Merge pull request #11 from aress31/main

v4.1

Author: Hannah-PortSwigger

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,72 @@
+name: 🐛 Report a bug
+description: Submit a bug report to help us enhance swurg.
+title: "[BUG] <title>"
+labels: [bug]
+assignees: aress31
+body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      description: "Prior to submitting the issue, ensure that you have:"
+      options:
+        - label: Thoroughly read the [README file](https://github.com/aress31/swurg/blob/main/README.md).
+          required: true
+        - label: Checked the [project requirements](https://github.com/aress31/swurg#requirements) and ensured they are met.
+          required: true
+        - label: Searched for existing issues that may address the problem.
+          required: true
+        - label: Performed basic troubleshooting steps.
+          required: true
+  - type: textarea
+    attributes:
+      label: Description
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to Reproduce
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error...
+      description: Steps to reproduce the behavior.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots to help explain your problem.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Environment
+      value: |
+        - OS: [e.g. Windows, macOS, Linux]
+        - Java version: [e.g. 8, 11, 16, 17]
+        - Burp Suite version: [e.g. Professional 2023.11.1.3, Community 2023.11.1.3]
+        - OpenAPI Specification version: [e.g., 1.0, 2.0, 3.0]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Error Message
+      description: |
+        1. Navigate to the `Dashboard` -> `Event Log` to see if there are any relevant error messages available.
+        2. Additionally, go to `Extensions` -> `Installed` -> `OpenAPI Parser`, and check the `Output` and `Error` tabs for any error messages.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,42 @@
+name: 🚀 Report a feature request
+description: Submit a proposal for an idea or enhancement to swurg.
+title: "[FEATURE] <title>"
+labels: [enhancement]
+assignees: aress31
+body:
+  - type: checkboxes
+    attributes:
+      label: Prerequisites
+      description: "Prior to submitting the issue, ensure that you have:"
+      options:
+        - label: Searched for existing feature requests that may address the problem.
+          required: true
+  - type: textarea
+    attributes:
+      label: Problem or Use Case
+      description: A clear and concise description of the problem or use case where swurg would be useful.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Proposed Solution
+      description: A clear and concise description of what you want to happen. Please provide as much detail as possible, including how the feature would interact with swurg and Burp Suite.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Alternative Solutions Considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Example
+      description: If applicable, provide an example of how the feature would work.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Add any other context, screenshots, or references about the feature request here.
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/feature_report.md

@@ -17,22 +17,17 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
-      - name: Set up Node.js 16
-        uses: actions/setup-node@v2
-        with:
-          node-version: 16
-
-      - name: Set up JDK 11
+      - name: Set up JDK 20
         uses: actions/setup-java@v2
         with:
-          java-version: "11"
+          java-version: "20"
           distribution: "adopt"
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
       - name: Build with Gradle
-        run: ./gradlew shadowJar
+        run: ./gradlew fatJar
 
       - name: Archive build artifacts
         uses: actions/upload-artifact@v2

.github/ISSUE_TEMPLATE/feature_report.yml

@@ -13,6 +13,7 @@
     <ul>
       <li>Comparer</li>
       <li>Intruder</li>
+      <li>Organizer</li>
       <li>Repeater</li>
       <li>Scanner</li>
       <li>Scope</li>

.github/workflows/gradle-build.yml

@@ -2,11 +2,11 @@ Uuid: 6bf7574b632847faaaa4eb5e42f1757c
 ExtensionType: 1
 Name: OpenAPI Parser
 RepoName: openapi-parser
-ScreenVersion: 4.0
+ScreenVersion: 4.1
 SerialVersion: 24
 MinPlatformVersion: 6
 ProOnly: False
-Author: Alexandre Teyar, Aegis Cyber www.aegiscyber.co.uk
+Author: Alexandre Teyar, Aegis Cyber <www.aegiscyber.co.uk>
 ShortDescription: OpenAPI parser fully compliant with OpenAPI 2.0/3.0 Specifications (OAS). Supports both JSON and YAML formats.
 EntryPoint: build/libs/openapi-parser-all.jar
 BuildCommand: ./gradlew fatJar

