Merge pull request #163 from usdAG/develop

Release v1.3.4
usdAG · Nov 1, 2024 · ae51566 · ae51566
2 parents 3d6b813 + e01d021
commit ae51566
Show file tree

Hide file tree

Showing 49 changed files with 969 additions and 125 deletions.
diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml
@@ -40,7 +40,7 @@ jobs:
       run: mvn -B package --file pom.xml
 
     - name: Archive generated JAR file
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: cstc-develop-artifact
         path: target/CSTC-*
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -40,7 +40,7 @@ jobs:
       run: mvn -B package --file pom.xml
 
     - name: Archive generated JAR file
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: cstc-master-artifact
         path: target/CSTC-*
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,30 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [1.3.4] - 2024-11-01
+
+### Added
+
+* Add functionality to add or remove lanes
+* Add CSTC Formatting Tab to Message Editor to view Formatting output
+* Add Xml Setter Operation
+* Add Strip Operation to remove leading or trailing whitespaces
+* Add Collapse All / Expand All buttons to Operations Tree
+* Add Remove Whitespace Operation
+
+### Changed
+
+* Refactor Http Xml Setter Operation
+* Disable Bake button when Autobake is enabled
+* Refactor Operations Tree for Outgoing/Incoming/Formatting to not contain redundant operations
+
+### Fixed
+
+* Fix UI bug of shifted component layout in Formatting Tab
+* Fix appearance of Null Bytes in various operations
+* Fix possible Race Condition on stored variables with Autobake enabled and Filter active
+
+
 ## [1.3.3] - 2024-07-30
 
 ### Fixed

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.usd.CSTC</groupId>
 	<artifactId>CSTC</artifactId>
-	<version>1.3.3</version>
+	<version>1.3.4</version>
 	<name>CSTC</name>
 	<description>CSTC</description>
 
@@ -23,25 +23,25 @@
 		<dependency>
 			<groupId>net.portswigger.burp.extensions</groupId>
 			<artifactId>montoya-api</artifactId>
-			<version>2023.12.1</version>
+			<version>2024.7</version>
 		</dependency>
 
 		<dependency>
 			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcprov-jdk15on</artifactId>
-			<version>1.70</version>
+			<artifactId>bcprov-jdk18on</artifactId>
+			<version>1.78</version>
 		</dependency>
 
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.17.2</version>
+			<version>2.18.1</version>
 		</dependency>
 
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.17.2</version>
+			<version>2.18.1</version>
 		</dependency>
 
 		<dependency>
@@ -103,7 +103,7 @@
 			<plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.3.1</version>
+                <version>3.5.1</version>
                 <configuration>
         		  <trimStackTrace>false</trimStackTrace>
 				  <redirectTestOutputToFile>true</redirectTestOutputToFile>

diff --git a/res/collapse_all.png b/res/collapse_all.png
diff --git a/res/expand_all.png b/res/expand_all.png
diff --git a/res/minus.png b/res/minus.png
diff --git a/res/plus.png b/res/plus.png
diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java
@@ -26,6 +26,8 @@ public void initialize(MontoyaApi api) {
         api.http().registerHttpHandler(new CstcHttpHandler(view));
         api.userInterface().registerSuiteTab(extensionName, view);
         api.userInterface().registerHttpRequestEditorProvider(new MyHttpRequestEditorProvider(view));
+        api.userInterface().registerHttpRequestEditorProvider(new MyHttpRequestEditorProviderFormatting(view));
+        api.userInterface().registerHttpResponseEditorProvider(new MyHttpResponseEditorProviderFormatting(view));
 
         if (!api.burpSuite().version().edition().equals(BurpSuiteEdition.COMMUNITY_EDITION)) {
             PersistedObject persistence = api.persistence().extensionData();
@@ -50,6 +52,7 @@ private void restoreFilterState(PersistedObject persistence) {
         try {
             BurpUtils.getInstance().setFilterState(new ObjectMapper().readValue(persistence.getString("FilterState"), FilterState.class));
             RequestFilterDialog.getInstance().updateFilterSettings();
+            view.preventRaceConditionOnVariables();
         } catch (Exception e) {
             Logger.getInstance().log(
                     "Could not restore the filter state. If this is the first time using CSTC in a project, you can ignore this message. " + e.getMessage());

