Merge pull request #20 from kingthorin/114-tweaks

New Release Fixes
secdec · Mar 7, 2019 · 35bff46 · 35bff46
2 parents bd49615 + ca2db96
commit 35bff46
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 26 deletions.
diff --git a/zaproxy/pom.xml b/zaproxy/pom.xml
@@ -25,6 +25,15 @@
     </prerequisites>
 
     <build>
+            <resources>
+            <resource>
+                <directory>src/org/zaproxy/zap/extension/attacksurfacedetector/resources</directory>
+            </resource>
+            <resource>
+                <directory>src/org/zaproxy/zap/extension/attacksurfacedetector/resources-filtered</directory>
+                <filtering>true</filtering>
+            </resource>
+        </resources>
         <sourceDirectory>src</sourceDirectory>
         <plugins>
             <plugin>
@@ -340,7 +349,7 @@
 
     <properties>
         <zap.addon.name>attacksurfacedetector</zap.addon.name>
-        <zap.addon.version>1.1.3</zap.addon.version>
+        <zap.addon.version>1.1.4</zap.addon.version>
         <zap.addon.status>alpha</zap.addon.status>
         <zap.addon.not-before-version>2.7.0</zap.addon.not-before-version>
         <zap.extension.fullname>${zap.addon.name}-${zap.addon.status}-${zap.addon.version}</zap.extension.fullname>

diff --git a/zaproxy/src/com/securedecisions/attacksurfacedetector/plugin/zap/action/AttackThread.java b/zaproxy/src/com/securedecisions/attacksurfacedetector/plugin/zap/action/AttackThread.java
@@ -28,6 +28,7 @@
 
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
+import java.net.ConnectException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.Map;
@@ -37,6 +38,7 @@
 import org.apache.commons.httpclient.URI;
 import org.apache.commons.lang3.mutable.MutableObject;
 import org.apache.log4j.Logger;
+import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.control.Control;
 import org.parosproxy.paros.extension.ViewDelegate;
 import org.parosproxy.paros.extension.history.ExtensionHistory;
@@ -46,6 +48,7 @@
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.network.HttpRequestHeader;
 import org.parosproxy.paros.network.HttpSender;
+import org.parosproxy.paros.view.View;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
 import org.zaproxy.zap.extension.spider.ExtensionSpider;
 import org.zaproxy.zap.extension.attacksurfacedetector.ZapPropertiesManager;
@@ -126,7 +129,7 @@ public void run()
                         logger.debug("child node was null.");
                 }
             }
-            ExtensionActiveScan extAscan = (ExtensionActiveScan) Control.getSingleton().getExtensionLoader().getExtension(ExtensionActiveScan.NAME);
+            ExtensionActiveScan extAscan = Control.getSingleton().getExtensionLoader().getExtension(ExtensionActiveScan.class);
             if (extAscan == null)
             {
                 logger.error("No active scanner");
@@ -148,7 +151,7 @@ public void run()
     private void spider(SiteNode startNode)throws MalformedURLException
     {
         logger.debug("About to grab spider.");
-        ExtensionSpider extSpider = (ExtensionSpider) Control.getSingleton().getExtensionLoader().getExtension(ExtensionSpider.NAME);
+        ExtensionSpider extSpider = Control.getSingleton().getExtensionLoader().getExtension(ExtensionSpider.class);
         logger.debug("Starting spider.");
         if (extSpider == null) {
             logger.error("No spider");
@@ -244,8 +247,18 @@ private SiteNode accessNode(URL url, String method)
     }
 
     private SiteNode sendAndProcess(HttpMessage msg) throws IOException, InvocationTargetException, InterruptedException {
-        getHttpSender().sendAndReceive(msg, true);
-        ExtensionHistory extHistory = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
+        try {
+            getHttpSender().sendAndReceive(msg, true);
+        } catch (ConnectException ce) {
+            String warningMsg = Constant.messages.getString("attacksurfacedetector.connectfailed.warning",
+                    msg.getRequestHeader().getURI().toString(), ce.getMessage());
+            logger.warn(warningMsg);
+            if (View.isInitialised()) {
+                View.getSingleton().showWarningDialog(warningMsg);
+            }
+            return null;
+        }
+        ExtensionHistory extHistory = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.class);
         extHistory.addHistory(msg, HistoryReference.TYPE_ZAP_USER);
         HistoryReference hRef = msg.getHistoryRef();
         hRef.setNote("Endpoint generated by Attack Surface Detector");

diff --git a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/AttackSurfaceDetector.java b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/AttackSurfaceDetector.java
@@ -38,7 +38,6 @@
 import java.util.ResourceBundle;
 
 public class AttackSurfaceDetector extends ExtensionAdaptor {
-    private ResourceBundle messages = null;
     private AbstractPanel statusPanel;
     JTabbedPane tabbedPane;
     JCheckBox autoSpiderField;
@@ -52,13 +51,6 @@ public AttackSurfaceDetector()
         logger.debug("calling constructor");
         initialize();
         logger.debug("No-arg Constructor");
-        this.setEnabled(true);
-    }
-
-    public AttackSurfaceDetector(String name)
-    {
-        super(name);
-        logger.debug("1-arg Constructor");
     }
 
     private void initialize()
@@ -83,8 +75,6 @@ public void hook(ExtensionHook extensionHook)
         }
     }
 
-    public String getMessageString(String key) { return messages.getString(key); }
-
     @Override
     public String getAuthor()
     {
@@ -112,11 +102,6 @@ public URL getURL()
             return null;
         }
     }
-    @Override
-    public boolean isEnabled()
-    {
-        return true;
-    }
 
     @Override
     public boolean canUnload(){return true;}

diff --git a/...ension/attacksurfacedetector/ZapAddOn.xml → ...edetector/resources-filtered/ZapAddOn.xml b/...ension/attacksurfacedetector/ZapAddOn.xml → ...edetector/resources-filtered/ZapAddOn.xml
@@ -1,18 +1,23 @@
 <zapaddon>
     <name>Attack Surface Detector</name>
-    <version>1.1.2</version>
-    <status>alpha</status>
+    <version>${zap.addon.version}</version>
+    <status>${zap.addon.status}</status>
     <description>The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.</description>
     <author>Secure Decisions (Matthew DeLetto)</author>
-    <url></url>
-    <changes>First Version</changes>
+    <url>https://github.com/secdec/attack-surface-detector-zap/wiki</url>
+    <changes>
+        <![CDATA[
+        Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br>
+        Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br>
+        ]]>
+    </changes>
     <extensions>
         <extension>org.zaproxy.zap.extension.attacksurfacedetector.AttackSurfaceDetector</extension>
     </extensions>
     <ascanrules/>
     <pscanrules/>
     <filters/>
     <files></files>
-    <not-before-version>2.7.0</not-before-version>
+    <not-before-version>${zap.addon.not-before-version}</not-before-version>
     <not-from-version></not-from-version>
 </zapaddon>
diff --git a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources/Messages.properties b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources/Messages.properties
@@ -1 +1,2 @@
-attacksurfacedetector.name=Attack Surface Detector
+attacksurfacedetector.name=Attack Surface Detector
+attacksurfacedetector.connectfailed.warning=Could not start spider. Failed to connect to target:\n{0} \ndue to:\n{1}