Merge pull request #13 from Keenal/renameJWTActiveScanner

preetkaran20 · web-flow · commit 2dc92532539b · 2020-10-12T09:03:00.000+05:30
change JWTActiveScanner to JWTActiveScanRule
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java b/src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java
@@ -46,17 +46,17 @@
  * @author KSASAN preetkaran20@gmail.com
  * @since TODO add version
  */
-public class JWTActiveScanner extends AbstractAppParamPlugin {
+public class JWTActiveScanRule extends AbstractAppParamPlugin {
 
     private static final int PLUGIN_ID = 40036;
     private static final String NAME = JWTI18n.getMessage("jwt.scanner.name");
     private static final String DESCRIPTION = JWTI18n.getMessage("jwt.scanner.description");
     private static final String SOLUTION = JWTI18n.getMessage("jwt.scanner.soln");
     private static final String REFERENCE = JWTI18n.getMessage("jwt.scanner.refs");
-    private static final Logger LOGGER = Logger.getLogger(JWTActiveScanner.class);
+    private static final Logger LOGGER = Logger.getLogger(JWTActiveScanRule.class);
     private int maxRequestCount;
 
-    public JWTActiveScanner() {}
+    public JWTActiveScanRule() {}
 
     @Override
     public void init() {
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/ClientSideAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/ClientSideAttack.java
@@ -34,7 +34,7 @@
 import org.parosproxy.paros.network.HttpHeader;
 import org.parosproxy.paros.network.HttpMessage;
 import org.zaproxy.addon.commonlib.CookieUtils;
-import org.zaproxy.zap.extension.jwt.JWTActiveScanner;
+import org.zaproxy.zap.extension.jwt.JWTActiveScanRule;
 import org.zaproxy.zap.extension.jwt.JWTI18n;
 import org.zaproxy.zap.extension.jwt.utils.VulnerabilityType;
 
@@ -46,7 +46,7 @@
  */
 public class ClientSideAttack {
 
-    private JWTActiveScanner jwtActiveScanner;
+    private JWTActiveScanRule jwtActiveScanRule;
     private String param;
     private HttpMessage msg;
 
@@ -58,7 +58,7 @@ private void raiseAlert(
             int confidence,
             String param,
             HttpMessage msg) {
-        this.jwtActiveScanner.raiseAlert(
+        this.jwtActiveScanRule.raiseAlert(
                 risk,
                 confidence,
                 JWTI18n.getMessage(MESSAGE_PREFIX + vulnerabilityType.getMessageKey() + ".name"),
@@ -72,12 +72,12 @@ private void raiseAlert(
     }
 
     /**
-     * @param jwtActiveScanner
+     * @param jwtActiveScanRule
      * @param param parameter having JWT token
      * @param msg original Http Message
      */
-    public ClientSideAttack(JWTActiveScanner jwtActiveScanner, String param, HttpMessage msg) {
-        this.jwtActiveScanner = jwtActiveScanner;
+    public ClientSideAttack(JWTActiveScanRule jwtActiveScanRule, String param, HttpMessage msg) {
+        this.jwtActiveScanRule = jwtActiveScanRule;
         this.param = param;
         this.msg = msg;
     }
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/HeaderAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/HeaderAttack.java
@@ -67,7 +67,7 @@ private boolean executeNoneAlgorithmVariantAttacks(JWTHolder jwtHolder) {
         JWTHolder clonedJWTHolder = new JWTHolder(jwtHolder);
         for (String noneVariant : NONE_ALGORITHM_VARIANTS) {
             for (String headerVariant : this.manipulatingHeaders(noneVariant)) {
-                if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+                if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
                     return false;
                 }
                 clonedJWTHolder.setHeader(headerVariant);
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/JWTAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/JWTAttack.java
@@ -38,9 +38,9 @@ public interface JWTAttack {
      * @return {@code true} if attacks is successful else {@code false}
      */
     default boolean verifyJWTToken(String newJWTToken, ServerSideAttack serverSideAttack) {
-        serverSideAttack.getJwtActiveScanner().decreaseRequestCount();
+        serverSideAttack.getJwtActiveScanRule().decreaseRequestCount();
         return serverSideAttack
-                .getJwtActiveScanner()
+                .getJwtActiveScanRule()
                 .sendManipulatedMsgAndCheckIfAttackSuccessful(
                         serverSideAttack.getMsg(),
                         serverSideAttack.getParam(),
@@ -66,7 +66,7 @@ default void raiseAlert(
             String jwtToken,
             ServerSideAttack serverSideAttack) {
         serverSideAttack
-                .getJwtActiveScanner()
+                .getJwtActiveScanRule()
                 .raiseAlert(
                         alertLevel,
                         confidenceLevel,
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/MiscAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/MiscAttack.java
@@ -61,7 +61,7 @@ private boolean executeAttackAndRaiseAlert(String newJWTToken) {
     private boolean executeEmptyPayloads() {
         List<String> jwtEmptyTokens = Arrays.asList("...", ".....");
         for (String emptyToken : jwtEmptyTokens) {
-            if (!this.serverSideAttack.getJwtActiveScanner().isStop()
+            if (!this.serverSideAttack.getJwtActiveScanRule().isStop()
                     && executeAttackAndRaiseAlert(emptyToken)) {
                 return true;
             }
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/PayloadAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/PayloadAttack.java
@@ -66,7 +66,7 @@ private boolean executeNullByteAttack() {
         String nullBytePayload = NULL_BYTE_CHARACTER + Constant.getEyeCatcher();
         JWTHolder clonedJWTToken = new JWTHolder(this.serverSideAttack.getJwtHolder());
         try {
-            if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+            if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
                 return false;
             }
             // Adding null byte to payload encoded with base64 encoding
@@ -86,7 +86,7 @@ private boolean executeNullByteAttack() {
             // encoding.
             JSONObject payloadJsonObject = new JSONObject(clonedJWTToken.getPayload());
             for (String key : payloadJsonObject.keySet()) {
-                if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+                if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
                     return false;
                 }
                 Object originalKeyValue = payloadJsonObject.get(key);
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/ServerSideAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/ServerSideAttack.java
@@ -22,7 +22,7 @@
 import java.util.Arrays;
 import java.util.List;
 import org.parosproxy.paros.network.HttpMessage;
-import org.zaproxy.zap.extension.jwt.JWTActiveScanner;
+import org.zaproxy.zap.extension.jwt.JWTActiveScanRule;
 import org.zaproxy.zap.extension.jwt.JWTHolder;
 
