Tweak some comments and method names

zaproxy · Jun 19, 2019 · 98e98f9 · 98e98f9
1 parent 94a1484
commit 98e98f9
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 64 deletions.
diff --git a/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java b/addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/ExtensionWebSocket.java
@@ -260,7 +260,7 @@ public void databaseOpen(Database db) throws DatabaseException, DatabaseUnsuppor
                 storage.setTable(table);
             }
             if (webSocketPassiveScannerManager != null) {
-                webSocketPassiveScannerManager.setTableWebSocketIfNot(table);
+                webSocketPassiveScannerManager.setTableIfNot(table);
             }
             if (View.isInitialised()) {
                 getWebSocketPanel().setTable(table);
@@ -437,8 +437,8 @@ public void hook(ExtensionHook extensionHook) {
             webSocketScriptPassiveScanner = new ScriptsWebSocketPassiveScanner();
 
             webSocketPassiveScannerManager.add(webSocketScriptPassiveScanner);
-            webSocketPassiveScannerManager.setAllPluginPassiveScannersEnabled(true);
-            webSocketPassiveScannerManager.setPassiveScanActivation(true);
+            webSocketPassiveScannerManager.setAllEnable(true);
+            webSocketPassiveScannerManager.setThreadActivation(true);
         }
     }
 

diff --git a/...ocket/src/main/java/org/zaproxy/zap/extension/websocket/alerts/WebSocketAlertWrapper.java b/...ocket/src/main/java/org/zaproxy/zap/extension/websocket/alerts/WebSocketAlertWrapper.java
@@ -90,7 +90,7 @@ public int getWascId() {
         return alert.getWascId();
     }
 
-    public HttpMessage getHanshakeMessage() {
+    public HttpMessage getHandshakeMessage() {
         return alert.getMessage();
     }
 
@@ -223,6 +223,6 @@ public WebSocketAlertWrapper build() {
             return new WebSocketAlertWrapper(webSocketMessageDTO, alert);
         }
 
-        public abstract WebSocketAlertWrapper raise();
+        protected abstract WebSocketAlertWrapper raise();
     }
 }
diff --git a/...t/src/main/java/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScanThread.java b/...t/src/main/java/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScanThread.java
@@ -49,7 +49,7 @@ public class WebSocketPassiveScanThread extends Thread
     private LinkedBlockingQueue<MessageWrapper> messagesBuffer;
 
     /** {@code True} to enable the passive scan Thread */
-    private volatile boolean isPassiveScannerActive;
+    private volatile boolean isActive;
 
     /** Reference to Database. Used in order to pick messages for scanning */
     private TableWebSocket tableWebSocket;
@@ -62,33 +62,32 @@ public class WebSocketPassiveScanThread extends Thread
 
     /**
      * Initialize the passive scan in background thread. By default thread is inactive and not
-     * alive. In order to activate thread set {@link
-     * WebSocketPassiveScanThread#setPassiveScannerActive(boolean)} true and start thread with
-     * {@link WebSocketPassiveScanThread#start()}.
+     * alive. In order to activate thread set {@link WebSocketPassiveScanThread#setActive(boolean)}
+     * true and start thread with {@link WebSocketPassiveScanThread#start()}.
      *
      * @param passiveScannerManager the manager
      */
     public WebSocketPassiveScanThread(WebSocketPassiveScannerManager passiveScannerManager) {
         this.passiveScannerManager = passiveScannerManager;
-        this.isPassiveScannerActive = false;
+        this.isActive = false;
         messagesBuffer = new LinkedBlockingQueue<>();
     }
 
     /** @return true if the table was initialized */
-    public boolean hasTableWebSocket() {
+    public boolean hasTable() {
         return tableWebSocket != null;
     }
 
-    public void setTableWebSocket(TableWebSocket tableWebSocket) {
+    public void setTable(TableWebSocket tableWebSocket) {
         this.tableWebSocket = tableWebSocket;
     }
 
