diff --git a/addOns/accessControl/CHANGELOG.md b/addOns/accessControl/CHANGELOG.md index 9fb95bd3166..8ed1837ad0b 100644 --- a/addOns/accessControl/CHANGELOG.md +++ b/addOns/accessControl/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Maintenance changes. ## [10] - 2024-03-25 diff --git a/addOns/addOns.gradle.kts b/addOns/addOns.gradle.kts index 2af67fd8189..6a5cdd6bc6f 100644 --- a/addOns/addOns.gradle.kts +++ b/addOns/addOns.gradle.kts @@ -174,7 +174,7 @@ subprojects { } } - val zapGav = "org.zaproxy:zap:2.16.0" + val zapGav = "org.zaproxy:zap:2.17.0-SNAPSHOT" dependencies { "zap"(zapGav) } @@ -187,7 +187,7 @@ subprojects { ) manifest { - zapVersion.set("2.16.0") + zapVersion.set("2.17.0") changesFile.set(tasks.named("generateManifestChanges").flatMap { it.html }) repo.set("https://github.com/zaproxy/zap-extensions/") diff --git a/addOns/alertFilters/CHANGELOG.md b/addOns/alertFilters/CHANGELOG.md index 53ee1b537fa..9e104fef62d 100644 --- a/addOns/alertFilters/CHANGELOG.md +++ b/addOns/alertFilters/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [25] - 2025-11-04 ### Changed diff --git a/addOns/alertFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java b/addOns/alertFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java index 08589f24309..107ee5e95f3 100644 --- a/addOns/alertFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java +++ b/addOns/alertFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java @@ -452,7 +452,7 @@ private void updateAlert(Alert alert, AlertFilter filter) { alert.getPluginId(), filter.getNewRisk()); getExtAlert().updateAlert(updAlert); - getExtAlert().updateAlertInTree(origAlert, updAlert); + getExtAlert().updateAlertInTree(updAlert); if (alert.getHistoryRef() != null) { alert.getHistoryRef().updateAlert(updAlert); if (alert.getHistoryRef().getSiteNode() != null) { @@ -472,10 +472,7 @@ private Alert getAlert(RecordAlert recordAlert) { int historyId = recordAlert.getHistoryId(); if (historyId > 0) { HistoryReference href = this.getExtHistory().getHistoryReference(historyId); - Alert alert = new Alert(recordAlert, href); - // TODO remove once targeting 2.17+ - alert.setHistoryId(recordAlert.getHistoryId()); - return alert; + return new Alert(recordAlert, href); } else { // Not ideal :/ return new Alert(recordAlert); diff --git a/addOns/allinonenotes/CHANGELOG.md b/addOns/allinonenotes/CHANGELOG.md index 46fe78f9efa..f7330c5fd01 100644 --- a/addOns/allinonenotes/CHANGELOG.md +++ b/addOns/allinonenotes/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Maintenance changes. ### Fixed diff --git a/addOns/ascanrules/CHANGELOG.md b/addOns/ascanrules/CHANGELOG.md index 947808d5fcd..12cf284eb66 100644 --- a/addOns/ascanrules/CHANGELOG.md +++ b/addOns/ascanrules/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - The External Redirect scan rule has been updated to account for potential false positives involving JavaScript comments. ## [75] - 2025-11-04 diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java index 719923e2436..e287fb38694 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java @@ -29,7 +29,7 @@ import java.util.List; import java.util.Map; import org.apache.commons.httpclient.URIException; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.parosproxy.paros.Constant; @@ -748,7 +748,7 @@ private boolean processContexts( .raise(); } else if (AlertThreshold.LOW.equals(this.getAlertThreshold())) { HttpMessage ctx2Message = contexts.get(0).getMsg(); - if (StringUtils.containsIgnoreCase( + if (Strings.CI.contains( ctx.getMsg() .getResponseHeader() .getHeader(HttpFieldsNames.CONTENT_TYPE), diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRule.java index c4e46e76a95..887af344702 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRule.java @@ -35,7 +35,7 @@ import net.htmlparser.jericho.Source; import org.apache.commons.httpclient.URI; import org.apache.commons.httpclient.URIException; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.mozilla.javascript.CompilerEnvirons; @@ -357,7 +357,7 @@ static String getLocationUrl(String value) { * @return true if it's a valid open redirect */ private static boolean checkPayload(String value) { - if (value == null || !StringUtils.startsWithIgnoreCase(value, HttpHeader.HTTP)) { + if (value == null || !Strings.CI.startsWith(value, HttpHeader.HTTP)) { return false; } @@ -460,7 +460,7 @@ private static RedirectType isRedirected(String payload, HttpMessage msg) { // (5) Check if redirection occurs by Javascript // http://code.google.com/p/html5security/wiki/RedirectionMethods - if (StringUtils.indexOfIgnoreCase(content, payload) != -1) { + if (Strings.CI.indexOf(content, payload) != -1) { List jsElements = htmlSrc.getAllElements(HTMLElementName.SCRIPT); for (Element el : jsElements) { @@ -498,8 +498,7 @@ private static boolean isRedirectPresent(Pattern pattern, String value) { } private static boolean isPresent(Matcher matcher) { - return matcher.find() - && StringUtils.startsWithIgnoreCase(matcher.group(1), HttpHeader.HTTP); + return matcher.find() && Strings.CI.startsWith(matcher.group(1), HttpHeader.HTTP); } /** Visibility increased for unit testing purposes only */ diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PaddingOracleScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PaddingOracleScanRule.java index b9fb1267d5c..80bc197a415 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PaddingOracleScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PaddingOracleScanRule.java @@ -345,7 +345,7 @@ public byte[] decode(String value) { // The last letter represents the length int last = value.length() - 1; if (((last + (int) value.charAt(last)) % 4) == 0) { - Base64 decoder = new Base64(true); + Base64 decoder = Base64.builder().setUrlSafe(true).get(); return decoder.decode(value.substring(0, last)); } } diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java index 8144eb89488..b858f33d477 100644 --- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java +++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java @@ -26,7 +26,7 @@ import java.util.List; import java.util.Map; import java.util.Set; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.parosproxy.paros.Constant; @@ -640,7 +640,7 @@ public void scan(HttpMessage sourceMsg, String param, String value) { .raise(); } else { HttpMessage ctx2Message = contexts2.get(0).getMsg(); - if (StringUtils.containsIgnoreCase( + if (Strings.CI.contains( ctx.getMsg() .getResponseHeader() .getHeader( diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRuleUnitTest.java index a4652c55e3e..4614580227e 100644 --- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRuleUnitTest.java +++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRuleUnitTest.java @@ -38,6 +38,7 @@ import java.util.Map; import java.util.TreeSet; import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.commons.text.StringEscapeUtils; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; @@ -2517,7 +2518,7 @@ void shouldNotReportXssOutsideTagsIfNoParentTag() throws Exception { @Override protected Response serve(IHTTPSession session) { String name = getFirstParamValue(session, "name"); - if (!StringUtils.containsIgnoreCase(name, "0W45pz4p") + if (!Strings.CI.contains(name, "0W45pz4p") && !name.equals("%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E")) { name = "something else"; } diff --git a/addOns/ascanrulesAlpha/CHANGELOG.md b/addOns/ascanrulesAlpha/CHANGELOG.md index 764222827fd..1d47afffb6a 100644 --- a/addOns/ascanrulesAlpha/CHANGELOG.md +++ b/addOns/ascanrulesAlpha/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Address redirections in references. ## [53] - 2025-11-04 diff --git a/addOns/ascanrulesBeta/CHANGELOG.md b/addOns/ascanrulesBeta/CHANGELOG.md index 33e33ca0ef7..3cd583b2b65 100644 --- a/addOns/ascanrulesBeta/CHANGELOG.md +++ b/addOns/ascanrulesBeta/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [63] - 2025-11-04 ### Added diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md index a9d24279aa8..218c7bccbf1 100644 --- a/addOns/authhelper/CHANGELOG.md +++ b/addOns/authhelper/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Handle account selection and TOTP step in Microsoft login. ### Changed +- Update minimum ZAP version to 2.17.0. - Fail the Microsoft login if not able to perform all the expected steps. - Track GWT headers. - Handle additional exceptions when processing JSON authentication components. diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthHeaderTracker.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthHeaderTracker.java index 1586241cd5c..000d4c7f751 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthHeaderTracker.