Skip to content

Commit 123edd5

Browse files
committed
Update codebase to ZAP 2.17
Change all add-ons and `testutils` to use 2.17 (SNAPSHOT). Update code accordingly (e.g. address deprecations). Signed-off-by: thc202 <[email protected]>
1 parent 34f1060 commit 123edd5

File tree

118 files changed

+262
-537
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

118 files changed

+262
-537
lines changed

addOns/accessControl/CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
55

66
## Unreleased
77
### Changed
8-
- Update minimum ZAP version to 2.16.0.
8+
- Update minimum ZAP version to 2.17.0.
99
- Maintenance changes.
1010

1111
## [10] - 2024-03-25

addOns/addOns.gradle.kts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ subprojects {
174174
}
175175
}
176176

177-
val zapGav = "org.zaproxy:zap:2.16.0"
177+
val zapGav = "org.zaproxy:zap:2.17.0-SNAPSHOT"
178178
dependencies {
179179
"zap"(zapGav)
180180
}
@@ -187,7 +187,7 @@ subprojects {
187187
)
188188

189189
manifest {
190-
zapVersion.set("2.16.0")
190+
zapVersion.set("2.17.0")
191191

192192
changesFile.set(tasks.named<ConvertMarkdownToHtml>("generateManifestChanges").flatMap { it.html })
193193
repo.set("https://github.com/zaproxy/zap-extensions/")

addOns/alertFilters/CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
44
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
55

66
## Unreleased
7-
7+
### Changed
8+
- Update minimum ZAP version to 2.17.0.
89

910
## [25] - 2025-11-04
1011
### Changed

addOns/alertFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/ExtensionAlertFilters.java

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -452,7 +452,7 @@ private void updateAlert(Alert alert, AlertFilter filter) {
452452
alert.getPluginId(),
453453
filter.getNewRisk());
454454
getExtAlert().updateAlert(updAlert);
455-
getExtAlert().updateAlertInTree(origAlert, updAlert);
455+
getExtAlert().updateAlertInTree(updAlert);
456456
if (alert.getHistoryRef() != null) {
457457
alert.getHistoryRef().updateAlert(updAlert);
458458
if (alert.getHistoryRef().getSiteNode() != null) {
@@ -472,10 +472,7 @@ private Alert getAlert(RecordAlert recordAlert) {
472472
int historyId = recordAlert.getHistoryId();
473473
if (historyId > 0) {
474474
HistoryReference href = this.getExtHistory().getHistoryReference(historyId);
475-
Alert alert = new Alert(recordAlert, href);
476-
// TODO remove once targeting 2.17+
477-
alert.setHistoryId(recordAlert.getHistoryId());
478-
return alert;
475+
return new Alert(recordAlert, href);
479476
} else {
480477
// Not ideal :/
481478
return new Alert(recordAlert);

addOns/allinonenotes/CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
55

66
## Unreleased
77
### Changed
8-
- Update minimum ZAP version to 2.16.0.
8+
- Update minimum ZAP version to 2.17.0.
99
- Maintenance changes.
1010

1111
### Fixed

addOns/ascanrules/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
55

66
## Unreleased
77
### Changed
8+
- Update minimum ZAP version to 2.17.0.
89
- The External Redirect scan rule has been updated to account for potential false positives involving JavaScript comments.
910

1011
## [75] - 2025-11-04

addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/CrossSiteScriptingScanRule.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
import java.util.List;
3030
import java.util.Map;
3131
import org.apache.commons.httpclient.URIException;
32-
import org.apache.commons.lang3.StringUtils;
32+
import org.apache.commons.lang3.Strings;
3333
import org.apache.logging.log4j.LogManager;
3434
import org.apache.logging.log4j.Logger;
3535
import org.parosproxy.paros.Constant;
@@ -748,7 +748,7 @@ private boolean processContexts(
748748
.raise();
749749
} else if (AlertThreshold.LOW.equals(this.getAlertThreshold())) {
750750
HttpMessage ctx2Message = contexts.get(0).getMsg();
751-
if (StringUtils.containsIgnoreCase(
751+
if (Strings.CI.contains(
752752
ctx.getMsg()
753753
.getResponseHeader()
754754
.getHeader(HttpFieldsNames.CONTENT_TYPE),

addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/ExternalRedirectScanRule.java

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@
3535
import net.htmlparser.jericho.Source;
3636
import org.apache.commons.httpclient.URI;
3737
import org.apache.commons.httpclient.URIException;
38-
import org.apache.commons.lang3.StringUtils;
38+
import org.apache.commons.lang3.Strings;
3939
import org.apache.logging.log4j.LogManager;
4040
import org.apache.logging.log4j.Logger;
4141
import org.mozilla.javascript.CompilerEnvirons;
@@ -357,7 +357,7 @@ static String getLocationUrl(String value) {
357357
* @return true if it's a valid open redirect
358358
*/
359359
private static boolean checkPayload(String value) {
360-
if (value == null || !StringUtils.startsWithIgnoreCase(value, HttpHeader.HTTP)) {
360+
if (value == null || !Strings.CI.startsWith(value, HttpHeader.HTTP)) {
361361
return false;
362362
}
363363

@@ -460,7 +460,7 @@ private static RedirectType isRedirected(String payload, HttpMessage msg) {
460460

461461
// (5) Check if redirection occurs by Javascript
462462
// http://code.google.com/p/html5security/wiki/RedirectionMethods
463-
if (StringUtils.indexOfIgnoreCase(content, payload) != -1) {
463+
if (Strings.CI.indexOf(content, payload) != -1) {
464464
List<Element> jsElements = htmlSrc.getAllElements(HTMLElementName.SCRIPT);
465465

466466
for (Element el : jsElements) {
@@ -498,8 +498,7 @@ private static boolean isRedirectPresent(Pattern pattern, String value) {
498498
}
499499

500500
private static boolean isPresent(Matcher matcher) {
501-
return matcher.find()
502-
&& StringUtils.startsWithIgnoreCase(matcher.group(1), HttpHeader.HTTP);
501+
return matcher.find() && Strings.CI.startsWith(matcher.group(1), HttpHeader.HTTP);
503502
}
504503

505504
/** Visibility increased for unit testing purposes only */

addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PaddingOracleScanRule.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -345,7 +345,7 @@ public byte[] decode(String value) {
345345
// The last letter represents the length
346346
int last = value.length() - 1;
347347
if (((last + (int) value.charAt(last)) % 4) == 0) {
348-
Base64 decoder = new Base64(true);
348+
Base64 decoder = Base64.builder().setUrlSafe(true).get();
349349
return decoder.decode(value.substring(0, last));
350350
}
351351
}

addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PersistentXssScanRule.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
import java.util.List;
2727
import java.util.Map;
2828
import java.util.Set;
29-
import org.apache.commons.lang3.StringUtils;
29+
import org.apache.commons.lang3.Strings;
3030
import org.apache.logging.log4j.LogManager;
3131
import org.apache.logging.log4j.Logger;
3232
import org.parosproxy.paros.Constant;
@@ -640,7 +640,7 @@ public void scan(HttpMessage sourceMsg, String param, String value) {
640640
.raise();
641641
} else {
642642
HttpMessage ctx2Message = contexts2.get(0).getMsg();
643-
if (StringUtils.containsIgnoreCase(
643+
if (Strings.CI.contains(
644644
ctx.getMsg()
645645
.getResponseHeader()
646646
.getHeader(

0 commit comments

Comments
 (0)