-    public boolean isPassiveScannerActive() {
-        return isPassiveScannerActive;
+    public boolean isActive() {
+        return isActive;
     }
 
-    public void setPassiveScannerActive(boolean passiveScannerActive) {
-        isPassiveScannerActive = passiveScannerActive;
+    public void setActive(boolean active) {
+        isActive = active;
     }
 
     @Override
@@ -116,14 +115,14 @@ public void run() {
         WebSocketMessageDTO currentMessage;
         Iterator<WebSocketPassiveScanner> iterator;
         WebSocketScanHelperImpl helper = new WebSocketScanHelperImpl(this);
-        while (isPassiveScannerActive) {
+        while (isActive) {
             if (messagesBuffer.isEmpty() || tableWebSocket == null) {
                 try {
                     Thread.sleep(SLEEP_TIME);
                 } catch (InterruptedException e) {
                     LOGGER.info("Sleeping was interrupted", e);
                 }
-                if (!isPassiveScannerActive) {
+                if (!isActive) {
                     break;
                 }
             } else {
@@ -153,7 +152,7 @@ public Alert.Source getAlertSource() {
 
     @Override
     public void raiseAlert(WebSocketAlertWrapper websocketAlert) {
-        if (!isPassiveScannerActive) {
+        if (!isActive) {
             return;
         }
         passiveScannerManager.getAlertManager().alertFound(websocketAlert);
@@ -166,7 +165,7 @@ private boolean shouldIgnoreServerModeMessages(WebSocketMessage message) {
 
     /** Shutdown the passive scan thread */
     public void shutdown() {
-        isPassiveScannerActive = false;
+        isActive = false;
     }
 
     private class MessageWrapper {

diff --git a/...cket/src/main/java/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScanner.java b/...cket/src/main/java/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScanner.java
@@ -21,6 +21,7 @@
 
 import org.zaproxy.zap.extension.websocket.WebSocketMessageDTO;
 
+/** Implement this if you want employ passive scan rules on WebSocket Messages. */
 public interface WebSocketPassiveScanner {
 
     String getName();

diff --git a/...c/main/java/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScannerManager.java b/...c/main/java/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScannerManager.java
@@ -39,11 +39,11 @@ public class WebSocketPassiveScannerManager {
 
     private static final Logger LOGGER = Logger.getLogger(WebSocketPassiveScannerManager.class);
 
-    /** The background thread where the passive scans are happening */
+    /** The background thread where the passive scans are running */
     private WebSocketPassiveScanThread passiveScanThread;
 
     /** {@code false} if passive scans are disabled */
-    private boolean passiveScanEnabled = false;
+    private boolean isThreadActive = false;
 
     /** Used to raise Alert Messages */
     private AlertManager alertManager;
@@ -56,10 +56,10 @@ public class WebSocketPassiveScannerManager {
 
     /**
      * Initiate a Passive Scanner Manager. By default passive scans are disabled. In order to enable
-     * all passive scanners {@see
-     * WebSocketPassiveScannerManager#setAllPluginPassiveScannersEnabled}. In addition if WebSocket
-     * Proxy Mode equals to {@link org.zaproxy.zap.extension.websocket.WebSocketProxy.Mode#SERVER} ,
-     * proxy's messages, by default, are ignored to passive scan .
+     * all passive scanners {@see WebSocketPassiveScannerManager#setAllEnable}. In addition, if
+     * WebSocket Proxy Mode equals to {@link
+     * org.zaproxy.zap.extension.websocket.WebSocketProxy.Mode#SERVER} , proxy's messages, by
+     * default, are ignored to passive scan .
      */
     public WebSocketPassiveScannerManager(AlertManager alertManager) {
         this.alertManager = alertManager;
@@ -87,12 +87,12 @@ public WebSocketPassiveScanThread getWebSocketPassiveScanThread() {
     }
 
