/CHANGELOG.md b/addOns/reveal/CHANGELOG.md index 42cccd4b389..38ae37da755 100644 --- a/addOns/reveal/CHANGELOG.md +++ b/addOns/reveal/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [8] - 2024-05-07 ### Changed diff --git a/addOns/revisit/CHANGELOG.md b/addOns/revisit/CHANGELOG.md index 59b6f41b683..975db79a3c4 100644 --- a/addOns/revisit/CHANGELOG.md +++ b/addOns/revisit/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [5] - 2023-10-23 diff --git a/addOns/saml/CHANGELOG.md b/addOns/saml/CHANGELOG.md index 91dea8edebc..be0a6c7a35b 100644 --- a/addOns/saml/CHANGELOG.md +++ b/addOns/saml/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [10] - 2022-10-28 diff --git a/addOns/scanpolicies/CHANGELOG.md b/addOns/scanpolicies/CHANGELOG.md index f63ce54c971..d94618ab05d 100644 --- a/addOns/scanpolicies/CHANGELOG.md +++ b/addOns/scanpolicies/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.16.0. + ### Fixed - Fix link in the help page. diff --git a/addOns/scripts/CHANGELOG.md b/addOns/scripts/CHANGELOG.md index 1a47b02bc6d..1aae22337d9 100644 --- a/addOns/scripts/CHANGELOG.md +++ b/addOns/scripts/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Standardized Policy Tags to the base Scripts Active Scanner. ### Changed +- Update minimum ZAP version to 2.16.0. - Fields with default or missing values are omitted for the `script` job in saved Automation Framework plans. - Depends on an updated version of the Common Library add-on. - Depend on Passive Scanner add-on (Issue 7959). diff --git a/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/ExtensionScriptsUI.java b/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/ExtensionScriptsUI.java index 56e4ab98239..e45349f4157 100644 --- a/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/ExtensionScriptsUI.java +++ b/addOns/scripts/src/main/java/org/zaproxy/zap/extension/scripts/ExtensionScriptsUI.java @@ -196,10 +196,7 @@ public void hook(ExtensionHook extensionHook) { ExtensionHelp.enableHelpKey(getScriptsPanel(), "addon.scripts.tree"); } - if (org.zaproxy.zap.extension.script.ScriptAPI.class.getAnnotation(Deprecated.class) - != null) { - extensionHook.addApiImplementor(new ScriptApi(getExtScript())); - } + extensionHook.addApiImplementor(new ScriptApi(getExtScript())); } @Override diff --git a/addOns/scripts/src/test/java/org/zaproxy/zap/extension/scripts/scanrules/ScriptsPassiveScannerUnitTest.java b/addOns/scripts/src/test/java/org/zaproxy/zap/extension/scripts/scanrules/ScriptsPassiveScannerUnitTest.java index d928304891d..996ac67512f 100644 --- a/addOns/scripts/src/test/java/org/zaproxy/zap/extension/scripts/scanrules/ScriptsPassiveScannerUnitTest.java +++ b/addOns/scripts/src/test/java/org/zaproxy/zap/extension/scripts/scanrules/ScriptsPassiveScannerUnitTest.java @@ -52,8 +52,8 @@ import org.parosproxy.paros.model.Model; import org.parosproxy.paros.network.HttpMessage; import org.zaproxy.addon.pscan.ExtensionPassiveScan2; +import org.zaproxy.zap.extension.pscan.PassiveScanActions; import org.zaproxy.zap.extension.pscan.PassiveScanData; -import org.zaproxy.zap.extension.pscan.PassiveScanTaskHelper; import org.zaproxy.zap.extension.script.ExtensionScript; import org.zaproxy.zap.extension.script.ScriptsCache; import org.zaproxy.zap.extension.script.ScriptsCache.CachedScript; @@ -128,18 +128,18 @@ void shouldHaveSpecificPluginId() { void shouldAddTagsWithTaskHelper() { // Given String tag = "Tag"; - PassiveScanTaskHelper taskHelper = mock(PassiveScanTaskHelper.class); + PassiveScanActions actions = mock(PassiveScanActions.class); HistoryReference href = mock(HistoryReference.class); when(message.getHistoryRef()).thenReturn(href); ScriptsPassiveScanner scriptsPassiveScanner = new ScriptsPassiveScanner(); PassiveScanData passiveScanData = mock(PassiveScanData.class); when(passiveScanData.getMessage()).thenReturn(message); scriptsPassiveScanner.setHelper(passiveScanData); - scriptsPassiveScanner.setTaskHelper(taskHelper); + scriptsPassiveScanner.setPassiveScanActions(actions); // When scriptsPassiveScanner.addHistoryTag(tag); // Then - verify(taskHelper).addHistoryTag(href, tag); + verify(actions).addHistoryTag(href, tag); } @Test diff --git a/addOns/selenium/CHANGELOG.md b/addOns/selenium/CHANGELOG.md index fa53b021542..98595281153 100644 --- a/addOns/selenium/CHANGELOG.md +++ b/addOns/selenium/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Update Selenium to version 4.27.0. ## [15.30.0] - 2024-09-24 diff --git a/addOns/sequence/CHANGELOG.md b/addOns/sequence/CHANGELOG.md index d36afcdf321..0a6658f1111 100644 --- a/addOns/sequence/CHANGELOG.md +++ b/addOns/sequence/CHANGELOG.md @@ -16,7 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Depend on Import/Export add-on to allow to import HARs as sequences. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. - Sequence scan implementation. - Promoted to beta. diff --git a/addOns/soap/CHANGELOG.md b/addOns/soap/CHANGELOG.md index 521d38132e5..9f80043a2c0 100644 --- a/addOns/soap/CHANGELOG.md +++ b/addOns/soap/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on newer version of Common Library add-on (Issue 8016). - Fields with default or missing values are omitted for the `soap` job in saved Automation Framework plans. diff --git a/addOns/spider/CHANGELOG.md b/addOns/spider/CHANGELOG.md index 55a178fb87c..2476024a405 100644 --- a/addOns/spider/CHANGELOG.md +++ b/addOns/spider/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on newer version of Common Library add-on (Issue 8016). - Updated automation framework documentation and templates for `spider` job to reflect changes to the default value of threadCount parameter - Fields with default or missing values are omitted for the `spider` job in saved Automation Framework plans. diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/parser/ParseContext.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/parser/ParseContext.java index 8ef3c4b56ba..f99c473209d 100644 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/parser/ParseContext.java +++ b/addOns/spider/src/main/java/org/zaproxy/addon/spider/parser/ParseContext.java @@ -114,6 +114,7 @@ public SpiderParam getSpiderParam() { * @return the value generator, never {@code null}. * @deprecated (0.13.0) Use {@link #getValueProvider()} instead. */ + @SuppressWarnings("removal") @Deprecated(since = "0.13.0", forRemoval = true) public ValueGenerator getValueGenerator() { return new ValueGenerator() { diff --git a/addOns/spiderAjax/CHANGELOG.md b/addOns/spiderAjax/CHANGELOG.md index 74ef81b2067..50ff15bed41 100644 --- a/addOns/spiderAjax/CHANGELOG.md +++ b/addOns/spiderAjax/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Updated automation framework documentation and templates for `spiderAjax` job to reflect changes to the default value of numberOfBrowsers parameter - Fields with default or missing values are omitted for the `spiderAjax` job in saved Automation Framework plans. diff --git a/addOns/sqliplugin/CHANGELOG.md b/addOns/sqliplugin/CHANGELOG.md index 7db08f623d4..4dd0cf6a924 100644 --- a/addOns/sqliplugin/CHANGELOG.md +++ b/addOns/sqliplugin/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. - Maintenance