org.zaproxy.zap.extension.alertReport.AlertReportExportPDF.java Source code

Java tutorial

Introduction

Here is the source code for org.zaproxy.zap.extension.alertReport.AlertReportExportPDF.java

Source

/*
 * Zed Attack Proxy (ZAP) and its related class files.
 * 
 * ZAP is an HTTP/HTTPS proxy for assessing web application security.
 * 
 * Copyright 2011 The ZAP Development team
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); 
 * you may not use this file except in compliance with the License. 
 * You may obtain a copy of the License at 
 * 
 *   http://www.apache.org/licenses/LICENSE-2.0 
 *   
 * Unless required by applicable law or agreed to in writing, software 
 * distributed under the License is distributed on an "AS IS" BASIS, 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
 * See the License for the specific language governing permissions and 
 * limitations under the License. 
 */
package org.zaproxy.zap.extension.alertReport;

import java.io.FileOutputStream;
import java.io.IOException;

import org.apache.log4j.Logger;
import org.parosproxy.paros.core.scanner.Alert;

import com.itextpdf.text.Anchor;
import com.itextpdf.text.BadElementException;
import com.itextpdf.text.Document;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Font;
import com.itextpdf.text.Image;
import com.itextpdf.text.PageSize;
import com.itextpdf.text.Paragraph;
import com.itextpdf.text.pdf.PdfImportedPage;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfWriter;

/**
 * Export Alert to PDF report Fill field 'Other Info' of the Alert to describe
 * test One line for describing the step and other line for adding an image
 * file. For example: Step URL attack DV-005-ImageTest1.png Step 2 URL attack
 * DV-005-ImageTest2.png Then, it's fill into the report
 */
public class AlertReportExportPDF {

    // private static ExtensionAlertReportExport extension = null;
    private static final Logger logger = Logger.getLogger(AlertReportExportPDF.class);
    private static Font titleFont = new Font(Font.FontFamily.TIMES_ROMAN, 28, Font.BOLD);

    private static Font catFont = new Font(Font.FontFamily.TIMES_ROMAN, 18, Font.BOLD);
    private static Font subFont = new Font(Font.FontFamily.TIMES_ROMAN, 16, Font.BOLD);
    private static Font smallBold = new Font(Font.FontFamily.TIMES_ROMAN, 12, Font.BOLD);
    private static Font litleFont = new Font(Font.FontFamily.TIMES_ROMAN, 8, Font.NORMAL);

    public AlertReportExportPDF() {
        super();

    }

    public boolean exportAlert(java.util.List<java.util.List<Alert>> alerts, String fileName,
            ExtensionAlertReportExport extensionExport) {
        Document document = new Document(PageSize.A4);
        try {
            // Document documentAdd = null;
            PdfWriter writer = PdfWriter.getInstance(document, new FileOutputStream(fileName));
            document.open();
            boolean attach = false;
            // add attach document is exist
            if (!extensionExport.getParams().getDocumentAttach().isEmpty()) {
                PdfReader reader = new PdfReader(extensionExport.getParams().getDocumentAttach());
                int n = reader.getNumberOfPages();
                PdfImportedPage page;
                // Go through all pages
                for (int i = 1; i <= n; i++) {
                    page = writer.getImportedPage(reader, i);
                    Image instance = Image.getInstance(page);
                    instance.scalePercent(95f);
                    document.add(instance);
                }
                attach = true;
            }
            if (!attach) {
                addMetaData(document, extensionExport);
                addTitlePage(document, extensionExport);
            }
            for (int i = 0; i < alerts.size(); i++) {
                java.util.List<Alert> alertAux = alerts.get(i);
                addContent(document, alertAux, extensionExport);
            }

            document.close();
            return true;
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            document.close();
            return false;
        }

    }

    // iText allows to add metadata to the PDF which can be viewed in your Adobe
    // Reader
    // under File -> Properties
    private static void addMetaData(Document document, ExtensionAlertReportExport extensionExport) {

        document.addTitle(extensionExport.getParams().getTitleReport());
        document.addSubject(extensionExport.getParams().getCustomerName());
        document.addKeywords(extensionExport.getParams().getPdfKeywords());
        document.addAuthor(extensionExport.getParams().getAuthorName());
        document.addCreator(extensionExport.getParams().getAuthorName());
    }

    private static void addTitlePage(Document document, ExtensionAlertReportExport extensionExport)
            throws DocumentException {

        document.addHeader("Header1", "Header2");

