Skip to content

Commit

Permalink
bugfix: tracking button action failed if request/response JSON parame…
Browse files Browse the repository at this point in the history 
…ter has no name.

bugfix: MacroBuilder GUI does not show JSON contents which is larger than 20k bytes.
  • Loading branch information
@gdgd009xcd
gdgd009xcd committed Jul 27, 2021
1 parent a3f3c59 commit 39c4c58
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 31 deletions.
2 changes: 1 addition & 1 deletion addOns/automacrobuilder/automacrobuilder.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import org.zaproxy.gradle.addon.AddOnStatus

version = "1.0.1"
version = "1.0.2"
description = "AutoMacroBuilder for ZAP"

tasks.withType<JavaCompile> {
Expand Down
10 changes: 9 additions & 1 deletion .../automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/PResponse.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,13 +185,19 @@ public List<PResponse.ResponseChunk> getResponseChunks(
List<PResponse.ResponseChunk> reschunks = new ArrayList<>();

String displayablecontents = "";
String application_json_contents = "";
if (tcontent_type != null && !tcontent_type.isEmpty()) {
LOGGER4J.debug("content-type[" + tcontent_type + "]");
List<String> matches =
ParmGenUtil.getRegexMatchGroups("image/(jpeg|png|gif)", tcontent_type);
if (matches.size() > 0) {
displayablecontents = matches.get(0);
}
List<String> jsonmatches =
ParmGenUtil.getRegexMatchGroups("application/(json)", tcontent_type);
if (jsonmatches.size() > 0) {
application_json_contents = jsonmatches.get(0);
}
}

int partno = 0;
Expand All @@ -205,7 +211,9 @@ public List<PResponse.ResponseChunk> getResponseChunks(
PResponse.ResponseChunk.CHUNKTYPE chntype = PResponse.ResponseChunk.CHUNKTYPE.CONTENTS;
if (!displayablecontents.isEmpty()) {
chntype = PResponse.ResponseChunk.CHUNKTYPE.CONTENTSIMG;
} else if (tbodies != null && tbodies.length > 20000) {
} else if (tbodies != null
&& tbodies.length > 20000
&& application_json_contents.isEmpty()) {
chntype = PResponse.ResponseChunk.CHUNKTYPE.CONTENTSBINARY;
}

Expand Down
9 changes: 8 additions & 1 deletion ...crobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParseHTTPHeaders.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1355,7 +1355,14 @@ public List<String> getSetCookieHeaders() {
return setcookieheaders;
}

//
/**
* extract request header patterns which has tkval value<br>
* e.g. cookie: name=tkval<br>
* Authorization: Bearer tkval
*
* @param tkval
* @return
*/
public ArrayList<HeaderPattern> hasHeaderMatchedValue(String tkval) {
//
ArrayList<HeaderPattern> alist = new ArrayList<>();
Expand Down
65 changes: 37 additions & 28 deletions ...er/src/main/java/org/zaproxy/zap/extension/automacrobuilder/generated/MacroBuilderUI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -913,7 +913,7 @@ private void customActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:

ParmGen.twin.VisibleWhenJSONSaved(this);
updateSelectedTabIndex();


}//GEN-LAST:event_customActionPerformed

Expand Down Expand Up @@ -1149,25 +1149,22 @@ public void approveSelection() {
"oauth"
};

//token追跡自動設定。。
//ArrayList<ParmGenToken> tracktokenlist = new ArrayList<ParmGenToken>();
ArrayList<ParmGenResToken> urltokens = new ArrayList<ParmGenResToken>();
ArrayList<ParmGenResToken> urltokens = new ArrayList<ParmGenResToken>();// extracted token parameter from Responses.
Pattern patternw32 = ParmGenUtil.Pattern_compile("\\w{32}");

List<AppParmsIni> newparms = new ArrayList<AppParmsIni>();//生成するパラメータ
List<AppParmsIni> newparms = new ArrayList<AppParmsIni>();// generating parameter for tracking
PRequestResponse respqrs = null;
//int row = 0;
int pos = 0;

for (PRequestResponse pqrs : orglist) {
HashMap<ParmGenTrackingToken, String> addedtokens = new HashMap<ParmGenTrackingToken, String>();
HashMap<ParmGenTrackingToken, String> addedtokens = new HashMap<ParmGenTrackingToken, String>();// tokens already extracted from urltokens
for(ListIterator<ParmGenResToken> it = urltokens.listIterator(urltokens.size());it.hasPrevious();){//urltokens: extracted tokenlist from Response.
//for loop order: fromStepno in descending order(hasPrevious)

