Skip to content

Commit

Permalink
Merge pull request #38 from gdgd009xcd/ARCADIUS240415
Browse files Browse the repository at this point in the history 
## [v1.1.20] - 2024-04-17
  • Loading branch information
@gdgd009xcd
gdgd009xcd authored Apr 17, 2024
2 parents a20c3a6 + 90b8655 commit 0099079
Show file tree
Hide file tree
Showing 15 changed files with 86 additions and 1,571 deletions.
6 changes: 6 additions & 0 deletions addOns/automacrobuilder/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,12 @@
All notable changes to this add-on will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## [v1.1.20] - 2024-04-17
### Changed
- maintenance: Removed unused classes (related to "Tamper" GUI)
- bugfix: fixed bug in embeding tracking value to path

## [v1.1.19] - 2024-03-28
### Changed
- bugfix: Changed to correctly encode and decode the HttpRequest body based on Content-Encoding.
Expand Down
2 changes: 1 addition & 1 deletion addOns/automacrobuilder/automacrobuilder.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import org.zaproxy.gradle.addon.AddOnStatus

version = "1.1.19"
version = "1.1.20"
description = "AutoMacroBuilder for ZAP"

tasks.withType<JavaCompile> {
Expand Down
95 changes: 52 additions & 43 deletions ...s/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/AppValue.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ public class AppValue {
private static final ResourceBundle bundle = ResourceBundle.getBundle("burp/Bundle");

// valparttype, value, token, tamattack,tamadvance,tamposition,urlencode
// 置換位置,置換しない, value, Name, Attack, Advance, Position, URLencode
private String valpart; // 置換位置
// target part, replace or not, value, Name, Attack, Advance, Position, URLencode
private String valpart; // target part of replacing in Http request
private int valparttype; // 1-query, 2-body 3-header 4-path.... 16(10000) bit == no count
// 32(100000) == no modify
private String value = null; // Target Regex String to embed value in
Expand All @@ -53,10 +53,9 @@ public class AppValue {
private int resRegexPos = -1; // Tracking token position on page(start 0)
private String token; // Tracking token name
//
// 下記パラメータは、GUI操作時の一時保存値で、保存対象外。スキャン時は未使用。
// This parameter does not use when scanning. only temporarily use for GUI manipulation
// This parameter does not use when scanning. only temporarily use for GUI manipulation, so it is not saved to file.
private String resFetchedValue =
null; // レスポンスからフェッチしたtokenの値 Token obtained from response during tracking process
null; // Token extracted from response during tracking process

private TokenTypeNames tokentype = TokenTypeNames.INPUT;

Expand Down Expand Up @@ -89,21 +88,18 @@ public enum TokenTypeNames {
private boolean urlencode; // Whether to encode URL

private ResEncodeTypes resencodetype =
ResEncodeTypes.RAW; // 追跡元のエンコードタイプ Encode type of tracking param json/raw/urlencode
ResEncodeTypes.RAW; // Encode type of tracking source

public enum ResEncodeTypes {
RAW,
JSON,
URLENCODE,
}

private int fromStepNo = -1; // TRACK追跡元 <0 : 無条件で追跡 >=0: 指定StepNoのリクエスト追跡
// Line number of response from which getting tracking parameter in RequestList sequence
private int fromStepNo = -1;// this is the position to extract the tracking parameter value
// < 0: get tracking value from any response
// >=0: get tracking value from specified request line number's response
private int toStepNo = EnvironmentVariables.TOSTEPANY; // TRACK:更新先
//  >0:指定したStepNoのリクエスト更新
// Line number of request to which setting tracking paramter in RequestList sequence
private int toStepNo = EnvironmentVariables.TOSTEPANY; // this is the position to embed the tracking parameter value
// <0 : No Operation.
// >=0 and < TOSTEPANY: set tracking value to specified line number's request
// ==TOSTEPANY: set tracking value to any request.
Expand Down Expand Up @@ -143,15 +139,6 @@ public enum ResEncodeTypes {
public static final int I_REPLACE = 2;
public static final int I_REGEX = 3;

private static String[] payloadpositionnames = {
// 診断パターン挿入位置
// append 値末尾に追加
// insert 値先頭に挿入
// replace 値をパターンに置き換え
// regex 埋め込み箇所正規表現指定
"append", "insert", "replace", "regex", null
};

private boolean enabled = true; // enable/disable flag

private void initctype() {
Expand Down Expand Up @@ -387,13 +374,6 @@ public void setEnabled(boolean b) {
enabled = b;
}

public String getPayloadPositionName(int it) {
if (payloadpositionnames.length > it && it >= 0) {
return payloadpositionnames[it];
}
return "";
}

/**
* Get ResEncodeTypes : response page content type JSON/RAW/URLENCODE..
*
Expand Down Expand Up @@ -431,16 +411,7 @@ public ResEncodeTypes parseResEncodeTypeString(String t) {
return ResEncodeTypes.RAW;
}

public static String[] makePayloadPositionNames() {
return new String[] {
payloadpositionnames[I_APPEND],
payloadpositionnames[I_INSERT],
payloadpositionnames[I_REPLACE],
payloadpositionnames[I_REGEX]
};
}

