STRLCPY/LoggerPlusPlus

Merge branch 'master' into v3

# Conflicts:
#	build.gradle
#	src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java
#	src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java

Corey committed 1 year ago

dfc6c3f9

2 parents
0b0da49c
92530b5b

Total 6 files Show one by one

■ ■ ■ ■ ■ ■

.github/workflows/codeql.yml

1	+	name: "CodeQL"
2	+
3	+	on:
4	+	push:
5	+	branches: [ 'master' ]
6	+	pull_request:
7	+	# The branches below must be a subset of the branches above
8	+	branches: [ 'master' ]
9	+	schedule:
10	+	- cron: '30 11 * * 2'
11	+
12	+	jobs:
13	+	analyze:
14	+	name: Analyze
15	+	runs-on: ubuntu-latest
16	+	permissions:
17	+	actions: read
18	+	contents: read
19	+	security-events: write
20	+
21	+	strategy:
22	+	fail-fast: false
23	+	matrix:
24	+	language: [ 'java' ]
25	+	# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
26	+	# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
27	+
28	+	steps:
29	+	- name: Checkout repository
30	+	uses: actions/checkout@v3
31	+
32	+	- name: Set up Java
33	+	uses: actions/setup-java@v2
34	+	with:
35	+	distribution: adopt
36	+	java-version: '15'
37	+
38	+	# Initializes the CodeQL tools for scanning.
39	+	- name: Initialize CodeQL
40	+	uses: github/codeql-action/init@v2
41	+	with:
42	+	languages: ${{ matrix.language }}
43	+	# If you wish to specify custom queries, you can do so here or in a config file.
44	+	# By default, queries listed here will override any specified in a config file.
45	+	# Prefix the list here with "+" to use these queries and those in the config file.
46	+
47	+	# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
48	+	queries: +security-and-quality
49	+
50	+
51	+	# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
52	+	# If this step fails, then you should remove it and run the build manually (see below)
53	+	- name: Autobuild
54	+	uses: github/codeql-action/autobuild@v2
55	+
56	+	# ℹ️ Command-line programs to run using the OS shell.
57	+	# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
58	+
59	+	# If the Autobuild fails above, remove it and uncomment the following three lines.
60	+	# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
61	+
62	+	# - run: \|
63	+	# echo "Run, Build Application using script"
64	+	# ./location_of_script_within_repo/buildscript.sh
65	+
66	+	- name: Perform CodeQL Analysis
67	+	uses: github/codeql-action/analyze@v2
68	+	with:
69	+	category: "/language:${{matrix.language}}"
70	+

■ ■ ■ ■ ■ ■

src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java

		skipped 22 lines
23	23		import java.awt.*;
24	24		import java.util.Arrays;
25	25		import java.util.List;
	26	+	import java.util.stream.Collectors;
	27	+	import java.util.stream.Collectors;
26	28
27	29		import static com.nccgroup.loggerplusplus.util.Globals.PREF_RESTRICT_TO_SCOPE;
28	30
		skipped 62 lines
91	93		montoya.proxy().registerResponseHandler(logProcessor.getProxyHttpResponseHandler());
92	94
93	95		//Add menu item to Burp's frame menu.
94		-	JFrame rootFrame = (JFrame) SwingUtilities.getWindowAncestor(mainViewController.getUiComponent());
95		-	try{
	96	+	JFrame rootFrame = null;
	97	+	try {
	98	+	rootFrame = getBurpFrame();
96	99		JMenuBar menuBar = rootFrame.getJMenuBar();
97		-	loggerMenu = new LoggerMenu(LoggerPlusPlus.this);
98		-	menuBar.add(loggerMenu, menuBar.getMenuCount() - 1);
99		-	}catch (NullPointerException nPException){
100		-	loggerMenu = null;
	100	+	if(menuBar != null) {
	101	+	loggerMenu = new LoggerMenu(LoggerPlusPlus.this);
	102	+	menuBar.add(loggerMenu, menuBar.getMenuCount() - 1);
	103	+	}
	104	+	} catch (Exception e) {
	105	+	log.error("Could not find root frame. Window JMenu will not be added");
101	106		}
	107	+	}
102	108
	109	+	private JFrame getBurpFrame() throws Exception {
	110	+	// Get all frames
	111	+	Frame[] allFrames = JFrame.getFrames();
	112	+	// Filter the stream find the main burp window frame, and convert to a list
	113	+	List<Frame> filteredFrames = Arrays.stream(allFrames).filter(f ->
	114	+	f.getTitle().startsWith("Burp Suite") && f.isVisible()
	115	+	).collect(Collectors.toList());
	116	+	// If size is 1, we have the main burp frame. Otherwise fails
	117	+	if (filteredFrames.size() == 1) {
	118	+	return (JFrame) filteredFrames.get(0);
	119	+	} else {
	120	+	throw new Exception("Expected one burp pane, but found " + filteredFrames.size());
	121	+	}
103	122		}
104	123
105	124		public void unloadExtension() {
		skipped 36 lines