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthHeaderTracker.java @@ -24,7 +24,7 @@ import java.util.Locale; import java.util.Map; import org.apache.commons.httpclient.URIException; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.parosproxy.paros.network.HttpMessage; @@ -64,11 +64,11 @@ private boolean isAuthInitiator(int initiator) { } private static boolean isTrackedHeader(String header) { - return StringUtils.containsIgnoreCase(header, "auth") - || StringUtils.containsIgnoreCase(header, "csrf") + return Strings.CI.contains(header, "auth") + || Strings.CI.contains(header, "csrf") || (!"sec-websocket-key".equalsIgnoreCase(header) - && StringUtils.containsIgnoreCase(header, "key")) - || StringUtils.startsWithIgnoreCase(header, "x-gwt-"); + && Strings.CI.contains(header, "key")) + || Strings.CI.contains(header, "x-gwt-"); } @Override diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java index e869a5ad2d1..d9285dcad90 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java @@ -19,9 +19,7 @@ */ package org.zaproxy.addon.authhelper; -import java.awt.Component; import java.awt.Frame; -import java.awt.GridBagConstraints; import java.awt.GridBagLayout; import java.awt.Insets; import java.awt.Toolkit; @@ -337,21 +335,6 @@ private void setScriptNames() { } } - // FIXME use parent method once ZAP 2.17 is released - private static JPanel getSideBySidePanel(Component c1, Component c2) { - JPanel panel = new JPanel(); - panel.setLayout(new GridBagLayout()); - panel.add( - c1, - LayoutHelper.getGBC( - 0, 0, 1, 1.0D, 0.0D, GridBagConstraints.BOTH, new Insets(0, 0, 0, 2))); - panel.add( - c2, - LayoutHelper.getGBC( - 1, 0, 1, 0.0D, 0.0D, GridBagConstraints.BOTH, new Insets(0, 2, 0, 0))); - return panel; - } - private void setMethodState() { boolean isBrowserAuth = isBrowserAuth(); diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java index 09b70edb4d3..f3224617513 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java @@ -52,6 +52,7 @@ import org.apache.commons.httpclient.URI; import org.apache.commons.httpclient.URIException; import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.Level; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -404,8 +405,8 @@ public static WebElement getPasswordField(List inputElements) { } private static boolean hasPasswordAttributes(WebElement element) { - return StringUtils.containsIgnoreCase(getAttribute(element, "id"), PASSWORD) - || StringUtils.containsIgnoreCase(getAttribute(element, "name"), PASSWORD); + return Strings.CI.contains(getAttribute(element, "id"), PASSWORD) + || Strings.CI.contains(getAttribute(element, "name"), PASSWORD); } /** diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java index ef6af32fd87..16baa29d2e0 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/ClientScriptBasedAuthenticationMethodType.java @@ -19,16 +19,9 @@ */ package org.zaproxy.addon.authhelper; -import java.awt.Component; -import java.lang.reflect.Field; -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.concurrent.TimeUnit; -import javax.swing.DefaultComboBoxModel; import javax.swing.JCheckBox; import javax.swing.JLabel; import org.apache.commons.configuration.Configuration; @@ -36,7 +29,6 @@ import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import org.jdesktop.swingx.JXComboBox; import org.openqa.selenium.WebDriver; import org.parosproxy.paros.Constant; import org.parosproxy.paros.control.Control; @@ -45,7 +37,6 @@ import org.parosproxy.paros.model.Session; import org.parosproxy.paros.network.HttpMessage; import org.parosproxy.paros.network.HttpSender; -import org.parosproxy.paros.view.View; import org.zaproxy.addon.authhelper.internal.ClientSideHandler; import org.zaproxy.addon.commonlib.internal.TotpSupport; import org.zaproxy.addon.network.server.HttpMessageHandler; @@ -54,8 +45,10 @@ import org.zaproxy.zap.authentication.AuthenticationHelper; import org.zaproxy.zap.authentication.AuthenticationMethod; import org.zaproxy.zap.authentication.AuthenticationMethodType; +import org.zaproxy.zap.authentication.AuthenticationMethodType.UnsupportedAuthenticationMethodException; import org.zaproxy.zap.authentication.GenericAuthenticationCredentials; import org.zaproxy.zap.authentication.ScriptBasedAuthenticationMethodType; +import org.zaproxy.zap.authentication.ScriptBasedAuthenticationMethodType.ScriptBasedAuthenticationMethod; import org.zaproxy.zap.extension.api.ApiDynamicActionImplementor; import org.zaproxy.zap.extension.script.ExtensionScript; import org.zaproxy.zap.extension.script.ScriptWrapper; @@ -64,7 +57,6 @@ import org.zaproxy.zap.session.SessionManagementMethod; import org.zaproxy.zap.session.WebSession; import org.zaproxy.zap.users.User; -import org.zaproxy.zap.utils.EncodingUtils; import org.zaproxy.zap.utils.ZapNumberSpinner; import org.zaproxy.zap.view.LayoutHelper; import org.zaproxy.zest.core.v1.ZestActionSleep; @@ -122,22 +114,10 @@ public ClientScriptBasedAuthenticationMethod createAuthenticationMethod(int cont public void persistMethodToSession( Session session, int contextId, AuthenticationMethod authMethod) throws UnsupportedAuthenticationMethodException, DatabaseException { - if (!(authMethod instanceof ClientScriptBasedAuthenticationMethod)) { - throw new UnsupportedAuthenticationMethodException( - "Client script based authentication type only supports: " - + ClientScriptBasedAuthenticationMethod.class.getName()); - } + super.persistMethodToSession(session, contextId, authMethod); ClientScriptBasedAuthenticationMethod method = (ClientScriptBasedAuthenticationMethod) authMethod; - session.setContextData( - contextId, - RecordContext.TYPE_AUTH_METHOD_FIELD_1, - method.getScriptTemp().getName()); - session.setContextData( - contextId, - RecordContext.TYPE_AUTH_METHOD_FIELD_2, - EncodingUtils.mapToString(method.getParamValuesTemp())); session.setContextData( contextId, RecordContext.TYPE_AUTH_METHOD_FIELD_3, @@ -148,6 +128,15 @@ public void persistMethodToSession( Integer.toString(method.getMinWaitFor())); } + @Override + protected void validateAuthenticationMethod(AuthenticationMethod method) { + if (!(method instanceof ClientScriptBasedAuthenticationMethod)) { + throw new UnsupportedAuthenticationMethodException( + "Client script based authentication type only supports: " + + ClientScriptBasedAuthenticationMethod.class.getName()); + } + } + @Override public ScriptBasedAuthenticationMethod loadMethodFromSession(Session session, int contextId) throws DatabaseException { @@ -187,36 +176,6 @@ public AbstractAuthenticationMethodOptionsPanel buildOptionsPanel(Context uiShar public class ClientScriptBasedAuthenticationMethod extends ScriptBasedAuthenticationMethod { - private static Field scriptField; - private static Field credentialsParamNamesField; - private static Field paramValuesField; - private static Method getScriptInterfaceV2Method; - private static Method getScriptInterfaceMethod; - - static { - try { - Class sbamClass = ScriptBasedAuthenticationMethod.class; - scriptField = sbamClass.getDeclaredField("script"); - scriptField.setAccessible(true); - - credentialsParamNamesField = sbamClass.getDeclaredField("credentialsParamNames"); - credentialsParamNamesField.setAccessible(true); - - paramValuesField = sbamClass.getDeclaredField("paramValues"); - paramValuesField.setAccessible(true); - - Class sbamtClass = ScriptBasedAuthenticationMethodType.class; - getScriptInterfaceV2Method = - sbamtClass.getDeclaredMethod("getScriptInterfaceV2", ScriptWrapper.class); - getScriptInterfaceV2Method.setAccessible(true); - - getScriptInterfaceMethod = - sbamtClass.getDeclaredMethod("getScriptInterface", ScriptWrapper.class); - getScriptInterfaceMethod.setAccessible(true); - } catch (Exception ignore) { - } - } - private int loginPageWait = DEFAULT_PAGE_WAIT; private int minWaitFor; @@ -247,100 +206,32 @@ public void setMinWaitFor(int minWaitFor) { } public void setScriptWrapper(ScriptWrapper wrapper) { - try { - scriptField.set(this, wrapper); - } catch (Exception e) { - LOGGER.error(e.getMessage(), e); - } - } - - private ScriptWrapper getScriptTemp() { - try { - return (ScriptWrapper) scriptField.get(this); - } catch (Exception ignore) { - } - return null; - } - - protected void setScriptTemp(ClientScriptBasedAuthenticationMethod method) { - try { - scriptField.set(method, getScriptTemp()); - } catch (Exception ignore) { - } + super.setScript(wrapper); } + @Override public void setParamValues(Map map) { - try { - paramValuesField.set(this, map); - } catch (Exception ignore) { - } - } - - protected void setParamValuesTemp(ClientScriptBasedAuthenticationMethod method) { - try { - Map values = getParamValuesTemp(); - paramValuesField.set(method, values != null ? new HashMap<>(values) : null); - } catch (Exception ignore) { - } - } - - @SuppressWarnings("unchecked") - protected Map getParamValuesTemp() { - try { - return (Map) paramValuesField.get(this); - } catch (Exception ignore) { - } - return null; - } - - protected void setCredentialsParamNamesTemp(ClientScriptBasedAuthenticationMethod method) { - try { - credentialsParamNamesField.set(method, getCredentialsParamNamesTemp()); - } catch (Exception ignore) { - } - } - - protected String[] getCredentialsParamNamesTemp() { - try { - return (String[]) credentialsParamNamesField.get(this); - } catch (Exception ignore) { - } - return null; + super.setParamValues(map); } @Override public AuthenticationMethod duplicate() { ClientScriptBasedAuthenticationMethod method = - new ClientScriptBasedAuthenticationMethod(); + (ClientScriptBasedAuthenticationMethod) super.duplicate(); method.diagnostics = diagnostics; - setScriptTemp(method); - setParamValuesTemp(method); - setCredentialsParamNamesTemp(method); method.loginPageWait = loginPageWait; method.minWaitFor = minWaitFor; return method; } @Override - public boolean