Skip to content

Commit

Permalink
Merge condtrack
Browse files Browse the repository at this point in the history
  • Loading branch information
@gdgd009xcd
gdgd009xcd committed Sep 9, 2020
2 parents 63f3f72 + 4608f47 commit 38af6bc
Show file tree
Hide file tree
Showing 75 changed files with 1,199 additions and 615 deletions.
37 changes: 29 additions & 8 deletions ...utomacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/AppParmsIni.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import java.util.*;
import java.util.regex.Pattern;

/** @author daike */
/** @author gdgd009xcd */
//
// class AppParmsIni
//
Expand Down Expand Up @@ -449,7 +449,7 @@ String getGenValue(
int n;
switch (typeval) {
case T_NUMBER: // number
n = countUp(_valparttype, this); // synchronized
n = countUp(_valparttype, this, apv, pmt); // synchronized
if (n > -1) {
return getFillZeroInt(n); // thread safe
} else {
Expand All @@ -466,7 +466,8 @@ String getGenValue(
apv.getTrackKey(),
tk,
currentStepNo,
toStepNo); // per thread object
toStepNo,
apv); // per thread object
// }
default: // csv
if (frl != null) {
Expand All @@ -475,7 +476,11 @@ String getGenValue(
csvpos = len;
}
return frl.readLine(
_valparttype, csvpos, this); // read CSV 1 record. synchronized
_valparttype,
csvpos,
this,
apv,
pmt); // read CSV 1 record. synchronized
} else {
LOGGER4J.debug("getGenValue frl is NULL");
}
Expand All @@ -498,7 +503,8 @@ String getStrCnt(
return cstrcnt;
}

synchronized int countUp(int _valparttype, AppParmsIni _parent) {
synchronized int countUp(
int _valparttype, AppParmsIni _parent, AppValue apv, ParmGenMacroTrace pmt) {
// counter file open
int cnt = inival;
try {
Expand All @@ -523,7 +529,13 @@ synchronized int countUp(int _valparttype, AppParmsIni _parent) {

int ncnt = cnt + 1;

if (((_valparttype & AppValue.C_NOCOUNT) == AppValue.C_NOCOUNT) || _parent.isPaused()) {
boolean condInValid = false;
if (pmt != null && apv != null) {
condInValid = !pmt.getFetchResponseVal().getCondValid(apv) && apv.hasCond();
}
if (condInValid
|| ((_valparttype & AppValue.C_NOCOUNT) == AppValue.C_NOCOUNT)
|| _parent.isPaused()) {
ncnt = cnt; // no countup
} else if (ncnt > maxval) {
LOGGER4J.debug(
Expand Down Expand Up @@ -574,7 +586,7 @@ public String getCurrentValue() {
String rval = null;
switch (typeval) {
case T_NUMBER:
int i = countUp(AppValue.C_NOCOUNT, this); // synchronized
int i = countUp(AppValue.C_NOCOUNT, this, null, null); // synchronized
rval = Integer.toString(i);
break;
case T_RANDOM:
Expand Down Expand Up @@ -625,6 +637,11 @@ public final void rewindAppValues() {
}
}

/**
* get JTable row which is generated from AppValue
*
* @return Object[]
*/
public Object[] getNextAppValuesRow() {
AppValue app;
if (it != null && it.hasNext()) {
Expand Down Expand Up @@ -662,7 +679,11 @@ public Object[] getNextAppValuesRow() {
app.getToStepNo() == ParmVars.TOSTEPANY
? "*"
: Integer.toString(app.getToStepNo()),
app.getTokenType().name()
app.getTokenType().name(),
app.getCondRegex(),
app.getCondTargetNo(),
app.requestIsCondRegexTarget(),
app.isReplaceZeroSize()
};
default:
break;
Expand Down
156 changes: 145 additions & 11 deletions ...s/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/AppValue.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/** @author daike */
/** @author gdgd009xcd */
//
// class AppValue
//
Expand All @@ -41,8 +41,8 @@ public class AppValue {
private String valpart; // 置換位置
private int valparttype; // 1-query, 2-body 3-header 4-path.... 16(10000) bit == no count
// 32(100000) == no modify
private String value = null; // value リクエストパラメータの正規表現文字列
private Pattern valueregex; // リクエストパラメータの正規表現
private String value = null; // Target Regex String to embed value in
private Pattern valueregex; // Target Regex to embed value in

private int csvpos;