BappDescription.html

@@ -1,6 +1,6 @@
-# swurg
+# openapi-parser
 
-[![Java CI with Gradle](https://github.com/aress31/swurg/actions/workflows/gradle-build.yml/badge.svg)](https://github.com/aress31/swurg/actions/workflows/gradle-build.yml)
+[![Java CI with Gradle](https://github.com/aress31/openapi-parser/actions/workflows/gradle-build.yml/badge.svg)](https://github.com/aress31/openapi-parser/actions/workflows/gradle-build.yml)
 <a href="https://portswigger.net/bappstore/6bf7574b632847faaaa4eb5e42f1757c"><img alt="bapp store" src="https://img.shields.io/badge/BApp-Published-orange.svg"></a>
 <a href="https://www.java.com"><img alt="lang" src="https://img.shields.io/badge/Lang-Java-blue.svg"></a>
 <a href="https://opensource.org/licenses/Apache-2.0"><img alt="license" src="https://img.shields.io/badge/License-Apache%202.0-red.svg"></a>
@@ -9,7 +9,7 @@
 > [!UPDATE]
 > This extension has been updated to use the latest [Burp Montoya Java API](https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/package-summary.html). The extension has undergone a complete overhaul to improve both its `UI`/`UX` and performance. These changes ensure that the extension is modern and optimised for use.
 
-## Swurg is a `Burp Suite` extension designed for `OpenAPI`-based `API` testing
+## openapi-parser is a `Burp Suite` extension designed for `OpenAPI`-based `API` testing
 
 > The `OpenAPI` Specification (`OAS`) defines a standard, programming language-agnostic interface description for `REST` `APIs`, which allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via `OpenAPI`, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the `OpenAPI` Specification removes guesswork in calling a service.
 >
@@ -19,37 +19,37 @@
 
 Performing security assessment of `OpenAPI`-based `APIs` can be a tedious task due to `Burp Suite` (industry standard) lacking native `OpenAPI` parsing capabilities. A solution to this situation, is to use third-party tools (e.g. `SOAP-UI`) or to implement custom scripts (often on a per engagement basis) to handle the parsing of `OpenAPI` documents and integrate/chain the results to `Burp Suite` to use its first class scanning capabilities.
 
-Swurg is an `OpenAPI` parser that aims to streamline this entire process by allowing security professionals to use `Burp Suite` as a standalone tool for security assessment of `OpenAPI`-based `APIs`.
+openapi-parser is an `OpenAPI` parser that aims to streamline this entire process by allowing security professionals to use `Burp Suite` as a standalone tool for security assessment of `OpenAPI`-based `APIs`.
 
 ## Features
 
 - `OpenAPI` documents can be parsed either from a supplied file or URL. The extension can fetch `OpenAPI` documents directly from a URL using the `Send to Swagger Parser` feature under the `Target -> Site map` context menu.
 - Parse `OpenAPI` documents, formerly known as the `Swagger specification`, fully compliant with `OpenAPI` 2.0/3.0 Specifications (`OAS`).
 - Requests can be directly viewed/edited within the extension prior to sending them to other Burp tools.
-- Requests can be sent to the `Comparer, Intruder, Repeater, Scanner, Site map and Scope` Burp tools.
+- Requests can be sent to the `Comparer`, `Intruder`, `Organizer`, `Repeater`, `Scanner`, `Site map` and `Scope` Burp tools.
 - Requests matching specific criterias (detailed in the 'Parameters' tab) can be intercepted to automatically match and replace the parsed parameters default values defined in the 'Parameters' tab. This feature allows for fine-tuning of the requests prior to sending them to other Burp tools (e.g., scanner). Edited requests can be viewed within the 'Modified Request (`OpenAPI` Parser)' tab of Burp's message editor.
 - Row highlighting allowing pentesters to highlight "interesting" `API` calls and/or colour code them for reporting purposes.
 - Includes an export to `CSV` feature, allowing users to easily export selected `API` requests in `CSV` format for further analysis or reporting.
 - Supports both `JSON` and `YAML` formats.
 
 ## Requirements
 
-1. System requirements:
+### 1. System requirements
 
 - Operating System: Compatible with `Linux`, `macOS`, and `Windows` operating systems.
 - Java Development Kit (JDK): `Version 11` or later.
-- Burp Suite Professional or Community Edition: `Version 2023.3.2` or later.
+- Burp Suite Professional or Community Edition: `Version 2023.11.1.3` or later.
 
   > [!IMPORTANT]
   > Please note that using any version lower than `2023.3.2` may result in a [java.lang.NoSuchMethodError](https://forum.portswigger.net/thread/montoya-api-nosuchmethoderror-275048be). It is crucial to use the specified version or a more recent one to avoid this issue.
 
-2. Build tool:
+### 2. Build tool
 
-- Gradle: `Version 6.9` or later (recommended). The [build.gradle](https://github.com/aress31/swurg/blob/main/lib/build.gradle) file is provided in the project repository.
+- Gradle: `Version 8.5` or later (recommended). The [build.gradle](https://github.com/aress31/openapi-parser/blob/main/lib/build.gradle) file is provided in the project repository.
 