validateCreationOfAuthenticationCredentials() { - if (getCredentialsParamNamesTemp() != null) { - return true; - } - - if (View.isInitialised()) { - View.getSingleton() - .showMessageDialog( - Constant.messages.getString( - "authentication.method.script.dialog.error.text.notLoaded")); - } - - return false; + protected ScriptBasedAuthenticationMethod createInstance() { + return new ClientScriptBasedAuthenticationMethod(); } @Override public AuthenticationCredentials createAuthenticationCredentials() { - return TotpSupport.createGenericAuthenticationCredentials( - getCredentialsParamNamesTemp()); + return TotpSupport.createGenericAuthenticationCredentials(getCredentialsParamNames()); } @Override @@ -349,7 +240,7 @@ public AuthenticationMethodType getType() { } public ZestScript getZestScript() { - AuthenticationScript authScript = getAuthenticationScriptTemp(); + AuthenticationScript authScript = getAuthenticationScript(getScript()); if (authScript == null) { LOGGER.debug("Failed to get ZestScript - no suitable interface"); @@ -365,29 +256,6 @@ public ZestScript getZestScript() { return null; } - private AuthenticationScript getAuthenticationScriptTemp() { - AuthenticationScript authScript = null; - try { - authScript = - (AuthenticationScript) - getScriptInterfaceV2Method.invoke( - ClientScriptBasedAuthenticationMethodType.this, - getScriptTemp()); - } catch (Exception ignore) { - } - if (authScript == null) { - try { - authScript = - (AuthenticationScript) - getScriptInterfaceMethod.invoke( - ClientScriptBasedAuthenticationMethodType.this, - getScriptTemp()); - } catch (Exception ignore) { - } - } - return authScript; - } - private boolean hasBrowserLaunch(ZestScript zestScript) { // Check top level statements only. return zestScript.getStatements().stream().anyMatch(ZestClientLaunch.class::isInstance); @@ -420,8 +288,8 @@ public WebSession authenticate( } GenericAuthenticationCredentials cred = (GenericAuthenticationCredentials) credentials; - ScriptWrapper script = getScriptTemp(); - AuthenticationScript authScript = getAuthenticationScriptTemp(); + ScriptWrapper script = getScript(); + AuthenticationScript authScript = getAuthenticationScript(script); if (authScript == null) { return null; } @@ -474,7 +342,7 @@ public WebSession authenticate( authScript.authenticate( new AuthenticationHelper(sender, sessionManagementMethod, user), - getParamValuesTemp(), + getParamValues(), cred); } catch (Exception e) { @@ -629,24 +497,6 @@ private void recordCloseStep( } }); } - - @Override - public void replaceUserDataInPollRequest(HttpMessage msg, User user) { - AuthenticationHelper.replaceUserDataInRequest( - msg, wrapKeys(getParamValuesTemp()), NULL_ENCODER); - } - } - - private static Map wrapKeys(Map kvPairs) { - Map map = new HashMap<>(); - for (Entry kv : kvPairs.entrySet()) { - map.put( - AuthenticationMethod.TOKEN_PREFIX - + kv.getKey() - + AuthenticationMethod.TOKEN_POSTFIX, - kv.getValue() == null ? "" : kv.getValue()); - } - return map; } @SuppressWarnings("serial") @@ -655,90 +505,54 @@ public class ClientScriptBasedAuthenticationMethodOptionsPanel private static final long serialVersionUID = 1L; - private static Field dynamicContentPanelField; - - static { - try { - dynamicContentPanelField = - ScriptBasedAuthenticationMethodOptionsPanel.class.getDeclaredField( - "dynamicContentPanel"); - dynamicContentPanelField.setAccessible(true); - } catch (Exception ignore) { - } - } - private ClientScriptBasedAuthenticationMethod shownMethod; private ZapNumberSpinner loginPageWait; private ZapNumberSpinner minWaitFor; private JCheckBox diagnostics; - public ClientScriptBasedAuthenticationMethodOptionsPanel() { - super(); + @Override + protected int addCustomFields(int y) { + int newY = y; - try { - Component dynamicContentPanel = (Component) dynamicContentPanelField.get(this); - remove(dynamicContentPanel); + loginPageWait = new ZapNumberSpinner(0, DEFAULT_PAGE_WAIT, Integer.MAX_VALUE); + JLabel loginPageWaitLabel = + new JLabel( + Constant.messages.getString( + "authhelper.auth.method.browser.label.loginWait")); + loginPageWaitLabel.setLabelFor(loginPageWait); + this.add(loginPageWaitLabel, LayoutHelper.getGBC(0, newY, 1, 1.0d, 0.0d)); + this.add(loginPageWait, LayoutHelper.getGBC(1, newY, 2, 1.0d, 0.0d)); + newY++; + + minWaitFor = new ZapNumberSpinner(0, DEFAULT_MIN_WAIT_FOR, Integer.MAX_VALUE); + JLabel minWaitForLabel = + new JLabel( + Constant.messages.getString( + "authhelper.auth.method.browser.label.minWaitFor")); + minWaitForLabel.setLabelFor(minWaitFor); + this.add(minWaitForLabel, LayoutHelper.getGBC(0, newY, 1, 1.0d, 0.0d)); + this.add(minWaitFor, LayoutHelper.getGBC(1, newY, 2, 1.0d, 0.0d)); + newY++; + + diagnostics = new JCheckBox(); + JLabel diagnosticsLabel = + new JLabel( + Constant.messages.getString( + "authhelper.auth.method.browser.label.diagnostics")); + diagnosticsLabel.setLabelFor(diagnostics); + add(diagnosticsLabel, LayoutHelper.getGBC(0, newY, 1, 1.0d, 0.0d)); + add(diagnostics, LayoutHelper.getGBC(1, newY, 1, 1.0d, 0.0d)); + newY++; - int y = 1; - loginPageWait = new ZapNumberSpinner(0, DEFAULT_PAGE_WAIT, Integer.MAX_VALUE); - JLabel loginPageWaitLabel = - new JLabel( - Constant.messages.getString( - "authhelper.auth.method.browser.label.loginWait")); - loginPageWaitLabel.setLabelFor(loginPageWait); - this.add(loginPageWaitLabel, LayoutHelper.getGBC(0, y, 1, 1.0d, 0.0d)); - this.add(loginPageWait, LayoutHelper.getGBC(1, y, 2, 1.0d, 0.0d)); - y++; - - minWaitFor = new ZapNumberSpinner(0, DEFAULT_MIN_WAIT_FOR, Integer.MAX_VALUE); - JLabel minWaitForLabel = - new JLabel( - Constant.messages.getString( - "authhelper.auth.method.browser.label.minWaitFor")); - minWaitForLabel.setLabelFor(minWaitFor); - this.add(minWaitForLabel, LayoutHelper.getGBC(0, y, 1, 1.0d, 0.0d)); - this.add(minWaitFor, LayoutHelper.getGBC(1, y, 2, 1.0d, 0.0d)); - y++; - - diagnostics = new JCheckBox(); - JLabel diagnosticsLabel = - new JLabel( - Constant.messages.getString( - "authhelper.auth.method.browser.label.diagnostics")); - diagnosticsLabel.setLabelFor(diagnostics); - add(diagnosticsLabel, LayoutHelper.getGBC(0, y, 1, 1.0d, 0.0d)); - add(diagnostics, LayoutHelper.getGBC(1, y, 1, 1.0d, 0.0d)); - y++; - - add(dynamicContentPanel, LayoutHelper.getGBC(0, y, 3, 1.0d, 0.0d)); - } catch (Exception ignore) { - } + return newY; } @Override - @SuppressWarnings("unchecked") public void bindMethod(AuthenticationMethod method) throws UnsupportedAuthenticationMethodException { super.bindMethod(method); - try { - Field scriptsComboBoxField = - ScriptBasedAuthenticationMethodOptionsPanel.class.getDeclaredField( - "scriptsComboBox"); - scriptsComboBoxField.setAccessible(true); - JXComboBox scriptsCb = (JXComboBox) scriptsComboBoxField.get(this); - DefaultComboBoxModel model = - (DefaultComboBoxModel) scriptsCb.getModel(); - for (int i = 0; i < model.getSize(); i++) { - if (!model.getElementAt(i).getEngineName().contains("Zest")) { - model.removeElementAt(i); - i--; - } - } - } catch (Exception ignore) { - } - shownMethod = (ClientScriptBasedAuthenticationMethod) method; loginPageWait.setValue(shownMethod.getLoginPageWait()); minWaitFor.setValue(shownMethod.getMinWaitFor()); @@ -754,11 +568,9 @@ public void saveMethod() { shownMethod.setDiagnostics(diagnostics.isSelected()); } - // @Override + @Override protected List getAuthenticationScripts() { - // TODO Address once core allows it. - // return super.getAugenticationScripts().stream() - return getExtensionScript().getScripts(SCRIPT_TYPE_AUTH).stream() + return super.getAuthenticationScripts().stream() .filter(sc -> sc.getEngineName().contains("Zest")) .toList(); } @@ -773,17 +585,10 @@ private ExtensionScript getExtensionScript() { @Override public void exportData(Configuration config, AuthenticationMethod authMethod) { - if (!(authMethod instanceof ClientScriptBasedAuthenticationMethod)) { - throw new UnsupportedAuthenticationMethodException( - "Client script based authentication type only supports: " - + ClientScriptBasedAuthenticationMethod.class.getName()); - } + super.exportData(config, authMethod); + ClientScriptBasedAuthenticationMethod method = (ClientScriptBasedAuthenticationMethod) authMethod; - config.setProperty(CONTEXT_CONFIG_AUTH_SCRIPT_NAME, method.getScriptTemp().getName()); - config.setProperty( - CONTEXT_CONFIG_AUTH_SCRIPT_PARAMS, - EncodingUtils.mapToString(method.getParamValuesTemp())); config.setProperty(CONTEXT_CONFIG_LOGIN_PAGE_WAIT, method.getLoginPageWait()); config.setProperty(CONTEXT_CONFIG_MIN_WAIT_FOR, method.getMinWaitFor()); } @@ -791,17 +596,10 @@ public void exportData(Configuration config, AuthenticationMethod authMethod) { @Override public void importData(Configuration config, AuthenticationMethod authMethod) throws ConfigurationException { - if (!