Skip to content

Commit

Permalink
Resolves conflicts
Browse files Browse the repository at this point in the history 
Signed-off-by: karthikuj <karthikuj2001@gmail.com>
  • Loading branch information
@karthikuj
karthikuj committed Nov 16, 2023
2 parents 017daf2 + 24c39d4 commit 6fc3c5d
Show file tree
Hide file tree
Showing 2,234 changed files with 40,346 additions and 8,049 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/create_eval_villian_update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,5 @@ jobs:
git commit -m "Eval Villain Update $SHORT_DATE" -m "Updates based on https://addons.mozilla.org/firefox/addon/eval-villain/" --signoff
git push --set-upstream origin $BRANCH --force
# Open the PR
hub pull-request --no-edit
gh pr create -f
fi
2 changes: 1 addition & 1 deletion .github/workflows/create_retirejs_update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,5 @@ jobs:
git commit -m "retire.js Update $SHORT_DATE" -m "Updates based on $SRC_BASE" --signoff
git push --set-upstream origin $BRANCH --force
# Open the PR
hub pull-request --no-edit
gh pr create -f
fi
14 changes: 7 additions & 7 deletions .github/workflows/create_wappalyzer_update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ jobs:
git config --global user.email "12745184+zapbot@users.noreply.github.com"
git config --global user.name $GITHUB_USER
# Clone repos
git clone https://github.com/AliasIO/wappalyzer.git --depth 1
SRC_REPO="enthec/webappanalyzer"
git clone https://github.com/$SRC_REPO.git --depth 1 wappalyzer
git clone -o upstream https://github.com/zaproxy/zap-extensions.git
cd zap-extensions
git remote add origin https://github.com/$GITHUB_USER/zap-extensions.git
cd ../wappalyzer
# Setup env vars for later
SRC_BASE="AliasIO/Wappalyzer@"$(git log -1 --format=format:%h)
SRC_BASE=$SRC_REPO"@"$(git log -1 --format=format:%h)
BRANCH="wappalyzer-update"
SHORT_DATE="$(date +"%Y-%m-%d")"
export GITHUB_TOKEN=${{ secrets.ZAPBOT_TOKEN }}
Expand All @@ -32,21 +33,20 @@ jobs:
git checkout -b $BRANCH
cd ..
rm -rf zap-extensions/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/icons
chmod -R 664 wappalyzer/src/drivers/webextension/images/icons/*.*
rm -rf wappalyzer/src/drivers/webextension/images/icons/converted/
cp -R wappalyzer/src/drivers/webextension/images/icons/ zap-extensions/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/icons
chmod -R 664 wappalyzer/src/images/icons/*.*
cp -R wappalyzer/src/images/icons/ zap-extensions/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/icons
cp -f wappalyzer/src/technologies/*.json zap-extensions/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/technologies/
cp -f wappalyzer/src/categories.json zap-extensions/addOns/wappalyzer/src/main/resources/org/zaproxy/zap/extension/wappalyzer/resources/categories.json
cd zap-extensions
## Update the index to be sure git is aware of changes
git update-index -q --refresh
## If there are changes: comment, commit, PR
if ! git diff-index --quiet HEAD --; then
./gradlew :addOns:wappalyzer:updateChangelog --change="- Updated with upstream Wappalyzer icon and pattern changes."
./gradlew :addOns:wappalyzer:updateChangelog --change="- Updated with enthec upstream icon and pattern changes."
git remote set-url origin https://$GITHUB_USER:$GITHUB_TOKEN@github.com/$GITHUB_USER/zap-extensions.git
git add .
git commit -m "Wappalyzer Update $SHORT_DATE" -m "Updates based on $SRC_BASE" --signoff
git push --set-upstream origin $BRANCH --force
# Open the PR
hub pull-request --no-edit
gh pr create -f
fi
2 changes: 1 addition & 1 deletion .github/workflows/create_webdriver_update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,5 @@ jobs:
if [ $IS_UPDT -eq 1 ]; then
git push --set-upstream origin $BRANCH --force
# Open the PR
hub pull-request --no-edit
gh pr create -f
fi
2 changes: 1 addition & 1 deletion .github/workflows/sonar.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 11
java-version: 17
- name: Gradle Test & Coverage Report
run: ./gradlew test jacocoTestReport -Dorg.gradle.jvmargs=-Xmx4096m
- name: Sonarcloud Scan
Expand Down
3 changes: 2 additions & 1 deletion addOns/accessControl/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## Unreleased

