diff --git a/zaproxy/pom.xml b/zaproxy/pom.xml index 650d231..107fdb1 100644 --- a/zaproxy/pom.xml +++ b/zaproxy/pom.xml @@ -25,6 +25,15 @@ + + + src/org/zaproxy/zap/extension/attacksurfacedetector/resources + + + src/org/zaproxy/zap/extension/attacksurfacedetector/resources-filtered + true + + src @@ -340,7 +349,7 @@ attacksurfacedetector - 1.1.3 + 1.1.4 alpha 2.7.0 ${zap.addon.name}-${zap.addon.status}-${zap.addon.version} diff --git a/zaproxy/src/com/securedecisions/attacksurfacedetector/plugin/zap/action/AttackThread.java b/zaproxy/src/com/securedecisions/attacksurfacedetector/plugin/zap/action/AttackThread.java index a3dff29..7ccf84d 100644 --- a/zaproxy/src/com/securedecisions/attacksurfacedetector/plugin/zap/action/AttackThread.java +++ b/zaproxy/src/com/securedecisions/attacksurfacedetector/plugin/zap/action/AttackThread.java @@ -28,6 +28,7 @@ import java.io.IOException; import java.lang.reflect.InvocationTargetException; +import java.net.ConnectException; import java.net.MalformedURLException; import java.net.URL; import java.util.Map; @@ -37,6 +38,7 @@ import org.apache.commons.httpclient.URI; import org.apache.commons.lang3.mutable.MutableObject; import org.apache.log4j.Logger; +import org.parosproxy.paros.Constant; import org.parosproxy.paros.control.Control; import org.parosproxy.paros.extension.ViewDelegate; import org.parosproxy.paros.extension.history.ExtensionHistory; @@ -46,6 +48,7 @@ import org.parosproxy.paros.network.HttpMessage; import org.parosproxy.paros.network.HttpRequestHeader; import org.parosproxy.paros.network.HttpSender; +import org.parosproxy.paros.view.View; import org.zaproxy.zap.extension.ascan.ExtensionActiveScan; import org.zaproxy.zap.extension.spider.ExtensionSpider; import org.zaproxy.zap.extension.attacksurfacedetector.ZapPropertiesManager; @@ -126,7 +129,7 @@ public void run() logger.debug("child node was null."); } } - ExtensionActiveScan extAscan = (ExtensionActiveScan) Control.getSingleton().getExtensionLoader().getExtension(ExtensionActiveScan.NAME); + ExtensionActiveScan extAscan = Control.getSingleton().getExtensionLoader().getExtension(ExtensionActiveScan.class); if (extAscan == null) { logger.error("No active scanner"); @@ -148,7 +151,7 @@ public void run() private void spider(SiteNode startNode)throws MalformedURLException { logger.debug("About to grab spider."); - ExtensionSpider extSpider = (ExtensionSpider) Control.getSingleton().getExtensionLoader().getExtension(ExtensionSpider.NAME); + ExtensionSpider extSpider = Control.getSingleton().getExtensionLoader().getExtension(ExtensionSpider.class); logger.debug("Starting spider."); if (extSpider == null) { logger.error("No spider"); @@ -244,8 +247,18 @@ private SiteNode accessNode(URL url, String method) } private SiteNode sendAndProcess(HttpMessage msg) throws IOException, InvocationTargetException, InterruptedException { - getHttpSender().sendAndReceive(msg, true); - ExtensionHistory extHistory = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME); + try { + getHttpSender().sendAndReceive(msg, true); + } catch (ConnectException ce) { + String warningMsg = Constant.messages.getString("attacksurfacedetector.connectfailed.warning", + msg.getRequestHeader().getURI().toString(), ce.getMessage()); + logger.warn(warningMsg); + if (View.isInitialised()) { + View.getSingleton().showWarningDialog(warningMsg); + } + return null; + } + ExtensionHistory extHistory = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.class); extHistory.addHistory(msg, HistoryReference.TYPE_ZAP_USER); HistoryReference hRef = msg.getHistoryRef(); hRef.setNote("Endpoint generated by Attack Surface Detector"); diff --git a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/AttackSurfaceDetector.java b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/AttackSurfaceDetector.java index f4922b7..8732699 100644 --- a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/AttackSurfaceDetector.java +++ b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/AttackSurfaceDetector.java @@ -38,7 +38,6 @@ import java.util.ResourceBundle; public class AttackSurfaceDetector extends ExtensionAdaptor { - private ResourceBundle messages = null; private AbstractPanel statusPanel; JTabbedPane tabbedPane; JCheckBox autoSpiderField; @@ -52,13 +51,6 @@ public AttackSurfaceDetector() logger.debug("calling constructor"); initialize(); logger.debug("No-arg Constructor"); - this.setEnabled(true); - } - - public AttackSurfaceDetector(String name) - { - super(name); - logger.debug("1-arg Constructor"); } private void initialize() @@ -83,8 +75,6 @@ public void hook(ExtensionHook extensionHook) } } - public String getMessageString(String key) { return messages.getString(key); } - @Override public String getAuthor() { @@ -112,11 +102,6 @@ public URL getURL() return null; } } - @Override - public boolean isEnabled() - { - return true; - } @Override public boolean canUnload(){return true;} diff --git a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/ZapAddOn.xml b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources-filtered/ZapAddOn.xml similarity index 51% rename from zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/ZapAddOn.xml rename to zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources-filtered/ZapAddOn.xml index 542590c..0b030bc 100644 --- a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/ZapAddOn.xml +++ b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources-filtered/ZapAddOn.xml @@ -1,11 +1,16 @@ Attack Surface Detector - 1.1.2 - alpha + ${zap.addon.version} + ${zap.addon.status} The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing. Secure Decisions (Matthew DeLetto) - - First Version + https://github.com/secdec/attack-surface-detector-zap/wiki + + + Fix un-handled exception when target unavailable & address various "house keeping" tasks.
+ ]]> + org.zaproxy.zap.extension.attacksurfacedetector.AttackSurfaceDetector @@ -13,6 +18,6 @@ - 2.7.0 + ${zap.addon.not-before-version} diff --git a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources/Messages.properties b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources/Messages.properties index ffbdeb0..d53b133 100644 --- a/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources/Messages.properties +++ b/zaproxy/src/org/zaproxy/zap/extension/attacksurfacedetector/resources/Messages.properties @@ -1 +1,2 @@ -attacksurfacedetector.name=Attack Surface Detector \ No newline at end of file +attacksurfacedetector.name=Attack Surface Detector +attacksurfacedetector.connectfailed.warning=Could not start spider. Failed to connect to target:\n{0} \ndue to:\n{1} \ No newline at end of file