diff --git a/src/main/java/burp/BurpUtils.java b/src/main/java/burp/BurpUtils.java
@@ -60,7 +60,7 @@ public static boolean inBurp() {
     }
 
     public static ByteArray subArray(ByteArray array, int start, int end){
-        return start == end ? ByteArray.byteArray(0) : array.subArray( start, end);
+        return start == end ? ByteArray.byteArrayOfLength(0) : array.subArray( start, end);
     }
 
 }
diff --git a/src/main/java/burp/MyExtensionProvidedHttpRequestEditorFormatting.java b/src/main/java/burp/MyExtensionProvidedHttpRequestEditorFormatting.java
@@ -0,0 +1,73 @@
+package burp;
+
+import burp.api.montoya.MontoyaApi;
+import burp.api.montoya.core.ByteArray;
+import burp.api.montoya.http.message.HttpRequestResponse;
+import burp.api.montoya.http.message.requests.HttpRequest;
+import burp.api.montoya.ui.Selection;
+import burp.api.montoya.ui.editor.EditorOptions;
+import burp.api.montoya.ui.editor.RawEditor;
+import burp.api.montoya.ui.editor.extension.EditorCreationContext;
+import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
+import de.usd.cstchef.Utils.MessageType;
+import de.usd.cstchef.view.View;
+
+import java.awt.*;
+
+public class MyExtensionProvidedHttpRequestEditorFormatting implements ExtensionProvidedHttpRequestEditor
+{
+    private final RawEditor requestEditor;
+    private HttpRequestResponse requestResponse;
+    private final MontoyaApi api;
+    private final View view;
+
+    MyExtensionProvidedHttpRequestEditorFormatting(EditorCreationContext creationContext, View view)
+    {
+        this.api = BurpUtils.getInstance().getApi();
+        this.view = view;
+        requestEditor = api.userInterface().createRawEditor(EditorOptions.READ_ONLY);
+    }
+
+    @Override
+    public HttpRequest getRequest()
+    {
+        return requestResponse.request();
+    }
+
+    @Override
+    public void setRequestResponse(HttpRequestResponse requestResponse)
+    {
+        ByteArray result = view.getFormatRecipePanel().bake(requestResponse.request().toByteArray(), MessageType.REQUEST);
+        this.requestEditor.setContents(result);
+    }
+
+    @Override
+    public boolean isEnabledFor(HttpRequestResponse requestResponse)
+    {
+        return requestResponse.request() != null;
+    }
+
+    @Override
+    public String caption()
+    {
+        return "CSTC Formatting";
+    }
+
+    @Override
+    public Component uiComponent()
+    {
+        return requestEditor.uiComponent();
+    }
+
+    @Override
+    public Selection selectedData()
+    {
+        return requestEditor.selection().isPresent() ? requestEditor.selection().get() : null;
+    }
+
+    @Override
+    public boolean isModified()
+    {
+        return requestEditor.isModified();
+    }
+}
diff --git a/src/main/java/burp/MyExtensionProvidedHttpResponseEditorFormatting.java b/src/main/java/burp/MyExtensionProvidedHttpResponseEditorFormatting.java
@@ -0,0 +1,73 @@
+package burp;
+
+import burp.api.montoya.MontoyaApi;
+import burp.api.montoya.core.ByteArray;
+import burp.api.montoya.http.message.HttpRequestResponse;
+import burp.api.montoya.http.message.responses.HttpResponse;
+import burp.api.montoya.ui.Selection;
+import burp.api.montoya.ui.editor.EditorOptions;
+import burp.api.montoya.ui.editor.RawEditor;
+import burp.api.montoya.ui.editor.extension.EditorCreationContext;
+import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpResponseEditor;
+import de.usd.cstchef.Utils.MessageType;
+import de.usd.cstchef.view.View;
+
+import java.awt.*;
+
+public class MyExtensionProvidedHttpResponseEditorFormatting implements ExtensionProvidedHttpResponseEditor
+{