(authMethod instanceof ClientScriptBasedAuthenticationMethod)) { - throw new UnsupportedAuthenticationMethodException( - "Client script based authentication type only supports: " - + ClientScriptBasedAuthenticationMethod.class.getName()); - } + super.importData(config, authMethod); + ClientScriptBasedAuthenticationMethod method = (ClientScriptBasedAuthenticationMethod) authMethod; - this.loadMethod( - method, - objListToStrList(config.getList(CONTEXT_CONFIG_AUTH_SCRIPT_NAME)), - objListToStrList(config.getList(CONTEXT_CONFIG_AUTH_SCRIPT_PARAMS))); try { method.setLoginPageWait(config.getInt(CONTEXT_CONFIG_LOGIN_PAGE_WAIT)); @@ -815,14 +613,6 @@ public void importData(Configuration config, AuthenticationMethod authMethod) } } - private static List objListToStrList(List oList) { - List sList = new ArrayList<>(oList.size()); - for (Object o : oList) { - sList.add(o.toString()); - } - return sList; - } - @Override public ApiDynamicActionImplementor getSetMethodForContextApiAction() { ApiDynamicActionImplementor impl = super.getSetMethodForContextApiAction(); diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java index eb4ee59b147..6573ae5b832 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationDetectionScanRule.java @@ -23,7 +23,7 @@ import java.util.Set; import java.util.stream.Stream; import net.htmlparser.jericho.Source; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.parosproxy.paros.Constant; @@ -129,13 +129,13 @@ private static boolean isPoorCandidate(HttpMessage msg) { return Stream.concat( AuthConstants.getLogoutIndicators().stream(), AuthConstants.getRegistrationIndicators().stream()) - .anyMatch(keyword -> StringUtils.containsIgnoreCase(escapedPathQuery, keyword)); + .anyMatch(keyword -> Strings.CI.contains(escapedPathQuery, keyword)); } private static boolean isLowPriority(HttpMessage msg) { String escapedPathQuery = msg.getRequestHeader().getURI().getEscapedPathQuery(); return AuthConstants.getLoginIndicators().stream() - .anyMatch(keyword -> StringUtils.containsIgnoreCase(escapedPathQuery, keyword)); + .anyMatch(keyword -> Strings.CI.contains(escapedPathQuery, keyword)); } protected AlertBuilder getAlert(VerificationRequestDetails verifDetails) { diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/auth/MsLoginAuthenticator.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/auth/MsLoginAuthenticator.java index 81f4ff50ebb..bef96ba27d5 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/auth/MsLoginAuthenticator.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/auth/MsLoginAuthenticator.java @@ -23,7 +23,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Queue; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.openqa.selenium.By; @@ -390,7 +390,7 @@ private static WebElement findElement(WebDriver wd, By by) { private static WebElement findElementContains(WebDriver wd, By by, String text) { return wd.findElements(by).stream() - .filter(e -> StringUtils.containsIgnoreCase(e.getText(), text)) + .filter(e -> Strings.CI.contains(e.getText(), text)) .findFirst() .orElse(null); } @@ -461,7 +461,7 @@ private static class ElemenContainsText implements ExpectedCondition @Override public WebElement apply(WebDriver driver) { return driver.findElements(locator).stream() - .filter(e -> StringUtils.containsIgnoreCase(e.getText(), text)) + .filter(e -> Strings.CI.contains(e.getText(), text)) .findFirst() .orElse(null); } diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/db/TableJdo.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/db/TableJdo.java index 6545ce45412..11c2475bfa6 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/db/TableJdo.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/internal/db/TableJdo.java @@ -19,9 +19,6 @@ */ package org.zaproxy.addon.authhelper.internal.db; -import java.lang.reflect.Method; -import java.sql.Connection; -import java.sql.SQLException; import java.util.Properties; import javax.jdo.Constants; import javax.jdo.JDOHelper; @@ -35,32 +32,15 @@ import org.parosproxy.paros.db.DatabaseException; import org.parosproxy.paros.db.DatabaseListener; import org.parosproxy.paros.db.DatabaseServer; -import org.parosproxy.paros.db.paros.ParosDatabaseServer; public class TableJdo implements DatabaseListener { private static final Logger LOGGER = LogManager.getLogger(TableJdo.class); - private static Method getUrlMethod; - private static Method getUserMethod; - private static Method getPasswordMethod; - private static PersistenceManagerFactory pmf; private final Database db; - static { - try { - Class dbServerClass = Class.forName("org.parosproxy.paros.db.DatabaseServer"); - getUrlMethod = dbServerClass.getMethod("getUrl"); - getUserMethod = dbServerClass.getMethod("getUser"); - getPasswordMethod = dbServerClass.getMethod("getPassword"); - - } catch (Exception e) { - LOGGER.debug("An error occurred while getting the methods:", e); - } - } - public TableJdo(Database db) throws DatabaseException { this.db = db; @@ -70,13 +50,9 @@ public TableJdo(Database db) throws DatabaseException { @Override public void databaseOpen(DatabaseServer db) throws DatabaseException { - if (getUrlMethod == null) { - closing(db); - } - - String dbUrl = getUrl(db); - String user = getUser(db); - String password = getPassword(db); + String dbUrl = db.getUrl(); + String user = db.getUser(); + String password = db.getPassword(); ClassLoader classLoader = this.getClass().getClassLoader(); Flyway.configure(classLoader) .table("AUTHHELPER_FLYWAY_SCHEMA_HISTORY") @@ -98,57 +74,7 @@ public void databaseOpen(DatabaseServer db) throws DatabaseException { pmf = JDOHelper.getPersistenceManagerFactory(jdoProperties, "authhelper", classLoader); } - private static String getUrl(DatabaseServer db) throws DatabaseException { - try { - if (getUrlMethod != null) { - return (String) getUrlMethod.invoke(db); - } - } catch (Exception e) { - LOGGER.warn("An error occurred while getting the URL:", e); - } - - try (Connection connection = getConnection(db)) { - return connection.getMetaData().getURL(); - } catch (SQLException e) { - throw new DatabaseException(e); - } - } - - private static Connection getConnection(DatabaseServer db) throws SQLException { - if (db instanceof ParosDatabaseServer pds) { - return pds.getNewConnection(); - } - if (db instanceof ParosDatabaseServer pds) { - return pds.getNewConnection(); - } - throw new SQLException("Unknown DB implementation"); - } - - private static String getUser(DatabaseServer db) { - try { - if (getUserMethod != null) { - return (String) getUserMethod.invoke(db); - } - } catch (Exception e) { - LOGGER.warn("An error occurred while getting the user:", e); - } - - return "sa"; - } - - private static String getPassword(DatabaseServer db) { - try { - if (getPasswordMethod != null) { - return (String) getPasswordMethod.invoke(db); - } - } catch (Exception e) { - LOGGER.warn("An error occurred while getting the password:", e); - } - - return ""; - } - - // @Override + @Override public void closing(DatabaseServer db) { if (pmf != null) { pmf.close(); diff --git a/addOns/authstats/CHANGELOG.md b/addOns/authstats/CHANGELOG.md index 7ba7cefe53b..b2fe8e33b9b 100644 --- a/addOns/authstats/CHANGELOG.md +++ b/addOns/authstats/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Maintenance changes. ## [2] - 2021-10-07 diff --git a/addOns/automation/CHANGELOG.md b/addOns/automation/CHANGELOG.md index fc1aaa007db..e80c9766132 100644 --- a/addOns/automation/CHANGELOG.md +++ b/addOns/automation/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Allow to specify the defaults for the alert threshold and attack strength of the active scan policy. ### Changed +- Update minimum ZAP version to 2.17.0. - Maintenance changes. - Make the "pass" output of Monitor Tests consistent with the "fail" output. diff --git a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobResultsUnitTest.java b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobResultsUnitTest.java index 0108d6575c6..cf03e0e0daa 100644 --- a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobResultsUnitTest.java +++ b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobResultsUnitTest.java @@ -106,7 +106,8 @@ void shouldReturnAlertData() throws DatabaseException { 40, 1, "100AlertOne", - "InputVectorOne"); + "InputVectorOne", + "nodeName1"); RecordAlert recordTwo = new RecordAlert( 2, @@ -129,7 +130,8 @@ void shouldReturnAlertData() throws DatabaseException { 400, 2, "200AlertTwo", - "InputVectorTwo"); + "InputVectorTwo", + "nodeName2"); TableAlert table = mock(TableAlert.class); given(table.read(1)).willReturn(recordOne); given(table.read(2)).willReturn(recordTwo); diff --git a/addOns/beanshell/CHANGELOG.md b/addOns/beanshell/CHANGELOG.md index 34f86c43c84..3f898b20933 100644 --- a/addOns/beanshell/CHANGELOG.md +++ b/addOns/beanshell/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Dependency updates. ## [7] - 2021-10-07 diff --git a/addOns/browserView/CHANGELOG.md b/addOns/browserView/CHANGELOG.md index 481844940d4..b88cbcdee17 100644 --- a/addOns/browserView/CHANGELOG.md +++ b/addOns/browserView/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [6] - 2023-03-13 ### Added diff --git a/addOns/bruteforce/CHANGELOG.md b/addOns/bruteforce/CHANGELOG.md index 1e1b239d881..089ceb7cc25 100644 --- a/addOns/bruteforce/CHANGELOG.md +++ b/addOns/bruteforce/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [19] - 2025-11-10 ### Added diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Worker.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Worker.java index 0a252b74c00..279d61ee371 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Worker.