        Paragraph preface = new Paragraph();
        // We add one empty line
        addEmptyLine(preface, 3);
        // add logo first page
        addImage(preface, extensionExport.getParams().getLogoFileName(), 40f);

        addEmptyLine(preface, 4);
        // Lets write a big header
        Paragraph paragraph = new Paragraph(extensionExport.getParams().getTitleReport(), titleFont);
        paragraph.setAlignment(Paragraph.ALIGN_CENTER);
        preface.add(paragraph);

        addEmptyLine(preface, 3);
        paragraph = new Paragraph(extensionExport.getParams().getCustomerName(), catFont);
        paragraph.setAlignment(Paragraph.ALIGN_CENTER);
        preface.add(paragraph);

        addEmptyLine(preface, 15);

        preface.add(new Paragraph(
                extensionExport.getMessages().getString("alertreport.export.message.export.pdf.confidential"),
                smallBold));
        preface.add(new Paragraph(extensionExport.getParams().getConfidentialText(), litleFont));

        document.add(preface);
        // Start a new page
        document.newPage();
    }

    /**
     * Add image a Paragraph
     * 
     * @param paragraph
     * @param image
     * @param path
     * @throws BadElementException
     */
    private static void addImage(Paragraph paragraph, String imagePath, float scalePercent)
            throws BadElementException {
        Image image1;
        try {
            if (!imagePath.isEmpty()) {
                image1 = Image.getInstance(imagePath);
                if (scalePercent != 0)
                    image1.scalePercent(40f);
                image1.setAlignment(Image.ALIGN_CENTER);
                paragraph.add(image1);
            }
        } catch (IOException e) {
            logger.error(e.getMessage(), e);
        }

    }

    /**
     * get content field alert from property default extension
     * 
     * @param pluginId
     * @param key
     * @param contentDefault
     * @param extensionExport
     * @return
     */
    private static String getFieldAlertProperty(Integer pluginId, String key, String contentDefault,
            ExtensionAlertReportExport extensionExport) {
        if (key.contains("risk") || key.contains("reliability")) {
            return getMessage(extensionExport, "alertreport.export.pluginid." + key, contentDefault);
        }
        StringBuilder sbKey = new StringBuilder(50);
        sbKey.append("alertreport.export.pluginid.");
        sbKey.append(pluginId);
        sbKey.append('.');
        sbKey.append(key);

        return getMessage(extensionExport, sbKey.toString(), contentDefault);
    }

    private static String getMessage(ExtensionAlertReportExport extensionExport, String key, String defaultValue) {
        if (extensionExport.getMessages().containsKey(key)) {
            return extensionExport.getMessages().getString(key);
        }
        return defaultValue;
    }

    private static void addContent(Document document, java.util.List<Alert> alerts,
            ExtensionAlertReportExport extensionExport) throws DocumentException {

        Alert alert = alerts.get(0);

        Anchor anchor = new Anchor(alert.getAttack(), catFont);
        anchor.setName(alert.getAttack());

        Paragraph content = new Paragraph();
        content.add(new Paragraph(alert.getAlert(), catFont));
        content.add(new Paragraph(
                extensionExport.getMessages().getString("alertreport.export.message.export.pdf.description"),
                subFont));
        content.add(new Paragraph(getFieldAlertProperty(alert.getPluginId(), "description", alert.getDescription(),
                extensionExport)));
        addEmptyLine(content, 1);
        content.add(new Paragraph(
                extensionExport.getMessages().getString("alertreport.export.message.export.pdf.risk"), subFont));
        content.add(new Paragraph(getFieldAlertProperty(alert.getPluginId(),
                "risk." + String.valueOf(alert.getRisk()), Alert.MSG_RISK[alert.getRisk()], extensionExport)));
        addEmptyLine(content, 1);
        content.add(new Paragraph(
                extensionExport.getMessages().getString("alertreport.export.message.export.pdf.reability"),
                subFont));
        content.add(new Paragraph(
                getFieldAlertProperty(alert.getPluginId(), "reliability." + String.valueOf(alert.getReliability()),
                        Alert.MSG_RELIABILITY[alert.getReliability()], extensionExport)));
        addEmptyLine(content, 1);
        content.add(new Paragraph(
                extensionExport.getMessages().getString("alertreport.export.message.export.pdf.urls"), subFont));