// ParmGenNew 数値、追跡テーブル用 ターゲットリクエストパラメータタイプリスト
// Target Request Parameter Type List for tracking table
public static String[] makeTargetRequestParamTypes() {
return new String[] {
ctypestr[V_PATH], ctypestr[V_QUERY], ctypestr[V_BODY], ctypestr[V_HEADER]
Expand Down Expand Up @@ -725,7 +696,7 @@ public static int parseValPartType(String _valtype) {
int _valparttype = 0;
String[] ivals = _valtype.split(":");
String valtypewithflags = ivals[0];
String _ctypestr = valtypewithflags.replaceAll("[^0-9a-zA-Z]", ""); // 英数字以外を除去
String _ctypestr = valtypewithflags.replaceAll("[^0-9a-zA-Z]", ""); // exclude other than alphanum
for (int i = 1; ctypestr[i] != null; i++) {
if (_ctypestr.equalsIgnoreCase(ctypestr[i])) {
_valparttype = i;
Expand Down Expand Up @@ -795,23 +766,56 @@ String getVal() {
return value;
}

String[] replaceContents(
public String[] replacePathContents(
ParmGenMacroTrace pmt,
AppParmsIni pini,
String contents,
String org_contents_iso8859,
ParmGenHashMap errorhash
){
return replaceContents(pmt, pini, contents, org_contents_iso8859, errorhash, 1);
}

public String[] replaceContents(
ParmGenMacroTrace pmt,
AppParmsIni pini,
String contents,
String org_contents_iso8859,
ParmGenHashMap errorhash
){
return replaceContents(pmt, pini, contents, org_contents_iso8859, errorhash, -1);
}

/**
* replace target contents with value of org_contents_iso8859
*
* @param pmt
* @param pini
* @param contents replace target
* @param org_contents_iso8859 the value of replacing
* @param errorhash buffer for collecting results or errors.
* @param foundCount matcher.find counter. <BR> >0: replace until reaching this value.<BR> ==-1 : replace All.
* @return
*/
private String[] replaceContents(
ParmGenMacroTrace pmt,
int currentStepNo,
AppParmsIni pini,
String contents,
String org_contents_iso8859,
ParmGenHashMap errorhash) {
ParmGenHashMap errorhash,
int foundCount
) {
if (contents == null) return null;
if (valueregex == null) return null;
int currentStepNo = pmt.getStepNo();
ParmGenTokenKey tk = null;
if (toStepNo >= 0) {
if (toStepNo != EnvironmentVariables.TOSTEPANY) {
if (currentStepNo != toStepNo) {
return null; //
}
// tokentype 固定。tokentypeは追跡元のタイプなので、追跡先toStepNoの埋め込み先タイプとは無関係で無視する。
// tk = new ParmGenTokenKey(AppValue.TokenTypeNames.DEFAULT, token, toStepNo);
// tokentype is static. tokentype is the type for tracking value source, it is no relation to toStepNo.
// toStepNo is the type for tracking value destination.
tk =
new ParmGenTokenKey(
TokenTypeNames.DEFAULT,
Expand Down Expand Up @@ -933,6 +937,11 @@ String[] replaceContents(
o_tailcontents = org_contents_iso8859.substring(o_ept);
}
}
if (foundCount > 0) {
if (--foundCount <= 0) {
break;
}
}
}
newcontents = newcontents + tailcontents;
if (newcontents.length() == 0) {
Expand Down
8 changes: 3 additions & 5 deletions ...ns/automacrobuilder/src/main/java/org/zaproxy/zap/extension/automacrobuilder/ParmGen.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ PRequest ParseRequest(
// switch(av.valparttype & AppValue.C_VTYPE){
case AppValue.V_PATH: // path
// path = url
nvcont = av.replaceContents(pmt, pmt.getStepNo(), pini, path, orig_url, errorhash);
nvcont = av.replacePathContents(pmt, pini, path, orig_url, errorhash);
if (nvcont != null) {
String n_path = nvcont[0];
String o_path = nvcont[1];
Expand All @@ -109,7 +109,7 @@ PRequest ParseRequest(
String query = url.substring(qpos + 1);
nvcont =
av.replaceContents(
pmt, pmt.getStepNo(), pini, query, orig_query, errorhash);
pmt, pini, query, orig_query, errorhash);

if (nvcont != null) {
String n_query = nvcont[0];
Expand Down Expand Up @@ -166,7 +166,7 @@ PRequest ParseRequest(
}
nvcont =
av.replaceContents(
pmt, pmt.getStepNo(), pini, hval, orig_hval, errorhash);
pmt, pini, hval, orig_hval, errorhash);
if (nvcont != null) {
String n_hval = nvcont[0];
String o_hval = nvcont[1];
Expand Down Expand Up @@ -208,7 +208,6 @@ PRequest ParseRequest(
nvcont =
av.replaceContents(
pmt,
pmt.getStepNo(),
pini,
content,
org_content_iso8859,
Expand Down Expand Up @@ -311,7 +310,6 @@ PRequest ParseRequest(
nvcont =
av.replaceContents(
pmt,
pmt.getStepNo(),
pini,
partdatastr,
org_content_iso8859,
Expand Down
4 changes: 2 additions & 2 deletions ...r/src/main/java/org/zaproxy/zap/extension/automacrobuilder/generated/ParmGenAddParms.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,8 @@ public void update(){
String namedecoded = name;
try {
namedecoded = URLDecoder.decode(name, selectedRequestEncode.getIANACharsetName());
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(ParmGenAddParms.class.getName()).log(Level.SEVERE, null, ex);
} catch (Exception ex) {// catch all Exceptions which contains null.
LOGGER4J.error(ex.getMessage(), ex);
}
if(names.contains(namedecoded)){// select list entry which value matched namedecoded
lmodel.addSelectionInterval(j, j);
Expand Down
Loading

0 comments on commit 0099079

Please sign in to comment.