changes. ## [15] - 2021-10-20 diff --git a/addOns/sse/CHANGELOG.md b/addOns/sse/CHANGELOG.md index 0990cd55540..5171e6884a8 100644 --- a/addOns/sse/CHANGELOG.md +++ b/addOns/sse/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [13] - 2024-05-21 ### Changed diff --git a/addOns/svndigger/CHANGELOG.md b/addOns/svndigger/CHANGELOG.md index 33fe07cc524..13b5f6602d7 100644 --- a/addOns/svndigger/CHANGELOG.md +++ b/addOns/svndigger/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [4] - 2021-10-07 ### Added diff --git a/addOns/tips/CHANGELOG.md b/addOns/tips/CHANGELOG.md index 9f4f991b08a..1941d6e8b1b 100644 --- a/addOns/tips/CHANGELOG.md +++ b/addOns/tips/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [13] - 2024-05-07 ### Changed diff --git a/addOns/tokengen/CHANGELOG.md b/addOns/tokengen/CHANGELOG.md index 1032756dc78..33500ef7dc5 100644 --- a/addOns/tokengen/CHANGELOG.md +++ b/addOns/tokengen/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [15] - 2021-10-07 ### Changed diff --git a/addOns/treetools/CHANGELOG.md b/addOns/treetools/CHANGELOG.md index f9ee943ec6b..8d418b11429 100644 --- a/addOns/treetools/CHANGELOG.md +++ b/addOns/treetools/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [8] - 2021-10-07 ### Added diff --git a/addOns/viewstate/CHANGELOG.md b/addOns/viewstate/CHANGELOG.md index 6466b812bac..bcec287dd2f 100644 --- a/addOns/viewstate/CHANGELOG.md +++ b/addOns/viewstate/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.16.0. ## [3] - 2021-10-07 ### Changed diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index 2e7d32dbfed..871a539f952 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.16.0. - Depend on Passive Scanner add-on (Issue 7959). ## [21.43.0] - 2024-11-25 diff --git a/addOns/webdrivers/webdriverlinux/CHANGELOG.md b/addOns/webdrivers/webdriverlinux/CHANGELOG.md index c76089ea214..998aba7e1af 100644 --- a/addOns/webdrivers/webdriverlinux/CHANGELOG.md +++ b/addOns/webdrivers/webdriverlinux/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [116] - 2024-12-04 ### Changed diff --git a/addOns/webdrivers/webdrivermacos/CHANGELOG.md b/addOns/webdrivers/webdrivermacos/CHANGELOG.md index 38d259e0327..8b5530591d2 100644 --- a/addOns/webdrivers/webdrivermacos/CHANGELOG.md +++ b/addOns/webdrivers/webdrivermacos/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [116] - 2024-12-04 ### Changed diff --git a/addOns/webdrivers/webdriverwindows/CHANGELOG.md b/addOns/webdrivers/webdriverwindows/CHANGELOG.md index a55f5524b1c..eab8adf8e4a 100644 --- a/addOns/webdrivers/webdriverwindows/CHANGELOG.md +++ b/addOns/webdrivers/webdriverwindows/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [116] - 2024-12-04 ### Changed diff --git a/addOns/websocket/CHANGELOG.md b/addOns/websocket/CHANGELOG.md index c38f98d952b..478a1af545a 100644 --- a/addOns/websocket/CHANGELOG.md +++ b/addOns/websocket/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.16.0. ## [31] - 2024-05-07 ### Added diff --git a/addOns/zest/CHANGELOG.md b/addOns/zest/CHANGELOG.md index 4ebb6de31bf..303f9460b58 100644 --- a/addOns/zest/CHANGELOG.md +++ b/addOns/zest/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Allow other add-ons to create a Zest script from a list of messages. ### Changed +- Update minimum ZAP version to 2.16.0. - Use Semantic Version. - Maintenance changes. - Depend on Passive Scanner add-on (Issue 7959). diff --git a/build.gradle.kts b/build.gradle.kts index c8b4ee2fefb..c9e1be3370b 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -28,6 +28,9 @@ allprojects { repositories { mavenCentral() + maven { + url = uri("https://oss.sonatype.org/content/repositories/snapshots/") + } } spotless { @@ -46,6 +49,12 @@ allprojects { project.plugins.withType(JavaPlugin::class) { dependencies { "errorprone"("com.google.errorprone:error_prone_core:2.26.1") + + // Include annotations used by Log4j2 Core library to avoid compiler warnings. + "compileOnly"("biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.1") + "compileOnly"("com.google.code.findbugs:findbugs-annotations:3.0.1") + "testCompileOnly"("biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.1") + "testCompileOnly"("com.google.code.findbugs:findbugs-annotations:3.0.1") } java { diff --git a/settings.gradle.kts b/settings.gradle.kts index 4e16bdbdb70..d511988fbf6 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -9,7 +9,7 @@ pluginManagement { dependencyResolutionManagement { versionCatalogs { create("libs") { - version("log4j", "2.20.0") + version("log4j", "2.24.2") library("log4j-core", "org.apache.logging.log4j", "log4j-core").versionRef("log4j") library("log4j-slf4j", "org.apache.logging.log4j", "log4j-slf4j-impl").versionRef("log4j") library("log4j-slf4j2", "org.apache.logging.log4j", "log4j-slf4j2-impl").versionRef("log4j") diff --git a/testutils/src/main/java/org/zaproxy/zap/testutils/PassiveScannerTestUtils.java b/testutils/src/main/java/org/zaproxy/zap/testutils/PassiveScannerTestUtils.java index 55306bbc02a..6b4c1a3d806 100644 --- a/testutils/src/main/java/org/zaproxy/zap/testutils/PassiveScannerTestUtils.java +++ b/testutils/src/main/java/org/zaproxy/zap/testutils/PassiveScannerTestUtils.java @@ -45,8 +45,8 @@ import org.parosproxy.paros.model.HistoryReference; import org.parosproxy.paros.network.HttpMessage; import org.zaproxy.zap.extension.alert.ExampleAlertProvider; +import org.zaproxy.zap.extension.pscan.PassiveScanActions; import org.zaproxy.zap.extension.pscan.PassiveScanData; -import org.zaproxy.zap.extension.pscan.PassiveScanTaskHelper; import org.zaproxy.zap.extension.pscan.PassiveScanner; import org.zaproxy.zap.extension.pscan.PluginPassiveScanner; @@ -60,7 +60,7 @@ public abstract class PassiveScannerTestUtils extends implements ScanRuleTests { protected T rule; - protected PassiveScanTaskHelper helper; + protected PassiveScanActions actions; protected PassiveScanData passiveScanData; protected List alertsRaised; @@ -71,7 +71,7 @@ public void setUp() throws Exception { passiveScanData = mock(PassiveScanData.class, withSettings().strictness(Strictness.LENIENT)); alertsRaised = new ArrayList<>(); - helper = mock(PassiveScanTaskHelper.class, withSettings().strictness(Strictness.LENIENT)); + actions = mock(PassiveScanActions.class, withSettings().strictness(Strictness.LENIENT)); doAnswer( invocation -> { Alert alert = invocation.getArgument(1); @@ -80,11 +80,11 @@ public void setUp() throws Exception { alertsRaised.add(alert); return null; }) - .when(helper) + .when(actions) .raiseAlert(any(), any()); rule = createScanner(); - rule.setTaskHelper(helper); + rule.setPassiveScanActions(actions); if (rule instanceof PluginPassiveScanner) { ((PluginPassiveScanner) rule).setHelper(passiveScanData); diff --git a/testutils/testutils.gradle.kts b/testutils/testutils.gradle.kts index 3a010cb3f49..576cd8af5f3 100644 --- a/testutils/testutils.gradle.kts +++ b/testutils/testutils.gradle.kts @@ -19,7 +19,7 @@ tasks.withType().configureEach { } dependencies { - compileOnly("org.zaproxy:zap:2.15.0") + compileOnly("org.zaproxy:zap:2.16.0-SNAPSHOT") implementation(project(":addOns:network")) implementation("org.apache.httpcomponents.client5:httpclient5:5.2.1")