     /**
-     * Begin and activate the background thread where passive scans runs. Do nothing if the
+     * Begin and activate the background thread where passive scans are running. Do nothing if the
      * background thread have already been running
      */
-    public void startWebSocketPassiveScanThread() {
+    private void startThread() {
         if (!passiveScanThread.isAlive()) {
-            passiveScanThread.setPassiveScannerActive(true);
+            passiveScanThread.setActive(true);
             passiveScanThread.start();
         }
     }
@@ -111,19 +111,19 @@ private CopyOnWriteArraySet<WebSocketPassiveScanner> getPassiveScannersSet() {
 
     /**
      * Sets the {@link TableWebSocket} if have not been yet. In order to force manager to update the
-     * table use {@link WebSocketPassiveScannerManager#setTableWebSocket(TableWebSocket)}
+     * table use {@link WebSocketPassiveScannerManager#setTable(TableWebSocket)}
      *
      * @param tableWebSocket the table
      */
-    public void setTableWebSocketIfNot(TableWebSocket tableWebSocket) {
-        if (!getWebSocketPassiveScanThread().hasTableWebSocket()) {
-            passiveScanThread.setTableWebSocket(tableWebSocket);
+    public void setTableIfNot(TableWebSocket tableWebSocket) {
+        if (!getWebSocketPassiveScanThread().hasTable()) {
+            passiveScanThread.setTable(tableWebSocket);
         }
     }
 
     /** Setting the table WebSocket */
-    public void setTableWebSocket(TableWebSocket tableWebSocket) {
-        passiveScanThread.setTableWebSocket(tableWebSocket);
+    private void setTable(TableWebSocket tableWebSocket) {
+        passiveScanThread.setTable(tableWebSocket);
     }
 
     /** Adds the WebSocketPassive Scanner if not null */
@@ -135,7 +135,7 @@ public synchronized WebSocketPassiveScannerDecorator add(
         if (passiveScanner == null) {
             throw new IllegalArgumentException("Parameter passiveScanner must not be null.");
         }
-        return addWebSocketPlugin(wsPlugin) ? wsPlugin : null;
+        return addPlugin(wsPlugin) ? wsPlugin : null;
     }
 
     /**
@@ -144,7 +144,7 @@ public synchronized WebSocketPassiveScannerDecorator add(
      * @return {@code true} if passive scanner is added to list successfully.
      * @param passiveScanner the WebSocket Passive scan Plugin
      */
-    private boolean addWebSocketPlugin(WebSocketPassiveScannerDecorator passiveScanner) {
+    private boolean addPlugin(WebSocketPassiveScannerDecorator passiveScanner) {
         if (getPassiveScannersSet().contains(passiveScanner)) {
             LOGGER.warn(
                     "Insertion of "
@@ -160,7 +160,7 @@ private boolean addWebSocketPlugin(WebSocketPassiveScannerDecorator passiveScann
      *
      * @param enabled {@code true} if the scanners should be enabled, {@code false} otherwise
      */
-    public void setAllPluginPassiveScannersEnabled(boolean enabled) {
+    public void setAllEnable(boolean enabled) {
         Iterator<WebSocketPassiveScanner> iterator = getIterator();
         while (iterator.hasNext()) {
             ((WebSocketPassiveScannerDecorator) iterator.next()).setEnabled(enabled);
@@ -172,7 +172,7 @@ public void setAllPluginPassiveScannersEnabled(boolean enabled) {
      *
      * @param enabled {@code true} if the scanner should be enabled, {@code false} otherwise
      */
-    public void setPassiveScanEnabled(WebSocketPassiveScanner scanner, boolean enabled) {
+    public void setEnable(WebSocketPassiveScanner scanner, boolean enabled) {
 
         Iterator<WebSocketPassiveScanner> iterator = getIterator();
         WebSocketPassiveScannerDecorator itScanner;
@@ -186,7 +186,7 @@ public void setPassiveScanEnabled(WebSocketPassiveScanner scanner, boolean enabl
     }
 