■ ■ ■ ■ ■ ■

src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java

		skipped 539 lines
540	540		return (this.url != null ? this.url.getPath() : "");
541	541		case QUERY:
542	542		return (this.url != null ? this.url.getQuery() : "");
	543	+	case PATHQUERY:
	544	+	return this.url.getFile();
543	545		case STATUS:
544	546		return this.responseStatus;
545	547		case STATUS_TEXT:
		skipped 223 lines

■ ■ ■ ■ ■ ■

src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntryField.java

		skipped 27 lines
28	28		METHOD(FieldGroup.REQUEST, String.class, "The request method used.", "Method"),
29	29		PATH(FieldGroup.REQUEST, String.class, "The path component of the requested URL.", "Path"),
30	30		QUERY(FieldGroup.REQUEST, String.class, "The query parameters of the requested URL.", "Query", "GetParams", "QueryParams"),
	31	+	PATHQUERY(FieldGroup.REQUEST, String.class, "The path and query components of the requested URL.", "PathQuery"),
31	32		PROTOCOL(FieldGroup.REQUEST, String.class, "The protocol component of the requested URL.", "Protocol"),
32	33		ISSSL(FieldGroup.REQUEST, Boolean.class, "Did the request use SSL?", "IsSSL", "ssl"),
33	34		USES_COOKIE_JAR(FieldGroup.REQUEST, String.class, "Compares the cookies with the cookie jar to see if any of them are in use.", "UsesCookieJar", "CookieJar"),
		skipped 118 lines

■ ■ ■ ■ ■ ■

src/main/java/com/nccgroup/loggerplusplus/logview/entryviewer/RequestViewerController.java

		skipped 25 lines
26	26		}
27	27
28	28		public void setDisplayedEntity(LogEntry logEntry) {
	29	+	// Only update message if it's new. This fixes issue #164 and improves performance during heavy scanning.
	30	+	if (this.currentEntry == logEntry) { return; }
	31	+
29	32		this.currentEntry = logEntry;
30	33
31	34		if (logEntry == null \|\| logEntry.getRequest() == null) {
		skipped 17 lines

■ ■ ■ ■ ■ ■

src/main/java/com/nccgroup/loggerplusplus/util/Globals.java

		skipped 82 lines
83	83		"\"filter\":{\"filter\":\"Request.Complete == False\"},\"filterString\":\"Request.Complete == False\",\"backgroundColor\":{\"value\":-16777216,\"falpha\":0.0}," +
84	84		"\"foregroundColor\":{\"value\":-65536,\"falpha\":0.0},\"enabled\":true,\"modified\":false,\"shouldRetest\":true,\"priority\":1}}";
85	85
86		-	public static final int CURRENT_COLUMN_VERSION = 7;
	86	+	public static final int CURRENT_COLUMN_VERSION = 8;
87	87		private static int colOrder = 0;
88	88		public static final String DEFAULT_LOG_TABLE_COLUMNS_JSON = new StringBuilder().append("[")
89	89		.append("{'id':" + NUMBER + ",'name':'Number','defaultVisibleName':'#','visibleName':'#','preferredWidth':65,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(NUMBER.getDescription()) + "'},")
		skipped 9 lines
99	99		.append("{'id':" + PATH + ",'name':'Path','defaultVisibleName':'Path','visibleName':'Path','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(PATH.getDescription()) + "'},")
100	100		.append("{'id':" + EXTENSION + ",'name':'UrlExtension','defaultVisibleName':'Extension','visibleName':'Extension','preferredWidth':70,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(EXTENSION.getDescription()) + "'},")
101	101		.append("{'id':" + QUERY + ",'name':'Query','defaultVisibleName':'Query','visibleName':'Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(QUERY.getDescription()) + "'},")
	102	+	.append("{'id':" + PATHQUERY + ",'name':'Path Query','defaultVisibleName':'Path Query','visibleName':'Path Query','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(PATHQUERY.getDescription()) + "'},")
102	103		.append("{'id':" + URL + ",'name':'Url','defaultVisibleName':'URL','visibleName':'URL','preferredWidth':250,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(URL.getDescription()) + "'},")
103	104		.append("{'id':" + HASPARAMS + ",'name':'Has Params','defaultVisibleName':'Has Params','visibleName':'Has Params','preferredWidth':75,'readonly':true,'order':" + colOrder++ + ",'visible':false,'description':'" + StringEscapeUtils.escapeJson(HASPARAMS.getDescription()) + "'},")
104	105		.append("{'id':" + STATUS + ",'name':'Status','defaultVisibleName':'Status','visibleName':'Status','preferredWidth':55,'readonly':true,'order':" + colOrder++ + ",'visible':true,'description':'" + StringEscapeUtils.escapeJson(STATUS.getDescription()) + "'},")
		skipped 39 lines