Move/add passive scanner and use add-on extension

Move the passive scanner to the `pscan` add-on along with required classes. Change all other add-ons to use the extension from the add-on. Part of zaproxy/zaproxy#7959. Signed-off-by: thc202 <thc202@gmail.com>
zaproxy · Dec 4, 2024 · b83d0a4 · b83d0a4
1 parent 9f8691f
commit b83d0a4
Show file tree

Hide file tree

Showing 62 changed files with 3,130 additions and 471 deletions.
diff --git a/addOns/alertFilters/CHANGELOG.md b/addOns/alertFilters/CHANGELOG.md
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## Unreleased
 ### Changed
 - Fields with default or missing values are omitted for the `alertFilter` job in saved Automation Framework plans.
+- Depend on Passive Scanner add-on (Issue 7959).
 
 ## [22] - 2024-10-07
 ### Fixed

diff --git a/addOns/alertFilters/alertFilters.gradle.kts b/addOns/alertFilters/alertFilters.gradle.kts
@@ -9,6 +9,13 @@ zapAddOn {
     manifest {
         author.set("ZAP Dev Team")
         url.set("https://www.zaproxy.org/docs/desktop/addons/alert-filters/")
+        dependencies {
+            addOns {
+                register("pscan") {
+                    version.set(">= 0.1.0 & < 1.0.0")
+                }
+            }
+        }
         extensions {
             register("org.zaproxy.zap.extension.alertFilters.automation.ExtensionAlertFiltersAutomation") {
                 classnames {
@@ -35,6 +42,7 @@ zapAddOn {
 dependencies {
     zapAddOn("automation")
     zapAddOn("commonlib")
+    zapAddOn("pscan")
 
     testImplementation(project(":testutils"))
 }
diff --git a/...rtFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java b/...rtFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java
@@ -44,6 +44,7 @@
 import org.parosproxy.paros.model.Session;
 import org.parosproxy.paros.model.Session.OnContextsChangedListener;
 import org.parosproxy.paros.view.View;
+import org.zaproxy.addon.pscan.ExtensionPassiveScan2;
 import org.zaproxy.zap.ZAP;
 import org.zaproxy.zap.eventBus.Event;
 import org.zaproxy.zap.eventBus.EventConsumer;
@@ -52,7 +53,6 @@
 import org.zaproxy.zap.extension.alert.PopupMenuItemAlert;
 import org.zaproxy.zap.extension.alertFilters.internal.ScanRulesInfo;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
-import org.zaproxy.zap.extension.pscan.ExtensionPassiveScan;
 import org.zaproxy.zap.model.Context;
 import org.zaproxy.zap.model.ContextDataFactory;
 import org.zaproxy.zap.model.SessionStructure;
@@ -140,7 +140,7 @@ public static ScanRulesInfo getScanRulesInfo() {
                             getExtAscan(),
                             Control.getSingleton()
                                     .getExtensionLoader()
-                                    .getExtension(ExtensionPassiveScan.class));
+                                    .getExtension(ExtensionPassiveScan2.class));
         }
         return scanRulesInfo;
     }

diff --git a/...tFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/internal/ScanRulesInfo.java b/...tFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/internal/ScanRulesInfo.java
@@ -34,10 +34,10 @@
 import org.parosproxy.paros.core.scanner.Plugin;
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.network.HttpRequestHeader;
+import org.zaproxy.addon.pscan.ExtensionPassiveScan2;
 import org.zaproxy.zap.extension.alert.ExampleAlertProvider;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
 import org.zaproxy.zap.extension.ascan.ScanPolicy;
-import org.zaproxy.zap.extension.pscan.ExtensionPassiveScan;
 import org.zaproxy.zap.extension.pscan.PassiveScanData;
 import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
 
@@ -49,15 +49,16 @@ public class ScanRulesInfo extends AbstractList<ScanRulesInfo.Entry> {
     private Map<String, Entry> entriesById;
 
     public ScanRulesInfo(
-            ExtensionActiveScan extensionActiveScan, ExtensionPassiveScan extensionPassiveScan) {
+            ExtensionActiveScan extensionActiveScan, ExtensionPassiveScan2 extensionPassiveScan) {
         entries = new ArrayList<>();
         entriesById = new HashMap<>();
         ScanPolicy sp = extensionActiveScan.getPolicyManager().getDefaultScanPolicy();
         for (Plugin scanRule : sp.getPluginFactory().getAllPlugin()) {
             addEntry(scanRule, scanRule.getId(), scanRule.getName());
         }
         if (extensionPassiveScan != null) {
-            for (PluginPassiveScanner scanRule : extensionPassiveScan.getPluginPassiveScanners()) {
+            for (PluginPassiveScanner scanRule :
+                    extensionPassiveScan.getPassiveScannersManager().getScanRules()) {
                 addEntry(scanRule, scanRule.getPluginId(), scanRule.getName());
             }
         }

diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md
@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
-
+### Changed
+- Depend on Passive Scanner add-on (Issue 7959).
 