     /** Shut down the background thread if any. */
-    private void stopWebSocketPassiveScanThread() {
+    private void shutdownThread() {
         if (this.passiveScanThread != null) {
             passiveScanThread.shutdown();
         }
@@ -198,13 +198,13 @@ private void stopWebSocketPassiveScanThread() {
      *
      * @param activation if true activates the background thread
      */
-    public void setPassiveScanActivation(boolean activation) {
-        if (passiveScanEnabled != activation) {
-            passiveScanEnabled = activation;
+    public void setThreadActivation(boolean activation) {
+        if (isThreadActive != activation) {
+            isThreadActive = activation;
             if (activation) {
-                startWebSocketPassiveScanThread();
+                startThread();
             } else {
-                stopWebSocketPassiveScanThread();
+                shutdownThread();
             }
         }
     }

diff --git a/...c/main/zapHomeFiles/scripts/templates/websocketpassive/Passive WebSocket Scan Template.js b/...c/main/zapHomeFiles/scripts/templates/websocketpassive/Passive WebSocket Scan Template.js
@@ -19,25 +19,26 @@ CONFIDENCE_HIGH = 3;
  * This function scans passively WebSocket messages. The scan function will be called for
  * messages via ZAP.
  *
- * @param helper - the WebSocketPassiveHelper interface provides the raiseAlert method in order
- *               to raise the appropriate alerts
+ * @param helper - the WebSocketPassiveHelper interface provides the newAlert() method in order
+ *                 to raise the appropriate alerts
+ *
  * Some useful function(s) about  WebSocketPassiveHelper:
  * helper.newAlert() -> Returns an WebSocketAlertRaiser instance which is used
- *                            for building and raising alerts.
+ *                      for building and raising alerts.
 
  * * Some useful functions about WebSocketAlertRaiser:
  * * alertRaiser.setRiskConfidence(risk, confidence) -> Sets the Risk and the Confidence of the alert. (by default RISK_INFO, CONFIDENCE_MEDIUM).
  * * alertRaiser.setName(name)                       -> Sets the name (by default "").
  * * alertRaiser.setDescription(description)         -> Sets a description about potential threat (by default "").
- * * alertRaiser.setParam(param)                     -> Sets in which parameter the threat noticed (by default "").
+ * * alertRaiser.setParam(param)                     -> Sets in which parameter threat is noticed (by default "").
  * * alertRaiser.setSolution(solution)               -> Sets a possible solution (by default "").
  * * alertRaiser.setReference(reference)             -> Sets extra references (ex. a web link) (by default "").
- * * alertRaiser.setEvidence(evidence)               -> Sets what's the evidence of the potential thread (by default "").
+ * * alertRaiser.setEvidence(evidence)               -> Sets what's the evidence of potential thread (by default "").
  * * alertRaiser.setCweIdm(cweId)                    -> Sets the CWE ID of the issue (by default 0)
  * * alertRaiser.setWascId(wascId)                   -> Sets the WASC ID of the issue (by default 0)
  * * alertRaiser.raise()                             -> Build and Raise the alert (returns the WebSocketAlertWrapper)
 
- * @param msg - the Websocket Message being scanned. This is a WebSocketMessage object.
+ * @param msg - the Websocket Message being scanned. This is a WebSocketMessageDTO object.
  *
  * Some useful functions and fields of WebSocketMessageDTO:
  * msg.channel        -> Channel of the message (WebSocketChannelDTO)
@@ -51,7 +52,7 @@ CONFIDENCE_HIGH = 3;
  * * channel.id         -> Unique ID of the message (int)
  * * channel.host       -> Host of the WebSocket Server (String)
  * * channel.port       -> Port where the channel is connected at. Usually at 80 or 443.
- * * channel.url        -> URL used in HTTP handshake.
+ * * channel.url        -> URL used in HTTP handshake (String).
  */
 function scan(helper,msg) {
 