### Changed
- Update minimum ZAP version to 2.14.0.

## [9] - 2023-09-08
### Added
Expand Down
12 changes: 6 additions & 6 deletions ...ain/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_es_ES.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@ accessControl.alert.authentication.otherinfo = Se accede como usuario no autenti
accessControl.alert.authorization.name = Problemas de Control de Acceso - Autorizaci\u00f3n Incorrecta
accessControl.alert.authorization.otherinfo = Se accede como usuario\: {0}\n\nSolicitud detectada como autorizada\: {1}. La regla de acceso definida para el recurso es que el acceso debe ser\: {2}.

accessControl.api.action.scan = Starts an Access Control scan with the given context ID and user ID. (Optional parameters\: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access Control rules were previously established via ZAP gui and the necessary Context exported/imported.]
accessControl.api.action.writeHTMLreport = Genera un informe de Control de Acceso para el ID de contexto y lo almacena en el nombre del archivo de la ruta para el archivo proporcionada.
accessControl.api.view.getScanProgress = Mostrar el progreso (porcentaje) del escaneo de Control de Acceso para el ID de contexto proporcionado.
accessControl.api.view.getScanStatus = Muestra el estado del escaneo (descripci\u00f3n) del Control de Acceso para el ID del contexto proporcionado.
accessControl.api.action.scan = Inicia un escaneo de Control de Acceso con el ID de contexto y el ID de usuario. (Par\u00e1metros opcionales\: ID de usuario para usuario no autenticado, booleano que identifica si se lanzan o no Alertas, y el nivel de Riesgo para las Alertas). [Esto asume que las reglas de Control de Acceso fueron previamente establecidas v\u00eda interfaz gr\u00e1fica de usuario (gui) de ZAP y el Contexto necesario exportado/importado].
accessControl.api.action.writeHTMLreport = Genera un informe de Control de Acceso para el ID de contexto y lo guarda bas\u00e1ndose en el nombre del archivo proporcionado (path).
accessControl.api.view.getScanProgress = Mostrar el progreso del escaneo de Control de Acceso (en porcentaje) para el ID de contexto proporcionado.
accessControl.api.view.getScanStatus = Muestra el estado del escaneo del Control de Acceso (descripci\u00f3n) para el ID del contexto proporcionado.

accessControl.contextPanel.label.description = Aqu\u00ed es donde puedes controlar las reglas de acceso para la aplicaci\u00f3n web.
accessControl.contextPanel.label.description = Aqu\u00ed es donde puede controlar las reglas de acceso para la aplicaci\u00f3n web.
accessControl.contextPanel.label.user = Reglas de Acceso para el Usuario\:
accessControl.contextPanel.label.warning = Advertencia\: Cambiar Par\u00e1metros de Estructura o de Separadores en el Panel de Estructura, aparte de ser visibles al cerrar esta ventana, podr\u00edan ocasionar la perdida de alguna regla existente.
accessControl.contextPanel.label.warning = Advertencia (Warning)\: Cambiar Par\u00e1metros de Estructura o de Separadores en el Panel de Estructura, aparte de ser visibles al cerrar esta ventana, podr\u00edan ocasionar la perdida de alguna regla existente.
accessControl.contextPanel.title = Control de Acceso
accessControl.contextPanel.user.unauthenticated = <<Usuario no autenticado>>

Expand Down
2 changes: 1 addition & 1 deletion ...ain/resources/org/zaproxy/zap/extension/accessControl/resources/Messages_ms_MY.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ accessControl.accessRule.denied = Ditolak
accessControl.accessRule.inherited = Diwarisi
accessControl.accessRule.unknown = Tidak diketahui

accessControl.activeActionPrefix = Access Control\: {0}
accessControl.activeActionPrefix = Kawalan akses

accessControl.alert.authentication.name = Isu Kawalan Akses - Pengesahan yang tidak betul
accessControl.alert.authentication.otherinfo = Accessed as an unauthenticated user.\n\nRequest detected as authorized\: {0}. The defined access rule for resource is that access should be\: {1}.
Expand Down
40 changes: 37 additions & 3 deletions addOns/addOns.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import me.champeau.gradle.japicmp.JapicmpTask
import org.cyclonedx.gradle.CycloneDxTask
import org.zaproxy.gradle.addon.AddOnPlugin
import org.zaproxy.gradle.addon.AddOnPluginExtension
import org.zaproxy.gradle.addon.apigen.ApiClientGenExtension
Expand All @@ -17,6 +18,7 @@ import org.zaproxy.gradle.crowdin.CrowdinExtension
plugins {
eclipse
jacoco
id("org.cyclonedx.bom") version "1.7.4" apply false
id("org.rm3l.datanucleus-gradle-plugin") version "1.7.0" apply false
id("org.zaproxy.add-on") version "0.8.0" apply false
id("org.zaproxy.common") version "0.1.0" apply false
Expand Down Expand Up @@ -73,6 +75,9 @@ val createPullRequestNextDevIter by tasks.registering(CreatePullRequest::class)
}