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Worker.java @@ -27,7 +27,7 @@ import java.util.concurrent.BlockingQueue; import java.util.regex.Matcher; import java.util.regex.Pattern; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -239,7 +239,7 @@ private void verifyResponseForValidRequests(int code, String response, String ra // TODO move this option to the Adv options // if the response does not match the base case - boolean notFound = StringUtils.containsIgnoreCase("file not found", response); + boolean notFound = Strings.CI.contains("file not found", response); // need to clean the base case of the item we are looking for String basecase = diff --git a/addOns/bugtracker/CHANGELOG.md b/addOns/bugtracker/CHANGELOG.md index b1021d542c4..da009ad9454 100644 --- a/addOns/bugtracker/CHANGELOG.md +++ b/addOns/bugtracker/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Maintenance changes. - Update dependencies. diff --git a/addOns/callgraph/CHANGELOG.md b/addOns/callgraph/CHANGELOG.md index 6040e797522..f1bd7ae746e 100644 --- a/addOns/callgraph/CHANGELOG.md +++ b/addOns/callgraph/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [5] - 2021-10-07 ### Added diff --git a/addOns/callhome/CHANGELOG.md b/addOns/callhome/CHANGELOG.md index bae6def1a43..ad59557ad95 100644 --- a/addOns/callhome/CHANGELOG.md +++ b/addOns/callhome/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Include the exceptions's file/line in logger statistics. ## [0.18.0] - 2025-11-10 diff --git a/addOns/client/CHANGELOG.md b/addOns/client/CHANGELOG.md index ee439968d01..7efdd3670ac 100644 --- a/addOns/client/CHANGELOG.md +++ b/addOns/client/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.18.0] - 2025-11-04 ### Added diff --git a/addOns/commonlib/CHANGELOG.md b/addOns/commonlib/CHANGELOG.md index fa73670e6e1..ab55539fee5 100644 --- a/addOns/commonlib/CHANGELOG.md +++ b/addOns/commonlib/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependencies. ## [1.38.0] - 2025-10-21 diff --git a/addOns/coreLang/CHANGELOG.md b/addOns/coreLang/CHANGELOG.md index 6bcf5a5e69a..50b7dd3b1f3 100644 --- a/addOns/coreLang/CHANGELOG.md +++ b/addOns/coreLang/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [15] - 2022-02-14 ### Changed diff --git a/addOns/custompayloads/CHANGELOG.md b/addOns/custompayloads/CHANGELOG.md index b87f96dba4a..46255677023 100644 --- a/addOns/custompayloads/CHANGELOG.md +++ b/addOns/custompayloads/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.15.0] - 2025-09-02 ### Added diff --git a/addOns/database/CHANGELOG.md b/addOns/database/CHANGELOG.md index fc5d1ac2e8f..35e88ce112c 100644 --- a/addOns/database/CHANGELOG.md +++ b/addOns/database/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependencies. ## [0.8.0] - 2025-03-04 diff --git a/addOns/dev/CHANGELOG.md b/addOns/dev/CHANGELOG.md index a8a0099be5b..4dabed3131a 100644 --- a/addOns/dev/CHANGELOG.md +++ b/addOns/dev/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.17.0. + ### Added - Add more auth examples: - Login form with existing (invalid) values for the credentials. diff --git a/addOns/diff/CHANGELOG.md b/addOns/diff/CHANGELOG.md index 408698bb4f1..8b1dacf7f25 100644 --- a/addOns/diff/CHANGELOG.md +++ b/addOns/diff/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [17] - 2025-01-09 ### Changed diff --git a/addOns/directorylistv1/CHANGELOG.md b/addOns/directorylistv1/CHANGELOG.md index 3b0f04dc728..0de8757eda7 100644 --- a/addOns/directorylistv1/CHANGELOG.md +++ b/addOns/directorylistv1/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [9] - 2025-01-09 ### Changed diff --git a/addOns/directorylistv2_3/CHANGELOG.md b/addOns/directorylistv2_3/CHANGELOG.md index 035df5ae61c..186ed3104ba 100644 --- a/addOns/directorylistv2_3/CHANGELOG.md +++ b/addOns/directorylistv2_3/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.17.0. ## [4] - 2021-10-07 ### Added diff --git a/addOns/directorylistv2_3_lc/CHANGELOG.md b/addOns/directorylistv2_3_lc/CHANGELOG.md index acc0e884327..117c3d89f22 100644 --- a/addOns/directorylistv2_3_lc/CHANGELOG.md +++ b/addOns/directorylistv2_3_lc/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.15.0. +- Update minimum ZAP version to 2.17.0. ## [4] - 2021-10-07 ### Added diff --git a/addOns/domxss/CHANGELOG.md b/addOns/domxss/CHANGELOG.md index f2c1079b3a0..5deb7f739c9 100644 --- a/addOns/domxss/CHANGELOG.md +++ b/addOns/domxss/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [22] - 2025-07-10 ### Changed diff --git a/addOns/encoder/CHANGELOG.md b/addOns/encoder/CHANGELOG.md index 8d38ffa35bc..1eb7d8f2b62 100644 --- a/addOns/encoder/CHANGELOG.md +++ b/addOns/encoder/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [1.7.0] - 2025-06-20 ### Fixed diff --git a/addOns/evalvillain/CHANGELOG.md b/addOns/evalvillain/CHANGELOG.md index b8db006d1a7..644d2cb870b 100644 --- a/addOns/evalvillain/CHANGELOG.md +++ b/addOns/evalvillain/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [0.4.0] - 2024-11-25 ### Changed diff --git a/addOns/exim/CHANGELOG.md b/addOns/exim/CHANGELOG.md index 2b228969824..ad29a771fe6 100644 --- a/addOns/exim/CHANGELOG.md +++ b/addOns/exim/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependencies. - Depend on newer version of Common Library add-on. diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java index dec3f393d0f..33fbf305232 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java @@ -28,7 +28,7 @@ import java.util.ArrayList; import java.util.List; import java.util.function.Predicate; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.parosproxy.paros.Constant; @@ -159,9 +159,9 @@ private static boolean entryHasUsableHttpVersion(HarEntry entry) { private static boolean entryIsNotLocalPrivate(HarEntry entry) { String url = entry.request().url(); - if (StringUtils.startsWithIgnoreCase(url, "about") - || StringUtils.startsWithIgnoreCase(url, "chrome") - || StringUtils.startsWithIgnoreCase(url, "edge")) { + if (Strings.CI.startsWith(url, "about") + || Strings.CI.startsWith(url, "chrome") + || Strings.CI.startsWith(url, "edge")) { LOGGER.debug("Skipping local private entry: {}", url); return false; } diff --git a/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarUtils.java b/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarUtils.java index 13a8455a383..f5f8eac03a0 100644 --- a/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarUtils.java +++ b/addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarUtils.java @@ -52,7 +52,7 @@ import java.util.Locale; import java.util.Map; import java.util.Optional; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.commons.text.StringEscapeUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -365,7 +365,7 @@ public static HarRequest createHarRequest(HttpMessage httpMessage) { contentType = ""; text = requestBody.toString(); } else { - if (StringUtils.startsWithIgnoreCase( + if (Strings.CI.startsWith( contentType.trim(), HttpHeader.FORM_URLENCODED_CONTENT_TYPE)) { for (HtmlParameter param : httpMessage.getFormParams()) { params.add( diff --git a/addOns/formhandler/CHANGELOG.md b/addOns/formhandler/CHANGELOG.md index 1446a816741..8f1bd1b1b54 100644 --- a/addOns/formhandler/CHANGELOG.md +++ b/addOns/formhandler/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [6.7.0] - 2025-01-09 ### Changed diff --git a/addOns/fuzz/CHANGELOG.md b/addOns/fuzz/CHANGELOG.md index c11474bd3fd..ad8174dac39 100644 --- a/addOns/fuzz/CHANGELOG.md +++ b/addOns/fuzz/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependency. ## [13.16.0] - 2025-06-20 diff --git a/addOns/fuzzdb/CHANGELOG.md b/addOns/fuzzdb/CHANGELOG.md index 8265d1c0e21..1c28eec4686 100644 --- a/addOns/fuzzdb/CHANGELOG.md +++ b/addOns/fuzzdb/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [9] - 2022-09-23 ### Changed diff --git a/addOns/gettingStarted/CHANGELOG.md b/addOns/gettingStarted/CHANGELOG.md index 0f7a2c4153e..8d9a742518f 100644 --- a/addOns/gettingStarted/CHANGELOG.md +++ b/addOns/gettingStarted/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update Getting Started Guide for 2.17.0. ## [19] - 2025-01-09 diff --git a/addOns/graaljs/CHANGELOG.md b/addOns/graaljs/CHANGELOG.md index d4a2aad7473..afa33b3c9c9 100644 --- a/addOns/graaljs/CHANGELOG.md +++ b/addOns/graaljs/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.11.0] - 2025-11-04 ### Changed diff --git a/addOns/graphql/CHANGELOG.md b/addOns/graphql/CHANGELOG.md index 365e1d3bafc..e2aca5408db 100644 --- a/addOns/graphql/CHANGELOG.md +++ b/addOns/graphql/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Dependency updates. ## [0.28.0] - 2025-03-26 diff --git a/addOns/groovy/CHANGELOG.md b/addOns/groovy/CHANGELOG.md index 60bf8aa0c6f..5215d59d530 100644 --- a/addOns/groovy/CHANGELOG.md +++ b/addOns/groovy/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Document the engine name in the help page. ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Update Groovy from 3.0.14 to 5.0.2. Existing Groovy scripts should work without issues, but if you encounter problems, please refer to the following. diff --git a/addOns/grpc/CHANGELOG.md b/addOns/grpc/CHANGELOG.md index 3fd7ab9212e..95d5b102b5a 100644 --- a/addOns/grpc/CHANGELOG.md +++ b/addOns/grpc/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Update dependency. - Maintenance changes. diff --git a/addOns/highlighter/CHANGELOG.md b/addOns/highlighter/CHANGELOG.md index b209a8613b0..d58c4fd2ee0 100644 --- a/addOns/highlighter/CHANGELOG.md +++ b/addOns/highlighter/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [8] - 2021-10-07 ### Added diff --git a/addOns/imagelocationscanner/CHANGELOG.md b/addOns/imagelocationscanner/CHANGELOG.md index a6aa1e5c4cd..ec5cafeeb25 100644 --- a/addOns/imagelocationscanner/CHANGELOG.md +++ b/addOns/imagelocationscanner/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [7] - 2025-09-18 ### Changed diff --git a/addOns/invoke/CHANGELOG.md b/addOns/invoke/CHANGELOG.md index b38da27466c..01a098c5797 100644 --- a/addOns/invoke/CHANGELOG.md +++ b/addOns/invoke/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [16] - 2025-01-09 ### Changed diff --git a/addOns/jruby/CHANGELOG.md b/addOns/jruby/CHANGELOG.md index 2fed8b6d378..21ea69e4030 100644 --- a/addOns/jruby/CHANGELOG.md +++ b/addOns/jruby/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Document the engine name in the help page. ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Update dependency. - Maintenance changes. - Update script template: diff --git a/addOns/jsonview/CHANGELOG.md b/addOns/jsonview/CHANGELOG.md index 559a8ad63b2..caa88338852 100644 --- a/addOns/jsonview/CHANGELOG.md +++ b/addOns/jsonview/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [3] - 2023-09-07 ### Changed diff --git a/addOns/jython/CHANGELOG.md b/addOns/jython/CHANGELOG.md index 839d3616835..f6e617402ce 100644 --- a/addOns/jython/CHANGELOG.md +++ b/addOns/jython/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Document the engine name in the help page. ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Update minimum scripts add-on version to 45.15.0. - Update dependency. - Update script template: diff --git a/addOns/kotlin/CHANGELOG.md b/addOns/kotlin/CHANGELOG.md index 25235b50271..7e2fe7668af 100644 --- a/addOns/kotlin/CHANGELOG.md +++ b/addOns/kotlin/CHANGELOG.md @@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Maintenance changes. ### Added diff --git a/addOns/llm/CHANGELOG.md b/addOns/llm/CHANGELOG.md index 201e543149b..9c36ac28020 100644 --- a/addOns/llm/CHANGELOG.md +++ b/addOns/llm/CHANGELOG.md @@ -4,9 +4,13 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.17.0. + ### Added - Allow to perform API sequencing and alert review. - Basic stats ### Fixed - Error logs to always include stack trace. + diff --git a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java index cc00dad8297..4fa6756a236 100644 --- a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java +++ b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java @@ -202,7 +202,7 @@ public void reviewAlert(Alert alert) { try { getExtAlert().updateAlert(updatedAlert); - getExtAlert().updateAlertInTree(originalAlert, updatedAlert); + getExtAlert().updateAlertInTree(updatedAlert); if (alert.getHistoryRef() != null) { alert.getHistoryRef().updateAlert(updatedAlert); if (alert.getHistoryRef().getSiteNode() != null) { diff --git a/addOns/network/CHANGELOG.md b/addOns/network/CHANGELOG.md index fb364826245..376e85e4f7e 100644 --- a/addOns/network/CHANGELOG.md +++ b/addOns/network/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Use UTF-8 charset for `application/json` when none specified on newer ZAP versions (Issue 6656). ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependencies. - Reset warned invalid content-type values on newer ZAP versions (Issue 9082). - Updated user agents. diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/ExtensionNetwork.java b/addOns/network/src/main/java/org/zaproxy/addon/network/ExtensionNetwork.java index 15962089513..fbf18f72bdb 100644 --- a/addOns/network/src/main/java/org/zaproxy/addon/network/ExtensionNetwork.java +++ b/addOns/network/src/main/java/org/zaproxy/addon/network/ExtensionNetwork.java @@ -26,9 +26,6 @@ import io.netty.util.concurrent.EventExecutorGroup; import java.io.File; import java.io.IOException; -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; -import java.lang.reflect.Proxy; import java.net.Authenticator; import java.net.BindException; import java.net.InetAddress; @@ -88,8 +85,6 @@ import org.parosproxy.paros.model.Model; import org.parosproxy.paros.model.OptionsParam; import org.parosproxy.paros.model.Session; -import org.parosproxy.paros.network.HttpBody; -import org.parosproxy.paros.network.HttpHeader; import org.parosproxy.paros.network.HttpMessage; import org.parosproxy.paros.network.HttpRequestHeader; import org.parosproxy.paros.network.HttpSender; @@ -162,8 +157,6 @@ public class ExtensionNetwork extends ExtensionAdaptor implements CommandLineLis private static final int ARG_HOST_IDX = 3; private static final int ARG_PORT_IDX = 4; - private Method resetWarnedContentTypeValuesMethod; - private CloseableHttpSenderImpl httpSenderNetwork; @SuppressWarnings("deprecation") @@ -263,36 +256,7 @@ public ExtensionNetwork() { LOGGER.error("An error occurred while creating the sender:", e); } - try { - resetWarnedContentTypeValuesMethod = - HttpMessage.class.getDeclaredMethod("resetWarnedContentTypeValues"); - } catch (Exception e) { - // Nothing to do, method only available in newer core. - } - - try { - Class providerClass = - Class.forName("org.parosproxy.paros.network.HttpMessage$CharsetProvider"); - DefaultCharsetProvider provider = new DefaultCharsetProvider(); - InvocationHandler invocationHandler = - (o, method, args) -> { - if ("get".equals(method.getName())) { - return provider.get((HttpHeader) args[0], (HttpBody) args[1]); - } - return null; - }; - - Method setCharsetMethod = - HttpMessage.class.getMethod("setCharsetProvider", providerClass); - setCharsetMethod.invoke( - null, - Proxy.newProxyInstance( - getClass().getClassLoader(), - new Class[] {providerClass}, - invocationHandler)); - } catch (Exception e) { - // Nothing to do, method only available in newer core. - } + HttpMessage.setCharsetProvider(new DefaultCharsetProvider()); } private static void setLogLevel(List classnames, Level level) { @@ -1674,13 +1638,7 @@ public void sessionChanged(Session session) { @Override public void sessionAboutToChange(Session session) { - if (resetWarnedContentTypeValuesMethod != null) { - try { - resetWarnedContentTypeValuesMethod.invoke(null); - } catch (Exception e) { - // Ignore, nothing to do. - } - } + HttpMessage.resetWarnedContentTypeValues(); } @Override diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java b/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java index 20fd93c42db..91585d47d34 100644 --- a/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java +++ b/addOns/network/src/main/java/org/zaproxy/addon/network/NetworkUtils.java @@ -22,7 +22,7 @@ import java.io.UnsupportedEncodingException; import java.util.Base64; import java.util.List; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.hc.client5.http.auth.AuthChallenge; import org.apache.hc.client5.http.auth.ChallengeType; import org.apache.hc.client5.http.auth.Credentials; @@ -54,7 +54,7 @@ private NetworkUtils() {} * @return true if the site requires HTTP Basic authentication. */ public static boolean isHttpBasicAuth(HttpMessage msg) { - return StringUtils.startsWithIgnoreCase( + return Strings.CI.startsWith( msg.getResponseHeader().getHeader(HttpHeader.WWW_AUTHENTICATE), "Basic"); } @@ -65,7 +65,7 @@ public static boolean isHttpBasicAuth(HttpMessage msg) { * @return true if the site requires HTTP Digest authentication. */ public static boolean isHttpDigestAuth(HttpMessage msg) { - return StringUtils.startsWithIgnoreCase( + return Strings.CI.startsWith( msg.getResponseHeader().getHeader(HttpHeader.WWW_AUTHENTICATE), "Digest"); } diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/internal/DefaultCharsetProvider.java b/addOns/network/src/main/java/org/zaproxy/addon/network/internal/DefaultCharsetProvider.java index 759b47f4287..c148fa951a0 100644 --- a/addOns/network/src/main/java/org/zaproxy/addon/network/internal/DefaultCharsetProvider.java +++ b/addOns/network/src/main/java/org/zaproxy/addon/network/internal/DefaultCharsetProvider.java @@ -23,10 +23,11 @@ import org.apache.commons.lang3.StringUtils; import org.parosproxy.paros.network.HttpBody; import org.parosproxy.paros.network.HttpHeader; +import org.parosproxy.paros.network.HttpMessage.CharsetProvider; -public class DefaultCharsetProvider /* TODO implements CharsetProvider */ { +public class DefaultCharsetProvider implements CharsetProvider { - // @Override + @Override public String get(HttpHeader header, HttpBody body) { String charset = header.getCharset(); if (!StringUtils.isBlank(charset)) { diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/internal/codec/HttpMessageDecoder.java b/addOns/network/src/main/java/org/zaproxy/addon/network/internal/codec/HttpMessageDecoder.java index 69c7cb63edd..de3e80a31e8 100644 --- a/addOns/network/src/main/java/org/zaproxy/addon/network/internal/codec/HttpMessageDecoder.java +++ b/addOns/network/src/main/java/org/zaproxy/addon/network/internal/codec/HttpMessageDecoder.java @@ -27,7 +27,7 @@ import io.netty.util.internal.AppendableCharSequence; import java.util.List; import java.util.function.Function; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.parosproxy.paros.network.HttpBody; import