Expand All @@ -52,8 +52,8 @@ public class AppValue {
private String resRegex = "";
private Pattern Pattern_resRegex = null;
private int resPartType;
private int resRegexPos = -1; // 追跡token ページ内出現位置 0start
private String token; // 追跡token Name
private int resRegexPos = -1; // Tracking token position on page(start 0)
private String token; // Tracking token name
//
// 下記パラメータは、GUI操作時の一時保存値で、保存対象外。スキャン時は未使用。
// This parameter does not use when scanning. only temporarily use for GUI manipulation
Expand All @@ -62,6 +62,18 @@ public class AppValue {

private TokenTypeNames tokentype = TokenTypeNames.INPUT;

// conditional parameter tracking feature
private int condTargetNo = -1; // conditinal tracking targetNo default: -1(any == wildcard "*")
private String condRegex = ""; // conditional tracking regex. if requestNO == condTargetNo
private Pattern Pattern_condRegex = null; // compiled pattern of condRegex
// and it's request or response matched this regex then cache value is updated.
private boolean condRegexTargetIsRequest =
false; // if this value is true then condRegex matches request.

private boolean replaceZeroSize =
false; // if this value is true, request parameter replaced even if fetched tracking
// value is zero size string.

public enum TokenTypeNames {
DEFAULT,
INPUT,
Expand Down Expand Up @@ -143,10 +155,14 @@ public enum ResEncodeTypes {
private boolean enabled = true; // 有効

private void initctype() {
Pattern_condRegex = null;
condTargetNo = -1;
condRegex = null;
trackkey = null;
resFetchedValue = null;
enabled = true;
tokentype = TokenTypeNames.INPUT;
replaceZeroSize = false;
}

public AppValue() {
Expand Down Expand Up @@ -206,7 +222,11 @@ public AppValue(
boolean _urlenc,
int _fromStepNo,
int _toStepNo,
String _tokentypename) {
String _tokentypename,
String condRegex,
int condTargetNo,
boolean condRegexTargetIsRequest,
boolean replaceZeroSize) {
initctype();
setValPart(_Type);
setEnabled(!_disabled); // NOT
Expand All @@ -221,6 +241,10 @@ public AppValue(
fromStepNo = _fromStepNo;
toStepNo = _toStepNo;
tokentype = parseTokenTypeName(_tokentypename);
setCondRegex(condRegex);
this.condTargetNo = condTargetNo;
this.condRegexTargetIsRequest = condRegexTargetIsRequest;
this.replaceZeroSize = replaceZeroSize;
}

/**
Expand Down Expand Up @@ -477,6 +501,15 @@ public Pattern getPattern_resRegex() {
return Pattern_resRegex;
}

/**
* get regex pattern for conditional parameter tracking
*
* @return
*/
public Pattern getPattern_condRegex() {
return Pattern_condRegex;
}

public String getresRegex() {
return resRegex;
}
Expand All @@ -497,6 +530,104 @@ public void setresRegex(String _regex) {
}
}

/**
* set regex pattern for conditional parameter tracking
*
* @param _regex
*/
public void setCondRegex(String _regex) {
if (_regex == null) _regex = "";
this.condRegex = _regex;
try {
this.Pattern_condRegex = ParmGenUtil.Pattern_compile(this.condRegex);
} catch (Exception e) {
LOGGER4J.error("ERROR: setcondRegex ", e);
this.Pattern_condRegex = null;
}
}

public String getCondRegex() {
return condRegex;
}

public void setCondRegexURLencoded(String _regex) {
if (_regex == null) _regex = "";
setCondRegex(URLdecode(_regex));
}

/**
* get conditinal target request No.
*
* @return
*/
public int getCondTargetNo() {
return condTargetNo;
}

/**
* set conditinal target request No.
*
* @param nstr String - String of number representation. specialcase is "*" or "" => -1
*/
public void setCondTargetNo(String nstr) {
if (nstr == null || nstr.isEmpty() || nstr.equals("*")) {
condTargetNo = -1;
} else {
try {
condTargetNo = Integer.parseInt(nstr);
} catch (Exception e) {
condTargetNo = -1;
}
}
}

public void setCondTargetNo(int no) {
condTargetNo = no;
}

/** condition parameter tracking is exist */
public boolean hasCond() {
return Pattern_condRegex != null && condTargetNo != -1;
}