val releaseAddOn by tasks.registering
val allJarsForBom by tasks.registering {
dependsOn(project(":testutils").tasks.named(JavaPlugin.JAR_TASK_NAME))
}

val crowdinExcludedProjects = setOf(
childProjects.get("dev"),
Expand All @@ -90,6 +95,7 @@ subprojects {
apply(plugin = "eclipse")
apply(plugin = "java-library")
apply(plugin = "jacoco")
apply(plugin = "org.cyclonedx.bom")
apply(plugin = "org.rm3l.datanucleus-gradle-plugin")
apply(plugin = "org.zaproxy.add-on")
apply(plugin = "org.zaproxy.common")
Expand Down Expand Up @@ -152,7 +158,7 @@ subprojects {
}
}

val zapGav = "org.zaproxy:zap:2.13.0"
val zapGav = "org.zaproxy:zap:2.14.0"
dependencies {
"zap"(zapGav)
}
Expand All @@ -163,7 +169,7 @@ subprojects {
releaseLink.set(project.provider { "https://github.com/zaproxy/zap-extensions/releases/${zapAddOn.addOnId.get()}-v@CURRENT_VERSION@" })

manifest {
zapVersion.set("2.13.0")
zapVersion.set("2.14.0")

changesFile.set(tasks.named<ConvertMarkdownToHtml>("generateManifestChanges").flatMap { it.html })
repo.set("https://github.com/zaproxy/zap-extensions/")
Expand All @@ -178,6 +184,26 @@ subprojects {
}
}

allJarsForBom {
dependsOn(tasks.named(JavaPlugin.JAR_TASK_NAME))
}

val cyclonedxBom by tasks.existing(CycloneDxTask::class) {
setDestination(file("$buildDir/reports/bom-all"))
mustRunAfter(allJarsForBom)
}

val cyclonedxRuntimeBom by tasks.registering(CycloneDxTask::class) {
setIncludeConfigs(listOf(JavaPlugin.RUNTIME_CLASSPATH_CONFIGURATION_NAME))
setDestination(file("$buildDir/reports/bom-runtime"))
setOutputFormat("json")
mustRunAfter(allJarsForBom)
}

tasks.named<Jar>(AddOnPlugin.JAR_ZAP_ADD_ON_TASK_NAME) {
from(cyclonedxRuntimeBom)
}

if (useCrowdin) {
crowdin {
credentials {
Expand Down Expand Up @@ -214,10 +240,18 @@ subprojects {
val message = versionProvider.map { "${project.zapAddOn.addOnName.get()} version $it" }
tagMessage.set(message)
title.set(message)

assets {
register("bom") {
file.set(cyclonedxBom.map { project.layout.projectDirectory.file(File(it.destination.get(), "${it.outputName.get()}.json").absolutePath) })
contentType.set("application/json")
}
}
}

val crowdinUploadSourceFiles = if (useCrowdin) project.tasks.named("crowdinUploadSourceFiles") else null
releaseAddOn {
dependsOn(allJarsForBom)
dependsOn(createReleaseAddOn)

dependsOn(handleRelease)
Expand Down Expand Up @@ -295,7 +329,7 @@ subprojects {
pom {
name.set(project.zapAddOn.addOnName.map { "ZAP - $it Add-on" })
packaging = "jar"
description.set(project.description)
description.set(provider { project.description })
url.set("https://github.com/zaproxy/zap-extensions")
inceptionYear.set(project.property("zap.maven.pom.inceptionyear") as String)

Expand Down
17 changes: 17 additions & 0 deletions addOns/alertFilters/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,22 @@ All notable changes to this add-on will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## Unreleased


## [19] - 2023-11-16
### Changed
- Allow to filter by alert reference (Issue 7438).
- Allow to specify custom IDs through the GUI.
- Maintenance changes.

### Fixed
- Do not fail to import or load a context with invalid alert filters.
- Incorrect warning about 'Unrecognised parameter' for deleteGlobalAlerts.
- Persist context filter data.

## [18] - 2023-10-12
### Changed
- Update minimum ZAP version to 2.14.0.
- Maintenance changes.
- Depend on newer version of Automation Framework add-on for the automation job (Related to Issue 7961).