org.parosproxy.paros.network.HttpHeader; import org.parosproxy.paros.network.HttpMalformedHeaderException; @@ -267,7 +267,7 @@ private void appendToBody(ByteBuf buffer, int length) { private boolean isTransferEncodingChunked() { for (String transferEncoding : header.getHeaderValues(HttpHeader.TRANSFER_ENCODING)) { - if (StringUtils.containsIgnoreCase(transferEncoding, HttpHeader._CHUNKED)) { + if (Strings.CI.contains(transferEncoding, HttpHeader._CHUNKED)) { return true; } } diff --git a/addOns/oast/CHANGELOG.md b/addOns/oast/CHANGELOG.md index 5ec422c1e02..7133d2a8c9c 100644 --- a/addOns/oast/CHANGELOG.md +++ b/addOns/oast/CHANGELOG.md @@ -6,7 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.23.0] - 2025-11-04 ### Fixed diff --git a/addOns/onlineMenu/CHANGELOG.md b/addOns/onlineMenu/CHANGELOG.md index dec8876c69d..69fa0d4e971 100644 --- a/addOns/onlineMenu/CHANGELOG.md +++ b/addOns/onlineMenu/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [14] - 2025-01-09 ### Changed diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md index 78e6604539d..c7cb8fdddca 100644 --- a/addOns/openapi/CHANGELOG.md +++ b/addOns/openapi/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [47] - 2025-11-04 ### Changed diff --git a/addOns/packpentester/CHANGELOG.md b/addOns/packpentester/CHANGELOG.md index 33a52f49f3e..0484f6acaba 100644 --- a/addOns/packpentester/CHANGELOG.md +++ b/addOns/packpentester/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [0.1.0] - 2022-05-12 diff --git a/addOns/packscanrules/CHANGELOG.md b/addOns/packscanrules/CHANGELOG.md index 1c984336dfb..164768eb106 100644 --- a/addOns/packscanrules/CHANGELOG.md +++ b/addOns/packscanrules/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [0.0.1] - 2022-05-13 diff --git a/addOns/paramdigger/CHANGELOG.md b/addOns/paramdigger/CHANGELOG.md index cab0551216d..d8a734615b7 100644 --- a/addOns/paramdigger/CHANGELOG.md +++ b/addOns/paramdigger/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ### Fixed - Error logs to always include stack trace. diff --git a/addOns/plugnhack/CHANGELOG.md b/addOns/plugnhack/CHANGELOG.md index cd972360d7c..ae6b410ac66 100644 --- a/addOns/plugnhack/CHANGELOG.md +++ b/addOns/plugnhack/CHANGELOG.md @@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Prevent exception if no display (Issue 3978). ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Maintenance changes. ## [13] - 2022-10-27 diff --git a/addOns/postman/CHANGELOG.md b/addOns/postman/CHANGELOG.md index af4c38789c2..83fc83eb44c 100644 --- a/addOns/postman/CHANGELOG.md +++ b/addOns/postman/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.8.0] - 2025-11-10 ### Added diff --git a/addOns/pscan/CHANGELOG.md b/addOns/pscan/CHANGELOG.md index 627fae220d5..8af30ead150 100644 --- a/addOns/pscan/CHANGELOG.md +++ b/addOns/pscan/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.5.0] - 2025-09-10 diff --git a/addOns/pscanrules/CHANGELOG.md b/addOns/pscanrules/CHANGELOG.md index 9a13032c0dd..ed3fac5c882 100644 --- a/addOns/pscanrules/CHANGELOG.md +++ b/addOns/pscanrules/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Address redirection in a reference. - Update dependency. diff --git a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/PiiScanRule.java b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/PiiScanRule.java index fd4012c1ab8..dbfdeaff976 100644 --- a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/PiiScanRule.java +++ b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/PiiScanRule.java @@ -30,7 +30,7 @@ import net.htmlparser.jericho.OutputDocument; import net.htmlparser.jericho.Source; import net.htmlparser.jericho.StartTag; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.parosproxy.paros.Constant; import org.parosproxy.paros.core.scanner.Alert; import org.parosproxy.paros.core.scanner.Plugin.AlertThreshold; @@ -161,7 +161,7 @@ private List getStringsToAnalyze(Source source) { * otherwise. */ private static boolean isSci(String containingString) { - if (!StringUtils.containsIgnoreCase(containingString, "e")) { + if (!Strings.CI.contains(containingString, "e")) { return false; } diff --git a/addOns/pscanrulesAlpha/CHANGELOG.md b/addOns/pscanrulesAlpha/CHANGELOG.md index eb5dc58433a..f041eec89a7 100644 --- a/addOns/pscanrulesAlpha/CHANGELOG.md +++ b/addOns/pscanrulesAlpha/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [47] - 2025-11-04 ### Added diff --git a/addOns/pscanrulesBeta/CHANGELOG.md b/addOns/pscanrulesBeta/CHANGELOG.md index d76011f36f2..31e8898dbc0 100644 --- a/addOns/pscanrulesBeta/CHANGELOG.md +++ b/addOns/pscanrulesBeta/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [47] - 2025-11-04 ### Added diff --git a/addOns/quickstart/CHANGELOG.md b/addOns/quickstart/CHANGELOG.md index f1d9e6dde7c..f1b2fd2938a 100644 --- a/addOns/quickstart/CHANGELOG.md +++ b/addOns/quickstart/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [52] - 2025-07-10 ### Added diff --git a/addOns/regextester/CHANGELOG.md b/addOns/regextester/CHANGELOG.md index 800f584a325..93378b9b8b4 100644 --- a/addOns/regextester/CHANGELOG.md +++ b/addOns/regextester/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [2] - 2021-10-07 ### Added diff --git a/addOns/replacer/CHANGELOG.md b/addOns/replacer/CHANGELOG.md index 342d921d23e..bc91bca94e5 100644 --- a/addOns/replacer/CHANGELOG.md +++ b/addOns/replacer/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Maintenance changes. ## [20] - 2025-01-10 diff --git a/addOns/reports/CHANGELOG.md b/addOns/reports/CHANGELOG.md index bb6f85c2827..ca4c02a7b2c 100644 --- a/addOns/reports/CHANGELOG.md +++ b/addOns/reports/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.42.0] - 2025-11-07 ### Changed diff --git a/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java b/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java index b16d1877be7..95a720f4a7b 100644 --- a/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java +++ b/addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportHelper.java @@ -27,7 +27,7 @@ import java.util.Enumeration; import java.util.List; import java.util.Map; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.commons.text.StringEscapeUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -107,7 +107,7 @@ public static int getPortForSite(String site) { } private static int getPortFromScheme(String site) { - if (StringUtils.startsWithIgnoreCase(site, "https")) { + if (Strings.CI.startsWith(site, "https")) { return 443; } else { return 80; diff --git a/addOns/requester/CHANGELOG.md b/addOns/requester/CHANGELOG.md index 6619efb6257..5e49e4dd4a9 100644 --- a/addOns/requester/CHANGELOG.md +++ b/addOns/requester/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Adjusted and internationalized the text in some exceptions/warning dialogs to use multiple lines and thus be more clear. ## [7.8.0] - 2025-01-10 diff --git a/addOns/retest/CHANGELOG.md b/addOns/retest/CHANGELOG.md index 9b0c37860ce..748d5d67616 100644 --- a/addOns/retest/CHANGELOG.md +++ b/addOns/retest/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.11.0] - 2025-01-10 ### Changed diff --git a/addOns/retire/CHANGELOG.md b/addOns/retire/CHANGELOG.md index af6b7d3e37c..98de07faeb8 100644 --- a/addOns/retire/CHANGELOG.md +++ b/addOns/retire/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.50.0] - 2025-11-04 ### Changed diff --git a/addOns/reveal/CHANGELOG.md b/addOns/reveal/CHANGELOG.md index f3bf3dd4e9c..12ff7a3f520 100644 --- a/addOns/reveal/CHANGELOG.md +++ b/addOns/reveal/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [10] - 2025-06-20 ### Fixed diff --git a/addOns/revisit/CHANGELOG.md b/addOns/revisit/CHANGELOG.md index b09581e08f8..484ffac12c7 100644 --- a/addOns/revisit/CHANGELOG.md +++ b/addOns/revisit/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [6] - 2025-06-20 ### Changed diff --git a/addOns/saml/CHANGELOG.md b/addOns/saml/CHANGELOG.md index 1b21ac2fc22..314e3e935e3 100644 --- a/addOns/saml/CHANGELOG.md +++ b/addOns/saml/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. - Update dependency. - Maintenance changes. diff --git a/addOns/scanpolicies/CHANGELOG.md b/addOns/scanpolicies/CHANGELOG.md index ff6b785e935..9352c2bf274 100644 --- a/addOns/scanpolicies/CHANGELOG.md +++ b/addOns/scanpolicies/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Allow to override the default alert threshold of the bundled policies. - Updated based on Rules' Policy Tag assignments. diff --git a/addOns/scripts/CHANGELOG.md b/addOns/scripts/CHANGELOG.md index c0fdbe27799..192f814361b 100644 --- a/addOns/scripts/CHANGELOG.md +++ b/addOns/scripts/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Script scan rules were not using the attack strength and alert threshold from active scan policies. ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependency. ## [45.15.0] - 2025-11-04 diff --git a/addOns/selenium/CHANGELOG.md b/addOns/selenium/CHANGELOG.md index ca46528746d..1f894f099b1 100644 --- a/addOns/selenium/CHANGELOG.md +++ b/addOns/selenium/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update Selenium to version 4.38.0. ## [15.41.0] - 2025-10-21 diff --git a/addOns/sequence/CHANGELOG.md b/addOns/sequence/CHANGELOG.md index 6510055612a..918083d1c94 100644 --- a/addOns/sequence/CHANGELOG.md +++ b/addOns/sequence/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Allow to override the default alert threshold of the bundled policy. - Maintenance changes. diff --git a/addOns/soap/CHANGELOG.md b/addOns/soap/CHANGELOG.md index 1fa5cc29264..f91c99f1c35 100644 --- a/addOns/soap/CHANGELOG.md +++ b/addOns/soap/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Update dependencies. ## [28] - 2025-09-18 diff --git a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/WSDLFilePassiveScanRule.java b/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/WSDLFilePassiveScanRule.java index 55f52ed2370..beeacf1a704 100644 --- a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/WSDLFilePassiveScanRule.java +++ b/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/WSDLFilePassiveScanRule.java @@ -23,7 +23,7 @@ import java.util.HashMap; import java.util.Map; import net.htmlparser.jericho.Source; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.parosproxy.paros.Constant; import org.parosproxy.paros.core.scanner.Alert; import org.parosproxy.paros.network.HttpHeader; @@ -78,7 +78,7 @@ public boolean isWsdl(HttpMessage msg) { String baseURL = msg.getRequestHeader().getURI().toString().trim(); String contentType = header.getHeader(HttpHeader.CONTENT_TYPE).trim(); return baseURL.endsWith(".wsdl") - || StringUtils.endsWithIgnoreCase(baseURL, "?wsdl") + || Strings.CI.endsWith(baseURL, "?wsdl") || contentType.equals("application/wsdl+xml"); } return false; diff --git a/addOns/spider/CHANGELOG.md b/addOns/spider/CHANGELOG.md index 4cffe1c41ed..c8276fe32a8 100644 --- a/addOns/spider/CHANGELOG.md +++ b/addOns/spider/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [0.17.0] - 2025-11-04 ### Changed diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java index ae87371499e..496d5a63ecd 100644 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java +++ b/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java @@ -31,7 +31,7 @@ import java.util.regex.Pattern; import org.apache.commons.httpclient.URIException; import org.apache.commons.httpclient.util.URIUtil; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.zaproxy.addon.spider.SpiderParam.HandleParametersOption; @@ -86,9 +86,9 @@ private UrlCanonicalizer() {} * @return the canonical url */ public static String getCanonicalUrl(ParseContext ctx, String url, String baseURL) { - if (StringUtils.startsWithIgnoreCase(url, "javascript:") - || StringUtils.startsWithIgnoreCase(url, "tel:") - || StringUtils.startsWithIgnoreCase(url, "mailto:") + if (Strings.CI.startsWith(url, "javascript:") + || Strings.CI.startsWith(url, "tel:") + || Strings.CI.startsWith(url, "mailto:") || "//".equals(url)) { return null; } diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/filters/DefaultFetchFilter.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/filters/DefaultFetchFilter.java index ac7eb68be2b..0519d706056 100644 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/filters/DefaultFetchFilter.java +++ b/addOns/spider/src/main/java/org/zaproxy/addon/spider/filters/DefaultFetchFilter.java @@ -25,7 +25,7 @@ import java.util.Set; import org.apache.commons.httpclient.URI; import org.apache.commons.httpclient.URIException; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.Strings; import org.zaproxy.addon.commonlib.AuthConstants; import org.zaproxy.addon.spider.DomainAlwaysInScopeMatcher; import org.zaproxy.zap.model.Context; @@ -87,8 +87,7 @@ public FetchStatus checkFilter(URI uri) { && AuthConstants.getAuthRelatedIndicators().stream() .anyMatch( keyword -> - StringUtils.containsIgnoreCase( - escapedPathQuery, keyword))) { + Strings.CI.contains(escapedPathQuery, keyword))) { return FetchStatus.LOGOUT_AVOIDANCE; } } diff --git a/addOns/spiderAjax/CHANGELOG.md b/addOns/spiderAjax/CHANGELOG.md index cb418d7093f..0300e17cdb9 100644 --- a/addOns/spiderAjax/CHANGELOG.md +++ b/addOns/spiderAjax/CHANGELOG.md @@ -4,6 +4,9 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed +- Update minimum ZAP version to 2.17.0. + ### Fixed - Correct bundled logging dependencies. diff --git a/addOns/sqliplugin/CHANGELOG.md b/addOns/sqliplugin/CHANGELOG.md index c17919c2d02..64b617ad7c0 100644 --- a/addOns/sqliplugin/CHANGELOG.md +++ b/addOns/sqliplugin/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - The scan rule now has the "TEST_TIMING" alert tag. ## [16] - 2025-04-30 diff --git a/addOns/sse/CHANGELOG.md b/addOns/sse/CHANGELOG.md index 5171e6884a8..c992926fa20 100644 --- a/addOns/sse/CHANGELOG.md +++ b/addOns/sse/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [13] - 2024-05-21 ### Changed diff --git a/addOns/svndigger/CHANGELOG.md b/addOns/svndigger/CHANGELOG.md index 13b5f6602d7..0b2da5e5c25 100644 --- a/addOns/svndigger/CHANGELOG.md +++ b/addOns/svndigger/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [4] - 2021-10-07 ### Added diff --git a/addOns/tips/CHANGELOG.md b/addOns/tips/CHANGELOG.md index c5fe0607950..2dff9208055 100644 --- a/addOns/tips/CHANGELOG.md +++ b/addOns/tips/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [15] - 2025-09-10 ### Changed diff --git a/addOns/tokengen/CHANGELOG.md b/addOns/tokengen/CHANGELOG.md index 33500ef7dc5..e150c6c7c8e 100644 --- a/addOns/tokengen/CHANGELOG.md +++ b/addOns/tokengen/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [15] - 2021-10-07 ### Changed diff --git a/addOns/treetools/CHANGELOG.md b/addOns/treetools/CHANGELOG.md index 8d418b11429..97b7a730f09 100644 --- a/addOns/treetools/CHANGELOG.md +++ b/addOns/treetools/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [8] - 2021-10-07 ### Added diff --git a/addOns/viewstate/CHANGELOG.md b/addOns/viewstate/CHANGELOG.md index bcec287dd2f..b681f019440 100644 --- a/addOns/viewstate/CHANGELOG.md +++ b/addOns/viewstate/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Maintenance changes. -- Update minimum ZAP version to 2.16.0. +- Update minimum ZAP version to 2.17.0. ## [3] - 2021-10-07 ### Changed diff --git a/addOns/wappalyzer/CHANGELOG.md b/addOns/wappalyzer/CHANGELOG.md index 7f85ff81727..8487be0e025 100644 --- a/addOns/wappalyzer/CHANGELOG.md +++ b/addOns/wappalyzer/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Updated with enthec upstream icon and pattern changes. ## [21.49.0] - 2025-11-04 diff --git a/addOns/webdrivers/webdriverlinux/CHANGELOG.md b/addOns/webdrivers/webdriverlinux/CHANGELOG.md index d00ab76c104..939c008262d 100644 --- a/addOns/webdrivers/webdriverlinux/CHANGELOG.md +++ b/addOns/webdrivers/webdriverlinux/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [167] - 2025-11-17 ### Changed diff --git a/addOns/webdrivers/webdrivermacos/CHANGELOG.md b/addOns/webdrivers/webdrivermacos/CHANGELOG.md index 8c155c548b5..45f4f6bf060 100644 --- a/addOns/webdrivers/webdrivermacos/CHANGELOG.md +++ b/addOns/webdrivers/webdrivermacos/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [167] - 2025-11-17 ### Changed diff --git a/addOns/webdrivers/webdriverwindows/CHANGELOG.md b/addOns/webdrivers/webdriverwindows/CHANGELOG.md index c00f9bb2a07..29d6f8f0703 100644 --- a/addOns/webdrivers/webdriverwindows/CHANGELOG.md +++ b/addOns/webdrivers/webdriverwindows/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [168] - 2025-11-17 ### Changed diff --git a/addOns/websocket/CHANGELOG.md b/addOns/websocket/CHANGELOG.md index e218c807aa9..c392a60f92b 100644 --- a/addOns/websocket/CHANGELOG.md +++ b/addOns/websocket/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Update minimum ZAP version to 2.17.0. ## [34] - 2025-11-04 ### Changed diff --git a/addOns/zest/CHANGELOG.md b/addOns/zest/CHANGELOG.md index be3a6efbc14..13f5341cd7c 100644 --- a/addOns/zest/CHANGELOG.md +++ b/addOns/zest/CHANGELOG.md @@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed +- Update minimum ZAP version to 2.17.0. - Use lowercase credential parameters in the Authentication default template. ## [48.10.0] - 2025-10-29 diff --git a/build.gradle.kts b/build.gradle.kts index a8019a07433..e7ab8d1fd40 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -28,6 +28,9 @@ allprojects { repositories { mavenCentral() + maven { + url = uri("https://central.sonatype.com/repository/maven-snapshots/") + } } spotless { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index a2064b8d18e..79fa04404d6 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -8,7 +8,7 @@ jbrofuzz = "2.5.1" jsoup = "1.21.2" kotlin = "1.3.72" langchain4j = "1.8.0" -log4j = "2.24.2" +log4j = "2.25.2" nanohttpd = "2.3.1" netty = "4.1.100.Final" re2j = "1.8" @@ -107,7 +107,7 @@ test-webdrivermanager = "io.github.bonigarcia:webdrivermanager:5.7.0" testutils-httpclient5 = "org.apache.httpcomponents.client5:httpclient5:5.2.1" testutils-nanohttpd-webserver = { module = "org.nanohttpd:nanohttpd-webserver", version.ref = "nanohttpd" } testutils-nanohttpd-websocket = { module = "org.nanohttpd:nanohttpd-websocket", version.ref = "nanohttpd" } -testutils-zap = "org.zaproxy:zap:2.16.0" +testutils-zap = "org.zaproxy:zap:2.17.0-SNAPSHOT" wappalyzer-jsoup = { module = "org.jsoup:jsoup", version.ref = "jsoup" } wappalyzer-jsvg = "com.github.weisj:jsvg:2.0.0" wappalyzer-re2j = { module = "com.google.re2j:re2j", version.ref = "re2j" }