//リクエストにtracktokenlistのトークンが含まれる場合のみ
ParmGenResToken restoken = it.previous();
int fromStepNo = restoken.fromStepNo;
ArrayList<ParmGenTrackingToken> requesttokenlist = new ArrayList<ParmGenTrackingToken>();
ArrayList<ParmGenTrackingToken> requesttokenlist = new ArrayList<ParmGenTrackingToken>();// token that matched request parameter.

for(int phase = 0 ; phase<2; phase++){//phase 0: request's token name & value matched,then add to request token list
// phase 1: request's token name matched. then add to request token list.
Expand All @@ -1181,7 +1178,16 @@ public void approveSelection() {
ParmGenRequestToken _QToken = null;
ParmGenToken _RToken = null;
for(ParmGenToken reqtkn : reqjtklist){
if((reqtkn.getTokenKey().getName().equals(token)&& reqtkn.getTokenValue().getValue().equals(value))||(phase==1 && reqtkn.getTokenKey().getName().equals(token))){// same name && value
String requestJsonTokenName = null;
ParmGenTokenKey requestJsonParmGenTokenkey = reqtkn.getTokenKey();
if (requestJsonParmGenTokenkey != null) {
requestJsonTokenName = requestJsonParmGenTokenkey.getName();
}
if(requestJsonTokenName != null
&& !requestJsonTokenName.isEmpty()
&& ((requestJsonTokenName.equals(token)
&& reqtkn.getTokenValue().getValue().equals(value))
||(phase==1 && requestJsonTokenName.equals(token)))){// same name && value
//We found json tracking parameter in request.
_RToken = tkn;
_QToken = new ParmGenRequestToken(reqtkn);
Expand Down Expand Up @@ -1438,32 +1444,35 @@ public void approveSelection() {
for (ParmGenToken token : tklist) {
//PHPSESSID, token, SesID, jsessionid
String tokenname = token.getTokenKey().getName();
boolean namematched = false;
for (String tkn : tknames) {//予約語に一致
if (tokenname.equalsIgnoreCase(tkn)) {//完全一致 tokenname that matched reserved token name
namematched = true;
break;
}
}
if (!namematched) {//nameはtknamesに一致しない
for (String tkn : tknames) {
if (tokenname.toUpperCase().indexOf(tkn.toUpperCase()) != -1) {//予約語に部分一致 tokenname that partially matched reserved token name
String tokenvalue = token.getTokenValue().getValue();
if (tokenname != null && !tokenname.isEmpty()) { // token must have name.
boolean namematched = false;
for (String tkn : tknames) {//予約語に一致
if (tokenname.equalsIgnoreCase(tkn)) {//完全一致 tokenname that matched reserved token name
namematched = true;
break;
}
}
}
// value値がToken値だとみられる
if (!namematched) {//nameはtknamesに一致しない
String tokenvalue = token.getTokenValue().getValue();
if (!namematched) {//nameはtknamesに一致しない
for (String tkn : tknames) {
if (tokenname.toUpperCase().indexOf(tkn.toUpperCase()) != -1) {//予約語に部分一致 tokenname that partially matched reserved token name
namematched = true;
break;
}
}
}
// value値がToken値だとみられる
if (!namematched) {//nameはtknamesに一致しない

if (ParmGenUtil.isTokenValue(tokenvalue)) {// token value that looks like tracking token
namematched = true;

if (ParmGenUtil.isTokenValue(tokenvalue)) {// token value that looks like tracking token
namematched = true;
}
}
token.setEnabled(namematched);//namematched==true: token that looks like tracking token
trackurltoken.tracktokenlist.add(token);
trackurltoken.fromStepNo = pos;
}
token.setEnabled(namematched);//namematched==true: token that looks like tracking token
trackurltoken.tracktokenlist.add(token);
trackurltoken.fromStepNo = pos;

}

Expand Down

0 comments on commit 39c4c58

Please sign in to comment.