-3. Environment variables:
+### 3. Environment variables
 
-- Set up the `JAVA_HOME` environment variable to point to the JDK installation directory.
+- Set up the `JAVA_HOME` environment variable to point to the `JDK` installation directory.
 
 Please ensure that all system requirements, including a compatible version of `Burp Suite`, are met before building and running the project. Note that the project's external dependencies will be automatically managed and installed by `Gradle` during the build process. Adhering to the requirements will help avoid potential issues and reduce the need for opening new issues in the project repository.
 
@@ -59,11 +59,11 @@ Please ensure that all system requirements, including a compatible version of `B
 
 1. Ensure you have [Gradle](https://gradle.org/) installed and configured.
 
-2. Download the `swurg` repository:
+2. Download the `openapi-parser` repository:
 
    ```bash
-   git clone https://github.com/aress31/swurg
-   cd .\swurg\
+   git clone https://github.com/aress31/openapi-parser
+   cd .\openapi-parser\
    ```
 
 3. Build the standalone `jar`:
@@ -74,7 +74,7 @@ Please ensure that all system requirements, including a compatible version of `B
 
 ### 2. Loading the Extension Into `Burp Suite`
 
-To install `swurg` in `Burp Suite`, first go to the `Extensions` tab and click on the `Add` button. Then, select the `swurg-all` jar file located in the `.\build\libs` folder to load the extension.
+To install `openapi-parser` in `Burp Suite`, first go to the `Extensions` tab and click on the `Add` button. Then, select the `openapi-parser-all` jar file located in the `.\build\libs` folder to load the extension.
 
 Alternatively, you can skip the [Compilation](#1-compilation) step entirely and download the extension directly from the [BApp Store](https://portswigger.net/bappstore/6bf7574b632847faaaa4eb5e42f1757c).
 
@@ -85,15 +85,17 @@ _Note: The version distributed on the [BApp Store](https://portswigger.net/bapps
 - [ ] Beautify the graphical user interface.
 - [ ] Deep parsing of `OpenAPI` schemas to collect all nested parameters along with their example/type.
 - [ ] Code simplification/refactoring.
-  - [ ] Use `MyHttpRequest` instead of `RequestWithMetadata`.
+  - [x] Use `MyHttpRequest` instead of `RequestWithMetadata`.
 - [x] Enable cells editing to change `API` calls directly from the `GUI`.
 - [ ] Fix the custom request editor tab to work properly with intercepted requests based on the match and replace rulesets.
 - [x] Further optimise the source code.
 - [ ] Implement support for authenticated testing (via user-supplied `API`-keys).
 - [x] Improve the `Param` column by adding parameters type (e.g. `inquery`, `inbody`).
-- [ ] Improve the tables and context menus.
+- [x] Improve the tables and context menus.
 - [x] Increase the extension verbosity (via the bottom panel).
 
+See [TODO](TODO.md) for additional outstanding tasks.
+
 ## Project Information
 
 In July 2016, after posting a request for improvement on the [PortSwigger support forum](https://support.portswigger.net/customer/portal/questions/16358278-swagger-parser-and-wsdler-improvement), I decided to take the initiative and to implement a solution myself.
@@ -108,13 +110,13 @@ If this extension has saved you time and hassle during a security assessment, co
 
 Did you find a bug? Well, don't just let it crawl around! Let's squash it together like a couple of bug whisperers! 🐛💪
 
-Please report any issues on the [GitHub issues tracker](https://github.com/aress31/swurg/issues). Together, we'll make this extension as reliable as a cockroach surviving a nuclear apocalypse! 🚀
+Please report any issues on the [GitHub issues tracker](https://github.com/aress31/openapi-parser/issues). Together, we'll make this extension as reliable as a cockroach surviving a nuclear apocalypse! 🚀
 
 ## Contributing
 
 Looking to make a splash with your mad coding skills? 💻
 
-Awesome! Contributions are welcome and greatly appreciated. Please submit all PRs on the [GitHub pull requests tracker](https://github.com/aress31/swurg/pulls). Together we can make this extension even more amazing! 🚀
+Awesome! Contributions are welcome and greatly appreciated. Please submit all PRs on the [GitHub pull requests tracker](https://github.com/aress31/openapi-parser/pulls). Together we can make this extension even more amazing! 🚀
 
 ## License
 

BappManifest.bmf

@@ -0,0 +1,3 @@
+- [ ] Display `Methods` as coloured badges in the `Parser` table.
+- [x] Enhance the `Parser` view to present a range of information about the `OpenAPI Specification`, for instance, its version.
+- [ ] Handle pluralization for the menu item label `Send to Comparer (request)` in the `Parser` context menu.