diff --git a/...c/main/zapHomeFiles/scripts/templates/websocketpassive/Passive WebSocket Scan Template.py b/...c/main/zapHomeFiles/scripts/templates/websocketpassive/Passive WebSocket Scan Template.py
@@ -21,20 +21,21 @@
  * This function scans passively WebSocket messages. The scan function will be called for
  * messages via ZAP.
  *
- * @param helper - the WebSocketPassiveHelper interface provides the raiseAlert method in order
- *               to raise the appropriate alerts
+ * @param helper - the WebSocketPassiveHelper interface provides the newAlert() method in order
+ *                 to raise the appropriate alerts
+ *
  * Some useful function(s) about  WebSocketPassiveHelper:
  * helper.newAlert() -> Returns an WebSocketAlertRaiser instance which is used
- *                            for building and raising alerts.
+ *                      for building and raising alerts.
 
  * * Some useful functions about WebSocketAlertRaiser:
  * * alertRaiser.setRiskConfidence(risk, confidence) -> Sets the Risk and the Confidence of the alert. (by default RISK_INFO, CONFIDENCE_MEDIUM).
  * * alertRaiser.setName(name)                       -> Sets the name (by default "").
- * * alertRaiser.setDescription(description)          -> Sets a description about potential threat (by default "").
- * * alertRaiser.setParam(param)                     -> Sets in which parameter the threat noticed (by default "").
+ * * alertRaiser.setDescription(description)         -> Sets a description about potential threat (by default "").
+ * * alertRaiser.setParam(param)                     -> Sets in which parameter threat is noticed (by default "").
  * * alertRaiser.setSolution(solution)               -> Sets a possible solution (by default "").
  * * alertRaiser.setReference(reference)             -> Sets extra references (ex. a web link) (by default "").
- * * alertRaiser.setEvidence(evidence)               -> Sets what's the evidence of the potential thread (by default "").
+ * * alertRaiser.setEvidence(evidence)               -> Sets what's the evidence of potential thread (by default "").
  * * alertRaiser.setCweIdm(cweId)                    -> Sets the CWE ID of the issue (by default 0)
  * * alertRaiser.setWascId(wascId)                   -> Sets the WASC ID of the issue (by default 0)
  * * alertRaiser.raise()                             -> Build and Raise the alert (returns the WebSocketAlertWrapper)
@@ -53,7 +54,7 @@
  * * channel.id         -> Unique ID of the message (int)
  * * channel.host       -> Host of the WebSocket Server (String)
  * * channel.port       -> Port where the channel is connected at. Usually at 80 or 443.
- * * channel.url        -> URL used in HTTP handshake.
+ * * channel.url        -> URL used in HTTP handshake (String)
 """
 def scan(helper,msg):
 

diff --git a/...ava/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScannerManagerUnitTest.java b/...ava/org/zaproxy/zap/extension/websocket/pscan/WebSocketPassiveScannerManagerUnitTest.java
@@ -136,8 +136,8 @@ public void shouldDisableScanner() {
         when(scanner1.getId()).thenReturn(1);
 
         // When
-        wsPscanManager.setAllPluginPassiveScannersEnabled(true);
-        wsPscanManager.setPassiveScanEnabled(scanner1, false);
+        wsPscanManager.setAllEnable(true);
+        wsPscanManager.setEnable(scanner1, false);
 
         // Then
         Iterator<WebSocketPassiveScanner> iterator = wsPscanManager.getEnabledIterator();
@@ -160,9 +160,9 @@ public void shouldIterateOnlyOverEnabledScanners() {
         when(scannerNot2.getId()).thenReturn(2);
 
         // When
-        wsPscanManager.setAllPluginPassiveScannersEnabled(true);
-        wsPscanManager.setPassiveScanEnabled(scannerNot1, false);
-        wsPscanManager.setPassiveScanEnabled(scannerNot2, false);
+        wsPscanManager.setAllEnable(true);
+        wsPscanManager.setEnable(scannerNot1, false);
+        wsPscanManager.setEnable(scannerNot2, false);
 
         // Then
         Iterator<WebSocketPassiveScanner> iterator = wsPscanManager.getEnabledIterator();