/**
* Whether the conditional regular expression applies to requests or responses
*
* @return true - applies to request.
*/
public boolean requestIsCondRegexTarget() {
return condRegexTargetIsRequest;
}

/**
* set conditional reqular expression target which is request or not.
*
* @param b
*/
public void setRequestIsCondTegexTarget(boolean b) {
condRegexTargetIsRequest = b;
}

/**
* get replaceZeroSize boolean. if this value true, then request parameter replace even if
* tracking value is zero size string.
*
* @return
*/
public boolean isReplaceZeroSize() {
return this.replaceZeroSize;
}

/**
* set replaceZeroSize boolean. if this value true, then request parameter replace even if
* tracking value is zero size string.
*
* @param b
*/
public void setReplaceZeroSize(boolean b) {
this.replaceZeroSize = b;
}

public void setresPartType(String respart) {
if (respart == null) respart = "";
resPartType = parseValPartType(respart);
Expand Down Expand Up @@ -692,7 +823,6 @@ String[] replaceContents(
if (toStepNo != ParmVars.TOSTEPANY) {
if (currentStepNo != toStepNo) {
return null; //
} else {
}
// tokentype 固定。tokentypeは追跡元のタイプなので、追跡先toStepNoの埋め込み先タイプとは無関係で無視する。
// tk = new ParmGenTokenKey(AppValue.TokenTypeNames.DEFAULT, token, toStepNo);
Expand Down Expand Up @@ -725,7 +855,7 @@ String[] replaceContents(
+ " TokenName:"
+ token;
ParmGenTokenKey errorhash_key = new ParmGenTokenKey(TokenTypeNames.DEFAULT, errKeyName, 0);
Matcher m = valueregex.matcher(contents);
Matcher m = valueregex.matcher(contents); // embed target match
Matcher m_org = null;

if (org_contents_iso8859 != null) {
Expand Down Expand Up @@ -775,7 +905,8 @@ String[] replaceContents(
LOGGER4J.debug("org_matchval[" + org_matchval + "] matchval[" + matchval + "]");
strcnt = differ.replaceOrgMatchedValue(strcnt);
}
if (strcnt != null) {
if (strcnt != null
&& (!strcnt.isEmpty() || strcnt.isEmpty() && this.isReplaceZeroSize())) {
LOGGER4J.info(
java.text.MessageFormat.format(
bundle.getString("ParmGen.parameter_regex_msg1.text"),
Expand Down Expand Up @@ -803,7 +934,7 @@ String[] replaceContents(
errorhash.put(errorhash_key, errorhash_value);
}
}
if (isnull) { // 値取得失敗時は、オリジナルに戻す。
if (isnull) { // if
strcnt = matchval;
org_newval = org_matchval;
}
Expand Down Expand Up @@ -850,7 +981,10 @@ public boolean isSameContents(AppValue app) {
&& this.urlencode == app.urlencode
&& this.resencodetype == app.resencodetype
&& this.fromStepNo == app.fromStepNo
&& this.toStepNo == app.toStepNo) {
&& this.toStepNo == app.toStepNo
&& ParmGenUtil.nullableStringEquals(this.condRegex, app.condRegex)
&& this.condTargetNo == app.condTargetNo
&& this.condRegexTargetIsRequest == app.condRegexTargetIsRequest) {
return true;
}
return false;
Expand Down
2 changes: 1 addition & 1 deletion .../automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CSVParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/** @author daike */
/** @author gdgd009xcd */
public class CSVParser {
static Pattern pattern =
ParmGenUtil.Pattern_compile("(\"[^\"]*(?:\"\"[^\"]*)*\"|[^,\"]*)[ \t]*?,");
Expand Down
2 changes: 1 addition & 1 deletion .../automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CastUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*/
package org.zaproxy.zap.extension.automacrobuilder;

/** @author daike */
/** @author gdgd009xcd */
public class CastUtils {

/**
Expand Down
2 changes: 1 addition & 1 deletion .../automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CookieKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

import java.util.Objects;

/** @author daike */
/** @author gdgd009xcd */
public class CookieKey implements Comparable<CookieKey> {
private String domain;
private String name;
Expand Down
2 changes: 1 addition & 1 deletion ...acrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/CookiePathValue.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*/
package org.zaproxy.zap.extension.automacrobuilder;

/** @author daike */
/** @author gdgd009xcd */
public class CookiePathValue {
private String path;
private String value;
Expand Down
Loading

0 comments on commit 38af6bc

Please sign in to comment.