Expand Down Expand Up @@ -112,6 +127,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

- First version

[19]: https://github.com/zaproxy/zap-extensions/releases/alertFilters-v19
[18]: https://github.com/zaproxy/zap-extensions/releases/alertFilters-v18
[17]: https://github.com/zaproxy/zap-extensions/releases/alertFilters-v17
[16]: https://github.com/zaproxy/zap-extensions/releases/alertFilters-v16
[15]: https://github.com/zaproxy/zap-extensions/releases/alertFilters-v15
Expand Down
2 changes: 1 addition & 1 deletion addOns/alertFilters/gradle.properties
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
version=18
version=20
release=false
32 changes: 19 additions & 13 deletions addOns/alertFilters/src/main/java/org/zaproxy/zap/extension/alertFilters/AlertFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ public class AlertFilter extends Enableable {

// Use -1 for global alert filters
private int contextId;
private int ruleId;
private String ruleId;
// Use -1 as false positive
private int newRisk;
private String parameter;
Expand All @@ -63,7 +63,7 @@ public AlertFilter() {

public AlertFilter(
int contextId,
int ruleId,
String ruleId,
int newRisk,
String url,
boolean isUrlRegex,
Expand All @@ -86,7 +86,7 @@ public AlertFilter(

public AlertFilter(
int contextId,
int ruleId,
String ruleId,
int newRisk,
String url,
boolean isUrlRegex,
Expand Down Expand Up @@ -115,7 +115,7 @@ public AlertFilter(

public AlertFilter(
int contextId,
int ruleId,
String ruleId,
int newRisk,
String url,
boolean isUrlRegex,
Expand Down Expand Up @@ -146,7 +146,7 @@ public AlertFilter(
public AlertFilter(int contextId, Alert alert) {
super();
this.contextId = contextId;
this.ruleId = alert.getPluginId();
this.ruleId = alert.getAlertRef();
this.parameter = alert.getParam();
this.url = alert.getUri();
this.attack = alert.getAttack();
Expand All @@ -163,11 +163,11 @@ public void setContextId(int contextId) {
this.contextId = contextId;
}

public int getRuleId() {
public String getRuleId() {
return ruleId;
}

public void setRuleId(int ruleId) {
public void setRuleId(String ruleId) {
this.ruleId = ruleId;
}

Expand Down Expand Up @@ -341,7 +341,7 @@ protected static AlertFilter decode(int contextId, String encodedString) {
alertFilter = new AlertFilter();
alertFilter.setContextId(contextId);
alertFilter.setEnabled(Boolean.parseBoolean(pieces[0]));
alertFilter.setRuleId(Integer.parseInt(pieces[1]));
alertFilter.setRuleId(pieces[1]);
alertFilter.setNewRisk(Integer.parseInt(pieces[2]));
alertFilter.setUrl(new String(Base64.decodeBase64(pieces[3])));
alertFilter.setUrlRegex(Boolean.parseBoolean(pieces[4]));
Expand Down Expand Up @@ -384,10 +384,14 @@ public boolean appliesToAlert(Alert alert, boolean ignoreContext) {
LOGGER.debug("Filter disabled");
return false;
}
if (getRuleId() != alert.getPluginId()) {
// rule ids dont match
if (!getRuleId().equals(String.valueOf(alert.getPluginId()))
&& !getRuleId().equals(alert.getAlertRef())) {
LOGGER.debug(
"Filter didn't match plugin id: {} != {}", getRuleId(), alert.getPluginId());
"Filter didn't match scan rule ID and alert ref: {} != {} && {} != {}",
getRuleId(),
alert.getPluginId(),
getRuleId(),
alert.getAlertRef());
return false;
}
if (!ignoreContext && this.contextId != -1) {
Expand Down Expand Up @@ -450,7 +454,7 @@ public int hashCode() {
result = prime * result + (isUrlRegex ? 1231 : 1237);
result = prime * result + newRisk;
result = prime * result + ((parameter == null) ? 0 : parameter.hashCode());
result = prime * result + ruleId;
result = prime * result + (ruleId == null ? 0 : ruleId.hashCode());
result = prime * result + ((url == null) ? 0 : url.hashCode());
result = prime * result + methods.hashCode();
return result;
Expand All @@ -477,7 +481,9 @@ public boolean equals(Object obj) {
if (parameter == null) {
if (other.parameter != null) return false;
} else if (!parameter.equals(other.parameter)) return false;
if (ruleId != other.ruleId) return false;
if (!Objects.equals(ruleId, other.ruleId)) {
return false;
}
if (url == null) {
if (other.url != null) return false;
} else if (!url.equals(other.url)) return false;
Expand Down
Loading

0 comments on commit 6fc3c5d

Please sign in to comment.