 /**
@@ -32,7 +32,7 @@
  * @since TODO add version
  */
 public class ServerSideAttack {
-    private JWTActiveScanner jwtActiveScanner;
+    private JWTActiveScanRule jwtActiveScanRule;
     private String param;
     private String paramValue;
     private HttpMessage msg;
@@ -46,26 +46,26 @@ public class ServerSideAttack {
 
     /**
      * @param jwtHolder Parsed JWT Token
-     * @param jwtActiveScanner instance of {@link JWTActiveScanner}
+     * @param jwtActiveScanRule instance of {@link JWTActiveScanRule}
      * @param msg original Http Message
      * @param param parameter having JWT token
      * @param paramValue original parameter value
      */
     public ServerSideAttack(
             JWTHolder jwtHolder,
-            JWTActiveScanner jwtActiveScanner,
+            JWTActiveScanRule jwtActiveScanRule,
             String param,
             HttpMessage msg,
             String paramValue) {
         this.jwtHolder = jwtHolder;
-        this.jwtActiveScanner = jwtActiveScanner;
+        this.jwtActiveScanRule = jwtActiveScanRule;
         this.param = param;
         this.msg = msg;
         this.paramValue = paramValue;
     }
 
-    public JWTActiveScanner getJwtActiveScanner() {
-        return jwtActiveScanner;
+    public JWTActiveScanRule getJwtActiveScanRule() {
+        return jwtActiveScanRule;
     }
 
     public String getParam() {
@@ -86,7 +86,7 @@ public JWTHolder getJwtHolder() {
 
     public boolean execute() {
         for (JWTAttack jwtAttack : JWTATTACKS) {
-            if (jwtActiveScanner.isStop()) {
+            if (jwtActiveScanRule.isStop()) {
                 return false;
             } else {
                 if (jwtAttack.executeAttack(this)) {
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java
@@ -89,7 +89,7 @@ public class SignatureAttack implements JWTAttack {
     private boolean executeNullByteAttack() throws JWTException {
         // Appends signature with NullByte plus ZAP eyeCather.
         JWTHolder cloneJWTHolder = new JWTHolder(this.serverSideAttack.getJwtHolder());
-        if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+        if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
             return false;
         }
 
@@ -108,7 +108,7 @@ private boolean executeNullByteAttack() throws JWTException {
             return true;
         }
 
-        if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+        if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
             return false;
         }
 
@@ -164,7 +164,7 @@ public boolean executeCustomPrivateKeySignedJWTTokenAttack() throws JWTException
         try {
             if (algoType.startsWith(JWT_RSA_ALGORITHM_IDENTIFIER)
                     || algoType.startsWith(JWT_RSA_PSS_ALGORITHM_IDENTIFIER)) {
-                if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+                if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
                     return false;
                 }
                 // Generating JWK
@@ -183,7 +183,7 @@ public boolean executeCustomPrivateKeySignedJWTTokenAttack() throws JWTException
                     if (curve == null) {
                         continue;
                     }
-                    if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+                    if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
                         return false;
                     }
                     // Generating JWK
@@ -249,7 +249,7 @@ private boolean executeAlgoKeyConfusionAttack() throws JWTException {
                     try (FileInputStream fileInputStream = new FileInputStream(trustStorePath)) {
                         keyStore.load(fileInputStream, password);
                         while (keyStore.aliases().hasMoreElements()) {
-                            if (this.serverSideAttack.getJwtActiveScanner().isStop()) {
+                            if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
                                 return false;
                             }
                             String alias = keyStore.aliases().nextElement();
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/ui/JWTOptionsPanel.java b/src/main/java/org/zaproxy/zap/extension/jwt/ui/JWTOptionsPanel.java
@@ -47,7 +47,7 @@
 import org.zaproxy.zap.extension.jwt.utils.JWTUIUtils;
 