+    private final RawEditor responseEditor;
+    private HttpRequestResponse requestResponse;
+    private final MontoyaApi api;
+    private final View view;
+
+    MyExtensionProvidedHttpResponseEditorFormatting(EditorCreationContext creationContext, View view)
+    {
+        this.api = BurpUtils.getInstance().getApi();
+        this.view = view;
+        responseEditor = api.userInterface().createRawEditor(EditorOptions.READ_ONLY);
+    }
+
+    @Override
+    public HttpResponse getResponse()
+    {
+        return requestResponse.response();
+    }
+
+    @Override
+    public void setRequestResponse(HttpRequestResponse requestResponse)
+    {
+        ByteArray result = view.getFormatRecipePanel().bake(requestResponse.response().toByteArray(), MessageType.RESPONSE);
+        this.responseEditor.setContents(result);
+    }
+
+    @Override
+    public boolean isEnabledFor(HttpRequestResponse requestResponse)
+    {
+        return requestResponse.response() != null;
+    }
+
+    @Override
+    public String caption()
+    {
+        return "CSTC Formatting";
+    }
+
+    @Override
+    public Component uiComponent()
+    {
+        return responseEditor.uiComponent();
+    }
+
+    @Override
+    public Selection selectedData()
+    {
+        return responseEditor.selection().isPresent() ? responseEditor.selection().get() : null;
+    }
+
+    @Override
+    public boolean isModified()
+    {
+        return responseEditor.isModified();
+    }
+}
diff --git a/src/main/java/burp/MyHttpRequestEditorProviderFormatting.java b/src/main/java/burp/MyHttpRequestEditorProviderFormatting.java
@@ -0,0 +1,28 @@
+package burp;
+
+import burp.api.montoya.core.ToolType;
+import burp.api.montoya.ui.editor.extension.EditorCreationContext;
+import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
+import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
+import de.usd.cstchef.view.View;
+
+class MyHttpRequestEditorProviderFormatting implements HttpRequestEditorProvider
+{
+    private final View view;
+
+    MyHttpRequestEditorProviderFormatting(View view){
+        this.view = view;
+    }
+
+    @Override
+    public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext creationContext)
+    {
+        // everywhere but in CSTC itself
+        if(!creationContext.toolSource().isFromTool(ToolType.EXTENSIONS)) {
+            return new MyExtensionProvidedHttpRequestEditorFormatting(creationContext, view);
+        }
+        else {
+            return null;
+        }
+    }
+}
diff --git a/src/main/java/burp/MyHttpResponseEditorProviderFormatting.java b/src/main/java/burp/MyHttpResponseEditorProviderFormatting.java
@@ -0,0 +1,28 @@
+package burp;
+
+import burp.api.montoya.core.ToolType;
+import burp.api.montoya.ui.editor.extension.EditorCreationContext;
+import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpResponseEditor;
+import burp.api.montoya.ui.editor.extension.HttpResponseEditorProvider;
+import de.usd.cstchef.view.View;
+
+class MyHttpResponseEditorProviderFormatting implements HttpResponseEditorProvider
+{
+    private final View view;
+
+    MyHttpResponseEditorProviderFormatting(View view){
+        this.view = view;
+    }
+
+    @Override
+    public ExtensionProvidedHttpResponseEditor provideHttpResponseEditor(EditorCreationContext creationContext)
+    {
+        // everywhere but in CSTC itself
+        if(!creationContext.toolSource().isFromTool(ToolType.EXTENSIONS)) {
+            return new MyExtensionProvidedHttpResponseEditorFormatting(creationContext, view);
+        }
+        else {
+            return null;
+        }
+    }
+}