From 230711e85d12ead5c718d515350add9ac0b9bb55 Mon Sep 17 00:00:00 2001 From: kingthorin Date: Sun, 18 Feb 2024 11:04:51 -0500 Subject: [PATCH] paramdigger: Handle session change & previous PR follow-up - CHANGELOG > Add change note. - CacheController > Remove unnecessary else block and conditional handling. - ExtensionParamDigger > Add and use SessionChangedListener. - HeaderGuesser > Make constant final. Signed-off-by: kingthorin --- addOns/paramdigger/CHANGELOG.md | 1 + .../addon/paramdigger/CacheController.java | 22 ++++++--------- .../paramdigger/ExtensionParamDigger.java | 28 +++++++++++++++++++ .../addon/paramdigger/HeaderGuesser.java | 2 +- 4 files changed, 39 insertions(+), 14 deletions(-) diff --git a/addOns/paramdigger/CHANGELOG.md b/addOns/paramdigger/CHANGELOG.md index 99af2092ac8..39357176597 100644 --- a/addOns/paramdigger/CHANGELOG.md +++ b/addOns/paramdigger/CHANGELOG.md @@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed - Maintenance changes. - Update minimum ZAP version to 2.14.0. +- The output panel is now properly reset on ZAP session change (part of Issue 7694). ## [0.2.0] - 2023-06-06 ### Fixed diff --git a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/CacheController.java b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/CacheController.java index 32b45580466..ef6d4b06a96 100644 --- a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/CacheController.java +++ b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/CacheController.java @@ -861,20 +861,16 @@ private boolean checkAlwaysMiss(String url, Method method, Cache cache) { String indicValue = msg.getResponseHeader().getHeader(cache.getIndicator()); if (indicValue == null || indicValue.isEmpty()) { return true; - } else { - if (!this.checkCacheHit(indicValue, cache) && cache.getIndicator() != null) { - sleeper(2000); - httpSender.sendAndReceive(msg); - addCacheMessage(msg); - indicValue = msg.getResponseHeader().getHeader(cache.getIndicator()); - if (this.checkCacheHit(indicValue, cache)) { - return false; - } else { - return true; - } - } - return false; } + if (!this.checkCacheHit(indicValue, cache) && cache.getIndicator() != null) { + sleeper(2000); + httpSender.sendAndReceive(msg); + addCacheMessage(msg); + indicValue = msg.getResponseHeader().getHeader(cache.getIndicator()); + // Not cache hit, is always miss + return !this.checkCacheHit(indicValue, cache); + } + return false; } catch (Exception e) { return false; diff --git a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/ExtensionParamDigger.java b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/ExtensionParamDigger.java index 163eedd38a4..fe4b09fd1d2 100644 --- a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/ExtensionParamDigger.java +++ b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/ExtensionParamDigger.java @@ -21,9 +21,12 @@ import javax.swing.ImageIcon; import org.parosproxy.paros.Constant; +import org.parosproxy.paros.control.Control.Mode; import org.parosproxy.paros.extension.ExtensionAdaptor; import org.parosproxy.paros.extension.ExtensionHook; import org.parosproxy.paros.extension.ExtensionPopupMenuItem; +import org.parosproxy.paros.extension.SessionChangedListener; +import org.parosproxy.paros.model.Session; import org.parosproxy.paros.network.HttpMessage; import org.zaproxy.addon.paramdigger.gui.ParamDiggerDialog; import org.zaproxy.addon.paramdigger.gui.ParamDiggerPanel; @@ -83,6 +86,8 @@ public void hook(ExtensionHook extensionHook) { extensionHook.getHookMenu().addToolsMenuItem(getMenu()); extensionHook.getHookView().addStatusPanel(getParamDiggerPanel()); extensionHook.getHookMenu().addPopupMenuItem(getPopupMsg()); + + extensionHook.addSessionListener(new SessionChangedListenerImpl()); } } @@ -153,4 +158,27 @@ public void showParamDiggerDialog(HttpMessage node) { public String getDescription() { return Constant.messages.getString(PREFIX + ".desc"); } + + private class SessionChangedListenerImpl implements SessionChangedListener { + + @Override + public void sessionChanged(Session session) { + getParamDiggerPanel().reset(); + } + + @Override + public void sessionAboutToChange(Session session) { + // Nothing to do + } + + @Override + public void sessionScopeChanged(Session session) { + // Nothing to do + } + + @Override + public void sessionModeChanged(Mode mode) { + // Nothing to do + } + } } diff --git a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/HeaderGuesser.java b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/HeaderGuesser.java index aa69e80448a..46f0fafc9f5 100644 --- a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/HeaderGuesser.java +++ b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/HeaderGuesser.java @@ -74,7 +74,7 @@ public class HeaderGuesser implements Runnable { private static final String POISON_DEFINITION = "paramdigger.results.poison.definition"; private static final String POISON_DEFINITION_FIRST = "paramdigger.results.poison.definition.first"; - private static List ERROR_CODES = List.of(400, 413, 418, 429, 503); + private static final List ERROR_CODES = List.of(400, 413, 418, 429, 503); private static final int PORT = 31337; private static final String[] PORTS = {":" + PORT, ":@" + PORT, " " + PORT};