 /**
- * JWT options panel for specifying settings which are used by {@code JWTActiveScanner} and {@code
+ * JWT options panel for specifying settings which are used by {@code JWTActiveScanRule} and {@code
  * JWTFuzzer} for finding vulnerabilities in applications.
  *
  * @author KSASAN preetkaran20@gmail.com

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ private boolean executeNoneAlgorithmVariantAttacks(JWTHolder jwtHolder) {`
`67`	`67`	`JWTHolder clonedJWTHolder = new JWTHolder(jwtHolder);`
`68`	`68`	`for (String noneVariant : NONE_ALGORITHM_VARIANTS) {`
`69`	`69`	`for (String headerVariant : this.manipulatingHeaders(noneVariant)) {`
`70`		`- if (this.serverSideAttack.getJwtActiveScanner().isStop()) {`
	`70`	`+ if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {`
`71`	`71`	`return false;`
`72`	`72`	`}`
`73`	`73`	`clonedJWTHolder.setHeader(headerVariant);`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ private boolean executeAttackAndRaiseAlert(String newJWTToken) {`
`61`	`61`	`private boolean executeEmptyPayloads() {`
`62`	`62`	`List<String> jwtEmptyTokens = Arrays.asList("...", ".....");`
`63`	`63`	`for (String emptyToken : jwtEmptyTokens) {`
`64`		`- if (!this.serverSideAttack.getJwtActiveScanner().isStop()`
	`64`	`+ if (!this.serverSideAttack.getJwtActiveScanRule().isStop()`
`65`	`65`	`&& executeAttackAndRaiseAlert(emptyToken)) {`
`66`	`66`	`return true;`
`67`	`67`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ public class SignatureAttack implements JWTAttack {`
`89`	`89`	`private boolean executeNullByteAttack() throws JWTException {`
`90`	`90`	`// Appends signature with NullByte plus ZAP eyeCather.`
`91`	`91`	`JWTHolder cloneJWTHolder = new JWTHolder(this.serverSideAttack.getJwtHolder());`
`92`		`- if (this.serverSideAttack.getJwtActiveScanner().isStop()) {`
	`92`	`+ if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {`
`93`	`93`	`return false;`
`94`	`94`	`}`
`95`	`95`
`@@ -108,7 +108,7 @@ private boolean executeNullByteAttack() throws JWTException {`
`108`	`108`	`return true;`
`109`	`109`	`}`
`110`	`110`
`111`		`- if (this.serverSideAttack.getJwtActiveScanner().isStop()) {`
	`111`	`+ if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {`
`112`	`112`	`return false;`
`113`	`113`	`}`
`114`	`114`
`@@ -164,7 +164,7 @@ public boolean executeCustomPrivateKeySignedJWTTokenAttack() throws JWTException`
`164`	`164`	`try {`
`165`	`165`	`if (algoType.startsWith(JWT_RSA_ALGORITHM_IDENTIFIER)`
`166`	`166`	`\|\| algoType.startsWith(JWT_RSA_PSS_ALGORITHM_IDENTIFIER)) {`
`167`		`- if (this.serverSideAttack.getJwtActiveScanner().isStop()) {`
	`167`	`+ if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {`
`168`	`168`	`return false;`
`169`	`169`	`}`
`170`	`170`	`// Generating JWK`
`@@ -183,7 +183,7 @@ public boolean executeCustomPrivateKeySignedJWTTokenAttack() throws JWTException`
`183`	`183`	`if (curve == null) {`
`184`	`184`	`continue;`
`185`	`185`	`}`
`186`		`- if (this.serverSideAttack.getJwtActiveScanner().isStop()) {`
	`186`	`+ if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {`
`187`	`187`	`return false;`
`188`	`188`	`}`
`189`	`189`	`// Generating JWK`
`@@ -249,7 +249,7 @@ private boolean executeAlgoKeyConfusionAttack() throws JWTException {`
`249`	`249`	`try (FileInputStream fileInputStream = new FileInputStream(trustStorePath)) {`
`250`	`250`	`keyStore.load(fileInputStream, password);`
`251`	`251`	`while (keyStore.aliases().hasMoreElements()) {`
`252`		`- if (this.serverSideAttack.getJwtActiveScanner().isStop()) {`
	`252`	`+ if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {`
`253`	`253`	`return false;`
`254`	`254`	`}`
`255`	`255`	`String alias = keyStore.aliases().nextElement();`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@`
`47`	`47`	`import org.zaproxy.zap.extension.jwt.utils.JWTUIUtils;`
`48`	`48`
`49`	`49`	`/**`
`50`		`- * JWT options panel for specifying settings which are used by {@code JWTActiveScanner} and {@code`
	`50`	`+ * JWT options panel for specifying settings which are used by {@code JWTActiveScanRule} and {@code`
`51`	`51`	`* JWTFuzzer} for finding vulnerabilities in applications.`
`52`	`52`	`*`
`53`	`53`	`* @author KSASAN [email protected]`