org.zaproxy.zap.extension.reveal.ExtensionReveal.java Source code

Java tutorial

Introduction

Here is the source code for org.zaproxy.zap.extension.reveal.ExtensionReveal.java

Source

/*
 * Zed Attack Proxy (ZAP) and its related class files.
 *
 * ZAP is an HTTP/HTTPS proxy for assessing web application security.
 *
 * Copyright 2011 The ZAP Development Team
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.zaproxy.zap.extension.reveal;

import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import javax.swing.ImageIcon;
import javax.swing.JToggleButton;
import javax.swing.JToolBar;
import net.htmlparser.jericho.Attribute;
import net.htmlparser.jericho.Attributes;
import net.htmlparser.jericho.Element;
import net.htmlparser.jericho.HTMLElementName;
import net.htmlparser.jericho.OutputDocument;
import net.htmlparser.jericho.Source;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.core.proxy.ProxyListener;
import org.parosproxy.paros.extension.ExtensionAdaptor;
import org.parosproxy.paros.extension.ExtensionHook;
import org.parosproxy.paros.extension.ExtensionHookView;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.view.ZapToggleButton;

public class ExtensionReveal extends ExtensionAdaptor implements ProxyListener {

    private static final Logger logger = Logger.getLogger(ExtensionReveal.class);

    public static final String NAME = "ExtensionReveal";
    public static final int PROXY_LISTENER_ORDER = 10;

    private static final String ATT_DISABLED = "DISABLED";
    private static final String ATT_READONLY = "READONLY";
    private static final String ATT_TYPE = "TYPE";
    private static final String TYPE_HIDDEN = "HIDDEN";

    private boolean reveal;

    private RevealParam revealParam;
    private RevealAPI revealAPI;

    private ZapToggleButton revealButton;
    private JToolBar.Separator toolBarSeparator;

    public ExtensionReveal() {
        super(NAME);
        this.setOrder(18);
    }

    @Override
    public void init() {
        super.init();

        reveal = false;
        revealParam = new RevealParam();

        revealAPI = new RevealAPI(this);
    }

    @Override
    public void hook(ExtensionHook extensionHook) {
        super.hook(extensionHook);

        extensionHook.addProxyListener(this);
        extensionHook.addOptionsParamSet(revealParam);

        if (getView() != null) {
            ExtensionHookView extensionHookView = extensionHook.getHookView();
            extensionHookView.addMainToolBarComponent(getRevealButton());
            extensionHookView.addMainToolBarComponent(getToolBarSeparator());
        }

        extensionHook.addApiImplementor(revealAPI);
    }

    @Override
    public void optionsLoaded() {
        super.optionsLoaded();

        setReveal(revealParam.isReveal());
    }

    @Override
    public boolean canUnload() {
        return true;
    }

    void setReveal(boolean reveal) {
        if (this.reveal == reveal) {
            return;
        }
        this.reveal = reveal;

        revealParam.setReveal(reveal);
        try {
            revealParam.getConfig().save();
        } catch (ConfigurationException e) {
            logger.error(e.getMessage(), e);
        }

        if (revealButton != null) {
            revealButton.setSelected(reveal);
        }
    }

    boolean isReveal() {
        return reveal;
    }

    private JToggleButton getRevealButton() {
        if (revealButton == null) {
            revealButton = new ZapToggleButton();
            revealButton.setIcon(new ImageIcon(ExtensionReveal.class.getResource("resources/icons/044.png"))); // 'light off' icon
            revealButton.setToolTipText(Constant.messages.getString("reveal.button.enable"));
            revealButton
                    .setSelectedIcon(new ImageIcon(ExtensionReveal.class.getResource("resources/icons/043.png"))); // 'light on' icon
            revealButton.setSelectedToolTipText(Constant.messages.getString("reveal.button.disable"));

            revealButton.addItemListener(new ItemListener() {

                @Override
                public void itemStateChanged(ItemEvent e) {
                    setReveal(ItemEvent.SELECTED == e.getStateChange());
                }
            });
        }
        return revealButton;
    }

    private JToolBar.Separator getToolBarSeparator() {
        if (toolBarSeparator == null) {
            toolBarSeparator = new JToolBar.Separator();
        }
        return toolBarSeparator;
    }

    @Override
    public int getArrangeableListenerOrder() {
        return PROXY_LISTENER_ORDER;
    }

    @Override
    public boolean onHttpRequestSend(HttpMessage msg) {
        return true;
    }

    @Override
    public boolean onHttpResponseReceive(HttpMessage msg) {
        if (reveal) {
            revealFields(msg);
        }
        return true;
    }

    private void revealFields(HttpMessage msg) {
        boolean changed = false;
        String response = msg.getResponseBody().toString();
        Source src = new Source(response);
        OutputDocument outputDocument = new OutputDocument(src);

        List<Element> formElements = src.getAllElements(HTMLElementName.FORM);

        if (formElements != null && formElements.size() > 0) {
            // Loop through all of the FORM tags
            logger.debug("Found " + formElements.size() + " forms");

            for (Element formElement : formElements) {
                List<Element> elements = formElement.getAllElements();

                if (elements != null && elements.size() > 0) {
                    // Loop through all of the elements
                    logger.debug("Found " + elements.size() + " inputs");
                    for (Element element : elements) {
                        Attributes atts = element.getAttributes();

                        if (atts != null && atts.size() > 0) {
                            Iterator<Attribute> iter = atts.iterator();
                            while (iter.hasNext()) {
                                Attribute att = iter.next();
                                if (ATT_DISABLED.equalsIgnoreCase(att.getName())
                                        || ATT_READONLY.equalsIgnoreCase(att.getName())
                                        || (ATT_TYPE.equalsIgnoreCase(att.getName())
                                                && TYPE_HIDDEN.equalsIgnoreCase(att.getValue()))) {
                                    logger.debug("Removing " + att.getName() + ": "
                                            + response.substring(att.getBegin(), att.getEnd()));
                                    outputDocument.remove(att);
                                    changed = true;
                                }
                            }
                        }
                    }
                }
            }
        }
        if (changed) {
            msg.setResponseBody(outputDocument.toString());
        }
    }

    @Override
    public String getAuthor() {
        return Constant.ZAP_TEAM;
    }

    @Override
    public String getDescription() {
        return Constant.messages.getString("reveal.desc");
    }

    @Override
    public URL getURL() {
        try {
            return new URL(Constant.ZAP_HOMEPAGE);
        } catch (MalformedURLException e) {
            return null;
        }
    }
}