 ## [0.16.0] - 2024-11-06
 ### Fixed

diff --git a/addOns/authhelper/authhelper.gradle.kts b/addOns/authhelper/authhelper.gradle.kts
@@ -31,6 +31,9 @@ zapAddOn {
                 register("network") {
                     version.set(">=0.6.0")
                 }
+                register("pscan") {
+                    version.set(">= 0.1.0 & < 1.0.0")
+                }
                 register("selenium") {
                     version.set("15.*")
                 }
@@ -50,6 +53,7 @@ crowdin {
 dependencies {
     zapAddOn("commonlib")
     zapAddOn("network")
+    zapAddOn("pscan")
     zapAddOn("selenium")
     zapAddOn("spiderAjax")
 

diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java
@@ -43,12 +43,12 @@
 import org.parosproxy.paros.view.View;
 import org.zaproxy.addon.authhelper.AutoDetectSessionManagementMethodType.AutoDetectSessionManagementMethod;
 import org.zaproxy.addon.authhelper.BrowserBasedAuthenticationMethodType.BrowserBasedAuthenticationMethod;
+import org.zaproxy.addon.pscan.ExtensionPassiveScan2;
 import org.zaproxy.zap.ZAP;
 import org.zaproxy.zap.authentication.AuthenticationMethod;
 import org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy;
 import org.zaproxy.zap.authentication.AuthenticationMethodType;
 import org.zaproxy.zap.authentication.UsernamePasswordAuthenticationCredentials;
-import org.zaproxy.zap.extension.pscan.ExtensionPassiveScan;
 import org.zaproxy.zap.extension.selenium.BrowserUI;
 import org.zaproxy.zap.extension.selenium.BrowsersComboBoxModel;
 import org.zaproxy.zap.extension.selenium.ExtensionSelenium;
@@ -344,10 +344,10 @@ public void counterInc(String site, String key) {
                 }
             }
             context = session.getContext(contextName);
-            ExtensionPassiveScan extPscan =
+            ExtensionPassiveScan2 extPscan =
                     Control.getSingleton()
                             .getExtensionLoader()
-                            .getExtension(ExtensionPassiveScan.class);
+                            .getExtension(ExtensionPassiveScan2.class);
 
             int count = 0;
             int score = 0;

diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ExtensionAuthhelper.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ExtensionAuthhelper.java
@@ -43,12 +43,12 @@
 import org.parosproxy.paros.model.Session;
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.view.View;
+import org.zaproxy.addon.pscan.ExtensionPassiveScan2;
 import org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType;
 import org.zaproxy.zap.authentication.JsonBasedAuthenticationMethodType;
 import org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType;
 import org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType.PostBasedAuthenticationMethod;
 import org.zaproxy.zap.extension.authentication.ExtensionAuthentication;
-import org.zaproxy.zap.extension.pscan.ExtensionPassiveScan;
 import org.zaproxy.zap.extension.selenium.ExtensionSelenium;
 import org.zaproxy.zap.extension.sessions.ExtensionSessionManagement;
 import org.zaproxy.zap.extension.users.ExtensionUserManagement;
@@ -66,7 +66,7 @@ public class ExtensionAuthhelper extends ExtensionAdaptor implements SessionChan
 
     private static final List<Class<? extends Extension>> EXTENSION_DEPENDENCIES =
             List.of(
-                    ExtensionPassiveScan.class,
+                    ExtensionPassiveScan2.class,
                     ExtensionSelenium.class,
                     ExtensionUserManagement.class);
 

diff --git a/addOns/pscan/CHANGELOG.md b/addOns/pscan/CHANGELOG.md
@@ -7,20 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## Unreleased
 ### Added
 - Manage the passive scan related options and the scan rules (Issue 7959).
+- Add passive scanner (Issue 7959).
 
 ### Changed
 - Fields with default or missing values are omitted for the following automation jobs in saved Automation Framework plans:
     - `passiveScan-config`
     - `passiveScan-wait`
+
 ### Fixed
-- Fixed passiveScan-wait alert tests.
+- Fixed `passiveScan-wait` alert tests.
 
 ## [0.0.1] - 2024-09-02
 ### Added
 - Provide the Passive Rules script type (Issue 7959).
 - Provide the Stats Passive Scan Rule (Issue 7959).
 - Provide the scan status label (Issue 7959).
 - Provide the `pscan` API on newer ZAP versions (Issue 7959).
+- Provide the Automation Framework passive scan jobs:
+  - `passiveScan-config`
+  - `passiveScan-wait`
 - Dynamically un/load add-on passive scan rules (Issue 7959).
 
 [0.0.1]: https://github.com/zaproxy/zap-extensions/releases/pscan-v0.0.1