        // write all url with the same pluginid
        for (int i = 0; i < alerts.size(); i++) {
            Alert alertAux = alerts.get(i);
            // add url link and attack
            anchor = new Anchor((i + 1) + "-" + alertAux.getUri());
            anchor.setReference(alertAux.getUri());
            content.add(anchor);
            if (!alertAux.getParam().isEmpty()) {
                content.add(
                        new Paragraph("           "
                                + extensionExport.getMessages()
                                        .getString("alertreport.export.message.export.pdf.parameters")
                                + ": " + alertAux.getParam()));
                addEmptyLine(content, 1);
            }
            if (!alertAux.getAttack().isEmpty()) {
                content.add(new Paragraph(
                        extensionExport.getMessages().getString("alertreport.export.message.export.pdf.attack"),
                        subFont));
                content.add(new Paragraph(alertAux.getAttack()));
                addEmptyLine(content, 1);
            }
            // add images test
            addEmptyLine(content, 1);
            String images = alertAux.getOtherInfo();
            if (!images.isEmpty()) {
                String[] list = images.split("\n");
                // for (int j = 0, lengh = list.length/2; j <= lengh; j += 2) {
                for (int j = 0; j < list.length; j++) {
                    if (!((j + 1) >= list.length)) {
                        String step = list[j];
                        Paragraph paragraph = new Paragraph(step);
                        content.add(paragraph);
                        addEmptyLine(content, 1);
                        // add step and image
                        String imageName = "";
                        String path = extensionExport.getParams().getWorkingDirImages();
                        if (((j + 1) < list.length) && (!list[j + 1].isEmpty())) {
                            imageName = list[j + 1];
                            // if exist an image
                            try {
                                if ((imageName.endsWith(".png") || imageName.endsWith(".jpg"))
                                        && (!path.isEmpty())) {
                                    addImage(content, path + "/" + imageName, 60f);
                                    addEmptyLine(content, 1);
                                    paragraph = new Paragraph(extensionExport.getMessages()
                                            .getString("alertreport.export.message.export.pdf.image") + ": "
                                            + Integer.toString(j), litleFont);
                                    paragraph.setAlignment(Paragraph.ALIGN_CENTER);
                                    content.add(paragraph);
                                } else {
                                    paragraph = new Paragraph(imageName);
                                    content.add(paragraph);
                                    addEmptyLine(content, 1);
                                }
                            } catch (Exception e) {
                                logger.error(e.getMessage(), e);
                            }
                        }
                        j++;
                    }

                }
            }

            addEmptyLine(content, 1);

        }
        if (!alert.getSolution().equals("")) {
            addEmptyLine(content, 1);
            content.add(new Paragraph(
                    extensionExport.getMessages().getString("alertreport.export.message.export.pdf.solution"),
                    subFont));
            content.add(new Paragraph(
                    getFieldAlertProperty(alert.getPluginId(), "solution", alert.getSolution(), extensionExport)));
        }
        addEmptyLine(content, 1);
        if (!alert.getReference().equals("")) {
            content.add(new Paragraph(
                    extensionExport.getMessages().getString("alertreport.export.message.export.pdf.references"),
                    subFont));
            content.add(new Paragraph(alert.getReference()));
            addEmptyLine(content, 1);

        }
        document.add(content);
        // Start a new page
        document.newPage();

    }

    /*
     * public class ReadAndUsePdf { private static String INPUTFILE =
     * "c:/temp/FirstPdf.pdf"; private static String OUTPUTFILE =
     * "c:/temp/ReadPdf.pdf";
     * 
     * public static void main(String[] args) throws DocumentException,
     * IOException { Document document = new Document();
     * 
     * PdfWriter writer = PdfWriter.getInstance(document, new
     * FileOutputStream(OUTPUTFILE)); document.open(); PdfReader reader = new
     * PdfReader(INPUTFILE); int n = reader.getNumberOfPages(); PdfImportedPage
     * page; // Go through all pages for (int i = 1; i <= n; i++) { // Only page
     * number 2 will be included if (i == 2) { page =
     * writer.getImportedPage(reader, i); Image instance =
     * Image.getInstance(page); document.add(instance); } } document.close();
     * 
     * }
     * 
     * }
     */

    private static void addEmptyLine(Paragraph paragraph, int number) {
        for (int i = 0; i < number; i++) {
            paragraph.add(new Paragraph(" "));
        }
    }

}